Posted on

IMHO – Wiki Wiki True to Its Meaning

According to Tech Terms, “wiki” comes from the Hawaiian phrase “wiki wiki,” which means “super fast.” I guess if you have thousands of users launching denial of service attacks (see below) against targeted web sites – well “super fast” spells super trouble. Which has prompted me to write this article “IMHO” (in my humble opinion) – IMHO being a social media nod to the kewl gnu SMS lingo.

So, doesn’t it seem as if this WikiLeaks thing has gotten out of hand? Now in fairness, in my view there are intelligent points being made on both sides of the issues – national security is important; so is freedom of the press and speech. There are also rights and responsibilities on both sides of the issues – private censorship is not something that sits well with those of us who value the right to hear and voice differing opinions and thoughts; yet using a “free speech” argument to allow someone to scream fire in a crowded theatre – even when none exists – can cause harm to innocent people and is, again in my view, irresponsible, if not illegal.

So if you have been following this Wikileaks issue, you already know about the leak of U.S. diplomatic cables by or through WikiLeaks, and unless you have been living under a rock, you have also noticed the arrest of WikiLeaks founder, Julian Assange. All of this has resulted in a dramatic and well-publicized series of “cyber attacks” from “hacktivists” primarily using a disruptive technique known as “denial of service attacks.”

Curiously, the arrest of Mr. Assange in London has nothing to do with the current controversy over confidential and sensitive material that is giving rise to the tensions across the Internet. Mr. Assange’s legal problems stem from an international warrant issued by Sweden, where he is accused of rape, molestation and unlawful coercion by two women in connection with sexual encounters he reportedly had while he was in Sweden last summer. Mr. Assange apparently confirmed the encounters, he has denied the allegations of assault, and he has not yet been formally charged in either of the women’s cases.

The disruptions on the Internet and outcry against his treatment (or the treatment of his company) are not about his personal problems, but rather have taken on a life of their own as a poster child for the principle of “information needs to be free.” Somehow, WikiLeaks has become a symbol, a rallying cry, for the cause of free speech and information transparency, being championed by activists around the world, the activities of some of whom has allegedly already resulted in:

  • The Swedish government website http://regeringsen.se was offline for several hours, and arms of the Swedish postal service, the websites of Swedish prosecutors, and at least one lawyer, were the targets of attacks.
  • Both MasterCard and Visa, whose banking and financial institution members stopped accepting payment transactions in support of either WikiLeaks or Mr. Assange’s defense, were subject to attack (e.g., reportedly Visa’s website and MasterCard’s “secure code” system was affected – in the case of MasterCard, apparently preventing some online transactions from being processed for several hours.
  • Just today we read of allegations and reports that Sarah Palin’s credit card information and the website of her political action committee were hacked because she referred to Mr. Assange on ABC News yesterday as “an anti-American operative with blood on his hands,” and U.S. Senator Lieberman’s website was impaired and anonymous SPAM faxes sent to the Senator’s office after he called for an investigation of The New York Times, which had published articles with details of the diplomatic cables leaked by WikiLeaks.

As Mr. Spock, the iconic “Star Trek” character played by Leonard Nimoy, might have remarked well into the future: “Fascinating!” Well the future is now.

So what should you do? First you should read my partner, Douglas J. Wood’s recent opinion piece on Corporate Counsel, entitled “Say Hello to the World’s New Sovereign Nations: Facebook, Google and RIM.”  (subscription required) When you finish, head straight to YouTube and watch the clip (my title) “There’s a War Out There” from the incredibly prescient motion picture “Sneakers,” with Ben Kingsley and Robert Redford. You might also grab a copy of An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths, by Glenn Reynolds. Oh, and in case anyone is thinking about my Legal Bytes post more than a year ago, entitled FTC (Revised) Endorsement Guides Go Into Effect, rest assured I have no interest (other than intellectual) in either my partner’s publication, the motion picture production, or the book or publishing company noted.

It is likely, some of the “attacks” may lead to criminal prosecution or civil litigation, or both. It is also likely that companies and governments may rethink their security and dependence on digital technology, as well as their activities and responses to events such as these. Protests of this nature, irrespective of one’s view or one’s “side,” are now occurring on a scale, orchestrated by individuals dispersed throughout the globe, in a manner that might make taking to the streets or holding passive sit-ins or hunger strikes in the halls of legislative bodies passé. Further, the effects of such activities on innocent people should not be underestimated. While the United States holds dear the Constitutional rights of free speech and freedom of the press, that does not include the right to create panic or harm or injury to others. There is a line between voicing one’s support and opinion, freely heard in the blogosphere, and illegal conduct that damages persons and property.

So after reading this and the references cited, ask yourself the following question: Is this a technology problem? A political problem? A national security problem? A public relations problem? A legal problem? It is probably worth noting, since my partner Doug Wood mentioned it after reading a draft, that the freedoms of speech and the press (and assembly, etc.) that are embedded in the U.S. Constitution are not the norm around the world. We often lose sight of the fact that these rights (and the passion and zealousness with which we cherish them and defend them) are not the global norm – yet. But, technology has enabled activities and communication unimaginable in the past. It can be a force for good or bad – sometimes both. Now comes the revolution? Fascinating! But that’s just my opinion.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

Posted on

It May Not Be Easy Being Green – But We May Be Able To Help

First issued in 1992 and revised in 1998, the Federal Trade Commission three years ago (2007) began an extensive review of its Guides for the Use of Environmental Marketing Claims, also known as the "Green Guides," focusing mainly on the dividing line between deceptive and non-deceptive speech. Noting the increasing use of "greenwashing" – the use of unsubstantiated environmental claims in advertising – the FTC is seeking to spell out the specific environmental claims that advertisers can and cannot make about their products and services. After hearings, surveys and feedback, the FTC recently formulated draft revisions to the Green Guides, publishing them for public comment.

Our own John P. Feldman prepared an insightful analysis of the draft revision and what it may mean if it is ultimately adopted by the FTC in its current form. That analysis, originally prepared as a presentation to lawyers, and advertising and marketing professionals, has now been recast into a narrative discussion; and thanks to the assistance of Carolyn Boyle and the editorial staff at the International Law Office, you can read all about it on the International Law Office website. The article, published as the Revised Green Guides: A Balanced Approach to Environmental Claims in Advertising, represents a terrific overview of the FTC’s current thinking in this area, and it is a must read for any legal, regulatory, advertising and marketing professional who does "green" marketing and advertising or who may be responsible for it. 

If you need help, need more information, or need knowledgeable counsel and representation in this important area of law and regulation – either now or increasingly in the future – please don’t hesitate to contact John P. Feldman directly, or me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Posted on

Protecting Consumer Privacy – FTC Issues Staff Report

This post was written by Paul Bond, Chris Cwalina, Amy Mushahwar and Fred Lah.

The FTC just released its long-awaited Protecting Consumer Privacy in an Era of Rapid Change. This preliminary staff report proposes a major change in U.S. privacy law. The FTC is accepting comments on this report until January 31, 2011, and if you could be affected by these changes and would like to submit comments, or if you are considering submitting comments to the report (or perhaps you aren’t sure if you should), Rimon can help. While we are still reviewing the 123-page report in depth, we wanted to share a few thoughts from an initial reading.

The report proposes a major change in the framework of U.S. privacy law, stating bluntly: “Industry must do better.” The report notes, among other things:

  • Notice-and-consent doesn’t work. People don’t read or understand privacy notices as now written. The Commission’s view is that privacy policies have become “long” and “incomprehensible.”
  • Waiting for harm to consumers isn’t an effective way to enforce privacy norms. Harm has traditionally meant economic or physical harm. Privacy harms include reputational harms and even the emotional harm of having one’s information “out there,” or “fear of being monitored.” The new framework must address and allay these anxieties; however, there is some disagreement among the Commissioners. Commissioner J. Thomas Rosch, in his concurrence, notes “the Commission could overstep its bounds” if it were to begin analyzing these more intangible harms when assessing consumer injury.
  • Industry self-regulation is too little, too late, and has failed to provide adequate and meaningful protection.

The report challenges a number of privacy and security assumptions. The report:

  • Casts severe doubt on claims that de-identified information need not be protected, citing multiple instances and methods by which personally identifiable information (PII) can be culled from “non-name” information (e.g., IP addresses, other unique identifiers). The distinction between PII and non-PII is, the report says, “of decreasing relevance.” Consequently, the scope of the report is very broad and applies to “all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer or other device.
  • Purports to apply in the online and offline world, and not only to companies that work directly with consumers.
  • Suggests that consumers must be made aware of and consent to onward transfers of information to non-affiliates no matter what the industry, universalizing the consumer notice requirements that previously only applied to certain highly regulated industries (e.g., telecommunications, education, health care, financial services), or certain types of sensitive data (e.g., credit data, bank accounts, medical records).
  • Distinguishes between “commonly accepted data practices” and all other data practices. Borrowing from GLBA and HIPAA, using data to aid law enforcement, or in response to judicial process or to prevent fraud, would not require notice to or consent of consumers, but ALL other data practices (e.g., behavioral advertising and deep packet inspection that are explicitly named as not commonly accepted data practices) would require notice and consent in a form easy to read and understand, ideally provided to the consumer when the consumer enters his or her personal data. The report suggests opt-in consent be obtained prior to implementing any material changes to company policy that would apply to data collected under a prior privacy policy.
  • Suggests that to promote a free and competitive market, the privacy practices of companies need to be more transparent to consumers, and that consumers be given “reasonable access” to their data.
  • Notes that appropriate data-retention periods should be a legal requirement. The report sites geolocation data as especially important to phase out.
  • Endorses a “Do Not Track” mechanism, recognizing that such a mechanism would be far more complex than the National Do Not Call registry. The FTC supports either legislation or self-regulatory efforts to develop a system whereby a consumer could opt not to be “tracked.” The FTC has expressed a distinction between “tracking” and “interest-based” advertising. And, in later discussions regarding the report, the FTC has stated that it will treat first-party advertising more favorably than third-party ad servers. The FTC has not decided on the technical mechanism for creating such a registry, but it recognizes a browser-based solution – similar to the privacy plug-in on the Firefox browser or incognito mode in Google Chrome. The FTC has not indicated if opt-in or opt-out would be the default browser setting for any browser privacy technology deployed.

So what should businesses do?

First, companies should carefully review the report and all the questions made open for public comment. These are listed in Appendix A to the report, but additional questions are posed in the Commissioner dissent statements.

Second, companies should strongly consider commenting on the report. In our experience, the FTC will listen and often address business concerns. But you must be heard. Trade associations are a good place to start, but individual company voices are important, especially if you have unique issues that should be addressed.

Third, now is a good time for you to pull back and consider your privacy policies, practices and programs, and the extent to which privacy is incorporated into your everyday business practices. The report suggests every company should adopt “privacy by design,” “building privacy protections into everyday business practices,” “assigning personnel to oversee privacy issues, training employees on privacy issues, and conducting privacy reviews when developing new products and services.”

You can read and obtain a copy of the FTC’s full report here.

If you need help, want more information, want to comment, or simply require some guidance – whether counsel or representation – in an area that is of critical importance to businesses and consumers, please don’t hesitate to contact Paul Bond, Chris Cwalina, Amy Mushahwar, Fred Lah or me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Posted on

Advertising Across the Pond – In Case You Missed It

In case you missed Rimon’s Columbus Day seminar, presented by Rimon partner Marina Palomba, you can read and download a copy of the presentation right here: “A Global View on Advertising Law from the Other Side of the Pond.” The presentation covered four main areas: green claims, on-line behavioural and location-based advertising, the extension of self regulation of advertising to promotional messages on the Internet, and ambush marketing and the 2012 Olympics. Need to know more? Want to appreciate how regulation and the legal framework apply to any or all of these areas in your business? Feel free to contact Marina Palomba directly or the Rimon lawyer with whom you regularly work.

Posted on

Mid-Term Elections 2010 – Internet Privacy Implications

Rimon attorneys Judith (“Judy”) Harris and Amy Mushahwar were recently interviewed by The Washington Post about the 2010 mid-term election results and how the results might affect the legislative agenda and policy-making in Congress with respect to Internet privacy. Judy and Amy also explain what to expect over the next few years in terms of internet privacy trends and legislation.

Posted on

FTC Revised Green Guides – It Isn’t Easy SAYING You Are Green

It’s no longer simply a matter of saying it isn’t easy BEING green, as Kermit the Frog has done for decades; now it isn’t easy SAYING you are "green" – the latest buzzword denoting environmentally friendly advertising: Green Marketing. The Federal Trade Commission (FTC) is in the process of revising its Green Marketing Guidelines and has published proposed rules for public comment. 

John P. Feldman in our Washington, D.C., office, has experience and a strong and insightful understanding of the Green Guidelines, and he has prepared an analysis of where we are and where the FTC thinks we should be going – subject to an opportunity for you to file comments. 

So here is the bottom line. John’s analysis, The FTC’s Green Guidelines, is now available for your review. You can download your own copy through the link as well. In addition, the comment period is soon closing, so if you are concerned about anything in the proposed revised Green Guidelines, now would be a good time to wake up and smell the recyclable coffee and get your comments to the FTC. Not sure what the guidelines mean to you? Not sure how best to comment? Well that’s where John’s skill and experience come in – feel free to contact John P. Feldman (jfeldman@rimonlaw.com) directly and he will be glad to help assess your needs and prepare comments for filing should you wish to do so. 

Even if you opt not to participate in the public regulatory dialogue, if you advertise, market or even think about touting how environmentally friendly you, your products or your services are – better call John! Of course, if you are already a client of Rimon, feel free to contact me, Joseph I. ("Joe") Rosenbaum (joseph.rosenbaum@rimonlaw.com), or the Rimon attorney with whom you regularly work, and we’ll make sure you get to John and get the assistance you need.

Posted on

Privacy & Data Security Bills After the Midterm Elections

The midterm elections will likely result in a shift of political power within the House of Representatives. The resultant divided government is likely to impact the current ambitious privacy and data security legislative agenda. Rimon Washington D.C. Data Privacy, Security & Management attorneys Judith Harris, Christopher Cwalina, and Amy Mushahwar have published an analysis of their predictions for 2011 legislative priorities as the incoming crop of legislators move from campaign mode to governance. Please see their article in Information Security.

Posted on

Advertising Across the Pond – Don’t Miss This

If you haven’t already, please register for “A Global View on Advertising Law from the Other Side of the Pond” presented by Rimon partner Marina Palomba with an introduction from Doug Wood. Don’t miss this exciting and timely presentation. Follow this link to obtain more information and register: http://guest.cvent.com/d/vdqvn3/4W.

You won’t want to lose the opportunity to gain valuable insights; besides, if the economy continues to deflate the U.S. dollar and inflate the value of British Pound Sterling, Marina has intimated that the United Kingdom may attempt to simply buy the United States and make it a colony again.

Hope to see you at the seminar.

Posted on

Internet Communications – Encryption Is Not Enough

Most of us have come to enjoy the convenience of secure communications over the Internet, enabling us to feel comfortable that a broad range of commercial transactions, and remote access through virtual private networks (VPNs), as well as the transmission and retrieval of data from the Cloud, are secure – at least reasonably so. However, such communications may be less secure than people think. It has recently come to light that the processes used to authenticate the identity of the party (or organization) with whom one is communicating may actually be deeply flawed. In almost all cases, businesses and individuals alike unwittingly trust a large number of “certificate authorities” (so-called “CAs”) to essentially authenticate or vouch for the identity of the endpoints of secure communications over the Internet.

CAs hail from across the globe. Some are private entities while others are associated with, or operated by, governments – in some cases perhaps a government one may not wish to trust. Still other CAs may simply be incompetent. No matter which is the case, it is clear that these CAs have the power to facilitate man-in-the-middle wiretap exploits and “phishing” through imposter servers. Isn’t it time for general counsel and IT to work together to shore up the authentication processes, because Encryption is Not Enough

If you aren’t sure your communications are secure, or if you simply don’t know enough to determine the right questions to ask, contact Steven B. Roosa directly, or the Rimon attorney with whom you regularly work.