Justia Internet Law Opinion Summaries
Thornley v. Clearview AI, Inc.
Clearview's facial recognition tool takes advantage of public information on the Internet. Clearview uses a proprietary algorithm to “scrape” pictures from social media sites such as Facebook, Twitter, Instagram, LinkedIn, and Venmo. Clearview’s software harvests from each scraped photograph the biometric facial scan and associated metadata (time and place stamps); that information is put onto its database, which is stored on servers in New York and New Jersey. Clearview offers access to this database for users who wish to find out more about someone in a photograph. Many of its clients are law-enforcement agencies. The New York Times published an article about Clearview.This putative class action asserted violations of Illinois’s Biometric Information Privacy Act, 740 ILCS 14/15. After its removal to federal court, the district court remanded the case to state court, stating that the complaint alleged only a bare statutory violation, not the kind of concrete and particularized harm that would support Article III standing in federal court. The Seventh Circuit affirmed. In alleging a violation of a general rule that prohibits the operation of a market in biometric identifiers and information, the complaint described only a general, regulatory violation, not something that is particularized to the plaintiffs and concrete. It alleged no particularized injury resulting from the commercial transaction. View "Thornley v. Clearview AI, Inc." on Justia Law
Dziubla v. Piazza
Plaintiffs-appellants Robert Dziubla and Linda Stanwood claimed defendant Ignatius Piazza II, owner of a Nevada firearms training facility, harassed and threatened them by publishing defamatory statements along with their personal identifying information, and sending associates to invade their home. Piazza retorted that plaintiffs conned him out of thousands of dollars and are now attempting to steal his property and "chill his constitutional rights." The trial court granted in part and denied in part Piazza’s special motion to strike under California’s anti-SLAPP statute. With one important clarification as to the scope of protected activity, the Court of Appeal reached the same conclusion. That clarification involved so-called “doxing” allegations in the complaint: plaintiffs’ claim that Piazza published private personal identifying information about them to thousands of gun enthusiasts as a thinly-veiled threat about what could happen if they continued to litigate the business dispute. Although it was included in an otherwise-protected litigation “alert” that discussed the pending lawsuit, the doxing information was entirely extraneous to the court proceedings that were the ostensible subject of the communication. The Court of Appeal thus rejected Piazza’s assertion that plaintiffs could not meet the “minimal merit” standard on the anti-SLAPP motion because the doxing allegations would necessarily be barred by the litigation privilege in Civil Code section 47(b). The order granting the special motion to strike was reversed in part as to two of plaintiffs’ cause of action ‒ the tenth, seeking an injunction, and the twelfth, alleging a civil rights violation ‒ but only as to the claims included in these causes of action that alleged injury from the publication of their personal information, i.e., the doxing allegations. In all other respects, the order was affirmed. The matter was remanded to the trial court for further proceedings. View "Dziubla v. Piazza" on Justia Law
Rad v. Attorney General United States
In 2012, Rad and others were charged with acquiring penny stocks, “pumping” the prices of those stocks by bombarding investors with misleading spam emails, and then “dumping” their shares at a profit. Rad was convicted of conspiring to commit false header spamming and false domain name spamming under the Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM), 15 U.S.C. 7701(a)(2), which addresses unsolicited commercial email. The PSR recommended raising Rad’s offense level to reflect the losses inflicted on investors, estimating that Rad realized about $2.9 million in “illicit gains” while acknowledging that because “countless victims” purchased stocks, the losses stemming from Rad’s conduct could not “reasonabl[y] be determined.” Rad emphasized the absence of evidence that any person lost anything. Rad was sentenced to 71 months’ imprisonment. The record is silent as to how the court analyzed the victim loss issue. The Third Circuit affirmed. DHS initiated removal proceedings under 8 U.S.C. 1227(a)(2)(A)(iii), which renders an alien removable for any crime that “involves fraud or deceit” “in which the loss to the victim or victims exceeds $10,000.” The IJ and the BIA found Rad removable.The Third Circuit remanded. Rad’s convictions for CAN-SPAM conspiracy necessarily entail deceit under 8 U.S.C. 1101(a)(43)(M)(i). The second element, requiring victim losses over $10,000, however, was not adequately addressed. The court noted that intended losses, not just actual ones, may meet the requirement. View "Rad v. Attorney General United States" on Justia Law
Clare v. Clare
A husband's unauthorized access into his wife's work emails—undoubtedly an invasion of her privacy—could also constitute a violation of the Stored Communications Act.After wife and her law firm employer filed suit against husband and his divorce lawyer, the other parties resolved their claims and wife filed a second amended complaint alleging one cause of action against husband under the Act. The district court granted summary judgment for husband because wife failed to show that the e-mails husband allegedly accessed were in "back up storage" as defined by the Act.The Ninth Circuit reversed the district court's exclusion of a declaration submitted by plaintiff, concluding that the district court abused its discretion in disregarding the declarant's personal knowledge about wife's e-mail storage. The panel explained that the evidence does not require expert qualification where the declarant was employed with the IT company that services wife's law firm and the information he provides is far from technical.The panel held that the Act provides a private cause of action against one who intentionally accesses without authorization a facility through which an electronic communication service is provided and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage. Electronic storage includes storage for purposes of backup protection, which requires that there be a second, backup copy of a message. In this case, the declaration submitted by plaintiff created a genuine dispute of material fact with respect to whether the e-mails defendant accessed were entitled to protection under the Act. Finally, the panel agreed with the Fourth Circuit's recent rejection of any distinction between the protection afforded to "service copies," meaning those less conveniently accessible. The panel reversed the district court's grant of summary judgment and remanded for further proceedings. View "Clare v. Clare" on Justia Law
United States v. Miller
When a Google employee views a digital file and confirms that it is child pornography, Google assigns the file a hash value (digital fingerprint). It then scans Gmail for files with the same value. Google learned that a Gmail account had uploaded files with hash values matching child pornography and sent a report to the National Center for Missing and Exploited Children (NCMEC). NCMEC’s systems traced the IP address to Kentucky. A local detective connected Miller to the Gmail account.The Sixth Circuit affirmed Miller’s convictions. The Fourth Amendment restricts government, not private, action. A private party who searches a physical space and hands over paper files to the government has not violated the Fourth Amendment. Rejecting Miller’s argument that the detective conducted an “unreasonable search” when he later opened and viewed the files sent by Google, the court reasoned that the government does not conduct a Fourth Amendment search when there is a “virtual certainty” that its search will disclose nothing more than what a private party’s earlier search revealed. A hash-value match has near-perfect accuracy, creating a “virtual certainty” that the files in the Gmail account were the known child-pornography files that a Google employee had viewed. The admission of NCMEC’s report at trial did not violate Miller’s Sixth Amendment right to confront “witnesses.” The rule applies to statements by people. NCMEC’s automated systems, not a person, entered the information into the report. View "United States v. Miller" on Justia Law
Royal Truck & Trailer Sales & Service, Inc. v. Kraft
Royal employed Kraft and Matthews (Defendants) in its sales team. Royal’s employee handbook prohibited using company equipment for personal activities; unauthorized use, retention, or disclosure of any of Royal’s resources or property; and sending or posting trade secrets or proprietary information outside the organization. Royal’s “GPS Tracking Policy” stated, “[e]mployees may not disable or interfere with the GPS (or any other) functions on a company-issued cell phone,” nor may employees “remove any software, functions or apps.” The Defendants resigned to become employed with one of Royal’s competitors. Royal discovered that, shortly before his resignation, Kraft forwarded from his Royal email account to his personal one quotes for Royal customers and Royal paystubs; contacted a Royal customer through Royal’s email server to ask the customer to send “all the new vendor info” to Kraft’s personal email account; then deleted and reinstalled the operating system on his company-issued laptop, rendering its data unrecoverable. Matthews did much the same and announced her resignation on social media, sharing a link to the song, “You Can Take This Job and Shove It.”Royal sued, citing the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, which refers to one who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer.” The district court concluded that the Defendants did not “exceed” their “authorized access,” under CFAA. The Sixth Circuit affirmed. While their conduct might violate company policy, state law, perhaps another federal law, the employees were authorized to access the information in question. View "Royal Truck & Trailer Sales & Service, Inc. v. Kraft" on Justia Law
Thurston v. Fairfield Collectibles of Georgia, LLC
Plaintiffs Cheryl Thurston and Luis Licea (collectively Thurston) were California residents who purchased items from defendant Fairfield Collectibles of Georgia, LLC (Fairfield), a Georgia limited liability company, through the company's website. Thurston alleged Fairfield’s website was not fully accessible by the blind and the visually impaired, in violation of the Unruh Civil Rights Act. The trial court granted Fairfield’s motion to quash service of summons, ruling that California could not obtain personal jurisdiction over Fairfield, because Fairfield did not have sufficient minimum contacts with California. The Court of Appeal reversed, finding the evidence showed that Fairfield made some eight to ten percent of its sales to Californians. "Hence, its website is the equivalent of a physical store in California. Moreover, this case arises out of the operation of that website." The trial court therefore could properly exercise personal jurisdiction over Fairfield. View "Thurston v. Fairfield Collectibles of Georgia, LLC" on Justia Law
Epic Systems Corp. v. Tata Consultancy Services Ltd.
Without permission from Epic, TCS downloaded thousands of documents containing Epic’s confidential information and trade secrets. TCS used some of the information to create a “comparative analysis”—a spreadsheet comparing TCS’s health-record software (Med Mantra) to Epic’s software. TCS’s internal communications show that TCS used this spreadsheet in an attempt to enter the U.S. health-record-software market, steal Epic’s client, and address key gaps in TCS’s own Med Mantra software.Epic sued. A jury ruled in Epic’s favor on all claims, including multiple Wisconsin tort claims. The jury then awarded Epic $140 million in compensatory damages, for the benefit TCS received from using the comparative-analysis spreadsheet; $100 million for the benefit TCS received from using Epic’s other confidential information; and $700 million in punitive damages for TCS’s conduct. The district court upheld the $140 million compensatory award and vacated the $100 million award. It reduced the punitive damages award to $280 million, reflecting Wisconsin’s statutory punitive-damages cap. The Seventh Circuit remanded. There is sufficient evidence for the jury’s $140 million verdict based on TCS’s use of the comparative analysis, but not for the $100 million verdict for uses of “other information.” The jury could punish TCS by imposing punitive damages, but the $280 million punitive damages award is constitutionally excessive. View "Epic Systems Corp. v. Tata Consultancy Services Ltd." on Justia Law
Oracle America, Inc. v. Hewlett Packard Enterprise Co.
Oracle, owner of the proprietary Solaris software operating system, filed suit alleging that HPE improperly accessed, downloaded, copied, and installed Solaris patches on servers not under an Oracle support contract. Oracle asserted direct copyright infringement claims for HPE's direct support customers, and indirect infringement claims for joint HPE-Terix customers. The district court granted summary judgment for HPE.The Ninth Circuit held that the copyright infringement claim is subject to the Copyright Act's three year statute of limitations, which runs separately for each violation. The panel explained that Oracle's constructive knowledge triggered the statute of limitations and Oracle failed to conduct a reasonable investigation into the suspected infringement. The panel also held that the intentional interference with prospective economic advantage claim is barred by California's two year statute of limitations. Therefore, the panel affirmed the district court's partial summary judgment for HPE on the infringement and intentional interference claims. The panel also affirmed in part summary judgment on the indirect infringement claims for patch installations by Terix; reversed summary judgment on all infringement claims for pre-installation conduct and on the direct infringement claims for unauthorized patch installations by HPE; and addressed all other issues in a concurrently filed memorandum opinion. View "Oracle America, Inc. v. Hewlett Packard Enterprise Co." on Justia Law
East Coast Test Prep LLC v. Allnurses.com, Inc.
After unfavorable comments were posted about Test Prep, the company and its owner filed suit against several defendants, including Allnurses and its founder and a user. Test Prep alleged claims sounding in defamation, contract, and fraud, as well as other theories of liability asserting that Allnurses had induced users to post negative comments. The district court granted Allnurses' motion for judgment on the pleadings and dismissed the suit against the user for lack of personal jurisdiction.The court held that Allnurses was immunized under Section 203 of the Communications Decency Act from liability arising from the posts on the message board. The court held that Test Prep failed to plausibly allege that Allnurses was the "information content provider" of the posts at issue. In this case, the sum total of the complaint's factual allegations pleaded no more than a "sheer possibility" that Allnurses was wholly or partly responsible for creating or developing the posts made by the message board users. Furthermore, in the absence of any contractual relationship between Test Prep and Allnurses, there is no basis for the complaint's allegation that Allnurses had certain obligations to Test Prep including to take down defamatory or libelous posts. The court also held that an individual user plaintiff failed to plead facts sufficient to establish a breach of the terms of the service contract; the district court properly granted judgment in favor of Allnurses on the promissory estoppel claim; claims of fraud and claims based on other theories of liability rejected; the district court did not err in granting the user's motion to dismiss for lack of personal jurisdiction; and the district court did not err in granting Test Prep's motion to transfer the case. View "East Coast Test Prep LLC v. Allnurses.com, Inc." on Justia Law