The RIAA Goes After XM Satellite Radio for Copyright Infringement

XM’s introduction of a new service called XM + MP3 that allows its subscribers to listen to XM’s service on a portable player and record up to fifty hours of programming. In addition, the new service and player (called Inno) allows users to isolate and save perfect digital copies of songs for unlimited replay as long as they maintain their XM subscription. The service also allows XM users to create custom playlists which trigger automatic recording and storage of songs on the playlist when broadcast over one of the many XM stations

The Recording Industry Association of America responded by filing suit against XM for “massive wholesale infringement.” The RIAA claims that the new XM service goes far beyond any type of “radio-like” service for which XM is licensed, and is, instead, distributing sound recordings like iTunes and the new Napster.

Under Section 114 of the Copyright Act, XM is entitled, by statute, to publicly perform sound recordings in a radio-like, non interactive service, via satellite radio. Under this statutory license, XM is not required to seek individual permission to use any sound recordings; but it must pay a statutorily prescribed royalty rate for the digital performance of those recordings. In its federal complaint, the RIAA claims that XM has gone beyond the limited license granted it under Section 114 of the Copyright Act, and is now, through the XM+MP3 service, “distributing” sound recordings without its permission. The RIAA likens XM to other digital distributors of sound recordings, such as Apple’s iTunes, Napster, etc.

The XM+MP3 service shares numerous qualities with other subscription services, such as Napster and Yahoo Music. They both allow users to maintain perfect digital copies of particular sound recordings for unlimited replay for as long as they maintain their subscription. There are some differences, however. The major difference according to XM and the Electronic Frontier Foundation, is that the XM+MP3 service involves the recording by a digital audio recording device.

According to XM, the new players and the XM+MP3 service were designed to follow the Audio Home Recording Act, a federal law passed in 1992 in connection with the settlement of a lawsuit brought by the recording industry against Sony’s DAT recorders. Under the Audio Home Recording Act, digital recording devices are legal as long as they incorporate specific security protocols which prevent serial copying, and the manufacturer of the digital recording device pays a royalty of up to $8 per new digital recording machine and 3% of the price of all digital audio tapes or discs. The royalty payments are made to the Copyright Office which then distributes the money to the copyright owners whose music is presumably being copied. The tradeoff for the royalty payments is that consumers could use the digital audio recorder for the non-commercial home taping of music from digital broadcast sources without engaging in copyright infringement.

The Audio Home Recording Act specifically allows for the non-commercial home taping of music from digital broadcast sources. However, that law was meant to provide clarity on an activity consumers have been engaging in ever since audio recording devices were available – recording songs from a radio broadcast. Back in the analogue days, a cassette tape recording of a song from an FM broadcast was a poor substitute for the actual record. The sound quality was extremely poor and always included DJ banter. In addition, taping from an FM broadcast was never a surefire guarantee – one never knew exactly when a particular song would play; ones fingers were never quick enough to catch the song from its first note.

The first digital audio recorders vastly improved on sound quality. They produced recordings that rivaled the originals. If a user was lucky or skilled enough to record a specific song from a digital audio broadcast, there really would be no need to buy the record. This is the reasoning behind the royalty payments required under the Audio Home Recording Act – it’s meant to compensate the artists whose work is being recorded for lost record sales.

Technologically, the XM+MP3 unit, the Inno, is far more advanced than the DAT recorders circa 1992. Most DAT recorders required manual activation in order to record, and could not automatically record like the Immo. In my opinion, it’s these features that case the XM+MP3 service and the Inno to go well beyond merely recording a song from a digital broadcast. The ability of an Inno user to disaggregate recordings into individual songs, and save them for repeated listening, and to create a “wishlist” which automatically compiles the selected tracks, makes the player and service more akin to a tethered subscription service than a DAT recorder. This distinction is important because it goes to how the record labels and artists should be paid. Artists and record labels are paid depending on the way in which a sound recording is used. If it is merely streamed or digitally broadcast, the artists and labels are paid less than if the sound recording is available for permanent download. Here, the XM+MP3 service functions more like iTunes than a radio receiver. While I applaud the Imnn’s technological innovations and think the XM+MP3 service is a great way for consumers to enjoy content, if XM is going to continue to offer this service, it should pay a rate similar to that paid by iTunes and Napster. XM’s service offers a quality not available with the manually activated DAT recorders. A user of the XM + MP3 service is practically certain to capture their chosen song; not so with fingers and a DAT recorder. It’s this certainty that makes the XM +XMP3 service exactly like Apple’s iTune service, and XM should pay accordingly.

Learn a Lesson from Puffy – Don’t Ignore a Cease and Desist Letter

A Federal district court jury in Nashville levied a $4.3 million dollar verdict against Sean Combs’ (Puffy) Bad Boy Entertainment, Bad Boy, LLC and Universal Records/UMG Recordings for infringing copyright owned by Bridgeport Music and Westbound records. The suit resulted from the use of a six second sample from the Ohio Player’s Singing in the Morning used by producer Easy Money in the title track to the Universal released Notorious B.IG.’s 1994 album “Ready to Die.”

At the trial the parties stipulated that the required license had not been obtained from Bridgeport Music/Westbound Records. The issue left for the jury to determine was to calculate the fair market value of the use of the track. The jury awarded $733,878 in actual damages, which represented the fair market value of the use of the track. In addition, the jury awarded $3.5 million in punitive damages, which include a $1 million award against Bad Boy LLC.
The story is not the fact that Combs et al were hit with a very large verdict for copyright infringement. The story is why the jury levied such a significant punitive damage award. Susan Butler, the legal matters reporter for Billboard Magazine, published a story in the April 8, 2006 edition of the magazine which explained the reason behind the damage award.

According to Butler’s story, it was the pre-litigation activities of Combs, et al. that motivated the jury. Apparently between 1998 and 1999 letters were written from Bridgeport’s administrator to various music publishers, Arista records, which at one time had a joint venture with Bad Boy Entertainment, claiming copyright infringement of the Ohio Players’ sample. According to Butler’s story, Arista apparently forwarded the letter it had received to Bad Boy Entertainment care of Bad Boy’s law firm. Further, there was no evidence presented to the jury that Combs et al. responded to any letters or phone calls that Bridgeport’s administrator apparently made prior to filing suit. Although, according to Butler’s story, there was no letter addressed directly to Bad Boy Entertainment, nor was there evidence that Bad Boy or its lawyers had actually received Bridgeport’s letters, the jury took serious issue with Bad Boy’s apparent refusal to address Bridgeport’s concerns.

Butler’s story quoted the jury foreman as stating that Bad Boy et al should have done something prior to Bridgeport filing its lawsuit or taken some action to show “a willingness to attempt at least a settlement.” According to the quotes attributed to the jury foreman in Butler’s article, it appears that Bad Boy could have lessened the amount of the Punitive damage award by responding to Bridgeport’s concerns.

The lesson to be learned here is to take seriously any and all cease and desist letter received. This doesn’t mean that you necessarily have to admit infringement and pay a settlement. According to the jury foreman’s quote in Butler’s story, it would have been significant if Bad Boy responded to Bridgeport’s letter by denying infringement. But ignoring a cease and desist letter and refusing to engage a party making serious and repeated allegations of copyright infringement can be a very perilous tactic.

Your Cell Phone Is A Homing Beacon

Here’s the next step Big Brother is taking toward an Orwellian 1984: Your cellular telephone can pinpoint your location any time it’s turned on. That’s right. Any time your cell phone is turned on and within range of a cellular tower, it is communicating with that tower to broadcast your location. It has to. Otherwise you couldn’t get your incoming calls. Federal law enforcement agencies have figured this out, and if you are someone a federal law enforcement agency is looking for, they are using that to track you.

Here’s how it works: These days, everyone has a cell phone. Since the end of 2005, the Federal Communications Commission has mandated that cell phone service providers must be able to locate 67% of all callers to within 100 meters, and 95% of all callers within 300 meters. Cell phone companies have a variety of ways of doing this. They can triangulate your position by using three cell towers to fix your position. Others have gone one step further, and most new cell phones come with a GPS chip which can be used to pinpoint your position to within a few feet. The cell phone companies record your location data as determined either through triangulation or from the GPS chip, and store it as “historical location” information. An important feature in this equation, however, is the ability of your cell phone service carrier to transmit “real-time” location information (of your cell phone, anyway) to law enforcement at any time. And since “everyone” carries their cell phone, the government has a pretty good chance of tracking you down if they need to. Big Brother is watching.

Now this is not necessarily a bad thing. If you are someone wanted by the FBI or another federal law enforcement agency, maybe the FBI should be able to get information from your cell phone company that would pinpoint your location. In fact, no one is seriously saying that the FBI cannot get access to that information. The real question is rather what showing is required for the government to gain such access. As to historical location information, the Stored Communications Act, 18 U.S.C. ¬ß¬ß 2701 et seq., provides that the government need only demonstrate ‘articulable facts as to why such records are relevant to an ongoing investigation.’ This is a significantly lower showing than the government must make to get a search warrant. For that, it must demonstrate ‘probable cause that the information sought will lead to evidence of a crime.’ The government is asserting that they need only satisfy this same rather lax ‘articulable facts’ standard for getting real-time location information rather than showing probable cause that the information will yield evidence of a crime. The question of required showing by the government has been causing quite a stir in the federal courts recently.

The first court to publish a decision regarding the government’s required showing was the Southern District of New York. On August 25, 2005, Magistrate Judge James Orenstein denied the government’s request for real-time cell site location information. The court had previously granted the government’s request for installation and use of a pen register and trap and trace device, which allowed the government to obtain the numbers which call the phone or are called by it, and the time those calls are made. The pen register and tap and trace device are clearly available by federal statutes, including 18 U.S.C. ¬ß¬ß 2703, 3122, and 3123. But the importance of this decision is that Judge Orenstein denied the site location information that would provide real-time location because the government failed to provide information establishing the probable cause that would be required for a warrant. The judge noted that he had granted similar requests in the past, and quoted Justice Frankfurter: “Wisdom too often never comes, and so one ought not reject it merely because it comes late.

Following Judge Orenstein’s stand, several magistrate judges have been confronted with similar requests for location information derived from cell phone tracking. In fact, a dozen decisions have issued regarding the requested cell site information since that decision. The requests at issue, like the request Judge Orenstein confronted, were not accompanied by affidavits establishing probable cause that evidence of a crime would be discovered. Instead, the government stated that the information would be relevant to an ongoing investigation, thus apparently satisfying the less stringent standard required to get the historical location information. All but two of these decisions have denied the government’s request.

On December 20, 2005, Magistrate Judge Gabriel W. Gorenstein, of the Southern District of New York, became the first to agree with the government’s arguments in a published opinion. While it is a complex issue, the court reasoned that the cell location information sought was covered by the Pen Register Statute, which would provide authority for the order if not for a provision of 47 U.S.C. ¬ß 1002. That section, part of the Communications Assistance for Law Enforcement Act of 1994, provides that information acquired solely pursuant to the authority of pen registers and trap and trace devices shall not include any information that may disclose the physical location of the cell phone customer. Judge Gorenstein found that the information sought was not acquired solely pursuant to the authority of pen registers and trap and trace devices.

Almost every other published case has disagreed with Judge Gorenstein. Only Magistrate Judge Hornsby in Louisiana has agreed with Judge Gorenstein. (A magistrate judge in West Virginia granted the government’s request. It did so, however, after rejecting the government’s arguments about statutory authority for the cell location information and holding instead that the individual in question had no expectation of privacy in the cell phone because the phone in question did not belong to him. It belonged to a friend.)

Almost all of these cases have another similarity. In each case, the magistrate judge issuing the opinion denying the government’s request has invited the government to seek review of the denial so that the magistrate judges will have guidance as they continue to encounter this issue. The government has not yet seen fit to seek review of any of these cases. As the government appears ex parte in each case, and the individual never even knows he is being tracked, there is no one else to seek review. Thus, the government seems willing, and able, to deprive the courts of any higher level guidance of the required showing it must make to receive the cell location information it seeks.

As technology continues to advance, law enforcement naturally looks to find ways to use that technology to improve its efficiency. The concern must be drawing the proper line between efficiency of law enforcement and protecting the privacy of the citizens. It is up to the courts to recognize, as Judge Orenstein did in this case, when that line is approached, and when it is crossed. And when magistrate judges across the country invite the government to seek review of their decisions to provide guidance from higher courts and the government declines all such requests, instead remaining content with the rulings against them, it begins to raise suspicions. If this is a valuable tool for law enforcement to use to protect citizens more efficiently and effectively, and clearly it is, why does the government resist all efforts to establish the limits of the use of that tool? Big Brother?

Tech Companies, Insure You Choose the Correct E&O Policy!

Picking an Errors and Omission policy can be an extremely important undertaking, especially for a technology focused company. When legal costs for defending a complex intellectual property infringement claim can exceed half a million dollars, the right E&O policy can mean the difference between the life and death of a company just starting to find traction in the market place. But more often than not, the decision on what policy to buy is left to an inexperienced company employee who only has a broker’s advice to rely on. This arrangement is probably fine for workers compensation and general commercial liability policies, but non-lawyers and lawyers are not familiar with technology companies and all the issues they encounter are out of their league when it comes to determining which E&O policy shifts the most risk.

There are a variety of possible claims that may trigger E&O coverage. Those claims are:
– Patent infringement – the making, using, offering to sell, or selling in the United States, or importing into the United States a patented invention, without authority form the patent owner; performing a patented process in the United States without permission (35 USC 271);
– Right Of Publicity – the use of another’s name, voice, signature, photograph or likeness in connection with a commercial activity without consent (Cal. Civil Code 3344 and 3344.1)
– Cyber-Squatting – bad faith intent to profit from use of another’s trademark as a domain name and engaged in actionable conduct, such as the registration, trafficking or use of a domain name that is identical or confusingly similar to, or dilutive of the registered trademark of another (15 USC 1125(d))
– Database/Network Security – any breach in the security of a database when that breach results in or could reasonably result in the disclosure by an unauthorized third party of personal information about California residents (Cal. Civil Code 1798.82)
– Copyright Infringement – violation of any of the exclusive rights granted to a copyright holder (see 17 USC 106-121)
– Trademark Infringement – use of a mark in connection with any good/service that is likely to cause consumer confusion as to affiliation, connection, association origin sponsorship or approval (15 USC 1125(a)(1); misrepresentation of the nature, character, qualities or geographic orgin of goods/services (15 USC 1125(a)(2); trademark dilution (15 USC 1125(c)(1)
– Trade Secret Misappropriation – acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means (Cal. Civil Code 2426.1(b)(1); or the disclosure of a trade secret of another without express or implied consent by a person who i) used improper means to acquire the trade secret; ii) or at the time of disclosure or use, knew or had reason to know that his knowledge of the trade secret was either derived from a person who utilized improper means to acquire it, or acquired it under circumstances giving rise to a duty to maintain security or limit use, or derived it from a person who owed a duty to maintain secrecy.

Not every E&O policy is the same; some policies cover a wider variety of claims than others. That is why it is very important for a company to involve their counsel in determining which policy is right for their needs. If a policy seems broad, but specifically excludes coverage for claims that are the most likely to be brought against the company, then the policy provides very little effective coverage and is a waste of money. Having a lawyer involved who understands the company’s business can help avoid uncovered claims.

Policy by policy, the language granting insurance coverage may differ. The insuring language of some policies may appear to cover everything under the sun (” The Company will pay on behalf of the Insured all sums in excess of the Deductible which the Insured shall become legally obligated to pay as Damages and Claims Expenses resulting from a Claim…”), while other policies are very specific about the coverage granted (“We will pay on your behalf money in excess of the Retention that you legally have to pay as a claim expense and damages because of a covered claim caused by a blip in your connected services”). Either way, the policy will also contain exclusions – or claims that are not covered – which narrow the coverage offered by the policy.

Even within the technology sector, different businesses will need different types of coverage. For example, a software company that makes and sells a CRM (Customer Relations Management) application will likely focus on securing robust IP coverage – patent, copyright, trademark and trade secret coverage. If a component of the application involves storage of user information on the company’s network, or if it sells its CRM application directly to consumers over the Internet, the company will also want to make sure that the policy provides good security perils coverage. If the company’s business involves the distribution of content, for example a news and social information portal, then the company will want to make sure that its E&O policy provides protection for invasion of privacy and defamation claims, as well as IP and security perils.

There are other elements of a good E&O policy than just covering the defense of a potential claim. California’s new database security laws requires notice to the public in the event of a breach in the security of a database that results in the unauthorized disclosure of personal information. If the compromised database is large, the notification costs can be costly. Certain E&O policies will provide coverage for this expense. Also, an E&O policy with robust securities perils coverage can also provide coverage for expenses related to denial of service attacks or computer viruses emanating from the covered company’s server.

E&O insurance is extremely expensive – One Million dollars of coverage can cost a company between twenty and thirty thousand dollars. It just makes sense for a company to be sure that its spending its money wisely and getting value for its premiums.

The Attorney General’s Google Search Comes Up Empty – So Far…Is Your Online Privacy At Stake?

It was just a simple discovery tool, used by the Department of Justice in defense of a lawsuit brought by the American Civil Liberties Union. It hasn’t gotten much attention. In fact, for several months, it got no attention at all. But it’s starting to. So, what is “it?”

On August 25, 2005, Alberto Gonzales, U.S. Attorney General, issued a subpoena to Google, Inc., the online search engine used by millions every day to navigate the Internet. In this subpoena, the Attorney General demanded that Google, who was not a party in the case, produce “1. All URL’s that are available to be located through a query on your company’s search engine as of July 31, 2005,” and “2. All queries that have been entered on your company’s search engine between June 1, 2005, and July 31, 2005.” In essence, the Department of Justice was asking Google to produce the Internet, and a list of all searches on the Internet for two months.

The demand comes at a time when the issue of privacy and governmental intrusion is becoming a concern to more and more citizens. The U.S. Patriot Act, a controversial law granting the government significant investigative power, is up for renewal. This Act has many opponents in the government and in the private sector due to the intrusive nature of the powers it affords to federal law enforcement agencies. The government is also coming under considerable fire for the widely-reported wiretaps it used to fight terrorism.

This subpoena is not being used to fight terrorism. The purpose for this subpoena is to defend the constitutionality of the Child Online Protection Act-a law that requires commercial Web sites to shield minors from materials that may be harmful to them or face potential criminal penalties including prison. As stated in the declaration of government expert Dr. Philip Stark, Professor of Statistics at the University of California at Berkeley, “reviewing URL’s available through search engines will help [the government] understand what sites users can find using search engines, to estimate the prevalence of harmful-to-minors (HTM) materials among such sites, to characterize those sites, and to measure the effectiveness of content filters in screening HTM materials from those sites.” Further, “reviewing user queries to search engines will help [the government] understand the search behavior of current web users, to estimate how often web users encounter HTM materials through searches, and to measure the effectiveness of filters in screening those materials.” This information, the government says, would assist its “efforts to understand the behavior of current web users, to estimate how often web users encounter harmful-to-minors material in the course of their searches, and to measure the effectiveness of filtering software in screening that material.”

Not surprisingly, Google objected to the demand, claiming the demand was too broad, burdensome, and intrusive. The Department of Justice and Google worked toward a compromise regarding the subpoena. The Department agreed to limit its request to only one million random URL’s and a random sampling of one million search queries submitted to Google on any given day. However, Google still objected to the demand, and refused to comply with the subpoena. According to Google, complying with the demand would require it to divulge important trade secrets, and would require divulging information about the individuals that use its service, and even potentially revealing personal identifying information about its users.

This dispute went largely unnoticed by the public until January 18, 2006, when the Attorney General filed a motion to compel compliance with the subpoena in a federal court in San Jose. The motion to compel states that “after lengthy negotiations, the Government has narrowed this request to seek the production of an electronic file containing ‘the text of each search string entered onto Google’s search engine over a one week period (absent any information identifying the person who entered such query.)'”

Filing this public motion got some attention. The story was reported in the major newspapers and on online news sites when the motion was filed. Privacy groups, such as the World Privacy Forum and the Electronic Privacy Information Center are rallying behind Google’s stance resisting the subpoena. Many of these organizations are filing amicus briefs with the court. Not to be left out, Congress is also becoming involved. Sen. Patrick Leahy sent the Attorney General a request for information regarding the subpoena, including the potential for production of personal identifying information and any safeguards to prevent such production. Representative Ed Markey said he intends to introduce legislation to curb records retained by Web sites.

It will be interesting to watch this dispute play out. Google’s response to the motion is due on February 17, 2006, and the government’s reply is due on February 24th. Amicus briefs are also due February 24th, and the hearing on this motion has been moved to March 13th.

Lost in this dispute is the fact that the subpoena to Google was only one of the subpoenas issued by the Attorney General. America Online, Microsoft Network, and Yahoo apparently did not challenge the subpoenas. Have you used any of these search engines lately? Do you remember what search strings you used?

Intend To Infringe = Go To Jail

Intend to infringe – go to jail. That’s what the United States Attorney General proposed at a recent anti-piracy summit hosted by the U.S. Chamber of Commerce. United States attorney general Alberto Gonzales said the Department of Justice recently submitted to Congress the Intellectual Property Protection Act of 2005 aimed at toughening up intellectual-property enforcement.

Under current law, criminal copyright liability is applicable where a person infringes a copyright willfully, either for purposes of commercial advantage or private financial gain, or where that person reproduces or distributes by any means, one or more works with a total retail value of over $1,000 during any 180-day period. Willfulness has been held to mean that the defendant’s act was a voluntary, intentional violation of a known legal duty. As such, where the defendant raises bona fide issues concerning fair use or a lack of substantial similarity, while infringement may be found, the defendant may lack the required scienter for criminal liability.

The new bill would increase the scope of criminal copyright liability to include conduct that comprises an “intent to infringe” a copyright. The way in which the proposed language reads, the willful element would also apply to intent to infringe liability.

In Gonzales’ speech at the U.S. Chamber of Commerce’s Anti-counterfeiting Summit, he praised the proposed bill as toughening penalties for repeat criminal copyright offenders and overall strengthening copyright protection. “We also propose to strengthen restitution provisions for victim companies and rights holders, in order to provide maximum protection for those who suffer most from these crimes. And we propose to make clear that exporting infringing goods is the same as importing them…and should be punished accordingly” Gonzales said. Every member of the global economy has a responsibility to keep counterfeit goods out of the global market.”

The proposed legislation also expands the scope and breadth of property that is subject to forfeiture and destruction. Under the current law, the court has the discretion of ordering the forfeiture and destruction of certain infringing works. The proposed legislation appears to take away the court’s discretion in ordering forfeiture and now mandates forfeiture of those same infringing works. In addition, the new law appears to require the forfeiture of “any property constituting or derived from any proceeds obtained directly or indirectly” for the criminal copyright infringement, as well as “any property used, or intended to be used, in any manner or part, to commit or facilitate the commission of a violation” including “electronic, mechanical, or other devices for manufacturing, reproducing, or assembling such copies”. In addition, the proposed law would require convicted criminal infringers to pay restitution to the copyright owner as well as “any other victim of the offense.”

The bill would also modify the requirement that a copyright holder file a copyright application prior to the institution of criminal action for infringement. Under current law, section 411 of the Copyright Act requires a copyright registration as a prerequisite for any type of infringement action, be it civil or criminal. The new law would allow the DOJ to prosecute criminal infringers without the copyright owner first having to register the work.

In his speech, Attorney General Gonzales argued that the DOJ has a “responsibility to vigorously enforce IP laws – and develop a culture of respect for IP rights – in order to harness America’s creative energy and ingenuity for the future of our economy.” “While these crimes may appear harmless to some,” Gonzales continued, “they actually have a measurable impact on our entire economy – and they undermine the values of competition and creativity that are important to our way of life.”

The Grokster Decision- What Does It Really Mean?

On June 27, 2005, the United States Supreme Court handed down its decision in MGM v. Grokster.#160 That case involved an appeal from the Ninth Circuit by MGM, various record labels and other content owners of an adverse decision in their attempt to hold Grokster and other peer-to-peer network companies liable for copyright infringement.#160 MGM and the other content owners had initially filed a lawsuit against Grokster and other peer-to-peer network technology companies to hold them liable for damages resulting from their supplying the technology that enabled users to trade online copyrighted works.#160 The Ninth Circuit, upholding the District Court’s finding, held that the technology companies could not be held either vicariously liable or liable for contributory copyright infringement.#160 In coming to its conclusion, the Ninth Circuit interpreted the Sony v. Betamax case in holding that the distribution of a commercial product capable of substantial noninfringing uses could not give rise to contributory liability for infringement unless the distributor had actual knowledge of specific instances of infringement and failed to act on that knowledge.#160 Because the Ninth Circuit found the technology company’s software to be capable of substantial noninfringing uses and because respondents had no actual knowledge of infringement resulting from the software’s decentralized architecture, the court held that they were not liable.#160 (The architecture of the defendant’s file trading network is an open network.#160 That is, it does not have a central server like the old Napster network but rather uses nodes and supernodes; computer systems that are owned by users of the software and have no relationship to the defendants.)#160 The Ninth Circuit also held that the defendants did not materially contribute to their user’s infringement because the users themselves searched for, retrieved and stored the infringing files, with no involvement by respondents beyond providing the software in the first place.#160 Finally, the court held that the defendants could not be held liable under a vicarious infringement theory because the defendants did not monitor or control the software use and had no agreed upon right or current ability to supervise its use and had no independent duty to police infringement

The Supreme Court stated that the Ninth Circuit read the Sony case too broadly.#160 Instead, the Supreme Court stated that the test for contributory or vicarious liability revolves around the intent of the defendant, namely did the defendant distribute its device with the object of promoting the devices used to infringe the copyrighted works of third parties, as shown by clear expression on other affirmative steps taken to foster infringement.#160 If the defendant goes beyond mere distribution with the knowledge of third party action, the distributor is liable for the resulting acts of an infringement by third parties using the devices, regardless of the devices lawful uses.

What will this decision really do in the way of advancing the entertainment industry’s fight against illegal file trading, and how does this affect the growth of new technology?#160 Numerous pundits claim to have the answer.#160 However, human nature being what it is, I fail to see how anyone can predict the long term ratifications of this decision.#160 As a practical matter I believe that if a company creates a product with the primary intent that it be used for an illegal purpose, the company should be held liable.#160 If Grokster and the other defendants built a business model that depended on and encouraged users to engage in illegal file trading, then they should be held liable.#160

Representing record labels, television production companies, and other content owners, I understand how piracy affects their bottom line.#160 However, if illegal activity is an incidental byproduct to an otherwise productive and beneficial technology that is a cost of societal advancement that content owners have to bear.#160

The problem with the Grokster decision is how does one establish a company’s principal intent?#160 Unfortunately, unless the Company makes an express statement the only way is through litigation.#160 While I don’t think that the Grokster decision is death knell for new technology as some pundits declare, I do see how, as a result of this decision litigation can be used to slow or quash the growth of new technology.#160 This is a real possibility; especially when we are dealing with the entertainment industry.#160 I have found that some entertainment industry companies are reluctant to venture outside of their known safety zone.#160 They’re reticent to try new things that challenge or disrupt their existing business model.#160 From a business perspective, I can understand this.#160 Nobody likes to have their bottom line affected.#160 However, technological growth depends on innovative people pushing boundaries.#160 I would hate to see the Grokster decision slow technological advances that can, in the long run, be beneficial to all of us.

New Laws Attempt To Regulate The Internet

Download: New Laws Attempt to Regulate the Internet.pdf

Article first appeared in the March / April 2004 issue of Sacramento Lawyer, the bi-monthly publication of the Sacramento County Bar Association.

Last year the Internet was front and center in a number of controversies and new legislation. Aside from the music and movie industries continuing struggle and court battles over content piracy, 2003 saw significant legislative activity in areas dealing with the Internet. California’s legislators spent a significant amount of time on Internet related legislation, including crafting extremely strong anti-spam laws (SB 186) only to have it preempted by a weaker federal act. What follows below is a wrap up of the more relevant Internet legislation, federal and state, passed last year.

The Federal CANSPAM Act
In the early days of December, 2003, the United States Congress enacted the Controlling the Assault of Non Solicited Pornography and Marketing Act of 2003, also known as the CANSPAM Act of 2003. Supporters of this act call it tough; it has substantial criminal penalties and fines for spammers. The chief co-sponsor of the Act, Senator Charles Schumer (D-New York), is quoted as saying: “With this bill, Congress is saying that if you are a spammer you can wind up in the slammer.” However, critics of the Act, which went into effect on January 1, 2004, complain that it does not go far enough and is not as tough as its supporters would like the general public to believe.

CANSPAM prohibits specific conduct related to electronic mail. Specifically, the Act prohibits the use of false headers, using false information to register five or more email accounts, and intentionally initiating multiple commercial email messages from any combination of these accounts; engaging in email address harvesting and “dictionary attacks”; using scripts or automated programs to register multiple electronic mail accounts for the purpose of transmitting commercial electronic mail messages; and relaying or retransmitting commercial electronic mail messages through a computer network which the person does not have access rights, as well as other tricks of the spam trade. The Act provides for substantial monetary fines and penalties as well as jail time up to five years. In addition, the Act provides for forfeiture of all property traceable to the gross proceeds obtained from the offenses, and any equipment or other technology used in committing the offenses.

The Act also requires the senders of sexually oriented material to place a warning label on commercial electronic mail that contains sexually oriented material. However, if the recipient of these messages has already provided his or her affirmative consent to continue to receive these messages, no warning label is required.

While the imposition of civil fines, forfeiture and jail time make the Act sound rather ominous, critics still complain it will not stem the flow of spam. Critics say the problem is that the new law lacks an opt-in mechanism. This, critics say, will allow spammers to continue to send unwanted spam, despite the Act’s harsh criminal and civil penalties, as long as the message contains an opt-out mechanism and a functioning return email address. Because the new federal law preempts state law that specifically regulates commercial email messages, provisions like California’s law, which requires express consent or a prior commercial relationship, will not apply.

The new federal law places enforcement with the Federal Trade Commission and allows civil actions by the various state Attorney General Offices. The Act also allows a limited private cause of action by internet access service providers. However, unlike California’s law, the new federal law does not provide a private cause of action by consumers. Still, most commentators believe that California consumers will be able to pursue a remedy under California’s unfair competition laws. (Bus. & Prof. Code, 17200.)

The preemption provision does leave some exceptions. The Act only supersedes state law that “expressly regulates the use of electronic mail to send commercial messages except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.” In addition it appears that states may still have the right to pursue claims that may arise in spamming situations, such as state trespass laws, breach of terms of service or use contracts, and actions under the Computer Fraud and Abuse Act.

On an international level, the new federal act places the United States at odds with Europe and its spamming legislation. In Europe, for the most part, spam is per se illegal. Ninety percent of Europe’s spam originates in the United States where spamming, after January 1, 2004, will be allowed. This is bound to cause tension between the United States and Europe as the two nations continue to attempt to harmonize intellectual property laws.

Outspoken critics of spam lament that the new federal law will do absolutely nothing to stem the growing tide of unwanted commercial email. Some critics note that spammers are deceptive by nature and, despite the new law, would not hesitate to use false or misleading email headers. In addition, the Act will do nothing to prevent serious spammers from opening up accounts in Bermuda or South Africa and continue to bombard the United States with spam from off shore.

Companies Now Required To Disclose Breaches Of Database Security
On July 1, 2003, a new law began requiring businesses to disclose to California residents any breach in the security of their databases when that breach results in or could reasonably result in the disclosure or acquisition by an unauthorized third party of personal information about California residents. This also applies to companies that maintain computerized data for others.

California Civil Code section 1798.82 applies to companies located both within and outside of California. While the new law was implemented as a measure to combat the increasing incidents of identity theft, it will also have sweeping implications for a wide range of businesses. While companies that encrypt all personal data will be exempt from the new law’s disclosure requirements, those that do not must begin to comply with the law or face penalties prescribed in the statute.

The new Civil Code section 1798.82 revolves around the unintended disclosure or acquisition of “personal information” due to a breach in the security of a computer database. The statute provides: “Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” The section also provides that “Any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”

A breach of the security of the system occurs when there is an unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. The good faith acquisition of personal information by an employee or agent of the owner of the system for business purposes is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure.

The type of personal information which triggers the disclosure requirement includes an individual’s first name or first initial and last name in combination with any one or more of the following:

(1) Social security number.

(2) Driver’s license number or California Identification Card number.

(3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Not included in the definition of “personal information” is publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Upon discovery of a breach in the security of a business database, the business must notify California residents of the breach in “the most expedient time possible and without unreasonable delay.” Business may make these notifications through written notice. A business may also make these notices electronically, as long as the notice provided is consistent with the provisions regarding electronic records and signatures as provided in the Electronic Signatures in Global and National Commerce Act.

If the business required to provide notice to Californians regarding the breach of security can demonstrate that the cost of providing notice would exceed $250,000, or that the business must send out more than 500,000 notices, or that the business does not have sufficient contact information the business may provide substitute notice through e-mail notice, posting the notice on the businesses web site, and notification to major statewide media.

The new law applies to companies that conduct business in California, regardless of whether they are located physically within the state. The statute gives no guidance on the circumstances when a company is conducting business in California, and therefore subject to the provisions of the statute. This lack of guidance makes it extremely difficult for companies not domiciled in California to determine whether they must comply.

If an out of state company is subject to the provisions of the statute and does not know it, that company could be in for a rude awakening. The statute authorizes any customer injured by a violation of the statute to recover damages.

If they haven’t already done so, companies should take steps to comply with the new law. Companies should establish internal policies and protocols that would be implemented when a breach which would require notice under the statute is discovered. In doing so, the company should implement a means to retain all records dealing with the discovery of the security breach and subsequent notification if it is later challenged in a civil suit.

California Adopts An Online Privacy Policy
The California Online Privacy Protection Act of 2003, which goes into effect on July 1, 2004, requires the operator of a commercial website to maintain a privacy policy that meets certain requirements. The privacy policy must specifically provide the following information: 1) it must clearly identify the categories of personal user information (i.e., first and last name, street address, e-mail address, telephone number, Social Security number and any other information that would enable the user to be contacted either online or offline) collected through the website; 2) it must provide a description of the process by which a user can review and request changes to any personal user information; 3) it must explain how the operator will notify consumers of changes to the privacy policy; and 4) and it must provide the effective date of the privacy policy. The Act requires the commercial operator to “conspicuously post” such a privacy policy.

To be conspicuously posted, the privacy policy must either be posted on the home page or there must be an iconic or text hyperlink on homepage or the first significant page that links to privacy policy. The icon or text hyperlink must contain the word “privacy” and must be in a color an/or size which contrasts with the background and surrounding text.

The reach of the Act is longer than most might think. The new privacy policy requirements apply to operators of commercial websites or online services that collect personally identifiable information through a website from individual consumers who live in California, regardless where the website operator resides.

Scott Hervey is a shareholder with Weintraub Genshlea Chediak.

This article is the copyrighted property of the Sacramento County Bar Association and Sacramento Lawyer has given Weintraub Genshlea Chediak permission to publish this article in its entirety.

What’s the Big Deal About Copyright?

Sacramento News & Review
November 14, 2002

Sometime a musician will ask me, what’s the big deal about Copyright and why should I care about it? Shouldn’t I just focus on my music rather than worrying about all of this legal mumbo jumbo? Usually I respond by reminding the musician that the second word in music business is “business” and if they are serious about making the most out of their career, they should have a basis understanding of the area of law which governs the medium through which they express themselves. If that doesn’t work, I tell them that if they don’t have a decent understanding of Copyright law and its affect on how they get paid, they are bound to get the short end of the stick on many a deal. That usually catches their attention.

The Basics

Under the Copyright Act, copyright protection arises when an original work of authorship is fixed in any tangible medium. Ok, what does this all mean?

Only “Original” Works Qualify For Copyright Protection
The “originality” element for copyright requires only that the work was independently created by the author and that the work possesses at least a minimal degree of creativity. Selection, coordination and arrangement are elements of creativity.

What Constitutes A “Work Of Authorship”
Copyrightable works are books, musical compositions, multimedia works, original art, dramatic productions (including any associated music), motion pictures and other audiovisual works, computer programs, computer databases, Web pages and any other original expression that is fixed in some tangible medium.

In the music industry, the list of what comprises a work of authorship includes a “sound recording” and the composition. It is important that artists understand the distinction between the two, because they are treated very differently under the Copyright Act and in recording contracts. A sound recording is defined in the Copyright Act as works that result from the fixation of a series of musical, spoken or other sounds, regardless of the nature of the object in which the work is embodied. This means that every time an artist goes into the studio and lay down a track, a sound recording is created. And, when the artist or his producer puts all of these tracks together into a finished master, this is also a sound recording. The underlying composition, simply put, are the lyrics and composition that are recorded on the sound recording.

Fixed In Any Tangible Medium
The work of authorship must be fixed in a tangible medium of expression that may be perceived, reproduced, or communicated either directly or with the aid of a machine or device. A work is not fixed unless its embodiment in tangible form is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than a transitory duration. The understanding of a tangible medium is simple when it is a writing fixed upon the pages of a book, a painting fixed on a canvas, or a computer program fixed upon a compact disc. The mediums of paper, a canvas or a compact disc are obviously stable and non-transient.

Who is the Owner of a Copyright

Initial Ownership
Ownership vests initially in the author or authors of a work. Usually only the author, or those who derive the rights from the author, can claim copyright protection. Generally, the author is the person who physically creates the work. However, there are some exceptions to this rule: the work for hire doctrine, collective works and joint works.

Works For Hire
Employers are held to own the works of employees who prepare works within the scope of their employment, unless an agreement states otherwise.

The Act defines a “work made for hire” as:

1. A work prepared by an employee prepared within the scope of his or her employment; or

2. A work specially ordered or commissioned for use in at least one of certain enumerated way provided that the parties expressly agree in a written instrument signed by them that the work constitutes a “work made for hire.”

The work for hire doctrine addresses copyright ownership in a work created by an employee or a work commissioned from an independent contractor or other party. Under the work for hire doctrine, the employer enjoys the copyright ownership in the prepared work of an employee. However, an employer who hires an independent contractor does not automatically own an exclusive right in any work created by the independent contractor. To obtain the exclusive rights to the copyrightable work created by an independent contractor, the work must be one of a specific type of work. It must be either a work specially ordered or commissioned for use as a contribution to a collective work, as a part of a motion picture or other audiovisual work, as a translation, as a supplementary work, as a compilation, as an instructional text, as a test, as answer material for a test, or as an atlas. Secondly, there must be a written agreement between the parties which specifically states that the work is a work made for hire. Another way for an employer to obtain the exclusive rights to a copyrightable work created by an independent contractor would be through an assignment.

The work made for hire issue has large implications in the music industry because of the fact that contract musicians and record producers can be considered authors of the sound recording. Therefore, unless an artists wants a contract musician or producer to enjoy separate but equal ownership rights in the sound recording, the agreement employing these individuals should be in writing and should contain a clause which states that the work created by them is considered a “work made for hire.” The agreement should also contain a “back-up” clause which states that in the event the work is not considered a work made for hire, the independent contractor assigns all right, title and interest in the work to the party employing them.

Joint Works
A joint work is where there is more than one author to a copyrightable work. Under a joint work, both authors own the copyrights to that work equally. Each co-author of a joint work has an independent right to use or license the copyright, subject to a duty of accounting to the other co-author. A joint owner cannot be liable to a co-owner for a copyright infringement.

Community Property and Authorship
A non-author spouse in a community property state such as California may have a community property interest in the owner-spouse’s work(s). In one case the court held that under California’s community property law a copyright can be transferred by operation of law from the owner-spouse to the marital community.

As a Copyright Owner, What Rights Do I Have
The copyright owner owns, subject to certain exceptions and limitations, exclusive rights to the copyrighted material. The copyright owner has the exclusive right to the following:

1. To reproduce the copyrighted work; and

2. To prepare derivative works based on the copyrighted works;

3. To distribute copies of the copyrighted work to the public by sale or other transfer or ownership or by rental, lease or lending;

4. In the case of literary, musical, dramatic and choreographic works, pantomimes and motion pictures and other audio-visual works, to perform the copyright publicly;

5. In the case of literary, musical, dramatic and choreographic works, pantomimes and pictorial, graphic or sculptural works, including the individual images of motion pictures or other audio-visual works, to display the copyright publicly; and

6. In the case of sound recordings, to perform the copyright work publicly by means of digital audio transmission.

The Copyright Act also provides for specific rights to authors of works of visual art which are usually referred to as rights of attribution and integrity. While these rights aren’t applicable to musical works, it is not uncommon for musical performers to dabble (and in some cases become extremely talented) in painting or sculpture (John Lennon, Tony Bennett, etc.) Thus, a brief discussion is in order.

A author of a work of visual art is entitled to claim authorship of his work and also prevent the use of his name on works he did not create. The author also has a limited right to prevent modification or destruction of his work and is also entitled to prevent the use of his name on work that has been distorted to a certain degree. All of these rights can be modified or waived in their entirety by the artist if the artist so agrees in a written agreement

Limitations on Exclusive Rights
There are a number of limitations on the exclusive rights of copyright owners. These limitations effectively carve away at a copyright owner’s right to prevent others from exercising one or more of the exclusive rights reserved for copyright owners. A number of these affect the music industry and owners of a copyright inn either sound recordings or compositions.

The owner of the copyright in a sound recording is limited to the rights in 1, 2,3, and 6 above. The copyright owner of a sound recording does not enjoy the exclusive right of public performance. That right is exclusive to the owner of the copyright in the composition. The sound recording copyright owner does have the right to control the creation of derivative works in which the actual sounds fixed in the sound recording are rearranged, remixed or otherwise altered in sequence or quality. (This expressly covers sampling.) However, this would not include creating an independent sound recording which imitates the or simulates the music in the sound recording. (The owner of the copyright in the composition enjoys this right.)

What About All This License Stuff

When third party wants to exercise one of the exclusive rights reserved for a copyright owner, and there is no applicable limitation, this third party has to, essentially, ask permission. In the music industry, a musician asks permission to use other band’s music by obtaining a license. The type of license needed depends on how the musician intend to use the music. If the musician plans to re-record another band’s music then he must obtain what is called a mechanical license. But if the musician plans to perform the other band’s music at clubs, concerts, etc., then the musician needs to obtain what I like to call a performance license (it is really just called a license, but I like to call it a performance license to stress the difference between that and a mechanical license).

Obtaining a mechanical license is not a very daunting task. Because United State’s Copyright laws required that once a copyright owner has recorded and distributed a work (i.e., a song) to the U.S. public or has permitted another to do so, the copyright owner is required to grant a license (called a compulsory license) to another else who wants to record and distribute the song. A compulsory license is not free. The U.S. Copyright act provides for the compulsory license only upon payment of a licenses fee (called the statutory compulsory rate). Currently the rate is 8 cents per song for songs five minutes or less, or 1.55 cents per minute for all songs over 5 minutes.

If a musician wants to obtain a mechanical license, the first place to start is the Harry Fox Agency. ( The Harry Fox Agency represents publishers by licensing their work and collecting royalties on their behalf. The Harry Fox Agency web site provides a wealth of information and can even process applications for mechanical licenses if Harry Fox represents the artist whose work the musician wants to use.

If Harry Fox does not represent the artist who owns the work the musician wants to use, the musician should contact the artist directly to arrange for a license. If Harry Fox does not represent the artist and the musician either can’t get in touch with the artist or the artist refuses to grant a license the musician may still be able to obtain a “compulsory license” from the Copyright Office.

First, a compulsory license can only be obtained from the Copyright Office if the primary purpose is to make a “phonorecord” (statutorily defined as “material objects in which sounds, other than those accompanying a motion picture or other audio visual work are fixed”) for distribution to the public. A compulsory license will allow the musician to create a new musical arrangement of the work. However, such a new arrangement can not change the basic melody or fundamental character of the work.

The process of obtaining a compulsory license can be rather straight forward or complex, depending on a variety of factors.

Obtaining a performance license can be just as simple (or complex) as obtaining the mechanical license. There are a number of different agencies (called performing rights agencies) that license these performance licenses: BMI (, ASCAP ( and SESAC ( Because the performance rights these organizations license vary (live performances, radio play, television, cable, Internet, bars, restaurants, hotels, shopping centers, etc) the rates charged will also vary. The license will have to be obtained from the agency that represents the artist who owns the work to be performed. The website for all three agencies allows users to search the list of artist each society represents.

Copyright Infringement and Remedies

Infringement Basic Definition
Anyone who violates the exclusive rights of the copyright owner is an infringer. However, the copyright owner must have an issued registration in hand prior to filing suit in federal court for copyright infringement. This is one reason why copyright registration is very important. Other reasons to register a copyright include: (a) the registration provides an official record of ownership and provides constructive notice to the public of the facts stated in the registration certificate; (b) if registration occurs within five years of first publication, this is prima facie evidence of the validity of the copyright and the information stated in the certificate; and (c) registration is required in order to be able to recover statutory damages (which requires no proof of actual damages) and attorney’s fees.

Copyright Registration
Registration is permissive and may be done at anytime during the life of a copyright. Registration is done with the US Copyright Office.

Application For Registration
Applications to the US Copyright Office for copyright registration require that a form be filled out that is appropriate to the type of work being registered. The forms appropriate to each work which the practitioner will most likely encounter are the following: 1) Form TX for textual works, such as books, transcripts, instruction manuals, computer programs, poems, documentation, essays and articles; 2) Form VA for visual arts works such as paintings, drawings, graphical works, photographs or sculptures; 3) Form SR for sound recordings such as tapes, records, and CDS; 4) Form SE for registering newspapers, serials, periodicals and magazines; 5) Form PA for performing arts works, including dramatic works, audiovisual works (movies, audio tapes) and multi-media products; 6) Form CA is used to supplement registrations, such as to correct errors in a prior registration and 7) Form MW is used to register computer chip designs know as “mask” works. These forms and others, as well as instructions for filling them out can be found on the Copyright Office website at After the form is filled out, the applicant must pay the filing fee listed on the form and submit two complete deposit copies of the published work as specimens of the work being registered. Unpublished works require that one deposit copy be submitted. Most registrations issue within 6-12 months of filing the application, and are accorded a date of issuance the same as the given initial filing date of the application form.

Scott Hervey is an entertainment lawyer with Weintraub Genshlea Chediak in Sacramento. He can be reached at 916-558-6065 or [email protected].

This article is the copyrighted property of the Sacramento News and Review and they have given Weintraub Genshlea Chediak permission to publish this article in its entirety.