Deep Packet Injection = Trademark Infringement

It’s taken me a few days to get to this one, but I read the blog of New York Law School Associate Professor James Grimmelmann where he analyzes the NebuAd controversy. In his analysis, he comes up with a fascinating point that what they are doing may constitute copyright and trademark infringement, in addition to the privacy issues already raised last week.

Quick catch up since I’ve not written about this before: NebuAd makes deals with ISPs to serve ads to users based on the Web pages they visit. They use cookies on the users computer and monitor web-browsing habits using Deep packet inspection. This raises severe privacy concerns because ISPs know every Web site that users visit and all of their search queries. This clickstream data often provides enough information to figure out their identities.

Professor Grimmelman’s raises issues that go way beyond privacy and into the realm of potential lawsuits. Page content is copyrighted and many elements are trademarked. ISPs are shielded from copyright liability by law, but one of the conditions of this immunity is that “the material is transmitted through the system or network without modification of its content.” He even says that advertisers might be liable if they knew (imagine making a buy and not knowing how it’s being served – it’s probably in their sales pitch) what NebuAd was doing for them.

He compares the NebuAd process to serving some other cola to a customer who asks for a “Coke.” He argues that when the NebuAd cookie is injected by your ISP into a page they serve you, that the page is no longer the exact page you asked for. He says ” When your ISP delivers you a page with a NebuAd cookie injected, the statement that this is the page you asked for is false. The ISP is passing off the NebuAd cookie as being from Amazon. It’s not.” This seems like a bit of a stretch to me, but I’m not an intellectual property attorney. He argues that since the cookie is used to sell you goods that it would be close enough to be an issue.

Users can choose to block or allow cookies from specific publishers, but he says that NebuAd’s packet injection “blows away this safeguard. It tricks me into accepting a cookie I wouldn’t have otherwise wanted.” He calls this a “misuse” of the originating site’s trademark.

If NebuAd continues with this business model, there will some interesting cases to watch.

About Brad Waller

Some say Brad created the first affiliate program. We’ll never know for sure, but we do know that Brad has been running businesses online since 1994 and affiliate programs since 1996. When he is not running the affiliate program for EPage Classifieds, helping publishers monetize their sites with AdJungle, or working on iPhone applications, Brad is also busy starting up the Performance Marketing Alliance, a trade association created to represent and build the entire performance based industry.

Social Media:

3 Responses to Deep Packet Injection = Trademark Infringement

  1. Pat Grady says:

    More money grubbing intrusionary tactics from any party that can manage to touch our datastreams.

    The solution to all of this is a long way off, but it IS these events today, that will shape the privacy policies implemented by governments of tomorrow.

    In that regard, I'm happy to see it happening.

    I predict that some foreign company, from a country on everyone's mental suspicions lists, will eventually be the tipping point in all of this. When some rogue nation cuts a deal with an ISP (or creates a BHO, or a PC maker, or…) to do things similar to NebuAd (I don't mean ads, I mean having access to monitor datastream packets and finding clever ways to nearly-invisibly monetize that information), people will finally realize the scope of what has been evolving, and how dangerous it is to the robustness and future growth of our digital economy.

    I also predict there will be a commercial connectivity application in the future, that will randomly segment an individual's packets and somehow distribute their routing and pathways through multiple gateways and ISPs, as preventative medicine for a subscribed consumer's packet privacy.

  2. Private Individual says:

    There are already encryption solutions available to overcome this illicit snooping, but the question is do we really want a closed “dark” Internet, just because of the greed of some Companies.

  3. pup says:

    the AntiPhorm end users activist group have been saying this for a very long time now, in effect, we cant make it any clearer than this… to the average person.

    plain and simple,its “commercial piracy” for profit.

    these ISPs dont own the unique datastream,they dont have a licence from the owner of that data (thats YOU the end user and the website owner), they dont have a licence to make a derivative work from that data, they are infact commercial pirates stealing YOUR unique datastream, and that (to repeat it) is a criminal offence in most developed countrys, plain and simple.

    any executive person (not just the company that employs him/her) that authorises or rubber stamps such unlawful wiretapping is infact liable to criminal (not mearly civil) Prosecution that carrys real jail time and fines in bothe the UK, the EU and the US at least, thats something very serious to let your executive board know and readally understand you might think…!