Tag Archive for: Internet Law

0507griffiths_narrowweb__300x399,2

Back in 1999, my law clerk, J. Eric Crupi and I considered the topic of personal jurisdiction as applied to the Internet. In the resulting Law on the Row article, entitled “Lines in the Virtual Sand.” In the original article, Eric concluded that “the boundaries of personal jurisdiction in cyberspace have not been concretely defined, but rather represent unsettled lines drawn in the ‘virtual’ sand. . . .” In the intervening years, I would have to say that the lines in the virtual sand have been blown away by the winds of U.S. Court decisions, particularl after considering the three-year long case against Hew Griffiths from Australia.

The original article describe the process of personal jurisdiction as follows:

The traditional determination of whether a court has personal jurisdiction over a particular defendant involves a two-pronged analysis. The first prong of the analysis inquires into whether the state in which the lawsuit was filed (i.e. the “forum state”) has a “long-arm statute” permitting the assertion of personal jurisdiction. A long-arm statute is simply a legislative act that allows the courts of a state to assert jurisdiction over persons and corporations that, although not residents of that state, have voluntarily conducted some type of activity in that state. The second prong of the analysis, however, is more involved and inquires into whether the forum state’s assertion of personal jurisdiction complies with Constitutional due process standards. Due process requires that a non-resident defendant must have certain “minimum contacts” with the forum state such that maintaining the suit does not offend traditional notions of fair play and substantial justice. Essentially, this prong is satisfied if the defendant performs some act in the forum state through which it purposefully takes advantage of the benefits of doing business in that state and can thus reasonably anticipate being haled into that state’s courts.

It is the “minimum contacts” section of the long arm analysis that has received the most attention in the U.S. Department of Justice’s extradition of Australian Hew Raymond Griffiths. In one of the first ever extraditions for an intellectual property offense, Griffiths, 44, a British national living in Bateau Bay, Australia – a man who arguably had absolutely no physical contact with the United States – was extradited to the United States in February 2007 to face criminal charges in U.S. District Court in Alexandria, Va. On April 20, 2007, he pleaded guilty to one count of conspiracy to commit criminal copyright infringement and one count of criminal copyright infringement before U.S. District Court Judge Claude M. Hilton. He was sentenced to 51 months in prison and given credit for the three years he spent in Australian facilities awaiting extradition. He will serve out the remaining 15 months imprisonment in U.S. facilities.

Griffiths’ conviction was the latest action arising from the joint U.S. Customs/Department of Justice investigation known as Operation Buccaneer, the largest international online copyright piracy investigation ever conducted by federal law enforcement. To date, Operation Buccaneer has resulted in more than 30 felony convictions in the United States and 11 convictions of foreign nationals overseas.

In an article for the Australian Law Journal, NSW, Chief Judge in Equity, Peter Young summarized that “[Our] people are being extradited to the U.S. to face criminal charges when they have never been to the U.S. and the alleged act occurred wholly outside the US.” He concluded that while International copyright violations are a great and valid problem that must be remedied, “there is also the consideration that a country must protect its nationals from being removed from their homeland to a foreign country merely because the commercial interests of that foreign country are claimed to have been affected by the person’s behaviour in Australia and the foreign country can exercise influence over Australia.”

The DOJ Assistant Attorney General Alice S. Fisher of the Criminal Division stated the Department’s counter position, that “the Justice Department is committed to protecting intellectual property rights, and will pursue those who commit such crimes beyond the borders of the United States where necessary.” U.S. Attorney Chuck Rosenberg for the Eastern District of Virginia echoed her sentiment when he stated that “Whether committed with a gun or a keyboard — theft is theft. And, for those inclined to steal intellectual property [in the United States], or from halfway around the world, they are on notice that we can and will reach them.”

So what did Griffiths do to raise the ire of the DOJ? Griffiths, known by the screen nickname “Bandido,” was a longtime leader of an organized criminal group known as DrinkOrDie, which had a reputation as one of the oldest and most security-conscious piracy groups on the Internet. DrinkOrDie, an international organization founded in Russia in 1993 and known as the warez scene, was an underground Internet piracy community that specialized in cracking software codes and distributing the cracked versions over the Internet. Griffiths had boasted in interviews that even though he ran all of DrinkOrDie’s day-to-day operations and controlled access to more than 20 of the top warez servers worldwide, he would never be caught. Some of DOD’s most prominent victims were Microsoft, Adobe, Autodesk, Symantec and Novell, but they also affect smaller companies whose livelihood depended on the sales revenue generated by one or two products. Once cracked, these software versions could be copied, used and distributed without limitation. Members stockpiled the illegal software on huge Internet computer storage sites that were filled with tens of thousands of individual software, game, movie and music titles alleged to be worth over 50 millions dollars. The group used encryption and an array of other sophisticated technological security measures to hide their activities from law enforcement. Griffiths was certainly no farm boy and was well aware that his activities were criminal, even though many articles on the Internet about his activities point out that he allegedly made no profit from the pirated software.

Griffiths’ extradition was very controversial in Australia. The matter of U.S.A. v Griffiths has been cited as an example of how bilateral arrangements can lead to undesirable effects such as a loss of sovereignty and the introduction of draconian measures. On the other hand, increased enforcement internationally through heavy criminal sanctions is seen as an effective way of protecting legitimate distribution networks.

A common mistake made in many of the Internet discussions about the Griffiths case is that the extradition occurred pursuant to the Australia-United States Free Trade Agreement (“AUSFTA”). Griffiths’ indictment, however, occurred before amendments were enacted to harmonise the Australian Copyright Act with U.S. copyright laws, so AUSFTA had nothing to do with the extradition. There were multiple factors that motivated extradition, not the least of which was that the DOJ alleged conspiracy, claiming that most of the overt acts were based in the United States and that many DrinkorDie members were located in the U.S. This gives credence to the argument that, as the leader of DOD, Griffiths was subject to its jurisdiction. This analysis is no different than exercising jurisdiction over a criminal enterprise whose activities result in murder rather than theft – the analysis has nothing to do with the severity of the crime. That said, it is not wise to underestimate the impact that the lobbyist for the powerful technology industry may have had on the government’s interest in this case, nor the effect of the close relationship between Australia and the United States, both of which made extradition more likely.

The bottom line in all of this is that the traditional geographical boundaries which once severely restricted the reach of the long arm of the law are no longer an impediment. If a person’s criminal activities rise to a significant enough level as to garner the attention of a organization such as the DOJ, that person is going to find him or herself in unfamiliar territory being charged with violation of crimes in that territory. The lines in the virtual sand have disappeared.

 DIGG IT!

by J. Eric Crupi 

Consider this scenario: A music publishing company in Nashville advertises its services worldwide via an Internet web site. The site displays general information about the company, such as a description of its business, a listing of prominent clients, the company logo, and a phone number. In addition, the site also provides a hypertext email link and invites artists seeking a publishing deal to email demos of their music to the publisher for consideration. An aspiring artist living in Oregon finds the web site and decides to accept the publisher’s invitation. She emails her best song to the publishing company with the hope of having it drift its way into interested (and, hopefully, decision-making) ears. The publishing company does eventually listen to the song, but informs the artist via email that it just isn’t what radio wants.

One year later the artist turns on the radio only to hear a song that sounds all too familiar — it’s the song she submitted performed by another artist! Although the lyrics and tonal progression were somewhat modified, the publisher stole the core idea and used it in the creation of another song. As a result, the Oregon artist wants to sue the Nashville music publisher in Oregon Federal District Court for the publisher’s infringement of her copyright. Question: Does the Oregon court have personal jurisdiction over the Tennessee publisher? In other words, does the Oregon court have the power to require the publisher to appear and defend in an Oregon courtroom? The answer is not as clear as one might expect.

When a person brings a lawsuit claiming that the defendant infringed his or her copyright, the legal system has several procedural regulations that are automatically implemented to protect the defendant from being unfairly prejudiced in an attempt to defend the lawsuit. One such system of procedural rules is known as the law of personal jurisdiction. Essentially, personal jurisdiction is the legal power that a court has over a defendant, and more specifically, the ability to force the defendant to appear and defend in a particular state for the adjudication of that defendant’s legal obligations.

The traditional determination of whether a court has personal jurisdiction over a particular defendant involves a two-pronged analysis. The first prong of the analysis inquires into whether the state in which the lawsuit was filed (i.e. the “forum state”) has a “long-arm statute” permitting the assertion of personal jurisdiction. A long-arm statute is simply a legislative act that allows the courts of a state to assert jurisdiction over persons and corporations that, although not residents of that state, have voluntarily conducted some type of activity in that state. The second prong of the analysis, however, is more involved and inquires into whether the forum state’s assertion of personal jurisdiction complies with Constitutional due process standards. Due process requires that a non-resident defendant must have certain “minimum contacts” with the forum state such that maintaining the suit does not offend traditional notions of fair play and substantial justice. Essentially, this prong is satisfied if the defendant performs some act in the forum state through which it purposefully takes advantage of the benefits of doing business in that state and can thus reasonably anticipate being haled into that state’s courts.

The traditional personal jurisdiction analysis is focused, therefore, upon the defendant’s physical and tangible contacts with a defined geographic area. Interactions in the “virtual world,” however, are geographically transparent, and, as a result, have caused much confusion for courts that have attempted to apply traditional jurisdictional criteria rooted in a real-space dimension. For example, it is often impossible to discern the location of a particular Internet user, host machine, or administrator because such information is unimportant to the network’s design and function. Parties involved in any type of online transaction could literally be in adjoining rooms or on opposite sides of the globe, and the network offers no practical way of telling the difference. Additionally, even if an Internet site or its administrator can be geographically pinpointed, such information is mutable given the relative ease with which a site administrator can relocate his entire on-line business, including his Internet address, to another host machine in a different jurisdiction. The entire change of address would be completely invisible to Internet users and theoretically could be accomplished in less than an hour.

 

In the past three years, a wave of cases involving such activities conducted in cyberspace (i.e., business transactions and/or communications conducted via web sites, emails, news group postings, etc…) has surged its way through the court system, leaving in its wake some germane precedent regarding personal jurisdiction. Unfortunately, these decisions are not entirely consistent with each other and, thus, a coherent and uniform set of rules regarding personal jurisdiction in cyberspace transactions has not yet developed.

One such case is Bochan v. La Fontaine, a recent decision by a federal court in Virginia that subjected defendants residing in New Mexico and Texas to the jurisdiction of the Virginia court by virtue of their cyber-interactions with the state. In Bochan, a Virginia plaintiff brought a civil suit alleging that the out-of-state defendants had posted defamatory messages directed towards him on a “Usenet” newsgroup, a kind of electronic bulletin board that can be accessed and read by Internet users all over the world. Under the first prong of its personal jurisdiction analysis, the court asserted long-arm jurisdiction over the New Mexico defendant because he promoted his computer hardware company and solicited business via an interactive web site that was accessible to Virginia Internet users 24 hours a day. More interesting (and ostensibly tenuous), however, is the court’s finding that the Texas defendants were within its reach under Virginia’s long-arm statute because the defamatory messages they posted using their America Online (“AOL”) account must have been transmitted, in the first instance, to AOL’s server (i.e. hardware) surreptitiously located within Virginia. As a matter of course, the messages were stored there temporarily and then transmitted to other Usenet servers (i.e. physical locations) around the world. Thus, the court reasoned that even though the Texas defendants had no business or personal ties to Virginia, the server was integral to the publication of the defamatory message and the posting constituted a sufficient act in Virginia to satisfy the long-arm statute.

In prong two of its jurisdictional analysis, the Virginia court found that jurisdiction over the defendants was proper because the defamation claim arose directly from a sufficient number of minimum contacts between the defendants and Virginia. The court substantiated its finding by noting that the harm to the plaintiff’s reputation, if any, was suffered primarily in Virginia. Furthermore, since the defendants knew that the message recipient was a Virginia citizen (although the defendants denied having this knowledge), they reasonably could foresee being haled into that forum’s court system.

Unfortunately, the Bochan decision presents both theoretical and practical problems. From a theoretical standpoint, the decision creates precedent for a finding of “long-arm” jurisdiction and sufficient minimum contacts based solely upon a transaction as superficial and arbitrary as the posting of a newsgroup message on a server that happened to be located (unbeknownst to the defendants) in Virginia. As a practical consideration, the decision also jars sharply against other jurisdictions’ quantifications of what constitutes sufficient minimum contacts in cyberspace.

Although all cases are highly fact-intensive determinations, several jurisdictions have fortunately set a higher burden that the plaintiff must meet in order to establish that personal jurisdiction grounded in “virtual” interactions is proper. For example, in Cybersell, Inc. v. Cybersell, Inc., an Arizona court held that personal jurisdiction could not be maintained over a Florida corporation even though the company advertised its services via a web site that included a local phone number, an invitation to send email, and a hypertext link that allowed users to introduce themselves. Similarly, in Bensusan Restaurant Corp. v. King, a New York court concluded that the assertion of jurisdiction over a defendant merely because he advertised his business through a web site would violate the due process clause.

Although Bochan and these contrasting decisions do not provide a clear definition of what constitutes minimum contacts in cyberspace, the overall emerging trend among courts is a sliding scale approach; that is to say, minimum contacts can be established if the defendant has taken “deliberate action” within the forum state, such as creating contractual obligations with a resident of the state via the Internet. Thus, under this approach, web sites that only passively advertise may not subject the out-of-state site operator to a foreign court’s jurisdiction.

So, what does all this mean for our hypothetical Nashville publisher? It means that if the Bochan ruling were applied in an Oregon court, the publisher, by virtue of accepting the artist’s emailed song, is potentially subject to jurisdiction in Oregon, even though the publisher has never been to Oregon or otherwise had any business or personal contacts with that state. As a practical matter, the Bochan ruling would require the Nashville publisher either to hire an Oregon lawyer to defend the action in that jurisdiction or suffer a default judgment. If, on the other hand, the sliding-scale approach were applied to our Nashville publisher’s scenario, the songwriter would have to show that our publisher had more significant minimum contacts in the state of Oregon in order to establish jurisdiction. In all likelihood, under this analysis, the passive receipt of the songwriter’s song by email would not be an adequate nexus with Oregon to permit its courts to entertain a lawsuit against our Nashville publisher.

Since the boundaries of personal jurisdiction in cyberspace have not been concretely defined, but rather represent unsettled lines drawn in the “virtual” sand, the wise business person who utilizes the Internet’s marketing and communicative powers will remain cognizant of his or her cyber-contacts and the potential jurisdictional consequences that may flow as a result. If you have questions involving such legal issues, contact an attorney familiar with the Internet and its interaction with entertainment, trademark, and copyright issues.

Acknowledgement is given to the following resources from which several references were cited:

C Carl S. Kaplan, AOL Subscribers Can Be Sued in Virginia, Judge Rules, CYBER LAW JOURNAL (June 11, 1999)

(http://www.nytimes.com/library/tech/99/06/cyber/cyberlaw/11law.html)

C Dan L. Burk, Jurisdiction in a World Without Borders, 1 VA. J.L. & TECH. 3 (Spring 1997)

http://vjolt.student.virginia.edu/text_only/vol1/home_art3.html

C Thomas P. Vartanian, It’s a Question of Jurisdiction – Irreconcilable Differences in Cyberspace, BUSINESS LAW TODAY, July/Aug.1999, 22-26.