Thursday, November 21, 2013

Can Spam Act preempts state SPAM law where misrepresentation is not material

DAVISON DESIGN & DEVELOPMENT INC. v. Riley, Dist. Court, ND California 2013

ISSUE: Is state cause of action for SPAM preempted by the Can Spam Act?

RULE: State SPAM laws are preempted by Can Spam Act, except when they address fraud or misrepresentation. 

HELD:  State cause of action preempted by Can Spam Act where misrepresentation was not material.


"First, the parties dispute the scope of the exception to CAN-SPAM preemption. Plaintiffs argue that Riley must allege a claim for fraud in order to avoid preemption, while Riley argues that the "falsity or deception" language used in the statute creates a broader exception, encompassing more than just claims for fraud. As an example, Riley points to Cal. Civ. Code § 1710, which defines the tort of "deceit," and which does not require the elements of common-law fraud, including reliance. While the relevant Ninth Circuit authority on this issue (Gordon v. Virtumundo, 575 F.3d 1040 (9th Cir. 2009)) does use the word "fraud" when discussing the preemption exception, the court agrees with Riley that Gordon does not necessarily limit the exception to fraud claims. And while Gordon did not answer the question of whether a party must plead reliance and damages in order to avoid CAN-SPAM preemption, the court agrees with and adopts the reasoning set forth in two post-Gordon district court cases, both of which held that "reliance and damages need not be demonstrated to save a lawsuit from preemption." Asis Internet Services v. Member Source Media, LLC, 2010 WL 1610066, at *3 (N.D. Cal. Apr. 20, 2010); see also Asis Internet Services v. Subscriberbase Inc., 2010 WL 1267763 (N.D. Cal. Apr. 2, 2010). Riley need not establish reliance and damages in order to avoid preemption; instead, as long as she can establish that plaintiffs "were responsible for making knowing and material misrepresentations," her counter-claim "will sound in `falsity or deception' and will not be preempted by the CAN-SPAM Act." See Subscriberbase, 2010 WL 1267763 at *13. Specifically, if Riley can establish that the presence of her own name in the "from" line of the seven emails at issue was materially false or deceptive, her counter-claims will avoid preemption.

"Applying that standard, the court finds that while the use of Riley's name in the "from" line was indeed false, the fact that Riley would have immediately recognized the use of her own name puts her counter-claims in the same category as the "non-deceptive statements" that were rejected by the Gordon court. Upon receiving the emails, Riley would have instantly known that she did not send those emails to herself, and thus, the emails could not have been deceptive in any meaningful way. Thus, any falsity or deception was not sufficiently "material" to avoid preemption. The court recognizes that the factual circumstances of this case are unique, and that a misrepresentation as to the identity of the sender of emails will indeed be material in many cases. For instance, if Riley had received emails from plaintiffs with the name of one of Riley's personal contacts in the "from" line, those emails might well give rise to a non-preempted claim. However, as to the seven emails at issue, the court fails to see how Riley could have been deceived into believing that she sent herself these emails, and fails to see how any reasonable person could be deceived by an email bearing his or her own name in the "from" line. Accordingly, the court finds that Riley's counter-claims are preempted by CAN-SPAM, and hereby GRANTS summary judgment in favor of plaintiffs on the preemption issue. As discussed above, and for the reasons stated in the court's September 13, 2013 order (Dkt. 212), in which the court declined to exercise jurisdiction over claims relating to 108 of the emails, the court similarly declines to exercise declaratory judgment jurisdiction over plaintiffs' claims relating to these seven emails."


Tuesday, November 12, 2013

PRO-CONCEPTS, LLC v. Resh, Dist. Court, ED Virginia 2013 #ACPA #DNS

PRO-CONCEPTS, LLC v. Resh, Dist. Court, ED Virginia 2013 :: Motion for preliminary injunction for violation of AntiCybersquatting Consumer Protection Act denied.  Offer to sell domain name and website to trademark owner not bad faith where domain name owner "did so, not for financial gain, but for reimbursement. The evidence, as presented to the Court, indicates that [domain name owner] attempted to transfer the site to the markholder for an amount equal to the cost of acquiring and maintaining the domain."

Sunday, November 03, 2013

[NIST] Initiating Review of Cryptographic Standards Development Process

NIST Initiating Review of Cryptographic Standards Development Process
(This news article is also available on the Computer Security Resource Center (CSRC) website at:
Recent news reports about leaked classified documents have caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process.

NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the worldwide cryptography community to help us develop and vet algorithms included in our cryptographic guidance. NIST endeavors to promote confidence in our cryptographic guidance through these inclusive and transparent development processes, which we believe are the best in use.

Trust is crucial to the adoption of strong cryptographic algorithms. To ensure that our guidance has been developed according the highest standard of inclusiveness, transparency and security, NIST has initiated a formal review of our standards development efforts. We are compiling our goals and objectives, principles of operation, processes for identifying cryptographic algorithms for standardization, methods for reviewing and resolving public comments, and other important procedures necessary for a rigorous process.

Once complete, we will invite public comment on this process. We also will bring in an independent organization to conduct a formal review of our standards development approach and to suggest improvements. Based on the public comments and independent review, we will update our process as necessary to make sure it meets our goals for openness and transparency, and leads to the most secure, trustworthy guidance practicable.

Furthermore, we will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines. If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible.

Our mission is to protect the nation’s IT infrastructure and information through strong cryptography. We cannot carry out that mission without the trust and assistance of the world’s cryptographic experts. We’re committed to continually earning that trust.