Category Archives: Digital Life

EBay Wins Important Victory Against Tiffany

As the Wall Street Journal is already reporting, today eBay sustained an important win in its long-running dispute with Tiffany over counterfeit goods sold through its marketplace.  (The full opinion is available here.)

I wrote about this case as my leading example of the legal problems that appear at the border between physical life and digital life, both in “The Laws of Disruption” and a 2008 article for CIO Insight.

To avoid burying the lede, here’s the key point:  for an online marketplace to operate, the burden has to be on manufacturers to police their brands, not the market operator.  Any other decision, regardless of what the law says or does not say, would effectively mean the end of eBay and sites like it.

Back to the beginning.  Tiffany sued eBay over counterfeit Tiffany goods being sold by some eBay merchants.  The luxury goods manufacturer claimed eBay was “contributorily” liable for trademark infringement—that is, for confusing consumers into thinking that non-Tiffany goods were in fact made by Tiffany.

The problem of counterfeit items has been a long-standing problem for electronic commerce, and as one of the largest and first online marketplaces it’s little surprise that eBay has found itself so often in the cross-hairs of unhappy manufacturers.  While the company has generally won these lawsuits, it lost an important case in France at about the same time the trial court in the Tiffany case ruled it its favor in 2008.

(A related problem that was explicit in the French case is that luxury goods manufacturers are unhappy in general with secondary markets given the tight—sometimes illegal—control they exert over primary channels.  Electronic commerce doesn’t respect local territories, fixed pricing and regulating discounting, perhaps the bigger headache for companies such as Tiffany’s.)

The struggle for courts is to apply traditional law to new forms of behavior.  Many of the opinions in these cases tie themselves in knots trying to figure out just what eBay actually is—is it a department store, where a variety of goods from different manufacturers are sold?  Is it a flea market, where merchants pay for space to sell whatever they want?  Or is it a bulletin board at a local grocery store, where individuals offer products and services?

Of course eBay is none of these things.  But courts must apply the law they have, and the case law for trademark infringement is based on these kinds of outdated classifications.  In the “common law” tradition, judges decide cases by analogy to existing case laws.  That means when there isn’t a good analogy to be found, the law is often thrown into confusion for a long period of time while new analogies get worked out.  Disruptive technologies create such discontinuities in the law, particularly for common law.

At the heart of these decisions is a question of control.  The more the marketplace operator controls the goods that are sold, the more likely they will be found liable for all manner of commercial misconduct.  (Tiffany also sued for false advertising, for example, claiming that eBay ads placed on Google searches promising Tiffany goods at low prices on its site were false, given that some of the goods were counterfeit.  Of course some of the goods were NOT counterfeit.)

A department store operator has complete control over the source of merchandise, and so would be held liable for selling counterfeits.  A bulletin board host has no control, and so would not be held liable.  Flea market operators sit somewhere in between, and depending on the extent and obviousness of the counterfeiting that takes place, operators are sometimes held liable along with the counterfeiters themselves.

The eBay marketplace sits somewhere between the two extremes.  On the one hand, eBay can and does have the ability to review the text of listings prior to their posting, and provides extensive service to merchants including listing services, postage and packaging, and payment management through PayPal.  It can and does respond to complaints by buyers of misrepresented goods (condition and source, e.g.) and by trademark holders who are given extensive tools to review listings to check for counterfeits.  And it charges the sellers for these services—indeed, that is the source of its revenue.

On the other hand, eBay never has physical possession of the goods that are sold through its marketplace—indeed, it never sees them.  That’s an essential feature of the company’s success—eBay couldn’t handle millions of listings in a limitless range of categories if merchants actually sent the goods to eBay during the course of an auction, the way high-end auctioneers such as Sotheby’s and Christie’s would do.

EBay (or buyers for that matter) can’t inspect the goods (other than through photos and text descriptions) prior to purchase, and even if it could the company doesn’t have the expertise to evaluate authenticity and condition of everything from buttons to Rolex watches to cars.  That’s why eBay’s buyer feedback system is so important to the efficient operation of the marketplace.

In today’s decision, the Second Circuit Court of Appeals in New York mostly affirmed the trial court’s holdings.  It agreed that for eBay to be liable for the trademark infringements of its misbehaving sellers, the company had to have actual knowledge of their activities and still continue doing business with them.

There was substantial evidence to the contrary—including direct policing by eBay as well as the tools provided to manufacturers to review and flag suspicious listings.  As the court noted, eBay has plenty of incentives to ensure counterfeit goods stay off the site—for unhappy buyers mean the loss of liquidity and the loss of any competitive advantage.

Tiffany objected to the fact that the eBay tools put the burden on trademark holders rather than marketplace operators to ensure the authenticity of the goods.  But the court agreed with eBay that such is indeed the burden of a trademark, a valuable and exclusive right given to manufacturers to encourage the creation of consistent and quality goods and services.  Since eBay acted on actual knowledge of infringement and could not be said to have willfully ignored the illegal behavior of some merchants, the company had fulfilled its legal obligation to trademark holders.

The opinion is, as to be expected, largely a discussion of legal precedent and the law of trademark.  That, after all, is the role of an appellate court—not to retry the case, but to review the trial judge’s findings in search of legal error.  The decision by the appellate court will serve as a powerful precedent for eBay and other e-commerce sites in the future.  (Tiffany says it may appeal to the U.S. Supreme Court, but it’s unlikely for many reasons that the Court would take the case.)

One important feature of the case that is not discussed directly in the appellate decision, however, is worth highlighting.  Though courts rarely say so explicitly, an important factor in deciding cases has to do with the practical limits of the remedy requested by a plaintiff, in this case Tiffany’s.  Given what eBay already does to police counterfeit goods, it’s hard to see what Tiffany’s actually wanted the company to do—that is, what it wanted the courts to order eBay to do had it won the lawsuit.

For aside from money damages, the purpose of a lawsuit and the reason the taxpayers fund the legal system is that court decisions let everyone know what behaviors are acceptable and which are not–and how to correct those that are not.  Had eBay lost, they would have had to pay damages, but more to the point the loss would have sent a message to them and others to change their behavior to avoid future damage claims.

So would would a loss have signaled?  In essence, eBay would have had either to agree not to sell any Tiffany goods (a limit other brands would have demanded as well) or to verify and authenticate all items before allowing them to be listed on the site.  That would have been the only way to satisfy Tiffany’s that their view of the law was being followed.

That remedy, though theoretically possible, would have meant the end of eBay and sites like it (including Amazon Marketplace).  It would in essence have said that any auction or other third-party sales model other than the high-end Sotheby’s or Christie’s approach is inherently illegal.  For there would have been nothing left to distinguish eBay’s low-cost approach to buying and selling—all of the efficiencies would have been eaten up by the need to authenticate before the auction began.

Such a remedy would have been economically inefficient—it would, to use Ronald Coase’s terminology, have introduced a great deal of unnecessary transaction costs.  For most of the items on eBay are accurately described, and for them the cost of authentication would be a waste.  eBay practices in essence a post-auction model of authentication.  If the buyer doesn’t agree with the description of the item once they receive it, eBay will correct the problem after the fact.

That’s much more efficient, but it does introduce cost to brand holders such as Tiffany’s.  A buyer who gets a counterfeit good may think less not only of the seller and of eBay but also of Tiffany’s.  Worse, the buyer who doesn’t realize they’ve received a counterfeit good may attribute its poorer quality to Tiffany’s, another form of damage to the mark.

The court’s decision implicitly weighs these costs and concludes that eBay’s model is, overall, the more efficient use of resources.  The brand owner can always sue the eBay sellers directly, of course, and can use the tools provided by eBay to reduce the number of bad listings that get posted in the first place.  Those enforcement costs, the court implies, are less than the authentication costs of Tiffany’s proposed remedy.  Faced with two possible outcomes, the court chose the more economically efficient.

Under the “law and economics” approach to legal decision-making, that finding would have been made explicit.  Some appellate judges, including Richard Posner and Frank Easterbrook, would have actually done the math as best they could from the record.

In any case, the finding seems economically sound.  Meanwhile, the law is still struggling mightily to catch up to reality.

Google v. Everyone

I had a long interview this morning with the Christian Science Monitor .  Like many of the interviews I’ve had this year, the subject was Google.    At the increasingly congested intersection of technology and the law, Google seems to be involved in most of the accidents.

Just to name a few of the more recent pileups, consider the Google books deal, net neutrality and the National Broadband Plan, Viacom’s lawsuit against YouTube for copyright infringement, Google’s very public battle with the nation of China, today’s ruling from the European Court of Justice regarding trademarks, adwords, and counterfeit goods, the convictions of Google executives in Italy over a user-posted video, and the reaction of privacy advocates to the less-than-immaculate conception of Buzz.

In some ways, it should come as no surprise to Google’s legal counsel that the company is involved in increasingly serious matters of regulation and litigation.  After all, Google’s corporate goal is the collection, analysis, and distribution of as much of the world’s information as possible, or, as the company puts it,” to organize the world’s information and make it universally accessible and useful.”  That’s a goal it has been wildly successful at in its brief history, whether you measure success by use (91 million searches a day) or market capitalization ($174 billion).

As the world’s economy moves from one based on physical goods to one driven by information flow, the mismatch between industrial law and information behavior has become acute, and Google finds itself a frequent proxy in the conflicts.

As I argue in “The Laws of Disruption”, the unusual economic properties of information make it a poor fit for a body of law that’s based on industrial-era assumptions about physical property.  That’s not to say there couldn’t be an effective law of information, only that the law of physical property isn’t it.  Particularly not when industrial law assumes that the subject of any conflict or effort to control (the res as they say in legal lingo) is visible, tangible, and unlikely to cross too many local, state, or national borders—and certainly not every border at the same time, all the time.

To see the mismatch in action, consider two of Google’s on-going conflicts, both in the news this week:  Google v. China and Google v. Viacom.

Google v. China

In 2006, Google made a Faustian bargain with the Chinese government.  In exchange for permission to operate inside the country, Google agreed to substantially self-censor search results for topics (politics, pornography, religion) that the Chinese government considered dangerous.  The company had strong financial motivations for gaining a foothold in the astronomically-fast expanding Chinese Internet market, of course, but also had a genuine belief that giving Chinese users access to the vast majority of its indexed information had the potential to encourage fewer restrictions over time.

Apparently the result was the opposite, with the government tightening, rather than loosening the reins.  Google’s discomfort was compounded by the revelation in January that widespread hacking and phishing scams had penetrated the Gmail accounts of several Chinese dissidents, leading the company to announce it would soon end its censorship of Chinese searches.  (It also added encryption technology to Gmail and, it is widely believed, began working closely with the National Security Agency to help identify the sources of the attacks.)  Though Google has not claimed the attacks were the work of the Chinese government or entities under its control, the connection was hard to miss.  Google is hacked, Google decides to end cooperation with the government.

This week, the company made good on its promise by closing its search site in China and rerouting searches from there to its site in Hong Kong.  As a result of the long occupation of Hong Kong by western governments, which ended in 1997 when the U.K.’s “lease” expired, Hong Kong maintains special legal status within China.  Searches originating in Hong Kong are not censored, and Hong Kong appears to be largely outside China’s “great firewall” which blocks undesirable information including YouTube and Twitter.

For residents of the mainland, however, the move is a non-event.  China quickly applied the filters that Google had applied on behalf of the government for searches originating inside the country.  So Google searches in China are still censored—only now Google isn’t doing the censoring.  The damage to the company’s relationship with the Chinese government, meanwhile, has been severe, as has collateral damage to the relationship between China and the U.S. government.  The story is by no means over.

Google v. Viacom

Also in the last week, a number of key documents were released by the court that is hearing Viacom’s long-running copyright infringement case against Google’s YouTube.  The case, which began around the same time that Google made its deal with China, seeks $1 billion in damages from copyright violations against Viacom content perpetrated by YouTube users, who posted everything from short clips to music videos to entire programs, including “South Park” and “The Daily Show.”

Under U.S. law, Internet service providers are not liable for copyright infringement perpetrated by their users, provided the service provider is not aware of the infringement and that they respond “expeditiously” to takedown requests sent to them by the copyright holder.   (See Section 512 of the Digital Millennium Copyright Act,  http://www.copyright.gov/legislation/dmca.pdf)  Viacom claims YouTube is not entitled to immunity in that it had actual knowledge of the infringing activities of its users.

Discovery in the case has revealed some warm if not smoking guns—guns that the parties resisted being made public.  (See the New York Times Miguel Helft’s as-always excellent coverage, and also coverage in the Wall Street Journal.)  Viacom claims it has found a number of internal YouTube emails that make clear the company knew of widespread copyright infringement by its users, though Google characterizes those messages as having been taken out of context.

Perhaps more interesting has been the embarrassing revelation that many (though still a minority) of the Viacom clips, from MTV and Comedy Central programming for example, were posted by Viacom itself.  Indeed, these noninfringing posts were often put on YouTube under the guise of being posted by non-affiliated users in the hopes of giving the clips more credibility!

These “fake grassroots” accounts, as Viacom marketing executives referred to them, made use of as many as 18 outside marketing agencies.  Most embarrassing is that Viacom’s own legal team has now admitted that hundreds of the YouTube postings it initially claimed in its list of infringing posts were actually authorized posting by Viacom or its affiliates, disguised to look like unauthorized postings.

(Since 2007, Google has somewhat quieted the concerns of copyright holders over YouTube by introducing filtering technologies that let copyright holders supply reference files that can be digitally compared to weed out infringing copies.  This is an example, for better and for worse, of what Larry Lessig has in mind when he talks of implementing legal rules through software “code.”  Better because it avoids some litigation, worse because the code may be overprotective—filtering out uses that might in fact be legal under “fair use.”)

Google v. Everyone

What do the two examples have in common?  Both highlight the difficulty of judging the use of information with traditional legal tools of property and borders.

In the first example, China considers some forms of information to be dangerous.  To some extent, in fact, all governments restrict the flow of information in the name of national security, consumer safety, or other government aims.  China (along with Burma and Iran) are at one end of the control spectrum, while the U.S. and Europe are at the other end.

Google believes, as do many information economists, that more information is always better than less, even when some of it is of poor quality, outright wrong or which espouses dangerous viewpoints.  Google’s view was perhaps best put by Oliver Wendell Holmes, Jr. in his 1919 dissent in Abrams v. United States, 250 U.S. 616 (1919):

[T]he ultimate good desired is better reached by free trade in ideas…[T]he best test of truth is the power of the thought to get itself accepted in the competition of the market, and that truth is the only ground upon which their wishes safely can be carried out. That at any rate is the theory of our Constitution.

But even legal systems that believe in the “the marketplace of ideas” as the preferred forum for determining information value can’t resist the temptation sometimes to put their finger on the scales.  Congress and some states have tried and failed repeatedly to censor “indecent” content on the Internet (fortunately, the First Amendment puts a stop to it, but, as John Perry Barlow says, in cyberspace the First Amendment is a local ordinance).  Just this week, Australia came under fire for proposals to beef up the requirements it places on Internet service providers to censor material deemed harmful to children.  The Google convictions in Italy last month suggest that not even Europe is fully prepared to let the marketplace of ideas operate without the worst kind of ex post facto oversight.

Likewise in the Viacom litigation, it’s clear regardless of the final determination of legal arguments that some information uses that are illegal are nonetheless valuable to those whose interests are supposedly being protected by the law.  Viacom can make all the noise it wants to about “pirates” “stealing” their “intellectual property,” as if this were the 1800’s and the Barbary Coast.  .  Those who posted copyrighted material to YouTube were not doing it with the intent of harming Viacom—their intent was just the opposite.  What’s really going on is that users—fans!—who value their programming were using YouTube to share and spread their enthusiasm with others.

Yet intent plays no part in copyright infringement.  The law assumes that, as with physical property, any use that is not authorized by the “owner” of the information is with few exceptions likely to be financial detrimental.  That is certainly what Viacom claims in the litigation.   But the company’s own behavior tells a different story.  Why else would they post their own material, and pretend to be regular users?  Put another way, why is information posted by an anonymous fan more valuable to Viacom than information posted by the company itself?  What is it about an unsanctioned sharing that communicates valuable information to the recipient?

By posting the clips, YouTube users added their own implicit and explicit endorsement to the content.  The fact that Viacom marketing executives pretended to be fans themselves demonstrates the principle that the more information is used, the more valuable it can become.  That’s not always the case, of course, but here the sharing clearly adds value—in fact, it adds new information to the content (the endorsement) that benefits Viacom.

Whether that added value is outweighed by lost revenue to Viacom from users who, having seen the content on YouTube, didn’t watch it (or the commercials that fund it) on an authorized channel ought to be a key consideration in the court’s determination, but in fact it has almost no place in the law of copyright.  Yet Viacom obviously saw that value itself, or it wouldn’t have posted its own clips pretending to be fans of the programming.

Productive v. Destructive Use

Both these cases highlight why traditional property ideas don’t fit well with information uses.  What would work better?  I present what I think is a more useful framework in the book, a view that is so far absent from the law of information.  That framework would analyze information uses not under archaic laws of property but would rather weigh the use as being “productive” or “destructive” or both and determine if, on the whole, the net social value created by the use is positive.  If so, it should not be treated as illegal, regardless of the law.

What do I mean?  Since information can be used simultaneously by everyone and, after use, is still intact if not enhanced by the use, it’s really unhelpful to think about information being “stolen” or, in the censorship context, of being “dangerous.”   Rather, the law should evaluate whether a use adds more value to information than it takes away.  Information use that adds value (reviewing a movie) is productive and should be legal.  A use that only takes value away (for example, identity theft and other forms of Internet fraud) is destructive and should be illegal.  Uses that do both (copyright infringement in the service of promoting the underlying content) should be allowed if the net effect is positive.

Under the productive/destructive model, Google’s actions in entering and now exiting from China make more sense as both policy and business decisions.  Censoring information is destructive in that it gives users the appearance of complete access where in fact the access has been limited.  That harm should be weighed against the benefit of providing information that otherwise wouldn’t have been available at all to Chinese users.

That the government became more rather than less concerned about Google over time might imply that Google had gotten the balance right—that is, that the Chinese government was increasingly aware that even what it originally thought of as benign information could have the kind of transformative effects it wanted to avoid.

Is China wrong to censor “dangerous” information?  Economically, the answer is yes.  There is a strong correlation between countries who are on the “freer” end of the censorship spectrum and those that have gained most financially from the spread of information technology.  The more information there is, the more value gets added by its use, value that is allocated (roughly, sometimes poorly) among those who added the value.

Likewise, the posting of Viacom clips on YouTube should weigh the productive value of information sharing (promotion and endorsement) against the destructive aspects–lost revenue of paid viewers on an authorized channel supported by cable fees, advertising sponsorship, and purchased copies in whatever media.

Under that kind of analysis, it might turn out that Viacom lost little and gained a great deal from the unpaid services of its fans, and that in fact any true accounting would have credited the fans for $1 billion in generated value rather than the other way around.  Or maybe it was a wash.  But just to consider the lost revenue, particularly using the crazy method of modern copyright law (each viewed clip is considered as a lost sale), is certain to misjudge the true extent of the harm, if any.

A lingering problem in both these examples is the difficulty of determining both the quality and quantity of the productive and destructive uses of the information in question.   How much harm did Google censoring cause?  How much value did YouTube users generate?

We don’t know, not because the answers aren’t knowable but because the tools for making such determinations are so far very primitive.  Traditional rules of accounting follow the industrial assumptions of physical property—that is, if I have it then you don’t, and once I’ve used it, it’s gone or at least greatly depleted—that information doesn’t follow.   It makes little or no allowance for the fact that information use can be non-diminishing, or even productive.

So how would we measure the harm to Chinese Internet users from the censored information, or the value of the information they could get before Google left town?  How would we measure the value of “viral” marketing of Viacom programming posted by real (as opposed to “fake grassroots”) fans?  How would we measure the actual losses Viacom suffered—not the statutory damages they claim under copyright law, which are surely far too generous?

Well, one problem at a time.  First let’s change the rhetoric about information use, positive and negative, from the language of property to a language that’s better-suited to a global, network economy.  If we do, the metrics will invent themselves.

Apple v HTC: The Plot Sickens

I’m quoted briefly in a story today in E-Commerce Times (see “Apple’s Patent Attack:  This Too May be Overhyped” by Erika Morphy) about the patent lawsuit filed this week by Apple against rival mobile device maker HTC.

Apple, of course, produces the iPhone, while HTC makes Google’s Nexus One and other devices that run on Google’s Android operating system.

So right from the start this case looks less like a simple patent dispute and more like a warning shot over Google’s bow.  The two companies are increasingly becoming rivals.  In August of last year, Google CEO Eric Schmidt resigned from Apple’s board.  Apple CEO Steve Jobs wrote at the time, “Unfortunately, as Google enters more of Apple’s core businesses, with Android and now Chrome OS, Eric’s effectiveness as an Apple Board member will be significantly diminished….”

The apocalyptic rhetoric from analysts that accompanied the lawsuit (see Marguerite Reardon’s piece on CNET, “Is Apple Launching a Patent War?”), however, is both under and overselling the story.  It’s both much worse and not as bad as it seems.

The Undersell

The war is actually already going on, and ranges far beyond Apple and HTC.  The mobile device industry is deeply embroiled in prolonged legal battles over patents, with perhaps dozens of complaints and counter-claims flying back and forth.  Nick Bilton of The New York Times this week produced a simplified chart of who is suing whom, which he described as a “patent lawsuit Super Bowl party.”

As I write in Law Eight of The Laws of Disruption, patent litigation has “evolved” from being a last resort in the protection of proprietary technology to the first step in protracted negotiations between industry participants over how to divide up a rapidly-growing pie.  Here’s how it works.  Everyone flood the Patent Office with applications, drafted as broadly as possible.  The over-burdened examiners, who are incentivized to process applications quickly, find it is easier to say yes than to say no, and grant a large percentage of patents that are far too generous and clearly don’t meet the legal requirements for protection.

As I wrote last year in The Big Money, patent grants are out-of-control, one of the many symptoms of what most legal scholars agree is a system that has become utterly broken.  (The U.S. Supreme Court is currently reviewing a case that could see the end of so-called “business method” patents and perhaps even patents for software.  See “Can You Patent a Cat and a Laser Pointer?”)

Meanwhile, the parties all sue each other, and after years of poring over each other’s documents during discovery, figure out, more-or-less, who’s really invented what.  They wind up cross-licensing everything to everybody else and agreeing to mutual defense pacts against future challenges to the good and bad patents.  Apple says it has no interest in licensing its technology, but simply wants to stop competitors from ripping off their property.  We’ll see.

It is very likely that many of these patents, if recent history is any guide, are absurdly overbroad and would not survive full litigation. And full litigation is neither likely nor the goal of the parties. The real point of all this legal posturing is to obtain cross-licenses that will ultimately deter new competitors from entering the market.

There is a better way to protect invention without years of expensive litigation.  In some industries, subject to government approval, the major players simply pool their patents and establish open terms under which anyone can license them.  Sprint, Cisco, Intel and Nextel, for example, have pooled their WiMax patents to ensure a single standard emerges.  A mobile device pool would have been harder to fashion, but would also have avoided a lot of bloodshed (and legal fees).  In the end I suspect the results will be the same.

The Oversell

At the same time, the stakes aren’t quite as life-or-death as many commentators believe.  For example, the E-Commerce Times story quotes Greg Sterling on what a loss for Apple in the suit against HTC would mean:  “It would mean open season on any IP — anything could be copied.”  Hardly.  All it would mean is that the particular patents Apple is claiming either don’t hold up under careful scrutiny or, if they do, that HTC is found not to have infringed them.

More to the point, patent protection is only one way—and perhaps the least effective—that competitors secure competitive advantage in rapidly-growing and rapidly-evolving markets for new technology.  Offering superior service, an ever-growing menu of new options and features, and competitive pricing also works just fine.

Apple in particular has a significant advantage that has nothing to do with its patent portfolio:  the thousands of third-party 3G apps it sells to its customers.  The iPhone’s popularity today has little to do with proprietary technology, and everything to do with the enormous network of third-party software developers Apple has wrangled to write apps for its devices.

The apps drives network traffic, of course, but also drives what economists call “network effects.”  The more people use their iPhones the more people who don’t have one feel nudged to get one. Even if Apple loses the litigation, the network is unaffected.

The real winners in the mobile device patent war will be based not on patents but on the ability to build a robust network with compelling consumer offerings.  As it should be.

The Italian Job: What the Google Convictions are Really About

I was pleased to be interviewed last night on BBC America World News (live!) about the convictions of three senior Google executives by an Italian court for privacy violations.  The case involved a video uploaded to Google Videos (before the acquisition of YouTube) that showed the bullying of a person with disabilities. (See “Larger Threat is Seen in Google Case” by the New York Times’ Rachel Donadio for the details.)

Internet commentators were up-in-arms about the conviction, which can’t possibly be reconciled with European law or common sense.  The convictions won’t survive appeals, and the government knows that as well as anyone.  They neither want to or intend to win this case.  If they did, it would mean the end of the Internet in Italy, if nothing else. Still, the case is worth worrying about, for reasons I’ll make clear in a moment.

But let’s consider the merits of the prosecution. Prosecutors bring criminal actions because they want to change behavior—behavior of the defendant and, more important given the limited resources of the government, others like him.  What behavior did the government want to change here?

The video was posted by a third party. Within a few months, the Italian government reported to Google their belief that it violated the privacy rights of the bullying victim, and Google took it down. They cooperated in helping the government identify who had posted it, which in turn led to the bullies themselves.

The only thing the company did not do was to screen the video before posting it. The Google executives convicted in absentia had no personal involvement in the video. They are being sued for what they did not do, and did not do personally.

So if the prosecution stands, it leads to a new rule for third-party content: to avoid criminal liability, company executives must personally ensure that no hosted content violates the rights of any third party.

In the future, the only thing employees of Internet hosting services of all kinds could do to avoid criminal prosecution would be to pre-screen all user content before putting it on their website.  And pre-screen them for what?  Any possible violation of any possible rights.  So not only would they have to review the contents with an eye toward the laws of every possible jurisdiction, but they would also need to obtain releases from everyone involved, and to ensure those releases were legally binding. For starters.

It’s unlikely that such filtering could be done in an automated fashion. It is true that YouTube, for example, filters user postings for copyright violations, but that is only because the copyright holders give them reference files that can be compared. The only instruction this conviction communicates to service providers is “don’t violate any rights.” You can’t filter for that!

The prosecutor’s position in this case is that criminal liability is strict—that is, that it attaches even to third parties who do nothing beyond hosting the content.

If that were the rule, there would of course be no Internet as we know it. No company could possibly afford to take that level of precaution, particularly not for a service that is largely or entirely free to users. The alternative is to risk prison for any and all employees of the company.

(The Google execs got sentences of six months in prison each, but they won’t serve them no matter how the case comes out. In Italy, sentences of less than three years are automatically suspended.)

And of course that isn’t the rule.  Both the U.S. and the E.U. wisely grant immunity to services that simply host user content, whether it’s videos, photos, blogs, websites, ads, reviews, or comments. That immunity has been settled law in the U.S. since 1996 and the E.U. since 2000. Without that immunity, we simply wouldn’t have–for better or worse–YouTube, Flickr, MySpace, Twitter, Facebook, Craigslist, eBay, blogs, user reviews, comments on articles or other postings, feedback, etc.

(The immunity law, as I write in Law Five of “The Laws of Disruption,” is one of the best examples of the kind of regulating that encourages rather than interferes with emerging technologies and the new forms of interaction they enable.)

Once a hosting service becomes aware of a possible infringement of rights, to preserve immunity most jurisdictions require a reasonable investigation and (assuming there is merit to the complaint), removal of the offending content. That, for example, is the “notice and takedown” regime in the U.S. for content that violates copyright.

The government in this case knows the rule as well as anyone.  This prosecution is entirely cynical—the government neither wants to nor intends to win on appeal.  It was brought to give the appearance of doing something in response to the disturbing contents of the video (the actual perpetrators and the actual poster have already been dealt with). Google in this sense is an easy target, and a safe one in that the company will vigorously fight the convictions until the madness ends.

And not unrelated, it underscores a message the Italian government has been sending any way it can to those forms of media it doesn’t already control—that it will use whatever means at its disposal, including the courts, to intimidate sources it can’t yet regulate.

So in the end it isn’t a case about liability on the Internet so much as a case about the power of new media to challenge governments that aren’t especially interested in free speech.

Internet pundits are right to be outraged and disturbed by the audacious behavior of the government. But they should be more concerned about what this case says about freedom of the press in Italy and less what it says about the future of liability for content hosts.

And what it says about the Internet as a powerful, emerging form of communication that can’t easily be intimidated.

Note to eBay: A Chink in the Amazon Armor?

I don’t usually blog “personal” stories, but this one is irresistible.  It raises disturbing questions at the border of digital and physical life, and legal problems of trademark and the emerging issues of cloud computing and data liability.

EBay, as everyone knows, has been struggling to improve its customer experience in the light of disappointing results in the last few years. One problem in particular that the company has worked hard to address is the problem of sellers who either misrepresent their items or otherwise underperform in the transaction, tarnishing the image of eBay in the process.

There are of course legal consequences to some of these problems as well. EBay has been the subject of numerous lawsuits in the U.S. and abroad from trademark holders claiming that eBay sellers are offering knock-off or forged goods as branded merchandise, or selling items outside the often-strict terms under which authorized merchants may sell branded goods. (For example, selling outside assigned geographic territory, or selling below the authorized price or terms.)

I’ve written extensively about the eBay litigation, including lawsuits brought by Tiffany in the U.S. and the Louis Vuitton brands in France. The question in these cases comes down to a definition of what eBay actually “is”—a department store responsible for the merchandise sold on its premises (liable) or a community bulletin board offered as a convenience to connect buyers and sellers of a variety of unrelated products and services (not liable).

EBay is neither of these things—it is an example of a new kind of virtual marketplace enabled by digital technology. But the law here, as elsewhere, has not kept up with the changing realities of digital life, leaving judges to struggle with analogies that just don’t fit. EBay has scored strong victories in the U.S., and significant losses abroad. Whatever the results in these cases, the legal reasoning is always hopeless and the opinions useless as precedent. The law evolves slowly.

(In a new twist, just the other week eBay was ordered to pay over $300,000 by a French court in another dispute with Louis Vuitton. This one involved eBay’s practice of purchasing advertising keywords that were common misspellings of LVMH marks that directed searches to eBay. EBay is appealing.)

Amazon’s third-party Marketplace, which has eaten into eBay’s market significantly over the years, has largely avoided these public legal skirmishes. Brand holders and their distributors may prefer to sell through Amazon than eBay, giving an incentive not to litigate when problems do arise. Amazon also manages a much smaller and generally more professional group of third party merchants than does eBay and, it appears, exercises more vigorous policing over the items that appear under the Amazon banner but which in fact are sold and distributed by third parties.

Well, maybe not. Recently I purchased a replacement camera battery from an Amazon third party merchant. (You can find the listing here, though I strongly suspect it will be changed or disabled very shortly for reasons that will become clear in a moment.)

Dissatisfied with after-market batteries I have purchased in the past, I decided this time to buy an actual Minolta battery for my Minolta camera. The listing I purchased from described the item as a “Konica Minolta DiMAGE X Replacement Battery,” and even had a link immediately below to “Other products by Konica-Minolta” (sic), which went to a page of authorized, branded goods from the electronics giant. Overall, the listing gives several indications that suggest an actual, new Minolta battery is being offered.

I received the battery today, only to find that what I received was an OEM battery of completely unknown quality and a completely different brand. (I haven’t bothered to test it out yet—but in any case, my problem with OEM batteries is that they often stop holding a charge after a month or two of use.) The purchase price was small, and the unrefundable shipping and handling represented about a third of the cost. Still, I wrote to the merchant to request a return authorization.

The merchant called immediately with an unusual story to tell. He claimed that his original listing was entirely accurate, and that the title listed his house brand name (“Wasabi”) and not Konica Minolta. But, he advised, Amazon allows other merchants who sell “the same item” to include themselves as a seller of the item and to make modifications to the page.  Another seller, he claimed, changed the listing to misrepresent the item.

Even if another seller makes changes that are inaccurate or, in this case, obviously fraudulent and infringing of strong trademarks, the seller complained to me that there is nothing the original seller can do. He claims that when he has previously advised Amazon of similar changes, Amazon often failed to correct the listings and informed him there was nothing he could do about it—that later changes take priority.

There is indeed a second seller listed as offering this item, though the merchant I purchased from is still the default seller on the page and, in fact, the second seller offers “the same item” at a higher price. (It’s unclear what the second seller actually sells–a Konica Minolta battery or a different after-market compatible battery. Amazon has several other pages offering several other after-market batteries.) There were no reviews of the item until I wrote one today noting the misrepresentation.

The merchant indicated that he hadn’t noticed this particular error (he sells a great deal of after-market items) but that when he received my complaint he immediately requested Amazon correct the page. Amazon, he said, rejected the changes. (As of the end of the day, the original page is still intact.) He offered to—and later did—fully refund my purchase including the shipping and handling, and told me to keep the item anyway. I told him I would contact Amazon, which he encouraged me to do, and asked me to call him back if they didn’t confirm everything he had told me.

Amazon denied everything he told me. Specifically, the customer service representative told me that he would file a complaint against the merchant but that, “I can tell you that what he told you is completely inaccurate.” (I don’t think the call was being recorded—in any case, I wasn’t notified if it was.)

Worse, when I asked them to get the merchant on the call, the customer service representative agreed but told me that “for legal purposes” he would not be able to confirm or deny anything he had previously said to me once the merchant got on the call. (That strikes me as the kind of “urban myth” legal advice that has no actual value but which gets passed along all the time.) True to his promise, the Amazon CSR listened politely as the merchant repeated his explanation of a serious breakdown in Amazon’s process, told in the presence of a customer, and neither confirmed nor denied it, much to the merchant’s frustration.

After the call, the merchant emailed me the following quotation from, he says, the Seller Support page’s “Detail Page Control” process:

In most categories, multiple sellers sell the same product through a single detail page. This provides an organized, uniform product presence in our catalog and increases the convenience of comparison shopping for potential buyers.

The information displayed on an Amazon single detail page, called “reconciled” data, is drawn from multiple seller contributions. When a seller contributes product information to an existing item in our catalog, a decision is made about whether or not to display any changes to the product details on the single detail page. This decision is processed automatically according to business logic known as “Detail Page Control.” Detail Page Control determines which of the available product descriptions, features, titles, and additional details are displayed on the single detail page.

The selection is made based on which contributing seller has greater Detail Page Control as determined by our automated system. This could be Amazon or any seller offering the item. Detail Page Control rankings are not modified manually, but are regularly reviewed and updated automatically by our system. Some factors that affect Detail Page Control are a seller’s sales volume, refund rate, buyer feedback, and A-to-z Guarantee claims.

I can’t say if this is actually what the Amazon page says (it is behind a firewall for sellers) or what, in addition, the page says regarding fraudulent information and information that constitutes potential trademark infringement or other actionable unfair trade practices. Nor is it clear what controls exist over merchants claiming to sell “the same product” but who in fact sell something different. Nor can I say why, when asked directly by the merchant on the call to assure the customer (me) that the merchant was accurately describing Amazon’s process, the CSR refused to “confirm or deny anything.”

The description of the system, if accurate, suggests a significant level of control exercised by Amazon over the accuracy and quality of the content of its listings. It goes beyond what I understand to be the level of control exercised by eBay.

Could this prove definitive in trademark disputes brought by companies such as, oh I don’t know, Konica Minolta? Perhaps so. Could it serve as evidence eBay could use to make the case that it is “less” of a storefront than Amazon in eBay’s own litigation? Well, I’d certainly offer it were I representing eBay. (I do not represent eBay. Or Amazon. Or Konica Minolta. Or the merchant in this case.)

The merchant, understandably upset if he is telling the truth, wrote that he owns a small business that provides for his wife and son and is greatly distressed that I have had a bad experience with him for which he cannot get Amazon to take the blame. Though I am a long-time and very satisfied Amazon customer, I have had enough bad experiences with their third party Amazon marketplace resellers to suspect he is telling the truth here.

That is, it seems plausible to me that another seller sabotaged his listing and that Amazon’s processes aren’t good enough to correct that behavior on a timely basis. A few well-placed lawsuits by brand holders ought to take care of the problem, if in fact there is a problem. But even an honest merchant is a small cog in a big machine, with little recourse except perhaps to move his business to another marketplace. (But then he would have to learn another perhaps imperfect system and would lose all the reputation value of his nearly 4,000 customer reviews.)

One disturbing detail, however. After the calls I went back and looked at the sales receipt that accompanied the battery, which was shipped by the merchant and not Amazon. The receipt, printed under the merchant’s letterhead, includes an SKU that I assume to be the merchant’s and not Amazon’s. In any case, the item description repeats the description on the Amazon page, that is, it describes the item as a Konica Minolta battery and not the merchant’s house branded OEM.

I asked the merchant by way of follow-up to explain his Sales Receipt. He writes, “We use the title of the product (as listed on Amazon) on our printed sales receipt. If the product title changes on Amazon, so too will the description as it appears on our sales receipt.”

I suspect what he means is that either he uses Amazon’s systems or that his system pulls its data on-demand from Amazon. If so, here’s another interesting legal problem raised by the move to cloud computing. Who’s responsible when bad data generates actionable misrepresentations?

The Other Side of Privacy

After attending last week’s Federal Trade Commission online privacy roundtable, I struggled for several days to make some sense out of my notes and my own response to calls for new legislation to protect consumer privacy. The result was a 5,000 word article—too long for nearly anyone to read. More on that later.

Even as the issue of privacy continues to confound much brighter people than me, however, the related problem of securing the Internet has also been getting a great deal of attention. This is in part due to the widely-reported announcement from Google that its servers and the Gmail accounts of Chinese dissidents had been hacked, leading the company to threaten to leave China altogether if its government continues to censor search results.

Both John Markoff of the New York Times and Declan McCullagh of CBS Interactive have also been back on the beat, publishing some important stories on the state of American preparedness for cyberattacks (not well prepared, they conclude) and on the continued tension between privacy and law enforcement. See in particular Markoff’s stories on Jan. 26 and on Feb. 4th and McCullagh’s post on Feb. 3.

Markoff reports a consensus view that the U.S. does not have adequate defensive and deterrent capabilities to protect government and critical infrastructure from cyberattacks. Even worse, after years of effort and studies, the author of the most recent effort to craft a national strategy told him “We didn’t even come close.”

Markoff reports that Google has now asked the National Security Agency to investigate the attacks that led to its China announcement and the subsequent exchange of hostile diplomacy between the U.S. and China. Dennis C. Blair, director of the Office of National Intelligence, told Congress earlier this week that “Sensitive information is stolen every daily from both government and private-sector networks….”

That finding seems to be buttressed by findings in a new study sponsored by McAfee. As Elinor Mills of CNET reported, 90% of survey respondents from critical infrastructure providers in 14 countries acknowledged that their enterprises had been the victim of some kind of malware. Over 50% had experienced denial of service attacks.

These attacks and the lack of adequate defenses are leading companies and law enforcement agencies to work more closely, if only after the fact. But privacy advocates, including the Electronic Frontier Foundation and the Electronic Privacy Information Center, are concerned about increasingly cozy relations between major Internet service providers and law enforcement agencies including the NSA.

They are likely to become apoplectic, however, when they read McCullagh’s post. He reports that a federal task force is about to release survey results that suggest law enforcement agencies would like an easier interface to request customer data from cell phone carriers and rules that would require Internet companies to retain user data “for up to five years.” The interface would replace the time-consuming and expense paper warrant processes now necessary for investigators to gain access to customer records.

Privacy advocates and law enforcement agencies are simply arguing past each other, with Internet companies trapped in the middle. Unmentioned at the FTC hearing—largely because law enforcement is out of the scope of the agency’s jurisdiction—is the legal whipsaw that Internet companies are currently facing. On the one hand, privacy and consumer regulators in the U.S., Europe and elsewhere are demanding that information collectors, including communications providers, search engines and social networking sites, purge personally-identifiable user data from their servers within 12 or even 6 months.

At the same time, law enforcement agencies of the very same governments are asking the same providers to retain the very same data in the interest of criminal investigations. Frank Kardasz, who conducted the law enforcement survey, wrote in 2009 that ISPs who do not keep records long enough “are the unwitting facilitators of Internet crimes against children.” Kardazs wants laws that “mandate data preservation and reporting,” perhaps as long as five years.

ISPs and other Internet companies are caught between a rock and a hard place. If they retain user data they are accused of violating the privacy interests of their consumers. If they purge it, they are accused of facilitating the worst kinds of crime. This privacy/security schizophrenia has led leading Internet companies to the unusual position of asking for new regulations, if only to make clear what it is governments want them to do.

The conflict becomes clear just by considering one lurid example (the favorite variety of privacy advocates on both sides) that was raised repeatedly at the FTC hearing last week. As long as service providers retain data, the audience was told, there is the potential for the perpetrators of domestic violence to piece together bits and pieces of that information to locate and continue to terrorize their victims. Complete anonymization and deletion, therefore, must be mandated.

But turn the same example around and you reach the opposite conclusion. While the victim of the crime is best protected by purging, capturing and prosecuting the perpetrator is easiest when all the information about his or her activities has been preserved. Permanent retention, therefore, must be mandated.

This paradox would be easily resolved, of course, if we knew in advance who was the victim and who was the perpetrator. But what to do in the real world?

For the most part, these and other sticky privacy-related problems are avoided by compartmentalizing the conversation—that is, by talking only about victims or only about perpetrators. As Homer Simpson once said, it’s easy to criticize, and fun too.

Unfortunately it doesn’t solve any problem, nor does it advance the discussion.