Header graphic for print


Updates on Developments in Global Privacy & Data Security

The CJEU’s Nintendo v. PC Box: ‘Proportionate’ DRMs?

Posted in Intellectual Property

By Alain Strowel, Michael Clancy and Hee-Eun Kim

On January 23, 2014, the Court of Justice of the European Union (CJEU) ruled on the legality of anti-circumvention measures or DRMs for video games (Case C-355/12 Nintendo v. PC Box).[1]  Here are the links to the full text of the judgment and the non-binding Advocate General’s opinion.

In the EU, DRMs are protected against circumvention under Article 6 of the Copyright Directive.  The plaintiff Nintendo’s DRM was capable of blocking not just illegal copies but also independent games, programs and other multimedia content.  A mod chip maker PC Box opposed it as being not “proportionate” under EU law.

The CJEU ruled that, although Article 6 of the Copyright Directive defines DRMs broadly, the legal protection applies to DRMs that are “proportionate” under EU law.[2]  To assess the proportionality of a DRM, according to the CJEU, it is necessary to ask whether a less restrictive technological measure, if any, could have achieved the same goal of protecting copyright without preventing legitimate activities.  For this assessment, the CJEU discussed the following factors.

Relevant factors for assessing the proportionality of a DRM:

  • Whether the DRM prohibit devices or activities which have a “commercially significant purpose or use other than to circumvent the technical protection (emphasis added)”;[3]
  • A comparison of the cost and effectiveness of the DRM versus available alternatives;
  • A survey of evidence on the purpose and actual use of a circumventing device:  namely how often the device was used for copyright-infringing purposes and other purposes;
  • The current state of technology;[4]
  • (The copyright holder’s particular intention of use is not relevant to the analysis.)[5]

What might be the consequences of a ‘disproportionate’ DRM?  A copyright holder with a ‘disproportionate’ DRM will not be able to rely on the legal protection of a DRM as a basis to challenge providers of mod chips or other circumvention devices.  According to the CJEU, legal protection is “granted only with regard to [DRMs] preventing or eliminating, as regards works, acts not unauthorized by the rightholder of copyright […]” and “[t]hose measures must be suitable for achieving that objective and must not go beyond what is necessary for this purpose.”[6]  Thus, “if such measures prevent also acts which do not require authorization then, if they could have been designed so as to prevent only acts which require authorization, they are disproportionate and do not qualify for protection (emphasis added).”[7]  In those circumstances, the right holder cannot rely on the DRM protection, but (s)he can of course still invoke a copyright violation.  Some questions, for example whether a ‘disproportionate’ DRM may lead to an antitrust or unfair competition claim, were not addressed by the CJEU.

The ruling contains an additional language which can support companies’ control over resale of game copies acquired through digital distribution e.g., by downloading.  In UsedSoft, the CJEU previously held that under the Software Directive the distribution right of lawfully downloaded software is exhausted after its first sale and that a user license for an unlimited period with a one-time payment is a sale which triggers exhaustion.  In addition, the CJEU in UsedSoft noted that the Software Directive constitute a lex specialis in relation to the Copyright Directive, which means that the applicability of the Software Directive is limited to software.

By reiterating the relationship between the two Directives, the CJEU appears to imply that the scope of the UsedSoft ruling is not extended to resale of a video game which is not ‘pure’ software.  The CJEU noted that original graphic and sound elements of a complex video game can be protected by copyright in the context of the Copyright Directive.


[1] Case C-355/12 Nintendo v. PC Box (January 23, 2014).

[2] This is not the first time that the proportionality principle is introduced to balance IP rights and other interests.  See e.g., Case C-128/11 UsedSoft v. Oracle (3 July 2012);  Case C-70/10 Scarlet v. SABAM (24 November 2011);  and Case C-403/08 Premier League (October 4, 2011).

[3] Recital 48 of the Copyright Directive.

[4] AG Opinion, Case C-355/12 Nintendo v. PC Box (September 19, 2013), para. 52.

[5] AG Opinion, Case C-355/12 Nintendo v. PC Box (September 19, 2013), para. 67.

[6] Case C-355/12 Nintendo v. PC Box (January 23, 2014), para. 31.

[7] AG Opinion, Case C-355/12 Nintendo v. PC Box (September 19, 2013), para. 52.


Annual FCC CPNI Certification Due by March 1

Posted in Privacy & Data Security, Telecommunications

Yesterday, the Federal Communications Commission’s (FCC’s) Enforcement Bureau issued a reminder that annual CPNI certifications for calendar year 2013 must be filed with the FCC by March 1, 2014.

The FCC requires telecommunications service providers (including paging providers, commercial mobile radio services providers, and calling card providers) and interconnected VoIP service providers to file an annual report certifying compliance with the FCC’s rules protecting Customer Proprietary Network Information (CPNI). CPNI includes the sensitive information that a customer makes available to the carrier solely by virtue of the carrier-customer relationship, such as the phone numbers of calls made and received by the customer, the frequency, duration, and timing of such calls, and the services purchased by the customer.

The FCC’s CPNI rules impose limitations on the use and disclosure of a customer’s CPNI. Among other things, carriers must take reasonable measures to safeguard CPNI, are restricted in their use or disclosure of such information to third parties, and must notify customers of security breaches involving CPNI.  Failure to comply with the CPI rules, including the annual certification requirement, may subject a company to an enforcement action, including monetary forfeitures of up to $160,000 for each violation or each day of a continuing violation, up to a maximum of $1,575,000.

The following is an overview of the elements that must be included in the FCC’s CPNI annual certification. Note that all of this information must pertain to the entire previous calendar year (2013):

  • an officer of the company must sign the compliance certificate;
  • the officer must affirmatively state in the certification that he or she has personal knowledge that the company has established operating procedures that are adequate to ensure compliance with the CPNI rules;
  • the company must provide a written statement accompanying the certification explaining how its operating procedures ensure that it is or is not in compliance with the CPNI rules (simply stating that the company has adopted operating procedures without explaining how compliance is being achieved does not satisfy this requirement);
  • the company must include an explanation of any actions taken against data brokers, or an affirmative statement that there were no such actions; and
  • the company must include a summary of all consumer complaints received in the prior year concerning unauthorized release of CPNI, or an affirmative statement that there were no such complaints.

The FCC has provided a suggested CPNI Certification Template to help companies ensure that their certifications contain all of the required information. Use of the template is not mandatory.

Do We Have a Right to Online Anonymity? Depends On Which Judge You Ask

Posted in Privacy & Data Security

The Edward Snowden leaks have forced Americans to question whether the government monitors their online activities.  But intelligence-gathering is not the only government threat to Internet privacy: plaintiffs in defamation cases are using court subpoenas to attempt to unmask Internet users’ identities.

In some seedy corners of the Internet, commenters use the veil of anonymity to utter vulgar, false, and damaging comments that they likely would never write if their names were attached.  Some defamation victims file lawsuits to mitigate the harm to their reputations.  Before they can collect damages, they must identify the defendant, and they typically accomplish this by issuing a subpoena to the defendant’s Internet Service Provider, seeking the defendant’s name and address.

Although these repulsive cases receive much publicity, they represent only a sliver of all anonymous online speech.  Online anonymity enables commenters to express unpopular political views, expose government corruption, and seek information about sensitive topics such as personal health.  Indeed, anonymous speech was the cornerstone of our nation’s founding, with the publication of the Federalist Papers under the pseudonym Publius.  Removing protections for anonymity would, to some degree, chill a form of speech that has been a bedrock of American democracy.

For more than a decade, state and federal judges have attempted to balance these competing interests as they determine whether the First Amendment protects the right to speak anonymously online.   Some courts require plaintiffs to demonstrate an exceptionally strong defamation case, and to satisfy numerous procedural requirements, before the courts will enforce subpoenas for the identity of anonymous Internet posters.  Other courts provide very little, if any, protection for online anonymous speech.

The issue came to a head in two recent defamation cases in the past month.  The Virginia Court of Appeals ordered Yelp to disclose the identities of seven users who wrote negative reviews of Alexandria, Va. carpet cleaning company.  Because the carpet cleaning company suggested that the reviewers were not actually customers, the court held that the reviewers’ identities were not protected under the First Amendment or state law.  The Court acknowledged that customers’ opinions on Yelp are generally protected opinion under the First Amendment, but reasoned that if “the reviewer was never a customer of the business, then the review is not an opinion; instead, the review is based on a false statement of fact—that the reviewer is writing his review based on personal experience.”

Also last month, a three-judge panel of the Michigan Court of Appeals granted a protective order that prevented a Warren, Mich. public works official from using court discovery to unmask the identities of people who anonymously criticized him on a local message board.   But the Michigan judges struggled to distinguish their decision from last year’s decision by another three-judge panel on the same court, which held that Michigan’s discovery rules, and not the First Amendment, apply to such requests.  In last week’s decision, the judges recognized the lack of concrete standards on this “complex and emerging” issue, and invited the state Legislature or Supreme Court “to consider anew this important question.”

Although the threat to anonymity is most commonly present in online defamation cases, it arises in other types of cases as well.  For instance, a federal magistrate judge in New Orleans recently granted a criminal defendant’s request to force the New Orleans Times-Picayune to provide identifying information about online commenters who had posted about a criminal investigation into the defendant.  The magistrate judge wrote that if the commenters was a Justice Department manager, “his or her identity might lead to the conclusion that there was a pattern, policy or practice of pre-indictment prosecutorial misconduct in the accusatory process material to Jackson’s defenses alleging violations of her due process rights.” The Times-Picayune has moved to quash the subpoena.

If one thing is clear, it is that there is no clarity.  State and federal courts will continue to issue a mish-mash of conflicting opinions that provide little consistency or certainty for online speech.  The U.S. Supreme Court, which is the final arbiter of all things constitutional, has not ruled the right to anonymous online speech.  The lower courts have been forced to guess the proper constitutional outcome based the Supreme Court’s most recent opinion on anonymous speech, a 2002 case involving a municipal requirement for door-to-door solicitors to display a permit that lists their name.

Eventually, the U.S. Supreme Court will have no choice but to provide a concrete guidance on whether the First Amendment protects anonymous online speech.  When it does, the justices should ensure that plaintiffs cannot use the court system to chill speech and suppress unpopular viewpoints.

Some plaintiffs have good reason to attempt to expose the identities of individuals who make revolting, untrue, and damaging comments online.  But these trolls are a vocal minority of online speakers.  Courts should not address these rare cases by eroding the First Amendment protections that have been vital to our nation’s political discourse for centuries.

–  Jeff Kosseff is a media and privacy associate at Covington & Burling LLP.  The views expressed are those of the author and not of the firm.

Journalists Nationwide Face Surge of Subpoenas in Federal and State Courts

Posted in Privacy & Data Security, Uncategorized

Reporters nationwide have faced a flurry of subpoenas in recent months, calling into question whether journalists can guarantee confidentiality to sources.  The repeated attempts to force journalists to reveal their confidential sources and other information about their newsgathering demonstrate the need for strong reporter “shield laws” on both the federal and state level.

Among some recent examples of attempts to force reporters to reveal information in federal court:

  • The lawyer for former Trenton, N.J. mayor Tony Mack, who is facing federal corruption charges, issued a subpoena to a reporter for the Trenton Times, to ask about the reporter’s interview of a co-defendant.
  • A military judge ordered CNN and CBS to release unaired interview footage as part of a Naval Academy midshipman’s court-martial on charges of aggravated sexual assault and false statements.
  • New York City’s lawyers subpoenaed a Village Voice reporter for recordings that he obtained as part of his investigation into New York Police Department’s manipulation of police reports.

These recent cases demonstrate that journalists face the constant threat of being forced to reveal confidential information in federal courts.   At the federal level, Congress has not yet enacted a shield law.  Last September, the Senate Judiciary Committee, in a 13-5 vote, approved a bill that would prevent federal prosecutors, agencies, and civil litigants from forcing journalists to reveal their confidential sources without court approval.  The Free Flow of Information Act (FFIA), sponsored by Sens. Charles Schumer, D-N.Y., and Lindsay Graham, R-S.C, would require anyone seeking confidential source information to exhaust alternative sources, demonstrate that the information is essential to the resolution of the matter, and would require a federal judge to conduct a balancing test to determine whether to allow a prosecutor or litigant to subpoena a journalist in federal court.  The bill now awaits a vote in the full Senate. 

Similarly, at the state level, prosecutors and litigants are also attempting to force journalists to reveal information about their reporting.  Among some recent examples:

  • The publisher and a reporter from The Edina Sentinel in Missouri received subpoena for information about their coverage of a murder trial. 
  • As part of an investigation into a shooting, a detective served a search warrant at the Daily Herald in Everett, Wash., seeking the identity of a person who posted a comment on the newspaper’s website.
  • A Missouri prosecutor issued a subpoena to a St. Louis Post-Dispatch reporter for testimony about a confrontation that the reporter allegedly witnessed in courthouse elevators.
  • The Union County, N.J. prosecutor subpoenaed a local blogger who writes critical articles about the county government, seeking the names of county employees who she alleged wrongly used the county’s generators after Hurricane Sandy.
  • Lawyers for a former water district official in Nevada, who is facing a criminal trial for misconduct of a public official, subpoenaed the Mesquite Citizen Journal for documents, computer hard drives, audio recordings, and videotapes.
  • A reporter in Philadelphia was subpoenaed by a civil plaintiff for information related to his ongoing coverage of a sex abuse scandal in the Philadelphia Catholic Church.
  • The lawyer representing the Texas Windstorm Insurance Association subpoenaed the Austin American-Statesman for notes, emails, and other unpublished information, as part of its defense of a civil lawsuit.  The lawyer later withdrew the subpoena after the newspaper announced plans to challenge it.

Because these subpoenas are in state courts, the federal shield law would not apply to these cases. But they are illustrative of the continued pressure that journalists face to reveal their sources.  Although most states provide some protection either through statute or common law, that protection is not absolute, and even if the subpoena violates the shield law, litigants and prosecutors may still attempt to issue it. 

–  The author, a media and privacy lawyer at Covington & Burling, represents a 70-member media coalition seeking passage of the FFIA.  The views expressed are those of the author and not of the firm.

FDA Issues Draft Guidance on Postmarketing Requirements for Promotion on Social Media

Posted in Social Media

On January 13, 2014, FDA issued a draft guidance document entitled “Fulfilling Regulatory Requirements for Postmarketing Submissions of Interactive Promotional Media for Prescription Human and Animal Drugs and Biologics.”  This draft guidance addresses the procedural topic of submitting Forms FDA 2253 and 2301 when firms use social media such as blogs, microblogs, social networking sites, online communities, and podcasts to promote human and animal drugs. Although the draft guidance focuses on the submission of postmarketing reports for drugs and biologics, it addresses the broader principle of when firms are responsible for various types of social media communications.  It remains to be seen whether the principles discussed in the draft guidance will be adopted by the Center for Devices and Radiological Health (CDRH) and applied to device promotion.  A summary of the guidance, and a discussion of the issues it raises, can be found in our recent e-alert, here.

Court Strikes Net Neutrality Rules, Leaves Path for Other Broadband Regulations

Posted in Broadcasting & Cable, Telecommunications

A federal appeals court struck down key parts of the Federal Communications Commission’s Open Internet Order in a Jan. 14 decision, ruling that the FCC’s “net neutrality” rules improperly regulate broadband providers like “common carriers” — such as providers of traditional telephone service — even though the FCC has classified broadband providers as not subject to common-carrier obligations.   Importantly, however, the court held that the FCC has direct authority to impose restrictions on broadband providers as long as such rules do not amount to common carrier regulation.

The FCC’s 2010 Open Internet Order generally prohibited both “fixed” and mobile broadband providers from blocking users’ access to lawful online content and services, with fixed providers — such as cable companies — subject to tighter restrictions than mobile operators.  In addition, the rules barred fixed broadband providers from “unreasonably” discriminating between different kinds of Internet traffic.

The FCC’s asserted goal was to prevent service providers from using their control of consumers’ broadband connections to prevent or discourage subscribers from using online voice, video, or other services that compete with the broadband provider’s own offerings.  The Commission concluded that such efforts would impair the spread of broadband, and the FCC found preventing such impairment was one of the mandates of the 1996 Telecommunications Act.   Verizon challenged the FCC’s rules as unnecessary, lacking in a statutory basis, and contrary to the Communications Act requirement that only traditional telephone companies can be subject to common carrier regulation.

In Tuesday’s decision, the U.S. Court of Appeals for the D.C. Circuit upheld the FCC’s judgments on a number of points, including that the rules were a rational policy tool to promote broadband and that the rules had a statutory basis in Section 706 of the 1996 Act, which heretofore had been characterized by the FCC as simply hortatory.  However, the court concluded that the anti-blocking and anti-discrimination rules violated statutory prohibitions on imposing common carrier rules on non-carriers.   The court upheld a separate rule requiring broadband providers to disclose their network management practices. Continue Reading

FCC Proposes $200,000 Fine For Simulated EAS Codes

Posted in Broadcasting & Cable

The FCC has proposed fining Turner Broadcasting System $200,000 for allegedly transmitting simulated Emergency Alert System (EAS) codes 14 times over a six day period in the absence of an actual emergency.   Two viewers complained that an advertisement that aired on Turner’s Adult Swim Network (which shares channel airtime with the Cartoon Network) contained audio that they confused with EAS codes.  The FCC agreed that even though the advertisement did not contain any embedded EAS data, the sounds used in the ad were substantially similar to the sounds made by the transmission of EAS codes.  The advertisement aired seven times each on Turner’s east coast and west coast feeds, leading to the FCC to determine that it aired a total of 14 times.

In addition to this proposed fine for Turner, the FCC has issued several other enforcement decisions recently concerning simulated EAS sounds.  Therefore EAS participants, including broadcasters and multi-channel video programming distributors, as well as cable networks, should be very careful to ensure that programming does not contain any audio that could be confused with the EAS attention signal or codes.  Even where, as here, a third party prepares the content that contains the alleged simulation, FCC-regulated entities face potential penalties.

SpectrumWatch: FCC Releases Information Related to Repacking Process

Posted in Broadcasting & Cable, Spectrum & Mobile

Last week, the FCC released a Public Notice (“PN”), following up on its July Public Notice, concerning the software to be used during the Incentive Auction to determine whether the acceptance of each bid from a broadcaster will result in a feasible, and optimal, repacking process.

Continue Reading

Supreme Court Agrees to Hear Aereo

Posted in Broadcasting & Cable

Today, the U.S. Supreme Court agreed to hear litigation between broadcasters and Aereo, a streaming service that retransmits broadcast programming without consent or payment.  Broadcasters argue that Aereo infringes their exclusive right to publicly perform copyrighted works.  Aereo contends that its system uses one antenna per subscriber to provide each user a separate copy of the programs streamed and thus it is not “publicly” performing the works.  The Court will likely issue a decision by the end of June.

Continue Reading

Virginia Court Scales Back Right to Online Anonymity

Posted in Privacy & Data Security

The Virginia Court of Appeals held this week that Internet users who may have posted fake reviews of companies do not have a right to remain anonymous. 

Hadeed Carpet Cleaning in Alexandria, Va., filed a defamation lawsuit against seven Yelp users who wrote critical reviews about Hadeed and a related business.  Hadeed claims that it could not locate any records that suggest that any of the seven reviewers were Hadeed customers.

After filing the suit, Hadeed subpoenaed Yelp for information that would identify the seven reviewers.  Yelp opposed the subpoena, arguing, among other things, that it did not comply with Virginia law and the First Amendment.

On Tuesday, the Virginia Court of Appeals in a 2-1 decision affirmed the state trial court’s decision to enforce the subpoena.  A Virginia statute requires a subpoena for the identity of an anonymous Internet users’ identity to identify communications “that are or may be tortious or illegal.” The appellate court acknowledged that in general, a Yelp review “is entitled to First Amendment protection because it is a person’s opinion about a business that they patronized.”  But the court held that this protection only applies if the reviewer is an actual customer whose review is based on personal experience with the business.   If the reviewer never actually patronized the business, the court held, the review is a false statement of fact that is not entitled to First Amendment protection.

Also notable is the court’s decision to base its decision exclusively on a Virginia statute that outlines procedural rules for the issuance of such subpoenas.  State and federal courts in other states have long relied on First Amendment tests developed by courts in New Jersey and Delaware, and which are generally seen as providing strong protections for anonymous online speech.  But the Virginia court rejected these tests, concluding that by adopting the statute, “the General Assembly considered persuasive authority from other states and made the policy decision to include or exclude factors that other states use in their unmasking standards.”  The Virginia ruling is the latest in a string of recent decisions, which we have covered here, that refuses to apply the New Jersey and Delaware First Amendment tests.

Judge James W. Haley dissented in part, writing that a “business subject to critical commentary, commentary here not even claimed to be false in substance, should not be permitted to force the disclosure of the identity of anonymous commentators simply by alleging that those commentators may not be customers because they cannot identify them in their database.”