Learning Center
Plans & pricing Sign in
Sign Out



									Jerry Prettyman                              eCommerce Problems                                                Page 1

I   Problem Set 1 Jurisdiction, p. 25 ................................................................................ 1
II Problem Set 2 Contractual Clauses, p. 46 ................................................................... 2
III   Problem Set 3 Trademarks as Domain Names ....................................................... 2
IV    Problem Set 4 Trademark Domain Name Disputes ................................................ 5
V Problem Set 5 Web Development Contracts, p. 116 .................................................. 6
VI    Problem Set 6 Web Site Intrusion, CFAA, Bots, p. 139 ......................................... 7
VII   Problem Set 7 Web Site Operator Safe Harbor, p. 173 .......................................... 8
VIII Problem Set 8 Service Provider Safe Harbor, P. 189 ........................................... 10
IX    Problem Set 9 Credit & Child Data Security, P. 205 ............................................ 12
X Problem Set 10 European Privacy, p. 216 ................................................................ 14
XI    Problem Set 11 Privacy Policies & e-Trust, P. 230 .............................................. 16
XII   Problem Set 12 Wiretap ACT: ECPA & SCA, P. 254.......................................... 17
XIII Problem Set 13 E-Contracts, Mail Order Rule, P. 288 ......................................... 20
XIV Problem Set 14 E-SIGN & UETA, P. 297 ............................................................ 22
XV    Problem Set 15 Sales of Goods, P. 315 ................................................................ 24
XVI Problem Set 16 Internet Taxation, p. 329 ............................................................. 26
XVII    Problem Set 17 Electronic Data Interchange, P. 348 ........................................ 27
XVIII   Problem Set 18 Digital Signature Laws, P. 364................................................ 28
XIX Problem Set 19 Trading Partner Agreements, P. 378 ........................................... 29
XX    Problem Set 20 Copyright License Disputes, P. 394 ............................................ 29
XXI Problem Set 21 Music Copyright Rights, P. 422 .................................................. 30
XXII    Problem Set 22 Copyright Ownership, P. 450 .................................................. 31
XXIII   Problem Set 23 Software Licenses UCITA, P. 465 .......................................... 32
XXIV    Problem Set 24 Sherman Act Anti-Trust, P. 514 .............................................. 34
XXV     Problem Set 25 Open Source Licenses, P. 528 ................................................. 35
XXVI Problem Set 26 Check Payments, P. 547 .......................................................... 35
XXVII Problem Set 27 - Omitted ................................................................................. 36
XXVIII     Problem Set 28 Credit & Debit Payments, P. 598 ........................................ 36
XXIX    Problem Set 29 - Omitted ................................................................................. 37
XXX     Problem Set 30 - Omitted ................................................................................. 37
XXXI Problem Set 31 - Omitted ................................................................................. 37
XXXII Problem Set 32 - Omitted ................................................................................. 37
XXXIII     Problem Set 33 - Omitted ............................................................................. 37
XXXIV      Problem Set 34 - Omitted ............................................................................. 37
XXXV Problem Set 35 Copyright Security Interests, P. 693........................................ 37
XXXVI      Problem Set 36 - Omitted ............................................................................. 38
XXXVII Problem Set 37 Patent Security Interests, P. 717 .......................................... 38
XXXVIII Problem Set 38 Trademark Security Interests, P. 733 .................................. 38
Jerry Prettyman                    eCommerce Problems                                   Page 1

   I       Problem Set 1 Jurisdiction, p. 25
[1.1] Tibetan Imports, Inc. (Seattle) wants to sue a former employee, (New
Mexico) for copyright infringement of Tibetan's copyright designs. Can Tibetan sue in Seattle? The issue is whether a Washington court assert personal jurisdiction
(a) The web site lists a telephone number for prospective clients to ask that mail a catalog to them. Personal jurisdiction is present even though (1) the web
site is wholly passive, and (2) it is the customer that initiates the contact. Personal jurisdiction is
present because (1) ships rugs to Washington, and (2) the rugs are the alleged
copyright violation. A person in Washington receives the rug and may believe (or attempt to pass
off) the rug is from Tibetan Imports. It would matter how many catalogs and rugs are shipped to
Washington because each rug is the source of the harm and the extent of the harm depends on the
number of rugs sold. (Limited Purposeful availment).
(b) The Web site allows people to print forms and place orders with The web site
is still passive. is attempting to clearly do business over the Internet with
Washington because the contact is contractual in nature (rugs for money). Thus, it matters how
many rugs are shipped to Washington because each rug is the harm and creates specific personal
jurisdiction. (Limited Purposeful availment).
(c) used unsolicited commercial email (UCE) to market its services to the public.
Personal jurisdiction is not present because does not know the physical destination
of it unsolicited commercial email. Unlike US mail containing a physical location, most email
addresses are not tagged with a physical location identifier. In this case, the rugs are shipped to
Washington does matter because if few rugs are shipped, the likelihood of confusion is minimal
and difficult to prove. (Limited Purposeful availment).
(d) The web site shows pictures of the rugs. Personal jurisdiction is not present
because does not know the physical destination of it web site. The addresses of
computers visiting a web site are not tagged with a physical location identifier. In this case, that
the records do not show how many Washington residents viewed the pictures does matter
because if there are few views, the likelihood of confusion is minimal and difficult to prove.
(Limited Purposeful availment).
(e) May a person injured in an automobile collision while passing through one state sue the
defendant on the destination state of the plaintiff? Specific personal jurisdiction is not present
because the harm did not occur in the destination state. General personal jurisdiction is not
present because the defendant did not purposefully avail itself of the destination state. (But LL
Bean could be sued there.)
[1.2] May an Arizona company sue for trademark dilution in Arizona Maine residents who use
the Arizona company's name in a derogatory domain name and posts negative opinions about the
company on the web site? Personal jurisdiction is not present because the harm is too minimal
(opinions) for specific personal jurisdiction to apply and the students are not purposefully
availing themselves of Arizona law for general personal jurisdiction to apply.
[1.3] Based on Gutnick v. Dow Jones, is a person subject to libel and personal jurisdiction in
another country for comments posted on a subscription only web site that publishes reviews of
recent Greek and Latin works. An action in libel is proper for defamatory statements published in
written form about a person. Here, the critique is about the texts written by the person and are not
defamatory statements about the person.
Jerry Prettyman                    eCommerce Problems                                 Page 2

[1.4] Does the law of the state of residency of the company owning the trade secret control over
the law of the state of residency of the unknowingly improper, but should have known improper
recipient of the trade secret? Here, an actual conflict of law arises because the act is a violation
of the plaintiff's home state, but is not a violation of the defendant's home state. The injury
sustained here is of a pecuniary nature so the plaintiff's principal place of business is generally
considered the place of injury and represents a contact of substantial significance. Thus, Tibetan
Imports should file suit in Washington and argue that the conflict of law rules apply
(Restatement (Second) Conflict of Law § 148, cmt. i.)

   II      Problem Set 2 Contractual Clauses, p. 46
2.1 How may a company incorporated in Delaware with its principle place of in one state but
doing interstate business by catalog, telephone, and Internet formalize a contractual relationship
for a forum selection clause and a choice of law clause?
(a) How would the clauses vary under the old UCC §1-105; UCC §1-301; Restatement (Second)
of Contracts §187; Rome Convention art. 3 and Brussles I Regulation, art 23?
(b) How may a company reduce its exposure to UCC § 2-719 (3)* and the eccentricities of
foreign law? *A "limitation of consequential damages for injury to the person in the case of
consumer goods is prima facie unconscionable but limitation of damages where the loss is
commercial is not." (Clauses limiting or excluding consequential damages may not operate in an
unconscionable manner.)
(c) Are clauses valid that limit interpretation of a contract to the laws and courts of one state?
2.2 May a U.S. company compel a U.S. resident to arbitrate a dispute over an Internet purchase
based on a pre-printed form showing a vaguely worded arbitration clause placed in the product
box but the clause was not displayed on the web site? Is a class action suit possible under the
Federal Arbitration Act, §2?
2.3 May a U.S. company compel a UK resident making an Internet purchase from the U.S. to
arbitrate in the U.S.? Review UK Unfair Terms in Consumer Contracts Regulation, and the
Unfair Contract Terms Directive 93.
2.4 Review the revised "PayPal User Agreement" for whether it would pass the court's review.

   III     Problem Set 3 Trademarks as Domain Names
3.1 How may a company use an abbreviation of its company name to market its products with
the same protections as for its company name, and not risk loss of protection for its company
Dear Carl:
       Thank you for contacting me. You asked me whether you may protect the abbreviation
RFT as a business name for your company, RiverFront Tools, and if so, when may you seek
those protections? As a central Texas business involved in interstate commerce, you are
permitted, and in fact, you should seek protection for your use of RFT as a business name for
your company, as soon as you decide to do business under that name. As when you started
RiverFront Tools, your first step is determine whether the name is available to you at the local,
state and national levels, and then file with the appropriate agencies at the appropriate time.
While you can [and should] perform many of these searches electronically, [including through
the Internet,] some results are available only by filing an application with the controlling
Jerry Prettyman                   eCommerce Problems                                 Page 3

       After your search, your city and county government agencies will want you to take out
business name filings with those agencies. Second, you should file for trademark protection with
the Texas Secretary of State and separately, with the United States Patent and Trademark Office.
If you have not yet used your mark RFT in interstate commerce, you may file an intent to use
application with the Trademark Office. If your products have specific designs of your creation,
you might also seek copyright protection for your designs.
        [Be sure to keep records of where your ads appear, who contacts you in regard to the ads,
and where you make sales. These help you develop common law protections through secondary
meaning for the type of product or service sold, and the geographical area where your
advertisement and sales occur.]
3.2 What recourse and protections does a company need to protect its brand name and the
abbreviated name from a domain name of the same abbreviation of its company name held and
used by another person?
Dear Carl:
       Thank you for contacting me regarding the domain name, You stated that
Robert "Fats" Taylor, a blues piano player in Memphis, Tenn. is using this domain name, and
that you are concerned this might present a problem for you. As to the domain name, his
ownership and use of keep you from registering and using for
yourself. This does not prevent you from registering and using one of the 60 or so other "rft"
domain names,, for example, if any of them are available. You can also offer to buy
the domain name from Mr. Taylor, if he is amenable to sell and you can agree to a price.
       However, there are other considerations to address. First is the possibility that people
might be confused by a similar or transferred domain name. Trademark law is clear that you
cannot try to create confusion in people searching for Mr. Taylor's website for the purpose of
diverting them to your website. Mr. Taylor would be able to shut you down and likely also
receive monetary damages as well. When you establish your web site, be sure to omit any
references in the Meta data to Mr. Taylor, and do not attempt to have anyone cross-link Mr.
Taylor's web site to your web site.
       Second is the possibility that you and Mr. Taylor might have similar interests in the design
or content of your websites. Although your businesses are quite dissimilar, you do not want your
RFT logo, or your website, to look similar to Mr. Taylor's. Even with a difference in the web site
address, a person might then confuse your site for his, and Mr. Taylor could then ask that your
web site be shut down and for monetary damages as well.
       Lastly, you might seek a cross-reference agreement with Mr. Taylor to link to each other's
site with the provision that he would not sell tools on his web site, and you would not sell music
on your web site. Although such events are rare, and such agreements even rarely, the ability to
make sales over Internet commerce is growing rapidly. People are developing new niches daily
that seem to become routine very quickly.
3.3 How would the answer change if the domain owner sold products showing the domain name
(the abbreviated company name) as a logo with the domain name owner's full name?
Dear Carl:
       Thank you for contacting me. I understand that Mr. Taylor is now selling his RFT logo in
large letters with his full name in small letters on shirts. My opinion here is premised that your
logo and his logo do not both consist of RFT in large, brightly colored letters with the full name
trailing off in small letters from the large letters.
Jerry Prettyman                   eCommerce Problems                                Page 4

       Even though there may be some possibility of confusion, there are two factors that
minimize the harm. First is that your company name, RiverFront Tools and Mr. Taylor's full
name, are distinct from each other. Although the small and trailing letters might not be enough to
dissuade some people from confusion, the difference between the tools market and the piano
music market is enough that buyers of one are not likely to be confused by the other. Thus, I
believe that you do not need to be concerned.
3.4 What recourse does a domain name and trademark owner have over another company using
the same Meta data but not using the domain name and trademark of the domain name and
trademark owner?
Dear Carl:
       Thank you for contacting me. I understand that California Pneumatic Tools is using the
same Meta tags as your web site and this causes California Pneumatic Tools' web
site to be shown on the major search engines for searches made for RiverFront Tools.
       There are two pertinent questions. First is whether your Meta data includes "RiverFront
Tools" and "RFT." If California Pneumatic Tools did copy your Meta data, they then also have
"RiverFront Tools" in their Meta data. The second question is whether you have other marks in
your Meta data for which you have exclusive rights. These might be trademarks for tools you
developed and carry exclusively, or for products of other companies that you have exclusive
rights to market.
       If California Pneumatic Tools intentionally copied your Meta data (including "RiverFront
Tools" or other exclusive marks), and a search for "RiverFront Tools" shows, you
have grounds for an action in trademark infringement, dilution, misappropriation of your mark
and tortious interference with prospective business advantage as this creates confusion for
potential buyers from your company. You can then seek an order to have California Pneumatic
Tools remove your company name and these exclusive marks from their Meta data, and possibly
monetary damages for your loss of sales.
       However, even if California Pneumatic Tools did improperly use your company name,
trademarks, web address or logo on their web page, neither Google nor California Pneumatic
Tools' web hosting service are liable to you in their roles as a mere publisher of the web page.
Revision to Problem 3.5: A few hours later, even more frustrated, Carl calls you back to report
that a search for "Riverfront Tools" on Google produces a link to as the top result,
and a prominent ad for on the right side of the screen. Does Carl have a valid
complaint against Google? Lanham Act §§ 32, 43.
Dear Carl:
       Thank you for contacting me. I understand that a search for "Riverfront Tools" on Google
produces a link to as the top result, and a prominent ad for appears
on the right side of the screen. There is a question here whether California Pneumatic Tools has
purchased as a keyword your company's trademark. If so, then Google and California Pneumatic
Tools have acted improperly. This is because the use of your trademark, or web address to cause
confusion or deceit against you is actionable, just as we spoke of earlier today. You would also
have a cause for action if the ad for California Pneumatic Tools appeared for searches for other
marks for which you have ownership or other exclusive right.
       You can call Google and demand they drop your trademark from their keyword list, or
have it assigned it to you, but you would likely have to purchase the advertisement space, as did
American Blind. You might also consider demanding that Google turn over the ad money they
Jerry Prettyman                    eCommerce Problems                                 Page 5

received from California Pneumatic Tools from this keyword, and possibly a suit against
California Pneumatic Tools for monetary damages for your loss of sales.

   IV      Problem Set 4 Trademark Domain Name Disputes
4.1 Archibald Motors is the manufacturer of the Xerxes sports car and operates the
website with the US registered Xerxes trademark.
(a) Xerxes Jones has a personal website named, on which Xerxes to be a direct
lineal descendent of the Persian King, Xerxes. What concerns should Archibald Motors have
about Xerxes Jones' website?
Archibald Motors might be concerned about trademark infringement under 15 U.S.C. § 1114,
false designation of origin under 15 U.S.C. § 1125(a), trademark dilution 15 U.S.C. § 1125(c),
cybersquatting under (ACPA) 15 U.S.C. § 1125(d), unfair competition under 15 U.S.C. § 1126,
and common law misappropriation (of goodwill).
(b) Xerxes Jones has registered, but the domain is not online. What concerns should
Archibald Motors have about Xerxes Jones' registration?
As Xerxes Jones has not demonstrated intent to infringe the trademark, or create confusion with
the trademark, Archibald Motors could put Xerxes Jones on notice that it is watching to see how
Jones would use the domain name (not that the word 'illegal' is not used to prevent Jones from
suing for a declaratory judgment).
4.2 Kate McCulloch at KM Toys believes that the son of a disgruntled employee has registered
the domain name That person, Mark Trafeli, says that he does not have the site up
yet, although he registered it a year ago, he plans to use the site for his hobby of making toys, but
he would sell the domain name for $2000.
(a) Trafeli does not have experience making toys and the KM initials do not match his name or
that any a related person or pet.
(i) Would this be a good UDRP or Lanham Act case? That Trafeli does not have experience
making toys or that the website online is not indicative of bad faith as both take time to for an
amateur to develop. Arguably, the lack of a name match is suggestive of bad faith but thoughts
are not actionable without an act (hence the word, actionable.) However, as Trafeli asked for
$2000, which is an unreasonable amount unless he has spent sum certain developing a website,
he has shown bad faith.
(ii) If Kate McCulloch seeks to pursue a dispute, which avenue is better, UDRP §4 or Lanham
Act §43(a)? A UDRP §4 proceeding is a less burdensome proceeding for McCulloch to try first
unless she needs the benefit of jurisdiction or venue. Otherwise, if Trafeli really wants the
domain name, he can arrange to pay his own attorney.
(b) After McCulloch agrees to the $2000, Trafeli demands $3000 paid in cash and in advance of
the transfer. As $3000 is less expensive than the cost of litigation, what steps should be taken to
protect McCulloch? McCulloch and Trafeli should hire an escrow agent to serve as an
intermediary for both the cash and the domain name. Trafeli must transfer the domain name to
McCulloch's name and provide the online access details to the escrow agent, who would change
the password. McCulloch must give a cashier's check to the escrow agent in Trafeli's name. As
Trafeli wants cash, he must pay for the escrow service. McCulloch should then sue in small
claims court for breach of contract and return of the $1000, plus escrow fees, asserting duress for
paying the higher fee.
4.3 A colleague wants to register his daughter's name as a domain name for her birthday, but has already registered that name and wants $150 to transfer it to him. As they do
Jerry Prettyman                    eCommerce Problems                                 Page 6

not have an otherwise legitimate claim to the name, do UDRP §4 or Lanham Act §43(d) provide
a remedy?
To be actionable under UDRP §4, the domain name registrant must have registered the domain
name (1) for the purpose of selling, renting, or otherwise transferring the domain name
registration to the complainant who is the owner of the trademark or service mark or to a
competitor of that complainant; (2) prevent the owner of the trademark or service mark from
reflecting the mark in a corresponding domain name, (3) for the purpose of disrupting the
business of a competitor; or (4) for intentionally attracting, for commercial gain, Internet users to
your web site or other on-line location, by creating a likelihood of confusion with the
complainant's mark as to the source, sponsorship, affiliation, or endorsement of your web site or
location or of a product or service on your web site or location. Since the daughter's name is not
a trademark, has not violated UDRP §4.
To be actionable under Lanham Act §43(d) [(15 U.S.C. § 1125(d)], the domain name registrant
must have registered the domain name (1) as a bad faith intent to profit from that mark, including
a personal name which is protected as a mark; or (2) that is distinctive at the time of registration
to an identical or confusingly mark or famous commercial name. Since the daughter's name is
not a trademark or famous commercial name, has not violated Lanham Act
§43(d) [(15 U.S.C. § 1125(d)].
4.4 Does a cat favoring domain name ( owner have a superior claim to a domain name
of operated to express the view that dogs are superior to cats in everyway?
(a) Would prevail under UDRP §4? No, is not seeking profit and is
asserting protected criticism.
(b) Would prevail under in federal court under FAA §1 or Lanham Act §§32(2)(D) or
43(d)? No, is not seeking profit but is asserting protected criticism.
4.5 Discussion the constitutionality and application of a provision to the Trademark
Counterfeiting Act of 1984 that would criminalize the intentional registration of a domain name
that infringes a registered trademark or dilutes a famous trademark.
Criminal statutes require either that the act was malum in se for strict liability crimes or
knowingly criminal for malum prohibitum crimes Although most people are familiar with a
registered trademark or a famous trademark, holding domain name registration as a criminal act
fails as malum in se, for not being something a person would inherently know is criminal, and
fails malum prohibitum because many companies have identical or similar names between states
which are not actionable because people do not automatically confuse one company with
another. The confusion requires more than an indistinguishable or confusingly similar name.

   V       Problem Set 5 Web Development Contracts, p. 116
5.1 Dear Carl:
You asked me for advice regarding your fee negotiations with Aggie Web Developers to create
your web site. While you would like a fixed fee, Aggie is insisting on a time and
materials contract. Although you have some options, web site design may be simple or is often a
complicated process. Perhaps Aggie can present you with a 'minimum to maximum' quotation
based on features so you can budget the cost.
5.2 Dear Carl:
You asked me for advice regarding Aggie's request for feature details. Due to the complexity of
web site design, many options require that you provide some details to Aggie so they understand
what to do. For that, you should evaluate what you want your web site to look like and do for
Jerry Prettyman                    eCommerce Problems                                  Page 7

you. Also, look at other web sites and note the features that you like. From this list, Aggie should
be able to quote you a firm price and delivery date.
5.3 Dear Carl:
You asked me for advice regarding Aggie's disclaimer of liability for patent infringement. Patent
infringement is often difficult and expensive to determine and the sanctions for infringement are
more severe. Consequently, you probably want to avoid technically complicated web processes,
such as the 1-click order system. You may be able to negotiate Aggie to accept
patent liability on the terms that they must avoid any web processes they suspect are patented,
and you agree to immediately remove any web processes you learn are patented. On the other
hand, much of what goes into web site is either freely available without copyright protection or is
easily licensable. Furthermore, copyright infringement is often easier to avoid and the liability
for copyright infringement is not too severe.
5.4 Dear Carl:
You asked me for advice regarding the similarity of your site to Junior's Power Tools. Like many
craftsman, Aggie likely uses a fixed set of designs that it is aware of, and have worked well. In
this regard, you likely have a reliable product. On the other hand, the similarity to Junior's Power
Tools may be confusing to some people who might believe that you and Junior's have some type
of business arrangement. As professional designers, this is something that Aggie either knew or
should have been aware of so you should approach them with your concerns and ask what they
will do to prevent such confusion. If you recall anyone contacting you regarding Junior's, be sure
and mention this to Junior's. They may request you to defer some expenses, but if you have had
anyone confusing the two web sites, this will be stronger negotiation point that they should cover
the expenses.
5.5 Dear Carl:
You asked me for advice regarding Aggie's demand for three months of hosting fees to allow
permission for you to have Bevo redesign your web site. One aspect of web site design is
ownership of the copyright. There are several factors that support their position. The primary
argument is the type of contract that you had with Aggie. Aggie was not your employee and you
did not hire Aggie under a "work for hire" contract. Also, Aggie is an independent company that
you contracted with for design of your web site. You did not design the site and they did all the
work at their studio. As such, they own the copyright to the web site and all art that you did not
provide. You may be to negotiate that term down somewhat if they predominately wrote the
contract, but in the long run, three months of hosting fees is not unfair as you will have many
years of ownership of design ownership to enjoy.

   VI      Problem Set 6 Web Site Intrusion, CFAA, Bots, p. 139
6.1 Dear Ms. Hightower:
You asked my advice regarding Monster Mart's suit to stop LNC from collecting pricing
information from its web site. Based on current law, whether Monster Mart can stop your
practice would depend on three factors. First, are you accessing the Monster Mart web site in the
same fashion as the public, albeit it faster, and without 'infiltrating' the web site through fraud or
deception. As I understand the manner your "bot" program works, it visits the Monster Mart
web site periodically, copies pricing and shipping information regarding specific products, and
sends that information back to LNC. Thus, the answer to this first question is yes, so you are OK
under the Consumer Fraud and Abuse Act. The second question regards the frequency with
which your bot visits the Monster Mart web site, and whether in doing so your bot substantially
Jerry Prettyman                   eCommerce Problems                                 Page 8

interferes with Monster Marts computer operation. Since retail prices change at most daily, and
usually weekly, you presumably do not have much effect on Monster Mart's computer
operations. Thus, you are OK under the common law of trespass to chattel. Lastly is the question
of whether Monster Mart's web site has a recognizable notice to alert 'bot' users such as yourself,
that bots are not permitted. This might be in a web page meta tag, such as <META
name="ROBOTS" content="NOINDEX,NOFOLLOW"> or an express statement on the home
page or user agreement that bots are not permitted. As it turns, the Monster Mart, like Wal-Mart,
has such a provision. The exact wording is, "You agree, further, not to use or attempt to use any
engine, software, tool, agent or other device or mechanism (including without limitation
browsers, spiders, robots, avatars or intelligent agents) to navigate or search this Site other than
the search engine and search agents available from MONSTER MART.COM on this Site and
other than generally available third party web browsers (e.g., Netscape Navigator, Microsoft
Explorer)." As LNC uses a 'robot' program to search the Monster Mart web site, LNC is violating
this provision, Thus, Monster Mart can stop you for misappropriation of its information. While
Monster Mart may be able to get an injunction on the copycat theory (if you do, others will
follow), they will likely not otherwise succeed unless they can show some kind of damage, by
lost sales, etc., which would be very difficult to prove.
6.2(a) has a cause of action against MENJ for misappropriation of its member
list and member email information. Although MENJ only accessed the web site
once, and for non-commercial purposes, expressly prohibited the kind of action
taken by MENJ. Thus, can enjoin MENJ and recover nominal damages.
6.2(b) has a cause of action against MENJ for invasion of privacy of its member
information. Although the information was available on the web site, GnoMania did not expect
that information to be taken from its web site because had a barring that kind of
action. As MENJ then used the private information and publicly disseminated it with its
message, MENJ is liable to GnoMania and its members. MENJ might argue that they need the
information from to assert their first amendment rights to propound the freedom
of garden gnomes. MENJ's first amendment rights are not injured because the
web site is a private site without a public speaking forum that MENJ's bot access could use to
assert a free speech right.
6.3 Dear Ms. Hightower:
You asked my advice regarding the proposed CFAA amendment. Congress can probably add
more teeth to CFAA to make misappropriation a stronger statutory breach, but doing so over a
breach of contract issue would likely run a foul of double jeopardy. Furthermore, Congress is not
likely to able to extend CFAA over existing copyright laws to bring public information within
the fold of CFAA that copyright cannot cover. The problem is that such as law would extend
such protection beyond the limited time constraint of the constitution and unnecessarily infringe
on the rights of assembly, free speech, exercise of religion, etc.

   VII     Problem Set 7 Web Site Operator Safe Harbor, p. 173
7.1 GigaMart's stock price plunged after an anonymous person made false, and scurrilous rumors
in the chat room.
(a) Does GigaMart have a cause of action against under (i) CDA or (ii)
the Copyright Act?
(i) A provider may not seek Good Samaritan immunity under CDA unless the agent for service
of process is named both (1) on the web site, and (2) with the Copyright Office. If GigaMart has
Jerry Prettyman                   eCommerce Problems                                Page 9

done this, then CDA §230 provides immunity from civil liability for persons and companies in
their capacity as a publisher on an interactive computer service of actionable information
provided by another person. CDA provides immunity for as an
anonymous person made the posting on the chat room without My-E- acting as a developer of the false, and scurrilous rumors.
(ii) §106 of the Copyright Act gives the copyright owner control over the use or derivative use of
the protected material. A false, and scurrilous rumor about itself is not something a company
would necessarily copyright. Thus, GigaMart does not have a cause of action under the
Copyright Act. If GigaMart did create and copyright the false, and scurrilous rumor, then there is
a cause of action as a false, and scurrilous rumor a is not fair use news reporting under the
Copyright Act, or other fair use of academic use, critique, or parody.
(b) Would's liability change if it monitored the quality of chat room
communications? If GigaMart complies with the agent of service requirement then the policy
behind the Good Samaritan provision of §230(c) is to allow companies to monitor chat rooms
and at least attempt try to screen and remove actionable material. Thus, CDA would give My-E- immunity.
(c) Would GigaMart's liability change if the rumor were posted on a favored client access
listserv? No, listserv communications have the same protections as a chat room does. The caveat
however, is whether GigaMart knew of the message, and its false and scurrilous nature. In that
case, GigaMart's position changes as it has become a developer of the information.
7.2 Carl, of Riverfront Tools, calls to say that he put a chat room on his web site for his
customers, one of who posted very detailed information about some new model pneumatic tools.
A few weeks later, Pneumatic Tools Consulting served Carl with a lawsuit for copyright
infringement of their $1000 per copy special report.
(a) What is Carl's potential liability?
CDA would protect Carl as a publisher of an interactive computer service until he learned of the
infringement, then he would have to remove the information.
(b) What steps can Carl take to reduce his liability?
Expediently remove the information.
(c) How do §§106, 512(c) and 512(i) of the Copyright Act affect Carl?
Although Carl would be liable for copyright infringement under §106, §512(c) limits Carl's
liability unless he knew of the posting, and was not aware that such posting were occurring and
immediately removed the material as soon as he learned of it, provided that Carl had notice
procedures in place advising his subscribers (posters) their access would be cut off for repeat
7.3 A member of Pooch Partner, an online community for dog owners and affiliated with, posted an unflattering review about one of Mighty Meaty's new lines of dog food,
on the web site. Mighty Meaty claimed the message violated Mighty Meaty's
copyright and ordered Pet Portal to take down the message. Pet Portal complied, but then complained that the contents of the review were original and did not infringe
Might Meaty's copyright.
(a) What liability does PetPortal have to its community members for following Mighty Meaty's
instructions? How does §512 of the Copyright Act apply?
PetPortal is liable, see 6 steps.
PetPortal must (1) name an agent for process of service on its web site and with the Copyright
Office, (2) take down the posting within an expedient period, (3) notify the poster that a counter-
Jerry Prettyman                   eCommerce Problems                               Page 10

notice must be received between the 10th and 14th day after take down, (4) if timely received,
PetPortal may repost the posting but must tell the complaintant.
(b) What liability does Mighty Meaty's have the community members for ordering PetPortal to
take down the message? How does §512 of the Copyright Act apply?
17 U.S.C. § §512(g) provides that PetPortal would not be liable to the community members for
taking down in good faith the material that Mighty Meaty said was infringing. Mighty Meaty
would however, be liable under §512(d) for misrepresenting that the review is infringement, and
liable for liable for any damages, including costs and attorneys' fees, incurred by the alleged
7.4 How would liability be affected if the above message were posted on a blog instead?
Copyright Act §512, 47 U.S.C. § 230(c).
Since a blog is a posting at the direction of a person other than the service provider, §512(a) and
CDA §230(c) would provide immunity to PetPortal for posting of the review.
7.5 Riverfront Tools and Ricky's Building Wreckers had a one-year non-compensatory linking
agreement. The linking agreement was beneficial to Riverfront Tools, but at the end of the year,
Riverfront Tools learned that a competitor (California Pneumatic Tools) is now part owner of
Ricky's Building Wreckers. California Pneumatic Tools now demands that Riverfront Tools
cease linking to Ricky's Building Wreckers, which has dropped its linking to Riverfront Tools.
Riverfront Tools is concerned about a loss of credibility (i.e., goodwill) by dropping the link.
Does the Copyright Act, §§ 1001, 106 and 107 permit Riverfront Tools to continue linking to
Ricky's over the objections of California Pneumatic Tools?
Mere linking to a company does not invoke infringement under the copyright act if the linking
does not include copyright protected material. If linking suggested an endorsement by the
company linked to of the company posting the link, then a cause of action for misrepresentation
might exist. If California Pneumatic Tools does prevail, Riverfront Tools does not have a cause
of action since the agreement was contractual, the parties presumably contemplated the impact of
what would happen at the end of the contract, including a loss of goodwill.
7.6 At the time of a proposed merger, WessexCard International posted accurate information
relating to the merger on its web site. Some time later, the proposed merger fell apart, but the
posting has remained online for two years. Recently, investors saw the merger information on the
WessexCard International web site, and generated "some unusual activity." That caught the
notice of the NYSE, which called Clarrisa Janeway at WessexCard International with questions.
She learned of the outdated posting and immediately removed it. What concerns should
WessexCard International have about an SEC rule 10b-5 action?
A rule 10b-5 action may be balanced by careful compliance to 15 U.S.C. § 78u-5 by presenting
'forward looking' statements with the appropriate disclosure. If the page noticeably gave the
publication date, or an "expiration" date or an archive disclaimer, then the information is not
actionable. Investors are expected to at least look for an indication of current relevancy
(otherwise all annual reports are misleading.)

   VIII Problem Set 8 Service Provider Safe Harbor, P. 189
8.1 GigaMart's stock price plunged after an anonymous person made false, and scurrilous rumors
in the chat room. World Hosting & Internet Provider (WHIP) is the ISP
for What liability does WHIP have under CDA?
To avoid contributory or vicarious copyright infringement liability, WHIP must (i) have its
notice procedures in place, (ii) provide notice to its subscribers that they are subject to account
Jerry Prettyman                    eCommerce Problems                                Page 11

termination for repeat infringement actions (§512(i)), (iii) they must take down infringing
material when given notice, and that (iv) WHIP will take it down if given notice.
8.2 The Motion Picture Association of America served a complaint on WHIP of copyright
infringement for copies of copyright protected movies on the website and servers of, a client of WHIP. [See §512(c) for the 4 fact patterns.]
(a) As an interactive computer service provider without knowledge of the infringement
(§512(c)), WHIP is not liable for direct infringement since persons other than WHIP both sent
and received the infringing material. However, assuming that WHIP provides both hosting and
communications services to FreebieMovies, then WHIP must immediately remove the infringing
material to avoid a charge of contributory infringement. Although WHIP received a financial
benefit, the posting was not under WHIP's control since it was automatic, so WHIP is not
vicariously liable if WHIP immediately removes the infringing material.
(b) As WHIP provides Internet-related communication services to, the
infringing material was only transitorily within the control of WHIP. The infringing material is
now entirely within the control of FreebieMovies, so WHIP is not liable as the servers are not
under WHIP's control.
(c) The safe harbor immunity frees WHIP from liability unless WHIP retains the
communications that pass through its servers for more than a reasonably transitory period.
8.3 Assuming that RIAA could prove allegations, if Wolverine Access does not terminate service
to the 37 Wolverine Access subscribers (~10% of its subscribers) who each committed two acts
of copyright infringement, then RIAA could demand statutory damages of between $750 and
$30,000 for each Wolverine Access for each act of copyright infringement. Wolverine Access
will be able to use the Safe harbor provision to avoid direct and contributory infringement
charges. Since the 37 subscribers represent ~10% of Wolverine Access' subscribers and each
person is a repeat infringer, copyright infringement by those subscribers is more than an
insignificant amount so the profit from these infringing subscribers is not insignificant.
Wolverine Access needs to pull the plug on the 37 to avoid a charge of vicarious liability for
these repeat infringers. Although Wolverine Access has a substantial portion of non-infringing
subscribers so its service is substantially non-infringing, Wolverine Access is not being asked to
bar the access of these persons, only of the repeat infringers. Wolverine Access' concern about
loss of market appeal is unreasonable as the affected are repeat infringers, who as such, have not
been afforded legislative immunity for their illicit acts.
8.4 Dear Friend:
You have asked my advice regarding any problems that NW Bell's software decency monitor
may cause. Your possible problems exist in four types. Your customers will pay NW Bell five
dollars per month for NW Bell's decency monitor to filter the incoming and outgoing email and
web browsing for pornographic and otherwise indecent content. Thus, the first possible problem
is customer dissatisfaction from customers that are dissatisfied that the software is not filtering
well-enough, while the second possible problem is customer dissatisfaction from customers that
are dissatisfied that the software is filtering content they requested that they consider decent. The
third problem is from companies that will assert that by filtering their indecent content, you are
infringing their First Amendment right of commercial speech. Of course, the fourth problem is
from people whose content is not indecent and is inadvertently filtered out, thus infringing their
First Amendment right of commercial speech.
While effectively all of these problems are more technological issues than legal issues, the first
type is arguably also a breach of contract issue. The other three problems affect customers who
Jerry Prettyman                    eCommerce Problems                                Page 12

want more content, rather than less content. As a private company, your greater concern would
be whether outside parties might have a valid statutory cause of action. Fortunately, both the
DMCA and CDA provide that as long as you filter "in good faith," you are considered a 'Good
Samaritan' trying to work for the betterment of society. While the customer dissatisfied with the
filtering service not working well-enough could sue for breach of contract, your good faith
"Good Samaritan" status should be a valid defense to that as well.
8.5 Dear Congresswoman Herring:
Your asked for my view on a bill to obligate ISP's to filter content. A private carrier is able to use
the DMCA and CDA Good Samaritan provisions as a defense to dissatisfied customers and
outsiders because they are trying in good faith to provide just the content that those specific
subscribers desire. A bill that obligates ISP's to use such measures however is a government-
enforced order for all persons to receive filtered content. As the content filtering technology will
remove what is otherwise protected speech, the bill violates the First Amendment right of
speech. Furthermore, while the NW Bell provides technologically feasible filtering, a statute
merely mandating such of such technology is unconstitutionally vague. Furthermore as the bill
puts the decision making of acceptance to the discretion of the programmers, the bill is also an
unconstitutional abuse of due process discretion.

   IX      Problem Set 9 Credit & Child Data Security, P. 205
9.1       Like most Internet retailers, GigaMart accepts credit-card payments for the products that
it sells. (Assignment 28 discusses the reasons for the pervasive use of the credit card in Internet
transactions.) Martha Mitchell, GigaMart's Webmaster, designed the portions of the Web site
that process transactions. To make the shopping experience as convenient as possible for
customers, the site saves the credit-card information that shoppers provide so they can reuse a
credit card on repeat visits without having to retype the credit-card number and their address
information. To enhance the speed with which the site can retrieve the information when repeat
customers try to make purchases from the site, Martha decided to keep the personal information
(including credit-card numbers) on the Web server outside GigaMart's firewall. Unfortunately, a
hacker breached GigaMart's security and obtained a copy of all of the credit-card numbers and
other information in the Web-site customer database. Alex Anders, GigaMart's inside counsel,
telephones you when she becomes aware of the security breach.
(a) What possible liability does GigaMart face because of the unauthorized copying of its
customer database? (In answering the question, you should assume that, as between cardholders
and their banks, any losses from unauthorized transactions on the credit cards would be borne by
the banks that issued the card. Also some (but not loss passes to the merchants that accepted the
cards. The basis for those assumptions is explained in Assignment 28.
GigaMart has a duty of reasonable precaution to protect its customer's data against negligence to
known hazards. The standard of care is less if the release occurs because of intervening activity
(theft or hacker). GigaMart may also avoid liability for the mere breach of its security, as the
credit card companies are taking the loss, so there is not actual harm to its customers.
(b) Does GigaMart (based in Tennessee) need to notify its customers about the breach? Cal. Civ.
Code §1798.82. California law requires that GigaMart must notify its California customers of the
breach if the information was personal, not encrypted, and is reasonably believed to have been,
acquired by an unauthorized person. The disclosure shall be made in the most expedient time
possible and without unreasonable delay.
Jerry Prettyman                   eCommerce Problems                                Page 13

9.2. Alex Anders at GigaMart has heard that someone in the state legislature has decided to try to
grab a few headlines by proposing legislation that would mandate the use of firewalls for any
business storing credit card information. She is concerned because she has heard that the
proposed legislation will require the use of software that conforms to a specific technical
standard for firewalls. The firewall that GigaMart installed does not conform to that particular
standard, although it seems to be works perfectly well. In fact, the IETF standard has been
adopted by only one of the many significant vendors of firewall technologies. She is not sure
why a legislator would try to mandate a technical standard in law and needs to know what she
will have to do if this bill actually becomes law. Do you have any constructive advice?
Alex Anders should contact the vendor in favor of the IETF standard, and vendors not using the
standard to understand what factors are in play. Does the vendor in favor of the standard own a
patent right to the standard? Alex should also contact the legislator in favor of the standard to
learn why the legislator favors the standard. Alex could also contact the political practices board
to learn if the company favoring the standard made a contribution to the politician.
9.3. Bourgeois Cinema owns the rights to the hugely popular Bitsy Buggy a cartoon cockroach
that appears in a syndicated children's TV show feature motion pictures. Bourgeois Cinema runs
a chain of 500 retail stores (Bug Boutiques) targeting children in shopping malls across the
country, and maintains a Web site for Bitsy Buggy fans, The site provides
bulletin boards with threaded discussions containing postings on different topics relevant to Bitsy
Buggy (such as her off-and-on relationship with Raoul Roach, her cartoon cockroach
companion), as well as chat rooms for live online interactions among Bitsy Buggy fans.
Carl Eben has just called you because he discovered that his 11-year-old son has been using
these bulletin boards and chat rooms without his permission. Apparently his son signed up for
the Bitsy Bug community, intercepted the parental consent form sent to his house by regular
mail, forged his father's signature on the consent form, and returned it to Bourgeois Cinema
without telling him. Carl discovered the activity when he found over $100 in charges on his most
recent credit-card statement for purchases his son had made using the site. Carl wants to know
whether Bourgeois Cinema is allowed to entice his son into participating in this online
community without Carl actually having consented to it, and what he can do besides contest the
charges on his credit card to resolve the problems his son has gotten into here. What should you
advise him to do? 15 U.SC. § 6502 § 6504; 16 C.F.R. §§312.2-312.8.
The Children's Online Privacy Protection Act, 15 U.S.C. §§6501-6506 requires parental consent,
which Bug Boutiques is aware of as it sent a consent form to Carl. Carl should contact Bugs
Boutique and advise them of the forged signature. If they give him any trouble, Carl can remind
then that § 6502(a)(1) provides that it is unlawful for an operator of a website or online service
directed to children, or any operator that has actual knowledge that it is collecting personal
information from a child, to collect personal information from a child in a manner that violates
these regulations. An online operator has a duty of verification by a reasonable effort (taking into
consideration available technology(§6501(9)) to ensure that a parent of a child receives notice of
the operator's personal information collection, §6502(b)(1)(A)(ii). Although the child forged his
father’s signature, the signature is likely more of a child’s handwriting than an adults. Thus, the
recipient would see merely by looking at the signature that it looked forged and was then on
notice to contact the parent to verify the signature. 16 C.F.R. 312.4(c). Carl should remind Bugs
Boutique that he invoking his parental rights under 16 C.F.R. 312.4 (b)(2)(vi) and telling them to
purge the information from their records and backups. Carl can also contact the State Attorney
General and refer the matter to the state, § 6404.
Jerry Prettyman                   eCommerce Problems                                Page 14

9.4. Mia Katerina at has called you for advice regarding its Web site targeting
children, At this time, the site does not collect any personal information from
children, so PupPortal has not done anything to comply with COPPA. The marketing managers
at Pupportal would like to collect personal information about the children using the service so
that PupPortal can develop products and services the children might buy (or convince their
parents to buy for them.
Mia had reviewed the information about the COPPA Rule on the FTC's Web site, however and
she doubts that PupPortal could comply with COPPA'SA requirements without hiring a chief
privacy officer and pouring about $250,000 to $500,000 a year into compliance. It is unclear how
much revenue the site might generate, but even the most wildly optimistic projections come
anywhere near covering those costs. Her inclination is to tell the marketing people to forge it, but
wants your advice first. Is compliance with COPPA likely to be as onerous and expensive as Mia
thinks it is? 16 C.F.R. § 312.3; § 312.4; §312.5; § 312. 6 and § 312.7
16 C.F.R. § 312.5(b)(1) provides that web site operators must make reasonable efforts to obtain
verifiable parental consent. They must also provide a reasonable way for parents to review and
request removal of the information. 16 C.F.R. § 312.6. If compliance will cost $250,000 to
$500,000 a year but garner less revenue, then the program is not worthwhile. If PetPortal tries to
save money to skipping compliance, it is risking civil action from the state.

   X       Problem Set 10 European Privacy, p. 216
10.1 Zahida Hussain runs a babysitting agency on Ambridge England and keeps records onto the
families who use her service. When the sitters return from working with a family Zahida de-
briefs them on the family's circumstances, entering the information into a filing system she has
set up. If Zahida notices that the families are Shiite Muslims she passes that information onto her
uncle, an imam at the local Shiite mosque so that he can check to see if they are members of the
mosque. If not, he contacts them to invite them to attend a worship service. Is there anything
Zahida and her uncle should be doing differently. DPA §§ 1,2 4, 5, 16-18; Schedule 1, 2, and 3.
The religious denomination and practices of a personal are sensitive personal data. Thus, Zahida
would violate the DPA is she gave her uncle the personal information she has on her clients
without their unambiguous permission. Zahida must contact her clients and explain why she
wants to give the information to her uncle and get their express consent before giving the
information to him. She should also advise the clients that she would not disclose the information
after a certain date. Furthermore, Uncle must also be in compliance to DPA.
10.2. Fred Bloggs (a resident of East London), has constructed a Web site at The Web site (residing on a server in East London) provides advice to
the lovelorn and an online dating service.
(a) Does Fred have any reason to be concerned if he shares the information he collects from
lovelorn visitors to his site with his friend Lardy Dar, who would like to contact them to try to
sell them some prime Florida real estate at fire-sale prices?
A data controller may share information outside the country only if (1) the purpose of the sharing
comports with the purpose for which the information was collected, (2) the recipient country
requires DPA equal safeguards, (3) the subject unambiguously consents, or (4) the recipient is
legally or contractually required to use DPA equal safeguards. Fred cannot share his information
with Lardy Dar because (1) Fred collected the information for the purpose of providing advice to
the lovelorn and an online dating service, (2) the U.S. does not require DPA equal safeguards,
and (3) Lardy Dar is not legally or contractually required to use DPA equal safeguards. If Blogs
Jerry Prettyman                    eCommerce Problems                                Page 15

shares the information with Lardy Dar, then Blogs is at risk of prosecution by British Authorities
and for individual civil action for exceeding the purpose for which the information was collected.
(b) Assuming that he has notified the Commissioner that he is collecting the information, is there
anything else that he would need to do to comply with the DPA? DPA §§1, 2, 4, 11; Sch. I, Part
I, first and second Principles; Sch 2, 11; Sch. 3, 11.
Fred should post on his web site and contact the visitors who have not given permission, and
request unambiguous permission to disclose the information, the purpose of the disclosure, the
person to whom he is disclosing the information, and he should advise the clients that he will not
disclose the information after a certain date. Fred should also be paying the notification fee to the
Commissioner. Fred must stop using (cease processing) any data on any person who objects or
fails to give unambiguous consent.
10.3. is a multinational corporation that provides an Internet marketplace for the
worldwide textile industry. The servers that support its Web site are located in Texas, but many
of its customers live outside the United States. Many of its customers are EU corporations and
individuals. The CEO of is a British lawyer who has heard about the safe harbor
agreement related to the DP Directive and would like to take advantage of it. What advice would
you give him to help him assess the pros and cons of participating in the safe harbor? DP
Directive art. 4; DPA §5.
a) Is TexTrade subject to the DP Directive? Yes, because the Directive and DPA apply to
persons and businesses in the UK. Since the CEO is a British lawyer, we assume he is in the UK
so he, and his business, are subject to the DPA and directive.
b) Organizations must comply with the seven safe harbor principles.
1) Notice of the why the information is being collected, how to contact the company regarding
the information, the type of third parties receiving the information and the choices and means the
organization offers for limiting its use and disclosure. This should be on every website.
2) Choice of opt-out for non-sensitive information or express opt-in for sensitive information for
third party disclosure or alternative use.
3) Legal or contractual safeguard compliance for transfers to Third Parties.
4) Access by the subject allowing correction, amendment, or deletion of the information unless
either the burden or expense of access outweighs the privacy risk or the privacy risk involves
another person.
5) Reasonable precautions to protect the personal information from loss, misuse and
unauthorized access, disclosure, alteration and destruction.
6) Reasonable steps to ensure the data are relevant, reliable, accurate, complete, and current for
its intended use.
7) Enforcement means that are readily available with affordable independent complaint and
dispute handling; verification procedures and annual self-certification of safe harbor compliance
and sanctions sufficiently rigorous to ensure compliance.
10.4. Robert Mirobal, president of Native Breeze Flutes, a small family business that
manufactures traditional Native American flutes, was recently on a golf vacation in St. Andrews,
Scotland. While golfing, he became quite friendly with Diana Llewellyn. When Robert told
Diana about some of his products, Diana was very interested in learning more. Thinking that
some of his accessories would be useful to her friends that play bagpipes, Diana offered to share
with him the names and addresses of all her colleagues in the Great Highland Bagpipers
Association, of which she was currently the secretary. Does Robert need to be worried about
Jerry Prettyman                    eCommerce Problems                               Page 16

having Diana e-mail him an electronic copy of the membership directory of the Association
(including names, home addresses, spouses' names, telephone numbers, and birth dates of
members)? If so, would the safe-harbor clauses provide a potential avenue for relief? DP
Directive art. 26; DPA §§4, 11; Sch. I, Part I, first, second & eighth Principles; Sch. I, Part II,
115; Sch. 4, 118, 9.
Llewellyn cannot send the information to Mirobal unless he contractually agrees and complies to
the DPA safe harbor provisions. Thus, the safe harbor provision is not a per se potential avenue
for relief, as he will have compliance efforts and costs to annually handle. If however, he accepts
the information without agreeing and complying, he is open to civil action in Britain and
government enforcement of the federal and state unfair and deceptive statutes in the United
States. The FTC has the power to rectify such misrepresentations by seeking administrative
orders and civil penalties of up to $12,000 per day for violations.

   XI      Problem Set 11 Privacy Policies & e-Trust, P. 230
11.1 If the company has a privacy policy similar to that of Yahoo then the company is not liable
for releasing personal information in compliance to a subpoena for the information because the
privacy policy clearly states that, "We respond to subpoenas, court orders, or legal process, or to
establish or exercise our legal rights or defend against legal claims."
11.2 (a) If the company has a loose restriction policy permitting use of personal information but
seeks to acquire another company with a stricter policy then the company must first give notice
to the affected persons since the policy states that, "We [may] transfer information about you if
[we are] acquired by or merged with another company. In this event, [we] notify you before
information about you is transferred and becomes subject to a different privacy policy."
11.2 (b) If the company's business transfer privacy policy is the same as Amazon's then the
information "remains subject to the promises made in any pre-existing Privacy Notice" or could
be released if "the customer consents otherwise." If the company's business transfer privacy
policy is the same as Yahoo's then the information could be shared "under confidentiality
agreements. These companies may use your personal information to help [the company]
communicate with you about offers from [the company] and [its] marketing partners. However,
these companies do not have any independent right to share this information."
11.3 Riverfront Tools, Inc. would argue that although Alfredo Guzman created and posted the
Privacy Policy for Riverfront Tools, Inc., he was not authorized to make contracts with users of
the Riverfront Tools, Inc. website while Carl as president of Riverfront Tools, Inc. has authority
to make contracts for the company and Carl did not authorize the Privacy Policy for Riverfront
Tools, Inc. The Riverfront Tools, Inc. website users would object on grounds that they relied on
the posted policy that personal information will be treated as private and confidential at all times
and not shared with any third parties without the prior express authorization of the identified
individuals, and that Carl and Riverfront Tools, Inc. are barred by promissory estoppel since the
Privacy Policy was in effect for over a year. Riverfront Tools, Inc. must (1) conspicuously post
the new privacy policy on its web site, (2) give notice to users that the privacy policy has
changed, noting that use of the private portion of the web site is implied consent to use the
information on file, and (3) request express permission from existing users who do not give
implied consent to use their information outside of the prior privacy policy. N.B. The FTC has
not pursued Ebay for its OPT-OUT policy.
11.4 The TRUSTe License Agreement – 9.0 provides that TRUSTe may terminate this
Agreement upon twenty (20) business days’ prior written notice (“Notice of Termination”) to
Jerry Prettyman                   eCommerce Problems                                Page 17

Licensee of a material breach of this Agreement. [VII. Termination. (B)(1)]. Among the material
breach conditions is if "Licensee’s failure to adhere to the Program Requirements." [TRUSTe
License Agreement – 9.0, VII. Termination. (B)(2)(vi)]. Thus, if CPT decides to sell the personal
information it received in reliance of its TRUSTe policy then TRUSTe can void CPT's affiliation
with TRUSTe. While CPT has 20 days to correct the breach [VII. Termination. (B)(1)], a release
of personal information is not simply something just, "corrected." Satisfaction of TRUSTe's
concern will require great efforts to reclaim the information, prevent its further use and
dissemination and provide for persons injured by the release.
Thus, CPT's best option is to charge a subscription fee for privacy protected access and allow
separate access for persons willing to give their information for sale by CPT.
11.5 As there are three different PetPortal web site categories, each category required it own P3P
notice. The Browsing Only section collected Clickstream marketing data and about the user's
computer, the Transaction Processing section collected information regarding the data entered by
user for the transaction and about the user's computer, while the bulletin boards and chat rooms
collected data posted by user in the bulletin boards and chat rooms and about the user's
computer. As all categories had the Browsing Only section notice, there is a substantial
difference in the information collected and what the notice said was being collected. Thus, the
class of people affected is the people whose information PetPortal collected beyond what the P3P
notice said was being collected. Unlike TRUSTe, there is not a certification contract also at
issue. While each person in the Transaction Processing and the bulletin boards and chat rooms
has a complaint against PetPortal for violation of the its P3P notice, they arguably do not have a
cause of action to sue because the facts do not show they were injured or that the mistake was
intentional. PetPortal has not apparently down anything with the information beyond delivering
what the user expected, i.e., a product or service. Furthermore, PetPortal did not collect more
information that what either the user entered, i.e., product and delivery details, or bulletin board
or chat room discussion, plus the basic browsing information that the notice stated was being
collected. Since each user voluntarily entered the information for the specific purpose of a
transaction or discussion, each user, particularly the transaction user, would expect the
information to be recorded. Otherwise the information would not be available for delivery or
further discussion. As PetPortal did not abuse its acquisition of the information, there is no harm
done beyond an innocent mistake.

   XII     Problem Set 12 Wiretap ACT: ECPA & SCA, P. 254
12.1 Employer Ben Darrow installed “Super Sniffer” Internet monitoring software on his work
network, which reported that employee Johnny Rocket was downloading large image files from
web sites and with file names suggestive of hardcore pornography. Darrow immediately fired
Rocket. What concerns could ECPA 18 U.S.C. §§2510(4), (5) and 2511 cause Darrow?
It is illegal to "intentionally intercept, endeavor to intercept, or procure any other person to
intercept or endeavor to intercept, any wire, oral, or electronic communication." 18 U.S.C. §
2511(a). “Intercept,” means the aural or other acquisition of the contents of any wire, electronic,
or oral communication through the use of any electronic, mechanical, or other device. 18 U.S.C.
§2510(4). "Electronic, mechanical, or other device" means any device or apparatus which can be
used to intercept a wire, oral, or electronic communication other than (a) any telephone or
telegraph instrument, equipment or facility, or any component thereof, (i) furnished to the
subscriber or user by a provider of wire or electronic communication service in the ordinary
course of its business and being used by the subscriber or user in the ordinary course of its
Jerry Prettyman                   eCommerce Problems                              Page 18

business or furnished by such subscriber or user for connection to the facilities of such service
and used in the ordinary course of its business; or (ii) being used by a provider of wire or
electronic communication service in the ordinary course of its business, or by an investigative or
law enforcement officer in the ordinary course of his duties. 18 U.S.C. §2510(5).
An "electronic communication" means any transfer of signs, signals, writing, images,
sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio,
electromagnetic, photoelectronic or photooptical system that affects interstate or foreign
commerce. 18 U.S.C. § 2510(12).
Since the “Super Sniffer” software read the web site information (electronic communication)
and file names as the files came into Rocket's computer from the wired Internet, Darrow was
intentionally intercepting the electronic communication during transmission, a violation of 18
U.S.C. §2511. As Darrow's Internet provider did not provide the “Super Sniffer” software, and
his ordinary course of his business is not employee monitoring, Darrow has violated 18 U.S.C. §
2511. Although §2511 provides for the government to prosecute Darrow, 18 U.S.C. § 2520(a)
allows Rocket a private right of action for actual damages or statutory damages of the greater of
$100 a day for each day of violation or $10,000.
Darrow might argue that as the business owner he has a right to check on his employees and his
property, so he was acting under color of law. 18 U.S.C. § 2511(i). However, Darrow did not
know about Rocket's activities beforehand and he did not report the activity to the police, who
could then with his permission have looked at the computer. Thus subsection (i) does not apply.
12.2 Suppose Darrow discovered the same information by looking at the cookies on Rocket’s
computer? What concerns could ECPA 18 U.S.C. §2510, & SCA 18 U.S.C. §§ 2701 and 2707
cause Darrow?
Whoever intentionally exceeds an authorization to access that facility; and thereby obtains, …
access to … electronic communication while it is in electronic storage in such system shall be
punished. 18 U.S.C. § 2701(a)(2). The definition of electronic communications applicable to the
Stored Communications Act is derived from the “broad, functional” definition of an electronic
communication of 18 U.S.C. § 2510(12) in the ECPA. Pharmatrak. “Electronic storage" means
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the
electronic transmission thereof; and (B) any storage of such communication by an electronic
communication service for purposes of backup protection of such communication. 18 U.S.C. §
2510(17). Cookies however, are not electronic communications for the purpose of 18 U.S.C. §
2701 because they are not “any temporary, intermediate storage of a wire or electronic
communication incidental to the electronic transmission” or “any storage of such communication
by an electronic communication service for purposes of backup protection of such
communication.” Thus, Darrow did not violate the SCA by reading Rocket’s cookies. Rocket
may seek a civil action to recover (1) such preliminary and other equitable or declaratory relief
as may be appropriate; (2) actual damages but in no case less than $1,000, and (3) a reasonable
attorney’s fee and other litigation costs reasonably incurred. 18 U.S.C. § 2707.
12.3 Mia Katerina discovers that a person has been posting malicious rumors on her PetPortal
chat room and other people are requesting she disclose the identify of the poster. She believes
that disclosing the name is a violation of the Stored Communications Act. How do 18 U.S.C. §§
2510, 2701 and 2702 provide or deny her a valid reason to refuse to disclose the information?
18 U.S.C. § 2702(a)(3) provides a provider of remote computing service or electronic
communication service to the public shall not knowingly divulge a record or other information
pertaining to a subscriber to or customer of such service to any governmental entity.
Jerry Prettyman                    eCommerce Problems                                Page 19

However, 18 U.S.C. § 2702(c) provides that a provider may divulge a record or other
information pertaining to a subscriber to or customer of such service (1) if the governmental
entity uses an administrative subpoena; (2) with the lawful consent of the customer or subscriber;
(3) as may be necessarily incident to the rendition of the service or to the protection of the rights
or property of the provider of that service; (4) to a governmental entity, if the provider
reasonably believes that an emergency involving immediate danger of death or serious physical
injury to any person justifies disclosure of the information; (5) to the National Center for Missing
and Exploited Children, in connection with a report submitted thereto under section 227 of the
Victims of Child Abuse Act of 1990 (42 U.S.C. 13032); or (6) to any person other than a
governmental entity.
Since the person has merely been posting malicious rumors, Mia may, but is not required to
release the information to a private citizen, but otherwise Mia cannot divulge the information to
the government except under an administrative subpoena, or warrant.
12.4. PetPortal disclosed in its privacy policy that it collects personal information from its web
site users with business partners in related businesses, and its web site links to the company
providing feedback on what uses the users find on the PetPortal web site. PetPortal is surprised
to receive a class action lawsuit for statutory ECPA damages of $10,000 per person (or >
$1MMM for its 115,000 members.)
(a) What reassurances are provided by ECPA, 18 U.S.C. §§ 2510(4), 2511, 2520, 2701, 2702,
and 2707?
Although 18 U.S.C. § 2511(a) provides that it is illegal to "intentionally intercepts, endeavors to
intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or
electronic communication," and "intercept" means the aural or other acquisition of the contents
of any wire, electronic, or oral communication through the use of any electronic, mechanical, or
other device, [18 U.S.C. §2510(4)], the divulged information came from storage, and was not
intercepted contemporaneously. Furthermore, 18 U.S.C. § 2702(c)(2) provides that a provider
may divulge a record or other information pertaining to a subscriber to or customer of such
service with the lawful consent of the customer or subscriber. The Pharmtrak Court said that,
"[t]he consent must be actual, not implied, constructive or inferred." PetPortal's privacy policy
expressly stated that the personal information was collected and divulged. Thus, if PetPortal
shows that users had to agree to the Privacy Policy before accessing the web site, then PetPortal
is not liable.
(b) Why would the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, not apply?
The Computer Fraud and Abuse Act does not apply because PetPortal is the owner and user of
the computer server and the information on the computer server. As such, PetPortal's access is
not an access of a protected computer without authorization or exceeding its authorized access.
12.5 Would the Wiretap Act, 18 U.S.C. § 2702(b) & (c) provide a cause of action to a person
arrested for possession of marijuana when the basis of the arrest came from an email the arrested
person sent to another person, who was the subject of an incidental investigation for having
legitimate correspondence with another person being investigated without warrant after being
reported by the ISP for corresponding by email with a foreign separatist organization?
Since Boris' email contact was with Chechen separatist groups, 18 U.S.C. § 2702(b)(6)(A)(ii)
provides that the disclosure of Boris' email was proper as it appeared to pertain to the
commission of a crime. While Kaye was in regular contact with Boris, all of her communications
with Boris were solely related to Boris' employment, which Kaye was responsible to track. Thus,
the scope of permissible investigation stopped under 18 U.S.C. § 2702(b) with Kaye. Since
Jerry Prettyman                   eCommerce Problems                                Page 20

Farley's email to Kaye was personal, the investigating officer was not authorized to read the
whole of the email beyond ascertaining that was personal and not related to Boris' activities. Just
as if the officer were monitoring a telephone call, the officer was obliged to cease reading as
soon as he determined that the email was personal and unrelated to Boris' activities.
Since the officer monitored Farley's email to Kaye from the company server, he intentionally
intercepted her electronic communication without permission of Kaye or Farley. Thus, 18 U.S.C.
§ 2520(a) allows Farley a private right of action for actual damages or statutory damages of the
greater of $100 a day for each day of violation or $10,000.

   XIII Problem Set 13 E-Contracts, Mail Order Rule, P. 288
13.1 A person buys a computer through a web site and finds when the computer arrives a seven
page "Terms and Conditions" providing a 30-day return and refund policy (less shipping costs
both ways) and a provision limiting dispute resolution to arbitration in New York City under the
terms of the American Arbitration Association. Is the arbitration provision enforceable given that
(1) the person keeps the computer, and (2) had the person known of the provision before
ordering the computer, the person would have purchased from another company? See old UCC
§§ 2-204 and 2-207, new UCC § 2-207 and Restatement (2d) of Contracts §211.
This is a shrinkwrap issue. The prior version of the UCC sections did not adequately address
circumstances of contract formation through electronic contact. The new UCC § 2-207 provides
for electronic execution of contracts as evidenced by the conduct and records of the parties.
While the prior version of the UCC would have given the buyer some allowance for the lost
expectation (i.e., the ability to purchase through the other company), the new UCC § 2-207
recognizes the 30-day policy is a contract with additional terms enforceable term on both parties,
and thereafter the other terms are just as fully enforceable. The buyer had 30-days to consider
remorse so after the 30-days, remorse is not an option. The buyer's only ability to invoke remorse
exists if the buyer, who would the burden of proof here, could show that the seller knew of the
buyer's preference.
13.2 A person is about to purchase a computer through a web site, but has to scroll through a
entire seven-page "Terms and Conditions" document on the screen. Beneath the "Terms and
Conditions" document is dark text in capital letters in a box advising the user that clicking the
"Click here to buy" button below the box is the same as a formal signed agreement to the "Terms
and Conditions" document. Another button states, "Click here to decline purchase if the terms
are unacceptable." The user clicks the Accept button but without reading the "Terms and
Conditions" document. When the computer arrives, the user finds another copy of the agreement
with the computer, and disregards that one also. Is the provision enforceable? See old UCC §§ 2-
204 and 2-207, and new UCC § 2-204(4) and 2-207. Yes, the provision enforceable. This is a
clickwrap issue. The user had conspicuous notice in the first instance and was given the chance
to decline. The second copy in the box provided another opportunity for the user to reject the
contract by returning the contents. As the user did not decline the contract on either opportunity,
the contract is valid and enforceable.
13.3 A person is about to purchase a computer through a web site, but does not have review the
Terms and Conditions, which are found through clicking another link below both the "Click here
to buy" button and a fine print statement that the purchaser agrees to the web site's privacy policy
and conditions of use, which states that a 10% restocking fee applies to returns and that shipping
costs are not refunded. Is the provision enforceable? See old UCC §§ 2-204 and new UCC § 2-
Jerry Prettyman                    eCommerce Problems                                Page 21

This is a browsewrap issue. Although the old UCC § 2-204 was silent on electronic commerce,
the new UCC § 2-204(4)(b) provides that a contract may be electronically formed if the user acts
where the user is free to refuse to take or makes a statement, and the user has reason to know that
the actions or statement will complete the transaction or performance or indicate acceptance of
an offer. Here, the user has the opportunity to see the agreement but arguably the fine print is too
small for the user to know of the agreement. Since the seller cannot show the user had
conspicuous notice to know of the agreement, the agreement will be construed against the seller.
13.4 Is it a good idea to have every visitor entering information into a web site, which usually
happens for purchases, click through a complete copy of the privacy agreement?
Dear Mia:
Forcing a person to click through a complete copy of the privacy agreement to enter any
information on your web site over accomplishes the legal necessity of conspicuous notice and
clear understanding and is not a good idea from a business view.
Protecting your interests means that you must assure that users are given a clear opportunity and
understanding that the privacy agreement contains provisions that are both legally binding and
affect the rights of the users, and that you have a method to show the user had the clear
opportunity. You can achieve this by a conspicuous statement advising the user of this
information and an advice to read the privacy agreement, with an "I ACCEPT" button that the
user must click, which your computer either records or fails to process the transaction.
Forcing a person to click through an entire privacy agreement is not a good idea because some
users will tire and simply drop away from your web site. You are not required to force people to
read an entire agreement simply to do business.
13.5 How may a mail-order company (see p. 46) that takes orders via catalog, telephone and
Internet incorporate binding choice of law and choice of forum clauses into its sales agreements,
which are generally not in a traditional writing?
Since there are multiple ways for purchasers to buy, the company must assure that each buyer is
advised that the buyer has a certain, reasonable time to read the accompanying literature sent
with the product, and that retaining the product after that time is acceptance of the policy. This
could be a notice on the purchase page of the catalog, a notice on the web page, and a trained
comment to the buyer to "be sure and read the 30-day return policy."
13.6 (a) What are the legal position and remedy of a firm that receives an unexpected demand of
2000 orders so that its initial prediction of 24 hour shipment is unrealistic, although the firm does
mail postcards to orders 201 through 2000, advising the buyer of the delay and providing an
honest estimate shipment date of 2 to 12 weeks? See 16 C.F.R. § 435.1.
Although the firm provided an honest estimate shipment date of 2 to 12 weeks, this 10-week
time frame is both beyond and longer than the 30-day ship window discussed within 16 C.F.R. §
435.1(b)(1)(ii) and (iii).
For buyers whose orders are expected to take less than 30-days to ship, the firm must advise
them of their option to (1) consent to a delay in shipping, or (2) cancel the buyer’s order and
receive a prompt refund, and that (3) unless the seller receives, prior to shipment and prior to the
expiration of the definite revised shipping date, a response from the buyer rejecting the delay and
canceling the order, the buyer will be deemed to have consented to a delayed shipment on or
before the definite revised shipping date. 16 C.F.R. § 435.1(b)(1)(i) and (ii).
For buyers whose orders are expected to take longer than 30-days to ship, the firm must advise
them that those orders will be cancelled in 30-days unless the buyer specifically consents to the
shipping delay. 16 C.F.R. § 435.1(b)(1)(iii)(B)
Jerry Prettyman                   eCommerce Problems                               Page 22

(b) What difference exists in the Mail Order Rule, 16 C.F.R. § 435.2, for a buyer making a
purchase through a broadband connection, as compared to a buyer making a purchase through a
dial-up connection?
16 C.F.R. § 435.2 provides that “Mail or telephone order sales” refers to sales ordered by mail or
telephone, regardless of the method used to solicit the order, and that "telephone” includes any
use of the telephone by a human or machine. Thus, the Mail Order Rule applies to persons
placing orders by mail, voice over the telephone, or Internet over the telephone, but not to
broadband users.
(c) Article 2(4) of the EU Directive on Distance Selling is broader than the 16 C.F.R. § 435.1. et.
seq. as while the Mail Order Rule applies only to telephone commerce, Article 2(4) of the EU
Directive on Distance Selling applies to any "means which, without the simultaneous physical
presence of the supplier and the consumer, may be used for the conclusion of a contract between
those parties." Annex 1 of the EU Directive on Distance Selling provides the examples of
unaddressed printed matter, addressed printed matter, standard letter, press advertising with order
form, catalogue, telephone with human intervention, telephone without human intervention
(automatic calling machine, audiotext), radio, videophone (telephone with screen), videotex
(microcomputer and television screen) with keyboard or touch screen, electronic mail, facsimile
machine (fax), and television (teleshopping).
13.7 What would be the significance of legislation requiring that a term of a consumer contract is
not enforceable unless the consumer is permitted an opportunity to review the term before the
consumer becomes obligated to pay? See UCITA §§112 and 209(b) and Article 10(1)(d) of the
EU Electronic Commerce Directive.
UCITA §112(a) provides that a person shows asset to a record or term by authentication or
intentional conduct or statements that infer assent. UCITA §209(b) provides that a buyer with the
right of return and reimbursement if the seller does not permit the buyer an opportunity to review
the license before the licensee becomes obligated to pay and the licensee does not assent to the
license after having an opportunity to review. However, only Virginia and Maryland have
adopted UCITA. Thus, UCITA is not protection for the rest of the nation and the suggested
legislation would put the rest of the nation on par with Virginia and Maryland.
Article 10(1)(d) of the EU Electronic Commerce Directive provides that contracts shall name the
languages offered for the conclusion of the contract.

   XIV Problem Set 14 E-SIGN & UETA, P. 297
14.1 The arbitration clause of the Music Depot web-site agreement is enforceable. Electronic
agreements are not unenforceable for being electronic, rather than written. E-SIGN §101(a)(1).
E-SIGN, a federal law, preempts states laws that are inconsistent with UETA, which is state law.
E-SIGN § 102(a). As the Federal Arbitration Act is federal legislation, it preempts states laws
that are inconsistent. E-SIGN has the same effect for making electronic agreements binding,
provided that the usual parameters of conspicuous notice and attribution are met through the
document and execution.
14.2 (a) E-SIGN §101(c) requires that in consumer sales, the vendor must first provide the
consumer with a clear and conspicuous statement informing the consumer of the consumer's
rights to have paper copies and how electronic notices will be sent. Second, the consumer must
affirmatively consent to electronic records. Third, the vendor must test the consumer's ability to
access information in the format in which the notices are sent.
Jerry Prettyman                    eCommerce Problems                                 Page 23

E-SIGN §101(e) requires that electronic records that are not in a form that is capable of being
retained and accurately reproduced for later reference by all parties or persons who are entitled to
retain the contract or other record are unenforceable if state law requires a writing.
(b) UETA §8 requires that the parties exchange electronic documents in formats both can read
and print. If one party cannot print a document for lacking the necessary technology, the other
party must provide the document in either written version, or the appropriate electronic format
for printing. The FAA is federal law and forty states have adopted UETA. Since § 102(a)
provides E-SIGN preempts states laws that are inconsistent with UETA, our state cannot be
inconsistent with this provision.
14.3 UETA §9 does not require any particular signature authentication method. Thus, a person
logging in with another person's username and password is sufficient. ("An electronic record or
electronic signature is attributable to a person if it was the act of the person. The act of the person
may be shown in any manner, including a showing of the efficacy of any security procedure
applied to determine the person to which the electronic record or electronic signature was
attributable.") UETA does not state that this is binding on the attributed person, but rather leaves
open the possibility that the attributed person will show that another person was the actor.
To void the agreement the plaintiffs must show either that (1) the agreement is unconscionable in
the same fashion as any agreement, or that (2) they were not the person that clicked "I AGREE."
Since the plaintiffs have not shown an unconscionable lack of notice of the agreement, or raised
the defense of third party fraud, they are held to the agreement.
14.4 Restatement (2d) of Contracts § 153 provides that a party may void a contract for a mistake
made (1) as to a basic assumption for the basis of the contract (2) that has a material effect on the
agreed exchange of performances, and (3) the party does not bear the risk of the mistake or (a)
the effect of the mistake is such that enforcement of the contract would be unconscionable, or (b)
the other party had reason to know of the mistake or his fault caused the mistake.
Although Janeway purchased the wrong books, and he may believe that the price of the books is
more expensive than for his cost elsewhere, neither of these facts is sufficient to be a material
assumption to the price paid. As Janeway is not alleging that another person 'forged' his
purchase, or that Amazon knew he was buying the wrong books, he cannot cancel the contract.
[UETA §9] As this is also not a case of failing to use proper security, Janeway
cannot cancel under UETA §10.
Fortunately, the cancellation policy provides that a person can cancel an order for
any item sold by, provided that the order has not yet entered the shipping process.
Janeway will need to visit the order summary in "Your Account". If we can recognize you as a
customer with any unshipped orders, you will see a box to the right. Click the relevant link in
that box to visit the order summary page. (If you do not see that box, click here to sign in to Your
Account, and select the order you wish to alter.) Once you've reached the order summary, click
the "Need to cancel an item?" button. On the next page, click the checkbox next to any item you
want to cancel. Be sure to click the "Cancel checked items" button when you are finished.
The return policy provides that a buyer may return most new, unopened items sold
and fulfilled by within 30 days of delivery for a full refund. Since this is his error,
they will not pay the return shipping costs.
Jerry Prettyman                    eCommerce Problems                                Page 24

14.5 (a) UETA §9 does not bar a person from challenging the attribution of an electronic
purchase. Since the daughter's former boyfriend was not authorized by the cardholder to make
the purchase, the cardholder can cancel the purchase.
(b) Although the user agreement provides that the user is bound by all actions taken with the
user's ID and password, such provisions are intended to make the user liable for implied
authorized by someone having authorization to possess the card. Here, the daughter's former
boyfriend was not authorized by the cardholder to have the username and password, and even if
the daughter were authorized to have the username and password, she was not authorized to give
that information to another person. There is not an implicit authorization for the former to use the
ID and password. Thus, his purchase was fraudulent and illegal, so the user is not liable for the
14.6 Although UCC §2-207(a) provides that terms that appear in the records of both parties are
valid, typing a disclaimer of an arbitration clause in the address section of the electronic order
form does not have the effect to cancel the provision in the user agreement. UCC §2-211(4)
provides that contract formed by an individual and an electronic agent does not validate terms
provided by the individual if the individual had reason to know that the agent could not react to
the terms as provided.
14.7 UETA §10 provides that a party may void a party who makes an order entry error may
cancel the order due to the error. (Comments 4 and 1.) Since the incorrect price in the
advertisement occurred because of a technical error, this is the type of error contemplated the
UETA §10.
Restatement (2d) of Contracts § 153 provides that a party may void a contract for a mistake
made (1) as to a basic assumption for the basis of the contract (2) that has a material effect on the
agreed exchange of performances, and (3) the party does not bear the risk of the mistake or (a)
the effect of the mistake is such that enforcement of the contract would be unconscionable, or (b)
the other party had reason to know of the mistake or his fault caused the mistake.
Here the advertised price was a material portion of the exchange of performance. Thus, the
disappointed buyers cannot force Videoland to sell the product at the erroneous price. Also, since
the usual retail price is $350 while the sale price was $35, the buyers were on notice that either
an error occurred, or they were merely, "buying the box."
14.8 E-SIGN §101(c)(1)(B)(i)(II) provides for the right of a consumer to withdraw the consent to
have record provided in an electronic form Since Lydgate is responsible for notices of fund
transfer sent to him related to his account, he should contact the broker immediately (by
telephone, since his computer is broken) and advise them that he is canceling his consent to
electronic notice. E-SIGN also provides that the consumer may be subject to conditions and
consequences such as include termination of the parties’ relationship, or fees in the event of such
withdrawal. Thus, the broker may cancel his account.

   XV Problem Set 15 Sales of Goods, P. 315
15.1 Professional auctioneer Hall sold 10 dirt bikes at auction for Texas resident Morimatsu and
gave the $3000 of proceeds to Masao Morimatsu. Two of the personal checks bounced.
(a) As Masao Morimatsu is in Texas, he may file a written claim for each of the two bounced
personal checks with the Auctioneer Education And Recovery Fund of the Texas Department of
Licensing and Regulation (TX. Occ. C. §1802.201). If Hall is not a licensed auctioneer, then Hall
committed a misdemeanor (TX. Occ. C. §1802.301). Masao Morimatsu may also file a claim
against the buyers in small claims court, but if he wins and the department paid him, his claim is
Jerry Prettyman                     eCommerce Problems                                  Page 25

subrogated to the department and he must turn the proceeds over the department. (TX. Occ. C.
§1802.208). As this is a single auction with the total proceeds under $10,000, Masao Morimatsu
may collect from the fund the full amount of his losses. (TX. Occ. C. §1802.206).
(b) A merchant provides an implied warranty of merchantability for products sold by the
merchant. (UCC § 2-314). Although Masao Morimatsu has 10 dirt bikes, he is not a dealer in
them, despite perhaps his knowledge of them, as Masao Morimatsu’s occupation does not regard
dirt bikes, he merely has a fondness for riding them. (UCC § 2-104). Thus, Masao Morimatsu did
not provide an implied warranty of merchantability to the bikes sold at auction and he is not
liable for the defective dirt bike unless he expressed that the bike was either warranted, or fit for
(c) Unless stated otherwise in the sale, a seller warrants that the title shall be good, the transfer
rightful, and the goods free of lien. UCC § 2-312(1&2). Masao Morimatsu thus had a duty to tell
the buyer of the security agreement and is liable to the buyer for the purchase price. This is not a
case of the buyer giving a specification to the seller so Masao Morimatsu cannot fault the buyer.
UCC § 2-312(3). Masao Morimatsu does have a claim against the dealer however as the dealer
must advise a secured party of the default and that a seizure is impending.
(d) Only Masao Morimatsu may file a claim against the fund, as he is the person who “dealt”
with the auctioneer. (TX. Occ. C. §1802.202).
15.2 (a) Nami Morimatsu does not have recourse against eBay for the bounced checks from the
trains she sold on eBay. The eBay User Agreement has two provisions waiving eBay’s liability.
The first provision is under the Liability heading. “We are not liable for any loss of money,
goodwill, or reputation, or any special, indirect, or consequential damages arising out of your use
of our Sites.” The second provision is under the Release heading. “If you have a dispute with one
or more users, you release us (and our officers, directors, agents, subsidiaries, joint ventures and
employees) from claims, demands and damages (actual and consequential) of every kind and
nature, known and unknown, arising out of or in any way connected with such disputes.”
(b) A merchant provides an implied warranty of merchantability for products sold by the
merchant. (UCC § 2-314). Although Nami Morimatsu is a collector of model trains, her
knowledge alone does not make a dealer of model trains since buying and selling them is not her
occupation. Thus, Nami does not have to give refund to the buyer. The eBay user agreement
also states that, eBay does not have “control over the quality, safety or legality of the items
advertised, the truth or accuracy of the listings, the ability of sellers to sell items or the ability of
buyers to pay for items.”
(c) Unless stated otherwise in the sale, a seller warrants that the title shall be good, the transfer
rightful, and the goods free of lien. UCC § 2-312(1&2). Furthermore, legal ownership of an item
is transferred upon physical delivery of the item to the buyer by the seller. UCC § 2-401(2).
However, the model train is not held by a security agreement and Nami is not stated to have
known that the model train was stolen. Nami could only transfer the title that was as good as the
title she possessed, and she did not express that she held perfect title. Thus, the disgruntled buyer
does not have recourse against Nami. As Nami is not a dealer, caveat emptor applies.
15.3 A dealer is someone in the business of selling collectibles, including by mail, telephone or
cable television and includes persons operating public auctions in collectible sales, or a person
with, or holding out as having knowledge by employment or occupation in the sales of
collectibles. Cal.Civ.Code § 1739.7(a)(4). Although eBay would likely qualify as having
knowledge by its business in handling the sales of collectibles, eBay does not act as the seller of
collectibles. As eBay points out, it is “not involved in the actual transaction between buyers and
Jerry Prettyman                    eCommerce Problems                                 Page 26

sellers.” Thus, eBay is not a dealer for Cal.Civ.Code § 1739(a)(4) and Clarissa does not have a
cause of action against eBay for not verifying the authenticity of the football.
15.4 A person having a problem with users placing false feedback information may complain to
eBay. The eBay User Agreement provides that a people may not create “problems, possible legal
liabilities, or act[] inconsistently with the letter or spirit of our policies” and may not, “take any
action that may undermine the feedback or ratings systems,” which includes giving spurious
feedback information. eBay could then “limit, suspend, or terminate” the “user’s account,
prohibit access to eBay, and take technical and legal steps to keep the user off the Site.” eBay
also notes that, “[m]embers could be held legally responsible for damages to a member's
reputation if a court were to find that the remarks constitute libel or defamation. Under federal
law (the Communications Decency Act), because eBay does not censor feedback or investigate it
for accuracy, eBay is not legally responsible for the remarks that members post, even if those
remarks are defamatory. However, this law does not protect the person who leaves the feedback
from responsibility for it.” “Violations of this policy may result in a range of actions, including:
Account suspension & Feedback removal.” Since neither CDA nor ECPA protect the poster’s
name, Clarissa can request the name of the user and sue him for defamation.
15.5 Dear Ms. Herring: You requested my evaluation of the costs and benefits to license online
auctions and have a mandated code of conduct to require auction participants to follow basic
rules of ethics. We are able to, and already do, require 80 hours of training and licensing of
online businesses within our state (§1802.052). This training includes aspects of what you might
call, a code of ethics, as the commercial code includes many laws of that nature. If you wish to
include stronger requirements for auction businesses within our state, you may bring these to the
As for out of state auction businesses, we would likely not be able to economically require
licensing of out of state online auction businesses. The first difficulty is that out of state online
business is protected as interstate commerce, which our state cannot burden without a significant
state interest. Thus, we could not require the out of state online companies to come to our state
for training and licensing, although we could create a marketing incentive for such companies to
boast registration with our state. Alternatively, we could send trainers and testers to each out of
state company, but that would be expensive.
Online auction businesses may also be protected by the federal Communications Decency Act,
which provides immunity from prosecution and liability for such companies where the content is
posted by third parties.
As to the suggested Code of Ethics, the Uniform Commercial Code is already in place in our
state and all other states. Although each state’s commercial code varies a little, the essential
elements are in place in all states and for the most part model any code of ethics that we could
enforce. We would additionally have problems with enforcement of judgments based on a code
of ethics that lacks the force of law.

   XVI Problem Set 16 Internet Taxation, p. 329
16.1 Although has a significant warehouse facility on the state, IFTA §1101
provides that a state may not establish a discriminatory tax on electronic commerce. As the
state's largest bookseller has closed because of influence, the tax is arguably
discriminatory because of the lack of other booksellers. As the new 6% rate on books is on par
with the general sales tax however, it is not discriminatory in that aspect.
Jerry Prettyman                    eCommerce Problems                                 Page 27

16.2 A requirement that an Internet Service Provider must collect a sales tax for purchases made
on its service is unlawful as an impermissible burden on interstate commerce, and is likely a
constitutional violation of privacy as well. This is because the ISP would have to monitor its
Internet traffic to find who was making the purchase, and from whom the purchase was made,
and then somehow assess and collect the tax. Since an ISP may service many states, the burden
is enormous.
16.3 IFTA does not prohibit a sales tax charged on sales within its jurisdiction by companies
within its jurisdiction. Thus, Texas may tax Dell for web sales to Texas residents.
16.4 The Commerce Clause requires a physical presence in the state to have "substantial nexus"
with the taxing state and a rational relationship to the value taxed. Thus, Congress has the power
to authorize a state to tax Internet access as long as the carrier's business is in the state, the tax
does not extend to out of state residents, and the tax is rationally based (which an 8% would
likely be.)
16.5 (a) In a bi-lateral tax treaty following the OECD between the U.S. and Romania, the U.S.,
but not Romania would have jurisdiction to tax a Japan-based book retailer in New York City for
a sale to an American citizen residing in the U.S.
16.5 (b) In a bi-lateral tax treaty following the OECD between the U.S. and Romania, the U.S.,
but not Romania would have jurisdiction to tax for a web site order from a
Romanian citizen residing in Romania and shipped from the U.S. since the U.S. is the site of
16.5 (b) In a bi-lateral tax treaty following the OECD between the U.S. and Romania, Romania
would have jurisdiction to tax for a web site order from a Romanian citizen
residing in Romania and shipped from Romania the since Romania is the site of business.

   XVII Problem Set 17 Electronic Data Interchange, P. 348
17.1 Dear Ms. Marcus:
Thank you for calling me regarding your Tampa Trading electronic order of 50 teak gliders,
which contained 50 cedar gliders at $599 each. You did not state how Tampa Trading came to
ship you the 50 cedar gliders instead of the 50 teak gliders that you electronically ordered. I am
asking that you ask Tampa Trading for a reply to this question, and ask if perhaps your order was
garbled. If so, then Tampa Trading is obligated under the Model Trading Partner Agreement
§2.4(2) to have contracted you to clarify the order. Thus, you are not liable for the order if the
order was garbled, and Tampa Trading failed to confirm the order with you.
17.2 Dear Ms. Marcus:
Thank you for contacting me regarding the missing 1000 vases you shipped to GigaMart in
Kansas. GigaMart was supposed to electronically advise within a reasonable time that the
Wichita office had refused or returned the shipment, and you were supposed to reply. UCC § 2-
602(1). If so, both of you would have electronic records of the transmissions. MEDIT §2.1.
As you shipped the vases according to GigaMart’s electronic order, they are obligated to pay for
the vases. GigaMart can disclaim responsibility for the vases only by showing that they properly
advised you of the change in delivery location, of that the order was refused or returned.
Presumably, GigaMart has proof of their notice to you, and the absence of a receipt response by
your system would show that you did not receive their notice, if they sent one. As GigaMart did
not follow proper protocol, they are liable for the vases.
17.3 Dear Ms. Marcus:
Jerry Prettyman                     eCommerce Problems                                  Page 28

With regard to the spoofed order from Garden Market, the likelihood is that Garden Market has
liability for the missing umbrellas. This is because as part of your electronic data interchange
trading partner relationship with Garden Market, both firms are required to use those security
procedures that are reasonably sufficient to ensure all transmissions of documents are authorized
and to protect its business records and data from improper access. Model Trading Partner
Agreement §1.4. Since someone was able to spoof Garden Market to your computer, Garden
Market apparently failed to prevent improper access to its computers to prevent it from being
hacked. However, if Wonderful Wares also failed to properly use the security procedures and
allowed the spoofing to occur, then Wonderful Ware is equally liable.
[UETA §9 differs as it holds liability only to aiuthorioized transactions. EDI shifts the burden
since the presumption is for reliance of veracity, not the presumption of fraud.]
17.4 Dear Ms. Marcu:
In regard to cedar swings that Garden Market seeks to return under its two warranty, the
likelihood is that Wonderful Ware must honor Garden Market’s two-year warranty. First, Garden
Market provided the two-year warranty requirement with the EDI agreement. Thus, Wonderful
Ware then was aware that it could and likely would be held to the clause Second, as a supplier of
outdoor furniture, Wonderful Ware would be liable to the same standards used in the industry.
Although fading of outdoor furniture is expected over time, severe fading by 18-months is more
than the fair average quality that a buyers would expect for the ordinary purpose of outdoor
17.5 The practical consequences for local businesses wishing to big on governmental contracts
implementing an EDI mandate would be a reduced cost for order taking, with likely further
reductions in order processing, inventory control, and improved reliability in product shipping.

    XVIII Problem Set 18 Digital Signature Laws, P. 364
18.1(a) Dear Tom:
In regards to the 200 drill bits you sold to WTM, has a cause of action to pursue
payment under Illinois law. The issue at dispute will be whether WTM properly protected its
digital signature. Illinois law provides that a user of an electronic signature must protect the
digital signature. Someone relying on the signature may still do so even if the electronic
signature is false because the user failed to properly protect the digital signature. Even if the
QND certificate was false, you have grounds to sue or WTM's failure to properly protect its
digital signature. As to Utah, the burden is on you to prove that the WTM electronic signature
was authentic at the time you executed the contract with WTM. As you since learned that the
QND certificate was not verified, you are not likely to succeed in Utah.
(b) With regards to QND, you have a cause of action in both Illinois and Utah. Although QND
fulfilled its certification practice statement, Illinois and Utah also require the certificate authority
to confirm in a trustworthy manner" that the prospective subscriber is the person listed." QND's
disclaimer is unenforceable unless QND verified the prospective subscriber was WTM. As
WTM impliedly denies it was the subscriber, QND is liable for your loss.
(c) As to the forger, Illinois law also holds that person liable.
(d) An ordinary email sent by an employee authorized to make email contracts binds the
company if the email signature is the type usually used to designate a signature for such matters.
18.2 Dear Carl:
This letter is in regards to your inquiry of the proposal from Verisign. Participating in a network
of digital signatures through Verisign is beneficial for providing reliable security to you, your
Jerry Prettyman                    eCommerce Problems                                Page 29

clients, and your suppliers, that the person you are electronically transacting with is the actual
person. Your clients will be more likely to buy from you thought electronic networks, and you
benefit from reduced expenses from fewer personal interactions on each transaction. As with any
transaction, there is a risk of fraud. If you properly guard your electronic network i.e., the server
and signature, you will not be liable for fraud by people from whom you reasonable protect
yourself. There is still the opportunity that persons posing as others may defraud you. To reduce
this risk, you must take reasonable steps to assure the veracity of electronic signatures.
18.3 Dear Stacy:
Although you seek to disclaim causes of actions against Wessex Bank for its role as a
certification authority, you cannot do so merely by disclaiming responsibility for its reasonable
reliance. Many codes and statutes provide for liability based on the unreasonable acts of the
certifying authority.

   XIX Problem Set 19 Trading Partner Agreements, P. 378
19.1 (B2B Legal Issues):
Antitrust issues on horizontal exchanges, people want to be independent. What is the intent?
Trading Partner Agreement: The organization should have its own Trading Partner Agreement so
members will understand their rights and obligations with the organization. While a brief TPA
gives members flexibility and a less legalistic approach to the organization, a comprehensive
TPA helps members understand the preferred operating methods between members with less
likelihood of misunderstanding. This comes however, with the tradeoff that some persons will
want a through review of the TPA before becoming members, or object to the provisions.
Anti-Trust Laws: The TPA cannot be so restrictive as to violate anti-trust laws. Horizontal
exchanges are suspect for anti-trust issues since the parties are often competitors to each other.
The important issue is the intent of the members to make transaction (which is OK) or matching
business operations for improving profit (which is collusion.) Also, the membership provisions
must have a reasonable relationship to the purpose of the organization and not be so exclusive as
to be anti-competitive. The TPA must also assure that members understand they not collude to
lock out, or lock in persons or operating methods, i.e., price-fixing, that are anti-competitive.
19.2 Are boilerplate provisions suitable to usage agreements? A usage agreement may specify
items like warranties, disclaimers of liability, insurance requirements. While this would save
some legal fees for members, they may incur legal fees and delay for upfront review.
19.3 Do off-exchange agreements violate the usage agreement? See §§ 6 &7 of the WWRE
Agreement. Restrictive provisions are bad for business. Section 6 of the WorldWide Retail
Exchange, L.L.C. usage agreement (19-wr3000.htm) provides that members must pay a
"transaction fee for any transaction on the Exchange regardless of whether or not such
transaction is actually consummated." While independent research is a defense, finding a partner
through the exchange and making the deal outside the exchange is a bad-faith deal, which
violates section 7 of the usage agreement. ("Each User hereby agrees to act in accordance with
the principles of good faith and fair dealing when transacting on or through the Exchange.")

   XX Problem Set 20 Copyright License Disputes, P. 394
20.1 Dear
There are seven sets of possible actions: Copyright, Misappropriation, Breach of Contract, Trade
Secret, Trespass to Chattels, Sui generis, and a violation of the Computer Fraud and Abuse Act.
Jerry Prettyman                   eCommerce Problems                              Page 30

1) An action in copyright requires a violation of one of the §106 rights without fair use. Whether
the copying activities of violates any rights held by depends on the
extent of the copying. For example, does not have copyrights in the public
information provided to you, or that you collected. However, your expression of that information
is protected, as is any information your created, such as a discussion of public information.
Please provide some examples of the type of information copied, and whether the
copying is of public information, the manner in which you published the information, and
whether copied any commentary you created.
2) An action in misappropriation requires that extra elements beyond the general scope of
copyright law. 3) A breach of contract action requires a contract and that the person exceed an
authorization of the contract. 4) Trade secrets are not involved since the information is not a
secret; even if has commercial value. 5) An action for trespass requires an interference with use
of the data; 6) a Sui generis moral right is not involved. 7) CFAA requires that the user exceed
authority and sufficient damages, as by the use of $5000 of computer resources.
20.2 Dear Tennis Tales:
In regards to your database that you rented to Sports Station, the Bankruptcy Code provides that
the bankruptcy trustee may not assign any executory contract or unexpired lease of the debtor if
the contracting party does not consent to the assignment. 11 U.S.C. § 365(a)(1)(c)(B). However,
this section of the code does not provide for damages. Thus, while you can secure return of the
database, you are not likely to recover damages from the trustee.
20.3 Dear
Your member agreement limits each participant to collecting information to transaction in the
which the member is a party. Thus, is breaching the contract with you since
the software used by also collects information from visitors of activities
between the visitors and unrelated third party members of
20.4 Dear MonsterMart:
Your site license violation claim against the League of Net Consumers is sustainable since the
LNC shopping bot ignores robot exclusion headers and peruses your web site without
authorization. You may also be able to sustain an action for trespass to chattels if the bot is
interfering with your web site. You also have a cause of action in the EU under the EU Directive
96/9 §7(1) if this activity is also taking place on your Europe based servers. This is because the
EU Directive gives database owners the right to prevent unauthorized extraction and reuse of
database information if you made a "substantial investment" in the formation, organization and
upkeep of your database.
20.5 Dear Congresswoman Herring:
While Congress has the power to create rights in databases of the form similar to the sui generis
of EU Directive 96/9, those rights are likely to create a substantial burden to the free-flow of
information. This is because EU Directive 96/9 protects not only the expression of the
information in the database, but also the information as well. Thus, a person reading public
information in a private database would be prohibited from sharing that information with other

   XXI Problem Set 21 Music Copyright Rights, P. 422
21.1 Pacific Records owns the sound recordings from an original album by "The Who" and Pete
Townsend, although Townsend owns the musical works. Pacific Records complains that "The
Jerry Prettyman                   eCommerce Problems                               Page 31

Who" and Pete Townsend made new recordings of substantially all the songs on the album and
the recordings are practically indistinguishable. Are the new recordings lawful?
The exclusive right of the copyright owner of a sound recording under is limited to the right to
duplicate the sound recording in the form of phonorecords or copies that directly or indirectly
recapture the actual sounds fixed in the recording. 17 U.S.C. § 114(b). These exclusive rights do
not include any right of performance. 17 U.S.C. § 114(a). Since Townsend owns the musical
works, he has the right of performance and can make new recordings.
21.2 Although distribution of digital copies of copyright protected digital recordings is copyright
infringement, a consumer may lawfully make personal copies of digital musical recordings or
analog musical recordings. 17 U.S.C. § 1008. Thus, a person may use a digital recorder to make
digital audiotapes of analog records.
21.3 (a) Radio stations may retransmit a non-subscription broadcast transmission [without
additional permission of the copyright holder] if the transmission does not exceed a radius of 150
miles from the site of the radio broadcast transmitter. 17 U.S.C. § 114(d)(1)(B)(i). However, an
Internet content provider cannot control the distribution of material placed on the Internet. Thus,
a radio station that transmits over the Internet violates the 150-mile radius limitation.
21.3 (b) A radio station may transmit over the Internet by paying the statutory licensing fee, if
the broadcast is a non-subscription transmission and is not part of an interactive service, 17
U.S.C. § 114(d)(2)(A)(i), and the copyright material does not exceed the duration, notice and
repeat limitations of 17 U.S.C. § 114(d)(2)(C). Playing music of one band only, providing an
advance program listing, and staging regular repeat transmissions would exceed the duration,
notice and repeat limitations of 17 U.S.C. § 114(d)(2)(C). Thus, cannot play its
music without paying the statutory licensing fee, or negotiating a contract.
21.3 (c) Although an Internet 'radio' station provides a specific genre of music, the station does
not invoke the limitations of 17 U.S.C. § 114(d)(2)(C), since the listeners do not know in
advance what song or artist will be playing at a particular time.
21.3(d) A paid subscription music service may broadcast over the Internet by paying the
statutory licensing fee; and the transmission does not exceed the sound recording performance
complement and the transmitting entity does not cause to be published by means of an advance
program schedule or prior announcement the titles of the specific sound recordings or
phonorecords embodying such sound recordings to be transmitted. 17 U.S.C. § 114(d)(2)(B).
21.4 Thoughts on a Challenge to Grokster.

   XXII Problem Set 22 Copyright Ownership, P. 450
22.1 The issue is whether the Copyright Act preempts a click-wrap license barring a buyer from
disposing by re-sale to the seller of an electronic book. The owner of a lawfully obtained
copyright protected copy is entitled to sell or otherwise dispose of the copy without the authority
of the copyright holder. 17 U.S.C. § 109(a). Upholding the license is a state law action that the
Copyright Act would preempt if the buyer is an owner and the state law action the state law
claim seeks to vindicate equivalent legal or equitable rights to any of the exclusive rights within
the scope and subject matter of Copyrights. 17 U.S.C. § 301.
The Copyright Act applies only to buyers so the first question is whether the person is an
owner of the copy or a licensee. The buyer made a one-time purchase for perpetual use of the
electronic book. Prof. Nimmer would consider this buyer an owner.
Jerry Prettyman                   eCommerce Problems                               Page 32

The second question is whether the Copyright Act preempts the state claim. The Copyright Act
preempts a state law unless the claim possesses one or more elements beyond the scope of
copyright law. 17 U.S.C. § 301. Courts are inclined to uphold contractual provisions where the
terms and conditions of contracting are not substantively or procedurally in fault. As the state
law claim is to enforce a contract provision, albeit one foregoing a federal right, the Court
considers contracting an extra step. Since the Copyright Act does not preempt the contract, the
person may not legally dispose of the copy.
22.2 To assure the viability of a license agreement barring disposal of an electronic file, the
licensor should (1) require periodic license fees, and (2) a mode for renewal or expiration of the
subject license.
22.3 A holder of a copyright protected circumvention deterrent program may not attempt or
authorize circumvention of the copyright protection technology. 17 U.S.C. § 1201. Thus, the
buyer of an electronic book may not hire a person to circumvent the copy deterrent program.
22.4 A person may copy a software program as fair use (17 U.S.C. § 107) without violating the
copyright if the copying (17 U.S.C. § 106) is for (1) an essential step in the utilization of the
computer program in conjunction with a machine and that it is used in no other manner (17
U.S.C. § 117), or (2) the copying is the only way to gain access to the ideas and functional
elements embodied in a copyrighted computer program. Sega Enterprises Ltd. v. Accolade Inc.,
977 F.2d 1510, Ninth Circuit, 1992. Subject to the extra element test of Copyright Act
preemption, 17 U.S.C. § 301, the holder of the copyright may still assert a breach of contract
claim. If the software contains a circumvention deterrent program, or the reverse engineering is
not necessary to gain access to the ideas and functional elements embodied in the program, then
the copying rights and license agreement are not equivalent to each other and the copying is
22.5 The Copyright Act reverse engineering protections apply only to persons acquiring the
software by legal means. Thus, a person may not copy or reverse engineer a computer program
acquired by illegal means, as by downloading from an illicit shareware site.

   XXIII Problem Set 23 Software Licenses UCITA, P. 465
23.1 Section 5 of the MS EULA purports to limit reverse engineering, decompilation and
disassembly of the software. Computer buyers are bound to an agreement present within the
shipping package as long as the agreement is sufficiently noticeable and provides a reasonable
method for the purchaser to show refusal to the terms. Assignment 13. This rule would not apply
to software on the computer unless these conditions were met. A computer user is bound to the
terms of the software on the computer if the user has sufficient notice of those terms and can
show refusal to the terms. These terms are usually presented to the person loading the software
who then has the option to not load the software. However, the terms are not shown to any other
computer users, such as subsequent buyers, so those users and buyers do not know of the terms.
Section 4 of the EULA provides that the one-time transfee must agree to the terms of the EULA,
and courts may hold persons accountable to contracts they would reasonable know about, even if
they do not know the exact terms. Since computer users generally know EULAS, the MS EULA
is enforceable to a subsequent buyer of the computer.
23.2 Article II, Section 1(iii) of the Model Software License provides that a purchaser may make
modifications only to enhance the Client’s use of the software. The License specifically bars
“any independent efforts to generate revenue of any kind from the sale, license, sublicense or
distribution of […a…] Client Modification.” To have the Software License agree with the
Jerry Prettyman                   eCommerce Problems                                Page 33

licensor’s permission, this phrase must be modified to allow sub-licensing to your customers,
perhaps with a royalty fee to the licensor.
23.3 The warranty clause provides indemnity if the infringement claim meets the terms of
coverage. Article V, Section 2 of the Model Software License provides that the vendor warrants
only for one-year and through the subscription period, the functionality of the software, with 90-
day warranties for subsequent service. As the claim arose more than one year after contracting,
the claim is outside of the warranty.
Article V, Section 4 of the Model Software License provides that the vendor will indemnify the
Client against infringement claims (1) of the vendor’s software, but not non-vendor software, (2)
if those claims are presented within 30-days notice to the Client, (3) if the Client provides
reasonable necessary information to the vendor and (4) if the vendor has sole control of the
defense and settlement. Thus, the customer has a valid claim if the customer abided by the 30-
day notice and abides by the information and control provisions.
Article V, Section 4(I) of the Model Software License provides that a claim is viable against
Dodona for the customer’s infringement action if the infringed code was taken without alteration
from the Dodona software. This clause is met since the code was taken without alteration.
23.4 A vendor is not liable for any infringement claims resulting from use of the licensed
software with non-vendor products. Model Software License Article V, §4. Thus, a vendor is not
liable for infringement by a client's use of the licensed product on a Dell server rather than a Sun
23.5 A Client may assign the licensed product to an affiliate or subsidiary entity but may not
assign the licensed software to a non-affiliate or non-subsidiary entity without prior written
consent from the vendor. An assignee or successor must execute an agreement abiding by the
term of the license for the benefit of the vendor. Model Software License Article V, §10(D).
Wessex Bank and Second Data Corporation must obtain the prior written consent of the licensor
to transfer the licensed software and Second Data Corporation must agree in writing to follow
the Wessex license agreement. Provided the client is current on all fees and provisions of the
license and continues to stay so, a client divesting use of a licensed product may continue to use
the licensed product with prior written consent from the vendor and without additional payment
for up to one year. All customer services and software enhancements for this period shall be
through the Client unless the acquiring entity is a licensee of the software. Model Software
License Article II, §6. The licensor is obligated to provide customer services and software
enhancements only for one-year, and only through Wessex Bank unless Second Data
Corporation becomes a licensee. During that time Wessex Bank may continue the use the
licensed software.
23.6 Although a bankruptcy trustee has the power to void and make contracts for the debtor (11
U.S.C. § 365(a)), a licensee to the debtor licensor may reject the offered contract and retain its
rights and obligation for the duration of the executed contract, but without the remedy of specific
performance or exclusivity. 11 U.S.C. § 365(n). Although her licensor is in bankruptcy, and the
trustee has the power to void and renegotiate a new contract with Stacy's bank, the bank is not
obligated to accept a new contract, and may continue to use the software under the terms of the
old contract.
23.7 A software licensor has the power of self-help to retake possession of software for breach of
contract, provided that the impact of dispossessing the licensee would not portend serious injury
to a person. UCITA §815. A software licensor may use the power of self-help to electronically
disable the software. UCITA §816.
Jerry Prettyman                    eCommerce Problems                                 Page 34

   XXIV        Problem Set 24 Sherman Act Anti-Trust, P. 514
24.1 The Sherman Act bars unreasonable anticompetitive acts. A patent is a narrowly carved
exception to the Sherman Act. Under section 2, an assertion of intellectual property rights
violates the Sherman Act if the right was unlawfully acquired, or the assertion was an attempt to
extend the intellectual property rights beyond the rights granted by the intellectual property.
Whether the assertion of intellectual property rights violates the Sherman Act depends on the
scope of the intellectual property and the relevant market. The assertion of a one-click patent
would depend on the legitimacy of the patent and the scope of the patent rights, i.e., whether the
patent covered the market of the allegedly infringing product, whether the assertion was into a
market which the patent provided protection, and the market power of the patentee. If the patent
is limited to all online transactions, then the patentee has a likelihood of success. If the patent is
limited to specific types of online transactions, i.e., books in stock, then the patentee's likelihood
of success decreases.
24.2 Courts have held that intellectual property has a rebuttal presumption of validity to an
antitrust action. Thus, a refusal to sell or license intellectual property is not a violation of the
Sherman Act unless the plaintiff proves that the refusal is both an attempt to hinder competition
and causes competitive based harm to consumers. As such, an intellectual property holder
lacking significant market share does not violate the Sherman Act while an intellectual property
holder having significant market share may violate the Sherman Act. Since the client holds an
80% market share, the client has a monopoly, but the relevant question is whether the client's act
would cause competitive harm to consumers. If the client's business is checked by the remaining
20% of the market and consumers are not harmed through the client's acts, then the client is not
engaged in an unreasonable restraint of trade, and enforcement of the intellectual property is
favored under the rebuttable presumption.
24. 3 A lock-out agreement to bar competitive acts is lawful if the harm caused by the lockout
agreement is against consumers and stifles competition in the relevant market. Companies are
presumed to understand the implication of a contract. A company may execute an agreement that
denies it competitive options unless the drafting party has the market power and intent to cause
competitive harm to consumers. Since Red Hat is in competition with Microsoft, the market
leader, Red Hat lacks the market power to force lockout agreements and it may freely engage in
lockout agreements.
24.4 Dear Congresswoman Herring:
Federal intellectual property law provides that an owner of intellectual property may assert an
exclusive right to use and control of the intellectual property. However, what the federal
government can give, it can also limit. The Sherman Antitrust Act limits the right of an
intellectual property owner to assert those rights to legitimate means within the scope of the
intellectual property rights. Your bill would create an unlimited power for intellectual property
holders to extend their intellectual property rights beyond the scope of the intellectual property.
For example, your bill would allow an intellectual property owner to condition the purchase of
goods or services that are outside the limits of the intellectual property to the purchase of the
intellectual property. As this is an extension into one monopoly into another market, your bill
violates the Sherman Act, and would likely be struck down by the courts as inconsistent with
federal law.
Jerry Prettyman                    eCommerce Problems                                 Page 35

   XXV Problem Set 25 Open Source Licenses, P. 528
25.1 Dear Bob:
While open source licenses, i.e., GPL §§ 1 & 2, the BSD License and Sun Community Source
License art. III(A)(1) bar sale of the open source code, the licenses allow sale of the media, any
accompanying works created by or licensed to the seller, and any services, including a warranty,
provided by the seller. Since you plan to include a 'nice' package of a cd-rom and warranty with
the software, you are permitted to sell these.
25.2 Dear Bob:
Since the open source licenses bar sale of the software by anyone, the re-seller of the program
you have for sale is violating the open source license. Since you can prove that the software
being sold is your software, you have standing to sue him to cease his sales. If you were unable
to prove that it your software, you would likely be unable to stop him personally, although the
Free Source Foundation, the original copyright authors, would be able to sue him.
25.3 Dear Bob,
Section 2 of the GPL allows modification and distribution if the user (a) provides a conspicuous
notice and date of the modification in the software, (b) includes the original license, and, (c)
provides the original copyright and warranty notice.
25.4 Gluecode
The Gluecode sales program licenses the code permitting clients to customize the code but bars
distribution to third parties. The Apache license permits distribution so long as the recipient
receives a copy of the license, all modifications carry a prominent notice of change, the creator
of the derivative work retains all Intellectual Property rights in the derivative work, and all notice
text files include a complete notice statement. The GPL license also allows distribution but lacks
a requirement for notice text files.
25.5 Dear Bob:
While the open source license provides that users cannot sell the software for a fee, people may
still assert Intellectual Property control over portions of the software they create. While JSO
cannot demand payment for the whole of the software, they can assert Intellectual Property
control over the portions they created if they (1) included or posted the source code for the
modification they made, (2) included a conspicuous notice that they changed the software and
the date of the change, and complied with other provisions of the license by which they acquired
the license and software. In the future, please read the notices that accompany the software,
especially those that appear as you begin to install or run the programs.

   XXVI        Problem Set 26 Check Payments, P. 547
26.1 Dear Bertie:
You might remind Spode that he does not have the right to see the original check. Congress has,
by requiring that statement, made the substitute check the legal equivalent of your original check,
and that he cannot refusal to honor your bank statement or the substitute check. The way to make
sure you have a true substitute check is that the check is marked, "This is a legal copy of your
check. You can use it the same way you would use the original check." [Check 21 does not
require any bank to furnish either an original or substitute check, but rather establishes the
circumstances under which a substitute check may be used as the legal equivalent of the original
check. U.C.C. § 4-406, which does not require banks to provide original checks to consumers,
Jerry Prettyman                   eCommerce Problems                                Page 36

still applies. If a bank has agreed to return original cancelled checks to a customer, the bank must
honor that agreement by providing original checks or substitute checks.]
26.2 Dear Bertie:
If it seems that the check was indeed forged, and you need the original check, a bank does not
have to return the paid items unless it has agreed with the customer to do so. Check 21 requires
that banks that provided original checks to the customers must either present the original check,
or an image when the customer requests the check. UCC § 4-406, Comment 1. Under subsection
(b) retaining banks may destroy items but must maintain the capacity to furnish legible copies for
seven years. UCC § 4-406, Comment 3. Check 21 does not regulate fees that banks charge their
customers for furnishing items or copies or other services covered by the Act, but under
principles of law such as unconscionability or good faith and fair dealing, courts have reviewed
fees and the bank's exercise of a discretion to set fees. UCC § 4-406, Comment 3.
26.3 Dear Bertie:
If you truly suspect (i.e., in good faith) that your check to Spode was fraudulently cashed, you
can make a claim for the original check with your bank within 40 days (para. (a)(2)) after the
bank sends you a statement showing the check has cleared. If the bank does not provide you with
the original check, or substitute check, the bank must re-credit your account the amount of the
loss and no later than the end of the business day following the business day on which the bank
determines the consumer's claim is valid. Check 21 § 7 [12 U.S.C. § 5006(c).]
If the bank cannot provide you with the original check, which you need for the pen impression
test to prove that Spode endorsed the check, then the bank must credit your account the amount
of the transaction.
26.4 Dear Carl:
The person in the best position to prevent the loss bears the loss, i.e., the least diligent or the
negligent person. Carl is liable for the loss as Carl did not properly review his bank statement
and timely advise his bank of the error. This is true even with the absence of the payee’s name on
the statement and that the check was not properly payable.
26.5 Dear Mike:
The check image is a sufficient copy to enforce the check. A sufficient copy is a copy of an
original check that accurately represents all of the information on the front and back of the
original check as of the time the original check was truncated or is otherwise sufficient to
determine whether or not a claim is valid. 12 C.F.R. § 2(bbb)(1). This includes a photocopy of
the original check, or a substitute check. 12 C.F.R. § 2(bbb)(2).
         Problem Set 27 - Omitted

   XXVII Problem Set 28 Credit & Debit Payments, P. 598
28.1 Dear Cliff:
For the most part, you can feel quite safe in making online purchases over the Internet. To
assuage your concerns, I will cover each payment method individually.
The Truth in Lending Act provides protection for fraud and error by giving cardholders 60 days
to file a billing error complaint and requiring card issuers to resolve billing error complaints
within two billing cycles. Truth in Lending Act § 161(a). A billing error complaint may be about
the card issuer or a merchant. § 161(b). In either case, the card issuer must conduct a reasonable
investigation, (§ 161(a)(B)(ii) and Regulation Z (12 C.F.R.) § 226.13(f) n.31), and if denying a
claim, provide a written reason within two cycles. Truth in Lending Act § 161(a) and Regulation
Jerry Prettyman                    eCommerce Problems                                Page 37

Z (12 C.F.R.) § 226.13(c)(2), (f). The card issuer is also barred from canceling the account
during that time. Truth in Lending Act § 161(d) and Regulation Z (12 C.F.R.) § 226.13(d), (g).
Furthermore, a cardholder's liability for unauthorized charges is limited to $50, even if the
cardholder knows that the card is stolen. Truth in Lending Act §133(a)(1)(B), Regulation Z (12
C.F.R.) §226.12(b)(1). To encourage card issuers to keep up on risk-management technology, the
card issuer, rather than the merchant bears the risk of loss for unauthorized charges. For instance,
the merchant makes the sale based only on the card number, then the cardholder does not have
any liability. The risk of using a Credit Card with billing address verification only has the
greatest risk, but that risk is to the merchant, rather than the cardholder. If you did not authorize
the charge, you are not liable for the charge. The risk of using a Credit Card with PIN or CVV
verification is lower, but that does not matter so much for the cardholder.
The risk of using a Debit Card (generally). Debit cards are covered by the Electronic Funds
Transfer Act. There is a greater risk of using a debit card over a credit card, and some people
prefer a credit card since the funds remain in your account until you pay them to the card issuer.
The primary difference is that while your loss on a credit card is limited to $50, this applies to a
debit card only if you notify the card issuer within 2-days of learning of the loss, theft, or
unauthorized transfer, or within 60 days of the statement date. EFTA §205.6. If you do not notify
your card issuer within 2-days, or more than 60-days after the statement date, your loss limit
goes up to $500. EFTA §205.6.
Notice of unauthorized use is considered given to an institution when the consumer takes
whatever steps are reasonably necessary to provide the institution with the pertinent information,
whether or not any particular employee, in fact, receives the information. At the consumer’s
option, notice may be given in person, by telephone, or in writing. Notice in writing is
considered given at the time the consumer deposits the notice in the mail or delivers the notice
for transmission by any other usual means to the institution. Notice is also considered given
when the institution becomes aware of circumstances that indicate that an unauthorized transfer
has been or may be made.
The risk of using WEB entry: A web entry is similar to electronic bill paying, and is also covered
by the Electronic Funds Transfer Act. Thus, the loss rules are the same.
28.2 Dear Don:
        Problem Set 29 - Omitted
        Problem Set 30 - Omitted
        Problem Set 31 - Omitted
        Problem Set 32 - Omitted
        Problem Set 33 - Omitted
        Problem Set 34 - Omitted

   XXVIII Problem Set 35 Copyright Security Interests, P. 693
35.1 Dear Karl:
You asked me whether Jane's contract with Birch Publishing, signed on April 2 and recorded
with the copyright office on April 3, has priority over your unrecorded contract signed on March
1st. The good news is that the copyright act will backdate your assignment up to thirty days from
the date of recording, up to the date of execution. Since today is April 10th, and say we file
tomorrow, you will be able to assert a recordation date of March 11th.
35.2 Dear Karl:
Jerry Prettyman                    eCommerce Problems                                Page 38

The recording statute also provides that a party cannot take benefit of the recording statute, even
for backdating, if the party knew of an earlier assignment. Since Birch knew of your deal with
Jane, they are precluded from asserting priority over you, even if you recorded more than 30
days after they signed the contract with Jane.
        Problem Set 36 - Omitted

   XXIX        Problem Set 37 Patent Security Interests, P. 717
37.1(a) Dear Mark:
As I understand your message, you received a patent assignment from GenCode on March 1st,
but it now (April 10th) appears that GenCode, having cash flow problems, has also sold the
patent to Venter Pharmaecuticals. You are concerned because you have not yet filed the patent
assignment with the Patent Office. Fortunately, you have three months from the date of
execution to file the patent assignment. 35 U.S.C. § 261. Although Venter Pharmaecuticals
recorded its purchase on April 3rd, you can backdate your filing to March 1st, and have priority
over Venter Pharmaecuticals.
37.1(b) Dear Mark:
The patent assignment recording statute gives priority to persons who pay value. Since you paid
for the patent, but Venter Pharmaecuticals received the patent as charitable contribution, you
have priority over their interest.
37.2 Dear Mark:
The Copyright Act provides for priority for registered copyright works to persons who file within
one month after its execution in the United States. Since more than 30 days have elapsed, your
priority is in jeopardy.
37.3 Dear Stacy:
(a) To protect your interest in your loan to Pheazer Pharmaceuticals, you will need to check the
Patent Office and the Secretary of State security filings in both Delaware, where Pheazer is
incorporated, and in Missouri, its principal place of business.
(b) Since a party may file a patent assignment up to three months after execution, you should
wait at least that long before advancing any funds.
(c & d) Besides filing the assignment with the patent office, you should also file UCC §-1 filings
with the Secretary of State offices in both Delaware, where Pheazer is incorporated, and in
Missouri, its principal place of business.

   XXX Problem Set 38 Trademark Security Interests, P. 733
38.1 Dear Stacy:
As you are aware, the "EverHair" name for the patented product is a brand name, which also has
protectable rights as a trademark. As such, you should find out if Pheazer filed for a trademark
with the U.S. P.T.O., and to protect your interest in the patented product and its name, file a
UCC §-1 financing statement with the Secretary of State in both Delaware, where Pheazer is
incorporated, and in Missouri, its principal place of business.
38.2 Dear Stacy:
A trademark is a name that indicates the source of goods or services, and through that tie, has
value as related to the source of the goods or services. If you would like to take a security interest
in Roadrunner Transit's trademark, you must ensure that your exercise of the security interest
would give you an interest in Roadrunner Transit. Thus, you have an opportunity to execute a
security interest in Roadrunner Transit and its trademark. You must be cautious in that to
Jerry Prettyman                   eCommerce Problems                              Page 39

foreclose on the Roadrunner Transit trademark, you must be able to foreclose on Roadrunner
Transit as a business, separate from the security interest held by Country Bank. Country Bank's
security interest is in Roadrunner Transit's receivables and inventory, but not Roadrunner
Transit. You must determine what you would have left if Country Bank were to foreclose and
remove all receivables and inventory.
38.3 Dear Stacy:
The production process is a trade secret, and as such, is not recordable in which to provide a
security interest since a secured transaction requires detailed description of the secured item.
While the process has value, its only court protection is from tortious misappropriation, so you
would not be able to foreclose on the process alone. To take a security interest in the process,
you will have to find something else inherent to the process that you can describe with
particularity so all the world would understand your interest.

To top