burden is on Ds to show unprotectability of what they copied

Compulife Software
Inc. v. Newman, 2020 WL 2549505, No. 18-12004, No. 18-12007 (11th Cir. May 20,
2020)
The opinion sums up:
The very short story: Compulife Software, Inc., which has developed and
markets a computerized mechanism for calculating, organizing, and comparing
life-insurance quotes, alleges that one of its competitors lied and hacked its
way into Compulife’s system and stole its proprietary data. The question for us
is whether the defendants crossed any legal lines—and, in particular, whether
they infringed Compulife’s copyright or misappropriated its trade secrets,
engaged in false advertising, or violated an anti-hacking statute.
The court of appeals
reversed the magistrate judge (which held a bench trial on consent) on copyright infringement and trade
secret misappropriation, though it upheld the finding of no false advertising.
Compulife sells
access to a database of insurance-premium information, the “Transformative
Database,” which contains up-to-date information on many life insurers’
premium-rate tables and thus allows for simultaneous comparison of rates from
dozens of providers. “Although the Transformative Database is based on publicly
available information—namely, individual insurers’ rate tables—it can’t be
replicated without a specialized method and formula known only within
Compulife.” Insurance agent clients can input demographic information and get
insurance rate estimates from the database; Compulife also licenses a “web quoter”
that allows the licensee to offer quotes directly to prospective purchasers who
enter their own demographic information on the licensee’s site. And Compulife sells
a more expensive license that allows licensees to create addons and sell access
to other Compulife licensees. It also gives consumers direct access to
life-insurance quotes on its own website, referring prospective life-insurance
purchasers to agents who pay Compulife for the referrals.
The defendants are
also in the business of generating life-insurance quotes at naaip.org. “NAAIP”
stands for National Association of Accredited Insurance Professionals, but as
the court below found, “NAAIP is not a real entity, charity, not-for-profit, or
trade association, and is not incorporated anywhere.” The defendants offer a
service similar to—and at least partially copied from—Compulife’s web quoter,
which they call a “Life Insurance Quote Engine,” and any agent can sign up for
a post-domain path on the site. If a visitor to an NAAIP site uses its link to
buy insurance, the defendants receive money for the referral. Defendants also
operate beyondquotes.com, which generates quotes and then generates revenue by
selling referrals to affiliated insurance agents.
I have to admit that
the process by which Compulife creates its database sounds either useless or
actively harmful to truthful comparison to me, though I don’t have all the details.
To create the database, Compulife’s CEO “draws on insurers’ publicly available
rate information, but he also employs a proprietary calculation technique—in
particular, a secure program to which only he has access and that only he knows
how to use.” But if he inserts a proprietary calculation technique, why are his
results predictive of rates that insurers would actually quote for given
demographics?
Anyway, Compulife argued
in one case that the defendants gained access to the Transformative Database
under false pretenses by purporting to work for licensed Compulife customers. Defendants
undoubtedly copied some of Compulife’s HTML source code. In the other case,
Compulife alleged that defendants hired a hacker, Natal, to “scrape” data from
its server via programming a bot to send automated requests, creating a partial
copy of the database, in particular all the insurance-quote data for two zip
codes—one in New York and another in Florida, for every possible combination of
demographic data within those two zip codes. The total was more than 43 million
quotes. “The HTML commands used in the scraping attack included variables and
parameters—essentially words (or for that matter any string of characters) used
to designate and store values—from Compulife’s copyrighted HTML code. For example,
the parameter ‘BirthMonth’ in Compulife’s code stores a number between one and
twelve, corresponding to a prospective purchaser’s birth month.)” [That …
really sounds unprotectable by copyright.] Compulife alleged that defendants
used the scraped data to generate quotes, though defendants claimed they didn’t
know the source of the data, which was contested by other evidence.
Copyright
infringement: the defendants had the burden to show that what they took wasn’t
protectable, so the magistrate judge erred. The usual requirement is
substantial similarity “between the allegedly offending program and the
protectable, original elements of the copyrighted works.” The higher standard
of virtual identicality was not the standard here; that standard is limited to “analyzing
claims of compilation copyright infringement of nonliteral elements of a
computer program.” Copying source and object code, “even nonliterally,” is
subject to substantial similarity analysis.
Still, unprotectable
elements have to be filtered out.  But
the magistrate “improperly placed the burden on Compulife to prove, as part of
the filtration analysis, that the elements the defendants copied were
protectable; we hold that he should have required the defendants to prove that
those elements were not protectable.” There’s lots of stuff that’s unprotectable,
including “ideas, processes, facts, public domain information, merger material,
scènes à faire material, and other unprotectable elements.”
The magistrate
wrongly faulted Compulife for having “made no attempt to identify the
protectable elements of the 2010 HTML Source Code.” But, the court of appeals
held, “after an infringement plaintiff has demonstrated that he holds a valid
copyright and that the defendant engaged in factual copying, the defendant
bears the burden of proving—as part of the filtration analysis—that the
elements he copied from a copyrighted work are unprotectable.” Nimmer says so,
and it would be unfair to make the plaintiff prove a negative, since “[p]rotectability
can’t practicably be demonstrated affirmatively but, rather, consists of the
absence of the various species of unprotectability.” [I thought protectability
was a function of creativity, not the absence of unprotectability.] A plaintiff
couldn’t be expected to present the entire public domain to show that her work
was new! Nor could she “reasonably introduce the entire corpus of relevant,
industry-standard techniques” just to prove that none of the material copied was
scènes à faire. Placing the burden on the defendant allows the plaintiff to just
respond. [That seems to conflate the burdens of production and proof.]
Resulting approach:
Once the plaintiff has proven that he has a valid copyright and that
the defendant engaged in factual copying, the defendant may seek to prove that
some or all of the copied material is unprotectable. If the defendant carries
this burden as to any portion of the copied material, that material should be
filtered out of the analysis before comparing the two works. After filtration
is complete, the burden shifts back to the plaintiff to prove substantial
similarity between any remaining (i.e., unfiltered) protectable material and
the allegedly infringing work…. [W]here the defendant’s evidence is
insufficient to prove that a particular element is unprotectable, the court
should simply assume that the element is protectable and include that element
in the final substantial-similarity comparison between the works.
In a footnote, the
court commented that the defendant wouldn’t always need to introduce evidence;
argument alone might suffice. “For example, no evidence would be necessary to
convince a court that alphabetization is an entirely unoriginal method of
arranging data and thus unprotectable as a structural element of a work. But
where evidence is required to determine whether some element is protectable, it
is the defendant who must advance it or risk abandoning the issue.”
In addition (at
least for software?), plaintiffs can concede unprotectability by providing a
list of program features it believes to be protectable, which constitutes an
implicit concession that elements not included on the list are unprotectable. [Perhaps the court is thinking that, for cases of alleged comprehensive nonliteral similarity, the plaintiff will have to provide a list, and the defendant may well be able to say–without providing further evidence–“those are just ideas,” and the defendant will often be right. I still think “the burden is on the defendant” is a real overstatement given the variety of ways infringement claims are stated.]
On reassessment/retrial
(the original magistrate retired), some filtration would be warranted; some
unprotectable elements were so obvious that no proof was necessary, such as the
need to collect a consumer’s state of residence, and alphabetization of the
states/assignment of a corresponding number. “A closer question, however, is
whether Compulife’s inclusion of the District of Columbia in the list of states
and the bifurcation of New York into business and non-business categories are
protectable elements of structure.” [Did the underlying insurance companies
include the District of Columbia or divide NY into business and non-business?
If they do, how could the decision to do so be protectable for Compulife? Also,
as a DC native, this is pure discrimination: why isn’t the choice not to exclude
the tinier Vermont and Wyoming just as choice-y? Does being able to vote for Senators
and Representations make you more entitled to life insurance? Later, the court
of appeals says the NY business/non-business decision was “obsolete” by the
time that defendants copied it, but was it original to Compulife or based on
past insurance company practice? Although based on this description, even if
defendants copied the HTML, did they copy any underlying database structure?]
The court of appeals
vacated & remanded to give the district court a chance to make the missing
findings.
The magistrate also
erred by evaluating “the significance of the defendants’ copying vis-à-vis
their offending work, rather than Compulife’s copyrighted work” in assessing
substantial similarity. After all, “adding new material to copied material
doesn’t negate (or even ameliorate) the copying.” And finally, the magistrate
didn’t provide sufficient factual analysis to allow meaningful appellate review.
This would require the magistrate to indicate unprotectable elements in more
detail; evaluate the importance of copied protectable elements as part of a
substantial-similarity analysis; and identify, at the threshold, which elements
of Compulife’s code the defendants had copied as a factual matter.
The court noted that
the burden was still on Compulife to show either the quantitative or
qualitative substantiality of the copying, but it provided at least some evidence
of both: it provided the texts of both works, which allowed the quantitative significance
to be evaluated, and qualitative significance “is often apparent on the face of
the copied portion of a copyrighted work.” Moreover, a witness “testified that
part of the code copied by the defendants includes variable names and
parameters that must be formatted exactly for the web quoter to communicate
with the Transformative Database at all. At a minimum, this testimony is some
evidence of the qualitative significance of the copied portion of Compulife’s
work.” [Or of merger/functionality, I suppose, though perhaps we’ll learn more
about this after Google v. Oracle.]
Trade secret: that’s
remanded too. Probably the most broadly applicable holding: the public
availability of quotes on Compulife’s consumer-facing site didn’t preclude a
finding that scraping those quotes constituted misappropriation. “[W]hile
manually accessing quotes from Compulife’s database is unlikely ever to
constitute improper means, using a bot to collect an otherwise infeasible
amount of data may well be—in the same way that using aerial photography may be
improper when a secret is exposed to view from above.” However, the court of
appeals said it wasn’t expressing an opinion about whether enough of the database
was taken to amount to acquisition of the trade secret, nor as to whether the
means were improper; it’s just that public availability of quotes didn’t
resolve that question.
False advertising:
affirmed. Compulife didn’t identify any particular statement alleged to
constitute false advertising. Compulife asserted that “[e]nticing … users”
with “quotes for term life insurance where the source of those quotes is
infringing software and stolen trade secrets is … unquestionably unfair
competition and false advertising.” But hosting a website without disclosing
that Compulife was the ultimate source of the quotes, “doesn’t imply the
existence of any advertisement, let alone a false one.”  [Dastar!]
NAAIP may have advertised
that its quote engine was a “key benefit,” but that had no capacity to deceive
and wasn’t material to any purchasing decision. “[M]erely claiming to have a
quote engine is unlikely to mislead anyone into assuming anything about the
ultimate source of the software or the quotes that it generates.… Consumers
have good reason to care about the quality of the quote engine, but not the
identity of its author or the host of the server with which it communicates.”
The Florida Computer
Abuse and Data Recovery Act states: “A person who knowingly and with intent to
cause harm or loss … [o]btains information from a protected computer without
authorization … [or] [c]auses the transmission of a program, code, or command
to a protected computer without authorization … caus[ing] harm or loss … is
liable to … the owner of information stored in the protected computer.” A
“protected computer” is one that “can be accessed only by employing a
technological access barrier.” But Compulife didn’t attempt to argue that the
defendants penetrated a “technological access barrier.”

from Blogger https://ift.tt/2yxSQ1e

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s