< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 501

April 5, 2008

Europeans Serve Up A Carnivorous Octopus

If you thought "Carnivore" was a sinister name for a government surveillance endeavor, how about the "Octopus Interface"?  That was the name of a Council of Europe conference held last week in Strasbourg, France, bringing together law enforcement and Internet service providers (ISPs) from 65 countries to discuss how best to cooperate in the conduct of cybercrime investigations.  The result?  The adoption of a set of electronic surveillance and lawful access "best practices" to be followed by law enforcement and ISPs.  Given the overtones of 007 (and alleged American conspiracies from the 1980s), the name of the conference is not likely to assure suspicious civil libertarians.  But any effort to regularize and demystify the relationship between law enforcement and ISPs is a welcome development.  Still, though representatives of the U.S. Department of Justice were present at the "Interface," the FBI might find some of this Octopus's meat a bit hard to swallow.

Websites Will Find No Friend in Court's CDA Ruling

Courts continue to poke holes in websites' liability protections.  Late last month, a federal court in New Hampshire ruled in Doe v. Friendfinder Network, Inc., that a state law "right of publicity claim" arose out of a "law pertaining to intellectual property," and was therefore not barred by section 230(c)(1) of the Communications Decency Act.  Courts have generally interpreted section 230(c)(1) as giving websites and other “provider[s] or user[s] of an interactive computer service" broad immunity from liability for information provided by third parties.  But section 230(e)(2) of the CDA states that this statute shall not "be construed to limit or expand any law pertaining to intellectual property."  In direct conflict with the Ninth Circuit's 2007 ruling in Perfect 10, Inc. v. CCBill LLC, on which we previously reported, the court in Friendfinder ruled that section 230(e)(2) bars application of the CDA's liability protections to all intellectual property claims, not just those grounded in federal law.  Coupled with its finding that privacy claims for the unauthorized use of one's identity (known as "right of publicity" claims) are intellectual property claims, this ruling could allow plaintiffs to circumvent websites' CDA immunity by dressing up what are essentially defamation claims as right of publicity claims -- especially since the court also held that plaintiffs need not show or even allege "commercial damage" in order to state a publicity claim.  While the court ruled that the CDA barred many of the plaintiff's other claims, its holding on right of publicity claims could, if adopted by other courts, create a large hole in websites' CDA immunity shield.   This ruling, combined with the Ninth Circuit's recent en banc decision in Fair Housing Council of San Fernando Valley v. Roommate.com, LLC (which we will report on next week), makes websites' reliance on third-party content a much dicier proposition.

German Court Restricts Government Access to Communications Data

A recent ruling by the Federal Constitutional Court of Germany limits the ability of law enforcement to access traffic data retained by telecommunications providers pursuant to the German Data Retention Act.  The court's interim injunction does not relieve providers of the obligation to retain traffic data, but bars them from providing that data to law enforcement except in cases involving certain serious crimes, and only if it would otherwise be extremely difficult or impossible for the authorities to ascertain the relevant facts about the crime.  If a provider receives a request for traffic data that does not meet the requirements set out by the court, it may not transmit the data to law enforcement but must store and safeguard the data, at least until the Court issues a final ruling on the constitutionality of the relevant provisions of the Act.  The logic of the decision would appear to apply to Internet communications, too (although the data retention requirements for Internet traffic data do not come into effect until January 1, 2009).  Communications providers thus should review German law enforcement requests for traffic data carefully, since the court's ruling puts the onus of compliance directly on them.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2012 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington