2000 Final Exam Sample Answer–Eric Goldman

Santa Clara University School of Law
Cyberspace Law – Spring 2000
Sample Answer
By Eric Goldman

This document discusses my Spring 2000 Cyberspace Law final.


I received some negative feedback for testing on USENET in the first question, especially because I apparently trivialized USENET’s importance in an early class.  It was clear that many of you, probably about half, had little or no idea what USENET was.  I took this into account in the grading; so answers that were generally on track but evidenced poor understanding of USENET were not automatically punished.  I tried to be as fair as I could about this, but obviously no system is perfect.  My apologies if this caused more stress than I’d hoped.

Actually, even if you didn’t intuitively understand USENET, there were only a few points about USENET you REALLY needed to understand to be fully competitive:

  • USENET is a global message board that allows many IAPs and websites to automatically get content posted on other IAPs/websites
  • USENET propagates by a store-and-forward mechanism
  • Most USENET groups are unmoderated
  • Users determine the name of the newsgroup
  • If Embarq has 3% of the posters to the newsgroup, then Embarq has no contract with 97% of the posters to the newsgroup

As a reminder, cyberspace law practitioners need to understand the technological environment and how the system may change the rules.  Further, if a lawyer doesn’t know the technology, he or she is expected to grasp it very quickly.  You’ll notice that Question #2 was primarily about email, and thus the Web—while important to both questions—was not the only technology tested.  I want everyone to understand that it’s crucial to know all Internet technologies, not just the Web.

My Approach to Grading

I thought it might be helpful to explain the way I score.  I score each question on a 100 point scale.  I categorize an answer into one of several levels—marginally competent (50), competent (60) or very competent (70).  Outstanding answers score higher than a 70; poor answers score less than 50.  Within this broad framework, I make 5 point grade adjustments up or down when something catches my attention.  For example, if an answer generally was very good but missed an essential point, I would normally deduct 5 points and score the answer a 65.  Similarly, if the answer was generally competent but had good organization or picked up a couple of subtle points, this answer scores a 65.  Because I arbitrarily set 60 as my “default” score, my mean, median and mode for all questions were about 60.

I do not carry over good or bad feelings from question 1 to question 2.  Thus, I score each question independently, multiply the score by the applicable percentage for that question, and add the two adjusted scores together.  There should be little benefit to “shifting” time from one question to enhance the other question.

After I finish grading everyone’s scores, I use a histogram to set the relation between grades and scores.  This year, for JD students, scores between 56 and 61 received a B.

For JD students, there were 25 As, 48 Bs, and 8 Cs.  The 8 LLM students were graded on a different curve.

Question No. 1

As usual, this question is based on a real life situation.  See ALS Scan, Inc. v. Supernews, Inc. 99-CV-02594 (D. Maryland, February 28, 2000).  I have liberally modified and supplemented the facts, but the basic scenario is one we faced.

Direct Copyright Infringement.  Some cases have held websites directly liable for distributing or displaying copyright-infringing files, even if uploaded by users.  See, e.g., Hardenburgh.  As I discussed in class, the direct copyright infringement claim based on user content can be preempted by the DMCA under 17 USC 512(c).  Embarq has met the preconditions for DMCA eligibility:

  • it should be able to claim that it is a “service provider”
  • it has made the proper filing with the Copyright Office and has posted this information to its website
  • it has a policy to terminate repeat infringers [the facts could have been clearer that this provision was also in the user agreement]
  • it honors standard technical measures (whatever those are)

So any direct copyright infringement claim against Embarq should be knocked out by 512(c).

(A side note: one of my pet peeves is when people characterize the 512(a)-(d) safe harbors as causes of action.  No one “sues” under these sections; rather, the provisions may offer a defense.  Note that ALS’s attorneys mistakenly sued for violation of the 512 provisions.)

Salsa could try to argue that, following the Hardenburgh precedent, Embarq’s conversion of data from NNTP to HTTP cuts off the “storage at the direction of users” element.  However, since this conversion is automated and not substantive, this argument should gain little traction.

A number of you tried the 512(a) safe harbor (transitory digital communications).  This exception is intended to cover ISPs for merely processing data flowing over their wires.  Embarq does not qualify because it stores content on more than a transitory basis.  Some of you tried to argue that 30 days was transitory; this argument is probably a loser.

Some of you also tried the 512(b) safe harbor (caching).  This isn’t a bad argument, but one of the 512(b) requirements is that the cacher restrict subscriber-only content to subscribers, so this argument is going to fail with respect to Salsa.

Interestingly, the 512(a) or 512(b) safe harbors lack the contributory/vicarious carve-outs in 512(c).  Thus, if you can get into either safe harbor, then you have better protection than under 512(c).  This is why Napster argued that it was protected under 512(a) in the first Napster ruling (which was issued post-final), even though we all knew that it would lose and that 512(d) was the safe harbor that Congress intended to govern Napster’s behavior.

Contributory Copyright Infringement.

Embarq will be liable for contributory copyright infringement if it knows about the infringement and substantially participates in it.  As we know, the DMCA safe harbor in Section 512(c) is supposed to provide some coverage here, but the express language of the statute carves out contributory infringement from the safe harbor.

Substantial participation can occur simply by filing to take down or remove content that the service provider knows is infringing.  So the core question here is whether Embarq has sufficient knowledge to legally compel it to take down the newsgroups.

Before we analyze the law, let’s take a perspective check.  A newsgroup is just like any other message board.  A message board operator can “know” about past copyright infringement posted to the board, but how is the operator supposed to know about future infringement that users might choose to cause on the board?  We all know the answer to this—they can’t.  So the policy issues here are pretty thorny—it’s one thing to punish service providers for infringing content still resident on their servers; it’s another thing to force them to shut down a discussion forum in anticipation of future bad actions.

Under the old Netcom rule, we knew that service providers had some duty to act when they got notice.  We didn’t know what notice sufficed, and thus we tended to err on the conservative side (e.g., if the notice was well-stated or scary, take down the content).

The DMCA (17 USC 512(c)(3)) clarifies the standard some by setting forth the requirements for copyright owners to notify service providers of copyright infringement: (a) physical/electronic signature of a person authorized to act on copyright owner’s behalf, (b) identification of the infringed work (or representative sample), (c) identification of the infringing copies with information reasonably sufficient to permit the service provider to locate the material, (d) contact information for the complainer, (e) a statement that complainer has a good faith belief that the material is not authorized for this use, and (f) a statement that the information in the complaint is accurate and, under penalty of perjury, the complainer is authorized to act on the owner’s behalf.

Here, Salsa did not send a DMCA-compliant notice.  Further, even though it wasn’t legally required to do so, Embarq did request more information from Salsa, which Salsa never did.

So three questions remain: (a) does Salsa’s failure to provide a DMCA-compliant notice mean that Embarq lacks actual knowledge and thereby retains the 512(c) safe harbor, (b) if not, does the notice given by Salsa impute enough knowledge for Embarq to be contributorily liable anyway, and (c) if so, is the remedy that Embarq must take down the newsgroups in their entirety?

On (a) and (b) above, the ALS Scan court concluded that because ALS did not provide a DMCA-compliant notice RemarQ lacked actual knowledge for purposes of the safe harbor.  Effectively, the court collapsed the safe harbor with the common law test—because ALS did not provide enough knowledge to RemarQ, the safe harbor trumped the common law.  It’s not clear that other courts will reach the same conclusion.

With respect to Embarq’s possible duty to eliminate the newsgroups as opposed to merely removing the infringing items, consider the ALS Scan court’s footnote number 3: “If the DMCA had not established the requirement that notification of infringement must meet, ALS Scan’s argument might be more persuasive.  In light of the names of the offending newsgroup – which closely parallel ALS Scan’s own name – and the history of infringing material being placed on the newsgroups, it might be reasonable to require a service provider to eliminate the newsgroups from its data base in order to prevent future infringements.  On the other hand, requiring one service provider to eliminate the newsgroup would not take the infringing materials off the Internet and would, at the complaining party’s discretion, favor one service provider over another.  In any event, the DMCA is clear in what is requires.”  [all mistakes retained]

Vicarious Copyright Infringement

Embarq could also be vicariously liable for infringing items posted through the newsgroups if Embarq had direct financial benefit from the infringement and had the right and ability to control the infringement.  512(c) offers no help here.

Because Embarq served banner ads over the infringing postings, let’s stipulate to direct financial benefit, in which case the only thing keeping Embarq from being vicariously liable for all infringing postings on the newsgroups is its right and ability (or lack thereof) to control infringements on the newsgroups.

Embarq would argue that it had no practical method to control infringement within its existing business model because USENET content flows onto its servers and then automatically flushes 30 days later.  Salsa would counter that Embarq had the right and ability to control infringements based on the following evidence:

  • Embarq selects the newsgroups to carry, and Embarq had made other judgments in the past about which groups to carry.  Embarq would respond that carrying a newsgroup has no bearing on Embarq’s ability to control the content in a newsgroup.  Embarq would point out that selecting a newsgroup is no different than establishing a message board, and establishing a message board should not evidence the right or ability to control the content of a message board.
  • Embarq converts the content from NNTP to HTTP.  As discussed above, this type of automated conversion does not evidence any real substantive control.
  • Embarq removes postings from newsgroups when it receives notice of postings and they are illegal or tortious.  As I discussed in class, I believe that this argument must fail, or else the courts will set up a no-win situation for service providers (e.g., take down a posting to minimize contributory liability and prove your right and ability to control for vicarious liability purposes).  While it’s possible courts will look to this type of control to assess vicarious liability, I steadfastly believe they should not.
  • One other place to look is Embarq’s user agreement to see if it has a provision enabling Embarq to remove content arbitrarily.  The facts were silent on this.

On balance, Embarq’s risk for vicarious copyright infringement is not terrible.

Other Copyright Defenses

Embarq can argue that the users were engaged in fair use (loser argument) or that Embarq’s limited storage and distribution is fair (probably also a loser).  Embarq can also argue that the users had an express or implied license to take the photos off the servers and post them to USENET; we’d need to see Salsa’s user agreement and site to assess the viability of that claim.

Contributory Trademark Infringement

Embarq isn’t liable for direct trademark infringement (see Hardenburgh) because the users set up the newsgroups and name them, but Embarq could be liable for contributory trademark infringement based on the newsgroup titles.  Under the Lockheed case, Embarq will be contributorily liable if it knows of the infringement and directly controls and monitors the instrumentality used by a third party to infringe.

As we’ve discussed above, Embarq’s knowledge of copyright infringement is ambiguous.  In the trademark context, it’s even more ambiguous, because there’s no evidence that Salsa provided any specific evidence of trademark infringement.  As for Embarq’s ability to control and monitor the instrumentality, this analysis may look similar to the vicarious copyright infringement analysis above, where Embarq will aggressively disclaim its ability to either control or monitor the newsgroup or its servers hosting the newsgroups.

Embarq will further argue that the trademark fair use doctrine insulates it, because the titles of the newsgroups merely describe the subject of the newsgroups.  While this argument will ring a little hollow because of the high percentage of infringing postings on the newsgroups, Embarq will argue that the newsgroups are just like any other messages boards that discuss a company or its products and thus the trademark owner should not be entitled to use its trademark rights to squash constitutionally protected discussion of the company.

On balance, Embarq’s liability for contributory trademark infringement is not high.

A number of you applied the multi-factor test for trademark infringement.  This test is relevant to direct infringement, which we knocked out quickly, and would be useful only if you need to get that deep in your contributory trademark infringement analysis.

A number of you denigrated the strength of the mark “Salsa.”  While it is probably suggestive in this context, you shouldn’t ignore that it was a registered trademark in assessing its strength.

Other Claims

There are a number of other claims worth mentioning only in passing:

  • Trademark Dilution.  The Lockheed court ruled that contributory dilution is not a cause of action.
  • Right of Publicity.  This is a potentially powerful claim, but does Salsa have the right to enforce this?  It would only if the models assigned their rights to Salsa.
  • 17 USC 1202 (CMI).  This is another potentially powerful claim, but the scienter requirement makes it difficult for Embarq to be liable even if users modified or omitted the CMI.
  • Criminal Copyright Infringement.  Ignoring the scienter requirement for a moment, the government, not Salsa, would enforce this.
  • Contributory Trespass.  To my knowledge, no such cause of action has been litigated, but Salsa could try to argue that Embarq somehow contributes to the trespass being committed by users when they access Salsa’s servers to pirate the photos.

Because the primary claims Embarq is liable for are copyright and trademark, the safe harbor in 47 USC 230 offers no benefit.  Thus, although some of you spent significant time on 47 USC 230, it was effectively irrelevant to this question.

Some of you mentioned that Embarq should sue the newsgroups or their organizers for breach of contract, reasoning that the newsgroups presumably were delivered under a contract that was breached with all of the infringing content coming through the newsgroups.  Newsgroups are established in decentralized fashion, so unless the newsgroup is moderated, there is no newsgroup “keeper” to contract with or sue.  Internet access providers forward USENET content usually through “peering” contracts, but usually these contracts address the mechanics of data transfer and are content-agnostic.

Many of you spent non-trivial time discussing Embarq’s user agreement.  There were only 2 points about Embarq’s user agreement relevant to this question: (1) did the agreement have provisions regarding terminating repeat infringers, and (2) did the agreement have a provision giving Embarq the power to remove content arbitrarily?  However, no matter how good Embarq’s user agreement was, the fact that newsgroup content was uploaded through other USENET service providers makes Embarq’s user agreement only a moderately meaningful risk management device.

Some of you discussed the new anti-cybersquatting legislation.  This law was irrelevant to this question.

A few of you were confused about the statement that “Embarq has registered an agent for service of notice with the Copyright Office.”  In particular, this statement was misinterpreted to mean that Embarq had an agent looking at content.  The “agent” referenced here is a statutory requirement to be eligible for the DMCA safe harbor, and this person’s only job function is to be the identified contact when a copyright owner wishes to submit a DMCA-compliant notice of infringement.

A number of you argued that Embarq was trespassing on Salsa’s files.  This requires you to assume that an electronic file containing intangible IP rights could be “chattel” for purposes of trespass law. This is an extremely aggressive argument.

A few of you assumed that Salsa had itself pirated the photos available on its website.  While this is normally not a bad assumption, if this were true, on what basis could Salsa then complain of Embarq’s copyright infringement?  In other words, if Salsa was itself a pirate, Salsa would not have standing to sue for copyright infringement, and this would have been a very easy question to answer!

Embarq’s Options

Embarq should consider the following options:

1.                              Be Prepared to Litigate.  Embarq has already demanded a DMCA-compliant notice to no avail.  Thus, unless Embarq picks a different option now, it should be prepared to litigate.  As you know, litigation should be a tool of last resort.  So why did we allow this case to go to litigation?

  • While the loss of the 2 newsgroups in question would not have been fatal to the business, we were worried that other plaintiffs would demand RemarQ to remove newsgroups that at one point or another contained their copyrighted material.  If this process played out repeatedly, we believed that a substantial chunk of the database would be at risk.  Thus, we needed a test case to establish that we didn’t have this duty to remove newsgroups in their entirety just because they may have historically contained infringing items.  When reduced to this level, this was a bet-your-business problem.
  • We were not afraid to litigate against a pornmeister.  While essentially we were defending our right to carry porn, not the most sympathetic claim, we thought that the court would be less sympathetic to the pornmeister.
  • ALS’s demands were inartfully worded, and we thought we’d have a good chance framing the issues favorably to us based on the correspondence between the parties.
  • We thought we’d have some good arguments to point out that RemarQ was no different from any other USENET service provider, thus forcing the judge to consider if he or she was prepared to undercut the entire USENET industry.

Of course we tendered this claim to our insurance companies.  We had coverage under  specifically procured Internet E&O insurance, but interestingly, our CGL carrier also assumed the defense under the advertising injury provision.

2.                              Take Down the Newsgroups.  This is the most expedient course of action in terms of expense, management bandwidth and press relations.  However, it would piss off some users and reduce the page impression base.  Most importantly, if this scenario played out with multiple demands from other trademark owners, and Embarq acceded to each, would there be a viable business left?

3.                              Provide an Expedited Legal Solution.  Embarq could set up an expedited procedure for Salsa to submit DMCA-compliant notices, such as a dedicated abuse contact or a promise to remove postings within X hours of receipt of complaint.  This could have aspects of eBay’s VeRO program.

4.                              Provide an Expedited Technical Solution.  Embarq could give Salsa the technical power to kill photos or postings from Embarq’s database itself.  Again, this bears resemblances to eBay’s VeRO program.

5.                              Block Delivery of Photos to the Newsgroups.  Embarq could disable the newsgroups’ ability to carry attachments, effectively blocking the distribution of photos through the newsgroups. Consider, however, if this extra technical system would increase Embarq’s exposure to vicarious copyright infringement in the future.

6.                              Help Salsa Go After the Bad Actors.  Embarq might be able to divert Salsa’s bloodlust by offering to help Salsa find the bad users, but Embarq needs to consider the associated privacy implications.

7.                              Hire a Contractor to Moderate the Newsgroups.  Embarq could offload some liability by finding a contractor to moderate the newsgroups.  To deploy this approach, Embarq would need to break the agency, no easy task.

8.                              Negotiate a License or Commercial Arrangement.  Embarq could try to obtain a license from Salsa to have Salsa’s content on Embarq’s servers.  In addition to being a dangerous precedent when future plaintiffs come around, it seems unlikely that the parties could work out acceptable financial terms because effectively Embarq would have to buy a big chunk of Salsa’s value to do this.

Embarq could also offer to provide banner ads or other promotions to Salsa in the newsgroups, allowing Salsa to drive traffic to its subscription website.  Of course, if the entire contents of the website end up on Embarq’s servers, this technique won’t be particularly effective.

How to Improve Your Score

Obviously, it was not possible for you to cover everything above in 54 minutes, nor did I expect you to do so.  An 80+ answer covered the following:

  • direct copyright infringement and how the DMCA safe harbor should cover that claim
  • contributory copyright infringement, the requirements of a DMCA-compliant notice, and whether Embarq had sufficient notice for purposes of the DMCA or common law
  • vicarious copyright infringement and some of the factors cutting towards or against right and ability to control
  • contributory trademark infringement and the application of the “direct control and monitoring” doctrine
  • options that were more than just rote recitations from previous years’ exams or the notes

Many of you did reach all 5 topics but lost points because:

  • applying the wrong elements or test.  For example, some of you applied the vicarious copyright factors in your contributory infringement analysis.
  • superficial coverage.  For example, a number of you reached the contributory copyright infringement test but failed to realize that the knowledge issue was the core issue that needed more sophisticated treatment than a single sentence.
  • inaccurate application of the law.  For example, a few of you rejected vicarious copyright infringement by arguing there was no direct financial benefit.  This factual scenario is pretty much a slam-dunk to establish direct financial benefit.
  • irrelevant causes of action.  Some of you spent significant time on causes of action that weren’t especially relevant.  While I didn’t automatically take off points for covering irrelevant causes of action, usually when irrelevant causes of action took up a significant chunk of your answer, the required analysis suffered as a result.
  • weak option analysis.  Some of you did little or no analysis of the options available to Embarq.  This was an integral part of the question; indeed, some of you overcome weak legal analysis with a good options analysis.

Question No. 2

As usual, this situation was taken directly from real life with some liberal factual modification.  This question was designed as a race-horse question, with your challenge being to quickly identify the right issues and discuss them very briefly.

EF’s Legal Problems.  EF’s practices create the following legal problems:

1.                              Breach of its Privacy Policy.  EF is breaching its announced privacy policy in potentially 3 ways:

  • it is selling email addresses to a record company in violation of the privacy policy
  • it is using a third party outsourcer to deliver its own emails.  This is not clearly a problem, since EF does not promise never to disclose personal information to any third party.
  • EF is sending weekly emails, which may be more frequently than contemplated by the privacy policy

Bullets 2 and 3 may not be serious, but bullet 1 is.  EF could be liable for breach of contract (if users want to claim that the document constituted a contract—their choice), false advertising (enforced by users, the government or competitors) and unfair business practices (governed by CA B&P 17200, which can also be enforced by users or competitors).

2.                              COPPA.  Although there is no evidence that EF collects age information, EF probably markets to kids 12 and under in its “children’s music” area.  Thus, under its current practices, EF needs to comply with COPPA.  A number of you missed this point, and a number of you correctly hit COPPA on your checklist but failed to correctly identify why EF needed to comply with it.

3.                              Anti-Spam Laws.  Because EF does not validate email addresses, EF may be getting live email addresses for people who did not submit them (e.g., a user may submit someone else’s valid email address).  Thus, when EF sends its newsletters to these people who did not sign up, EF is sending commercial emails to people it does not have a prior relationship with and without their consent.  While it’s true that anti-spam laws might be struck down under the commerce clause, it’s dangerous to plan on that.

4.                              Trespass of Recipient’s IAP.  EF’s spam described above may also be deemed a trespass on the recipient’s IAP’s computers.  The recipient could also argue that the spam trespassed their own personal computer, but this is debatable.

5.                              Breach of Contract with and Trespass of EF’s IAP.  EF’s spam may breach EF’s contract with its IAP and may be deemed a trespass of its IAP’s computers.

6.                              Derivative Liability for Record Company’s Spam.  If the record company uses the database it receives from EF, the record company will probably be engaged in spam.  EF theoretically could be derivatively liable for this spam, although this is an untested theory.

7.                              Record Company Breach of Contract/Fraud/Indemnity.  For giving email addresses that cause spam, EF may be in breach of its contract with, or deemed to be committing fraud on, the record company, or EF may owe the record company an indemnity.  Separately, the record company might complain about the percentage of invalid email addresses, although this is less likely a problem.

A top score could have been achieved just by correctly reaching and analyzing the first 3 points above.  Bonus points were available for picking up some of the other points.

Other Problems.  In addition to the foregoing legal problems, EF could suffer some other negative consequences arising from its practices:

1.                              EF’s IAP may shut them down, potentially putting its website offline

2.                              EF could be placed on the RBL

3.                              EF could suffer a PR disaster if its practices are discovered and publicized

4.                              EF may experience excessive customer support inquiries from its sloppy practices

Solutions.  EF can mitigate the risks of its practices without completely changing its business model by doing the following:

1.                              On a going-forward basis, setting up a proper mandatory clickthrough privacy policy that accurately describes its practices.

2.                              Validating email addresses before using them to send periodic commercial emails.

3.                              Complying with COPPA with respect to the children’s music area.  This could be done in any of the following ways: complying with COPPA only in the children’s music area (a pain), not collecting personal information in the children’s music area, or shutting down the children’s music area entirely.

4.                              Conforming to the existing privacy policy for existing email addresses, which means no further disclosures of the email addresses in violation of the privacy policy.  This will require EF to segregate its databases to keep the new email addresses collected under the new privacy policy separate from the old email addresses; but EF might try to get old email addresses to opt-in to the new privacy rules.

Other Comments.  Some other issues raised by your answers:

Some of you focused on the use of cookies, arguing that cookies are a trespass or violate a right of privacy.  Both arguments seem very aggressive.

Many of you spoke extensively about what EF should put into a user agreement (e.g., warranty disclaimer, governing law, etc.).  This wasn’t actually relevant to answering the question.