Cyberlaw 2003 Sample Answer by Eric Goldman

Cyberlaw 2003 Sample Answer
Eric Goldman


There were 10 As, 6 ABs, 32 Bs, 2 BCs and 2 Cs.

I changed my grading system a bit.  Before, I used a 100 point scale that I used in 5 point increments with a 60 baseline.  This semester, in keeping with the minimal grading choices at Marquette, I tried a 5 point scale where I only used whole integers between 1 and 5, with 3 as the baseline.  I think this system worked pretty well in this class—answers seemed to break down pretty naturally into one of the 5 buckets.

About Using the Computer

32 students took the exam by computer, and 20 handwrote.  16 students downloaded the exam electronically, and 16 students emailed the exam back.  I don’t think these were necessarily the same people, but I do know that a handful of you took the exam without setting foot in the building.  Generally the experiences of those people seemed to work pretty well.

I was stunned by the massive disparity in scores between those by computer and those by hand.  The average for computer-takers was about 2.8 (out of 5) and for hand-writers it was over 3.4.  I believe this difference is statistically significant however we analyze it.  I can assure you there was no grading bias in favor of handwriting.  Several handwritten bluebooks were virtually impossible to read, and therefore extraordinarily and unnecessarily time-consuming, and that frustrated me tremendously.  However, I tried not to let this undermine my assessment of the substance, and several of the top-scoring exams were also the hardest to read.  I believe that the disparity can be explained by who chose to handwrite and their probable performance on the exam regardless of whether they handwrote or used the computer.

I know that many of the computer users preferred taking the exam by computer, either because of the ease of organizing their thoughts or the reduced physical strain.  I also noticed a number of bluebookers who made margin notes regretting their inability to reorganize their answer.

Based on the computer exams, I was able to get some information about word counts that might prove useful.

For Q1, the average number of words was 1,743, with a high of 3,168 and a low of 479.  The average word count for answers scoring a 4 or 5 was a little over 2,000, ranging from 1,266 words to 2,816 words.  In contrast, answers scoring a 1 averaged about 750 words and ranged from 479 to 1,041.

Q2 was a train wreck scoring-wise, so it’s harder to draw any insights here.  The average word count was 411, with a range from 54 to 888 words.  Answers scoring a 4 or 5 had an average word count of 505 and ranged from 265 words to 871.

You can draw your own conclusions from the data.  I continue to believe that it’s about quality, not quantity, meaning that your score is dependent on picking the right words, not saying more of them. Certainly I discourage wholesale cutting ‘n’ pasting from notes, which did not impress me.

Question 1

This was an issue-spotting and survey question.  Insight, organization, accuracy and addressing all of the major legal theories were keys to good scores.

Pat’s Legal Risks

There are five legal doctrines worth discussing in Pat’s situation: copyright, hot news, breach of contract, trespass and CFAA.  Everyone discussed copyright but after that many of you talked about only one other doctrine (or in some cases, nothing else), and a few of you incoherently mingled the discussion of one of the other doctrines in your copyright analysis.  Both approaches were penalized pretty significantly.  The discussion about Pat was the single biggest lever to the question scoring.  Smart, reasonably accurate and thoughtful discussion of all five doctrines virtually ensured a 5.  A few of you did decent issue spotting of all 5 doctrines, but then undercut my confidence and your score by just cutting ‘n’ pasting your notes on the doctrine without doing any real custom application to the facts.

Copyright Infringement.  Pat faces the risk of a civil copyright infringement claim.  There is no question Pat has engaged in copying—first by downloading pages into RAM (although this may or may not be privileged based on the legal terms—see below), and then by cutting and pasting the lists into the online forms.  Because the facts specified copying, there was no need to establish copying circumstantially.

The tougher issue is whether the Nyet list was copyrightable.  The list is factual in nature—it ranks book sales—but the fact that Nyet uses a proprietary methodology to produce the list makes the issue more complicated.  Determining how many books are sold may be more than just aggregating facts.  Nyet may choose to count all sales, or it may count net sales by adjusting for returns, or it may choose not to count remainders or other closeouts of books.  And, for that matter, choosing which retailers to consult in aggregating sales evidences some judgment.  Therefore, an argument can be made that the list is a product of judgment, much like the price estimates of old coins were in CDN v. Kapes, and therefore protectable under copyright law.  Alternatively the list could be a compilation, which is thinly protected but does prohibit wholesale copying (which is what Pat did).

If so, Pat infringes the copyright through the verbatim copying discussed above.  Pat would in turn argue fair use:

  • Nature of use.  Nyet would argue that Pat made a commercial use because Pat got paid as a Superuser.  Nyet might also argue that publishing the list on an e-commerce site was a commercial use, even if Pat did not personally derive a commercial benefit.  Pat did not add anything new, so the use was not transformative, although Pat could argue, based on Kelly v. Arriba, that the list was used for a different purpose (selling books instead of media publication).  Nevertheless, I think this factor will favor Nyet.
  • Nature of the work.  The list is generally factual and is published, so this factor favors Pat no matter how it is applied.  Some of you mistakenly thought that if a work had been published, that weighed against fair use.
  • Amount and substantiality of portion taken.  Pat took the entire list, so this factor favors Nyet.
  • Effect on the market.  It seems unlikely that the republication of a book best-seller list would have any real impact on newspaper circulation, because it’s fair to assume that virtually all people buy the newspaper for access to all of its features, not just the list.  If the circulation isn’t affected, then the newspaper’s ad revenues should also not be affected.  However, if Nyet is selling ads on its website and the list’s publication on diverts traffic from Nyet’s website to, then Nyet’s ad revenues would be affected.  Nyet could also make the circular argument that Pat is degrading their licensing market because Pat is not paying a licensing fee to Nyet.  Pat could try a similarly weak argument that the list’s visibility on increases demand for the newspaper.  On balance, I think this slightly leans towards finding no fair use because of the traffic diversion argument.

I think that if the court finds there’s a negative effect on the market, Pat’s actions are definitely not fair use.  Otherwise, it’s a toss-up.

Pat also has a risk of being criminally liable for copyright infringement, either because Pat is infringing for commercial advantage (the nominal fee) or perhaps because the list is sufficiently valuable.

Hot News.  Pat also has a risk of being liable for hot news misappropriation.  There are 5 elements of hot news:

  • plaintiff generates or collects information at some cost or expense.  Facts don’t specify clearly, but the fact that Nyet uses a proprietary methodology does suggest some effort to generate the information.
  • the value of the information is highly time-sensitive.  The issue here is whether a list that updates weekly can be considered highly time-sensitive.  On the one hand, examples we discussed in class—sports scores, stock quotes, weather information—tend to change much more dynamically, often minute-by-minute.  On the other hand, the weekly lists do have some time-sensitivity, and Pat redistributes in a matter of hours, when the information is most time-sensitive.  I could see a court stretching the boundaries of “highly time-sensitive” to cover such aggressive interdiction.
  • defendant’s use of information constitutes free-riding on plaintiff’s efforts.  Verbatim copying in this context is free-riding.
  • defendant’s use of information is in direct competition with plaintiff.  This tracks our market discussion under fair use.  On the one hand, an e-commerce site is not in direct competition with a major media company.  On the other hand, Pat’s use does interfere with any licensing market, and I could see a judge being persuaded that diversion of web traffic is direct competition.
  • free-riding would reduce the incentive to create the product or service such that its existence or quality would be substantially threatened.  I have a hard time believing that the use of the list on an e-commerce site threatens the production of the newspaper generally or even the list specifically, because again I assume that virtually all people buy the newspaper for access to all of its features, not just the list.

On balance, I think the hot news argument will be hard to win for Nyet.

Breach of Contract

Pat has presumably transgressed the terms because Pat has reproduced, “transmitted” (whatever that means), displayed and published the list elsewhere.  The second qualifying sentence, permitting downloading for noncommercial use, presumably doesn’t offer much of a safe harbor, first because arguably Pat’s conduct is commercial (see discussion in fair use, above) and second because Pat did more than just download.

But are the terms a contract?  They are not a mandatory nonleaky clickthrough because the terms are just presented via a link on a page.  Further, the call to action is not strong enough (like “by using this page, you are agreeing to…”) to try to bootstrap the terms into a mandatory contract.  If mandatory nonleaky clickthrough was the only way to form an online contract, we would definitely not have one here.

But the Specht case, by negative inference, suggests that other procedures might work if the consumer is put on “inquiry notice.”  Recall, for example, in Specht the court said that a reasonably prudent Internet user would not have known of its terms.  Is that true here?  Nyet might argue that users expect important guidance in web page footers, and that any user who looked in the footer would have seen the language “Important Legal Terms” and thus be on inquiry notice that there were some important terms they needed to know about.

That type of argument by Nyet would be potentially anchored in the precedent but still would be new law.  As for now, I would think a court would say a contract is not formed so long as Nyet cannot prove that Pat actually saw the terms.  If Pat did look at the terms, perhaps a court will be willing to treat the terms as a contract with Pat even if they would not be a contract with all other users.

Trespass to Chattels

You have two paradigms you can use to evaluate Pat’s behavior.  On the one hand, you can say that Pat is just like any other Internet surfer.  To view the web page, Pat accesses Nyet’s servers to download the page into RAM.  While this interaction does “use” the servers, this use has to be permissible or else the web server cannot be used.

On the other hand, Pat’s systematic expropriation of the list is no different from the scraping at issue in Bidder’s Edge and, except (a) it’s done by a human instead of a robot, and (b) it’s done weekly instead of in the span of a few seconds.  Scraping is squarely the type of conduct normally prohibited by trespass.

So which is it?  Is Pat just an innocent surfer?  Or is Pat a marauding scraper?  Let’s look at the Restatements test:

  • use/intermeddling.  As noted, Pat is using the Nyet servers every time Pat accesses the website
  • “harm.”  Nyet could argue that the server’s value is impaired because each time Pat accessed the server, it consumed some bandwidth and server processing power that could have been used for desired users.  Note that the foregoing argument again applies to every surfer.  Nyet also could argue that it was deprived of the server’s use, although I don’t think it was for a substantial period of time (at least in Pat’s case).
  • Notice?  CompuServe v. Cyber Promotions also required notice.  Nyet would argue that its legal terms provided adequate notice.  Alternatively, Nyet would point to the other cases (eBay, which did not require notice as an element of the cause of action.  Pat would argue that there’s no notice unless the notice is given specifically or there’s a contract.  Certainly Pat will have received adequate notice by the time Nyet goes after Pat.
  • Electronic self-help?  This factor was also required by the Cyber Promotions case but not by others (although where exercised, self help is incredibly persuasive to the court).  Nyet again would argue that no self-help is required, or Nyet could take the self-help measures as part of going after Pat.

The eBay court used a modified test, requiring that (1) Pat intentionally and without authorization interfered with Nyet’s possessory interest in the computer system, and (2) unauthorized use proximately resulted in damages.  The eBay court was cagey about what level of interference rose to an intermeddling for part 1, so we can’t tell if Pat’s degree of use would be intermeddling under the eBay court’s approach.  The eBay’s court’s logic under part 2 (Bidder’s Edge deprived eBay of the ability to use its servers for other purposes, and then the court aggregated like conduct) will always be present.

The court used an even more streamlined test, expressly negating the need for any damages because “evidence of mere possessory interference is sufficient to demonstrate the quantum of harm necessary to establish a claim for trespass to chattels.”  Pat’s activities used the servers far less than Verio’s scripts did, but how much is too much?  Remember the Intel v. Hamidi court took the same approach as and found a trespass based on 8,000 emails.

Uncomfortably, finding Pat liable for trespass would make most Internet users equally liable.  However, this is a risk Pat faces.

Computer Fraud & Abuse Act

Whenever you have a trespass issue, you need to check the CFAA too.  Here, 18 USC 1030(a)(2)(C) seems especially apropos.  That section restricts intentionally accessing a computer without authorization (or exceeding authorization) and obtaining information from any protected computer.  The Nyet computers are protected because they are connected to the Internet.  Pat obtained information from them (the list).  Pat arguably exceeded authorization because the boundaries were set by Nyet’s legal terms.  Remember in the CFAA context we had the Zefer case that indicated that notices posted to a website (that would not otherwise qualify as contracts) would be sufficient to establish the boundaries of authorization.  Here, I think Pat has a significant risk of having violated the CFAA, even if Pat did not commit the common law trespass to chattels.

DTFS’s Legal Risks

Those of you who did an incomplete job on Pat’s legal risks were in trouble on DTFS’s legal risks.  I wanted you to discuss the likelihood that DTFS would be liable for each of the five doctrines Pat was exposed to.  A discussion about DTFS’s trademark risks would be a nice bonus but was not crucial.

All of the following discussion assumes Pat is liable for the underlying claim.

Liability for Contributory Copyright Infringement

DTFS will be contributorily liable to Pat’s copyright infringement if DTFS has knowledge of Pat’s infringing activity and materially contributes to it.

  • Knowledge.  In this type of situation (where DTFS is primarily a web host storing infringing items at a user’s direction), we had hoped/thought that the service provider could receive knowledge only through a 512(c)(3) notice.  As cases like Napster, RemarQ, Aimster and Cybernet illustrated, knowledge can be obtained other ways too.  Here, facts that support that DTFS has knowledge of Pat’s infringement include: DTFS expects that the Nyet list will appear on its site (like Napster), a general awareness that users will infringe (like Napster) and an employee supervisor (like Cybernet).  While it’s unclear that a court will accept these facts as confirming knowledge, a lot of the case law is adverse to DTFS.
  • Material contribution.  Material contribution usually is evidenced by continuing to host infringing items after knowing that the items are infringing.  If a court accepts that DTFS knew of the infringement based on the above facts, it could conclude that DTFS has materially contributed even if DTFS never gets a 512(c)(3) notice.  More recently, courts have been finding material contribution when a service provider “provides the site and facilities for infringement,” which DTFS does both by hosting the content and also arguably through its entire Superuser program (with the submission form and the employee support).  Further confirmation of material contribution could be evidenced by DTFS payment to Superusers to do the work.

As noted in Napster and Cybernet, the Sony exception to contributory infringement for devices that are capable of substantial noninfringing uses does not apply to “services.”  Interestingly, the recent Grokster opinion appears to go the other way on that point.

All told, I think DTFS has a significant risk of contributory copyright infringement, even if it never receives a 512(c)(3) notice.

Liability for Vicarious Copyright Infringement

DTFS is vicariously liable for Pat’s copyright infringement if DTFS has a direct financial interest in the infringement and the right and ability to supervise the infringement.

  • Direct Financial Interest.  The Napster court appeared to effectively eliminate this factor by finding Napster had a direct financial interest when Napster had no financial interest at all.  Here, however, the facts specifically tell you that the lists increase DTFS’s sales.  In other words, DTFS makes more money directly due to the infringement.  That should be direct financial interest under any standard.

The more modern test for direct financial interest says it occurs when the infringing material acts as a “draw” for customers.  The lists might draw DTFS customers in a couple of ways—by diverting search engine traffic or by making for a richer user experience.  Obviously these are qualitatively different from the “draws” we saw in the precedent cases, where infringing items were the primary reason users were there.

  • Right and Ability to Supervise.  Per Napster, the contract provision in its Superuser contract permitting DTFS to terminate Superusers in its sole discretion confirms the right and ability to supervise—nothing further is needed.  Here, additional evidence that DTFS had the right and ability to supervise includes the employee supervision (Cybernet) and the structured collection form.

All told, I also think DTFS has a significant risk of vicarious copyright infringement.

In your exams, a few of you discussed how the 230 safe harbors could insulate DTFS against copyright claims.  Usually this was penalized pretty harshly.

Derivative Claim for Hot News

DTFS’s hope is that 230(c) applies to hot news, but 230(c) does not apply to “intellectual property” claims.  Is hot news an IP claim?  I didn’t expect you to know the answer to this, but I rewarded those of you who asked the question.  Personally, I think hot news is an IP claim, but it is grounded in the misappropriation doctrine, which is not intrinsically IP.  So it’s possible hot news claims will be covered by 230(c).

If so, DTFS then needs to meet the other requirements of 230.  It’s safe to assume a website is an ICS (Schneider, Gentry).  And ostensibly the list is provided by Pat, “another information content provider.”  However, because DTFS uses the structured online data collection form, there’s a risk that a court will bypass the safe harbor because it is no longer provided by a third party (Carafano).

If 230(c) does not apply because hot news is an IP, then what?  The default rule may be that DTFS will liable for Pat’s actions if DTFS knows of the violation and fails to take appropriate and timely remedial actions.  This could look a lot like the analysis in contributory infringement above.  Or a court might apply a higher standard of knowledge than the copyright cases are applying, which might defer the risk until DTFS gets a notice from Nyet.

On the exam, a lot of you talked about 230 and said it would apply, but you did not connect it to a specific cause of action.  You would say things like “230 will negate all publisher/speaker claims” without specifying what claims you thought were publisher or speaker claims.  This earned effectively no credit.

Contributory Trespass/CFAA?

These causes of action also should be in the “everything else” bucket.  Here, DTFS is pretty far removed from Pat’s surfing activities, so the risk of contributory liability should be slim.

Contributory Contract Breach

Even if Pat breached Nyet’s contract, I think the activity should be covered by 230(c) because the basis of Nyet’s claim is that Pat posted the content to in violation of the contract.


I had a hard time coming up with a serious theory that Pat engaged in trademark infringement just by cutting and pasting content.  However, DTFS has some risk of trademark infringement depending on how DTFS uses or markets itself based on the lists.  Most specifically, DTFS could be creating initial interest confusion based on being indexed in the search engines associated with Nyet’s trademarks.  In response, DTFS would argue that it engaged in trademark fair use (Welles).

What Should DTFS Do To Minimize Risk?

  • Maximize eligibility for 230.  The only step here would be to remove the structured submission process.  I think Carafano is questionable law, so even that step may not be necessary.  Carafano is on appeal to the Ninth Circuit, so we may get more clarity.
  • Maximize eligibility for 512.  It’s not clear that 512 will ever help DTFS.  Interestingly, in the recent Grokster case, Grokster was found not liable for contributory or vicarious copyright infringement and 512 was never mentioned.  But cases like Hendrickson and Ellison offer some wispy prayers that 512 might provide a safe harbor.  To comply with 512, DTFS needs to register with the copyright office, post contact info on the site, announce a no-repeat-infringer policy and follow it, and accommodate standard technical measures (whatever those are).
  • Remove other indicia of knowledge/control.  DTFS could eliminate its employee supervision and remove the termination for convenience clause from its contract, although each of these steps probably would have other deleterious effects.
  • Other steps.  DTFS could seek a license from Nyet.  This may be cost effective and would ensure that Nyet always gives it the most current info.  Or, if Nyet doesn’t have a licensing program, DTFS might be able to get Nyet’s permission to repost the list.  Alternatively, DTFS could just link to the list rather than host it, although in practice this does not affect user conversion-to-sale nearly as much as hosting it does.

My word count for this answer (including all commentary): about 3,400 words.

Question 2

Question 2 was a huge disappointment for me!  We spent a lot of time throughout the semester talking about geography—the lack of geographical authentication and its consequences, the potential impact of geolocation technology, etc.  So the question was a very simple issue-spotting exercise: what happens when a website suddenly learns geographical information when it didn’t know this before?

Unfortunately, only about 1/3 of you spotted the issue, and you were usually well-rewarded for that.  Because this question flew over the head of so many of you, I decided to try to grade it without harshly penalizing you.  Thus I did give points for an intelligent discussion of the privacy issue, but the points you could earn discussing only privacy was capped at 3.  Discussing only jurisdiction and not discussing privacy at all still made you eligible for a 5.

I continue to believe this is a really easy question if you stop writing and spend a little extra thinking time.  But maybe not.


As I mentioned, this question is all about jurisdiction.  There are two potential consequences of collecting the zip code: moving up the Zippo scale, and knowing contact with a forum.

Prior to collecting zip code, one could argue that Epitime is a “passive website” because Epitime only publishes pages on the website and does not collect any personal information.  By adding the zip code collection feature, Epitime immediately becomes at least an “interactive” website, increasing the risk of having broader jurisdictional exposure.

The highest Zippo tier was alternatively characterized as “conducting business over the Internet” (Millennium) or initially, “the repeated and knowing transmission of computer files into a jurisdiction” (Zippo).  Under Millennium, zip code collection probably doesn’t change Epitime’s status, but under the original Zippo formulation, that’s exactly what Epitime does once it knows the zip code.  Thus, collecting the zip code moves Epitime to at least the interactive tier and maybe all the way up to the top tier.

More recent cases, like ALS Scan and Step Two, do a more careful job connecting the actual allegedly tortious conduct with the website’s capabilities.  But under both, the courts still look for “directing electronic activity into the state” (ALS Scan) and “intentionally targeting the state” (Step Two), and Epitime arguably meets both standards once it knows the zip code.  Certainly a plaintiff can argue, with force, that if Epitime did not want jurisdiction to attach in a forum state, it simply could have blocked web serving to that state once it knew zip codes.  Epitime’s defenses that it didn’t know where it was sending pages and couldn’t avoid sending pages throughout the world are emasculated.

A few of you mentioned that Epitime can control this risk through a user agreement.  While a properly implemented user agreement will control jurisdiction for plaintiffs who enter the contract, it is irrelevant for plaintiffs who don’t.  For example, a trademark plaintiff would likely be able to use the zip code-driven delivery of web pages into its forum state to get jurisdiction in that state regardless of the contract.

There’s also an increased risk that Epitime will satisfy the effects test, which turns on “expressly aiming tortious actions” at a state.  The zip code information isn’t dispositive here, but certainly it undercuts potential defenses.


There wasn’t much to say about privacy, as so many of you saw first hand!  The zip code information, in isolation, is not really personally identifiable, so it has minimal privacy impact.  COPPA is not triggered because (a) Epitime doesn’t collect age information, (b) zip codes don’t meet the definition of “personal information” under the statute, and (c) e-commerce sites should rarely be deemed to be targeted to kids.  Epitime would be well served to consider the FTC’s standards for complying with the FTCA: notice, choice, access and security, but with such insignificant data it’s hard to imagine the FTC will care about this at all.

We didn’t talk about cookies much in class, but there are some claims users are bringing based on cookies (including trespass and CFAA).  In this context, I think it is relatively inconsequential.

My word count for this question: a little over 500