CyberLaw Currents

News Bits

editor — Wed, 18 Aug 2010 18:29:25 +0000

Harvard Internet Law Professor Jonathan Zittrain’s take on the Google – Verizon Net Neutrality Proposals is here.
CNET reported on a lawsuit alleging how several major websites have broken the law by secretly tracking user activities on other sites using Flash Cookies.
In an interview, Google’s Eric Schmidt said he believes every young person will one day be allowed to change their name to distance themselves from embarrassing photographs and material stored on their friends’ social media sites.
Google is trying to line up content owners for its new Google TV software.
One of the hottest issues in the content licensing space: What’s a “mobile device”?
Domain Name Wire reports on Paris Hilton’s recent legal action against cybersquatters.
The Washington Post reports that some luxury hotels are now offering eReaders as perks to hotel guests.

FDA’s First Facebook Enforcement Action

editor — Mon, 09 Aug 2010 19:50:42 +0000

In what may signal regulators’ growing focus on advertisers’ use of social media, particularly in regulated industries, on July 29, 2010, the FDA issued its first Facebook-related citation in connection with Novartis’ use of Facebook’s share function on its Tasigna® website. By clicking on the “share” button on the website, consumers could post Novartis-created information about Tasigna® (“Shared Content”) on their Facebook profile walls, which would then be sent to the consumers’ “friends” via the newsfeed. It also allowed a consumer to send a separate message containing the Shared Content to their “friends” on Facebook. The FDA cited four (4) ways in which the website and the Facebook “share” widget violated the Federal Food, Drug and Cosmetic Act and the FDA implementing regulations: (i) omission of risk information, (ii) broadening of drug indication, (iii) unsubstantiated superiority claims/overstatement of efficacy, and (iv) failure to submit.

According to the FDA, the Shared Content included representations and/or suggestions about the efficacy of Tasigna® but failed to disclose any risk information, making the Shared Content misleading by suggesting that Tasigna® was “safer than has been demonstrated by substantial evidence or substantial clinical experience.” Even though the Shared Content included a hyperlink that directed consumers to a page that contained the required risk information, the FDA stated that this was not sufficient disclosure. Promotional materials “must contain risk information in each part as necessary to qualify any claims made about the drug” in order for those promotional materials to be “truthful and non-misleading.” The Shared Content also included brief statements about the medical conditions that Tasigna® can treat, and FDA concluded this “misleadingly broaden[ed] the indication for Tasigna® by suggesting that it was useful in a broader range of conditions or patients than had been demonstrated by substantial evidence or substantial clinical experience.”

The FDA’s dismissal of the hyperlink provided as part of the Shared Content as an adequate means of disclosure coupled with its declaration that the Shared Content must be submitted for approval (in the manner consistent with all other promotional materials for pharmaceutical products) clearly indicates that the FDA considers the information generated by the drug company and disseminated via social media to be advertising and, as such, subject to applicable regulations. Although the FDA has yet to issue guidelines in response to the social media hearings it conducted in June, this action provides an important indication of the FDA’s thinking. — Terri Seligman

Techonomy Conference Update

editor — Thu, 05 Aug 2010 20:02:49 +0000

A ”Who’s Who” of leading technology innovators and thinkers have gathered in Lake Tahoe, Nevada for the inaugural Techonomy Conference. Attendees include industry titans Bill Gates and Jeff Bezos and a host of leading academics and writers. Our colleagues Jerrold Spiegel and Michael Frankfurt are there too. Thus far, the biggest news out of the conference relates to Google CEO Eric Schmidt’s comments about privacy, some of which appear to be causing a stir .

Among Schmidt’s comments:

“If I look at enough of your messaging and your location, and use Artificial Intelligence,” Schmidt said, “we can predict where you are going to go.”

“Show us 14 photos of yourself and we can identify who you are. You think you don’t have 14 photos of yourself on the internet? You’ve got Facebook photos! People will find it’s very useful to have devices that remember what you want to do, because you forgot…. But society isn’t ready for questions that will be raised as result of user-generated content.”

“The only way to manage this is true transparency and no anonymity,” Schmidt said. “In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it.”

The BBC reports that Schmidt was also “circumspect” on reports that Google and Verizon have made a deal regarding net neutrality, simply saying that Google has “been talking to Verizon for a long time about trying to get an agreement on what the definition of net neutrality is.”

News Bits

editor — Fri, 30 Jul 2010 16:28:30 +0000

The FCC has launched a new Help Center to help consumers learn about the agency’s work, file indecency complaints, and comment on FCC proceedings.
The FTC is searching for a browser-level way for consumers to opt out of online behavioral advertising. But no consensus on privacy emerged from the U.S. Senate Commerce Committee’s hearings this week regarding online privacy.
Goldman Sachs will begin monitoring employee e-mails for profanity.
The Guardian is displaying a map (powered by Google Maps) of lawsuits currently faced by Google.
Both Google and the US Intelligence Community are investing in the same startup, a company that monitors web activity in real time .
Startup Company of the Day: Flipboard.
U.S. Technology giants are lobbying the EU to streamline privacy rules in order to offer cloud computing services. Currently every EU nation has its own data-protection and retention rules.
A new class action lawsuit has been filed in federal court against several large media companies regarding their use of Quantcast’s Flash cookies a/k/a “zombie” cookies, technology used by many of the web’s top sites for a variety of purposes. The lawsuit alleges that the companies’ use of such cookies violated eavesdropping and hacking laws. The complaint is available here .
According to All Things Digital , Apple has yet to allow Time Inc. to sell and manage subscriptions for its iPad apps.

Chinese Search Engine Suit Proceeds Against Register.com

editor — Tue, 27 Jul 2010 16:07:21 +0000

A federal court will permit Baidu, Inc., a leading Chinese search engine company, to sue Register.com for gross negligence, recklessness, and breach of contract.

The lawsuit arose after a hacker took over Baidu’s Register.com account and interrupted its service for two days in January 2010. Among other things, the hacker redirected Baidu’s users to the Web site of the Iranian Cyber Army. Baidu claimed the hacker wrested control of Baidu’s account as a result of errors made by Register.com’s tech support Internet “chat” staff. According to the complaint: ”Although the Intruder gave the Rep an incorrect response to [a] security question, the Rep nonetheless proceeded with processing the Intruder’s request to change Baidu’s email address; [and] [w]hen the Intruder sent the Rep a bogus security code, the Rep did not notice that it was the wrong code, apparently because the Rep didn’t even bother to check it against the original security code.” The Intruder then allegedly changed the password and hacked into Baidu’s account. Baidu claimed injury to its reputation and business totaling “millions” of dollars.

Register.com moved to dismiss the complaint, asserting a “Limitation of Liability” clause from its Master Services Agreement with Baidu. Among other things, the clause provided that Register. com “will not be liable, under any circumstances, for any (a) termination, suspension, loss, or modification of … Services, (b) use of or the inability to use the Service(s), (c) interruption of business, (d) access delays or access interruptions to this site or a service ….”

Judge Denny Chin of the US District Court for the Southern District of New York held that Register’s contractual limitation of liability clause did not shield the company from allegations of gross negligence and willful misconduct. The Judge held that while limitation of liability clauses are generally enforceable, “an exculpatory agreement … will not exonerate a party from liability under all circumstances. Under announced public policy, it will not apply to exemption of willful or grossly negligent acts [citation omitted].” The opinion notes that if Baidu proves its allegations, “then Register failed to follow its own security protocols and essentially handed over control of Baidu’s account to an unauthorized Intruder….”

The judge ordered a pre-trial conference for August 11th.

FTC Extends COPPA Comments Deadline

shkim — Tue, 06 Jul 2010 19:13:41 +0000

The FTC has extended the deadline to submit comments in connection with its review of the Children’s Online Privacy Protection Act (COPPA) Rule. The Press Release regarding the extension is available here. The COPPA Rule requires that website operators notify parents and obtain their consent before collecting personal information from children under 13. Comments will be accepted until July 12, 2010, and may be submitted using this comment form. You can also view public comments on this site.

FTC Settles Charges Against Twitter

editor — Mon, 28 Jun 2010 21:03:45 +0000

If you promise customers that their personal information is secure, you had better deliver on that promise. That is the message of last week’s settlement between the FTC and Twitter — the FTC’s first case against a social networking service. It’s a message the FTC has sent to industry before.

The matter arose when hackers twice secured administrative control of Twitter in early 2009. (How? In one case, an automated password-guessing tool smoked out the administrative password – ”a weak, lowercase, letter-only, common dictionary word,” according to the complaint.) The breach led to a series of phony tweets from a number of user accounts — including one from then President-elect Obama. Hackers also reviewed non-public user information.

Under the settlement, Twitter agreed, for 20 years, to ”not misrepresent in any manner, expressly or by implication, the extent to which [it] maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information, including … misrepresentations related to its security measures to: (a) prevent unauthorized access to
nonpublic consumer information; or (b) honor the privacy choices exercised by users.”

Twitter also agreed to create ”a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of nonpublic consumer information.” Twitter promised to undergo independent third-party information security audits every other year for 10 years.

Twitter, home to more than 55 million messages each day, is a key platform for both marketers and individuals. On its blog, the company claims to have implemented many of the FTC’s suggested changes already.

Viacom v. YouTube and Google

editor — Fri, 25 Jun 2010 20:21:10 +0000

We reviewed Judge Stanton’s comprehensive decision in this closely watched case. If upheld on appeal, it’s a victory not only for YouTube and Google, but for all Internet service providers (ISPs).

If you haven’t followed the case, Viacom had sued Google and YouTube for intentional and contributory copyright infringement, alleging “tens of thousands of videos on YouTube … were taken unlawfully from Viacom’s copyrighted works without authorization.” In defense, Google and YouTube asserted DMCA section 512. This so-called ”safe harbor” limits ISP liability for copyright infringement in certain situations. Whether defendants in copyright cases enjoy the limitation of liability is based on, among other things, their knowledge of — and response to – infringing activity on their service of which they become aware.

According to the decision, Viacom argued that Google and YouTube had “‘actual knowledge’ and were ‘aware of facts or circumstances from which infringing activity [was] apparent,’ but failed to do anything about it.” This knowledge, according to Viacom, was sufficient to eviscerate the “safe harbor.” Google and YouTube claimed they had insufficient notice, under the DMCA, of infringing activities.

About Google and YouTube the decision noted that “a jury could find that the defendants not only were generally aware of, but welcomed, copyright-infringing material being placed on their website.” But the defendants also labored to comply with the DMCA, and the court found that “it is uncontroverted that all the [infringing] clips in suit are off the YouTube website, most having been removed in response to DMCA takedown notices.”

Viacom argued the defendants’ “general awareness” of infringements on their site required them to determine which specific postings infringed. At bottom, then, the case was about whether general knowledge of ubiquitous infringing activity would be sufficient to take Google and YouTube out of the protection of the “safe harbor.” Much was at stake, not only for the parties battling here, but for any ISP whose business model relies on the protection of the DMCA.

After quoting — for eight full pages — the legislative history undergirding the DMCA, the court held that the DMCA ”safe harbor” insulated Google and YouTube from liability for infringement in this case: “The tenor of the [legislative history] is that the phrases “actual knowledge that the material or an activity” is infringing, and “facts or circumstances” indicating infringing activity, describe knowledge of specific and identifiable infringements of particular individual items. Mere knowledge of prevalence of such activity in general is not enough (emphasis added).” The court also took refuge in the fact that “the infringing works in suit may be a small fraction of millions of works posted by others on the service’s platform….” In sum, the court refused to shift the burden of policing copyright infringement to Google and YouTube.

Viacom has reportedly promised to appeal. We will continue to follow the case and report.

Court Dismisses Viacom Copyright Suit Against Google/YouTube

editor — Wed, 23 Jun 2010 21:37:44 +0000

There’s big news in the CyberLaw world today. The Associated Press is reporting that a federal court in New York has dismissed Viacom’s $1 billion copyright suit against Google and YouTube. It appears the defendants’ Digital Millennium Copyright Act sec. 512 safe-harbor defense carried the day. We are reading the 30 page decision by Southern District Judge Louis Stanton now. More to come.

FTC Posts Endorsement Guide FAQs

editor — Wed, 23 Jun 2010 18:17:12 +0000

Yesterday, the Federal Trade Commission released answers to frequently asked questions about its Guides Concerning the Use of Endorsements and Testimonials in Advertising. These FAQs provide helpful additional guidance regarding the FTC’s revisions to the Guides. Key issues addressed by the FAQs include:

The FTC reemphasized its concern that when free products are provided to bloggers, it often creates a material connection between the blogger and the advertiser that requires disclosure;
While the FTC believes that there should generally be disclosure when free products have been provided to bloggers and others posting content on social media pages, the FTC does not think that additional disclosure is generally required in traditional media or websites with similar content;
Even if an individual’s Facebook page identifies his or her affiliation with a company, the FTC recommends that the individual still disclose the affiliation whenever talking about the company’s products;
If a celebrity is a well-known spokesperson for a product, the celebrity should nevertheless disclose his or her relationship with the advertiser when posting content about the product if a significant number of the readers are not aware of the affiliation;
The FTC believes that a single disclosure on a home page that products discussed on the site are provided for free, or a button that says “Disclosure” or “Legal,” is not sufficient to inform readers about a connection between the writer and the advertiser;
On Twitter, disclosures such as “#paid ad” or even “#paid” or “#ad” may be effective; and
Advertisers should have reasonable programs in place to train and monitor members of their social media marketing networks, including explaining what can and cannot be said about their products.

In addition, the FTC has produced several video clips discussing some of the issues in more detail.

– Jeffrey Greenbaum and Jason Kessler