In continuing our comments regarding copyrights online, we are on to fair use and liability for litigation. A dancing baby has created one of the most obscure and interesting cases for the year. The ramifications of this lawsuit could further impact the way that some copyright disputes could play out, bringing in a potential new factor for any takedown or claims of infringement. Yet, how this ultimately will work out is up to the justices who currently compose the highest court of the land (i.e., United States Supreme Court).  What is the story of the “Dancing Baby” case? How might copyright infringement cases change? How could the court decide? Does this interact with the earlier Kirtsaeng ruling, if at all?

What is happening with the case now?

To recap, Lenz v. Universal focuses on whether there is a good faith requirement for takedowns. Lenz had uploaded a video on YouTube showing her toddler dancing to the song “Let’s Go Crazy” by Prince. It also included a snippet of the song in poor quality. Sometime after, Universal issued a takedown of the video. However, in its analysis, the Ninth Circuit first decided that there was a good faith requirement, and questioned if Lenz would be owed damages. So far, the United States Supreme Court has denied a request for certiorari by the petitioner over what, if any, damages could be requested by Lenz. The case has also garnered the attention of various organizations, such as the Electronic Frontier Foundation and Yes Men to curtail incorrect takedowns.

Copyright is a legal right that keeps intellectual property safe, and allows individuals to profit from their efforts. Yet, these copyrighted works will at some point head over to the public domain after their expiration, which means they are not protected anymore.  What if it did not expire? In fact, recent decisions and lobbying have tried to push the effective “lifespan” of copyrights.  Instead of the life of the author, plus 70 years, it becomes further extended. So, how might this happen? What are the decisions that push for an artificially long copyright? How might an entity take advantage of this extension?

Warner Brothers v. X One X Productions:

For a few years now, there has been a legal dispute between Warner Brothers and X One X Productions, commonly known as AVELA, over the copyrights of various properties, like Wizard of Oz and Tom & Jerry. Now, these properties are still protected through copyright, but not entirely.  AVELA had taken a path akin to Dastar, and used images from promotional art, which was not renewed, and placed into the public domain since it failed to renew under the copyright laws of the time. However, back in 2011, a decision was made finding against AVELA, and while damages were disputed, the court found that Warner Brother’s awarded damages were not only justified, but they were liable for trademark infringement as well. Ultimately, this finding was because the works themselves were no longer under copyright protection, however the base work was, and the trademarks for the base work. Thus, any copies of the work incorporating the protected characters, or alterations, would become derivative works, covered under the copyright for the base work. Furthermore, the trademarks, like the names or character designs would be protected too.  Also, as trademarks have no expiration date, they can effectively push the protection of this sort of copyright further.

Imagine that you were sued for copyright infringement, yet above all odds, you managed to prevail on the merits. Your case went up to the Supreme Court, it found for you, and you have emerged successful. Yet, you are stuck footing the bill to defend yourself against a claim that was in your favor all along.  How will you get out if it? Isn’t there a section of the Copyright Act, specifically written to encourage meritorious claims to better define copyright laws? Shouldn’t the prevailing party be entitled to its attorney’s fees? This scenario has played out in front of the Supreme Court, and decided on this past summer in Kirtsaeng II.

Can’t Kirtsaeng collect his legal fees?

In its ruling, the high court came back with a resounding “maybe.”  After Kirtsaeng’s first case relieved him from liability due to his resale of books falling under the First-Sale Doctrine, he had attempted to recoup his fees.  However, the appellate court declared that he could not get the fees back, as in that circuit, the fees could not be reimbursed so long as the other side had a reasonable claim. Other circuits also had general presumptions against awarding fees to the defending party if they had prevailed, thus there was some disagreement over what constitutes a prevailing party. Yet, when the court ruled in favor of Kirtsaeng here, the result was less a resounding “yes” and more of a clarification for the lower court. The high court unanimously determined the Fogerty standards were too wide (fees are awarded case-by-case and the courts must keep in mind the mounting of a meritorious case). In determining the meritorious aspect, Fogerty listed factors like frivolousness, motivation, and reasonableness. Yet, in the Second Circuit’s rulings, it placed too much focus on the reasonableness of the claims, resulting in the clarification.   In general, the court has discretion to award attorney’s fees to the prevailing party under 17 U.S.C. 505.

Given the internet is a multi-faceted environment, how can someone monitor his or her copyrighted content on the web? The internet has been called the “wild west” and yields limited regulations requiring lots of research, practice, and guidance to properly navigate its pathways.  While self-tracking mechanisms can work in limited circumstances, however they may be imperfect solutions in the long run.  Ultimately, Google may have figured out the answer, but the implementation tends to go above and beyond what is asked of it through the Digital Millennium Copyright Act, and falls short of what society could hope for monitoring copyright infringements.  So, what is a content identification system? How does it work? What is it applied to and can it help protect your copyrights?

What is YouTube’s Content ID?

It appears that Google is the entity that has figured out how to solve the issue of identifying and flagging copyrighted content for the original owners. Yet, it comes with a caveat. What YouTube does is with clips of copyrighted content.  So, in reality it determines certain patterns and aspects. This makes it incredibly useful in flagging songs, music, and film footage, which are items that YouTube deals with on a regular basis.  This means that in any flagging online, a company can automatically issue some action, take downs, placing advertising on it, or otherwise dealing with an infringing party.  Yet, this requires that any entity taking part in this program has submitted the work to Google for YouTube’s Content ID system. Noticeably, the Content ID system does not consider any fair use defenses that carve out exceptions to copyright infringement.  Instead, it just looks to see if there is a match before taking one of the pre-determined actions. This limits the utility of the system, dependent on the Lenz ruling, and any future developments regarding fair use principles and the duties of online service providers under the Digital Millennium Copyright Act.

Now, that we know that Content ID exists, shouldn’t all online companies be held to that standard? As it currently stands, the law posits “not quite.”  So, what standards are they held to? Surely, online content providers must take some reasonable measure to protect the copyrights of others.  If not, certainly, a company must have some knowledge of copyright laws? At least enough to know that uploading the original works of third parties without consent constitutes copyright infringement.  Or, at least the company must have knowledgeable employees who appreciate the Digital Millennium Copyright Act’s guidelines?

What is required under the Digital Millennium Copyright Act?

The Digital Millennium Copyright Act (DMCA) comes with a safe harbor provision that protects online service providers from liability.  To avoid liability for any copyright infringement, online service providers are required to take down content as soon as they have knowledge of the alleged infringing activity. This last part is important, as it effectively gives purpose to the safe harbor. If an entity can be charged for the violation of its users without any actual knowledge, then it has the potential to stymie the general purpose of the internet.  However, what is not clear is how a company should gain knowledge of the allegedly infringing materials, and that was the heart of the dispute between Capitol Records, LLC and Vimeo.

So, where do we go from here? After the Internet of Things was effectively used as a way to crash various online stores and services, it leaves us with the question of how can we fix this gaping hole in our security that would allow this new technology to continue to exist without causing further risk? As mentioned last week, the most likely solutions are either in the private sector, through consumer choice and manufacturer investment, or through government action. What actions should individuals take? What is the government doing now? What might the government do in the future?

What is the private sector currently doing?

The private sector is not doing much at this time. While consumers could demand more secure smart devices, the focus of the demand for these devices tends to be towards their functioning.  In general, less sophisticated consumers buy smart devices for the sake of convenience, with security being a distant thought when compared to the more sophisticated consumers.  These smart devices, like any other internet-connected device, occasionally need security updates to remain resistant to online bugs (i.e., malware).  So, as the world becomes smarter, this technology will need to adapt and advance, accordingly, in order to mitigate the risks. Yet, without some motive to do so, it’s less likely that resistance to the botnet will emerge, and it may be due to the government’s intervention.

In recent years, we have all heard the expression before, but how does someone really “break the Internet?” Recently, an incident arose where a large network of electronic devices joined together resulting in a major interference with online businesses and services. Amazon, Netflix, and Yahoo, were hobbled temporarily due to various flaws in the Internet of Things. This flaw allowed individuals to create what’s known as a botnet, to launch a massive DDoS attack to effectively shut down services.  So, how would we prevent a similar incident from occurring? Should you be concerned about your smart devices? What about your websites and online services?

How did the Internet of Things become weaponized?

As it stands, the Internet of Things, which comprises of smart devices that connect online for the convenience of individuals, became weaponized against service providers, and created a “botnet.”  Effectively, some type of malware was downloaded onto these smart devices prompting them to send requests to certain websites. When these websites become overwhelmed by the requests, it resulted in websites crashing, or becoming generally unavailable to the users.  Here, one might wonder how, but the real answer was due to a lack of knowledge, training, and security. Unlike regular computers, tablets, and cellphones, smart devices do not always have the capability for security updates. With this, even for those devices that might be on a more secure network, the Internet of Things still entails those devices being connected online. This makes them vulnerable to more pinpointed attacks.  From there, the controller of the botnet can use the Internet of Things to launch the DDoS attack and crash a network.

As it stands, the Internet of Things can be a dangerous proposition. Due to various hacking techniques, like rubber ducks, pineapples, and pivoting, one must wonder, if it can be hacked into, and if so, then what can we do about it? What about cars, planes, trains, and power plants? To this point, the U.S. Government has launched the Cybersecurity National Action Plan or CNAP. The idea is to add more information and resources into the system, increasing the amount of resources to help build up cybersecurity and investing resources into security measures. So, what is the government doing with CNAP? How might this help a business? How might this help individuals?

What does CNAP do?

It’s a set of guidelines and goals that the Obama Administration has implemented to help build the cybersecurity network, protect against attacks on the Internet of Things, and the general national network as a whole. The first, and easiest way it plans to do this is through the 2017 budget, allocating approximately 19 billion dollars for cybersecurity, up by 35% from the previous year’s budget.  It also incorporates and promotes other existing goals and changes, such as the BuySecure Initiative requiring credit cards to incorporate smartchips, and making large businesses use the smartchip option rather than the traditional magnetic strip.  CNAP also incorporates other ideas, such as multifactor authentication, identity for Federal Government digital services, training for small businesses, and relaunching identitytheft.gov.  Therefore, it is less of a new initiative, but rather a continuation of previous actions.

Nowadays, we’re using the web for numerous purposes, including, but not limited to, online banking.  So, we should be able to protect our financial information. There are many options for hackers to gain access to financial information, and without the prerequisite security, financial information can be accessed by hackers.  The law outlines the rules for financial institutions, such as data protection, data sharing, data preservation, security breach notification, or insurance requirements.  Also, there are different standards when it comes to consumer and business bank accounts.  For example, businesses face different prerequisites that must be fulfilled prior to submitting a claim towards a financial institution.

How might hackers commit banking fraud?

Looking at how hackers may even access your financial information, there are a few tools that need to be highlighted. Among them are Pivoting, Rubber ducks, and Pineapples. While this perhaps sounds odd, the way they can work is terrifying. Pivoting is a process hackers can use to break into a computer system by accessing it through an already-compromised device. For example, a hacker may access a web server by gaining access to an email server within the same network.  These discrepancies can also occur between smart devices, which indicate a downside to the Internet of Things. Rubber ducks are special USB drives with small processors. They act as a “Trojan Horse” by downloading and re-uploading information quickly and autonomously without causing alerts. Pineapples, in comparison, are more likely to come across, but more difficult to avoid.  These are devices that “clone” Wi-Fi networks. They will function in the same way, allowing individuals to connect and access the web, but can also be used to access and hack data after someone is connected. Pineapples and Rubber ducks are dangerous because they can download “keyloggers” onto computers, which would record and transfer confidential information (e.g., passwords, financial data) to the hacker’s computer.

In today’s globalized world, with international markets becoming a stage for events to take place, how would you enforce a judgment in a foreign jurisdiction? After going through a lengthy process, it may seem unfair to go through the same procedure again without a guaranteed result.  So, simply because you obtained a judgment in your favor, if the court decision isn’t enforceable in a foreign jurisdiction, then how can you ensure you can collect? How can you ensure that things will end in your favor, and that the other side will not get away because he/she retreated to another country?

What needs to be in place to enforce my judgment?

You need the following items to enforce your judgment in a foreign jurisdiction: (1) a treaty with the foreign country agreeing to enforce the judgment; and (2) a domestic judgment in your favor that was issued within the United States. What makes this difficult is how the United States does not have treaties with other countries regarding the enforcement of judgments. While there is a treaty in place through the Hague Conventions on the Recognition and Enforcement of Foreign Judgments in Civil and Commercial Matters, only a few select countries are part of it, including, but not limited to, Kuwait and the Netherlands. Unfortunately, beyond that there is little else you could do to enforce a judgment. While we will discuss this in the next blog, arbitration agreements can bind those in other countries, and there is an effective convention that applies in those cases.