Web Site Liability
Web-based publishing raises issues regarding "ownership" of the published content and other liability concerns. Various practices must be observed to protect the Company's intellectual property rights, and similarly, to ensure that publication will not violate third-party's ownership or other rights.
Copyright laws protect "original works of authorship fixed in any tangible medium or expression," and reserve to the copyright holder the exclusive rights to reproduce, distribute copies and publicly display or perform the work, or prepare derivative works. For on-line works this may include text, artwork logos, audiovisual materials (including sounds), sound recordings, software and code, etc. Copyright protection reaches only the way an idea is expressed, and not the idea itself, and generally does not protect the following: a procedure; process; system; method; operation; concept (but, see patent, below); principle or discovery; facts (regardless of the form in which described, explained, illustrated or otherwise embodied in such work – but, databases are protected as compilations, so their use should be scrutinized); short phrases; titles (but, a trademark can, e.g., "Star Wars"); names; slogans; common or familiar symbols or designs; mere variations of typographic lettering; or works that derive from information within the public domain (e.g., works whose copyright has expired).
Copyright law does not always restrict our ability to use third-party content. Limited use of copyrightable materials without the copyright holder's permission may be permitted under the "Fair Use" doctrine, including criticisms, comment, news reporting, teaching, scholarship or research, satire, and parody. Similarly, limited parts or a whole work may be reproduced with proper attribution for noncommercial purposes that do not hurt the value of or market for the original. The more informational and fact-based a work is, the less likely it will receive copyright protection, and the broader "fair use" can be made of such materials.
Copyright notice (e.g., "© 2000 ABC, Inc., all rights reserved") is not required, but the notice should still be used as a reminder that the material is copyrighted, and because it precludes an "innocent infringement" defense in most cases. All top-level or primary web pages and graphics or designs for which protection is warranted should contain a copyright notice, and use throughout a site is generally recommended to ensure notice to visitors who "deep link" into a site.
Company web site developers and operators should obtain proper approval from copyright holders unless the desired use falls within a "fair use" exception. Unauthorized use of a third-party's materials on a web site might subject the Company to a variety of infringement claims, including direct infringement if it selects, edits and approves of posting of third-party materials, and also significant risks for third-party materials posted by other persons (e.g., chat rooms, bulletin board services, file transfer sites, etc.), even without knowledge that infringing conduct is occurring. Section 230 of the U.S. Telecommunications Act may provide some protection, if an "interactive computer service" does not: (1) control and approve the posting; or (2) post the content itself. The 1998 U.S. Digital Millennium Copyright Act extended similar protection if so-called "take-down mechanisms" are implemented allowing aggrieved copyright claimants to complain and requiring prompt investigation and, if warranted, removal. Specific guidelines should be used for any open forums informing users of acceptable conduct, and can include requiring a user to click "I accept" the terms (click-wraps), which are considered to be the equivalent of shrink-wrap software licenses which have been held binding on users.
Patent rights promote progress in science and useful arts by giving inventors a multi-year monopoly over use and commercial exploitation of their inventions, and after the expiration of this period, the invention is given to the public domain to be used and exploited by anyone. Patent protection is available for the invention or discovery of any new and useful process, machine, manufacture, composition of matter, or any new and useful improvement thereof, and may include non-copyrightable works (e.g., ideas, procedures, methods, systems, processes, concepts, etc.) and trade-secrets in some circumstances. The invention must be original and undisclosed ("novel"), and any disclosure (public use or publication) before patent application can destroy patent protection. Recently, the U.S. Patent & Trademark Office has been issuing patents for business processes. Examples related to the internet include methods for profiling web site users, "one-click" ordering based on prior purchases, and reverse auctions.
A trademark is a word, name, symbol or device used to identify and distinguish goods of one person from goods manufactured or sold by others, and to indicate the source of the goods. Service marks identify services. Trademark protection is available only if the mark is "distinctive" (assumed if the mark is registered; otherwise, a court will look to history of use). Arbitrary and fanciful words are deemed to be "inherently" distinctive. Descriptive words receive trademark protection only if they obtain "secondary meaning" (i.e., become well known and identified in the marketplace with the goods or services). Generic words, on the other hand, are not given any protection. Web sites are generally deemed to provide services, and the specific products or goods (i.e., documents or software) available within the site are described by trademarks.
Trademark law prohibits using any reproduction, counterfeit, copy, or colorable imitation of a registered mark in connection with the sale, offering for sale, distribution, or advertising of any goods or services which is likely to cause confusion or mistake, to deceive others, cause dilution or scourge, or otherwise may disparage the mark. Vicarious liability may result if an apparent partnership between the on-line publisher and the direct infringer is shown and the on-line publisher has authority to control the infringing product or service. "Fair use" also extends to trademarks, including using a third-party's trademark "descriptively'' or otherwise in a manner that refers to the actual source, provided it is not likely to confuse consumers and is not an "unfair" commercial use (which depends on whether: (a) the allegedly infringing good or service is readily identifiable without use of the mark; (b) the mark is used only to the extent reasonably necessary to identify the goods or services; and (c) the user has done nothing to suggest the trademark holder’s sponsorship, or endorsement).
Internet domain names are more than a mere "postal address," and are advertisements or promotions for provision of goods or services much like mnemonic telephone numbers (e.g., "1-800-FLOWERS"). Such telephone numbers have been found to be trademarks. There is no satisfactory Internet equivalent to telephone books or directory assistance, and domain names are often guessed based on pattern ("www.XYZ.com"). InterNIC has instituted policies to alleviate trademark/domain name disputes by putting the use "on hold" if a third party alleges they have a corresponding trade name and shows registration.
Unfair competition law is a close relative of trademark law involving statements about one's own or another's products or services. Included within this arena are statements amounting to "passing-off" (false or misleading representation causing consumers to believe that a person's good or services come from another), "tarnishment" (casting another’s mark in a bad light and thereby injuring business reputation), "disparagement" (deceptive statements of fact about the quality of another's goods or services), "misappropriation" (based on a claim of: (1) Substantial investment of time, money, skill or effort to create a product or service by one party; (2) Another party’s appropriation of the product or service constituting a "free ride"; (3) Injury to the first party; and (4) A finding that the misappropriation is unfair – e.g., a news service rewriting and publishing another news service’s article as its own, without attribution or permission, or "crawling" of a party's commercial web site and reproducing the content, even in a new format). Misappropriation has been used to object to "deep linking" (linking to web pages other than the top-level home page), "framing" (displaying content of another web site within a "frame," making it look like the content is on the infringer’s site), and "meta tags" ("hidden text" on a web page). Linking is a foundation of the web, and generally you may link to a site (at least top level pages) without express consent provided such links are not misleading as to their source and do not use proprietary marks or logos. Liability for deep-linking has been found on the theory it siphons-off site traffic, harms the user experience, distorts web traffic, and adversely affects advertising and the associated revenue (i.e., people skip viewing pages containing the host site’s advertising leading to the deep-linked page). Framing can obscure (or hide) that the content is hosted by the external site, and the framing web site may post navigation tools, text, trademarks, or anchor advertising which the external site is unable to control. Meta tags are valuable for ranking web sites in search engine "results" pages and in identifying the site source. Use of third-party trademarks, company names, and product names in meta tags, however, can create infringement claims. Failing to provide material information to the public can be considered deceptive, and outdated information on your company's web site can expose you to liability.
A trade secret may consist of any formula, patent, device, or compilation of confidential information which gives the business an opportunity to obtain an advantage over competitors who do not know or use it. Trade secrets are given limited protection under the law, and require the owner to show the information was in fact a trade secret, the owner took steps to protect it, and the misappropriating party used improper means (e.g., breach of confidential relations) to acquire the trade secret. Once lost, even wrongfully, there is little the owner can do to restore its rights (e.g., if misappropriated and published over the internet by a third party, the trade secret owner will have little recourse against anyone other than the first misappropriating party). Third parties can independently develop the trade secret and possibly patent it, seriously impacting a prior user's ability to exploit the secret.
Privacy policies provide web site visitors notice about the owner's information practices, including what, if any, limitations are placed on the collection and use of personal identifying information (e.g., information submitted by the user through the use of forms or other methods, such as name, physical or e-mail addresses, etc.) and transactional or financial information. The sufficiency and observance of such policies has received significant attention here and abroad. Currently, few U.S. laws affect collection and use of internet-related personal identifying information, with the government promoting self-regulation over the more prescriptive approach employed in Europe. When a company strays from its published practice, it may result in state or federal action for unfair or deceptive business practices. Although there are no general legal requirements, the FTC encourages: (1) Notice about use; (2) Visitor choice about whether and how used; (3) Security of personal information collected and stored; and (4) Visitor access to their own personal information to ensure accuracy. The On-line Child Privacy Protection Act requires any commercial web site or on-line service either directed to children or with knowledge that it collects personal information from children to obtain verifiable parental consent before collecting or disclosing personally identifiable information about children. The European Union's Data Protection Directive requires member states to adopt national legislation guaranteeing a minimum level of protection to personally identifying information, including information maintained on automated systems and paper records, and requires limitations on data "export" to countries not having "adequate" privacy protection (affecting, e.g., U.S. companies with activities or subsidiaries in EU countries). Negotiations are ongoing, however, to permit information to be freely exchanged across the Atlantic. Information must be: (1) Stored and used only for purposes for which collected; (2) Maintained in a form not permitting identification of individuals longer than necessary for that purpose; (3) Accurate, up-to-date, relevant and not excessive in relation to purposes for which it is stored; and (4) Processed only with the consent of the data subject when legally required, or to protect "public interests" or "legitimate interests" of a private party except when those interests are outweighed by the interests of the data subject.
"Republishing liability" derives from the mere fact that the content was published or otherwise made publicly available. Defamation is a false and unprivileged statement of fact that is defamatory (i.e., maligns or otherwise harms reputation or good will) and is published with "fault." Liability depends on the person to whom directed, and a statement must be made with "actual malice" (knowledge of its falsity or in reckless disregard of whether it is true or false) to be defamatory as to "public figures" (e.g., politicians and famous individuals). A statement need be made merely negligently to defame private figures. Three types of privacy claims may arise from statements made on web sites: (1) Public disclosure of private facts; (2) Statements placing the subject in a "false light"; and (3) Commercial use of another's image or likeness without their permission ("right of publicity"). "Negligent publishing" may lead to claims involving personal or economic harm, such as inciting readers to engage in reckless behavior and thereby creating a foreseeable risk of harm, endorsing products known to be dangerous, or representing that a product meets certain quality standards.
Advertising and unfair competition law
Advertising and unfair competition law prohibits false advertising, including blatant falsehoods, innuendo, "indirect imitation," ambiguous suggestions and false designations of origin. "Deceptive or unfair" advertising is based upon 3 elements: Substantiation, deception, and fairness. The Company should require third-party advertisers indemnify the Company for claims arising from the placement of the advertisement on its web site. Various countries' laws have content limits on what may be published (either on-line or otherwise) based on their unique cultural, moral and political views. Items posted on a web site may be a regulated "export." Even slightly disparaging ads with comparisons to competitors can result in a trade libel claim, and certain countries (e.g., France) have strict limits on comparative advertising. As a result, any comparative advertising should be the subject of careful review and documentation.
Awarding of "prizes" conditioned on a purchase
Awarding of "prizes" conditioned on a purchase is prohibited in many states, and disclosure is required if any item is offered as an inducement. "Free" offers must be accompanied with all terms, conditions and obligations, and it is illegal to require payment or expenditure of significant effort in order to enter a "promotion" (prizes awarded based substantially on chance or luck). An illegal lottery has 3 elements: A valuable prize, "consideration," and chance.
Various legal actions
If a party accesses your internal network by means of your company's web site, or makes unauthorized change to web site content, you have various legal actions at your disposal. Likewise, if you or your agents access a computer without authorization, you may be subject to liability (e.g., conducting a security scan and penetration test on your company web site hosted on an ISP-owned web server without the ISP's authorization could result in criminal liability). The Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, criminalizes and establishes a private action for civil statutory damages for unauthorized access of a computer system, and the Electronic Communications Privacy Act (ECPA), 18 U.S.C. 2252, provides criminal and civil penalties for the unauthorized interception, disclosure, or use of an electronic communication or a stored electronic file. Various states, including New York, Virginia, and California, have adopted computer crimes statutes with criminal and civil penalties, and in other states computer crime can be prosecuted under traditional causes of action such as trespassing, misappropriation of trade secrets, false pretenses, larceny, and embezzlement. The transmission of unsolicited e-mail ("SPAM") is not only objectionable to most recipients, but is prohibited by most ISPs and fourteen states.