In February, in the Circuit Court in Miller County, Arkansas, some plaintiffs—led by Lane’s Gifts, an Arkansas retailer—sued Google, Yahoo!, Time Warner, Disney, and Ask Jeeves, among other Internet companies, alleging that these companies knowingly overcharged for the advertising they sold and that they conspired with each other in doing so! The plaintiffs now want the suit certified as a class action which relates to the growing problem of “click fraud” a practice our very own litigator and legal guru Peter Raymond knows and has spoken about. Clicking ads or even automating the click-throughs—in some cases by competitors—can illegally run up the advertising charges, and analysts estimate these can increase by more than 15 percent because of such fraud.
In a decision sure to be appealed but hailed as groundbreaking, the New York Court of Appeals, on April 5, 2005, held that rights to performances recorded before 1972 are protected under state common law, even after they have been put on the market. The ruling extends, until 2067, common law copyright protection for recorded music to companies that own rights to pre-1972 recorded performances. They can now prevent others from releasing their own versions. Since Congress did not extend statutory protection to recordings created before February 15, 1972, the court held there is common-law copyright protection in New York for sound recordings made prior to that date (i.e., since sound recordings made before 1972 are not covered by the federal copyright act, common law protection remains in place). In this case, Capitol’s claim against Naxos (who had remastered the recordings and began selling CDs) for infringement of common-law copyright in the original recordings was upheld. Common-law copyright traditionally has protected only unpublished works, but the New York holding concludes that the musical performances were unpublished, even though commercially sold to the public for decades. Go figure.
On April 28, 2005, New York’s Attorney General sued Intermix Media—a major Internet marketer based in Los Angeles, claiming “spyware” and “adware” were secretly installed, which, among other things, can redirect browsers to unwanted websites, can add toolbar functions and icons, and distribute ads that pop up on your monitor. The suit alleges violation of New York State General Business Law provisions against false advertising and deceptive business practices, and also alleges trespass under New York common law. Intermix’ software would download, install and then direct advertising to computers based on user activity—often without notice and without an uninstall application—when a user visited a website, played a game or downloaded a screen saver. The Attorney General’s office claims that the lengthy licensing agreement purporting to seek permission, even when used, is misleading or inaccurate.
As we mentioned in last month’s issue, sweepstakes, contests and promotions are primarily regulated by state law, although federal statutes and regulations must be considered. Jurisdiction and eligibility across borders, language, currency restrictions, licensing and export of technology, liability, billing and payment, whether a deposit to play might be construed an account for banking purposes, or whether gathering non-public, personally identifiable information about contestants may have privacy implications, are just a few of the issues that transcend the “gaming” aspects of any legal analysis.
On the U.S. federal level, although the FTC can take regulatory action and sue advertisers for deceptive or unfair acts and practices, it relies heavily on the states to regulate the industry. The FTC has, however, promulgated rules that do have significant impact on promotions. For example, the Children’s Online Privacy Protection Act (“COPPA”) was enacted to protect children from marketers who collect or use personal information obtained online from under-age children without parental permission, and authorized the FTC to develop a rule that requires “verifiable parental consent.” Because contests are extremely popular for Internet marketing, online advertisers must be cognizant of COPPA if a portion of their online traffic is, or is likely to be, children under the age of 13.
To illustrate the maze of legal and regulatory issues, let’s use an example: Joe’s Airline, Widget and Screen Door Company wants to conduct a contest on the Internet in which participants are charged $2 to play successive rounds of chess, with prizes at various levels and a grand prize of a million dollars. Our promotion is really a unilateral offer to enter into a contract, subject to terms and conditions (e.g., rules) agreed upon through some manifestation of acceptance. Participants accept the offer by performing a required act—registering, paying, selecting an “I ACCEPT” link—and a binding contract is formed. Point number 1: if Joe fails to adequately disclose the rules upon which the offer is made, the promotion could be construed as an illegal lottery, rather than a contest. Point number 2: Joe better get the rules right and disclose them properly because there are cases which indicate once a participant enters (“accepts”), Joe cannot change the rules (i.e., unilaterally amend the contract). Something to think about: Could each chess game be viewed as a new contest, permitting amendments prospectively?
In general, to qualify as a contest, skill, and not chance, must determine the outcome, and chance may not determine the winner or prize amount. Most, but not all, state laws distinguish games of skill from games of chance, although states do not use a uniform standard to differentiate between the two. While some states prohibit requiring consideration to engage in a promotion where a prize is awarded, most states do not prohibit the payment of money if the promotion is a bona fide contest of skill. What constitutes skill? Good question. The decision is often a question of fact, and when the Internet is involved, evidence can be complex and technology-based, straining judges and juries. Two criminal courts in New York judging the legality of a shell game and a card game reached opposite conclusions.
A number of states have disclosure statutes which apply. Some (e.g., California) arguably apply to skill-based contests, while others do not. Many prize notification statutes were not intended to apply to skill contests, but are worded broadly to include any promotion requiring an entry fee or a purchase. Joe should also be aware that some state gambling laws do not limit their application to games of chance, but focus on whether players are asked to risk or wager something of value. In those states, a skill-based contest that involves betting or offers prizes dependent on the number of entries or the amount of entry fees should be reviewed carefully against state gambling laws. Remember the three elements that constitute an illegal lottery? A prize, consideration and chance. By including an equal and alternate means of entry in which there is “no purchase necessary” to enter or win, and by avoiding a payment (i.e., consideration), Joe can introduce the element of chance in the determination of the winner and not be in violation of federal or state law.
Shareholders are suing ChoicePoint and its executives after learning that criminals posing as bona fide businesses were given access to personal data. ChoicePoint maintains databases of background information on almost every citizen in the United States—billions of records. A class-action lawsuit has been filed in California charging that executives withheld information to avoid having the stock price fall when and if the news broke: the share price has since fallen more than 20 percent in a month. The suit claims the executives knew their data protection was inadequate; knew or should have known ChoicePoint was selling data to illegal businesses; and that security breaches had occurred previously, exposing even more people to identity theft.
The security breach was uncovered last October, when law enforcement first contacted ChoicePoint investigating an identity theft. Suspects, posing as a ChoicePoint client, gained access to its consumer databases. As if the class action and drop in share price were not trouble enough, ChoicePoint is under investigation by the FTC inquiring into its compliance with information security laws; is under investigation by the SEC for possible violations by certain executives of the insider trading regulations; and is facing lawsuits arising from violations of the Fair Credit Reporting Act and California state law. Will someone please pick up and read the February 2004 issue of Legal Bytes!?!
Marketing and promotional experts already know that with rare exceptions (e.g., the government), lotteries are illegal. An illegal lottery is a game or contest in which the outcome is determined by chance, the entry requires some form of consideration, and the winner is awarded a prize. Over the years, these three elements have been the subject of scrutiny, regulatory opinion and judicial decision. Although interpretive rules are not cast in concrete, a prize can be nominal in value; consideration can take the form of visiting a store or filling out a lengthy customer survey; and, if chance plays a material factor in determining the outcome, no amount of skill in any of the other elements of the promotion will save the day.
Marketing and promotional experts use “no purchase necessary” or “free alternate means of entry” as tools to avoid consideration—in general, promotions with a freely available alternate means to enter may be based on chance and may have a prize. Some promotions involve skill—eliminating chance. Shooting a hole in one at golf or solving a mathematical puzzle are examples of skill-based contests. Of course, the skill must be bona fide—guessing the number of beans in a jar is not a real skill, no matter how good one becomes at guessing.
Against this backdrop, advertisers, eager to get their message in front of consumers, are finding life increasingly difficult. Have you noticed increased advertising in movie theatres, outdoor signage or on uniforms of your favorite sports figures? Distribution technology and storage and recording media have given us the ability to fast-forward or avoid viewing messages that previously required you to physically leave the room or change the channel! Hmmm…so people are spending more time on the Internet—browsing, surfing—how about advertising there?
Well things seemed to be looking up for advertisers—cookies, pop-up ads, banners, above and below the fold advertising, mass commercial e-mail. Seemed like technology was coming to the rescue. But, enter their legal and technical counterparts—cookie disablers, pop-up blockers, spy-ware and ad-ware detection programs, SPAM and other filters, coupled with legislation and regulation over intrusive technologies or programs that invade privacy or transmit information without consent. Getting the message across is still getting tougher.
One approach is the increased use of “product placement”—insertion of branded products into actual programming “content.” Branded products become part of the action—someone is drinking a beverage, driving a car, using a computer—all branded. One of the most interesting developments in the world of product placement is taking place in interactive gaming. Interactive games require players to sit, often for hours, staring at a screen, paying close attention to the game. Background, backdrop, even music, contribute to making games realistic and become music to the ears of advertisers targeting a captive audience.
Can interactive, Internet-based games require a participant to pay to enter and participate—online “pay-to-play” games—and provide the winner cash or prizes? Here’s how such a game is typically structured: the participant downloads licensed programming for installation on his or her computer—the platform from which instructions and controls are transmitted. When combined with instructions and controls from team members or opposing players, the programming allows the game to be played. To enhance the gaming experience (and also to bolster the argument these are predominantly skill-based, not based on chance) many gaming platforms have sophisticated mechanisms to rate players and provide “matches” of comparable skill. Assuming games are skill-based, many (but not all) jurisdictions permit the payment of cash to play and the award of a prize. In some jurisdictions (but not all), the prize can even be derived from the number of players and the amounts paid by the participants. Check with Rimon before making any assumptions.
Regulation of Internet contests in the United States falls into four broad legal categories: (a) regulation of sweepstakes, contests and prizes; (b) regulation of unfair and deceptive trade practices; (c) regulation of gambling; and (d) consumer protection. We will turn to a more comprehensive legal review in next month’s issue, but we will tell you that if your game attracts children, you had better ensure there are mechanisms enabling you to comply with special regulations that apply. These are not limited to issues involving the age of majority and the ability of participants to legally enter into binding contracts (e.g., Alabama and Nebraska = 19; Mississippi and Puerto Rico = 21). Compliance with the Children’s Online Privacy Protection Act (“COPPA,” not to be confused with COPA or Copacabana—anyone still reading?), considerations of parental consent, propriety of content and a host of other regulations and legal considerations, come to mind.
Stay tuned for next month’s issue to find out more about these legal issues.
In what may be the largest judgment in a suit against spammers so far, a company that offers subscribers an e-mail service in Iowa has been awarded more than a billion dollars by a federal judge; the allegations were that the company’s servers were inundated with as many as 10 million spam e-mails a day. The judgments were obtained under the Federal Racketeer Influenced and Corrupt Organizations Act (“RICO”) and the Iowa Ongoing Criminal Conduct Act. Iowa law allows damage claims of $10 per spam message and were tripled under RICO. Not particularly surprising, no attorneys for the defendants were present during a bench trial in November and the judgments were entered by default.
No longer merely the source of new fashion trends or technology movements (or McDonald’s), California is quickly becoming the thought leader in protecting consumer privacy. Two new laws, one which deals with personal information given to third parties for marketing (SB27) and another which obligates businesses to adhere to certain security requirements for using and storing personal information, both came into effect January 1, 2005. The new law requires businesses with 20 or more employees to give consumers detailed disclosures about not only what customer information they have shared with third parties, but also the contact information for and descriptions of those parties. Want to avoid the disclosure obligations? Simple. Allow your customers a free opt-out election from having their personal information shared. That said, you will still have to let your customers know how and to whom they can inquire about these requirements – even if your business offers the opt-out choice to consumers. By the way, if you are already subject to the stricter requirements of California’s financial privacy act, you are exempt. While there are some additional exemptions, they are narrow, and anyone doing business in California shouldn’t be too quick to conclude they are exempt without consulting legal counsel. California’s Office of Privacy Protection has drafted a set of recommended practices which attempts to harmonize the requirements of this new act with the California online privacy act, the state’s financial privacy provisions, the federal Gramm-Leach-Bliley Act, HIPAA, and European Union privacy directives. Good luck.
Do you or your contractors have sensitive personal information (e.g., names and addresses in combination with social security numbers and PIN numbers) that could lead to identity or financial theft if compromised? What about medical information about a person’s diagnosis and treatment? Start ensuring you have “reasonable” practices to protect that information from unauthorized access, use, modification and disclosure—and it doesn’t matter if the information is on paper or in electronic form. Both are covered. While the legislative history makes it clear that no one particular standard is “the standard” for “reasonable” security, a company will need to designate a specific individual who is responsible for the company’s security program, and will need to establish a security task force—including a compliance officer and legal counsel. To avoid running afoul of the standards, not only must practices and a task force be implemented, but companies will also have to demonstrate they periodically test and monitor how the security measures are working, make risk assessment, and fine-tune their security measures to keep them updated appropriately. Need employee training? Need help implementing background checks, confidentiality agreements, encryption and record retention/destruction requirements, and disciplinary measures? Call the lawyers at Rimon. We can help.
Remember California’s security breach notification law (we told you about this and you get another prize if you can identify the back-issue in which we did so)? That law requires businesses to disclose security lapses. This new law creates a new duty and standard of care. Lawsuits arising from breaches in security (you remember California’s Business and Professions Code section 17200) can now use AB1950 as a discovery prod to determine if your business has used and effectively maintains reasonable security measures.
Consider this: California has already passed more than a dozen laws to protect privacy—many of which have now spawned federal legislation, some already passed and others in process. SB186 bans unsolicited e-mail and AB1769 bans text messaging advertisements to cell phones and pagers. AB1733 mandates consent from customers before a wireless carrier can list their phone numbers in a 411 directory, and SB1436 restricts keystroke monitoring software, website tracking software, and software that attempts to control personal computers.
A federal Judge in New York State has altered the conditions that apply to the release program of a convicted child sex offender, restricting the individual’s access to the Internet. The judge ruled the use of the Internet, to find and lure victims, was such an integral part of the man’s crimes, that a ban on using the Internet is appropriate—even though his supervised work release job is computer programming. When this issue has previously been presented to a federal court in New York, Internet restrictions have been overturned. Here the judge distinguished those cases by noting that in this instance the offender had used the Internet to search for and attract new victims. Technology also played a role in this decision. Because of software incompatibilities, probation officials couldn’t monitor the individual at work. Because the employer develops software for cellular telephones, the employer was concerned about liability if a third-party is permitted to monitor the computer systems. Will this hold up? It is being appealed. Who knows? It again highlights how pervasive the Internet has become and how difficult questions continue to arise at the intersection of law and technology.
In what is being hailed as a major victory for VoIP, the Federal Communications Commission ruled that some state telecommunications regulations do not apply to providers of “voice over IP” services, and ruled that states are barred from imposing telecommunications regulations on Internet phone service providers. The FCC clearly indicated that existing regulations which rely on where a call originates and terminates (“geography-based”)—relevant when the original laws and regulations were written—are increasingly irrelevant today. The decision calls into question the validity of numerous state regulations which conflict with the Commission’s policies and regulations, but the hard work is yet to come—the FCC still must draft rules for services that rely on the “Internet Protocol,” the backbone of the Internet’s infrastructure. The Commission also did not address whether cable service providers were or were not covered by this ruling. Dozens of states are currently trying to regulate voice over IP, nervous that revenues from telecommunications taxes will diminish as businesses and consumers migrate their voice traffic to the unregulated Internet, although the FCC’s ruling does not diminish the power of state to enact and enforce consumer protection laws for the benefit of their citizens. Taxation and other regulation, however, may be a different matter.