The Black Forest Group is hosting a high-level conference in Valencia, Spain, in conjunction with its Fall 2005 meeting. The BFG is a non-profit membership association of international end-user information technology and strategic planning senior executives and high-level academic and support professionals, dedicated to providing its members with sustainable competitive value in their professional capabilities and commercial responsibilities. On the Agenda for Valencia: Healthcare Systems in Europe and the U.S. for Global Employers; Record Management Across International Boundaries; Compliance, Security and Privacy—The Changing Role of the CIO/CTO; Global Collaboration, Off-shoring and Outsourcing, and more. For more information about the conference or BFG membership, contact Joe Rosenbaum.
Charles Ford has sued Verisign, Jamster!, Jamba! (the European version of Jamster!), T-Mobile USA, AT&T Wireless, and Cingular, hoping to turn his lawsuit into a worldwide class action. The problem: his daughter responded to a TV ad promising her a free ring tone. Although she claims never to have downloaded any songs the company sent her, Ford was billed $1.99, plus another 5 cents for each text message she received and read over her monthly limit—to the tune of $80. Ford is alleging fraud, negligent misrepresentation, false advertising, and unfair competition, and is claiming that by targeting children who often don’t understand, they are using this as a means to keep sending text messages which are read—costing consumers money. Stay tuned.
This June, the Ninth Circuit, overturning a lower court ruling, held that the Fair Credit Reporting Act (FCRA) does preempt some part of the California Financial Information Privacy Act (aka SB1). The court held that the FCRA does, in fact, preempt state affiliate sharing laws insofar as a “consumer report” is concerned. Where affiliate sharing does not involved a “consumer report” as defined in the FCRA, state laws are not preempted. What this means if you do business in California: (a) SB1 opt-out will not apply when affiliates share consumer report information; (b) SB1 opt-out will apply when affiliates share information that isn’t a consumer report; and (c) SB1 “opt-in” relevant to disclosures of information to non-affiliates will continue to be applicable and enforceable.
Just last month (June was a busy month), Utah and Michigan laws came into force which prohibit sending commercial e-mail to children for products a minor can’t legally own there—but the children must be signed up in the newly created Child Protection registries to be covered by the protection. That means not just gambling or alcohol, but tobacco, prescription drugs and a host of other items which children are not permitted to own in those states. Michigan and Utah will both impose fines for violations , and in Utah, sending a message or a web link could also land you in jail for up to three years. And you thought CAN-SPAM was tough—in both states, the penalties apply even if a parent requested the e-mail. Although likely to be challenged, at this point, if you are using e-mail or web-based links to market in these states, the time to worry about doing a merge-purge against the registries before you e-mail is now.
We were so busy last month telling you about Grokster, we didn’t even get a chance to mention the Supreme Court also ruled providers of cable modem services are not subject to the common carrier regulations that apply to telecommunications services—most significantly the requirement they allow competitors to connect or interconnect with their networks and provide competitive choice and equal access to consumers. Technically, the decision held that the FCC didn’t exceed its authority and has the discretion to interpret the scope of its regulation and rulemaking authority when it declined to force cable broadband providers to provide competitive access similar to that accorded the telecommunications’ common carriers. The FCC had characterized cable modem services as “information services” and thus not telecommunications services, which are subject to the common carrier (and consequently, competitive) regulations.
Click Defense, a company that sells tools for online marketing, including tools to prevent click fraud, sued Google. Why? Because it just doesn’t do enough to prevent “click fraud”—the process of deliberately clicking Web ads to run up rival advertising costs (the advertiser has to pay Google for each click). Whether it does or doesn’t do enough is a question of fact and whether it has an obligation to do something, anything, or more than it is doing is also debatable. On one end of the spectrum, liability could attach if a search engine company actually knew (or should have known) someone was doing that and did nothing to stop or prevent it. At the other end is the fact that in today’s environment, it is often difficult for these providers to monitor or determine what constitutes improper or proper clicking. After all, isn’t the goal of advertising to induce you to click? This is a sticky problem that is likely not to go away and will find different paths through the courts—there is too much money at stake. How can we help you?
Last month we teased you about legal issues that apply to interactive, web-based digital video games. How could we have known those sexually explicit scenes hidden in the game Grand Theft Auto: San Andreas would have been exposed just in time for our July Legal Bytes issue. Wow. Although the Advertising Review Council has an Entertainment Software Rating Board (“ESRB”)—a self-regulatory group that in May 2001 promulgated widely followed and accepted Principles and Guidelines for Responsible Advertising—the inability of the industry to effectively police itself, whether in connection with sexually explicit images, profanity, violence or otherwise, is coming under increasing fire as these incidents are uncovered. You all know what that means, right? Legislation, regulation and full employment for advertising attorneys who know their way around interactive, web-based digital gaming…and we have lots of those folks. You thought we were only concerned with product placement. Questions?
At least that’s what the FTC thinks. They charged BJ’s Wholesale Club with failing to maintain adequate computer security—it is the first time the FTC has used Section 5(a) (the section that says if you engage in an unfair or deceptive act, or practice in or affecting commerce, it’s unlawful). The FTC cited failures to encrypt consumer information, storing sensitive computer information for a needlessly long time in files with common or default passwords, and lax measures regarding prevention of unauthorized access, detection and security investigations: The complaint alleged that when taken together, BJ’s failed to provide legally adequate security for sensitive consumer information. The Chairman of the FTC has called for Congress to enact legislation requiring notification to consumers if there is significant identity theft risk, and has asked Congress to consider extending the Gramm-Leach-Bliley Safeguards Rule currently applicable to financial institutions, to non-financial institutions.
Literally as this issue headed to press, the Supreme Court released its unanimous decision in the case of Metro-Goldwyn-Mayer Studios v. Grokster—a decision that is likely to have monumental consequences for years to come. To summarize the basic issues, for many years peer-to-peer file-sharing networks have relied on the 1984 Sony v. Universal Studios decision (“Betamax case”) which held the distribution of a commercial product capable of substantial noninfringing use could NOT give rise to contributory liability unless the distributor had actual knowledge of specific instances of infringement and failed to act. With peer-to-peer file-sharing, the network software architecture is decentralized, making it unlikely that the provider of the file-sharing software (in this case Grokster and StreamCast) could actually know of any specific instances. Even the theories of vicarious infringement were thrown out by the lower courts because neither Grokster nor StreamCast monitored, controlled or supervised the use of the software (nor did they have an independent duty to police against infringement).
Enter the Supreme Court, which agreed to hear the case on appeal from the 9th Circuit, which held that Grokster and StreamCast could not be liable for contributory infringement because there was no ability to prove actual knowledge and the software was capable of substantial non-infringing use. To give readers context, evidence was introduced indicating that on the FastTrack and Gnutella networks, more than 100 million copies of file-sharing software had been downloaded and billions of files are shared across those networks each month! The court noted “the probable scope of copyright infringement is staggering.”
So the Supreme Court overturned the 9th Circuit decision—but not for the reasons you might think. In my view, the Supreme Court did not overturn or even modify the Betamax case. Distributors of peer-to-peer file-sharing software using a decentralized indexing system to share copyrighted songs and movies, and which is capable of substantial non-infringing use, cannot be held liable for contributory infringement absent showing the distributors had specific knowledge and made a material contribution to direct infringement. The court also confirmed that software distributors cannot be held liable for vicarious infringement without showing the ability to block direct infringement by users.
The Supreme Court went to great pains in overturning the 9th Circuit to note “this case is significantly different from Sony and reliance on that case to rule in favor of StreamCast and Grokster was error.” The Sony case applied to distribution of a product that had both lawful and unlawful uses and sought to impose liability because Sony knew some users might use the product unlawfully. That case held it is inequitable to impute fault and corresponding secondary liability based on the unlawful acts of others, where the product has substantial lawful utility.
Intermix Media has reportedly agreed to pay $7.5 million to settle a lawsuit filed by the New York Attorney General, and if true, this represents the largest fine in a consumer online privacy action to date. In addition to agreeing to hire a Chief Privacy Officer, Intermix must agree to stop distributing its adware/spyware and redirect programs which the NYAG alleged were downloaded to consumers’ personal computers with inadequate notice, and then hidden to make it difficult to remove. Besides the annoyance which consumers rail about, often such hidden programs can be part of more elaborate identity theft and security breaches, sometimes without the knowledge of the company that created them. The lawsuit’s primary claims were false advertising and deceptive business practices under New York’s General Business Law statutes.