On April 28, 2005, New York’s Attorney General sued Intermix Media—a major Internet marketer based in Los Angeles, claiming “spyware” and “adware” were secretly installed, which, among other things, can redirect browsers to unwanted websites, can add toolbar functions and icons, and distribute ads that pop up on your monitor. The suit alleges violation of New York State General Business Law provisions against false advertising and deceptive business practices, and also alleges trespass under New York common law. Intermix’ software would download, install and then direct advertising to computers based on user activity—often without notice and without an uninstall application—when a user visited a website, played a game or downloaded a screen saver. The Attorney General’s office claims that the lengthy licensing agreement purporting to seek permission, even when used, is misleading or inaccurate.
As we mentioned in last month’s issue, sweepstakes, contests and promotions are primarily regulated by state law, although federal statutes and regulations must be considered. Jurisdiction and eligibility across borders, language, currency restrictions, licensing and export of technology, liability, billing and payment, whether a deposit to play might be construed an account for banking purposes, or whether gathering non-public, personally identifiable information about contestants may have privacy implications, are just a few of the issues that transcend the “gaming” aspects of any legal analysis.
On the U.S. federal level, although the FTC can take regulatory action and sue advertisers for deceptive or unfair acts and practices, it relies heavily on the states to regulate the industry. The FTC has, however, promulgated rules that do have significant impact on promotions. For example, the Children’s Online Privacy Protection Act (“COPPA”) was enacted to protect children from marketers who collect or use personal information obtained online from under-age children without parental permission, and authorized the FTC to develop a rule that requires “verifiable parental consent.” Because contests are extremely popular for Internet marketing, online advertisers must be cognizant of COPPA if a portion of their online traffic is, or is likely to be, children under the age of 13.
To illustrate the maze of legal and regulatory issues, let’s use an example: Joe’s Airline, Widget and Screen Door Company wants to conduct a contest on the Internet in which participants are charged $2 to play successive rounds of chess, with prizes at various levels and a grand prize of a million dollars. Our promotion is really a unilateral offer to enter into a contract, subject to terms and conditions (e.g., rules) agreed upon through some manifestation of acceptance. Participants accept the offer by performing a required act—registering, paying, selecting an “I ACCEPT” link—and a binding contract is formed. Point number 1: if Joe fails to adequately disclose the rules upon which the offer is made, the promotion could be construed as an illegal lottery, rather than a contest. Point number 2: Joe better get the rules right and disclose them properly because there are cases which indicate once a participant enters (“accepts”), Joe cannot change the rules (i.e., unilaterally amend the contract). Something to think about: Could each chess game be viewed as a new contest, permitting amendments prospectively?
In general, to qualify as a contest, skill, and not chance, must determine the outcome, and chance may not determine the winner or prize amount. Most, but not all, state laws distinguish games of skill from games of chance, although states do not use a uniform standard to differentiate between the two. While some states prohibit requiring consideration to engage in a promotion where a prize is awarded, most states do not prohibit the payment of money if the promotion is a bona fide contest of skill. What constitutes skill? Good question. The decision is often a question of fact, and when the Internet is involved, evidence can be complex and technology-based, straining judges and juries. Two criminal courts in New York judging the legality of a shell game and a card game reached opposite conclusions.
A number of states have disclosure statutes which apply. Some (e.g., California) arguably apply to skill-based contests, while others do not. Many prize notification statutes were not intended to apply to skill contests, but are worded broadly to include any promotion requiring an entry fee or a purchase. Joe should also be aware that some state gambling laws do not limit their application to games of chance, but focus on whether players are asked to risk or wager something of value. In those states, a skill-based contest that involves betting or offers prizes dependent on the number of entries or the amount of entry fees should be reviewed carefully against state gambling laws. Remember the three elements that constitute an illegal lottery? A prize, consideration and chance. By including an equal and alternate means of entry in which there is “no purchase necessary” to enter or win, and by avoiding a payment (i.e., consideration), Joe can introduce the element of chance in the determination of the winner and not be in violation of federal or state law.
Shareholders are suing ChoicePoint and its executives after learning that criminals posing as bona fide businesses were given access to personal data. ChoicePoint maintains databases of background information on almost every citizen in the United States—billions of records. A class-action lawsuit has been filed in California charging that executives withheld information to avoid having the stock price fall when and if the news broke: the share price has since fallen more than 20 percent in a month. The suit claims the executives knew their data protection was inadequate; knew or should have known ChoicePoint was selling data to illegal businesses; and that security breaches had occurred previously, exposing even more people to identity theft.
The security breach was uncovered last October, when law enforcement first contacted ChoicePoint investigating an identity theft. Suspects, posing as a ChoicePoint client, gained access to its consumer databases. As if the class action and drop in share price were not trouble enough, ChoicePoint is under investigation by the FTC inquiring into its compliance with information security laws; is under investigation by the SEC for possible violations by certain executives of the insider trading regulations; and is facing lawsuits arising from violations of the Fair Credit Reporting Act and California state law. Will someone please pick up and read the February 2004 issue of Legal Bytes!?!
Marketing and promotional experts already know that with rare exceptions (e.g., the government), lotteries are illegal. An illegal lottery is a game or contest in which the outcome is determined by chance, the entry requires some form of consideration, and the winner is awarded a prize. Over the years, these three elements have been the subject of scrutiny, regulatory opinion and judicial decision. Although interpretive rules are not cast in concrete, a prize can be nominal in value; consideration can take the form of visiting a store or filling out a lengthy customer survey; and, if chance plays a material factor in determining the outcome, no amount of skill in any of the other elements of the promotion will save the day.
Marketing and promotional experts use “no purchase necessary” or “free alternate means of entry” as tools to avoid consideration—in general, promotions with a freely available alternate means to enter may be based on chance and may have a prize. Some promotions involve skill—eliminating chance. Shooting a hole in one at golf or solving a mathematical puzzle are examples of skill-based contests. Of course, the skill must be bona fide—guessing the number of beans in a jar is not a real skill, no matter how good one becomes at guessing.
Against this backdrop, advertisers, eager to get their message in front of consumers, are finding life increasingly difficult. Have you noticed increased advertising in movie theatres, outdoor signage or on uniforms of your favorite sports figures? Distribution technology and storage and recording media have given us the ability to fast-forward or avoid viewing messages that previously required you to physically leave the room or change the channel! Hmmm…so people are spending more time on the Internet—browsing, surfing—how about advertising there?
Well things seemed to be looking up for advertisers—cookies, pop-up ads, banners, above and below the fold advertising, mass commercial e-mail. Seemed like technology was coming to the rescue. But, enter their legal and technical counterparts—cookie disablers, pop-up blockers, spy-ware and ad-ware detection programs, SPAM and other filters, coupled with legislation and regulation over intrusive technologies or programs that invade privacy or transmit information without consent. Getting the message across is still getting tougher.
One approach is the increased use of “product placement”—insertion of branded products into actual programming “content.” Branded products become part of the action—someone is drinking a beverage, driving a car, using a computer—all branded. One of the most interesting developments in the world of product placement is taking place in interactive gaming. Interactive games require players to sit, often for hours, staring at a screen, paying close attention to the game. Background, backdrop, even music, contribute to making games realistic and become music to the ears of advertisers targeting a captive audience.
Can interactive, Internet-based games require a participant to pay to enter and participate—online “pay-to-play” games—and provide the winner cash or prizes? Here’s how such a game is typically structured: the participant downloads licensed programming for installation on his or her computer—the platform from which instructions and controls are transmitted. When combined with instructions and controls from team members or opposing players, the programming allows the game to be played. To enhance the gaming experience (and also to bolster the argument these are predominantly skill-based, not based on chance) many gaming platforms have sophisticated mechanisms to rate players and provide “matches” of comparable skill. Assuming games are skill-based, many (but not all) jurisdictions permit the payment of cash to play and the award of a prize. In some jurisdictions (but not all), the prize can even be derived from the number of players and the amounts paid by the participants. Check with Rimon before making any assumptions.
Regulation of Internet contests in the United States falls into four broad legal categories: (a) regulation of sweepstakes, contests and prizes; (b) regulation of unfair and deceptive trade practices; (c) regulation of gambling; and (d) consumer protection. We will turn to a more comprehensive legal review in next month’s issue, but we will tell you that if your game attracts children, you had better ensure there are mechanisms enabling you to comply with special regulations that apply. These are not limited to issues involving the age of majority and the ability of participants to legally enter into binding contracts (e.g., Alabama and Nebraska = 19; Mississippi and Puerto Rico = 21). Compliance with the Children’s Online Privacy Protection Act (“COPPA,” not to be confused with COPA or Copacabana—anyone still reading?), considerations of parental consent, propriety of content and a host of other regulations and legal considerations, come to mind.
Stay tuned for next month’s issue to find out more about these legal issues.
In what may be the largest judgment in a suit against spammers so far, a company that offers subscribers an e-mail service in Iowa has been awarded more than a billion dollars by a federal judge; the allegations were that the company’s servers were inundated with as many as 10 million spam e-mails a day. The judgments were obtained under the Federal Racketeer Influenced and Corrupt Organizations Act (“RICO”) and the Iowa Ongoing Criminal Conduct Act. Iowa law allows damage claims of $10 per spam message and were tripled under RICO. Not particularly surprising, no attorneys for the defendants were present during a bench trial in November and the judgments were entered by default.
No longer merely the source of new fashion trends or technology movements (or McDonald’s), California is quickly becoming the thought leader in protecting consumer privacy. Two new laws, one which deals with personal information given to third parties for marketing (SB27) and another which obligates businesses to adhere to certain security requirements for using and storing personal information, both came into effect January 1, 2005. The new law requires businesses with 20 or more employees to give consumers detailed disclosures about not only what customer information they have shared with third parties, but also the contact information for and descriptions of those parties. Want to avoid the disclosure obligations? Simple. Allow your customers a free opt-out election from having their personal information shared. That said, you will still have to let your customers know how and to whom they can inquire about these requirements – even if your business offers the opt-out choice to consumers. By the way, if you are already subject to the stricter requirements of California’s financial privacy act, you are exempt. While there are some additional exemptions, they are narrow, and anyone doing business in California shouldn’t be too quick to conclude they are exempt without consulting legal counsel. California’s Office of Privacy Protection has drafted a set of recommended practices which attempts to harmonize the requirements of this new act with the California online privacy act, the state’s financial privacy provisions, the federal Gramm-Leach-Bliley Act, HIPAA, and European Union privacy directives. Good luck.
Do you or your contractors have sensitive personal information (e.g., names and addresses in combination with social security numbers and PIN numbers) that could lead to identity or financial theft if compromised? What about medical information about a person’s diagnosis and treatment? Start ensuring you have “reasonable” practices to protect that information from unauthorized access, use, modification and disclosure—and it doesn’t matter if the information is on paper or in electronic form. Both are covered. While the legislative history makes it clear that no one particular standard is “the standard” for “reasonable” security, a company will need to designate a specific individual who is responsible for the company’s security program, and will need to establish a security task force—including a compliance officer and legal counsel. To avoid running afoul of the standards, not only must practices and a task force be implemented, but companies will also have to demonstrate they periodically test and monitor how the security measures are working, make risk assessment, and fine-tune their security measures to keep them updated appropriately. Need employee training? Need help implementing background checks, confidentiality agreements, encryption and record retention/destruction requirements, and disciplinary measures? Call the lawyers at Rimon. We can help.
Remember California’s security breach notification law (we told you about this and you get another prize if you can identify the back-issue in which we did so)? That law requires businesses to disclose security lapses. This new law creates a new duty and standard of care. Lawsuits arising from breaches in security (you remember California’s Business and Professions Code section 17200) can now use AB1950 as a discovery prod to determine if your business has used and effectively maintains reasonable security measures.
Consider this: California has already passed more than a dozen laws to protect privacy—many of which have now spawned federal legislation, some already passed and others in process. SB186 bans unsolicited e-mail and AB1769 bans text messaging advertisements to cell phones and pagers. AB1733 mandates consent from customers before a wireless carrier can list their phone numbers in a 411 directory, and SB1436 restricts keystroke monitoring software, website tracking software, and software that attempts to control personal computers.
A federal Judge in New York State has altered the conditions that apply to the release program of a convicted child sex offender, restricting the individual’s access to the Internet. The judge ruled the use of the Internet, to find and lure victims, was such an integral part of the man’s crimes, that a ban on using the Internet is appropriate—even though his supervised work release job is computer programming. When this issue has previously been presented to a federal court in New York, Internet restrictions have been overturned. Here the judge distinguished those cases by noting that in this instance the offender had used the Internet to search for and attract new victims. Technology also played a role in this decision. Because of software incompatibilities, probation officials couldn’t monitor the individual at work. Because the employer develops software for cellular telephones, the employer was concerned about liability if a third-party is permitted to monitor the computer systems. Will this hold up? It is being appealed. Who knows? It again highlights how pervasive the Internet has become and how difficult questions continue to arise at the intersection of law and technology.
In what is being hailed as a major victory for VoIP, the Federal Communications Commission ruled that some state telecommunications regulations do not apply to providers of “voice over IP” services, and ruled that states are barred from imposing telecommunications regulations on Internet phone service providers. The FCC clearly indicated that existing regulations which rely on where a call originates and terminates (“geography-based”)—relevant when the original laws and regulations were written—are increasingly irrelevant today. The decision calls into question the validity of numerous state regulations which conflict with the Commission’s policies and regulations, but the hard work is yet to come—the FCC still must draft rules for services that rely on the “Internet Protocol,” the backbone of the Internet’s infrastructure. The Commission also did not address whether cable service providers were or were not covered by this ruling. Dozens of states are currently trying to regulate voice over IP, nervous that revenues from telecommunications taxes will diminish as businesses and consumers migrate their voice traffic to the unregulated Internet, although the FCC’s ruling does not diminish the power of state to enact and enforce consumer protection laws for the benefit of their citizens. Taxation and other regulation, however, may be a different matter.
In an attempt to lure film and television production back to New York from cheaper or more tax-advantaged locations such as Canada and Europe where they have been headed in recent years, New York has passed a bill offering tax cuts to benefit films and television shows produced in New York, although the bill does not extend to commercial productions. The Empire State Film Production Credit Program, signed into law on September 28, provides a tax credit for 10 percent of the production costs of feature films and episodic television programs produced by companies that spend 75 percent or more of their facility-related production costs at a qualifying production facility within New York. The law also allows New York City to offer additional incentives, including a 5 percent tax credit on projects, credits for outdoor media marketing, and assistance with story development, scouting, vendor discounts and consulting.
In a related development, the UK has enacted new permanent and more generous tax relief for small British films to replace the old Section 48 relief, which is scheduled to expire in July 2005. The new tax relief applies to 100 percent of a film’s UK production and raises the “small” film budget for qualifying purposes from £15m to £20m. Qualifying films will be entitled to government subsidies worth up to £4m per film under the new law, and film productions with budgets of up to £20m will receive a tax waiver on their production costs, including overseas costs—subject to the condition that the film actually makes a profit. The government subsidies, worth up to 20 percent of the film’s budget, will be paid directly to the producers on completion of the film. Under current Section 48 regulations, subsidies went to third parties who funded the films. Now they will be paid directly to the film makers.
The British tax relief announcement comes on the heels of a recent (February 10, 2004) clamp-down on some of the UK’s largest tax equity film funds. Set up as sale-and-leaseback deals, these funds allowed British investors to acquire marketing rights to studio films in Britain, the United States and Canada, and enabled investors to write off the cost as an upfront tax loss and lease the films back to the studios for periodic payments over 15 or 20 years. The deals often provided an option for a studio buy-out after a shorter period of time, but those exit strategies were banned by the UK’s Inland Revenue in what has come to be referred to in the film industry as “Black Tuesday.” On that day, the Inland Revenue issued a tax rule change closing a loophole that allowed these funds to operate outside the existing Section 48 film tax break and permitted claiming production costs as tax losses. As if intent on delivering a one-two punch, in March the UK followed this with a prohibition against print and advertising funds that were bankrolling distribution of features from some of the major motion picture studios.
Critics point out that the consequences of these bans could be a dramatic decrease in films produced and shot in the UK, already reeling from a strong pound sterling and increased competition for film financing. We can only assume the newly announced Section 48 incentives, with its direct production credits and other attributes, scheduled to take effect in July 2005 when the current scheme expires, are intended to attempt to repair some of the tax damage done. Combining our poor sense of humor, film and legal expertise, we can only say, “The jury is still out; stay tuned: film at 11:00”!
Most of you know “spyware” as pesky programs that install themselves on your computer – often tacked on to programs you intend to install – that do everything from tracking online browsing habits to stealing passwords and getting at sensitive data on your computer. But what about those programs that automatically download and patch your software or update your anti-virus definitions, or cookies that enable sites you visit to recognize you and customize your experience? Of course, you have also heard of “adware” -programs that trigger the delivery of online advertising (did I say pop-ups?) that target consumer preferences and activities.
Confused by the distinctions and attempts to sort out the definitions? There is clearly a legislative drive to prohibit programs from being installed on consumers’ computers without consent or knowledge and at least three spyware bills are winding their way through the U.S. Congress. Although it is unlikely a bill could reconcile the differences and reach the President for signature this session, there is clearly impetus to “do something,” and interests on all sides are lining up to shape the contours of legislation so as not to do away with all those “good” programs!
Confused about the definitions or worried Congress might get it wrong—or just wondering who cares? Pay attention. Much of the utility and appeal of the Internet is interactivity. Browsers and websites interact. Navigational tools and features which make browsing more efficient, reduce time, and provide a more customized – thus more useful—experience, are based on useful programs working in the background and which are helpful and desirable, if properly used—”properly” being the operative issue. If worded too broadly, legislation could prohibit tools that make sense. Imagine every advertiser, website owner, merchant and search engine being required go to every user with a new consent (“opt-in”) form! How will legislation be enforced if the website owner is in another jurisdiction? Need to follow this issue? Want to know more? Want to your voice heard? Call Rimon—we can help.