Professional Documents
Culture Documents
For several years now, the online ad industry, internet browser suppliers and others have been debating at the World Wide Web Consortium (W3C) over the appropriate standards for a Do Not Track protocol. The stumbling point in the debate with browser companies such as Microsoft and Mozilla is whether Do Not Track should be a default setting or one set by the consumer. In April, new FTC Chairwoman Edith Ramirez stunned the ad industry in an address to the American Advertising Foundation that stressed that consumers still await an effective and functioning Do Not Track system, which is now long overdue. Ramirez believed steps taken to date were insufficient as consumers needed a persistent Do Not Track mechanism that would apply across industry to all types of tracking and allow consumers to stop the collection of nearly all behavioral data gathered across sites and not just the serving of targeted ads. While the W3C has set a deadline of the end of July to resolve its impasse, Jonathan Mayer a privacy activist connected to Mozilla has begun to take a hawkish approach suggesting that the parties agree to disagree. Along those lines, Mozilla has announced the launch of a Cookie Clearinghouse that , in connection with Stanford University, would create a cookie blacklist and enable browsers to block almost all third party cookies. Mozilla's position is that "[t]heres still plenty of ways for users to make money online but the idea of surveillance sales is probably going to have to be replaced with permission marketing. The Interactive Advertising Bureau General Counsel has called the proposed clearinghouse a nuclear first strike against advertisers, while President Randall Rothenberg has blasted the clearinghouse as a "kangaroo cookie court, an arbitrary group determining who can do business with whom. It replaces the principle of consumer choice with an arrogant 'Mozilla knows best' system." READ MORE While this battle has been unfolding, the California legislature is very close to passing legislation requiring website privacy policies to disclose how the website responds to Do Not Track requests and the extent to which other parties may collect personally identifiable information about the consumer across different websites when a consumer uses that website or service. READ MORE.
FTC WATCH: Disclosure Guidelines and COPPA Reg Updates Plus "Reclaim Your Name"
The Federal Trade Commission has updated its Dot Com Disclosure Guidelines and regulations under the Children's Online Privacy Protection Act (COPPA). The Dot Com Disclosure Guidelines were first released in 2001 and are being updated now to reflect uses of social media and mobile platforms. My presentation on the revised guidelines, along with FTC explanations of the guidelines can be found HERE. The FTC has already sent notices to search engines that their current disclosures as to what is a paid ad do not pass muster under these guidelines, since the "features used to differentiate advertising from natural search results have become less noticeable to consumers, especially for advertising located immediately above the natural results. Read More. Among other things, the COPPA amendments expand the scope of COPPA to sites having a "disproportionately large" percentage of children in its audience and also expands the definition of personal information subject to COPPA. The amendments were effective July 1st. Read More. Finally, FTC Commissioner Julie Brill has used the Snowden/NSA scandal to launch her own "Reclaim Your Name" initiative that would involve legislation requiring data brokers to give consumers the ability to access their information and correct it when it is used for eligibility determinations and/or opt-out of marketing. No action has been taken to implement this initiative. Read More.
Standard Terms and Conditions Employee Agreements Confidentiality Agreements Website Terms and Conditions Privacy Policy Social Media Policy BYOD Policy Data Breach Contingency Plan
In addition, in some instances courts consider the robustness of legal compliance programs such that periodic presentations may not only reduce your risk but may even reduce your exposure The Internet Law Center can help you make sure you have the right tools you need to succeed in today's world.
the role of the internet in promoting freedom via greater transparency in government. Which is why the solution to the current controversy over the Snowden leaks is not to retreat back to the prior "cone of silence," but rather to have an open debate over what level of surveillance is permissible and the process for doing so because that is what free societies do. . . . To foreclose such a debate on the grounds of national security is short sighted and ignores the fact that such a debate not only will impact our standing in the world but it may also be vital to our economic security. READ MORE
ILC NEWS
For the fifth year in a row, Cyber Report has been nominated for best newsletter at the Los Angeles Press Club's Southern California Journalism Awards. Cyber Report won top prize in 2011 and has won second prize on two other occasions.
Kelley to be Vice-Chair of Cal Bar's Technology, Internet & Privacy Interest Group
The California Bar Association's Intellectual Property Section has named Bennet Kelley to be Vice Chair of its Technology, Internet & Privacy Interest Group. Bennet previously was Co-Chair of the California Bar Business Law Section's Cyberspace Committee.
In rendering judgment for Zoobuh, the court: (1) Concluded that Zoobuhs 3-man operation was a bona fide ISP that had been adversely affected under CAN-SPAM, but cited activities that were more consistent with the operation of a litigation mill. (2) Applied California state court's Trancos decision to conclude that use of privacy protected domains for sending email constitutes deceptive header information. This is a leap since private information prevents doing a "Who Is" search on the domain, but the information contained in a "Who Is" - email and address - are disclosed elsewhere in the email under CAN-SPAM. (3) Held that a marketer who makes the disclosures required under CAN-SPAM but which are blocked by the recipient's email client has failed to make an adequate disclosure. The flaw with this conclusion is that it permits liability to rest not on the actual content of the message but on how a recipients a software elects to display it. READ MORE
Google, Papa Johns Settle Text Message Class Actions Suits, Is Viacom Next?
Google, Papa Johns Settle Text Message Class Actions Suits, Is Viacom Next? Google and Papa Johns have settled class action lawsuits over claims that they sent text messages in violation of the Telephone Consumer Protection Act (TCPA) for $6 million and $16.5 million. Viacom and MTV have just been hit with a similar class action.
Cyber Law and Business Report celebrated its 100th episode with an online debate over the Marketplace Fairness Act to enable states to collect sales tax from out of state online sales. Other recent shows have covered the state of Cyber Security, ISP Data Caps, Apple's Tax Shelters, Hate on the Internet and the NSA's PRISM Program. LISTEN TO PAST SHOWS. DOWNLOAD OUR MOBILE APP AND LISTEN WHEN AND WHERE YOU WANT! Next Episode 7/31: Fighting Revenge P*rn with victims Hollie Toups and Rebekah Wells and John S. Morgan lead attorney in Texxxan.com Class Action
CYBER SECURITY ZONE Wyndham Hotels Challenges FTC Data Security Authority in Closely Watched Case
A New Jersey federal court is currently reviewing Wyndham Hotels' motion to dismiss the FTCs complaint against it for violating the FTC Act by having insufficient security and not abiding by the standards set in its privacy policy. The FTC Act is quite broad and permits the FTC to regulate items that are unfair or deceptive in interstate commerce. Recently the FTC has used this authority to punish misrepresentations in privacy policies and mere failure to have adequate security for the nature of information collected, with many of the major internet players from Google, Facebook to Twitter all entering FTC consent decrees on data security. Wyndham Hotels motion comes at a time when the business community is fighting back over what it sees as unchecked FTC authority. One case garnering a lot of attention along with the Wyndham Hotels case is LabMD which has spent half of million dollars fighting an FTC civil investigative demand (CID) where no data breach has even occurred in its view. Wyndham decisions to fight the FTC has led to a pitched battle which is a must win for the FTC. READ MORE
Ponemon Study Puts Cost of Data Breach at $5.4M, Less if Response Plan in Place
At present every state in the union except for Alabama, Kentucky, New Mexico and South Dakota, have laws governing disclosures in the event of a data breach. A Ponemon Institute study found that in 2012 data breaches cost companies $188 per record compromised or $5.4 million on average. On average, the breach costs businesses $3.03 million in lost business (other reports have found that 60% of small businesses fold within six months of a data breach). If the organization has a formal incident response plan in place prior to the incident, the average cost of a data breach was reduced as much as $42 per compromised record. A Carnegie Mellon study found that providing free credit monitoring services can reduce the risk of a lawsuit by 83%. An important consideration given that AOL just agreed to pay $6 million to settle a data breach class action. READ MORE
MasterCard, Visa and Discover require merchants to adhere to the Payment Card Industry (PCI) Data Security Standard. As part of their merchant contracts, the credit card companies can assess substantial penalties and fees for violations or even to confirm the absence of a violation all without any appeal or recourse. After Genesco, which operates retail stores such as Johnston & Murphys, suffered a data breach of its computer system in 2010, MasterCard assessed a $2.2 million penalty, while Visa assessed $13.3 million, contending that Genesco was not PCI compliant. Genesco contends it was compliant and that there is no evidence hackers actually stole any credit card data. Genesco has filed suit to recover the $13.3 million, while Ciseros, a Utah bar and grille, is challenging the imposition of similar penalties without any evidence of a breach. READ MORE
While the Cyber Insurance industry has grown to a $1.5 billion industry, it remains an under utilized tool. The Obama Administration recently circulated a white paper on ways to increase adoption of cyber insurance as a way to increase market incentives for increased cyber security. The current state of Cyber Security and the role of insurance in creating market incentives for Cyber Security was the subject of the May 29th Cyber Law and Business Report. LISTEN and VIEW INFOGRAPHIC.
notification also be sent to the Attorney General until 2012. Attorney General Kamala Harris has released a report based on the 2012 notifications impacting 25 million Californians finding that, among other things, (i) companies should encrypt digital personal information when moving or sending it out of their secure network as encryption would have prevented breaches involving 1.4 million Californians. Harris also stressed that companies should review and tighten their security controls on personal information, including training employees and contractors. The Attorney General's office recently established a privacy enforcement unit and Harris said data security would be a priority. READ MORE.
The Emergency Broadcast System is vulnerable to cyber attacks reports have concluded. This follows an incident earlier this year in which the system was hacked to report that "civil authorities in your area have reported that the bodies of the dead are rising from the grave and attacking the living."
Bennet Kelley hits WashPost Columnist for Myopic Call to Repeal Internet
Bennet Kelley responded to Washington Post columnist Robert Samuelson's call to repeal the internet, with a column chiding Samuelson for his myopic "embrace of Cyber Amishness." READ MORE
The battle over the so-called Amazon Tax has officially moved to Washington with the debate over the Marketplace Fairness Act. The Act allows states to require out of state retailers to collect sales tax provided they are part of the Streamlined Sales and Use Tax Agreement which currently includes 24 states are members (see map left) or take steps independently to streamline and simplify the sales tax collection process. The bill passed the Senate 69-27 in May, but has received a chilly reception in the House of Representatives where conservative Republican opposition to the bill is growing. READ MORE
Working with Interpol, Europol, World Customs Organization, the Heads of Medicines Agencies Working Group of Enforcement Officers, the Pharmaceutical Security Institute, Visa, Mastercard, PayPal, and Legitscript, the FDA shut down 9,000 websites, arrest 58 individuals and seized 9.8 million potentially dangerous medicines, worth around $41 million. A recent Government Accounting Report found that there were over 34,000 active rogue internet pharmacies as of April 2013. READ MORE
When President Obama signed the JOBS Act into law on April 5, 2012, it included the Capital Raising Online While Deterring Fraud and Unethical Non-Disclosure Act of 2012 (CROWDFUND Act) which would permit companies to raise up to $1 million in equity via crowdfunding. The Act directed the Securities and Exchange Commission (SEC) to issue implementing regulations within 270 days of passage. With over 450 days passed since enactment, the SEC still cannot say when regulations might emerge. READ MORE.
IN THE COURTS
The Justice Department had convinced all the major ebook publishers who participated in the price fixing conspiracy to settle to the tune of $166 million, but Apple refused. A New York federal judge, however, found that "Apple seized the moment and brilliantly played its hand" in getting the publishers to raise prices. It will now face treble damages on approximately $3-5 per book sold. READ MORE
California Attorney General Kamala Harris suit against Delta Airlines for failing to post a privacy policy for its mobile apps got stopped on the runway. Delta won dismissal of the lawsuit on the grounds that it was preempted by Airline Deregulation Act, which prohibits states from restricting any prices, routes or services of an air carrier. READ MORE
STATE WATCH
The number one spot on the most recent version of the NetChoice Coalitions periodic iAwful list of worst state laws regulating the internet went not to a bill but to the entire California legislature for the introduction of "nine separate privacy bills targeting the heart of the state's world-leading tech industry. It almost seems as if California legislators are competing for the honor of chasing their golden goose out of the Golden State." READ MORE
Nevada became the eleventh state to pass legislation restricting employers' ability to demand that employees provide their password(s) for social media states. The eleven states are Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Mexico, Oregon, Utah and Washington.
A patent troll generally is a business whose only asset are a portfolio of patents and who make money principally by suing or threatening lawsuits against alleged infringers. Earlier this month, the White House announced its initiative against Patent Trolls, citing the fact that the number of lawsuits brought by patent trolls has tripled and now accounts for 62% of all patent lawsuits. In 2009, patent trolls extracted $29 billion in settlements. President Obama has taken several administrative steps to put patents to greater scrutiny, the Federal Trade Commission is conducting a study on the issue., while multiple anti-troll proposals are gaining momentum on Capitol Hill. The first shot in the battle over trolls was fired in Vermont, as the Green Mountain state,which actually has the highest per capita number of inventors, passed a law enabling courts to require a bad-faith patent plaintiff to post a bond to cover the cost and to permit a right of action for bad faith demand letters asserting patent infringement with punitive damages of up to $50,000. The day the law went into effect, the states attorney general filed the first lawsuit against under the new law against MPHJ Technology Investments, a notorious patent troll that had sent hundreds of demand letters to small businesses seeking $1,000 per employee for their claimed patent on the process for scanning documents into an email. READ MORE
With the growth of "revenge p*rn" websites (sites where people post naked photos of their ex boy/girlfriends) such as Is Anyone Up, New Jersey became the first state to criminalize this conduct. Bills currently are pending in California and Florida as well. READ MORE.
NOTE: Some of the leading victims' advocates and their counsel will be on a special Cyber Law and Business Report devoted to combating revenge porn on July 31st.
New Apps, Web Models Bump Against 20th Century Regulatory Restraints
In the battle between 21st century business models and 20th century regulatory regimes, the regulators may be winning round one. Uber, Lyft, Sidecar, Airbnb, Bitcoin and Square have all faced unexpected legal challenges. READ MORE.
ICANN held its 47th tri-annual meeting at Durban, South Africa (coinciding with Nelson Mandela's 95th birthday). At the meeting, ICANN released a report concluding that the current WHOIS system of giving every user the same anonymous public access to (too often inaccurate) gTLD registration datashould be abandoned. In its place, the report recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use. The move comes as ICANN rolls out a new registrar agreement, with GoDaddy being its first signatory. Under the Agreement, registrars will be required to verify either the phone number or email address of the user within fifteen days of applying for a new domain. Failure to provide verification will result in domain suspension. READ MORE FROM ICANN 47 .
INTERNATIONAL UPDATE NSAs Euro-Backlash: Germanys Merkel Calls For New EU Privacy Legislation
German Chancellor Angela Merkel of Germany, reflecting the widespread European outrage over the NSA scandal, is calling for the European Union to adopt legislation requiring Internet companies to disclose what information about users they store and to whom they provide it. Viviane Reding, the EU Vice President who has been spearheading European data protection reform, has said the NSA furor had given Europeans a wake-up call when it came to privacy. READ MORE
In 2009, Microsoft entered into a consent decree with the EU over allegations that it used its market power to tie Internet Explorer to Windows. As a result, it agreed to offer a browser choice screen to consumers through 2014, but failed to do so for 14 months between May 2011 and July 2012. This resulted in a 561 million fine on Microsoft since [a] failure to comply is a very serious infringement that must be sanctioned accordingly. Google is under investigation by privacy enforcement authorities in France, Germany, Italy, Netherlands and the UK over 2012 changes to its privacy policy that created a streamlined policy for multiple Google applications. The UK has given Google until September to update its privacy policies. READ MORE
to be Forgotten
The European Court of Justices Advocate General, Niilo Jaaskinen, said in a formal opinion that a general right to be forgotten is not contemplated in the EU Data Protection Directive. The AG stated that imposing an obligation to block access to legallypublished content would dangerously interfere with search users rights to access information, as well as Googles fundamental right to conduct a business. READ MORE
For years, the most frequently cited statistic about Indonesia was that it is the most populous Muslim country in the world (and 4th largest with 251 million people). According to the latest Akamai State of the Internet report, it has jumped into 2nd place for attack traffic increasing its share from 0.7% in Q4-12 to 21% in Q1. Together with China, the two nations account for 55% of all attack traffic.
TED'S TUBES
Net Neutrality Hearing Date Set,While AT&T and Verizon Launch New Toll Booth Scheme
The hearing on Verizons appeal of the FCCs Net Neutrality Plan (aka The Open Internet Order) before the D.C. Circuit Court of Appeals is set for September 9, 2013. While this has pending, ISPs user data cap plans have come under increase scrutiny, particularly as ISPs began exempting their own services from the data caps. AT&T and Verizon have indicated that they will permit content providers to pay to circumvent the data caps and rumors that ESPN may be one of the first to pay to do so, a move Public Knowledge has denounced. "Imposing data caps on consumers and then allowing wealthy content holders to buy their way around them is a recipe for stagnation online." Listen to CLBR discussion on Data Caps with Public Knowledge's Michael Weinberg
ABOUT US
The Internet Law Center is a law firm dedicated to helping businesses navigate the evolving legal standards for today's digital economy. Today the firm serves a diverse client base that includes startups and public companies both online and offline across four continents on issues ranging from online marketing, e-commerce, privacy, domain names to cyber harassment, as well as entertainment, general transactional and litigation matters. Cyber Report is for information purposes only and is not meant to express any legal opinion or advice nor is it an advertisement for any legal services (not even if read backwards). The occasionally snarky views expressed herein do not necessarily reflect the views of the firm nor any ILC client.
THE END
10