I am not a lawyer, but I've received several C&Ds for various things over the decades. The first one scared me to death. The second and subsequent ones did not, because I understood what they were: just the company saying "I don't like what you're doing".
When I receive a C&D, the first thing I do is talk to my attorney and go over what the C&D is complaining about. If I think I'm doing something that could be legally risky (which does not automatically mean doing something actually wrong), then I change that. Otherwise, my attorney acknowledges that the C&D was received and I ignore it. If they really have a serious beef with what I'm doing, they need to actually sue me. I have yet to be sued.
Before we sold our fintech SaaS startup in 2015, we received a C&D from Dealogic and I thought, wow, we've made it into the big leagues! My adrenaline wore off pretty quickly though, because after our attorney sent them a defiant letter warning their London law firm to not mess with a Texas LLC, we never heard from them again. We were flying below the radar, so we just surmised some Dealogic customer had showed a Dealogic sales rep our product, and they probably carpet bomb anytime they see anyone playing anywhere near their entrenched & wildly expensive product.
At the risk of sounding very dumb — what were you able to determine from that? I have no idea what it means, almost sounds like the mafia
Edit: their about page sounds even more mafia-esque.
“Dealogic connects banks and investors in the only truly global network… Firms who use Dealogic see results in increased profitability and productivity… Whether you want to analyze wallet share, execute a deal, align operating units, manage risk, or comply with regulation, there is only one answer.”
I interpret this as: a company that is successful not because it provides a service that is useful or good, but one that other companies - in this case "financial firms" - are FORCED to buy, usually through compliance or regulatory means.
Think of it like an auto insurance company advertising themselves as "your trusted partner on the roads." Yeah I guess, but it's still meaningless.
I'm not as familiar with the compliance part of their solution, so there could be some of what you're talking about. I don't think their software is totally useless, just possibly, um, over-priced, and needing competitors. :)
Our lightweight SaaS was focused on analytics related to share of wallet and return on capital and improving insights into client relationships. With our tool, an investment banker could perform some tasks in seconds or minutes that normally an MD expected a junior analyst to do in hours or days. Not rocket science, but useful. And not as expensive as Dealogic. I wish I could say our creation was taking the world by storm, but we haven't been involved for many years and as so often happens with acquisitions, they didn't really execute well on our original target audience and took it in another direction.
It's sounds like the EPIC pitch in the EHR sector.
EPIC - because everyone else is using it, and boy it sure is hard for our large company to share data with a competitor's product, be a shame if a patient suffered because of it.
The shortest, and wildly simplified answer based on my few years of using it, is that Dealogic is basically a humungous database of financial information, often unavailable anywhere else. It's also complex as hell and even pricier, and has an interface reminiscing of the best Win 3.11 times. Cool stuff, from industry user perspective.
Over the years, I've collected quite a few C&Ds from various projects:
- Google for creating a mention tracker I was distributing as a mac dashboard widget
- Netflix for creating a DVD barcode to Netflix queue ios app (they were trying to to antagonize their retail partners too much at the time apparently)
- Microsoft for abusing some of their early text to speech DLL's for a really crappy RSS to Audio "podcast" app (they were meant for server side telephony apps)
- LinkedIn + Salesforce for linking their data with a Chrome extension
- Hubspot for mentioning their Inbound conference and saying that my software worked with theirs
Thinking back now these are all quite old, I don't know if the companies have become more lenient or I've become more cautious.
Yes. Most of the C&Ds I've received have been mundane. My favorite one was over a set of game rules that I wrote that were very vaguely similar to a board game that was on the market.
That one was so ridiculous that I didn't consult my attorney at all about it. I just told the company to sue me. I never heard from them again.
Yeah, we received one about having t-shirts that said "network ninja" for instance. We held a small party that afternoon celebrating that someone actually noticed our marketing.
Multiple C&D recipient here as well which upon receiving the first, as some commenters have shared, I too may have needed an underwear change while reading the legal verbiage. However as with many things in life though once you get through the initial experience the latter experiences only get easier. My personal take is I must be doing something of value if other’s lawyers are writing me threatening letters. IANAL so YMMV
It's weird to me that big tech hasn't thought about offering a financial reward with C&D's.
"We will pay you $10000 if you C&D" seems like pennies to them, much less than the cost of legal fees, a nice amount of cash for a personal project that hasn't monetized yet.
Or a job
"We will give you a job offer to work on X if you C&D your own work on X"
also seems like a great strategy. If someone has already demonstrated enough talent to be a threat to your company, it seems like it would make full sense to try to hire them.
> Or a job. "We will give you a job offer to work on X if you C&D your own work on X
I'm honestly surprised this doesn't happen more in the gaming industry with companies buying big name mods and hiring the mod writers.
I know a lot of mod writers would probably be opposed because they actually just want to make free stuff, but some would probably launch careers off of it.
Yeah, there are examples of it happening here and there. That's part of why I'm surprised it doesn't happen more. It seems like an easy avenue to hire talented and passionate people who want to work on your thing.
At the risk of violating some rules/conventions here about generated content, I put the question to GPT4 and got some rather reasonable answers. It's enough to convince me not to do what you suggested.
----
Offering payment to an individual or entity to cease an activity they should not be engaging in can introduce several disadvantages and potential legal complexities compared to a standard cease and desist letter. Here are some considerations:
- Precedent for Payment: Offering payment for the cessation of an infringing activity could set an unwanted precedent. It suggests that compliance with the law is negotiable and can be bought, potentially encouraging the same or other parties to infringe in the future with the expectation of receiving payment to stop.
- Admission of Weakness: Offering money might be interpreted as a sign that you are not confident in the legal strength of your claim. This could embolden the infringer or weaken your position in any subsequent legal proceedings.
- Contractual Obligation: If the other party accepts the offer, it creates a contractual agreement. If the infringer accepts the payment but continues the activity, or if there's a disagreement over whether the activity has ceased, you may have to engage in contract enforcement rather than straightforward infringement litigation, which could complicate matters.
- Tax and Financial Implications: The payment could have tax implications for both parties and might also affect the financial statements of a company if either party is a business.
- Mitigation of Harm: Paying the infringer doesn't address any harm that has already occurred. A cease and desist letter often includes demands for remedies or damages for past infringement, which would not typically be covered by a simple payment to stop the activity.
- Negotiation Power: Once you've put a monetary offer on the table, it can be difficult to withdraw or reduce that offer without weakening your negotiating position.
- Legal Interpretation: The offer of payment might be interpreted by the court as an acknowledgment that the infringed party is aware that their rights are not clear-cut or may even lack merit, thereby potentially undermining the legal basis for their claim.
- Public Perception: If the offer and its acceptance become public, it might be seen as a company or individual buying their way out of a legal dispute, which could affect public perception or brand reputation.
- Binding Effect: If the offer is accepted, the agreement may prevent you from pursuing legal action for any past infringement, depending on the terms of the agreement.
Good job and totally worth the fee. I'm not even kidding: with minimal effort you now have some things to consider and after that some now reasonably intelligent questions to bring to a real lawyer. You are much further ahead.
> I am not a lawyer, but I've received several C&Ds for various things over the decades. The first one scared me to death.
The first time I got a letter for a trademark issue it seemed completely hostile and threatening. My lawyer said, basically, that it was no big deal and that they were in fact being pretty nice. We answered back and everything was resolved amicably. It actually turned out well because it made me realize we had not been paying enough attention and were unthinkingly referencing other brands instead of our own.
I'm going to avoid the snarky "hire an attorney" answer but once you get past that necessary first step I do have a few tips:
* get comfortable reading legal documents, this will allow you to have more
intelligent conversations with your attorney
* don't let your attorney make your business decisions, one of their jobs is to
point out risks, one of your jobs (owner/ceo/leadership) is to figure out how
to mitigate risk but that is not the same thing as avoiding all risks
* learn to draft legalese, it will help minimize your attorney's billable hours
Okay, since you failed to avoid the snarky "hire an attorney" thing, I'm going to ask: how much would it reasonably cost to hire an attorney for advice on this? Assuming the contacting lawyer is on shaky ground. No "it depends" please, a ballpark.
Maybe it's cheaper to have one on retainer. How much per month, if like a normal citizen your only daily legal risks are random megacorporations threatening you?
Should everyone in the US have a lawyer on call? Should we consider it a normal tax for being a member of the US legal system? An insurance everyone signs up for like drivers insurance and life insurance? Is this only a concern for software developers?
My attorney charges me about $200/hr. Most things I talk to him about require less than an hour of billable time.
Also, I've been working with him for so long (including on a few nontrivial things like selling companies) that he often doesn't charge me at all for trivial things.
I think in most Western countries, "low triple digits" is a good ballpark estimate for "advice" - i.e. a "holy shit this is like a month's worth of living cost" amount if you're a poor student, or completely negligible if you work in a highly paying job.
You might even get an initial consult for free. You may also be entitled to a free consultation via an insurance, including collective insurances or assistance programs offered through your employer or associations that you're a member of.
> Should everyone in the US have a lawyer on call?
I had a coworker at a previous job who often talked about "her family's attorney." I'm like, families have attorneys? I don't think I've talked to a lawyer once in my life.
I always feel like there's a whole rule-book of "how to Do Life" that I didn't get, for this easing-into-the-upper-middle-class and/or doing-serious-business-stuff shit, that other people just know, because of who their families are and who they grew up hanging out with.
I gather the version of that I did get was the middle-class version—which some others didn't get and have a similar "wait, that's just normal?" reaction as I do to the upper-middle stuff. Like 90% of that's basically credit-related—how credit cards work and how to use them, how to build credit, how to buy a house (generally with a mortgage, so, still basically a credit-related thing), that kind of stuff.
I've noticed similar things when it comes to paying others to do stuff for me. Having a house cleaner come in for the first time was fucking weird. Still is, really. I can't relax, feel like I ought to be helping. Or paying someone to do work on my house that I could do—tiling, drywalling, some light electrical, plumbing, most general home-improvement stuff. It feels gross—I don't think it does for those who grew up with that stuff being normal. I suspect it's a barrier to advancing in business, because those attitudes carry over. Delegation is weird to me. Being someone's boss is horribly uncomfortable. The notion of starting a business and hiring employees to take over stuff I've been doing feels icky and wrong, and no amount of one part of my brain telling another part to knock it off makes that go away.
> Having a house cleaner come in for the first time was fucking weird. Still is, really. I can't relax, feel like I ought to be helping.
A long time ago, I had a house cleaner come in once per week to do deep cleaning stuff. It was quite a luxury! However, I always spent a couple of hours cleaning the house in preparation for their arrival.
What I've noticed is a shift with age and wealth. When I was young and poor, I had time and energy in abundance and never hired people to do anything for me (excepting for specialized things like medical care). Now that I'm old and more comfortable, I don't have any issue hiring people to do things I can technically do myself.
I look at it this way: whether you hire someone or DIY it, you're paying something to get it done. If not money, then time and effort. I just pay in the manner that, big picture, costs me the least. When young and poor, my time and effort was worth less than actual money. Now, money is often worth less than my time and effort.
Is it worth paying $50 to have the neighborhood kid mow my lawn for me? Younger me would say absolutely not. Current me says absolutely.
Yep I'm with you, I am absolutely loathe to hire anyone to do something I could do myself. I've done major home repairs, painting, flooring, kitchen and bath remodels, I do almost all my own auto repairs and maintenance, I do my own laundry, I clean my own house, I cut my own grass. I have neighbors who just pay for someone to do all that without a second thought.
There are certain tasks that you would never do yourself, such as surgery. And there are certain tasks like changing your oil where anyone with patience and diligence can do it themselves. It's just a question of whether you want to spend the time to learn it and do it.
Responding to a C&D letter from a Fortune 50 company, I would posit, is more like performing surgery than changing your oil. The cost of being wrong is rather high.
The weird bit is when doing it yourself turns out to be more of a hassle and more expensive than paying someone else to do it. Around 15 years ago I decided to learn how to change my own oil. Even after excluding the fixed costs (I bought little ramp things to drive the front of the car up on while I worked underneath, and a container to drain the old oil into), I was surprised at the per-change costs: the cost of the oil itself (and the new filter), as well as the cost to properly dispose of the old oil. Ended up being more expensive than just taking the car to Jiffy Lube and leaving it with them for an hour or so.
That was the first and last time I ever changed my own oil.
I've had shops do all of the following (not at the same time but each has happened before I stopped letting them change my oil):
- fill with the wrong weight oil
- not change the filter
- not tighten the new filter adequately, resulting in leaks
- install a very low quality "no-name" filter
- overfill the oil
- overtighten/strip threads on the drain plug.
- leave tools under the hood.
And that's just oil changes, one of the simplest things a shop can do. Maybe it's because they put their least skilled people on it, but it doesn't incline me to trust them for anything else.
Feel ya. Disposal is a pain, and if you mess up, it's a trip to home Depot to get some chemicals to clean your asphalt. That was fun when my apartment had me parking in a shared garage...
Oil is simple and easy enough that I just get it changed with my inspections. There are things that, even if you're competent enough to monitor and do yourself, is still better getting a second pair of eyes on. That said I wouldn't do jiffy lube or other stop and go oil shops... Too many noobs there where the chance of them effing it up is higher than myself. I once had a tire buldge when I was younger and broke AF, they replaced the wrong tire and I had to drive back to convince them they changed the wrong one (big old bubble in the sidewall), took a bit to convince them they changed the wrong one since they refused to admit fault. Thank God I took a picture before that was clear enough to place the bulb right on the text in the exact same spot.
I'm having similar concerns around my diy for some electrical and gas work. Yeah technically I can do it myself to code, but I'd rather inspect someone else's work and not deal with the liability of fucking it up myself. Just because I can do it doesn't mean I can do it to the level of a quality professional, and I'm now wealthy enough to actually get the pros and not just the journeymen. There's something about paying for quality work that just feels good. So long as you can respect the labor, it feels great and not so weird to hire others.
That said, I've had a few coding projects I've subcontracted in my home due to lack of time to those on roughly equal grounds as myself. It feels a bit weird, especially for tasks with unknown bounds but worth it for the time and schedule savings. I'd rather not wait another 6 months and spend my personal time when I have a laid off friend who just wants some bar cash.
Though I've generally been disappointed with the legal services I've hired. Law and medicine seems like most professions, there are some really good practitioners and a lot who are mediocre but have passed the minimum required qualifications, and it's hard for an outsider to immediately spot the difference.
Speaking of surgery, here's an analogy that might be helpful.
Five years ago I had a catastrophic ankle injury I suffered while running in Moab. Two broken bones, lots of torn ligaments, and otherwise irreparable damage without serious surgery.
I interviewed a whole bunch of surgeons before I decided where to go under the knife. And I don't remember where I got the advice, but someone told me the most important question to ask is: "How many times have you performed this specific surgery (a Maisonneuve fracture repair)?"
I eventually found the Steadman clinic and a doctor who had already performed the exact surgery I needed nearly 100 times. Everyone else's answer was less than 5. Some even answered 0. The surgical clinic I used had signed pictures of professional athletes all over the wall. I found the true specialist, and I'm very thankful that I did.
Even bad lawyers and surgeons are expensive. When you have a bet-the-business legal issue, do plenty of advanced interviewing to make sure that the one you hire has plenty of experience with the exact issue you need help with. If it's not obvious that you've found the right person, keep looking.
> Law and medicine seems like most professions, there are some really good practitioners and a lot who are mediocre
This is accurate, in my experience. It's what makes initially finding a lawyer (or doctor, or therapist, or auto mechanic, or etc.) a painful experience. You have to expect to go through a few before you find one that works for you.
Then, when you find one, treasure them for the pearls that they are.
I would guess later in life when your insurance agent or tax prep person find out you didn't fill out a will yet and introduces you or encourages you to have an attorney write one with you. Now your family has an attorney! That or going through a family estate.
A coworker's wife's friend is an attorney. So he's "his family's attorney" now, because of course he is. My landlord is a dentist, so he's my dentist now, because of course he is... That's how it mostly works... I guess :P
The only time I've ever needed a lawyer was for a small side business I had at the time. One of our customers had an unpaid invoice that was past 90 days, and they were not responding to phone calls. Happily, my business partner's brother was a lawyer and she asked him to send out a dunning letter. We had the money within days :-)
Yea, they're a useful bunch, especially if you know one. Back when I worked for an e-commerce site, we were deciding if we're gonna implement package splitting CoD (cash on delivery) for multi-package orders, or if we're gonna just slap the entire sum on the first package (this seems like an easy enough job, but when you have many shipping service APIs you have to work with and you have automated CoD back-reporting that goes into your invoicing, it becomes annoying). We did the easier thing and just sent a pre-drafted dunning letter to people who took the CoD-less packages for free and did not pay for the first one with CoD. Worked like a charm.
Honestly, I think that about 1/3 of the value I get from my lawyer is the power of his letterhead.
The rest is explaining contracts to me, explaining risks and exposures of things I'm planning to do or that have been done to me, educating me about aspects of law I need to know on a daily basis, and such.
A tiny percentage is helping with large things like selling my business, negotiating major contracts, defending me against legal attacks, and that sort of thing.
Depending on whose advice you value, Deviant Ollam has a video on YouTube entitled "Lawyer, Passport, Locksmith, Gun"[1] where he makes the argument that yeah, you probably should have a lawyer as part of a broader personal risk-reduction strategy.
(I understand folk might take particular issue with that last as part of "risk reduction", but I hope that doesn't detract from the earlier parts of the strategy)
if your risk reduction strategy entails a gun and a passport, you probabably don't need a lawyer who will tell you not to use either to deal with your legal risks.
Q: is the locksmith for you getting into other people's stuff, or keeping people out of your stuff? Wondering if we're going for a trifecta here.
The entire theme of the video is that normal people can find themselves in relatively normal, foreseeable situations where you really need one (or more) of these things right now, and trying to access them in an emergency without prior planning/prep is less likely to be successful.
Most smaller firms will require a retainer. $5k is fairly common. I've been able to work with several large firms for work, and several smaller firms for personal stuff.
Personally, I much prefer the larger firms. In general their work product, responsiveness, and timeliness is well ahead of small firms. They aren't even that much more expensive for some things. Unfortunately I don't know what the retainer $$ would be, if any, for a larger firm.
> bootstrapped startups from underprivileged people.
i dont think startups should be paying a retainer. You do this only after it's worth the money - ala, you either know your domain is a gray area and is definitely going to require a lawyer.
This has nothing to do with underprivileged people or not.
This might depend on where you are. In my area, it's unusual to have to provide a retainer at all unless you're doing something big or the lawyer suspects you might have trouble paying your bill later.
The reason why "it depends" is so often the answer is because legal questions are very situational and fact-specific. You'd need to consult with a lawyer on your specific situation to get an answer.
But, generally speaking, a quick consult and having a lawyer write a response letter is a few hundred dollars. Let's ballpark it as $300-1000, depending on the nature of the case. Now, that's assuming that the company that sent you the C&D doesn't sue you. If they sue you and you go to court, the lawyer fees go up quite a bit and become pretty much impossible to ballpark (though I'm sure someone has tried).
Having a lawyer on retainer isn't really necessary. It might be something you do if you're a business that doesn't have a lawyer on staff, but you want access to a lawyer's time when you need it. For most regular folks, I can't imagine setting up a retainer until you need to engage a lawyer for a case and want to guarantee their time.
I often need legal support for things (CFAA threat every few years and litigation for FOIA work), and this list matches my experiences. A lot of the work is just building a relationship with an attorney or firm you can trust.
As the (non lawyer) who fell into managing all US legal firm interactions for my day job, I support this list.
If you are comfortable with legal documents; have a law dictionary to understand what specific language means; and read historical case law on the topic in question, you will be well prepared to have a seat at the table with your attorneys.
> read historical case law on the topic in question
Is this even at all accessible to anyone who isn't already in a major law firm? I'm assuming it requires some sort of thousand-dollar subscription to an exploitative publishing house?
I feel in particular your second point is similar to a security officer. Their job is to identify risk and propose the safest approach. But in extreme, the safest approach is to shutdown and do nothing - the only truly unbreakable system.
For any functioning system, ultimately a business owner will need to decide (formally and explicitly, or informally and implicitly) what risk they're willing to accept to proceed.
What you're saying I think is that you should be informed enough to have an intelligent conversation with your attorney, and be able to make decisions on what risk they point out you're willing to take, and/or how you can mitigate it without just avoiding/shutting down?
> * get comfortable reading legal documents, this will allow you to have more
intelligent conversations with your attorney
Another tip. Hire an attorney who will teach you how to do this effectively. A simple rule of thumb is to consult with an attorney when you don't understand something. A good attorney will walk you through the issue, explain the possible ramifications, and (most importantly!) show you the standard response(s). Next time you can do it yourself. Also, you'll ask more focused questions the next time a novel issue pops up on that topic. That also saves money.
In summary, think of your attorney as a mentor not a robot to provide legal advice.
I appreciate that. As someone with a hobby making software, I can see the need for hiring at some point but I don't even know where to start. Do you just look up one online and call and say "I got a nasty letter, will you be my attorney"? Is there some kind of ongoing subscription cost to keep being "my attorney" or just pay per hour when you have an issue?
I’d start by asking people around you if they know an attorney. Recommendations from people you know will almost always be more valuable than a Google search.
If you don’t know anyone that would be in the area of law that you’re looking for, ask for _any_ attorney recommendations, then ask those attorneys for recommendations for people in the area of law you need.
If you absolutely cannot find a lawyer through people you know (and, really, try asking people), then you can look up a lawyer referral service for your state. Most state or county bars will have some program for making referrals to lawyers. Often these will have a low-ish flat fee, which will get your a short initial consultation with a few lawyers in the relevant area of law.
For billing, it’s something to ask your lawyer, thought most lawyers will have some kind of billing program where you pay hourly for what you use, and don’t need to pay some ongoing fee just to have the lawyer as “your lawyer”. Small business that only need a lawyer for a few hours a couple times a year aren’t uncommon clients for business lawyers.
The problem with this advice is that this is a very niche area of law. Unless the people you know have had prior experiences with data-access/web-scraping legal issues, a generalist recommendation is very unlikely to be helpful here.
> If you don’t know anyone that would be in the area of law that you’re looking for, ask for _any_ attorney recommendations, then ask those attorneys for recommendations for people in the area of law you need.
Attorneys know attorneys. I’d still recommend starting with your network, then asking those attorneys who they would recommend for the services you need. Or ask them if they know anyone that might be able to refer you.
There are probably two dozen specialists on this issue nationwide. A properly targeted Google search will outperform your personal network of attorneys (and their network of attorneys) 99.9% of the time.
Your assertion is that there are <= 24 lawyers, in the entire United States, that are qualified to handle a hobbyist software developer receiving a C&D?
I’m sorry, that just doesn’t sound at all credible to me.
It almost cannot be accurate by definition. There is no legal service that a hobbyist could _ever_ afford if there are <= 24 qualified specialists in the United States.
> I can see the need for hiring at some point but I don't even know where to start.
I have advice for this. Most attorneys, at least in my area, will sit down and talk with you at no charge. My advice is to take advantage of this before you have an actual issue that needs attention and talk with a few of them. Investigate them, talk to their clients if you can, ask about them with professional organizations, etc.
And then just use them for routine stuff every so often. Run contracts by them before you sign, etc. The idea is that you want to develop a relationship with them so that you and they know each other. Then, if something comes up where you really need an attorney, yours is already very familiar with you and what you're doing.
> Is there some kind of ongoing subscription cost to keep being "my attorney" or just pay per hour when you have an issue?
There is a concept of keeping an attorney "on retainer" -- which basically means prepaying for legal services. At a small scale, this isn't worth doing. Treat your attorney like your auto mechanic: keep a relationship going, go to them for your oil changes and other routine stuff, and pay by the hour. Then when you need important work done, they're primed and ready.
Getting connected to an attorney by someone you trust is the best path. Just picking one after googling is dangerous.
Expect to pay more than you expect to pay.
ETA: America is a "pay to play" country, and those payments are mediated by lawyers. What I mean is: enforcement of laws mostly happens via suing people, and you need to be able to pay an attorney to win that suit.
For small, transactional dealings where the amount of work is easy to predict, there may just be a fixed fee for that.
For more open-ended work, it is often billed by the hour (time and expense). If the work is non-trivial, they may ask for a retainer, which is a down payment against future hourly work and expenses incurred by the firm.
Another common billing model, called contingency, is generally reserved for cases where the firm is optimistic they will be able to receive a significant monetary judgment or settlement, which they will take part of for their time and effort.
> don't let your attorney make your business decisions, one of their jobs is to point out risks, one of your jobs (owner/ceo/leadership) is to figure out how to mitigate risk but that is not the same thing as avoiding all risks
Man I wish the leadership team at the last startup I did understood that. They were too chickenshit to do anything their lawyer cautioned them against, and as a result we took no risks and got nowhere.
My main piece of advice is to get an attorney, preferably one who has experience in your industry.
They know more about how this stuff really works than you or I ever will, and you won't be able to judge what risk you're really taking without that knowledge.
But, if I were operating "without a net" like that (which I would never do!), and I really felt that the C&D was about something I wasn't doing wrong, I'd be inclined to ignore it. There's chance that you'll end up being sued, though, so you should be prepared for that possibility. That means you'll need an attorney anyway, and it will cost more than consulting one about a C&D to begin with.
> They know more about how this stuff really works
That's really the key. I used to work for a very small company that happened to have an attorney as one of the owners (there were a lot of cooks in that particular kitchen!). One day he came to me with a letter from a large RAM manufacturer demanding payment for a license on some technology I don't even remember. His only question was "do we use anything they make as far as you know?"
"Nope."
"OK. It's just a fishing expedition." Balls up the letter, throws in the trash and walks away.
You are entitled to sue to get a court to state that you have the legal right to do something. Probably overkill, but I bet it would get a surprised pikachu face from the C&D sending company.
Now whether it's a good idea to sue without an attorney, I have no idea. I genuinely don't.
The premise of this article is that you somehow have to respond to it which is nuts. If the letter is ridiculous (e.g. citing terms of service you did not sign) then you're better off to ignore it and not waste money on legal fees. Also everyone who suggests getting a lawyer has probably not had to hire one in the past. With very few exceptions they will tell you it "depends" and maybe give you a few legal terms you can google. If you are lucky a good lawyer will give you their opinion on the merits of the letter but many will be so guarded it's not useful.
A C&D costs the sender almost nothing and is not the same as actually being sued. Very rarely are they serious enough to actually file something. If that does happen you should get a lawyer at that point, but doing it before is just a waste of money.
If you have not received a C&D before then the reason to consult with an attorney is to evaluate the risk. A lot of legal trouble arises from assuming you understand something when you actually don't. (Ask me how I know.)
> If you have not received a C&D before then the reason to consult with an attorney is to evaluate the risk.
The poster you are responding to just explained that most lawyers are too guarded to offer a useful evaluation of the risk, thus rendering their advice useless or low value.
You can do it. The basic problem is that you are hiring somebody to do something you don't know how to do yourself. Here's my approach for lawyers or tax accountants, another gloriously arcane field.
1. Get recommendations from people you trust. Talk to at least three people.
2. Pose your problem and ask them what they recommend doing. Do they listen carefully? Have they dealt with similar problems before? Do they present options in clearly understandable language that allow you to make choices? Do they respond to your questions and concerns?
3. Check their rates and ask for an upfront estimate of the hours to solve your problem. Get the best person you can afford. (Think about how much it's worth to you.)
4. Check references.
5. Switch if things don't work out.
#2 is a big deal. Don't be intimidated. This person is your interpreter of the law. If they can't explain it clearly that's their problem, not yours. Keep looking until you find the right person.
Ok, so you get a lawyer, ask their advice, realize it's worthless, and then you... don't pay the lawyer's bill? So now you have 2 legal issues, and no lawyer. Sounds like a worse position than what we started off with.
Signed a legal document in support of an open source initiative against patents that had a section that was confusing and hard to understand. I remember thinking it was probably no big deal and anyway the document was for a good cause.
A couple years later that section had legal consequences almost derailed a major transaction involving our company. We could have avoided the whole thing by checking with our lawyer first. Moral of the story: never sign any legal document you don't understand.
Not responding is also an action. Just assuming it's safe to ignore a C&D without understanding possible risks would not be my first choice. For instance it would be helpful to know if you need to seek out additional legal counsel which is potentially time-consuming and expensive.
Not sure we read the same article. The first point under "Decide how to respond" is "1. Ignore" (although it suggests this is risky if ignore includes continuing what lead to the C&D)
Used to periodically get a c&d email from FB lawyers for some harmless software I published. Always completely ignored it, not even responding to acknowledge receipt. It eventually stopped. I figure they gave up and focused their efforts on targets who showed they would be responsive to threats. It was 100% bullying.
Even acknowledging receipt gives them a lot of power.
Remember that they probably have a list of hundreds or thousands of C&D's to send, and if you don't respond they would probably need to file a john doe lawsuit to get your identity from your ISP, and it's unlikely that all that effort is worth it to them.
It would be funny if legal teams at huge companies have OKRs and evaluations. “You hit your target of 250 C&Ds this quarter great work”. Justifying your paycheck is scarier when thinking about the legal dept.
Do you know they don't? Otherwise I would assume they have dumb incentives like that. In my previous company the legal team measured the number of "takedowns" of countefeit merch etc. as a key number. I assume this helped to hurt their effort to prevent counterfeit in the first place.
Legal absolutely has OKRs.... usually around management of a hypothetical legal liability and how much they reduced it by when it came to actual payouts or vice versa
It is worth pointing out that FB has a long history of litigating this issue, from Power Ventures, to BrandTotal, to Octoparse, to Voyager Labs and more. And they have about 80-90% track record of success. Obviously, they send C&Ds more often than they file litigation. But to act as if this is a completely idle threat is naive.
As an attorney who has experience responding to Meta’s “anti-scraping team,” I think there might be more opportunities for amicable resolutions than you might expect (depending on the specifics of what you’re doing, of course). Meta is not oblivious to the fact that they’re under significant social and regulatory scrutiny. They sometimes play nice if you’re willing to accommodate certain considerations.
Either way, my recommendation would be to find an attorney with industry-specific expertise to address the norms of your industry. C&Ds range from idle shake downs to definite pre-cursors to litigation. Without industry-specific knowledge, it’s hard to know which is which.
Is there existing case law around browser extensions that only alter the presentation of a web page on the client machine? You know, things like adblockers or extensions that alter a specific site?
Would you be willing to share some stories regarding particularly FB reacting to someone scraping their data? Are they very stingy? Would they bother with someone non-US based?
I can't share client-specific stories because that's protected by AC privilege. But I think the recipients of these letters sometimes have more potential to negotiate than they realize.
Given the acknowledgement that cease-and-desist letters from Big Tech may be for the purpose of bullying, false, and fully unenforceable, I'm disappointed that the possibility of referring the sender to 'Arkell v. Pressdram' [0] didn't even get mentioned.
Love it - will add a section with more innovative approaches like this
e.g. was just chatting with a fellow cease-and-desist receiver, Mohammed Shah, who finds comfort in using a different misspelling for the name of the lawyer harassing him, every time he replies
Private Eye also does this, and not only in legal correspondence.
> The magazine often deliberately misspells the names of certain organisations, such as "Crapita" for the outsourcing company Capita, "Carter-Fuck" for the law firm Carter-Ruck, and "The Grauniad" for The Guardian (the latter a reference to the newspaper's frequent typos in its days as The Manchester Guardian). Certain individuals may be referred to by another name, for example, Piers Morgan as "Piers Moron", Richard Branson as "Beardie", Rupert Murdoch as the "Dirty Digger", and Queen Elizabeth II and King Charles III as "Brenda" and "Brian", respectively.[0]
Very good post, also kind of depressing how big companies can easily squash the little guys
> It doesn’t matter if you’re right. It matters if you have money, time, and willpower to go to court
There are some exceptions to this, but for probably 99% of cases, this is true
I’ve personally been on the receiving end of a litigious situation, facing a very wealthy individual. It did not go well for me, and had to swallow my pride/ego. This last bit might be the hardest thing to do
It is one thing to rationally know that the world is not fair. But when it happens to you, oh man, it’s not easy at all to take it
This is why shady tow companies persist. They have more resources than their victims, so it's low risk to behave in super shady ways. i.e. towing cars which they can't legally be towing. Happens all the time.
Interesting topic and article. I agree with the author, that it's useful to read this information and keep it in the back of your head in case you ever need it, before you actually find yourself in a stressful situation like this.
But one thing I don't understand every time there's a C&D story is why leave a paper trail to send the C&D to in the first place if doing something in a gray area? If I was creating some piece of software that is designed to give the middle finger to the man or facebook or whoever and/or benefit the public, I would just release the source anonymously on some random forum and it can't be stopped. Why create an official github repo with your real email and everything just to take credit?
To clarify, I mean cases like youtube vanced or the recent valve/nintendo portal mod issue, where its obvious some company might not like it, but I don't see why the projects couldn't have continued anyway if the authors didn't expose themselves to litigation. Or am I being naive about this?
Just to verify, I just made a Github account using a throwaway email I got by googling "10 minute email". So making a Github account without a paper trail is trivial.
I got multiple C&Ds for publishing public information, provided directly from the US government as giant CSV files (PPP loan data, provided under FOIA), through a web interface that made it easy to search loan recipients and analyze distribution of COVID relief funds.
Many of the C&Ds came from people who were later indicted for defrauding the government, some of them in hilariously inept ways.
Absolutely - I created the website pppwatch.com, which currently has searchable aggregates of the data from the official SBA data source [1]. The individual loan search is down right now, not because of any C&D letters, but simply to save some money on the search cluster while I have been revamping the site in my free time with some new analysis.
Thanks, that led me on a disturbing deep dive... It's super frustrating to know that so many people (even in my city) were handed hundreds of thousands, no questions asked.
Honestly I wish I had used the LLC that I actually own to do the same thing. When the system is designed to promote cheating...
It's sad that most people are less "legally literate" than they are "scientifically literate", when the former affects them more often throughout life. Schools should teach kids how to not get screwed over with the law. Tenants' rights in particular is very important and almost nobody I know understands them, or how brazenly landlords/management companies will rip you off if you let them.
Most people I see talking about their legal literacy are best described as cocky and dangerous to themselves and others they give advice to. The same behavior shows up with medical literacy.
> Most people I see talking about their legal literacy are best described as cocky and dangerous to themselves and others they give advice to.
100%.
I have a side hustle doing etching, engraving, and CNC-type things. The forums and groups for this kind of things are teeming with people who not just believe, but tell others, that copyright and trademark either don't apply to them for $reasons or doesn't even exist for things they found for "free" on the internet.
Those people exist at least partly because they haven't received education to the contrary. There will always be cocky, ignorant, wrong people in the world. But they certainly won't get any smarter if we don't teach them.
That reminds me of people who post blatantly-copyright-infringing videos on YouTube, but put in the description "no copyright intended" (whatever that means) as some sort of defense.
Yes and no. I think it's important to make everyone aware of their basic rights, but also make it known that they are NOT legal experts by any means, and that it's a extremely complicated field.
There's a reason why it takes several years of education and testing to become an attorney.
> *Apparently there are some legal systems, particularly in Europe, where the costs of taking Big Tech to court are lower. You’d have to ask your lawyer about that. The time and willpower aspects may be similar though.
I’m not a lawyer, let alone a European lawyer, but I’ve heard that the drain-their-bankroll-with-spurious-motions technique that’s beloved by shithead corporations and their attorneys when they have no case isn’t practicable in most European jurisdictions. This is because even at the motion filing level, loser pays. So drowning you in garbage motions just gives your lawyer an easy payday.
In general, not without a major change in the US attitude toward how businesses should be regulated and how individual rights protected to be more like Europe. I'll elaborate in a bit.
In specific areas of law the prevailing party can win attorney fees, but offhand I can't recall any areas where it is mandatory. It's up to the court to decide. Whether that is easy or hard depends on the area of law.
For example in patent law the statue says attorney fees can be awarded in exceptional cases, whereas in copyright law the statute just says it is at the discretion of the court.
The problem with making loser pays apply in general in US civil suits is that the US often relies on civil suits brought by individuals to enforce rights and regulations that in Europe would be enforced by a government agency.
Loser pays could discourage individuals from bringing such suits against larger more wealthy entities because a case is almost never completely open and shut.
Loser pays has a different trade off. If you have a case which is close on the merits (where you may well win but it isn’t certain) you may want to concede early because you are risk averse about paying BigCo’s legal fees. It isn’t a free lunch. It just shifts the pain points to a different class of cases.
There are sound reasons why this can't be the case, but it sure would be nice if anti-SLAPP laws[1] were also able to cover these kinds of petty intimidation maneuvers by huge corporations.
(It would probably be impossible to weave a statute that prevents this kind of bullying while also enabling legitimate uses of C&D letters. So this is entirely fantasy.)
There are plenty of laws that only apply to companies over a certain size. Maybe force publicly-traded companies to publish a list of all C&Ds they have sent. Make it transparent who are the biggest bullies. A lack of imagination is no excuse here.
I once received a cease-and-desist from my employer, who was a big tech company!
I had written a small shareware app called JazAwake. It was designed to stop the Iomega Jaz drive from spinning down every two minutes or so.
They did not know who I was but the stakes were instantly very high. If they filed a suit, they would uncover my identity, realize I worked for them, and terminate my employment.
To make matters worse, I was relatively sure the demands were impossible to meet. They requested I stop distributing the program AND remove all traces of it from the internet.
Similar to the linked article, I spent 9-months responding to demand letters. To my own surprise, I was eventually successful in removing it from the internet. I had to send my own demand letters (which were nicer) to every website owner who mentioned or linked to a copy of the app.
Why did your employer have a problem with your small shareware app though? I don't see why anyone could possibly get fired over something like a drive utility.
My guess is that GP's knowledge that led him to be able to create the shareware was derived from his employment, and quite possibly involved trade secrets. Creating and releasing software related to his work likely violated his employment agreement.
The cited problem was trademark infringement. I had used “jazAwake” as the name and the drive was the Iomega Jaz(tm) Drive. They also mentioned that it might shorten the life of a drive, but that was not their primary complaint.
The best thing to do is to know that law and your legal rights. Anybody can write a cease and desist. It is a first step towards a lawsuit, but given how inexpensive they are to write they are an easy way to intimidate small businesses.
I worked on a controversial app. I generally take the letter then throw it into the trash. I did this for 4 years, never had an issue. Github was the only one that seemed to want blood - then banned me. They would send me weird emails, trying to trick me to admit fault. They would also track new accounts I made (ip) and send taunting letters. They gave up eventually too.
Looking back, these companies can send these things out for no cost, looking for you to mess up by replying. If they want to sue you, don't worry, it will happen.
On the NANAE newsgroup, law firms would often pop up threatening legal action against blocklist maintainers or mailadmins; the standard response was "Where is your writ?".
Yep, that's true - also something I need to reflect in the guide is it's important to understand which jurisdiction you're under, since that'll affect your rights
Usually the terms of service you sign up to make it clear which jurisdiction disputes would be adjudicated in
For me, as a UK citizen/resident it was Ireland. Which is great since I've never been there, but I've heard their courtrooms are lovely in the springtime
Ooof, this was pretty depressing to read. It seems like your options are:
1. Ignore the letter: not recommended, as that will likely end in a lawsuit that you'll probably lose.
2. Comply: maybe not with everything (like if they ask you to do ridiculous things like give them a look at your finances), but at least stop doing what you're doing that triggered the whole thing in the first place.
3. Engage a lawyer and fight: but you're probably going to lose, unless you're independently wealthy, and/or can rally some legal-aid services that specialize in digital rights, as well as journalists and other powerful entities to help you.
And in all cases, if it's an entity like Meta, they've likely already disabled your existing accounts and banned you, and you'll never get them back.
One thing to be aware of is that letters are not guarantees that they will follow up or take you to court. Especially if they have a weak case - it is just as likely to be a bluff, hoping you'll just stop because they are big and you are small.
Ask an attorney to know for sure, but if they have no case and are just being bullies, don't cave in.
That's dangerous advice, if you have anything to lose, and the C&D isn't obviously complete nonsense. Your adversary's lawyer may have causes of action that he chooses not to disclose just now.
If anyone has some good tech-knowledgeable attorneys that work with individuals or smaller companies this is a great opportunity to promote them. It's hard to find people that are specialized in this sort of thing on a smaller scale and I've been looking for people/firms that can do this.
If their primary goal was to get you to stop, I'd assume they'd send a C&D first too because it's a lot less headache for them if that makes the problem go away.
So I wouldn't see a C&D as a guaranteed sign that they aren't willing to sue, but the threshold for "want you to stop and are willing to sue for it" is much, much, MUCH higher than the threshold for "eh, I'll send a C&D and see if this makes it go away, if not, not worth it".
Suggested edit: in your "handy rule of thumb", delete
outside of official APIs or services
since (1) official APIs and services are constantly getting redefined and (2) what's stopping them from deciding they just don't like how you're using the official APIs/services?
This is a vey well written article - I highly recommend anyone who owns a firm to read this - even if you don't work with Big Tech, it is still very useful.
As far as I understand, companies in the US really don't like actual litigation due to discovery: They'd be required to provide documents relevant to the case if requested. This not only risks making embarrassing documents part of the public record, but is also incredibly expensive since their lawyers have to review all the documents, and it can be a lot - and they generally can't recoup those fees.
If they really want you to stop, e.g. because you're putting their core business at risk, they might consider it, of course. But they won't do it for random bullshit. They do have infinite resources to crush you - but even they don't have enough resources to do it to everyone who ignores their C&D.
Also, I would expect the likelihood of getting sued (by a company that's acting rationally - small businesses where you've personally pissed off the owner can be different) depends on whether they can achieve their goal. If for example their goal is to keep you from publishing details about a security vulnerability and public embarrassment, the motivation to sue you is likely to go down once the vulnerability is public and their behavior has been reported in the tech press, and continuing to press it will just continue to the Streisand effect.
interesting. I'm curious why they bother going after so many small developers. There must be some kind of negative effect long-term there on their perception in the tech ecosystem etc. Bored in-house lawyers?
Remember, though, that in many places ignoring something can put you at risk for a default judgement at a later date. It'd be nice if we could just ignore troll trash :/
The main potential legal impact of a C&D letter is that, to the extent that notice is relevant to the existence or degree of liability, itay give you enhanced liability after the letter than what you had before. Other than that, yeah, its just basically a formally-written “please stop” letter.
Of course, there's always a possibility that the party sending it follows through on the at-least-implicit threat of litigation.
So many comments here about how C&D don't have teeth and suggesting ignoring them. That might generally be the case, but the article here specifically talks about losing your account on the tech company's service as the main thing they are concerned about.
A long time ago, I got a nastygram from Google, saying one of my domain names infringed on their trademark.
Fortunately, I didn't need the domain, since I didn't want this headache or expense. (The domain name was a pun on "Orkut", intended for a site critiquing the emerging ridiculous influencer behavior, and I'd guess it was protected speech, but I never got around to making the site.)
But the experience didn't seem very Googley to me, so I initiated a domain name transfer to the Stanford email address of one of their founders, then told the nastygram people, so maybe they could have a talk about "Don't Be Evil".
Big firms issue C&D letters for all kinds of wild reasons. A startup I founded got one because of the colour of our hardware bezels. Note the company writing to us was not even a tech business, let alone a hardware company.
Someone tried this with an open source project I ran called bitmatch (now bitstring: https://ocaml.org/p/bitstring/latest/doc/Bitstring/index.htm...). They were running some scanning software that matched bits inside binaries, and felt they could threaten anyone who dared to use the word "bitmatch". Trademarks don't work like that since they only protect a narrow field of endeavour, not "no one can ever use this word".
They sent the C&D to my employer which made everything much more complex. I usually would have ignored it, but my employer's legal department was on my back about it, so I renamed the project to bitstring. For years my project was still top of Google search for "bitmatch". (I tried it now and I notice it's a different, Rust project, so the guy still didn't win in the end.)
I am completely unclear on whether publishing your project open source gives it (at least, the code, if not any deployed version) any kind of protection if Facebook etc. target it
I would love to get a lawyer's take on that, although I guess it would differ by jurisdiction - California and Ireland are probably the two key ones for most big tech
You are not responsible for what other people do, only what you do. If you feel the need to comply with a C&D by, for instance, taking down your work, you take down the repositories you are in control of and don't worry about others who forked the work. Worrying about them is the complaining company's job.
We (and our new clients) constantly get frivolous cease and desist notices from a particularly butthurt competitor whenever they lose one of their customers to us. They have a habit of shutting off customer access to their systems and ignoring any requests from customers (who are still paying their bills) for their data.
If you are a small fish like me and you get a c&d from a fortune 500 even when you are right you may still stop. Any lawyers that can help beat vorys bullies?
I used the Unfollow Everything extension when I was a teen, it was great. I eventually ended up deleting my FaceBook account altogether; our generation (Z) thankfully feels Facebook to be an old person thing.
I'm still surprised how much people think that big tech is anyhow than by product itself different from companies presented like evil. For example weapons or oil companies.
Man, fuck Facebook. The one-off C&D sent to anyone who appears to be using your trademark I can understand. Sending the guy a bill for $30,000? Now that involved human forethought. Something seems to be going on over at the Fsckbook legal department and it isn't good.
I remember 15 years ago or so someone wrote a pluging for me-tunes that was downloading the lyrics of your mp3 by scraping internet. It was brillant (now standard in placetify). Afew months later he receive a C&D from the fruit people. How sad the big tech can get away with this.
> Make sure nothing critical in your life relies on using the platform. It shouldn’t be your primary means of contacting any important people in your life,
I don't do anything that could even be perceived as antagonistic towards Facebook. But I imagine it's something I could do. I don't have a Facebook account so I don't care if I get banned. But I do use WhatsApp. I could live just fine without it. but would/could a ban include a ban from Whatsapp? I guess I naively assume they don't know enough from my WhatsApp usage to link it to my identity. But of course a phone number is as close unique identity as they come.
I used to work for an Indymedia collective; I'd say we received half a dozen C&Ds.
[Indymedia was an open news collective, with a strong anarchist-socialist leaning]
Our "collective" had no formal membership, and no assets. We were all just volunteers who valued the platform and did some work to help out. These emails were always addressed to "To Whom It May Concern". Pseudonymity was the norm in Indymedia, and I was completely ignorant about the IRL identity of most colleagues that preferred to be pseudonymous.
They'd usually be complaining about Indymedia reports of the activities of some small businessman, often a builder. It would often be part of a campaign, i.e. there would be more than one article, by different people. So we'd collate the articles, and do web-searches; if the complaint appeared to refer to something potentially libellous; or involved some crime like inciting violence; or violated our posting T&C, like trolling, conspiraloon, or agent-provocateur, then we'd hide the article or comment; otherwise the site would have been deluged in spam. Hidden articles and comments didn't appear in lists. We had no one-button method for removing an article completely, we had to blank the article in the database. We even published a link to a page where you could view all articles and comments; none of these C&Ds ever referred to a hidden article.
We never replied to any of these C&Ds. We (or I) never hid an article or comment as the result of reading a C&D; I never thought the C&D had any merit. We took the "Ignore" route, and never suffered any adverse consequences; not even follow-ups.
So I don't share the author's opinion that you should never adopt the Ignore route. Perhaps we got lucky, but I'd have taken these messages more seriously if they had named me.
We are well within a Digital Age and we are now digital human beings.
Adversarial Interop is a fundamental Digital Human Right.
Louis has been on the frontlines of this unjustly lonely battle against big evil megacorps (META specifically) for the last few years.
If any lawyers are here that care about digital rights as coders then please reach out to louis because a coalition is needed to fight against C&Ds against independent, OSS, interop developers and their users.
Thank you Louis for writing this, I wish I saw this last year before nuking my OSS project out of an abundance of abject fear that this $800bn megacorp could ruin my life for what amounts to pocket change. This experience still hurts till this day.
I am not a lawyer, but I've received several C&Ds for various things over the decades. The first one scared me to death. The second and subsequent ones did not, because I understood what they were: just the company saying "I don't like what you're doing".
When I receive a C&D, the first thing I do is talk to my attorney and go over what the C&D is complaining about. If I think I'm doing something that could be legally risky (which does not automatically mean doing something actually wrong), then I change that. Otherwise, my attorney acknowledges that the C&D was received and I ignore it. If they really have a serious beef with what I'm doing, they need to actually sue me. I have yet to be sued.