E-Commerce Law Week, Issue 405

No Automatic Injunction for Patent Infringement, Supreme Court Rules in eBay Case
In an important victory for e-commerce companies, the U.S. Supreme Court ruled unanimously on May 15 that courts should not automatically issue a permanent injunction following a finding of patent infringement. Siding with eBay in eBay, Inc. v. MercExchange, LLC, (05-130), the Court held that the "traditional four-factor test applied by courts of equity when considering whether to award permanent injunctive relief ... applies to disputes arising under the Patent Act" no less than in any other type of case.  The opinion vacates a Federal Circuit decision holding that a permanent injunction should be the "general rule" in patent infringement cases, absent "exceptional circumstances," and returns the case to district court. Had the High Court affirmed the Federal Circuit's holding, it would have raised the stakes considerably for technology companies, making it easier for so-called "patent trolls" to demand a king's ransom in order to settle a patent infringement suit -- as NPT did to RIM in the recently settled BlackBerry case.  But the Court's holding did not sound the death knell for trolls that some technology companies had hoped for, since the Court also rejected a categorical rule against granting injunctions to non-practicing patent holders. The Justices thus sent a very clear message to lower courts that they should decide patent suits case-by-case, applying traditional equitable principles. This means patent suits by non-practicing patent holders against successful technology companies are likely to continue. There just won't be a thumb on either side of the scale.

Action Heats Up Over NSA Datamining and Surveillance Programs
There has been action on several fronts regarding the recent allegations that three telecommunications carriers provided the National Security Agency with non-content call records of millions of customers for datamining purposes, and also regarding the NSA's warrantless wiretapping program. On May 12, two New Jersey public interest lawyers, in an apparent race to the courthouse, filed a class action in New York against Verizon alleging violation of 18 USC § 2702 and the U.S. Constitution, and seeking at least $5 billion. On May 13, they reportedly amended that complaint to add AT&T and BellSouth as defendants and to raise their request for damages to $200 billion. There have also been rumblings in Congress and the Federal Communications Commission about investigating potential violations of 47 U.S.C. § 222. While BellSouth and Verizon have denied that they provided customer call records to NSA, AT&T has said that it has not "given customer information to law enforcement authorities or government agencies without legal authorization." Meanwhile, on May 13, the federal government formally moved to intervene and dismiss the class action that had been filed in January against AT&T concerning the wiretapping program, asserting the military and state secrets privilege. The government could eventually seek to dismiss suits over the datamining program on similar grounds. But that won't prevent further leaks about the program to the press. So over the next year, we could see a flurry of leaks, lawsuits against telcos, assertions of state secrets privileges, and investigations of suspected leakers. The dust is far from settling.

With U.S. and Libya Singing "Kumbaya," Even Qaddafi Could Get PGP
On May 15, the U.S. Department of State formally announced that the United States is restoring full diplomatic relations with Libya, and that it will remove Libya from the Department of State's list of state sponsors of terrorism (the "T-6 List"). The State Department's decision will be subject to a mandatory 45-day congressional review period, after which Libya will be removed from the T-6 List. Removal could lead to substantial changes in the near term in the laws governing trade between the United States and Libya. Among other things, the Department of Commerce's Bureau of Industry and Security will, in all likelihood, amend the Export Administration Regulations to remove some of the major export controls currently applicable to Libya. Additionally, Libya and Libyan entities will ultimately be subject to fewer restrictions with respect to U.S. Government contracting programs, as procurement rules that are linked to restrictions on state sponsorship of terror are eventually updated. In the interim, contractors need to comply with existing acquisition regulations. Amendments to existing regulations will of course be required. So, an important question is whether there will be significant changes immediately after the 45-day public comment period ends, or if a longer period will be required for the relevant agencies to act.

When It Comes to Security Breaches, You Can't Pick Your Poison
As a corporate counsel or security guru, would you rather have to deal with: (A) a hacker infiltrating your corporate network; (B) dumpster-diving reporters getting access to personal information; or (C) a Federal Trade Commission (FTC) investigation? Unfortunately, if you answer A or B, you automatically get C, too, these days -- and with three you definitely do not "get egg roll." That's what Nations Holding Company (NHC), a mortgage financing and real estate services company, and its subsidiary Nations Title Agency (NTA) recently discovered. In April 2004, NHC was the victim of a hacker who used a common website attack to gain access to NHC's computer network. Then, in February 2005, a dumpster-diving television news crew discovered "intact documents containing sensitive personal information" in an unsecured trash bin outside NHC's building. These two incidents led to an FTC enforcement action and a recent settlement in which NHC agreed to the usual FTC terms, including a promise to implement a comprehensive information security program and 20 years of FTC oversight. In case any companies missed the message of the settlement, FTC Chair Deborah Platt Majoras hit them with the proverbial two-by-four in an accompanying news release: "Enforcing the laws designed to protect consumers' sensitive financial data is a priority at the FTC. This is the thirteenth case challenging faulty data security practices, and we will bring more cases if companies continue to fail customers."

The Slings and Arrows of CFAA Enforcement
For an employer, disloyalty can be the unkindest cut: an employee departs with confidential information, luring away clients or selling secrets to a competitor. In cases where a current or former employee purloins data from a company's computers without authorization, companies have increasingly sought recourse in the Computer Fraud and Abuse Act (CFAA). Although primarily a criminal statute, the CFAA contains a provision authorizing civil suits.  But that rather dense and confusing statute sometimes requires a legal contortionist to understand the meaning of its interrelated provisions.  One recent decision in the Northern District of Indiana demonstrates the importance of careful pleading to avoid confusing the court and having it reject a potentially meritorious case. Another decision in the Western District of Arkansas makes clear that, when employees do something on the network that exceeds their authorized access, companies may have recourse under the CFAA.

FTC Returns (Briefly) to the Business of CANning SPAM
The FTC took a short break from the business of security breach enforcement to remind corporate America that commercial email (a/k/a spam) has its rules, and failing to abide by them has a price. In statement released on May 11, the FTC announced that both Kodak Imaging Network (formerly Ofoto, Inc.) and ICE.com had agreed to settle a series of CAN-SPAM charges brought against them in a pair of FTC complaints.  According to the Commission, Kodak allegedly "sent a commercial e-mail message to more than two million recipients that failed to contain an opt-out mechanism, failed to disclose in the email message that consumers have the right to opt-out of receiving further mailings, and failed to include a valid physical postal address, as required by law." Meanwhile, ICE.com purportedly "sent more than 6,000 e-mail messages to consumers who had previously requested not to receive future commercial e-mail messages from the company." Neither company was hit with a very big fine ($26,331 for Kodak, and only $6,500 for ICE.com). But, in addition to agreeing not to violate CAN-SPAM again, both companies agreed to submit themselves to a series of FTC monitoring, record-keeping, and reporting provisions intended to keep them honest.

Steptoe & Johnson and IP Law and Business Magazine Continue Teleconference Series
On June 22, 2006, from 1:00 pm until 2:00 pm EDT, Steptoe partner, Scott Doyle , will discuss when and why a company should perform Competitive Patent Intelligence to navigate through the briar patch of murky IP conditions many companies now face. A "CPI" conceptualizes the patent landscape by drawing upon an analogy to real estate: identifying the valuable land and danger zones where third parties may have blocking patents, determining unclaimed valuable land for patent mining, suggesting barriers and design-arounds as protection strategies for mitigating threats, determining relative value of patented technology, and locating the public land of prior art.

The teleconference is toll-free, and there is no charge to participate. For additional information, please email Alycia Polley or contact her by phone at 202.457.5436.

Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.