Session 2: SET UP
Teaching Fellow: Matt Lovell
SET UP - TABLE OF CONTENTS
II. Registering a Domain Name
IV. ISP Liability
V. Website Development
VI. Marketing and Advertising
IX. Additional Materials
In today's wired age, it is common knowledge that setting up one's own web page is not a particularly difficult endeavor. Indeed, anyone who has run a broad-based search through one of the major search engines has likely come across myriad "homemade" pages created by individuals reflecting their personal interests or some life ambition. To set up a web site, one really only needs an Internet-connected computer, a web browser equipped with a basic text-editing application and an Internet service provider (ISP) that offers web hosting for its users. Such users are unlikely to seek legal advice, and the legal issues that arise in relation to such sites tend to be limited to copyright and trademark violations by the site creators.
presents a wholly different challenge for the site creator and the legal practitioner.
The sophisticated nature of the technology required, the number of players involved
in setting up a site and facilitating transactions, the privacy concerns of
customers who may be giving the site information about themselves, and a host
of other realities of online business make effective legal representation critical
in this arena. In addition, e-commerce set-up often requires great speed due
to the nature of the industry, therefore adding an additional layer of complexity
that calls for even more vigilance and preparedness on the part of the legal
practitioners in structuring transactions and advising clients. This section
of the course will examine some general steps that most U.S. e-businesses will
follow in establishing an e-commerce site and explore the necessity or possibility
of legal representation at different critical junctures of the set-up process.
A handy keyword
searchable glossary for e-commerce terminology is Internet.com's
Back to TOC
Registering a Domain Name
In setting up a website, the first step usually undertaken is registering a domain name. A domain name is the unique address that guides a user's browser to the computer on which the website resides. It usually consists of two elements, the top-level domain (TLD) and the second-level domain (SLD - which some simply refer to as the "domain name"). The most recognizable example of a TLD is the familiar .com found at the end of many web addresses. In addition, there is another set of TLDs reserved for specific countries. These are known as the country code TLDs, or ccTLDs and include domains such as .jp for Japan, .fr for France, and the much-ballyhooed .tv for Tuvalu. The administration of these sites was given over to authorities in each nation, some of whom have restricted registration to residents of that nation while others (most notably Tuvalu) have opened registration to anyone willing to pay the price. Finally, ICANN, the Internet Corporation for Assigned Names and Numbers (Website)(ICANN1), recently selected seven new gTLDs from proposals submitted by private applicants, including a new .biz TLD for businesses and .pro TLD for lawyers, physicians, and accountants (Website)(ICANN2). Registration in the new gTLDs is not expected to begin before the Fall of 2001.
A. CHOOSING A TOP-LEVEL DOMAIN (TLD)
Choosing a TLD
then is the first step in registering a domain name. There are many registry
services for the three unrestricted gTLDs, with a variety of prices and service
options available. One must closely review the terms of the registrar service
agreement policies. The domain holder's rights in a gTLD domain name are very
tenuous; most registrars reserve the right to revoke a domain registration at
their own discretion. And courts have only just begun to explore the boundaries
of domain names and property rights. In one of the few cases addressing domain
names as property, a state court in Virginia ruled that a domain name is a form
of intangible intellectual property subject to post-judgment creditor remedies
The case was later reversed when the Virginia Supreme Court ruled that the domain
names at issue could not be garnished, but that court left open the question
of whether the domain names themselves could be considered property (Website)(Umbro
II) However, a subsequent Federal court decision (Website)(Dorer),
cast some doubt on property rights in domain names before the court ultimately
disposed of the case without definitively answering the question.
In addition, all
of the current open gTLDs (.com, .org and .net) must abide by a standard Uniform
Domain Name Dispute Resolution Agreement under which the domain holder is subject
to a mandatory resolution procedure if any trademark owner complains about the
domain name. For more details about the UDRP, see the course section on Disputes.
In the end, most commercial concerns usually register the same name in all three
gTLDs just to avoid confusing customers.
CHOOSING A SECOND-LEVEL DOMAIN NAME (SLD)
The next step is to choose a second-level domain (SLD or 2LD), which is the part of the domain name preceding the TLD. Common examples of SLDs include the "Amazon" of Amazon.com and the "CNN" of CNN.com. Choosing an SLD is something particularly important for those involved in e-commerce as they think about branding and trademarks. This choice is best made with the advice of trademark counsel. As most common words and short phrases have already been registered as second-level domains in the unrestricted gTLDs, a business may have to look to an unrestricted ccTLD or one of the new TLDs to register a manageable and easily remembered name. To find out if a name is available in the gTLDs, an e-business should use the VeriSign global registry service Whois search (Website)(Whois). In addition, each ccTLD has its own "whois" database but many are searchable from Allwhois (Website)(Allwhois) and Uwhois (Website)(Uwhois).
One is safest
when registering one's own trademark or tradename. If it has already been registered
by another party, consult the UDRP or local law for possible grounds to force
a transfer of the domain to you. If the other party has superior rights, or
if you have not yet established any legal right in the name you wish to use,
an important first step in registering a second level domain name is a trademark
search. Due to the focus on trademarks in the ICANN UDRP - under which a domain
name registrant may be forced to give up a domain name to its trademark holder
- it is crucial to make sure the domain name being registered is not a registered
trademark belonging to someone else. For a review of the ICANN dispute procedure,
see Diane Cabell, Using ICANN's UDRP (2000) (Website)(Cabell).
A Trademark Search for more information.
CHOOSING A REGISTRAR
Virtually all domain registrars have a very simple search process to see whether a name is available and many also have tools to help users find available domain names containing similar words if the original choice is unavailable. After finding an available domain name (top and second-level), most registrars give registrants a choice of options in terms of pricing and duration. Registrars may only grant domain names for fixed periods of time (Website)(ICANN3) - with an option to renew when the period lapses - and most registrars give options for different registration durations. Choosing a longer registration period has the advantage of locking the registrant into a registration at a price that will not rise, and some registrars offer discounts for registrations of longer duration.
also may offer differing packages of services for additional fees. Network Solutions
for instance, offers hosting services for registrants. Some registrars do not
offer hosting, instead requiring the registrant to provide them with domain
name server (DNS) information before they will register the name. The easiest
road for those not quite ready to set up their websites is to choose a registrar
that offers free parking, which basically means that the registrar registers
the name without requiring DNS information and "parks" the name on
its server until the registrant is ready to use the name.
While many registrants
simply choose the first registrar they come to, the above options considered
in light of the user's needs will aid in choosing the best registrar. An equally
important consideration that is often overlooked, however, is the Terms of Service
(TOS) agreement, or the registration contract. Unfortunately, the registrars
are often the guilty party in this oversight, as TOS agreements require the
registrant to follow an often-subtle link; most registrars do not even require
the TOS agreement page to be accessed before processing an order.
Name Registration Agreements for more information.
Back to TOC
After registering a domain name, most businesses will need to arrange for hosting services. As hosting is a relatively new industry, the actual services offered in a web hosting agreement vary from provider to provider, making it difficult to generalize what, exactly, comprises hosting. In general, a host basically stores web pages for a client and operates a giant switchboard of sorts that connects web users' computers with requested pages from the hosted company. Hosts generally facilitate such storage and connections by operating hosting centers, large warehouse spaces that contain the computers on which clients' web pages are stored and connect them to the Internet via high-bandwidth fiber-optic lines.
OF UTILIZING A HOST
While some companies may have the hardware, office space, and personnel resources to create their own servers and host their own sites, utilizing a host and its hosting center provides some distinct advantages over managing one's own server. For one thing, outsourcing such services can save considerable money - hosting often runs about one quarter of the cost of running one's own site (Website)(Wooley) - in terms of the aforementioned resources. Utilizing a host may also decrease the chances of problems due to security breaches, power outages, and the like, if one selects a hosting center with round-the-clock security, back-up power generators, climate controlled storage space, and buildings created to withstand natural disasters. A final advantage of utilizing a host is speed - the proximity of the server to the user is a major factor in transaction speed, although other factors affecting speed such as bandwidth speed, server speed, and number of hops may lead to situations where the closest server is not necessarily the fastest. (Some European websites with primarily European visitors actually get faster and cheaper connections by hosting in the U.S.). As hosting centers give servers direct, high-capacity, and high-speed access to the Internet backbone, using a host obviates the need to rewire one's physical place of business for the necessary level of connectivity. Employing a host gives a client the advantage of faster connectivity to users/consumers who are located far from the headquarters of the company. Using a host also allows a business to set up a number of alternative servers in various locales in order to bring greater speed to a greater number of people.
B. LEGAL ISSUES IN HOSTING AGREEMENTS
a domain name can and is often done without legal representation, the many legal
issues arising in the context of a hosting agreement make the services of a
transactional lawyer a necessity. This is especially important considering the
somewhat vague definition of what is included in hosting, as the practitioner
must make certain that all of the e-commerce client's needs are met when drafting
a hosting agreement or making changes to boilerplate hosting agreements. There
are several major areas that require special attention to detail when structuring
such deals, including: equipment, maintenance, service stoppages, security,
and allocation of risk. Part 3: Consumer Privacy
reviews some of the issues concerning collection of personal data by hosts.
See Website Hosting Checklist for more information.
IV. ISP Liability
A major issue in the Internet context is determining who can be held responsible for wrongful acts on the part of Internet users. Should only the user who actually commits the act be held liable, or should the Internet service provider or website operator be held liable for the wrongful acts of its users? These questions take on particular significance for an e-business when considering different options for a website. Offering consumers the ability to post reviews of products or participate in chat room or bulletin board discussions raises such issues of liability. When looking at hosting relationships as well, there is a question whether hosts can or should be held liable for wrongful acts of the parties it hosts. Courts have taken different approaches to address these issues, relying on common law principles, case law precedents, and statutory provisions.
The first major
case to arise in the realm of ISP liability was Cubby v. CompuServe (Website)(Cubby).
Cubby involved a situation where allegedly defamatory statements regarding the
plaintiffs were published on a CompuServe bulletin board, resulting in suit
against both the content developer and service provider (CompuServe). In granting
summary judgment for CompuServe, the district court emphasized the fact that
CompuServe had no editorial control over, or even knowledge of the contents
of, the statements published and therefore acted as a mere distributor of the
materials available on its message boards and other online fora. The court relied
on general principles emanating from the First Amendment (as interpreted in
analogous cases dealing with traditional media) to rule that a distributor cannot
be held liable for distributed publications containing defamatory statements
if it neither knows nor has reason to know of the allegedly defamatory statements.
The rule established in Cubby thus provided an incentive for ISPs to remain
ignorant of the actual contents of the publications on its network in order
to be considered a distributor immune from liability.
The next major
development in the realm of ISP liability came in the case of Stratton Oakmont,
Inc. v. Prodigy Services Co. (Website)(Stratton).
In that case, the court held that the Internet service provider Prodigy could
be held liable for libelous statements posted on a bulletin board it operated
by anonymous users, even though it was not aware of the statements. Key to the
court's analysis was that the ISP in this case was more akin to a publisher
than a distributor, and was therefore not entitled to special protection under
the defamation law. The court further reasoned that because the ISP made representations
to the public concerning its regulation and screening of content on its bulletin
boards, it was exposed to greater liability than an ISP not making such representations.
In the court's opinion, the fact that Prodigy screened only for indecent and
obscene content and not defamation was of no consequence. This case could be
reconciled with Cubby - and indeed, the court relied on Cubby to reach its outcome
- due to the fact that the ISP here attempted to exercise editorial control.
However, the reasoning led to the seemingly perverse result that service providers
who actually made an effort to police their sites would be judged more harshly
than those who chose to remain totally ignorant.
THE COMMUNICATIONS DECENCY ACT (1996)
Congress attempted to address the issue raised in the Stratton Oakmont case through the Communications Decency Act (CDA) (Website)(CDA) of the Telecommunications Act of 1996 (Website)(TelecomAct). Although the main thrust of the CDA, which attempted to regulate indecent content on the Internet, was eventually struck down as violative of the First Amendment (Website)(Reno), a safe harbor provision dealing with ISP liability was left intact. That provision, 47 U.S.C. §230(c) [Website)(§230(c)], was drafted to explicitly overrule decisions such as Stratton Oakmont by not subjecting those ISPs that made an effort to screen content to stricter liability than those who made no effort at all (Website)(Record). The provision, which is also known as the "Good Samaritan" defense, states: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider" [Website)(§230(c)(1)]. The subsection goes on to preclude civil liability for ISPs attempting to regulate or block access to offensive content [Website)(§230(c)(2)].
provisions of the CDA played a prominent role in the case of Zeran v. AOL (Website)(Zeran).
In that case, a user pretending to be Mr. Zeran posted comments on an AOL message
board, offering T-shirts with offensive and tasteless slogans regarding the
Oklahoma City bombing, which had occurred just days earlier. The posting, which
included Zeran's phone number, resulted in a large volume of angry phone calls,
including death threats. While AOL personnel removed this original posting when
Zeran notified them, they refused to publish a retraction, and subsequent postings
offering merchandise with even more offensive slogans soon followed. The problem
was exacerbated when an Oklahoma City radio station broadcast Zeran's phone
number and encouraged listeners to call him and let him know what they thought
about his offer.
Zeran's suit against AOL claimed that the ISP had failed in its "duty to remove the defamatory posting promptly, to notify its subscribers of the message's false nature, and to effectively screen future defamatory material" (Website)(Zeran,330 ). AOL relied on 47 U.S.C. §230 as an affirmative defense, and the trial court granted its motion to dismiss. In upholding the district court's ruling, the 4th Circuit explored Congress' intent in passing this section of the CDA:
The purpose of this statutory immunity is not difficult to discern. Congress recognized the threat that tort-based lawsuits pose to freedom of speech in the new and burgeoning Internet medium Faced with potential liability for each message republished by their services, interactive computer service providers might choose to severely restrict the number and type of messages posted. Congress considered the weight of the speech interests implicated and chose to immunize service providers to avoid any such restrictive effect. (Website)(Zeran 330-331)
The court went on to suggest that §230 of the CDA was drafted to respond to and overrule Stratton Oakmont, seeking to remove the disincentives to self-regulation that resulted from that line of reasoning. Along these lines, the court also rejected Zeran's claim that the rules applying to a distributor, as opposed to a publisher, should apply to AOL in this case, arguing that such a conception would defeat the purpose of the statute. While the Zeran court thus recognized the broad sweep of ISP immunity under the CDA, it did stress that the Act allows an injured party to seek redress from the individual responsible for the injury. Zeran, however, was unable to identify the defamatory poster and therefore was left without an easy remedy.
CDA Cases for more information.
B. THE DIGITAL
MILLENNIUM COPYRIGHT ACT (1998)
Congress again addressed the issue of ISP liability through legislation in the Digital Millennium Copyright Act (DMCA) of 1998 (Website)(DMCA), which revised portions of the existing federal copyright law and added new provisions. Title II, §202 of the DMCA, which was incorporated into the copyright code as 17 U.S.C. §512 (Website)(§512), addresses limitations on liability relating to copyrighted material online. Specifically, the provision grants an ISP immunity for possible copyright violations as a result of transitory digital network communications, system caching, storage of copyrighted materials by users in ISP storage space, and directing users to particular locations (through links, directories, or other tools). While the first two of these provisions attempt to address copyright issues that arise specifically due to technological processes (such as passively forwarding network traffic on the way to its ultimate destination), the second two touch more broadly on traditional issues of contributory or vicarious liability for copyright infringement that have closer analogues in the non-digital world.
granted in these DMCA provisions are subject to numerous conditions that make
the law somewhat convoluted. The most basic and important of these conditions
are that the ISP have no knowledge of the infringing conduct of its users (or
infringing nature of its own links) and that, once an infringement is discovered,
it take steps to expeditiously remove infringing material and suspend service
to the infringing party. In this way, the DMCA offers a safe harbor to ISPs
by withholding liability for infringement from ISPs that have no knowledge of
an infringement. When infringement is discovered, the ISP can remain within
the safe harbor and escape liability by promptly following the specified procedures
for removal or diabling of access once it is notified of the infringement. While
this safe harbor combines with the protections of the CDA to give a broad immunity
to ISPs, the DMCA provisions may have the ancillary effect of impinging upon
free speech by encouraging more stringent actions to be taken by ISPs against
alleged infringers in an effort to remain within the safe harbor.
See Notice Provisions of the DMCA for more information.
ISP LIABILITY AND THE E-BUSINESS
What does all this mean for the e-business? First of all, an e-business that does not have its own fully self-sufficient infrastructure needs an ISP of some sort, and these case law precedents and statutory provisions will clearly effect e-business-ISP relations. Even the most self-sufficient e-businesses, usually utilize an upstream service provider of some sort. Furthermore, to the extent that an e-business takes on attributes of an ISP, these precedents and provisions may apply directly to the e-business as a service provider. For most e-businesses, the host will be the ISP and issues of ISP liability that arise may be incorporated into a hosting agreement. The default rule set forth by the CDA and the cases interpreting it in regards to defamatory or obscene content will immunize the host from liability for an e-business' wrongdoing in publishing such content. While a specific hosting agreement certainly may be drafted to reallocate the liability in these cases, there is little incentive for the host to do so and the e-business itself is clearly in the best position to regulate its content. These considerations make it likely that the default rule will be followed.
The DMCA safe
harbor provision presents an opportunity for a practitioner to draft specific
contractual provisions for a hosting arrangement to address the execution of
the statutory processes. Because the DMCA safe harbor may give ISPs an incentive
to overreact in shutting down sites that are allegedly infringing, an e-business
may wish to modify a hosting agreement to allow recovery for damages due to
improper termination of service (i.e. termination when there was no infringing
content or other infringing activity). An e-business may also wish to draft
contractual language concerning the processes by which a host ISP may shut down
service. For instance, an agreement could require notice of pending termination
to be given to the e-business and provide for a specific period of time to cure
the allegedly infringing conduct prior to termination or suspension of service.
Such contractual provisions regarding recovery for improper termination or the
process of termination can be a powerful tool to blunt the blow upon content
providers and other Internet users by the DMCA and its encouragement of vigilance
on the part of ISPs. It should be noted however, that contractual provisions
that work within the contours of the DMCA and attempt to reach agreement on
the ambiguous interpretive junctions of specific statutory provisions will be
more likely to withstand challenge, as the federal statute may be found to preempt
any explicitly contrary contractual language in court proceedings. This is particularly
important considering the rights of third parties (copyright holders) are involved
in these types of cases.
The other main
situation in which an e-business may be affected by issues of ISP liability
is that in which the e-business itself takes on the attributes of an ISP, opening
itself up to potential liability for the acts of its users. This process of
an e-business taking on the characteristics of an ISP is common for those websites
that offer users more interactive services. An e-business may find it advantageous
to give its customers fora, such as chat rooms, to discuss products and other
topics related to the e-business. Or it may wish to allow its customers to post
product reviews that potential buyers can then access. These chat rooms or review
areas may be used in a manner that injures third parties - ranging from the
posting of defamatory content to copyright infringement (either direct posting
of copyrighted material or contributory infringement by posting sites where
copyrighted material can be illegally obtained).
an e-business can be held liable for such acts of its users depends on the construction
of the statutes at issue. The courts have explored the contours of the CDA and
DMCA and their applicability to websites in several major cases.
See Access Provider Liability for more information.
back to TOC
A. IN-HOUSE DEVELOPMENT V. OUTSOURCING
web design and programming is something that can be developed by in-house personnel
or can be outsourced. While most businesses take advantage of the benefits of
outsourcing the hosting of servers, web design and, to a lesser extent, programming
are often kept in house for several reasons.
Web design is the most crucial aspect of an e-commerce business. The website is where customers interact with the business and buy products; in some instances (as with purely content providers), the website itself is the product. Another reason many companies keep web design and programming in-house is because the Internet economy in general and e-business specifically often calls for rapid changes - both in the content and design of websites. In terms of content, it may often be the case that an e-business needs to add updated products or product information to its website, either as part of the regular course of business or in response to some particular event in the market. For design in general, it will often come to the attention of those running an e-business that a particular new web design or layout of the site would be more attractive to customers or make the site easier to use. It may also come to the attention of those running the business - often in the form of customer complaints - that there is some sort of problem with the functionality of the site or its general layout. Keeping an in-house team of programmers/designers allows the e-business to respond to these stimuli quickly and keep the business running smoothly, which may not be possible if the services are outsourced due to lack of personnel, time or urgency on the part of the contracted designers and programmers.
However, it is
not always feasible for every business to keep a fully equipped in-house design
and programming team. Some small businesses may not have the budget or the pressing
business need to develop their own programmers. Large businesses may choose
to outsource certain aspects of the design and programming services, such as
graphic design, editing, and backend software development. Many of these oft-outsourced
services have to do with design and programming aspects that are not site-specific.
One reason for this is the idea that an outside party may not fully understand
the vision and purpose of the e-business, so should work only on the more generic
aspects of design and programming. In other cases, it may not be cost-effective
to develop one's own designers/programmers for things that are not site-specific.
For instance, a site in need of graphics for its website may hire an outside
graphic designer to develop pictures and icons. Outside programmers are often
hired to implement credit card verification systems, inventory and archiving
systems, and internal search engines. The more mechanical an aspect of website
functioning, the more likely it is to be outsourced. Thus, much programming
outsourcing is geared towards backend functionality and internal aspects that
keep a website running smoothly behind the scenes.
B. WEBSITE DEVELOPMENT AND INFRINGING CONDUCT/CONTENT
As with hosting, when programming and design services are outsourced, the e-business and its attorney must undertake an analysis regarding allocation of risk and responsibility through the services contract. Two main areas in which there can be problems are liability for copyright or trademark infringement and service disruptions or other problems due to malfunctioning programming. In terms of copyright, an e-business should communicate to a hired designer that all graphics, photographs, and text used on the website must be original or in the public domain. As most of the photographs and graphics currently used on websites and in print media are copyrighted, the e-business practitioner must diligently attempt to determine whether non-original graphics/photos used by an outside designer are truly in the public domain. The attorney should also be aware of the fair use doctrine (Website)(§107) as it may be useful in excerpting portions of texts (a favorable review of the business' website or products, for instance) or other copyrighted media - although it should be noted that use of copyrighted materials for commercial purposes enjoys less latitude in fair use analysis than non-commercial use (Website)(Sony).
While these copyright concerns apply equally to businesses that design their own websites, it is important to note that contracting the work out will not save the website publisher itself from escaping liability for any infringement, due to the basic tort concept of vicarious liability. One possible way around this is to create a contract that specifically puts the burden of noninfringement on the contracted designer and holds it liable for any infringement. This does not absolve the publisher from copyright infringement, however, and a business may be limited to seeking post-judgment contribution from the designer or may be left to satisfy a judgment if the designer is insolvent or otherwise judgment-proof. While such contractual language is still better than nothing, perhaps the best technique to employ is to carefully check a contracted designer's work or avoid using non-original content at all.
See Prof. William W. Fisher, Linking, Framing, Meta Tags, and Caching at http://cyber.law.harvard.edu/property00/metatags/main.html for more information.
C. PROGRAM MALFUNCTIONS
Programming malfunctions and other associated problems can also be handled through contracts between the e-business and its hired programmers. To the extent that any such problems adversely affect customers (as in overcharges on credit cards, failure to register sales and ship products, etc.), there are similarities to the copyright context regarding satisfaction of a wronged third party. This is a particularly grave concern when problems with programs result in security breaches, which may lead to anything from a hacker putting offensive material on a business' website to the release of personal information or credit card numbers. Once again, when drafting a contract between an e-business and outside programmers, an attorney should be aware of possible problems that may result from faulty or otherwise malfunctioning programs. Contracts should consider a mechanism to address unforeseeable problems should they arise and arrange for necessary modifications to remedy them, as well as remedies for substandard or negligent programming. When hiring outside programmers, e-businesses should inquire into past problems with the programmers' work and their general service records and customer satisfaction in order to make an informed judgment about the likelihood of problems and potential adverse effects on customers. However, it should be recognized that programming is an ever-changing field and therefore never free from errors; this should also lead the e-business to implement contingency plans for problems due to program malfunctions and have mechanisms in place to remedy such problems immediately.
See Security for more information about external threats to website integrity.
SOFTWARE LICENSING AND WORK-FOR-HIRE CONTRACTS
Another aspect of programming that warrants brief mention for its legal implications is programmers' use of software and software licensing. For instance, a website may wish to use automated software for matching users up with products, but the contracted programmer is unable to develop a program due to budgetary or technological constraints. In such a case, the e-business or its programmer may look into commercial software available to meet this need. As most software requires a license for each distinct use, an e-business should make certain to pay for the license for the use of such software by its hired programmers. While this will increase the cost of programming services, it is important to ensure the software is being used legally so as to eliminate any possible cause of action by the software rights holder. The cost of these licenses may be charged in the services agreement with the programmers or the e-business can exercise more caution and arrange to pay the software licensing fees directly to the software developers. The latter option would prevent the e-business from assuming any liability in the case of an unscrupulous programmer who charged for software licensing fees but did not pay the software developers. Of course, this is may not always be a concern, as many programmers use their own software and certain software is in the public domain. In drafting a programming arrangement, the diligent attorney should inquire into the software to be used and make sure any needed licenses are obtained.
In addition to
respecting others' rights in their software, it is important for an e-business
to take measures to protect the software and other materials (including the
web page itself, databases, etc.) developed for the e-business itself. All free-lance
and other contract work should be done on a "work-for-hire" basis
which, when specified in advance by the parties in their written agreement,
allows all copyrights in the contractor's work to vest automatically in the
e-business. If such agreements are not executed in advance, then the material
belongs to the contractor and the e-business must obtain a written license to
use the work on the website, or preferably an outright assignment of all rights.
The work-for-hire rights automatically accrue to employers when the creation
of the website material is required as part of the employee's job duties.
See Website Development Checklist for more information.
back to TOC
VI. Marketing and Advertising
In order to be successful, an e-business must engage in advertising and marketing. These areas have more in common and substantial crossover with their counterparts in the traditional bricks and mortar business world than the more technology-specific concerns above. However, advertising and marketing in the online medium also raise considerable novel issues of which the e-commerce practitioner should be aware. This section will highlight some common modes of advertising and marketing online and examine some legal issues that may arise in those contexts. (Note: This section will not deal with advertising and marketing through traditional media such as television and radio, billboards, mass mailings, etc.).
Advertising one's e-business online usually takes one of two forms: 1) the purchasing of advertising space on another's website, or 2) swapping advertising space with another business or participating in an general advertising exchange program. Purchasing advertising on another website requires an e-business to determine its potential/desired customers and find an appropriate site through which to reach them. Advertising and marketing online offer e-businesses the advantage of reaching a well-defined target audience easily by buying space on websites whose visitors are in the same demographic as those sought as e-business customers. Websites are able to gather varying amounts of information about the types of visitors to their site (as will be discussed in Part 3: Consumer Privacy) with sites requiring registration or subscription particularly adept at gathering detailed information. This offers a distinct advantage over the types of data that can be gained from other media such as television and radio - instead of merely determining that a program is predominantly reaching the 18 to 25 year-old male demographic (a favorite group of television and movie executives), websites can give a more detailed breakdown of their audiences. This information can include age, sex, race, nationality, and other categories that make targeted advertising and marketing a reality - meaning less money is wasted going after groups to whom the e-business is not really catered. (Note: Gathering such information can raise significant privacy concerns; see the forthcoming course section on Privacy). Websites also can give potential advertisers information about the volume of traffic to their sites and therefore the size of the audience that will be reached by the advertisements.
A preliminary step in finding advertising space is thus determining what types of websites attract users who would be potential customers of the e-business. In some cases this may be easy - a golf news website would be a good fit for an online seller of golf equipment - while in other cases more research will need to be done to determine a good fit between advertiser and host. Most large websites have links to general advertising information and contact information for their advertising sales departments. Prospective advertisers can then make appropriate inquiries into the audience they would reach by advertising on a particular website, the costs of advertising, etc.. One other option is to go through a large-scale advertising service, such as DoubleClick (Website)(DoubleClick), that offers advertisers access to a network of partner websites in different categories. Such services act as middlemen, bringing together advertisers and those with advertising space in similar fields, eliminating many of the transaction costs associated with searching for individual advertising hosts. Utilizing such a service also will likely increase the audience the advertisement reaches by displaying a client's advertisement across a wider array of host sites, although this may come at the expense of reaching a more narrowly defined target audience.
Legal issues in renting advertising space mainly involve the agreements between advertiser and host. An e-business may have different options in structuring these agreements, such as choosing to pay a fixed price for advertising for a particular period of time, paying the host on a sliding scale depending on the amount of traffic to the host site or actual clicks through to the targeted (advertising) site, or paying the host a commission on sales made as a result of the ad. Issues concerning ad placement, number of views, viewership guarantees, ad tracking, and click-through fraud prevention should all be spelled out in the advertising agreement. As an e-business' advertising needs are sure to change over time, an agreement should also contain provisions regarding changing one's advertisements during the course of the contract; such a provision also allows changes to be made in response to consumer complaints/feedback. The advertising host likely will want to include in the agreement clauses indemnifying it in certain situations. These situations - which should also be kept in mind if the e-business itself decides to sell advertising space - include copyright and trademark infringement as well as cases involving fraud or misleading advertising.
trademark infringement issues may arise as a result of infringement directly
in the displayed advertisement itself or by linking through the advertisement
to a site that contains infringing works. In the former case, the infringement
itself is posted on the host site and the host is therefore potentially liable
for copyright infringement (Website)(Fausett).
The case of advertisements linking to a site that contains a copyright or trademark
infringement may give rise to a claim of contributory or vicarious infringement
against the linking party. Contributory copyright infringement results when
"one who, with knowledge of the infringing activity, induces, causes, or
materially contributes to the infringing conduct of another" (Gershwin).
The U.S. Supreme Court has also acknowledged the doctrine of contributory copyright
435). To deal with these situations, the parties should agree upon which
party will be held liable for such infringement, as well as create a plan of
action in the case that a possible infringement is brought to the attention
of the host or advertiser.
See Advertising Exchanges and Advertising Standards for more information.
In addition to advertising, many e-businesses also reach potential customers via email. Contacting customers through email usually takes two forms: targeted emails directed at past customers or registered users of an e-business, or mass emails sent to a mailing list usually compiled by a third party. Many respected e-businesses use the first form of targeted emails to customers or registered users in order to keep these consumers apprised of new developments at the e-commerce site, such as new products, sales/promotions, or a new version of the website. When registering at a website (usually for the promise of greater access to information, products, etc.) or when purchasing a product, most e-businesses usually ask for a customer's email address and other basic information (more information is usually required when purchasing a product because of the need for shipping and credit card information). A common technique of many e-businesses is to have email offerings included in the options when a visitor signs up as a member of the website or purchases a product. Visitors are often given the option to receive regular newsletters from the e-business, emails regarding sales or promotions at the website, and a variety of other choices. These options are offered through a series of boxes that show a preference for the service offered when checked. A common ploy of websites to get visitors signed up for the services is to have all the boxes checked as the default, leaving the visitor to uncheck the boxes representing unwanted services. This is an example of an opt-out system - the consumer is required to take active steps to opt out of the plan of services; the passive consumer receives the emails as the default. The other option would be an opt-in plan, whereby the consumer who wished to receive emails would have to take active steps (i.e. checking the boxes) to get on the mailing list. In such an opt-in scheme, the passive consumer receives nothing as the default.
The question of
whether to use an opt-in or opt-out scheme for targeted emails is a sensitive
one that brings in questions of consumer expectations and privacy. An opt-out
scheme may seem invasive to some consumers because they end up receiving emails
for which they did not explicitly sign up. However, the user's feeling of inconvenience
is probably less in this case than it is in the case where the user simply received
unsolicited mail from a website or e-business with which he or she had no prior
contact. This is largely because the consumer has already taken active steps
to develop a relationship with the e-business, either by signing up as a registered
member or by purchasing a product. Due to this relationship, the consumer has
or should have more of an expectation that the e-business will contact him/her
in the future and should not be put out by receiving emails from the e-business.
Of course, the e-business should use discretion and good business judgment in sending emails - consumers are a lot less likely to be rankled by a bi-weekly email than a daily newsletter or other persistent contact that may lead to annoyance. And an e-business should always make it clear in the email sent that the consumer has the option to opt out of the email service by sending a reply email to unsubscribe from the periodic mailings or by visiting the website to take an email address off the mailing list. Making it difficult to opt out of the mailings or not taking people off the list who wish to be removed may lead to people feeling harassed or invaded and result in a complaint against the offending website. Some e-businesses may make the decision that they wish to play it safe and not offend anyone, and therefore use a strict opt-in sign-up system for marketing emails. Most, however, will find it is worth losing a small percentage of upset customers for the ability to reach more users than they would be able to with an opt-in scheme. Even if most who receive the marketing emails simply delete them, it may be worth it to send them to reach those who do read them and to take a chance that a catchy subject line can get the deleters to read the messages from time to time. In the end, an opt-out scheme probably will lead to a greater audience for these marketing emails and will typically not be considered unduly invasive due to the consumer's pre-existing relationship with the e-business, but the business should make certain that recipients who do not wish to receive emails have a quick and easy method of unsubscribing from a mailing list or otherwise opting out of the service. An e-business should not take lightly the potential for a strong negative reaction on the part of consumers due to the receipt of unwanted email.
The other major type of email marketing involves sending unsolicited emails to mailing lists compiled by a third party or an e-business itself. Unsolicited emails such as these raise significant concerns that do not arise where the parties have a prior connection. This type of system goes beyond a mere opt-out system in pushing emails upon potentially unwilling recipients because the recipients have no pre-existing relationship with the entity sending the emails. Due to this lack of a relationship, the emails are more likely to be viewed as an invasion of a consumer's privacy or as a form of harassment. Such unsolicited emails, also known as spam, are generally considered a form of junk mail and are typically utilized by and associated with pornography websites, get-rich-quick schemes, and generally solicitous and invasive businesses. The annoyance to, and resulting outrage of, recipients, as well as the stigma of being associated with a certain type of business entity is enough to steer many e-businesses away from utilizing spam, but there are legal considerations that militate against such practices as well.
In the case of
Intel Corp. v. Hamidi (Website)(Hamidi),
a California Court issued an injunction against a former employee of Intel who
was sending unsolicited emails to Intel employees regarding the company's employment
policies. The court based its ruling on a trespass theory, suggesting that such
emails were tying up the computing resources and time of Intel employees and
therefore causing material loss to the corporation. While this case involved
a somewhat different factual situation than one where an e-business spams a
wide range of potential customers, it does show that certain forms of abuse
will not be tolerated and that spamming can be illegal in certain circumstances.
While courts have thus relied on existing legal doctrines to find some spammers guilty of unlawful conduct, recent proposed legislation in the states and in the U.S. Congress would explicitly make certain actions involved with spamming illegal. Because many ISPs have anti-spam measures and take steps to block spam coming from particular addresses or computers, many spammers jump from account to account to avoid detection and being shut down. The new proposed bill, the "Anti-Spamming Act of 2001" (Website)(Anti-Spam ) provides for criminal penalties for Internet users who falsify their email addresses in this manner in order to send spam. The bill, whose sponsor views spam as a substantial burden on Internet users whose connections are adversely affected by the volume of commercial junk mail received, allows for monetary fines and damages awards against generators of spam. Several previous efforts to regulate spam by state lawmakers have been struck down on the theory that such measures, as state laws affecting interstate commerce, violate the Commerce Clause of the U.S. Constitution (Website)(Clause), which gives Congress sole power to regulate interstate commerce (Website)(Kaplan). As the new proposed legislation would be passed by the U.S. Congress, it does not suffer this Constitutional deficiency.
In addition to
legal issues raised by reaching potential customers through unsolicited emails,
there are other measures taken to prevent Internet users from receiving spam
that may adversely affect an e-business attempting to utilize mass mailings.
See Anti-Spam Groups for more information.
In the end, the
threat of an e-business' emails being blocked by a private service, triggering
penalties under the proposed federal statute, or causing loss of business due
to annoyance to potential customers leads to the conclusion that mass unsolicited
mailings are an unwise (and potentially illegal) marketing method to be employed
by an enterprise. Furthermore, promoting an e-business via spam may also constitute
a breach of the company's ISP/host agreement and result in termination of service.
The best way to reach customers therefore is through the aforementioned techniques
of advertising or using targeted email directed at past customers or registered
users of a website.
If an e-business wishes to reach a wider audience via email, the best way to do so may be to partner with another entity that sends targeted emails to customers and is willing to add an advertisement or link to the e-business' website, in exchange for similar concessions or some other consideration. If such a plan is followed, the businesses involved should make it clear to customers in the agreement to receive emails (the box checking form discussed previously) that their emails may contain information about its partners and affiliates. A decision to enter such an agreement should account for potential adverse customer reactions (depending on the level of perceived intrusion) and any implementation of the agreement should always offer the recipient to opt out of some or all of the services.
C. SEARCH ENGINES
Perhaps the most effective and cost-efficient means for an e-business to reach potential customers is through search engines, a method by which many consumers are matched up with businesses offering products or services they desire. There are two major types of search engines: web directories and engines utilizing spiders or web crawlers to catalog websites. Directories generally work by soliciting websites for inclusion in a web directory, which is then searched by users. In this sense, it is an active process that requires affirmative action on the part of an e-business in order to get listed in the directory. The most well known web directory is Yahoo! (Website)(Yahoo!), which accepts submissions from websites to be included in a particular category under the Yahoo! organization scheme (Website)(Suggest). Simply suggesting a site does not guarantee immediate inclusion in the Yahoo! directory, however, as Yahoo! must review the site prior to its inclusion to determine whether it is in the appropriate category and whether it is appropriate to include the website at all.
Search engines that utilize spiders or web crawling technologies to catalog websites operate in a very different manner than web directories. These engines use technological means (often called robots or spiders) to scour the web and then catalog the websites in their engines to be pulled up when matched with user search terms. An example of a popular search engine that utilizes such technology is Google (Website)(Google), which uses its Googlebot web crawler to explore the vast offering of web pages available on the Internet and index them for use in its search engine. This offers an advantage to e-commerce sites over directory services in the sense that no affirmative action is necessary to have one's website listed; the web crawlers automatically add all cataloged sites to the search engine's index. In addition, some robot-based engines, such as Google, offer submission of URLs for faster addition to their indexes (Website)(Submit).
See Search Engines and Directories for more information.
In contrast to
the early days of search engines, the ability to purchase higher rankings on
the top search engines no longer exists. Understanding the ranking systems of
search engines, however, allows an e-business to take measures in several major
areas to ensure higher placement. These areas include click popularity, stickiness,
link popularity, and page-related factors such as tags and keywords.
Click popularity is a measure of the number of times search engine users click on a particular site when it is returned as a result of a search. The greater the number of users who choose a particular site, the higher ranking it will have. DirectHit (Website)(DirectHit), a search engine whose technology is used by a number of other major search engines (including Lycos at http://www.lycos.com, HotBot at http://www.hotbot.com, and MSN at http://www.search.msn.com), utilizes a unique ranking system that incorporates click popularity to match users up with the most popular sites in the search field. The DirectHit ranking scheme also incorporates the related concept of stickiness, which is a measure of the length of time users spend at a site once they click through to it from a search engine. The greater the stickiness, measured by the length of time between clicks on different results of an original search, the higher the ranking the engine gives the website. In order to achieve greater click popularity, an e-business should look to have a good, descriptive title that sets it apart from other sites. As users of search engines see only a title and brief description (either based on a submitted description or the first lines of text on the website) when results of a search are returned, the title and description should be tailored to entice viewers or otherwise set one's site apart from others' sites. As to stickiness, the layout of one's website and the overall design will be very important to users when determining how much time to spend at a site. The greater the extent to which an e-business can further draw users into its website, the greater the stickiness will be and the higher the ranking. When designing a site or overseeing the work of outside designers, an e-business should consider factors influencing stickiness, such as general layout, ease of navigability, functionality, and frequency of site updates. Self-audits measuring stickiness can often be performed by hosting services, from which an e-business can gain valuable information regarding its visitors and how long they stay, allowing tailoring of a website to increase stickiness by better meeting its visitors' preferences and computing needs.
is very important in certain search engines' ranking schemes, particularly Google's.
This metric basically measures the number of links to a website from other websites,
giving higher rankings to sites with more links to them from other websites.
In addition to measuring sheer numbers, certain ranking schemes (most notably
Google) take into account the origin of the links, weighing links from more
highly rated pages greater than those of lesser-ranked pages. Thus, a link to
one's website from CNN.com is given more weight than a link from Joe Smith's
News of Wichita. The effect of link popularity on ranking schemes thus may influence
marketing plans when determining affiliate and partnership agreements with other
websites, as well as different advertising strategies.
deal less with viewer's perceptions of a website and more with how a search
engine reads the internal placement of keywords in the text of a website and
use of meta-tags in web programming. In this sense, while the above factors
more heavily influence the ranking or placement of a site on a results page,
the page-related factors are the gatekeepers for whether a site is returned
as a result in a search at all. An e-business website thus must reverse-engineer
searches in a way, making a determination of how users will get to the site
through a search engine or how it wishes these users to get to its site. The
main way to ensure that users get to one's site is to create a set of keywords
that describe the content and product offerings of the website.
See Keywords and Tags for more information.
and e-businesses alike should be aware that a large number of cases have arisen
involving meta-tags and trademark disputes. Many of these cases have involved
situations where, in an effort to drive traffic to their sites (and away from
competitors), web developers have used the trademarks of competitors in their
meta-tags. One major case involving such a dispute was Playboy Enterprises,
Inc. v. Welles (Website)(Playboy).
The defendant in that case, a former Playboy model, used the plaintiff's trademarks
such as "Playboy" and "Playmate of the Year" as keywords
in her website's meta-tags. Playboy claimed that the use of these trademarks
by her site, which was a competitor to Playboy's own website due to its adult
content, constituted trademark infringement. The court, however, granted summary
judgment for the defendant, ruling that, as a former Playboy model and Playmate
of the Year, defendant was entitled to use the trademarks to identify herself
as such under the fair use exception to the trademark doctrine (Website1,
In other cases
where a fair use defense has not been available, however, the competitor's use
has been found to constitute an infringement. In Brookfield Communications,
Inc. v. West Coast Entertainment Corp. (Website)(Brookfield1),
the defendant used the plaintiff's trademark "MovieBuff" in both its
domain name and meta-tags. The appellate court reversed the district's court
denial of a preliminary injunction for the plaintiff, ruling that irreparable
injury would likely result from the defendant's continued use of the trademark
in the domain name and meta-tags. On the meta-tag issue, the court stated that
while "West Coast can legitimately use an appropriate descriptive term
in its metatags," plaintiff's trademark MovieBuff was "not such a
descriptive term" (Website)(Brookfield2).
Plaintiffs have prevailed on motions for preliminary injunctions in similar
cases involving the use of plaintiffs' trademarks in defendant competitors'
These cases sound
a stern warning to e-businesses thinking about using competitors' trademarks
in meta-tags. However, they should not prevent an e-business from using in its
website text terms that may be trademarked but are used for descriptive purposes
in accordance with trademark's fair use doctrine. To this end, an e-commerce
practitioner should be familiar with the relevant sections of the trademark
code dealing with fair use [Website1,
and 1125(c)(4)] and run a trademark search (Website)(TESS)
on any potential keywords that may be trademarked by a competitor. And to the
extent that these issues will be encountered in website development, a web development
agreement should incorporate an e-business' policies regarding tagging for search
Back to TOC
Like any business venture, developing an e-commerce website involves contributions by a wide variety of parties and engenders important legal considerations that have the potential to derail even the most well-intentioned entrepreneur. The above discussion of domain name registration, hosting, website development, security, and marketing and advertising is meant to highlight some of the major issues e-businesses will face in getting up and running. The list is by no means exhaustive and every e-business will encounter a different set of circumstances that may require additional issues to be addressed or the same issues to be addressed in different ways. The remainder of the course will take a more in-depth look at particular legal issues in the e-commerce context, including transactions, consumer privacy, and disputes.
ICANN, http://www.icann.org (back to text)
ICANN, Seven New TLD Proposals Accepted, available at http://www.icann.org/tlds/
(back to text)
Umbro Int'l, Inc. v. 3263851 Canada, Inc., 50 U.S.P.Q.2d (BNA) 1786 (Va. Cir.
Ct. 1999), available at http://www.bc.edu/bc_org/avp/law/st_org/iptf/headlines/content/umbroadd.html
(back to text)
Network Solutions, Inc. v. Umbro Int'l Inc., 259 Va. 759, 770 (2000) ("[W]e
do not believe that it is essential to the outcome of this case to decide whether
the circuit court correctly characterized a domain name as a 'form of intellectual
property.'"), available at http://www.gigalaw.com/library/nsi-umbro-2000-04-21-p1.html
(back to text)
and Forrms, Inc. v. Arel, 60 F. Supp. 2d 558 (E.D. Va. 1999), available at
http://lw.bna.com/lw/98266.htm (back to text)
http://www.crsnic.net/whois/ (back to text)
Allwhois, http://www.allwhois.com/home.html (back to text)
http://www.uwhois.com/ (back to text)
Diane Cabell, Using ICANN's UDRP (2000), available at http://cyber.law.harvard.edu/udrp/ (back to text)
See ICANN, ICANN Registrar Accreditation Agreement, available at http://www.icann.org/registrars/ra-agreement-12may99.htm (back to text)
Solutions, http://www.networksolutions.com (back to text)
See Scott Wooley, Goldmine or Glut?, FORBES GLOBAL, June 12, 2000, available at http://www.forbes.com/global/2000/0612/0312054a.html (back to text)
v. CompuServe, 776 F. Supp. 135 (S.D.N.Y. 1991), available at http://www.loundy.com/CASES/Cubby_v_Compuserve.html
(back to text)
Oakmont, Inc. v. Prodigy Services Co., No. 31063/94, 1995 N.Y. Misc. LEXIS 229
(N.Y. Sup. Ct. May 24, 1995), available at http://www.jmls.edu/cyber/cases/strat1.html
(back to text)
Decency Act, Pub. L. No. 104-104, 110 Stat. 133 (1996) (codified as amended
in scattered sections of 47 U.S.C.), available at http://www.epic.org/cda/cda.html
(back to text)
Telecommunications Act of 1996, Pub. L. No. 104-104, 110 Stat. 56 (1996) (codified as amended in scattered sections of 15, 18, and 47 U.S.C.), available at http://thomas.loc.gov/cgi-bin/query/z?c104:S.652.ENR: (back to text)
See Reno v. ACLU, 521 U.S. 844 (1997), available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=000&invol=96-511 (back to text)
47 U.S.C. §230(c) (Supp. IV 1998), available at http://caselaw.lp.findlaw.com/casecode/uscodes/47/chapters/5/subchapters/i/sections/section_230.html (back to text)
141 CONG. REC. H8469-70 (1995) (statement of Rep. Cox.), available at
(back to text)
U.S.C. §230(c)(1) (Supp. IV 1998), available at http://caselaw.lp.findlaw.com/casecode/uscodes/47/chapters/5/subchapters/i/sections/section_230.html
(back to text)
See 47 U.S.C. §230(c)(2) (Supp. IV 1998), available at http://caselaw.lp.findlaw.com/casecode/uscodes/47/chapters/5/subchapters/i/sections/section_230.html (back to text)
Zeran v. AOL, 129 F.3d 327 (4th Cir. 1997), available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=4th&navby=case&no=971523P (back to text)
at 330 (back to text)
at 330-31 (back to text)
Millennium Copyright Act, Pub. L. No. 105-304, 112 Stat. 2860 (1998) (codified
as amended in scattered sections of 17 U.S.C.), available at http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:
(back to text)
U.S.C. §512 (Supp. V 1999), available at http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/5/sections/section_512.html
(back to text)
17 U.S.C. §107 (1994), available at http://caselaw.lp.findlaw.com/casecode/uscodes/17/chapters/1/sections/section_107.html
(back to text)
See Sony Corp. v. Universal City Studios, Inc., 464 U.S. 417 (1984) (Discussing the importance of whether a use of copyrighted material was commercial or non-commercial in determining whether such use was fair), available at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=464&invol=417 (back to text)
DoubleClick, http://www.doubleclick.com (back to text)
A. Fausett, Linking Legalities, WEBTECHNIQUES (2001), available at http://www.webtechniques.com/archives/2001/02/legal/
(back to text)
Gershwin Publ'g. Corp. v. Columbia Artists Mgt., Inc., 433 F.2d 1159, 1162 (2d. Cir. 1971). (back to text)
Sony at 435 ("[T]he concept of contributory infringement is merely a species
of the broader problem of identifying the circumstances in which it is just
to hold one accountable for the actions of another.") (back
Corp. v. Hamidi, 1999 WL 450944 (Cal. Super. Apr. 28, 1999) (unpublished case),
available at http://www.faceintel.com/permanentinjunction.htm#Tentativeruling
(back to text)
Act of 2001, H.R. 1017, 107th Cong. (2001), available at http://www.spamlaws.com/federal/hr1017.html
(back to text)
Carl S. Kaplan, In Spam Case, Another Defeat for State Internet Laws,
NEW YORK TIMES CYBER LAW JOURNAL, Mar. 24, 2000, available at http://www.nytimes.com/library/tech/00/03/cyber/cyberlaw/24law.html
(back to text)
CONST. art. I, §8, cl. 3, available at http://caselaw.lp.findlaw.com/data/constitution/article01/
(back to text)
http://www.yahoo.com (back to text)
Yahoo!, How to Suggest Your Site, available at http://docs.yahoo.com/info/suggest/
(back to text)
http://www.google.com (back to text)
Google, For Site Owners: Submit Your URL, available at http://www.google.com/addurl.html
(back to text)
DirectHit, http://www.directhit.com (back to text)
Enterprises, Inc. v. Welles, 78 F. Supp. 2d 1066 (S.D. Cal. 1998), available
at http://www.loundy.com/CASES/Playboy_v_Wells.html (back
U.S.C. §§1115(b)(4), 1125(c)(4) (1994), available at http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1115.html,
(back to text)
Brookfield Communications, Inc. v. West Coast Entertainment Corp., 174 F.3d 1036 (9th Cir. 1999), available at http://lw.bna.com/lw/19990504/9856918.htm (back to text)
at 1066 (back to text)
e.g., Ken Roberts Co. v. Go-To.com, No. C99-4775-THE, 2000 U.S. Dist. LEXIS
6740 (N.D. Cal. May 10, 2000) (Judgment against defendants who used plaintiff's
trademarks in meta-tags on basis of trademark law regarding false designation
of origin and trademark dilution, as well as state law claims), summary available
at http://www.finnegan.com/summ/cases/kenroberts.htm (back
See 15 U.S.C. §§ 1115(b)(4), 1125(c)(4) (1994), available at http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1115.html, http://caselaw.lp.findlaw.com/casecode/uscodes/15/chapters/22/subchapters/i/sections/section_1125.html (back to text)
See USPTO, U.S. Trademark Electronic Search System (TESS), available at http://www.uspto.gov/web/menu/tm.html (back to text)
Back to TOC
IX. Additional Materials (Optional Reading)
CONDUCTING A TRADEMARK SEARCH
To determine whether a potential SLD is free or trademarked by another entity, one should run a trademark search. If the enterprise intends to do business on a global basis through its website, then it would be advisable to search for trademark conflicts on a global basis. Trademarks registered in Europe can be searched theough the Community Trademark Consultation Service (available at http://www.oami.eu.int/search/trademark/la/en_tm_search.cfm), while marks registered in Canada can be searched at the Canadian Trade-Marks Database (available at http://strategis.ic.gc.ca/cgi-bin/sc_consu/trade-marks/search_e.pl.). For U.S. federal marks, one can run a search for potential domain names through the U.S. Trademark Electronic Search System (TESS) (available at http://www.uspto.gov/web/menu/tm.html) of the United States Patent and Trademark Office (USPTO) (available at http://www.uspto.gov). This can then be supplemented with a quick nationwide business name search through an online yellow pages (available at http://www.yellowpages.com). Together, these searches will give the user a rough idea of any potential conflicts and exhibit a good faith effort to ferret them out, although such cursory searches do not guarantee the absence of conflicts or indemnification of the user. An exhaustive search would include state trademark registrations, other national registries and other business registries. For more information on searching, see Susan E. Gindin, Researching Trademarks (1998) at http://www.info-law.com/tmsearch.html. More comprehensive services along these lines are available through private trademark search services such as Trademark.com at http://www.trademark.com/new_tmdocs/index.shtml, Thomson & Thomson at http://www.thomson-thomson.com/, DialogWeb at www.DIALOGweb.com, Micropatent at http://www.micropatent.com, and Trademark Register at http://www.trademarkreg.com/.
Selection of a
domain name for an online enterprise is as complex as the process for choosing
a trademark name. Legal advice is strongly recommended to protect the value
of the entrepreneur's investment in the name from claims of infringement. In
the end, those wishing to take the most effective measures possible against
potential conflict can take steps to register their trademarks through their
local government (in the U.S., the USPTO). The USPTO website, for one, allows
users to make an official
registration filing online at http://www.uspto.gov/teas/index.html.
Back to TOC
DOMAIN NAME REGISTRATION AGREEMENTS
In addition to general contractual language concerning payment of fees and what constitutes breach, provisions concerning the following are common in gTLD registration terms of service agreements:
contracts/agreements are generally nonnegotiable due to transaction costs associated
with the customization of contracts. Most registrants take substantially the
same positions in their contracts, although some have additional provisions
exceeding those above. One provision that often differs from registrar to registrar
in its specifics are the governing law and forum selection clauses, as these
tend to be tied to the registrar's place of business. In the end, very few users
will take the time to look through such provisions and most of the disputes
that arise will probably deal with the UDRP procedure and the cancellation or
transfer of a domain name. Due to the fact that many e-commerce entrepreneurs
will seek legal representation only at a later stage in the set-up process,
practitioners should be aware of these agreements should any disputes arise
at a later date or if the client wishes to modify the registration in some manner.
An example from the UDRP context shows the importance of awareness of the specifics of a TOS. Under the UDRP, a trademark owner who brings an action agrees to submit to one of two possible jurisdictions should the domain holder wish to appeal an adverse decision. The choice is between the jurisdiction of the domain holder or the jurisdiction of the registrar. The registrar's location may therefore be important to a domain registrant who has no prior legal rights in the domain name. The language of the registration agreement is the language in which the UDRP must be conducted, so this is another factor to consider in selecting one's registrar. For those registrants with the foresight to obtain representation prior to registering a domain name, the practitioner's comparison of the specifics of different registrars' TOS agreements can be helpful in advising the client as to which service to use.
2. Sample Agreements
C. WEBSITE DEVELOPMENT CHECKLIST
For a good checklist
of hosting issues, see Scott Austin, Fifteen Things You Need to Know to Advise
Your Clients About Websites (Website).
The following issues should be addressed in a website development agreement:
D. WEBSITE HOSTING CHECKLIST
The following issues in these general areas should be taken into consideration when drafting a hosting agreement:
- Equipment ownership
- Location of equipment - division between equipment stored at host facilities and the e-business offices
- Equipment management and maintenance - performing back-up, fixing equipment problems, and updating equipment
- The e-business' right of access to equipment at hosting facilities
- Connectivity and performance issues - connection speed, maintenance of connections, and general standards of performance
- Ownership/control of data stored in the equipment
Traffic and Maintenance Issues:
- Uptime guarantees - percentage of time a website will be up
- Response when the connection is lost and website is down or otherwise disrupted
- Response to changes in traffic - necessary upgrades/updates to deal with greater influx of traffic
- Maintenance performance and effect on connection
- Services included in the agreement - standard services and custom services
- Fee schedules - fixed costs for standard services and sliding costs for additional services
- Warranties regarding level and quality of service
- Acts/omissions constituting breach
- Assignment of the services contract - host's and customer's obligations
Risk and Indemnification:
- Responsibility for injuries to third parties resulting from security breaches and loss of service
- Responsibility for ensuring compliance with laws of other nations where users are located
- Disaster recovery plans and procedures - for both the host and website owner
- Circumstances under which a site can be shut down - responsibility for resulting injuries
- Actions to be taken upon breach
E. ADDITIONAL CDA CASES
Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998) available at http://www.techlawjournal.com/courts/drudge/80423opin.htm
The defendant in
this case had posted some allegedly defamatory statements regarding the plaintiff
on his Internet news site. The plaintiff sued not only the generator of the
content (Drudge), but also AOL, which had an exclusive agreement with Drudge
to distribute his column to its subscribers. In granting AOL's motion to dismiss
the charges against it, the court made the distinction between an ISP that actually
develops content itself - which is not covered by the 47
U.S.C. §230 immunity - and one that merely posts or distributes the
content of others. The court ruled that AOL fit in the latter category, which
was protected by the statutory immunity. The court also found unavailing the
plaintiffs' argument that this case should be decided differently than previous
cases decided under the CDA because Drudge was not merely an anonymous poster
to a chat room and AOL maintained a degree of editorial discretion over his
content. While the court recognized that such a distinction seemed logical,
it stressed that "Congress has made a different policy choice by providing
immunity even where the interactive service provider has an active, even aggressive
role in making available content prepared by others."
Gucci America, Inc. v. Hall & Assocs., No. 00 Civ. 549 (RMB), 2001 U.S. Dist. LEXIS 2627 (S.D.N.Y. Mar. 14, 2001), available at http://www.loundy.com/CASES/Gucci_v_Hall.html
Gucci America represents
a departure from the trend towards a wide scope of immunity for ISPs, suggesting
that courts might impose liability on ISPs in certain circumstances. The court
in that case addressed the issue of ISP liability arising from a claim of trademark
infringement by Gucci against Hall, whose e-commerce site containing allegedly
infringing materials was hosted by Mindspring. Mindspring moved to dismiss Gucci's
claim, arguing that it was immune from liability under §230(c)(1)
of the CDA. The court rejected this claim, however, relying on §230(e)(2)
of the CDA, which states: "Nothing in this section shall be construed to
limit or expand any law pertaining to intellectual property." The court
reasoned that because, "[u]nder existing intellectual property law, publishers
may, under certain circumstances, be held liable for infringement," §230(e)(2)
unambiguously constrained it from extending the §230(c)(1) immunity to
The court rejected
Mindspring's argument that because the issues of trademark infringement had
never arisen in the ISP context, there was no existing intellectual property
law to trump the immunity. Furthermore, the court found unavailing Mindspring's
reliance on Zeran,
distinguishing that case on the basis that it construed the CDA on the grounds
of tort immunity and not immunity from intellectual property claims. The fact
that Congress had chosen to pass the Digital
Millennium Copyright Act to address ISP liability in the area of intellectual
property law further supported the court's interpretation of the CDA as limited
to immunity from tort liability. The ISP was not entitled to rely on the Digital
Millennium Copyright Act, however, because the court stressed that the Act applied
only to copyright and not trademarks. While the procedural posture of the case
and the novelty of the issue leave its precedential value open to question,
it nevertheless serves as an important indication that there are limitations
to an ISP's immunity under the CDA scheme.
Back to TOC
F. NOTICE PROVISIONS OF THE DMCA
The notification procedures of the DMCA have the potential to mute certain ancillary effects. Under 17 U.S.C §512(c)(3), a copyright holder must follow certain procedures in notifying a service provider of copyright violations in order to force the taking down of copyrighted materials. These notice requirements include, among others: identification of the copyrighted work claimed to have been infringed (or a representative list of such works), identification of the material that is claimed to be infringing and that is to be removed or disabled, and a statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
In the recent case
Scan v. RemarQ Communities, 239 F.3d 619 (4th Cir. 2001), the court addressed
the issue of the level of notice this DMCA provision required. The plaintiff
in that case became aware of the existence of hundreds of its copyrighted images
on the defendant service provider's newsgroups. When the plaintiff notified
the defendant of these violations by identifying two newsgroups that were devoted
to trading in the copyrighted images, the defendant refused to comply with the
request to take down the images, asking instead for the plaintiff to identify
each individual work being infringed with greater specificity. The plaintiff
filed suit under the copyright code and DMCA, which the defendant sought to
dismiss on the basis that the notice given was defective in that it did not
follow the technical requirements of the DMCA.
In reversing the
district court's dismissal of the case, the court of appeals stressed that 17
U.S.C. §512(c)(3)(A) requires only substantial compliance with its technical
requirements and that identifying a representative list of infringed works was
permissible when the identification of each individual work is impractical.
The court responded to RemarQ's claim that the forced removal of the materials
may encompass some noninfringing content by noting that "[t]o the extent that
ALS Scan's claims about infringing materials prove to be false, RemarQ has remedies
for any injury it suffers as a result of removing or disabling noninfringing
material" (239 F.3d 619, 625) under 17
U.S.C. §512(f), (g). The court's accommodating interpretation of the DMCA's
notification provision in this case suggests that service providers who attempt
to hide behind technicalities will not be able to escape punishment under the
DMCA for harboring infringing works or users. However, the ruling also has the
potential to minimize some of the built-in safeguards the notification procedure
may have otherwise had in protecting website operators and other users in borderline
Scan v. Remarq Communities is available at http:://www.loundy.com/CASES/ALS_v_RemarQ.html).
While the notice
provisions may therefore seem to tip the scales in favor of the copyright holder,
there are several provisions of the DMCA that allow a noninfringing website/user
to take action to restore its content or recover damages for the removal of
its content. The counter-notice provision, 17
U.S.C. §512(g)(3), allows for a website operator or other person whose content
is removed to file a counter-notice with the service provider stating that he/she
"has a good faith belief that the material was removed or disabled as a result
of mistake or misidentification of the material to be removed or disabled" [17
U.S.C. §512(g)(3)(C)]. If such a counter-notice is given to the service provider,
the service provider must replace the content or cease disabling access within
14 business days, unless it receives a court order from the original complainant
(copyright holder) restraining the user from continuing infringement [17 U.S.C.
§512(g)(2)(C)]. If the service provider does not follow these procedures, the
provision immunizing the provider from liability for injuries to its users from
removal/disabling access [17 U.S.C. §512(g)(1)] does not apply, allowing the
user to recover for a wrongful "take-down" [17 U.S.C. §512(g)(2)]. The other
main provision allowing a user to recover is 17 U.S.C. §512(f) concerning misrepresentations.
That provision allows for an adversely affected user to recover damages (including
attorney's fees) from anyone who "knowingly materially misrepresents … that
material or activity is infringing" [17 U.S.C. §512(f)(1)]. It should be noted
that this provision cuts both ways, however, as there is also a provision [17
U.S.C. §512(f)(2)] allowing damages to be assessed against a user for his/her
knowing misrepresentations in filing a counter-notice. To date, no published
opinions have explored the contours and boundaries of the counter-notice and
Back to TOC
G. ACCESS PROVIDER LIABILITY
It should be noted that while hosts often play various roles other than strict access/service provider, courts are likely to grant them the wide immunity from liability under the CDA unless it can be clearly shown that the host was acting solely in another capacity in regards to the alleged wrongdoing. A recent case in which this issue arose is John Does v. Franco Productions. In that case, the court granted the defendant hosts' motion to dismiss, ruling that their "immunity or status as service providers under the CDA is not vitiated because of their web hosting activities, whether viewed in combination with their roles as service providers or in isolation." John Does v. Franco Productions, No. 99 C 7885, 2000 U.S. Dist. LEXIS 8645, 8645 (N.D. Ill. June 2, 2000), available at http://members.theglobe.com/ericgoldman/DoevFranco.html)
The CDA "Good
Samaritan" provision applies to an "interactive computer service,"
which is defined as "any information service, system, or access software
provider that provides or enables computer access by multiple users to a computer
U.S.C. §230(f)(2)] While determining whether an e-business fits into
this definition may depend on a court's construction of terms such as "service,"
"system," and "server," it appears there could be a plausible
claim for many e-businesses to status as an "interactive computer service,"
depending on the services offered.
cases arising under the CDA have involved traditional ISPs, a recent Ohio case
addressed the issue of whether a website operator offering interactive services
fit under the statutory definition. In Sabbato v. Hardy, No. 2000-CA-00136,
2000 Ohio App. LEXIS 6154 (Ohio Ct. App. Dec. 18, 2000) available at http://legal.web.aol.com/decisions/dldefam/sabbato.html],
the defendant ran a website called "Citizens for a Better Jackson Township"
where users could register and post opinions on the website. The plaintiff sued
when alleged defamatory content was posted on the site, but the district court
dismissed her compliant on the basis of the CDA's Good Samaritan provision,
U.S.C. §230(c). While the appellate court remanded to the district
court for a determination of whether the website operator himself was a generator
of some of the defamatory content, it did not upset the trial court's ruling
that his website qualified for protection under the CDA in its role as a distributor.
Based on the language of the statute and the Ohio court's interpretation, it
therefore appears that there can be a plausible claim for an e-business to immunity
from liability under the CDA for acts of its users. Due to the uncertainties
in this area, however, it may be in the best interests of an e-business to remain
ignorant of the content of its chat or other discussion areas in an attempt
to stay within the bounds of Cubby
should the CDA not apply. A policy of simply responding to user complaints regarding
improper content rather than actual periodic policing of the site contents may
stay within the bounds of these precedents. To this end, it is important to
spell out one's policy in regards to termination of user rights and removal
of content in the Terms of Service agreement, particularly when users are paying
a fee for interactive services.
The DMCA safe
harbor provision applies only to a "service provider," which is defined
differently for different specific provisions of the statute. For the purposes
of 17 U.S.C.
§512(a), regarding transitory digital network communications, a service
provider is defined as "an entity offering the transmission, routing, or
providing of connections for digital online communications, between or among
points specified by a user, of material of the user's choosing, without modification
to the content of the material as sent or received" [17 U.S.C. §512(k)(1)(A)].
For the rest of the DMCA's provisions, a "service provider" is defined
as "a provider of online services or network access, or the operator of
facilities therefore, [including] an entity described in subparagraph (A)"
[17 U.S.C. §512(k)(1)(B)]. The definition for purposes of §512(a)
appears to have in mind hosts (and others) providing network infrastructure
and possibly traditional ISPs, while the second provision seems to have more
room for interpretation and might allow certain e-businesses to fall within
the protection of the safe harbor.
These issues were
addressed in the much-publicized Napster case. In that case, plaintiff record
companies sued the defendant, a peer-to-peer file-sharing network enabling users
to swap music files, for copyright infringement. In dismissing Napster's motion
for summary judgment, the court rejected the application of the DMCA's safe
harbor to Napster. In its opinion, the district court first addressed the issue
of whether Napster qualified as a service provider under 17 U.S.C. §512(k)(1)(A)
or (B). [A&M Records, Inc. v. Napster, Inc., No.
C 99-05183 MHP, 2000 U.S. Dist. LEXIS 6243 (N.D. Cal. May 5, 2000) available
at http://www.gigalaw.com/library/am-napster-2000-05-12.html]. Napster argued
that it qualified as a service provider under §512(k)(1)(A), thus entitling
it to protection under the §512(a) safe harbor for transitory digital network
communications. The court expressed skepticism and opined that it was not entirely
clear whether Napster qualified as such a service provider, but did not have
to resolve the issue as the plaintiff conceded that Napster was a service provider
under §512(k)(1)(A). The plaintiff instead argued that, even if Napster
was a service provider, it failed to meet the other requirements of the safe
harbor provisions. In the end, the court declined to grant Napster summary adjudication
because Napster did not meet the requirement of the safe harbor in §512(a);
specifically, it did not "transmit, route, or provide connections through
its system" [2000 U.S. Dist. LEXIS 6243, at *25 (emphasis added)]. On Napster's
appeal from the district court's subsequent injunction, the 9th Circuit Court
of Appeals ruled that the plaintiff had raised significant questions that strongly
supported an injunction, including "whether Napster is an Internet service
provider as defined by [the DMCA]." A&M Records v. Napster, Inc., 239
F.3d 1004, 1025 (9th Cir. 2001) available at http://cyber.law.harvard.edu/~wseltzer/napster.html.
In the end, the
Napster litigation did not definitively answer the question of whether a service
such as Napster would qualify as a service provider under the DMCA, but signaled
that the courts will likely construe the statute rather narrowly. Clearly, however,
the §512(k)(1)(B) definition will be construed more broadly and may allow
for certain e-business sites fall into the definition. See Elizabeth A. McNamara
et al., Online
Service Provider Liability Under the Digital Millennium Copyright Act, 17
Comm. Law. 5, 6 (1999) ("Less obvious is the fact that the definition is
broad enough to potentially include employers that provide e-mail accounts to
their employees and other entities-including newspapers, magazines, and other
media companies-that simply host informational Web sites."), abbreviated
version available at http://www.dwt.com/related_links/adv_bulletins/CMITFall1999ISPLiab.htm.
Future cases may very well arise testing the statute and its application to
other e-commerce networks that provide interactive services, such as Amazon
and eBay, both of which are "service providers" with agents listed
with the U.S.
Copyright Office for notification of claims of infringement pursuant to
the DMCA. Until there is settled case law on the matter, the uncertainty in
the definitions of service provider should lead an e-business to take caution
and proceed under the assumption that it will not be protected by the DMCA safe
Security is an
area that is critical to the effective functioning of an e-business and has
major implications for both hosting and development agreements. Breaches of
security may lead to service interruptions and corresponding loss of business
or, worse, may lead to the loss of sensitive business information or even customer
information - ranging from email addresses to credit card numbers. Such dire
consequences make it imperative that security is given high priority in setting
up an e-commerce site and that an e-business make security a priority when arranging
for hosting and programming services. This section will address some common
concerns an e-business should consider when addressing security, including:
access attacks, information theft, and damage to equipment and systems.
also know as denial of service (DoS) attacks, are a relatively easy way to disable
a website. Basically, those behind such attacks overwhelm the servers, routers,
and other network infrastructure of a website by inundating the host with a
deluge of information packets, effectively crippling the website and preventing
access by customers. Such attacks have received a lot of attention recently,
as major Internet presences such as Amazon, Yahoo, and CNN have had service
disrupted for long periods of time by DoS attacks, costing the businesses millions
of dollars in lost sales. Compounding the problem for the affected websites,
the attackers in those cases used a technique that made it difficult to trace
the source of the data flood and ferret out the perpetrators - making it difficult
to both stop the flow as well as potentially seek any remuneration from or punishment
of the attackers. Such episodes exhibit the potential deleterious effects of
DoS attacks on e-businesses, where every minute of lost service may result in
hundreds of lost sales and corresponding revenue.
As DoS attacks
are not completely preventable and the motivations of attackers are unclear,
every e-business should have an emergency plan incorporating: 1) countermeasures
to be taken when such attacks occur (such as blocking packets from the originators
of the attack or having a back-up hosting arrangement to switch to in case of
an attack), 2) information-gathering techniques for determining the source of
attacks after the fact, and 3) a public relations strategy aimed at customers,
business partners, and investors addressing the loss of service and its consequences.
If an e-business utilizes an outside host instead of hosting its own website,
the countermeasure aspect of such an emergency plan is one that can take shape
in the hosting services agreement. While it is impossible for hosts to fully
prevent such attacks without seriously inhibiting the speed and efficiency of
the network backbone, most hosts have some network security resources available
to combat DoS attacks. [For one host's approach to service attacks and a more
in-depth examination of the mechanics of such attacks, see Bill Hancock, The
Exodus Network Backbone Environment and DoS/DDoS Attacks, Network Attacks:
Denial of Service And Distributed Denial of Service, available at http://www.exodus.com/press_room/information/ddos/ddos_content.html.]
When arranging for a host, an e-business should inquire into how the host typically
handles DoS attacks and a client's options in minimizing the impact of or thwarting
such attacks. An agreement between e-business and host can then incorporate
a plan in the case of a DoS attack - what the parties' responsibilities are
in handling the attack, any guarantees a host may make concerning its ability
to reroute traffic and limit the scope/duration of an attack, and other issues
relating to allocation of risk and responsibility (e.g., who will be held liable
for injuries to third parties, such as customers).
can have even greater negative effects than an access attack. While DoS attacks
may leave customers frustrated and cut into a day's revenues, the stealing of
proprietary information can lead to loss of sensitive business information ranging
from financial data to long-term corporate strategy. If customer information
is stolen, such theft can also lead to the erosion of customers' trust in both
a specific e-business as well as the general medium of online business transactions.
In addition, such theft may result in a lawsuit directed at the e-business for
not adequately safeguarding such information. Thus the loss of proprietary information
can often have longer lasting effects than mere denial of service and resulting
loss of sales.
While DoS attacks
work by overwhelming one's network infrastructure, information theft is achieved
by exploiting weaknesses in software and technological protections. Proprietary
information may be stolen by hackers getting around or through a network's firewall,
[FN: For a discussion of firewalls and their mechanics, see Matt Curtin and
Marcus J. Ranum, What
Is an Internet Firewall?, INTERNET FIREWALLS: FREQUENTLY ASKED QUESTIONS,
available at <http://www.interhack.net/pubs/fwfaq/#SECTION00031000000000000000>]
by unscrupulous programmers who leave a backdoor in software applications for
their access at a later time, or by disgruntled employees with access to files
who wish to personally profit from company information/resources. Dealing with
employees who may have the motive and means to steal sensitive company information
is largely an internal personnel and security matter for an e-business to address.
Problems due to hackers penetrating a network or programming deficiencies allowing
access to sensitive information, on the other hand, must be addressed when considering
developing in-house programmers or outsourcing programming. If an e-business
determines it is in its interest to outsource such services, potential partners
should be vigorously screened and service agreements should be carefully drafted
to ensure specific security standards as well as allocate responsibility for
Damage to Equipment, Software or Data
A third and final type of security threat is damage to equipment, software, or data. Damage to equipment can be prevented in a relatively straightforward manner by assuring limited access to equipment and appropriate physical security. For those e-businesses housing their hardware at their offices, the nature of the business makes it imperative that a high priority is given to ensuring the physical security of system hardware. The level of physical security is also an important issue to consider when choosing a host, and is a consideration that should be explicitly addressed in any hosting agreement. Software and data can be corrupted or damaged by viruses that are permitted to enter a business' internal network or directly by those who gain access by penetrating a firewall or exploiting another weakness. The risk of damage by viruses can be minimized by adopting appropriate technological measures to screen incoming packets, while damage resulting from unauthorized access can be combated by taking the measures to minimize information theft discussed above. Even if these technological measures fail, an e-business can minimize the fallout from damage to software and data by periodically backing up data and applications to utilize in the event of damage or corruption. While the total loss of information through information theft can often cause irreparable damage, a well-prepared e-business can seriously minimize the negative impact of data/software damage through such periodic backups.
Minimizing Security Risks Through Audits and Contracts
can additionally minimize all these types of security risks by hiring a third-party
security consultant to conduct periodic audits of the business network and/or
physical premises for weaknesses in security. Such auditors can often detect
hidden backdoors in programs, weaknesses in firewalls, as well as prior undetected
security breaches. Some businesses may also wish to create a position for a
chief security officer or make sure its systems administrator has expertise
in security issues. As discussed above, however, many security concerns can
be effectively dealt with through appropriate agreements with service providers
(hosts, programmers, etc.). To this end, the e-commerce practitioner should
be aware of the following security issues when drafting agreements for an e-business
client: [Note: While the preceding discussion and following lists separate hosting
and programming services, note that hosts often provide some programming as
part of their package of services, particularly in areas such as firewalls.]
I. ADVERTISING EXCHANGES
Another option for advertising is the use of advertising exchanges, which match-up websites looking for advertising. Such exchanges, like Microsoft's bCentral (available at http://adnetwork.bcentral.com/), work by trading advertising space on one website for space on another member's site. The advantage of such services is that they are free alternatives to seeking out high-priced advertising space on other websites. On the downside, it is more difficult to target advertising to a particular audience, and the viewing audience may be much smaller due to the fact that most high-traffic sites do not participate in such programs. Furthermore, there may be less control over what types of sites end up advertising on the websites of participating members. Some of these problems may be minimized by joining an exchange that offers a different package of services (often for a fee), such as more targeted advertising by linking members in similar fields, better tracking of visitors to advertisers' sites, etc.
Utilizing an advertising
exchange service may pose problems regarding copyright or trademark infringement
through linked advertising due to the fact that the individual advertisers do
not come together to draft an advertising agreement. Most of the services include
indemnification for the exchange providers themselves in the case of infringement
or other wrongdoing, but this leaves open the possibility of causes of action
against either an advertiser or a host. When signing up for such a service,
an e-business should be aware of the terms and conditions of the exchange service
itself, as well the exchange's policy regarding its members when instances of
infringement or other wrongdoing arise. Due to potential problems in these areas,
an e-business should be careful in choosing an advertising exchange provider
by inquiring into whether past situations regarding infringement have arisen
and how they were handled.
Back to TOC
J. ADVERTISING STANDARDS
A good example
of default standards dealing with the legal issues surrounding online advertising
arrangements is the "Standard Terms and Conditions for Internet Advertising"
devised by the American Association of Advertising Agencies (AAAA) and the Internet
Advertising Bureau (IAB). These standard terms, meant to cover agreements between
an advertiser and advertising host (termed "Media Company" in the
standards), address a variety of issues, including: insertion orders (orders
concerning accounting of data related to advertising - number of clicks on an
advertisement, the costs of the party making such calculations, etc.), ad placement
and positioning, payment and payment liability, reporting, cancellation, ad
materials, indemnification, and privacy. In regard to the aforementioned issues
of copyright and trademark infringement and consumer loss, the standards set
the default rule of indemnifying the host (media company) for "any loss
relating to or arising out of Advertiser's product or the content of any Advertisement
delivered accurately, including but not limited to materials that violate the
right of a third party; materials that are defamatory or obscene; or materials
that would constitute a criminal offense." [American Association of Advertising
Agencies and Internet Advertising Bureau, Standard
Terms and Conditions for Internet Advertising, Mar. 19, 2001 at 6, available
at http://www.iab.net/news/content/T_CInternetAdv.doc]. Advertisers and hosts
looking for a basic set of contractual provisions may choose to use these terms
and conditions, which are totally voluntary and represent a standard default
contract of those wishing to cut transaction costs. The standards also can be
used to the extent they are practical, with the parties making changes to any
of the provisions in order to tailor a more specific agreement or one on different
terms. While advertising exchanges are not covered, the drafting organizations
plan to meet in the future to discuss standards for advertisers utilizing third-party
Back to TOC
K. ANTI-SPAM GROUPS
The practice of
ISPs blocking email from generators of unsolicited mail may prevent an e-business
from reaching both unwilling and willing recipients of marketing emails. They
also join in private "vigilante" groups that act to block email from
spammers. One such effort is the Real-time
Blackhole List (RBL) of the Mail Abuse Prevention System (MAPS) (accessible
at http://mail-abuse.org/rbl/). The RBL works by identifying generators of spam
and then "blackholing" the networks utilized by the spammers if the
ISP used by the offending party refuses to take measures to prevent access by
the spammer. This process involves rerouting mail sent by offending parties
to an online "blackhole," which prevents all mail (both solicited
and unsolicited) originating from a network on the RBL from being received by
subscribers to the RBL. Another service that operates to block email generated
by spammers is the Open
Relay Behaviour-modification System (ORBS) (accessible at http://www.orbs.org/whatisthis.html)
which operates in a slightly different manner than the MAPS RBL.
These private spam-blocking services and other similar services have an advantage over the proposed legislation because they block unsolicited emails before they are received rather than imposing penalties after the fact, and they also reach non-U.S. spam-generating entities, which the legislation may be powerless against. Such private services have drawn the ire of many bulk emailers, however, and several lawsuits have been threatened or initiated against such blocking services for interfering with the business of the email generators. Most of the cases have been dismissed by the courts, or settled as a result of the offending party amending its email policy. MAPS webpage reporting on the litigation at http://mail-abuse.org/pressreleases/. But see also Christopher Saunders, 24/7 Media Snags Restraining Order Against MAPS, INTERNET.COM (Nov. 17, 2000) available at http://www.internetnews.com/IAR/article/0,,12_514611,00.html.
Some useful articles about anti-spam groups include:
L. SEARCH ENGINES AND DIRECTORIES
Problems with Robot-Based Search Engines
One problem with
search engines that utilize web crawling robots, however, is that they may index
portions of websites that an e-business does not wish users to link to directly
from a search engine. For example, some websites may wish for all traffic to
originate at its main homepage, either to maximize advertising revenues, make
sure visitors are aware of the full range of services and products offered,
or for other similarly compelling reasons. A search engine that links to internal
pages discovered by robots may bypass such a main page in taking the searcher
to the desired target. An additional problem with robot-utilizing engines is
that valuable system resources might be consumed by robots crawling through
and searching an entire website. For a discussion of legal issues involving
the use of robots in a somewhat different context, see eBay,
Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000), available
at http://pub.bna.com/lw/21200.htm. These problems can often be remedied, however,
by simply programming a web page to not accept web crawling robots and therefore
exclude such pages from consideration in a search engine. Google, for one, offers
website administrators tips on how to keep certain parts of its website off
limits to its Googlebot. See How
Do I Request Google to Not Crawl Parts or All of My Site?, GOOGLE SEARCH
FREQUENTLY ASKED QUESTIONS, available at http://www.google.com/help/faq.html#nocrawl.
This may pose a dilemma for e-businesses, though, as users who would otherwise
be directed to a part of their website may not retrieve information about the
website at all, and may even be led to a competitor's site. These considerations
should be taken into account when determining whether certain portions of a
website should remain robot-free. Regardless of the decision made, search engines
utilizing "bots" are another important (and free) tool directing Internet
users to an e-business website.
Basic Search Engine Ranking Schemes - Automated v. Human
When considering using either of the above types of search engines, an e-business should assess how the different search engines rank search results. The higher the ranking a search engine gives a website, the higher it appears on the list of sites returned after a search is conducted. Google utilizes its PageRank software to rank websites according to specified criteria, such as the number of links from other sites, importance of the website, relevance, and quality. These complex, automated techniques "make human tampering with [Google's] results extremely difficult" (Integrity, GOOGLE SEARCH TECHNOLOGY, available at http://www.google.com/technology/index.html) and Google does not sell placement within the results themselves. Yahoo! also does not sell higher rankings to those willing to pay, but does use a more subjective, human-oriented method of determining rankings than Google's automated approach. See Suggested Sites Help, YAHOO!, available at http://help.yahoo.com/help/us/url/url-10.html.
Keywords and Tags
for instance, the keywords "international," "study," and
"students" would be a good start. When determining keywords, an e-business
should also keep in mind to add common variations of the words used, such as
capitalized versions and common misspellings or alternate spellings (such as
After an e-business determines the keywords to be used, it must go about the task of incorporating them into both the content of the website itself as well as the internal programming code used. When incorporating keywords into site content, the e-business should make sure to consider keyword prominence, proximity, and frequency. Keyword prominence is important for search engines that base their descriptions of websites on the first words found on a page. For such search engines, it is important to put keywords at the top of a page, so they most closely reflect what a site is about in the site description returned in a search. Keyword proximity is a factor used by some search engines when determining what pages to receive. If a user runs a search for "international" and "study," for instance, a page that contains the words in close proximity in its text (such as "The best international study resource guide on the Internet" or "Want to study in an international setting?") is more likely to be returned as a relevant search result. Keyword frequency simply measures the number of times a keyword appears in any given text. In theory, the higher the ratio of keywords to text, the greater likelihood the website will be returned as a result of a search for those keywords. In practice, some search engines look out for websites' attempts to manipulate search results and punish parties guilty of such altering tactics.
Keywords also play an important role in the source code for a website, which is generally unseen by the viewer. Some search engines use the tags found in a site's source code to determine the relevance of a particular site to a searcher's request. There are different types of tags used in web programming and read by search engines, including meta keyword tags, meta description tags, ALT tags, and comment tags. Keyword tags are basically lists of a website's keywords in the source code. As some search engines use meta keyword tags to determine whether a cataloged website is relevant to a particular search, utilizing the keyword tag in programming source code is an easy way to make sure a website is matched up with an appropriate target audience. The meta description tag is a description of a website's content in the source code. The meta description tag is used by some search engines as the basis for determining the relevance of a website to a search, the description of a site to be listed under search results, or both. Because some search engines use the meta description tag to determine the relevance of a website to a search, it is important to include appropriate keywords in this source code description as well. To the extent that some search engines will also use this tag as the description for search results, it is also important for the purposes of click frequency to make sure the tag entices the searcher to enter the site. ALT tags are used in source code to describe an image that appears on a page, while comment tags are internal notes used by source code programmers. While these do not have the importance of the keyword and description tags, some search engines that use spiders scan these tags, and adding keywords to them will increase keyword frequency and can therefore potentially increase the relevance of a website to a search. For more information on the use of tags and general tips for optimizing search engine results, see the guides at SearchEngines.com (available at http://www.searchengines.com/intro_optimize.html) and SearchEngineWatch.com (available at http://searchenginewatch.com/webmasters/index.html).
For legal issues surrounding use of keywords and meta tags, see Prof. William W. Fisher, Linking, Framing, Meta Tags, and Caching at http://cyber.law.harvard.edu/property00/metatags/main.html.
Back to TOC