It turns out that this question is not at all straightforward to answer. Cyberlaw has been described as the law of the Internet, computer law, e-commerce law and any number of variations. The problem is that none of these generic descriptions are very helpful—that is, they do not inform. The following represents an attempt at a description that, while longer and completely lacking a “catchy phrase,” will hopefully be more useful with respect to identifying a legal issue that you might be facing, or one that you hope to avoid. It will also set the tone for what you can expect to find throughout our site, that is, information regarding various aspects of cyberlaw that will help you from a practical perspective.
Cyberlaw encompasses an assortment of legal doctrines that mostly predate the Internet (but have unique nuanced applications because of it) as well as set of laws that target it directly. These categories are further explored in other areas of the site. Click on the associated links for more information. We prefer to use the term “digital law”—not because it provides more clarity, but simply because it encompasses more than “cyberlaw.” The latter term’s usage is often constrained to the law governing electronic communications (i.e. the Internet), which is a subset of “digital law.” Keep in mind that what follows is not an exhaustive list, simply an introduction to some of the legal issues that we help clients with.
This doctrine protects expressions that are manifested in a fixed and tangible medium. In the United States it is controlled predominantly by federal law (via the 1976 Copyright Act and the U.S. Constitution) and internationally (via the Berne Convention). The author acquires a set of exclusive enforceable rights including: 1) the right to make copies; 2) the right to distribute; 3) the right to make derivative works; and 4) the right to public performance.
There are now few formalities attached to obtaining a copyright. However, in the U.S. registration is required if the author wants to bring an infringement suit. Copyright is the cyberlaw workhorse of the Internet. Copyright attaches to websites, photos, videos, blogs, music, books and a myriad of other artifacts of expression captured in a fixed medium. Almost any imaginable use of the Internet as a medium will expose an individual or organization to copyright implications, either as a user or creator of content.
The essence of a trademark is that it serves to identify the source or origin of a product or service. It is distinctively “commerce related” in the sense that the identification function works on behalf of existing/potential consumers. The principal function of a trademark therefore is to prevent marketplace confusion or conversely to enhance marketplace clarity. Marks are almost always used as part of online branding strategies and therefore also serve an important marketing role, however, it is the identification function that primarily drives a mark's legal status.
Trademarks are usually comprised of a word, phrase, logo, symbol, design, image, or a combination of these elements. Trademarks must be registered in order to bring an infringement suit outside of a particular geography. Registration, although not required, is highly recommended for a number of reasons (e.g. the acquisition of exclusive rights).
Unlike copyright, trademarks require use in the marketplace in order to trigger rights and are controlled via both federal and state law in the U.S. (and internationally through various treaties). Trademarks are everywhere on the Internet and often result in legal disputes (see Domain Disputes below).
Domain disputes are often related to Trademark infringement issues, either via the illegal use in metatags or advertising, or in similarly confusing ways, intentional or not. However, domain disputes can, and often do, arise in different contexts completely unrelated to Trademark doctrine. For example, because of their low cost, many domain names are bought by individuals (as individuals) and subsequently used by organizations. When business relationships sour, the issue of who “owns” the domain name (i.e. who is entitled to use the license) can be problematic, and costly. The owner can readily redirect traffic to a competing site or to nowhere at all.
Both corporations and individuals that “run” websites need to have a current inventory of the domains they “own”—who they are registered to, when the registrations expire, the terms under which they are renewed (e.g. manual or automatic) and other domain related information. Many domain registrars contain tools that allow such tracking; however, there are hundreds (if not thousands) of registrars, and tracking “ownership” across multiple registrars (if more than one was used) can be quite complex, indeed.
This begs the question, who has organizational responsibility for the Internet’s domain name system? The Internet Corporation for Assigned Names and Numbers (ICANN) plays an important role. ICANN is a private -public partnership. It is an internationally organized non-profit with responsibility for the Internet Protocol (IP) address space allocation, both for the generic and country code top-level domain name system and for root- server system management functions. ICANN also performs an important role in the accreditation of registrars.
While it might not be obvious that contracts are ubiquitous in cyberspace, a close inspection tells a different story. As a general rule, whenever you download software there is contract/license agreement in play. Whenever you signup with a hosting provider or a blogging platform, a contract is in play. If you sign an agreement with a consulting company to develop your website, a contract is in play. If you sign an affiliate marketing agreement, a contract is in play. In short, contracts are everywhere in cyberspace. They are as foundational to an online business as they are to business in general.
In addition, our contracts practice encompasses technology related contracts that are not directly related to cyberspace per se. An example might be a contract for the development of custom software to run internal banking operations or for robotics software used on the factory floor. Another example might be a VOIP contract with your private network provider. Furthermore, cyberspace and other technology considerations, have ramifications vis-à-vis employee related contracts as discussed below.
Patents encompass a set of exclusive rights, granted by a sovereign for a fixed period of time, in exchange for a rigorous and detailed disclosure. A patent is granted to an inventor who invents or discovers any new and useful process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof. In general (i.e. both nationally and internationally) an invention, in order to qualify as a patent, must be: (1) new, (2) useful, and (3) non-obvious.
Patents are enforced through civil suits (in federal courts in the U.S.). This is generally an expensive proposition, but one that is often quite profitable if the plaintiff prevails. Two types of patents predominate on the Internet: (1) software patents and (2) business method patents. Both are expensive to obtain (with the former much more so than the latter) but if procured provide exclusive “monopoly” rights over the invention for a specified period of time.
DISCLAIMER: Patents are a specialized area of the law. WE ARE NOT REGISTERED/LICENSED PATENT ATTORNEYS AND CANNOT HELP YOU WITH PATENT PROSECUTION. That said, we are knowledgeable regarding the general applicability of patent law and can refer you to a specialist if you need help in obtaining a patent.
Depending on the nature of your online business one of the following statutes might apply: 1) the Heath Insurance Portability and Accountability Act (HIPAA)—protecting medical data, 2) the Gramm-Leach-Bliley Act— protecting financial data, and 3) the Childrens Online Privacy Protection Act (COPPA)—protecting collection of data for children under the age of thirteen. Furthermore, if you are doing business internationally the European Union Directive on Privacy may also be applicable. The EU is interested in promulgating an international standard that would be presumably enforceable in the U.S. and elsewhere.
Under the authority of Section 5 of the FTC Act, which prohibits unfair and deceptive practices, the FTC has brought a number of cases to enforce promises made in website privacy policies, including those promises made regarding the securing of consumer personal data. The FTC is also quite active in research and reporting on privacy issues. Due to recent high profile breaches and growing consumer concern over privacy, expect to see more legislation and/or regulations in this area in the near term.
There are a number of employment related contracts that have cyberlaw implications including: 1) basic employment contracts, 2) non-compete agreements and 3) non-disclosure agreements. For example, due to the fact that business method patents, post the State Street decision, have once again become quite popular, it is imperative that the assignment of patent rights to the employer be requested not only of engineers, but also perhaps of all high level executives (e.g. the director of marketing). It is also important that this assignment be done upfront (at the time of employment) as opposed to a later point in time when contract doctrinal issues of consideration may prove troublesome.
In addition, non-compete agreements (assuming that they are valid in your jurisdiction) must be drafted with cyberlaw issues in mind—specifically, what is reasonable from a time, scope and geography perspective may be substantially different in cyberspace than in the world of “atoms.” Where enforced, courts often look to the “reasonableness” of the agreement in order to balance the rights of employers against the rights of employees. Courts often disfavor non-compete agreements that attempt to “over reach,” it is important to strike the proper balance from the onset.
Cyberlaw is also implicated vis-à-vis various corporate policies such as acceptable use of email and other business computing resources. With respect to the former, employers need to be cognizant of how far they can go regarding legitimate “electronic snooping” activities. Furthermore, employees need to be educated and aware of business data retention policies, especially with respect to electronic documents. The changes to the Federal Rules of Civil Procedure (FRCP) related to e-discovery, effective December, 2006, are causing businesses of all sizes to be proactive in their compliance programs (see Data Retention below).
The United States Supreme Court (USSC) transformed the common law of libel via a series of cases that essentially provided a first amendment overlay to the doctrine. Under the common law of libel a plaintiff was required to show the following four elements: (1) defamatory statement; (2) identification—“of and concerning the plaintiff;” (3) a publication of the statement; and (4) damages, but only for slander.
Defamation has its roots in two common law torts: slander and libel. Slander is a harmful statement conveyed in a transitory form (e.g. an oral statement). Libel is a harmful statement conveyed in some fixed medium (e.g. a newspaper, magazine, blog, etc.). From the point of view of cyberlaw we are almost exclusively concerned with defamation that is libelous.
The leadings USSC cases are Sullivan v. NYT (Sullivan) and Gertz v. Robert Welch (Gertz). These cases imposed a fault element to the four common law elements whenever the speech was of “public concern.” They also made the status of the plaintiff a controlling factor in the analysis. Under Sullivan the plaintiff, if a “public official,” was now required to show “actual malice” under a clear and convincing evidentiary standard. Under Gertz, a “private” plaintiff was required to show some degree of fault, left up to the discretion of the states (in practice negligence).
A later USSC case, Hepps, added to the plaintiff’s burden by requiring a showing of “material falsity.” That is, post Hepps, for a matter of public concern the plaintiff was required to prove six elements in order to prevail—the four common law elements, either actual malice or negligence, and that the statement was false in a significant way. Hepps shifted the burden from a defendant's burden of proving truth as a defense, to the plaintiff's burden of proving falsity. For plaintiff's that are public officials or public figures, proving all six elements is a high hurdle indeed.
For a private plaintiff (i.e. not a public official or public figure), bringing an action regarding a statement that was not of public concern; the common law of libel remained essentially unchanged.
While the revolution in electronic record keeping has no doubt led to increases in productivity (i.e. at least some economic data is starting to confirm this long held belief), it has also created its own set of complexities. It was far easier in the old paper universe to have a document disposal plan, since the storage of paper was far too costly and visible an issue to go unnoticed. However, in today’s universe this problem is easily swept under “electronic rug”—only to become painfully visible once e-discovery commences in a pending lawsuit. By then it is clearly too late—all documents that are available and potentially relevant will likely be requested by the other side, going as far back in time as a judge will allow.
Depending on the size and nature of your organization, there is a growing need for scaleable solutions to meet requirements imposed by e-discovery and regulatory compliance. This has led to much confusion among in-house counsel and CIOs. The response has been typical, often driven by over zealous technology vendors, a rush to consolidate, centralize and archive all electronic documents. But the “missing link” is usually the policy or plan by which documents are “inventoried” and subsequently purged. In addition, this activity proceeds sans a roadmap for how production of documents will proceed when (not if, given litigious post-modern societies) an e-discovery request arrives.
There is no law that says that electronic records must be kept forever. Despite the fact that storage is becoming cheaper by the day, the cost of maintaining the required obsolete access technologies would make this an absurd proposition. Courts have not had a problem with the destruction of business records, in a routine and systematic fashion, as part of the “normal course of business operations” (with the caveat that a “litigation hold” process must be triggered upon a suit commencing or the likelihood that it will) once the documents’ useful lifetime is past. The lifetime will vary based on the type of document and whether a company is publicly traded—the hard work is in the development of the appropriate policies and processes, with the precise definition of said lifetimes based on document categories and business domains.
The bottom line is that a consolidated data governance plan and policy is required. The development of an appropriate data governance strategy requires a multi-disciplinary approach which includes: legal staff, the CIO, and cooperation from executives of various departments. Of course, many small to medium size businesses lack the necessary resources to implement, but nonetheless have exposure to liability. There are now low cost enabling technologies that provide the requisite infrastructure, however, having the appropriate strategy in place remains the most important part of the mix for organizations of all sizes.
Historically trade secret law has been a creature of state law. There was no federal statute regarding trade secrets until 1996 (i.e. the Economic Espionage Act). However, both the Uniform Trade Secrets Act (UTSA) and Section 757 of The Restatement of Torts have significantly influenced trade secret law. The UTSA is a model law drafted by the National Conference of Commissioners on Uniform State Laws. It is an attempt to better define the rights and remedies available via the common law. It has been adopted by 45 states, the District of Columbia and the U.S. Virgin Islands (sans Massachusetts, New Jersey, New York, North Carolina and Texas).
The UTSA defines a trade secret as information, including a formula, pattern, compilation, program device, method, technique, or process, that: (1) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (2) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
If the proper steps are taken, a trade secret offers perpetual protection over said information and is probably the least expensive manner by which intellectual property can be protected. The downside is that there is no protection against legitimate reverse engineering or independent development.
One of the most knotty challenges in cyberlaw is dealing with complex jurisdictional issues. Jurisdiction deals with whether a particular court has the power to hear a case. For example, lets say you bought a hundred computers for use in your Florida business on eBay from a seller in California. It turns out the seller made gross misrepresentations with respect to the condition of the machines. You want to sue them in state court in Florida. The first question you should ask your attorney is “can the Florida court get jurisdiction?” The answer depends on (among other things) the “nature and quality” of the contacts that the seller has had with the state of Florida. For example, one factor might be whether the seller, in addition to selling on eBay, has a website that “reaches out” and solicits business in Florida; or whether said website allows the formation of contracts online with Florida residents; or whether the seller has salespeople in Florida, or a host of other considerations (e.g. whether the seller has sold thousands of computers to Florida residents on eBay). The jurisdictional challenges may differ depending on whether you bring suit in state or federal court, and also across states and federal circuits. The Internet clearly has facilitated doing business nationally, but it has also, without question, increased the jurisdictional complexity with respect to bringing a cause of action across state (and national) borders.
The United States Supreme Court established in International Shoe Co. v. Washington that sufficient dealings or affiliations with the forum jurisdiction make it reasonable to require a defendant to defend a lawsuit in that forum under a theory of “Minimum Contacts” when the suit does not offend “traditional notions of fair play and substantial justice.” One leading approach to dealing with personal jurisdiction that implicates a website is known as the Zippo sliding scale test (i.e as defined in Zippo Mfg. Co. v. Zippo Dot Com, Inc.). The Zippo sliding scale test contains three parts: business transaction websites, passive websites, and interactive websites. Many circuits have adopted Zippo. Zippo is not a new doctrine, but rather International Shoe as applied to the Internet.
The bottom line with respect to jurisdiction (and other cyberlaw issues) is that courts often find ways to apply "settled law" to the new technological context. Zippo does not mean that anyone with a website can be sued in any jurisdiction. However, if the Constitutional standard is met, a plaintiff may be able to get the necessary jurisdiction.