October 2, 2022

Annemarie Bridy

Annemarie Bridy has been a member of the faculty of the University of Idaho College of Law since 2007. Professor Bridy teaches Contracts, Copyrights, Introduction to Intellectual Property, and Cyberspace Law. Before joining the faculty, Professor Bridy was an associate with the lawfirm of Montgomery, McCracken, Walker & Rhoads in Philadelphia, where she practiced in the area of complex commercial litigation. Bridy holds a B.A from Boston University, a M.A from the University of California, Irvine, a Ph.D. from the University of California, Irvine, and a J.D. from Temple University James E. Beasley School of Law.

Cyberterrorism or Cybervandalism?

When hackers believed by the U.S. government to have been sponsored by the state of North Korea infiltrated Sony Pictures’ corporate network and leaked reams of sensitive documents, the act was quickly labeled an act of “cyberterrorism.” When hackers claiming to be affiliated with ISIS subsequently hijacked the YouTube and Twitter accounts of the U.S. military’s Central Command, military officials called it an act of “cybervandalism.” A third category of cyberattack, which presents definitional challenges of its own, is “cyberwarfare.” In terms of the nature and scale of any official response, it obviously matters quite a lot which bucket the government and the media choose when they categorize a cyberattack to the public. So how is that choice made as a descriptive matter? And how should it be made?

It seems to me that there are several potentially relevant factors to assess when drawing the semantic line between cyberterrorism and cybervandalism. The ones that spring to mind are the origin of the attack (e.g., state-sponsored v. state-aligned v. unaligned); the target of the attack (e.g., public infrastructure v. corporate infrastructure; critical infrastructure—however defined—v. non-critical infrastructure); the nature of the harm caused (e.g., personal injury v. injury to property); and the reach and severity of the harm caused (e.g., minor or major; isolated v. pervasive). Are these the right factors to take into account? If so, what configuration of factors makes a cyberattack an act of cyberterrorism as opposed to an act cybervandalism? And how should we distinguish both cyberterrorism and cybervandalism from cyberwarfare? Is cyberwarfare only state-to-state?

As the Internet is increasingly beset by attacks of all kinds from all quarters in the name of all different ideologies (or just lulz), it seems vital to have in place a stable, rational way of classifying cyberattacks so that official responses can be appropriate and proportional. I know there are a lot of cybersecurity experts who read FTT. I am definitely not one. I’d love to hear your thoughts about a principled taxonomy for cyberattacks. If there’s a good article about this out there somewhere, I’d be happy to get the citation.

Four Fair Use Takeaways from Cambridge University Press v. Patton

The most important copyright and educational fair use case in recent memory (mine, at least) was decided by the Eleventh Circuit Court of Appeals last week. The case, Cambridge University Press v. Patton, challenged Georgia State University’s use of e-reserves in courses offered by the university. The copyrighted works at issue were scholarly books–i.e., a mix of monographs, edited volumes, and portions thereof–not textbooks. This case is important because of its broad applicability to similarly situated academic institutions throughout the country that routinely engage in the same practices for which GSU was sued. It’s also important because the court’s decision re-articulated and faithfully followed some foundational fair use principles from prior case law. Readers of the case who are proponents of a vigorous fair use doctrine shouldn’t be disheartened by the fact that the Eleventh Circuit reversed the district court’s ruling in favor of GSU and remanded the case for reconsideration. Ultimately, this case is good news for educational fair use. Here are four reasons why:
[Read more…]

Google Fights Genericide Claim (and Wins)

Google’s famous trademark in its name has just survived a challenger’s attempt to have it declared generic. In Elliott v. Google, a federal court in Arizona held last week that despite the public’s use of the word “googling” to mean “searching on the Internet,” the “Google” word mark still functions in the minds of consumers primarily to identify Google, the Mountain View-based Internet company, as the source of the search service associated with the “Google” mark. The plaintiff in the case argued that the public’s use of a trademark as a verb necessarily signifies that the mark has become generic. The court disagreed:

Verb use of a trademark is not fundamentally incapable of identifying a producer or denoting source. A mark can be used as a verb in a discriminate sense so as to refer to an activity with a particular product or service, e.g., “I will PHOTOSHOP the image” could mean the act of manipulating an image by using the trademarked Photoshop graphics editing software developed and sold by Adobe Systems. This discriminate mark-as-verb usage clearly performs the statutory source-denoting function of a trademark.

The court went on to explain that a problem arises for a mark owner only if mark-as-verb usage is indiscriminate, and the mark becomes referentially unmoored in the public’s mind from the mark owner’s product or service.

[Read more…]

Takedown 2.0: The Trouble with Broad TROs Targeting Non-Party Online Intermediaries

On August 14, a federal district court in Oregon issued an ex parte temporary restraining order (TRO) in a civil copyright infringement case, ABS-CBN v. Ashby. The defendants in the case are accused of operating several “pirate websites” that infringe the plaintiffs’ copyrights in broadcast television programs. In addition to ordering the defendants to stop engaging in infringing conduct, the court ordered unspecified “Internet search engines, Web hosts, domain-name registrars, and domain name registries or their administrators [to] cease facilitating access to any or all domain names and websites through which Defendants engage in the [infringement] of Plaintiffs’ copyrighted works.” The court ordered the domain name registrars that had originally registered the defendants’ domain names to transfer the registrations for the pendency of the litigation to a new registrar chosen by the plaintiffs. It then ordered the new, as-yet-unidentified registrar to divert traffic from the defendants’ sites to a location displaying legal documents from the case. None of the online intermediaries targeted by the order is a named party in the case, and none was represented in court before the TRO issued.

A little over a week before the Oregon court issued its TRO, a federal district court in California issued a TRO in another “pirate website” case involving sites streaming and distributing pre-release copies of “The Expendables 3.” The California court’s order to stop providing services to the defendants was directed broadly to “persons and entities providing any services to or in connection with the domain names <limetorrents.com>, <billionuploads.com>, <hulkfile.eu>, <played.to>, <swankshare.com> and/or <dotsemper.com> or the websites to which any of those domain names resolve.” In addition to domain name registrars and hosting services, the California court’s order swept in “[a]ll banks, savings and loan associations, payment processors or other financial institutions, payment providers, third party processors and advertising service providers of Defendants.” Again, none of the online intermediaries targeted in the order is a named party in the case and none was represented in court before the TRO issued.

The reach of these orders is breathtaking, particularly in light of the non-party status of the targeted intermediaries. [Read more…]

Criminal Copyright Sanctions as a U.S. Export

The copyright industries’ mantra that “digital is different” has driven an aggressive, global expansion in criminal sanctions for copyright infringement over the last two decades. Historically speaking, criminal penalties for copyright infringement under U.S. law date from the turn of the 20th century, which means that for over a hundred years (from 1790 to 1897), copyright infringement was exclusively a civil cause of action. From 1897 to 1976, there were criminal penalties, but only misdemeanor ones. In 1976, felony penalties were introduced, but only for repeat offenders. Following enactment of the 1976 Copyright Act, the pace of amendments expanding criminal liability greatly accelerated—a trend that more or less coincided with the PC revolution. In 1982, felony penalties were extended to some first-time offenses, but not for all types of copyrighted works. In 1992, felony penalties were extended to all types of works. In 1997, as the commercial Internet was beginning its exponential growth, the No Electronic Theft (NET) Act eliminated a longstanding requirement of commercial motive for criminal liability, making some infringements criminally actionable even if they are undertaken without any expectation of financial gain. Under the NET Act, a willful infringer acting without any commercial motive faces up to three years in prison for reproducing or distributing as few as 10 unauthorized copies of a copyrighted work.

As criminal penalties have ballooned domestically, they have also been expanding internationally.  The international expansion in criminal copyright liability has occurred in part (and increasingly) through the vehicle of plurilateral and bilateral trade agreements. The United States uses its negotiating leverage in the trade policy arena to pressure trading partners, particularly less powerful ones, to incorporate strict IP norms into their domestic law.   [Read more…]