e-Commerce Docket Sheet

Credit-Card Issuing Banks
May Benefit from Data Security Reqs.

Credit-card issuing banks may seek reimbursement for losses in connection with a breach-of-data network security at a retail store on the theory that they were intended beneficiaries of the information-security agreement between the retailer's payment processor/acquiring bank and the credit-card system. Sovereign Bank v. BJ's Wholesale Club, Inc., 2008 U.S. App. LEXIS 15098 (3d Cir. July 16, 2008). In a consolidated action, the appeals court reversed the lower court's grant of summary judgment to the defendant-acquiring bank on the plaintiffs' breach-of-contract claim, but affirmed the dismissal of the plaintiffs' negligence claims against the acquiring bank and retailer based on the economic-loss doctrine. The credit-card issuing banks brought suit against the retailer and the acquiring bank that processed the retailer's credit-card transactions, claiming that a resulting security breach, which forced the issuing bank to incur expenses related to unauthorized charges and the issuance of replacement credit cards, was caused by the retailer's failure to comply with the Cardholder Information Security Program (“CISP”) required by the acquiring bank's agreement with the credit-card system. In particular, the issuing bank claimed that the retailer's transaction-processing system retained and stored full magnetic-stripe data from the credit cards after processing a transaction, in violation of the CISP. The appeals court stated that the issuing banks met the burden of producing sufficient evidence that the credit-card system intended to give it the benefit of the payment processor's promise to the credit-card system to ensure its merchants complied with the CISP, and remanded the case for further proceedings on the breach-of-contract claim.

The subcontract between two parties to a software transaction that included a “pay-if-paid” clause is enforceable despite the fact that the transaction falls under Virginia's adopted version of the Uniform Computer Information Transaction Act (“UCITA”), which appears to bar the usage of such terms. Pilar Services, Inc. v. NCI Information Systems, Inc., No. 07-1162, 2008 U.S. Dist. LEXIS 49792 (E.D. Va. June 30, 2008). The court granted the defendant's motion for summary judgment, ruling that the parties' subcontract, not UCITA, governed the terms of the transaction because UCITA provides that individual parties may agree to their own contractual terms and “may choose the applicable law.” The court found that the pay-if-paid clause was enforceable and a valid defense that barred the plaintiff from recovery of its breach-of-contract claim because the defendant was not obligated to pay the plaintiff under the subcontract until it received payment from its government client.

A cable TV company's remote-storage digital video recorder (“RS-DVR”) system that would allow subscribers the option to record television programming on the company's own servers for subsequent personal viewing does not amount to direct copyright infringement. The Cartoon Network LP v. CSC Holdings, Inc., 2008 U.S. App. LEXIS 16458 (2nd Cir. Aug. 4, 2008). The appeals court reversed the lower court's grant of summary judgment to the plaintiff-television programming content owners and vacated a preliminary injunction barring the cable company from operating the RS-DVR system without licenses from its content providers. The court ultimately granted summary judgment in favor of the defendant cable company because the proposed RS-DVR did not directly infringe the plaintiff's exclusive rights to reproduce and publicly perform the copyrighted works. As to the playback copies that would be placed onto the customer's allotted space on the company's internal servers when a customer requests a recording of a particular program, the court concluded that playback copies produced by the RS-DVR system were “made” by the RS-DVR customer, and the cable company's contribution to this reproduction by providing the system hardware did not warrant the imposition of direct liability. The court commented that: “[A]n RS-DVR customer is [not] sufficiently distinguishable from a VCR user to impose liability as a direct infringer on a different party for copies that are made automatically upon that customer's command.” As to claims of infringement of the exclusive right of public performance when recorded programming is transmitted to a user's home television, the court concluded that the RS-DVR playback does not involve the transmission of a performance “to the public” as required under the Copyright Act. In looking to “identify the potential audience of a given transmission,” the court reasoned that the RS-DVR system would make playback transmissions to one subscriber using a unique copy produced by that subscriber and, as such, the universe of people capable of receiving transmissions of a program was the single subscriber and could not be considered performances “to the public.”

A company that advertised “free” software CDs but imposed hidden restrictions and credit-card charges on consumers settled Federal Trade Commission (“FTC”) charges that it engaged in deceptive practices under the FTC Act by agreeing to halt future violations and pay $2.1 million in consumer redress. FTC v. Think All Publishing, L.L.C., No. 4:07CVIl (E.D. Tex. Stipulated Final Judgment May 28, 2008). According to the government's complaint, the defendants engaged in deceptive practices in promoting and selling its “free” software CDs to Internet users, who were then unknowingly enrolled in a software-continuity program if the CDs were not returned and would thereafter receive additional CDs and be subject to charges on their credit cards. Under the settlement, the defendants are required, among other things, to refrain from violations of the FTC Act and Unordered Merchandise Statute in the future, disclose all terms and conditions of any negative-option offers, pay a civil fine and allow the agency to monitor compliance with the settlement.

A forum-selection clause contained within a set of terms and conditions on a party's Web site that was sufficiently incorporated into a written contract is enforceable. Micrometl Corp. v. Tranzact Technologies, Inc., No. 1:08-cv-0321, 2008 U.S. Dist. LEXIS 44736 (S.D. Ind. June 5, 2008). The court granted the defendant's motion to enforce the forum-selection clause and transfer the action to the venue dictated by the clause. The court found that the plain language of the signed contract sufficiently referenced, and thereby incorporated, the terms contained on the party's Web site. The court also found that the fact that the contract referred to the additional terms posted on the Web site as “principles” and “rules,” and not as terms or conditions, did not alter the outcome.

Credit-Card Issuing Banks
May Benefit from Data Security Reqs.

Credit-card issuing banks may seek reimbursement for losses in connection with a breach-of-data network security at a retail store on the theory that they were intended beneficiaries of the information-security agreement between the retailer's payment processor/acquiring bank and the credit-card system. Sovereign Bank v. BJ's Wholesale Club, Inc., 2008 U.S. App. LEXIS 15098 (3d Cir. July 16, 2008). In a consolidated action, the appeals court reversed the lower court's grant of summary judgment to the defendant-acquiring bank on the plaintiffs' breach-of-contract claim, but affirmed the dismissal of the plaintiffs' negligence claims against the acquiring bank and retailer based on the economic-loss doctrine. The credit-card issuing banks brought suit against the retailer and the acquiring bank that processed the retailer's credit-card transactions, claiming that a resulting security breach, which forced the issuing bank to incur expenses related to unauthorized charges and the issuance of replacement credit cards, was caused by the retailer's failure to comply with the Cardholder Information Security Program (“CISP”) required by the acquiring bank's agreement with the credit-card system. In particular, the issuing bank claimed that the retailer's transaction-processing system retained and stored full magnetic-stripe data from the credit cards after processing a transaction, in violation of the CISP. The appeals court stated that the issuing banks met the burden of producing sufficient evidence that the credit-card system intended to give it the benefit of the payment processor's promise to the credit-card system to ensure its merchants complied with the CISP, and remanded the case for further proceedings on the breach-of-contract claim.

The subcontract between two parties to a software transaction that included a “pay-if-paid” clause is enforceable despite the fact that the transaction falls under Virginia's adopted version of the Uniform Computer Information Transaction Act (“UCITA”), which appears to bar the usage of such terms. Pilar Services, Inc. v. NCI Information Systems, Inc., No. 07-1162, 2008 U.S. Dist. LEXIS 49792 (E.D. Va. June 30, 2008). The court granted the defendant's motion for summary judgment, ruling that the parties' subcontract, not UCITA, governed the terms of the transaction because UCITA provides that individual parties may agree to their own contractual terms and “may choose the applicable law.” The court found that the pay-if-paid clause was enforceable and a valid defense that barred the plaintiff from recovery of its breach-of-contract claim because the defendant was not obligated to pay the plaintiff under the subcontract until it received payment from its government client.

A cable TV company's remote-storage digital video recorder (“RS-DVR”) system that would allow subscribers the option to record television programming on the company's own servers for subsequent personal viewing does not amount to direct copyright infringement. The Cartoon Network LP v. CSC Holdings, Inc., 2008 U.S. App. LEXIS 16458 (2nd Cir. Aug. 4, 2008). The appeals court reversed the lower court's grant of summary judgment to the plaintiff-television programming content owners and vacated a preliminary injunction barring the cable company from operating the RS-DVR system without licenses from its content providers. The court ultimately granted summary judgment in favor of the defendant cable company because the proposed RS-DVR did not directly infringe the plaintiff's exclusive rights to reproduce and publicly perform the copyrighted works. As to the playback copies that would be placed onto the customer's allotted space on the company's internal servers when a customer requests a recording of a particular program, the court concluded that playback copies produced by the RS-DVR system were “made” by the RS-DVR customer, and the cable company's contribution to this reproduction by providing the system hardware did not warrant the imposition of direct liability. The court commented that: “[A]n RS-DVR customer is [not] sufficiently distinguishable from a VCR user to impose liability as a direct infringer on a different party for copies that are made automatically upon that customer's command.” As to claims of infringement of the exclusive right of public performance when recorded programming is transmitted to a user's home television, the court concluded that the RS-DVR playback does not involve the transmission of a performance “to the public” as required under the Copyright Act. In looking to “identify the potential audience of a given transmission,” the court reasoned that the RS-DVR system would make playback transmissions to one subscriber using a unique copy produced by that subscriber and, as such, the universe of people capable of receiving transmissions of a program was the single subscriber and could not be considered performances “to the public.”

A company that advertised “free” software CDs but imposed hidden restrictions and credit-card charges on consumers settled Federal Trade Commission (“FTC”) charges that it engaged in deceptive practices under the FTC Act by agreeing to halt future violations and pay $2.1 million in consumer redress. FTC v. Think All Publishing, L.L.C., No. 4:07CVIl (E.D. Tex. Stipulated Final Judgment May 28, 2008). According to the government's complaint, the defendants engaged in deceptive practices in promoting and selling its “free” software CDs to Internet users, who were then unknowingly enrolled in a software-continuity program if the CDs were not returned and would thereafter receive additional CDs and be subject to charges on their credit cards. Under the settlement, the defendants are required, among other things, to refrain from violations of the FTC Act and Unordered Merchandise Statute in the future, disclose all terms and conditions of any negative-option offers, pay a civil fine and allow the agency to monitor compliance with the settlement.

A forum-selection clause contained within a set of terms and conditions on a party's Web site that was sufficiently incorporated into a written contract is enforceable. Micrometl Corp. v. Tranzact Technologies, Inc., No. 1:08-cv-0321, 2008 U.S. Dist. LEXIS 44736 (S.D. Ind. June 5, 2008). The court granted the defendant's motion to enforce the forum-selection clause and transfer the action to the venue dictated by the clause. The court found that the plain language of the signed contract sufficiently referenced, and thereby incorporated, the terms contained on the party's Web site. The court also found that the fact that the contract referred to the additional terms posted on the Web site as “principles” and “rules,” and not as terms or conditions, did not alter the outcome.