Amy Abeloff & Robert B. Milligan
On October 20, 2015, a Ninth Circuit panel consisting of Chief Judge Sidney Thomas and Judges M. Margaret McKeown and Stephen Reinhardt heard oral argument from the U.S. Department of Justice and counsel for David Nosal on Nosal’s criminal conviction arising under the Computer Fraud and Abuse Act (CFAA). In 2013, Nosal was found to have violated the CFAA by allegedly conspiring to obtain access to company information belonging to his former employer, executive search firm Korn Ferry, through the borrowing of another employee’s login password. He was also convicted of trade secret misappropriation under the Economic Espionage Act.
Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.
The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites.
“Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post. The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858.
This lawsuit against Google alleges that Google unfairly benefits from deploying a CAPTCHA process when users sign up for free gmail accounts. Specifically, the complaint alleged that Google unnecessarily included a second image in the CAPTCHA, and it relies on users who sign up to freely transcribe “scanned images of books and newspapers, and also to decipher addresses found in images captured as part of [Google’s] Street View project.” The user is not compensated for having to transcribe the second image, but the complaint alleged that Google profited from its various digitization and transcription initiatives.
There was no dispute that the user signed up and clicked on the “I agree” to the terms of service in the process. The terms of service contain a forum selection clause, requiring disputes to be brought in the Northern District of California.
Plaintiff argued that the terms only applied to the Gmail service and the claims on the other hand arise from the reCAPTCHA service. The court rejects this argument, saying that the terms (and forum selection clause) apply to claims “arising out of or relating to” the services, and this includes the reCAPTCHA process as well.
Last week, the Southern District of New York followed a long line of precedent under New York law and upheld the enforceability of a website clickwrap agreement, granting a website operator’s motion to compel arbitration pursuant to a clause contained in the agreement. (Whitt v. Prosper Funding LLC, 2015 WL 4254062 (S.D.N.Y. July 14, 2015)).
[Ed: it is often important to remember that online ToS relate to, and sometimes control, subsequent off-line behavior–such as jurisdiction for court proceedings–even when the events are neither digital nor online].
Plaintiff Starkey booked a trip online through G Adventures. She alleges a G Adventures employee assaulted her during the trip. She sued G Adventures in the Southern District of New York. That court dismissed her lawsuit based on a forum selection clause requiring any claims to be brought in Ontario, Canada. She appealed, and the Second Circuit affirmed.