Sunday, March 21, 2010

Beware of Default Judgments: Captcha Gotcha Spammers Under Digital Millenium Copyright Act


Craigslist is a wildly popular service for posting free classified advertisements.  Over the years I have hired a number of employees through Craigslist - responding quickly to an ad shows tech savvy, computer literacy and some level of good judgment.


Over the years we have all entered fuzzy, annoying-looking numbers and words into Captcha fields probably without thinking too much about it.   Captcha is a free spam-proofing device used by many websites to ensure that a human being is entering a website and using it for legitimate purposes.  There are numerous providers of Captchas, check out here and here.



From Wikipedia:

A CAPTCHA or Captcha (pronounced /ˈkæptʃə/) is a type of challenge-response test used in computing to ensure that the response is not generated by a computer. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because other computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. Thus, it is sometimes described as a reverse Turing test, because it is administered by a machine and targeted to a human, in contrast to the standard Turing test that is typically administered by a human and targeted to a machine. A common type of CAPTCHA requires that the user type letters or digits from a distorted image that appears on the screen.

I found one 2007 case finding CAPTCHA to be a technological measure to protect copyrighted materials, the circumvention of which would be a violation of the Digital Millenium Copyright Act. Ticketmaster L.L.C. v. RMG Technologies, Inc., 507 F. Supp. 2d 1096 (C.D. Cal. 2007)

In Craigslist, Inc. v. Naturemarket, Inc., C 08-5065 PJH, 2010 WL 807446 (N.D. Cal. Mar. 5, 2010) Craigslist sued a spammer who offered software that did auto posting on Craigslist and sold telephone-verified Craigslist accounts to other spammers or marketers.  To develop the software, the spammer had to access Craigslist, obtain data, code and images, steal telephone-verified accounts, and distribute that information.

When we go on a website, we usually click "I accept" the terms of use ("TOU").  This creates a contract or license agreement (a k a "end user license agreement" or EULA) governing use of the information obtained through the website or database accessed.

In Craigslist, Inc. v. Naturemarket, Inc., Craigslist sought to pursue the spammer through the Digital Millenium Copyright Act and through the terms of the TOU (essentially contract claims).

Craiglist was told by the spammer that he'd sold about $40,000 worth of the autoposter software.  Craigslist pursued both  Digital Millennium Copyright Act, 17 U.S.C. §§ 1201 ("DMCA") and the TOU (Contract) claims.

The spammer did not hire a lawyer to defend the lawsuit and failed to respond to pleadings and court notices.

Craiglist obtained default judgments pursuant to Rule 55 of the Federal Rules of Civil Procedure under both the DMCA for statutory damages of $470,000 and under the TOU (Contract) for $840,000. The court found the liquidated damages clause of $200 per unauthorized post to be enforceable.   The court accepted Craigslist's lowest estimate of unauthorized posts.  The spammer, Igor Gasov was held personally liable.

 Craigslist alleged that Defendants violated § 1201(a)(2) and (b)(1) of the DMCA. “A plaintiff alleging a violation of § 1201(a)(2) must prove: (1) ownership of a valid copyright on a work, (2) effectively controlled by a technological measure, which has been circumvented, (3) that third parties can now access (4) without authorization, in a manner that (5) infringes or facilitates infringing a right protected by the Copyright Act, because of a product that (6) the defendant either (I) designed or produced primarily for circumvention; (ii) made available despite only limited commercial significance other than circumvention; or (iii) marketed for use in circumvention of the controlling technological measure.” Ticketmaster L.L. C., 507 F.Supp.2d at 1111 (quoting Chamberlain Group, Inc. v. Skylink Tech., Inc., 381 F.3d 1178, 1203 (Fed.Cir.2004)).

The court found defendant's "auto poster" software to be a product violating the DMCA because it permitted posters to circumvent Craigslist's Captcha and telephone verification controls.



Looking at Google, we can see that the spammers did not get the message that auto poster software and selling verified Craigslist accounts can lead to significant personal liability.  It appears that the market for spamming Craiglist is quite large.  It is very dangerous not to defend these cases.   Craigslist's lawyers were awarded $65,038.20 in legal fees and $1,712.07 in costs.

No comments: