You are on page 1of 10


Top Story Gloves Come Off Over Do Not Track

For several years now, the online ad industry, internet browser suppliers and others have been debating at the World Wide Web Consortium (W3C) over the appropriate standards for a Do Not Track protocol. The stumbling point in the debate with browser companies such as Microsoft and Mozilla is whether Do Not Track should be a default setting or one set by the consumer. In April, new FTC Chairwoman Edith Ramirez stunned the ad industry in an address to the American Advertising Foundation that stressed that consumers still await an effective and functioning Do Not Track system, which is now long overdue. Ramirez believed steps taken to date were insufficient as consumers needed a persistent Do Not Track mechanism that would apply across industry to all types of tracking and allow consumers to stop the collection of nearly all behavioral data gathered across sites and not just the serving of targeted ads. While the W3C has set a deadline of the end of July to resolve its impasse, Jonathan Mayer a privacy activist connected to Mozilla has begun to take a hawkish approach suggesting that the parties agree to disagree. Along those lines, Mozilla has announced the launch of a Cookie Clearinghouse that , in connection with Stanford University, would create a cookie blacklist and enable browsers to block almost all third party cookies. Mozilla's position is that "[t]heres still plenty of ways for users to make money online but the idea of surveillance sales is probably going to have to be replaced with permission marketing. The Interactive Advertising Bureau General Counsel has called the proposed clearinghouse a nuclear first strike against advertisers, while President Randall Rothenberg has blasted the clearinghouse as a "kangaroo cookie court, an arbitrary group determining who can do business with whom. It replaces the principle of consumer choice with an arrogant 'Mozilla knows best' system." READ MORE While this battle has been unfolding, the California legislature is very close to passing legislation requiring website privacy policies to disclose how the website responds to Do Not Track requests and the extent to which other parties may collect personally identifiable information about the consumer across different websites when a consumer uses that website or service. READ MORE.

FTC WATCH: Disclosure Guidelines and COPPA Reg Updates Plus "Reclaim Your Name"
The Federal Trade Commission has updated its Dot Com Disclosure Guidelines and regulations under the Children's Online Privacy Protection Act (COPPA). The Dot Com Disclosure Guidelines were first released in 2001 and are being updated now to reflect uses of social media and mobile platforms. My presentation on the revised guidelines, along with FTC explanations of the guidelines can be found HERE. The FTC has already sent notices to search engines that their current disclosures as to what is a paid ad do not pass muster under these guidelines, since the "features used to differentiate advertising from natural search results have become less noticeable to consumers, especially for advertising located immediately above the natural results. Read More. Among other things, the COPPA amendments expand the scope of COPPA to sites having a "disproportionately large" percentage of children in its audience and also expands the definition of personal information subject to COPPA. The amendments were effective July 1st. Read More. Finally, FTC Commissioner Julie Brill has used the Snowden/NSA scandal to launch her own "Reclaim Your Name" initiative that would involve legislation requiring data brokers to give consumers the ability to access their information and correct it when it is used for eligibility determinations and/or opt-out of marketing. No action has been taken to implement this initiative. Read More.


You wouldn't drink milk that was four years old, but is your business relying on stale legal documents. Do you have in place current versions of:

Standard Terms and Conditions Employee Agreements Confidentiality Agreements Website Terms and Conditions Privacy Policy Social Media Policy BYOD Policy Data Breach Contingency Plan

In addition, in some instances courts consider the robustness of legal compliance programs such that periodic presentations may not only reduce your risk but may even reduce your exposure The Internet Law Center can help you make sure you have the right tools you need to succeed in today's world.


The online business community will be impacted by the fall out and reaction to the NSA/Snowden scandal. So far this includes: (i) a spike in consumer downloads of anti-tracking software; (ii) an EU backlash with calls for strengthening EU jurisdiction over US companies on privacy issues; (iii) FTC Commissioner Julie Brill's pushing for her "Reclaim Your Name" proposal and "Do Not Track" as a tandem response to Big Data; and (iv) undermining the Obama administration efforts to press China on cyber attacks by allowing China to use Snowden's leak to deflect US criticism. READ MORE Bennet Kelley argued in a HuffPost column that Congress needs to take into account both the role of ecommerce in GDP growth and

the role of the internet in promoting freedom via greater transparency in government. Which is why the solution to the current controversy over the Snowden leaks is not to retreat back to the prior "cone of silence," but rather to have an open debate over what level of surveillance is permissible and the process for doing so because that is what free societies do. . . . To foreclose such a debate on the grounds of national security is short sighted and ignores the fact that such a debate not only will impact our standing in the world but it may also be vital to our economic security. READ MORE

For the fifth year in a row, Cyber Report has been nominated for best newsletter at the Los Angeles Press Club's Southern California Journalism Awards. Cyber Report won top prize in 2011 and has won second prize on two other occasions.

Report Nominated for 5th Year in a Row By LA Press Club

Kelley to be Vice-Chair of Cal Bar's Technology, Internet & Privacy Interest Group

The California Bar Association's Intellectual Property Section has named Bennet Kelley to be Vice Chair of its Technology, Internet & Privacy Interest Group. Bennet previously was Co-Chair of the California Bar Business Law Section's Cyberspace Committee.


ZooBuh is a Utah-based Internet access service which provides email, chat, and blogging services to approximately 35,000 customers worldwide and is one of the more recent entrants to the anti-spam litigation club. In 2011 it filed several actions under the CANSPAM Act in Utah federal court against Better Broadcasting, LLC and other defendants. ZooBuh sought default judgment and won.
[Full disclosure: The Internet Law Center represented one of the defendants dismissed from this case.]

In rendering judgment for Zoobuh, the court: (1) Concluded that Zoobuhs 3-man operation was a bona fide ISP that had been adversely affected under CAN-SPAM, but cited activities that were more consistent with the operation of a litigation mill. (2) Applied California state court's Trancos decision to conclude that use of privacy protected domains for sending email constitutes deceptive header information. This is a leap since private information prevents doing a "Who Is" search on the domain, but the information contained in a "Who Is" - email and address - are disclosed elsewhere in the email under CAN-SPAM. (3) Held that a marketer who makes the disclosures required under CAN-SPAM but which are blocked by the recipient's email client has failed to make an adequate disclosure. The flaw with this conclusion is that it permits liability to rest not on the actual content of the message but on how a recipients a software elects to display it. READ MORE

Google, Papa Johns Settle Text Message Class Actions Suits, Is Viacom Next?

Google, Papa Johns Settle Text Message Class Actions Suits, Is Viacom Next? Google and Papa Johns have settled class action lawsuits over claims that they sent text messages in violation of the Telephone Consumer Protection Act (TCPA) for $6 million and $16.5 million. Viacom and MTV have just been hit with a similar class action.

CLBR Airs 100th Episode

Cyber Law and Business Report celebrated its 100th episode with an online debate over the Marketplace Fairness Act to enable states to collect sales tax from out of state online sales. Other recent shows have covered the state of Cyber Security, ISP Data Caps, Apple's Tax Shelters, Hate on the Internet and the NSA's PRISM Program. LISTEN TO PAST SHOWS. DOWNLOAD OUR MOBILE APP AND LISTEN WHEN AND WHERE YOU WANT! Next Episode 7/31: Fighting Revenge P*rn with victims Hollie Toups and Rebekah Wells and John S. Morgan lead attorney in Class Action

CYBER SECURITY ZONE Wyndham Hotels Challenges FTC Data Security Authority in Closely Watched Case

A New Jersey federal court is currently reviewing Wyndham Hotels' motion to dismiss the FTCs complaint against it for violating the FTC Act by having insufficient security and not abiding by the standards set in its privacy policy. The FTC Act is quite broad and permits the FTC to regulate items that are unfair or deceptive in interstate commerce. Recently the FTC has used this authority to punish misrepresentations in privacy policies and mere failure to have adequate security for the nature of information collected, with many of the major internet players from Google, Facebook to Twitter all entering FTC consent decrees on data security. Wyndham Hotels motion comes at a time when the business community is fighting back over what it sees as unchecked FTC authority. One case garnering a lot of attention along with the Wyndham Hotels case is LabMD which has spent half of million dollars fighting an FTC civil investigative demand (CID) where no data breach has even occurred in its view. Wyndham decisions to fight the FTC has led to a pitched battle which is a must win for the FTC. READ MORE

Ponemon Study Puts Cost of Data Breach at $5.4M, Less if Response Plan in Place

At present every state in the union except for Alabama, Kentucky, New Mexico and South Dakota, have laws governing disclosures in the event of a data breach. A Ponemon Institute study found that in 2012 data breaches cost companies $188 per record compromised or $5.4 million on average. On average, the breach costs businesses $3.03 million in lost business (other reports have found that 60% of small businesses fold within six months of a data breach). If the organization has a formal incident response plan in place prior to the incident, the average cost of a data breach was reduced as much as $42 per compromised record. A Carnegie Mellon study found that providing free credit monitoring services can reduce the risk of a lawsuit by 83%. An important consideration given that AOL just agreed to pay $6 million to settle a data breach class action. READ MORE

PCI Penalty Regime Subject to Court Challenge

MasterCard, Visa and Discover require merchants to adhere to the Payment Card Industry (PCI) Data Security Standard. As part of their merchant contracts, the credit card companies can assess substantial penalties and fees for violations or even to confirm the absence of a violation all without any appeal or recourse. After Genesco, which operates retail stores such as Johnston & Murphys, suffered a data breach of its computer system in 2010, MasterCard assessed a $2.2 million penalty, while Visa assessed $13.3 million, contending that Genesco was not PCI compliant. Genesco contends it was compliant and that there is no evidence hackers actually stole any credit card data. Genesco has filed suit to recover the $13.3 million, while Ciseros, a Utah bar and grille, is challenging the imposition of similar penalties without any evidence of a breach. READ MORE

The Role of Cyber Insurance in Maintaining Cyber Security

While the Cyber Insurance industry has grown to a $1.5 billion industry, it remains an under utilized tool. The Obama Administration recently circulated a white paper on ways to increase adoption of cyber insurance as a way to increase market incentives for increased cyber security. The current state of Cyber Security and the role of insurance in creating market incentives for Cyber Security was the subject of the May 29th Cyber Law and Business Report. LISTEN and VIEW INFOGRAPHIC.

Cal AG Issues First Data Breach Report, Vows Increased Enforcement

While California has required data breach notification since 2003 (the first state in the country to do so), it did not require that

notification also be sent to the Attorney General until 2012. Attorney General Kamala Harris has released a report based on the 2012 notifications impacting 25 million Californians finding that, among other things, (i) companies should encrypt digital personal information when moving or sending it out of their secure network as encryption would have prevented breaches involving 1.4 million Californians. Harris also stressed that companies should review and tighten their security controls on personal information, including training employees and contractors. The Attorney General's office recently established a privacy enforcement unit and Harris said data security would be a priority. READ MORE.

EBS Hacked, Reports Zombie Attack

The Emergency Broadcast System is vulnerable to cyber attacks reports have concluded. This follows an incident earlier this year in which the system was hacked to report that "civil authorities in your area have reported that the bodies of the dead are rising from the grave and attacking the living."

Bennet Kelley hits WashPost Columnist for Myopic Call to Repeal Internet
Bennet Kelley responded to Washington Post columnist Robert Samuelson's call to repeal the internet, with a column chiding Samuelson for his myopic "embrace of Cyber Amishness." READ MORE

WASHINGTON WATCH Senate Passes Marketplace Fairness Act, Fate Uncertain

The battle over the so-called Amazon Tax has officially moved to Washington with the debate over the Marketplace Fairness Act. The Act allows states to require out of state retailers to collect sales tax provided they are part of the Streamlined Sales and Use Tax Agreement which currently includes 24 states are members (see map left) or take steps independently to streamline and simplify the sales tax collection process. The bill passed the Senate 69-27 in May, but has received a chilly reception in the House of Representatives where conservative Republican opposition to the bill is growing. READ MORE

White House Endorses Ad Network Anti-Piracy Plan

The White House has endorsed a plan put forth by 24/7 Media, Adtegrity, AOL, Cond Nast, Google, Microsoft, SpotXchange, and Yahoo!, with the support of the Interactive Advertising Bureau, committed to a set of best practices to address online infringement by reducing the flow of ad revenue to operators of sites engaged in significant piracy and counterfeiting. READ MORE.

FDA Leads Crackdown on 9,000 Rogue Internet Pharmacies

Working with Interpol, Europol, World Customs Organization, the Heads of Medicines Agencies Working Group of Enforcement Officers, the Pharmaceutical Security Institute, Visa, Mastercard, PayPal, and Legitscript, the FDA shut down 9,000 websites, arrest 58 individuals and seized 9.8 million potentially dangerous medicines, worth around $41 million. A recent Government Accounting Report found that there were over 34,000 active rogue internet pharmacies as of April 2013. READ MORE

Clock Ticking on CROWDFUND Act's Regs

When President Obama signed the JOBS Act into law on April 5, 2012, it included the Capital Raising Online While Deterring Fraud and Unethical Non-Disclosure Act of 2012 (CROWDFUND Act) which would permit companies to raise up to $1 million in equity via crowdfunding. The Act directed the Securities and Exchange Commission (SEC) to issue implementing regulations within 270 days of passage. With over 450 days passed since enactment, the SEC still cannot say when regulations might emerge. READ MORE.


Apple Found Liable for iPriceFixing with eBooks

The Justice Department had convinced all the major ebook publishers who participated in the price fixing conspiracy to settle to the tune of $166 million, but Apple refused. A New York federal judge, however, found that "Apple seized the moment and brilliantly played its hand" in getting the publishers to raise prices. It will now face treble damages on approximately $3-5 per book sold. READ MORE

Delta Wins Dismissal of CA Privacy Lawsuit

California Attorney General Kamala Harris suit against Delta Airlines for failing to post a privacy policy for its mobile apps got stopped on the runway. Delta won dismissal of the lawsuit on the grounds that it was preempted by Airline Deregulation Act, which prohibits states from restricting any prices, routes or services of an air carrier. READ MORE

Google to Settle Search Privacy Lawsuit for $8.5M

Google has agreed to settle a class action lawsuit claiming it violated its privacy policy by sharing search queries in referral headers. The plaintiffs contended that such queries contained sensitive personal information that sites potentially could use to determine their identities. Wins Dismissal of Suit by Rape Victim

In 2011, after being raped by a convicted sex offender she met online through, the victim sued for failing to screen and gave the issue national attention when she appeared on the Today Show. Match quickly settled the lawsuit and implemented a process to screen for s*x offenders. When a Nevada rape victim sued earlier this year for an incident occurring prior to the screening, fought it and won a dismissal. READ MORE

Court Allows Website Claim Against Data Scrapers to Proceed

The court refused to dismiss much of Cr**gslists claim against data scrapers republishing its content. Although it expressed some skepticism over permitting application of the Computer Fraud and Abuse Act to accessing information that is publicly available, there was no clear precedent that other recent decisions narrowing the scope of the Computer Fraud and Abuse Act should be extended in this case. READ MORE


California Legislature Faulted for Excessive Privacy Regulation

The number one spot on the most recent version of the NetChoice Coalitions periodic iAwful list of worst state laws regulating the internet went not to a bill but to the entire California legislature for the introduction of "nine separate privacy bills targeting the heart of the state's world-leading tech industry. It almost seems as if California legislators are competing for the honor of chasing their golden goose out of the Golden State." READ MORE

State AGs to Push for Exception to CDA Immunity

Section 230 of the Communications Decency Act provides immunity to websites for third party content on the site. It has stymied state efforts to regulate online solicitation, which has led some state attorney generals to push for an amendment to the CDA to exempt state criminal laws. Santa Clara law professor and CLBR guest Eric Goldman, condemned the proposal stating it would "unleash hordes of provincial headline-seeking prosecutors using countless broadly worded and possibly antiquated laws to go after Internet companies outside their states."

Nevada 11th State to Pass Social Media Privacy Law

Nevada became the eleventh state to pass legislation restricting employers' ability to demand that employees provide their password(s) for social media states. The eleven states are Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Mexico, Oregon, Utah and Washington.

First Shots Fired in War Against Patent Trolls


A patent troll generally is a business whose only asset are a portfolio of patents and who make money principally by suing or threatening lawsuits against alleged infringers. Earlier this month, the White House announced its initiative against Patent Trolls, citing the fact that the number of lawsuits brought by patent trolls has tripled and now accounts for 62% of all patent lawsuits. In 2009, patent trolls extracted $29 billion in settlements. President Obama has taken several administrative steps to put patents to greater scrutiny, the Federal Trade Commission is conducting a study on the issue., while multiple anti-troll proposals are gaining momentum on Capitol Hill. The first shot in the battle over trolls was fired in Vermont, as the Green Mountain state,which actually has the highest per capita number of inventors, passed a law enabling courts to require a bad-faith patent plaintiff to post a bond to cover the cost and to permit a right of action for bad faith demand letters asserting patent infringement with punitive damages of up to $50,000. The day the law went into effect, the states attorney general filed the first lawsuit against under the new law against MPHJ Technology Investments, a notorious patent troll that had sent hundreds of demand letters to small businesses seeking $1,000 per employee for their claimed patent on the process for scanning documents into an email. READ MORE

States Attempt to Combat Revenge P*rn Sites

With the growth of "revenge p*rn" websites (sites where people post naked photos of their ex boy/girlfriends) such as Is Anyone Up, New Jersey became the first state to criminalize this conduct. Bills currently are pending in California and Florida as well. READ MORE.
NOTE: Some of the leading victims' advocates and their counsel will be on a special Cyber Law and Business Report devoted to combating revenge porn on July 31st.

New Apps, Web Models Bump Against 20th Century Regulatory Restraints
In the battle between 21st century business models and 20th century regulatory regimes, the regulators may be winning round one. Uber, Lyft, Sidecar, Airbnb, Bitcoin and Square have all faced unexpected legal challenges. READ MORE.


ICANN held its 47th tri-annual meeting at Durban, South Africa (coinciding with Nelson Mandela's 95th birthday). At the meeting, ICANN released a report concluding that the current WHOIS system of giving every user the same anonymous public access to (too often inaccurate) gTLD registration datashould be abandoned. In its place, the report recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use. The move comes as ICANN rolls out a new registrar agreement, with GoDaddy being its first signatory. Under the Agreement, registrars will be required to verify either the phone number or email address of the user within fifteen days of applying for a new domain. Failure to provide verification will result in domain suspension. READ MORE FROM ICANN 47 .

YTD Top Domain Sales

From (in millions) (1) - $2.1; (2) $0.5; (3) $0.38; (4) $0.375; and (5) and $0.300.

INTERNATIONAL UPDATE NSAs Euro-Backlash: Germanys Merkel Calls For New EU Privacy Legislation
German Chancellor Angela Merkel of Germany, reflecting the widespread European outrage over the NSA scandal, is calling for the European Union to adopt legislation requiring Internet companies to disclose what information about users they store and to whom they provide it. Viviane Reding, the EU Vice President who has been spearheading European data protection reform, has said the NSA furor had given Europeans a wake-up call when it came to privacy. READ MORE

EU Fines Microsoft, Turns Heat Up on Google


In 2009, Microsoft entered into a consent decree with the EU over allegations that it used its market power to tie Internet Explorer to Windows. As a result, it agreed to offer a browser choice screen to consumers through 2014, but failed to do so for 14 months between May 2011 and July 2012. This resulted in a 561 million fine on Microsoft since [a] failure to comply is a very serious infringement that must be sanctioned accordingly. Google is under investigation by privacy enforcement authorities in France, Germany, Italy, Netherlands and the UK over 2012 changes to its privacy policy that created a streamlined policy for multiple Google applications. The UK has given Google until September to update its privacy policies. READ MORE

to be Forgotten

European Court of Justice Puts Brake on Push for Right

The European Court of Justices Advocate General, Niilo Jaaskinen, said in a formal opinion that a general right to be forgotten is not contemplated in the EU Data Protection Directive. The AG stated that imposing an obligation to block access to legallypublished content would dangerously interfere with search users rights to access information, as well as Googles fundamental right to conduct a business. READ MORE

Canadian Spam Law Implementation Not Likely Until 2014

On December 15, 2010, Canada approved the Fighting Internet and Wireless Spam bill, with implementation on hold pending approval of implementing legislation. It now appears those regulations will not be released until later this summer with implementation delayed until fall 2014 (and even then there is talk that some portions of the bill might be delayed until 2017. READ MORE

US-Antigua Dispute At Crossroads

The Caribbean island nation of Antigua, which took the United States to the World Trade Organization (the WTO) over its online gambling prohibition and won and which was about to launch a royalty-free download site for US digital media movies, TV shows, music, games, software, etc. without compensating the companies and individuals holding the associated intellectual property (IP) rights. The move had been authorized by the WTO, but meetings between Vice President Biden and Antigua Prime Minister Spencer have left both sides hopeful a final resolution is near. Last week, however, the Government of Antigua and Barbuda has announced the formation of a select committee to oversee the implementation process, as the nation seeks to suspend certain concessions and other obligations relating to United States intellectual property rights as sanctioned by the WTO. READ MORE

Meet the New Cybercrime Superpower - Indonesia

For years, the most frequently cited statistic about Indonesia was that it is the most populous Muslim country in the world (and 4th largest with 251 million people). According to the latest Akamai State of the Internet report, it has jumped into 2nd place for attack traffic increasing its share from 0.7% in Q4-12 to 21% in Q1. Together with China, the two nations account for 55% of all attack traffic.


Net Neutrality Hearing Date Set,While AT&T and Verizon Launch New Toll Booth Scheme

The hearing on Verizons appeal of the FCCs Net Neutrality Plan (aka The Open Internet Order) before the D.C. Circuit Court of Appeals is set for September 9, 2013. While this has pending, ISPs user data cap plans have come under increase scrutiny, particularly as ISPs began exempting their own services from the data caps. AT&T and Verizon have indicated that they will permit content providers to pay to circumvent the data caps and rumors that ESPN may be one of the first to pay to do so, a move Public Knowledge has denounced. "Imposing data caps on consumers and then allowing wealthy content holders to buy their way around them is a recipe for stagnation online." Listen to CLBR discussion on Data Caps with Public Knowledge's Michael Weinberg

Gigabyte Gazette: Provo, UT Next In Line for Google Fiber

The City of Provo projects upgrading to gigabyte broadband speed could have a $50M direct impact on the city which is comparable in size to university towns such as Ann Arbor, Berkeley and South Bend and had a 2008 GDP of $13.7 billion. Provo will be the third Google Fiber city after Kansas City (both MO and KS) and Austin. The number of gigabit cities is slowly increasing and will expand significantly once the GigabitU Project completes upgrades in key university hubs. Click here for a map of current and future gigabit cities.

Internet Hall of Fame Announces 2013 Inductees

The Internet Society has announced the second class of Hall of Fame Inductees. They consist of: Pioneers Circle (recognizing individuals who were instrumental in the early design and development of the Internet): David Clark, David Farber, Howard Frank, Kanchana Kanchanasut, J.C.R. Licklider (posthumous), Bob Metcalfe, Jun Murai, Kees Neggers, Nii Narku Quaynor, Glenn Ricart, Robert Taylor, Stephen Wolff, Werner Zorn; Innovators (recognizing individuals who made outstanding technological, commercial, or policy advances and helped to expand the Internets reach): Marc Andreessen, John Perry Barlow, Anne-Marie Eklund Lwinder, Franois Flckiger, Stephen Kent, Henning Schulzrinne, Richard Stallman, Aaron Swartz (posthumous), Jimmy Wales; and Global Connectors Recognizing individuals from around the world who have made significant contributions to the global growth and use of the Internet: Karen Banks, Gihan Dias, Anriette Esterhuysen, Steven Goldstein, Teus Hagen, Ida Holz, Qiheng Hu, Haruhisa Ishida (posthumous), Barry Leiner (posthumous), George Sadowsky, The induction ceremony will be live streamed from Berlin on August 3rd via this link. Once again Cindy Margolis and Numma Numma were overlooked.


The Internet Law Center is a law firm dedicated to helping businesses navigate the evolving legal standards for today's digital economy. Today the firm serves a diverse client base that includes startups and public companies both online and offline across four continents on issues ranging from online marketing, e-commerce, privacy, domain names to cyber harassment, as well as entertainment, general transactional and litigation matters. Cyber Report is for information purposes only and is not meant to express any legal opinion or advice nor is it an advertisement for any legal services (not even if read backwards). The occasionally snarky views expressed herein do not necessarily reflect the views of the firm nor any ILC client.