Justia Internet Law Opinion Summaries

by
Jereno Kinslow's felony conviction for computer trespass was premised on evidence that Kinslow altered his employer’s computer network settings so that e-mail messages meant for Kinslow’s boss would also be copied and forwarded to Kinslow’s personal e-mail account. The Court of Appeals affirmed Kinslow’s conviction, and the Georgia Supreme Court granted Kinslow’s petition for certiorari, posing the question of whether Kinslow’s conduct constituted a violation of OCGA 16-9-93 (b)(2). The Court found that although the statute in general was extremely broad, the portion of (b)(2) on which the State exclusively relied did not reach Kinslow’s conduct. Accordingly, the Supreme Court concluded the evidence presented at Kinslow’s trial was insufficient to support his conviction under Jackson v. Virginia, 443 U.S. 307 (1979), and thus reversed. View "Kinslow v. Georgia" on Justia Law

by
Internet services and social media providers may not be held secondarily liable under the Anti-Terrorism Act (ATA) for aiding and abetting a foreign terrorist organization—here, Hamas—based only on acts committed by a sole individual entirely within the United States.In July 2016, plaintiff and thirteen other police officers were shot and either injured or killed during a tragic mass-shooting committed by Micah Johnson in Dallas, Texas. Plaintiff and his husband filed suit against Twitter, Google, and Facebook, alleging that defendants are liable because they provided material support to Hamas, a foreign terrorist organization that used Internet services and social media platforms to radicalize Johnson to carry out the Dallas shooting.The Fifth Circuit held, based on plaintiffs' allegations, that the Dallas shooting was committed solely by Johnson, not by Hamas's use of defendants' Internet services and social media platforms to radicalize Johnson. Therefore, it was not an act of international terrorism committed, planned, or authorized by a foreign terrorist organization. The court also held that defendants did not knowingly and substantially assist Hamas in the Dallas shooting, again because the shooting was committed by Johnson alone and not by Hamas either alone or in conjunction with Johnson. Therefore, the district court was correct in concluding that defendants are not secondarily liable under the ATA. The court affirmed the district court's judgment. View "Retana v. Twitter, Inc." on Justia Law

by
After Cambridge Analytica improperly harvested user data from Facebook's social network, Google discovered that a security glitch in its Google+ social network had left the private data of some hundreds of thousands of users exposed to third-party developers. Google and its holding company, Alphabet, chose to conceal this discovery, made generic statements about how cybersecurity risks could affect their business, and stated that there had been no material changes to Alphabet's risk factors since 2017.Rhode Island, in a consolidated amended complaint, filed suit against Alphabet, Google, and others, alleging violations of Section 10(b) of the Securities Exchange Act of 1934 and SEC Rule 10b-5 for securities fraud, as well as violations of Section 20(a) of the Exchange Act. The district court granted Alphabet's motion to dismiss on the grounds that Rhode Island failed to adequately allege a materially misleading misrepresentation or omission and that Rhode Island failed to adequately allege scienter.The Ninth Circuit concluded that the complaint adequately alleged that Google, Alphabet, and individual defendants made materially misleading statements by omitting to disclose these security problems and that defendants did so with sufficient scienter, meaning with an intent to deceive, manipulate, or defraud. Applying an objective materiality standard, the panel concluded that Rhode Island's complaint plausibly alleges the materiality of the costs and consequences associated with the Privacy Bug, and its public disclosure, and how Alphabet's decision to omit information about the Privacy Bug in its 10-Qs significantly altered the total mix of information available for decisionmaking by a reasonable investor. Furthermore, the complaint adequately alleges scienter for the materially misleading omissions from the 10-Q statements. The panel also concluded that Rhode Island adequately alleged falsity, materiality, and scienter for the April 2018 and July 2018 10-Q statements. Accordingly, the panel reversed the district court's holdings to the contrary and reversed the dismissal of the section 20(a) control-person claims based on the 10-Q statements.Because the complaint does not plausibly allege that the remaining statements at issue are misleading material misrepresentations or omissions, the panel affirmed the district court's dismissal of the Section 10(b) and Rule 10b-5(b) statement liability claims based on these statements. The panel also affirmed the district court's dismissal of the Section 20(a) controlling-person claims for these statements. Finally, because the district court erred in sua sponte dismissing Rhode Island's claims under Rule 10b-5(a) and (c) when Alphabet had not targeted those claims in its motion to dismiss, the panel reversed the dismissal of the claims under Section 10(b) and Rule 10b-5(a) and (c) against all defendants and remanded to the district court. The panel also reversed the dismissal of Rhode Island's claims under Section 20(a) to the extent those claims depend on claims alleging violations of Rule 10b-5(a) and (c). View "Rhode Island v. Alphabet, Inc." on Justia Law

by
Soliman entered a California Subway sandwich shop. An employee showed her an in-store, hard-copy advertisement, on which Subway offered to send special offers if she texted a keyword. Soliman sent a text message to Subway. Subway began sending her, via text message, hyperlinks to electronic coupons. Soliman alleges that she later requested by text that Subway stop sending her messages, but her request was ignored. She filed suit under the Telephone Consumer Protection Act. Subway moved to compel arbitration, arguing that a contract was formed because the in-store advertisement, from which Soliman got the keyword and shortcode, included a reference to terms and conditions, including an arbitration requirement, located on Subway’s website and provided the URL.The Second Circuit affirmed the denial of the motion to compel arbitration. Under California law, Soliman was not bound by the arbitration provision because Subway did not provide reasonably conspicuous notice that she was agreeing to the terms on the website. Because of barriers relating to the design and content of the print advertisement, and the accessibility and language of the website itself, the terms and conditions were not reasonably conspicuous under the totality of the circumstances; a reasonable consumer would not realize she was being bound to such terms by sending a text message to Subway in order to receive promotional offers. View "Soliman v. Subway Franchisee Advert. Fund Trust, Ltd." on Justia Law

by
Former Georgia police sergeant Van Buren used his credentials on a patrol-car computer to access a law enforcement database to retrieve license plate information in exchange for money. His conduct violated a department policy against obtaining database information for non-law-enforcement purposes. The Eleventh Circuit upheld Van Buren's conviction for a felony violation of the Computer Fraud and Abuse Act of 1986 (CFAA), which covers anyone who “intentionally accesses a computer without authorization or exceeds authorized access,” 18 U.S.C. 1030(a)(2), defined to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”The Supreme Court reversed. An individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of the computer (files, folders, databases) that are off-limits to him. Van Buren “access[ed] a computer with authorization” and “obtain[ed] . . . information in the computer.” The phrase “is not entitled so to obtain” refers to information one is not allowed to obtain by using a computer that he is authorized to access.“Without authorization” protects computers themselves from outside hackers; the “exceeds authorized access” clause protects certain information within computers from "inside hackers." One either can or cannot access a computer system, and one either can or cannot access certain areas within the system. The Act’s precursor to the “exceeds authorized access” language covered any person who, “having accessed a computer with authorization, uses the opportunity such access provides for purposes to which such authorization does not extend.” Congress removed any reference to “purpose” in the CFAA. On the government’s reading, an employee who sends a personal e-mail or reads the news using a work computer may have violated the CFAA. View "Van Buren v. United States" on Justia Law

by
Lund was convicted of possession of more than 600 images of child pornography, at least 10 of which involved a prepubescent minor or a minor under 12 years old (Penal Code 311.11(c)(1)) and was sentenced to five years' imprisonment.One of the tools used in the investigation was CPS (Child Protection System), a privately-developed web interface for viewing results from a suite of several software tools that each search for child pornography on a specific peer-to-peer network. CPS compares the files listed in response to keyword searches against CPS’s database of hash values, which contains the hash values of files that law enforcement officers somewhere in the world have previously tagged as child pornography.The court of appeal affirmed, rejecting arguments that the trial court should have excluded some of the CPS data because the data was case-specific, testimonial hearsay and that the prosecution failed to establish that CPS was reliable and generally accepted in the scientific community. The CPS hash values were not hearsay in this case because they were not admitted for their truth. Lund also unsuccessfully argued that the prosecutor committed repeated, pervasive misconduct and that the trial court abused its discretion in allowing the prosecution to play for the jury several child pornography videos. View "People v. Lund" on Justia Law

by
The issue before the Washington Supreme Court’s in this case was whether an individual’s YouTube channel qualified as “news media” for requests for certain records under the Washington Public Records Act (PRA). In 2014, Brian Green and Peter Auvil went to the County-City Building in Tacoma to file a document and pay a parking ticket. As they went through security, the guard asked to search Auvil’s bag. Auvil refused. A Pierce County deputy sheriff came to assist, and Auvil began to record a video of the interaction on his phone. Auvil continued to refuse to allow the security guard to search the bag, arguing that the security checkpoint was a violation of his privacy rights. The conversation escalated, and the deputy asked the men to leave. When Green stood too close to him, the deputy shoved Green and caused him to fall backward onto the floor. The deputy arrested Green for criminal obstruction and took him to jail. He was released approximately 24 hours later. The prosecuting attorney’s office dismissed the charge. In December 2017, Green e-mailed a PRA request to the Pierce County Sheriff’s public records office requesting “[a]ny and all records of official photos and/or birth date and/or rank and/or position and/or badge number and/or date hired and/or ID Badge for all detention center and/or jail personnel and/or deputies on duty November 26 & 27 2014.” A representative of the Sheriff’s “Public Disclosure Unit” sent 11 pages of records, but did not include photographs or dates of birth as requested, explaining that the information was exempt under the PRA. Green said he was “working on a story concerning the Pierce County Jail” and again signed his e-mail with the title, “Investigative Journalist.” Green claimed his 6,000-subscriber YouTube channel met the definition of “news media” under the PRA. The Supreme Court concluded the statutory definition of “news media” required an entity with a legal identity separate from the individual. Green did not prove that he or the Libertys Champion YouTube channel met the statutory definition of “news media,” and, thus, he was not entitled to the exempt records. Therefore, the trial court was reversed in part. The Court affirmed the trial court’s denial of Pierce County’s motion to compel discovery. View "Green v. Pierce County" on Justia Law

by
Pillar hired Epiphyte to convert its cryptocurrency into Euros. Epiphyte informed Pillar that it used Payward’s online exchange to convert its clients’ cryptocurrencies. Pillar transferred its cryptocurrency into Epiphyte’s account on Payward’s platform. After Epiphyte converted the currency but before the exchanged funds were transferred to Pillar’s bank account, four million Euros belonging to Pillar were stolen from Epiphyte’s account.Pillar sued Payward, alleging Payward knew or should have known that Epiphyte was using its Payward account on Pillar's behalf, failed to use standard security measures that would have prevented the theft, and falsely advertised that it provided the best security in the business. Payward moved to compel arbitration, claiming that Epiphyte agreed to Payward’s “Terms of Service” when it created an account, as required for all users, that those Terms included an arbitration agreement, and that Pillar was bound by that agreement.The court of appeal affirmed the denial of Payward’s motion. There is no evidence Epiphyte was acting as Pillar’s agent when it agreed to the Terms two years before Pillar hired it or that the agency relationship automatically bound the principal to the agent’s prior acts. There is no evidence Pillar knew the arbitration agreements existed or had a right to rescind them. No ratification occurred. There was no intent to benefit Pillar or similar parties. Pillar’s claims are not inextricably intertwined with the Terms. View "Pillar Project AG v. Payward Ventures, Inc." on Justia Law

by
The Ninth Circuit reversed the district court's judgment dismissing an amended complaint against Snap based on immunity under the Communications Decency Act (CDA), 47 U.S.C. 230(c)(1). Plaintiffs, the surviving parents of two boys who died in a high-speed accident, alleged that Snap encouraged their sons to drive at dangerous speeds and caused the boys' deaths through its negligent design of its smartphone application Snapchat. Specifically, plaintiffs claimed that Snapchat allegedly knew or should have known, before the accident, that its users believed that a reward system existed and that the Speed Filter was therefore incentivizing young drivers to drive at dangerous speeds.The panel applied the Barnes factors and concluded that, because plaintiffs' claim neither treats Snap as a "publisher or speaker" nor relies on "information provided by another information content provider," Snap does not enjoy immunity from this suit under section 230(c)(1). In this case, Snap is being used for the predictable consequences of designing Snapchat in such a way that it allegedly encourages dangerous behavior, and the CDA does not shield Snap from liability for such claims. The panel declined to affirm the district court's decision on the alternative ground that plaintiffs have failed to plead adequately in their amended complaint the causation element of their negligent design claim. Accordingly, the panel remanded for further proceedings. View "Lemmon v. Snap, Inc." on Justia Law

by
During the COVID-19 pandemic, Kentucky’s Attorney General opened civil price-gouging investigations into Kentucky-based merchants, including at least one member of the Guild that was selling goods to Kentuckians through Amazon’s online marketplace. The Guild challenged the constitutionality of Kentucky’s price-gouging laws as applied to sellers on Amazon, invoking the extraterritoriality doctrine of the dormant commerce clause. Accepting that the Attorney General sought only to enforce the Commonwealth’s price-gouging laws against Kentucky-based sellers in connection with sales to Kentucky consumers through Amazon’s platform, the district court nevertheless granted the Guild a preliminary injunction, concluding that enforcing the laws in connection with Amazon sales would have impermissible extraterritorial effects.The Sixth Circuit vacated, first holding that the Guild is likely to establish direct organizational standing and standing on behalf of its members. This enforcement of Kentucky’s price-gouging laws is unlikely to run afoul of the dormant commerce clause’s extraterritoriality doctrine, which invalidates state laws as per se unconstitutional in the narrow instances where a state expressly or inevitably exceeds its authority and seeks to control wholly out-of-state commerce. The effect on out-of-state commerce of Kentucky’s price-gouging laws depends entirely upon Amazon’s independent decision-making with regard to the structure of its online marketplace, so the application of those laws to Kentucky-based third-party sellers on Amazon in connection with sales to Kentucky consumers is unlikely to offend the extraterritoriality doctrine. View "Online Merchants Guild v. Cameron" on Justia Law