Last week, Japanese authorities arrested a woman for killing the digital avatar of her online husband—no, we didn’t make this up. Arrested in her home in southern Miyazaki, she was taken to Sapporo in Northern Japan. The woman became angry on learning her online husband divorced her. She used his ID and password to log onto the “Maple Story” interactive game to execute the virtual murder. Although not yet formally charged, she was arrested for suspicion of illegally accessing a computer and manipulating electronic data. Although the police thus far have no reason to believe she was contemplating any real world criminal act, she still could face five years in prison or a fine of as much as $5,000 if she is ultimately charged and convicted of the computer access and manipulation charges. Maple Story, like many interactive, online virtual world games, allow real world participants to create digital characters called “avatars.” While many virtual experiences are essentially sophisticated online interactive games themselves, even non-game based virtual worlds enable avatars to engage in social networking, relationships with other avatars, transactions involving the exchange of value, and the creation or deployment of intellectual property—content ranging from video programs to musical concerts to creating wardrobes for their avatars. Because avatars exist in a virtual, digitally created world, their owners often engage in activities they would never consider in the real world.
Legal Bytes editor Joe Rosenbaum has authored a chapter in a new book, Inside the Minds: Managing Advertising & Marketing Legal Issues, published by Aspatore Publishing. The chapter is entitled “The Tension Between Advertising & Privacy: Whose Information Is It (Déjà vu)?” The text looks back at a Jurimetrics Law Journal article he authored 10 years ago entitled “Privacy on the Internet: Whose Information Is It Anyway?” and examines how the evolution of web-based and mobile advertising continue to have a profound effect on our notions of privacy in the digital world.
This month we would like you tell us a city name that can be found on every continent on Earth. Think you know the answer, send it to me. If you are first with the correct and complete answer, you win.
Last month we asked you to tell us where the expression “passing the buck” or “the buck stops here” came from. This month’s winner comes to us from Australia, where Peter Le Guay, a Partner of Thomson Playford Cutlers and member of the Global Advertising Lawyers Alliance (“GALA”), correctly noted that in the latter half of the 1800s, the game of poker became very popular in the United States, with no shortage of “cheats.” To minimize cheating, the dealer regularly changed and the individual next to deal was given a marker—usually a knife with a handle made from a buck’s horn. The marker became known as a “buck” and “passing the buck” meant card dealing was passed to the next person. There is widespread belief that as time went on, silver dollars were used, and the use of “buck” as slang for a dollar originated.
“Whenever you find you are on the side of the majority, it is time to pause and reflect.”
In what sounds like a James Bond spy caper, an MPAA executive allegedly paid a hacker $15,000 to break into a server and snatch copies of emails. The hacker accomplished the dirty deed and emailed the MPAA dozens of pages of material—ostensibly for use by the MPAA in its copyright infringement action against a company whose servers were involved in file sharing. The MPAA released a statement that “The information was obtained in a legal manner from a confidential informant who we believe obtained the information legally.”
Now a federal appeals court in California is determining if a lower court ruling should re-define online privacy protection by interpreting “intercept” under the 1968 Wiretap Act. The case, Bunnel v. Motion Picture Association of America, revolves around a ruling a year ago that held the hacker didn’t really “intercept” emails because they were in storage—not technically in transit. The lower court ruled the hacker’s “…actions did not halt the transmission of the messages to their intended recipients. As such, under well-settled case law, as well as a reading of the statute and the ordinary meaning of the word ‘intercept,’ Anderson’s acquisitions of the e-mails did not violate the Wiretap Act.” In other words, “grab copies of emails sitting on your server for a nanosecond” and it’s not wiretapping. Stay tuned!
A new provision of the Italian data protection law (Loyalty Cards, issued Feb. 24, 2005), is getting a workout. The Data Protection Authority fined a well-known supermarket chain €54,000 for not giving customers adequate information regarding use of personal data. The retailer issued loyalty cards—for shoppers to obtain discounts and rewards—and gathered customer names, email and cell phone numbers (personally identifiable information) and behavioral marketing information (spending habits and locations). Customer profiles were then evaluated and used to create targeted ad campaigns. The retailer didn’t ask customers for consent for all of these uses—a violation of the data protection law.
In Italy, if customer information is not used solely for operating the loyalty program, but for customer profiling and advertising, the consumer must be told and must give consent. While consent is not needed to carry out contract obligations needed to fulfill the loyalty reward program itself, collecting more information than needed for that purpose or using information for other purposes requires specific consent. Is this true elsewhere? In Europe? The United States? Canada? Latin America? Asia? New Zealand? Call me and find out, or read my bio.
Is a cyber attack an act of war? Analysts reported that while the Russian military was acting against the Georgian republic, Georgian websites were also under attack. Cyber warfare can exploit security gaps to take control of civilian infrastructure, such as power grids, as well as government websites and military command and control operations. It has long been known that cyber-weaponry could supplement (and sometimes replace) traditional military activities. But when does a cyber-attack itself constitute an act of war? (We all appreciate the notion of “war” as a historical concept is and continues to change.) Tactics such as urban warfare, bioterrorism and suicide bombers have caused grave concern, not only over government’s ability to deter violent and damaging non-traditional acts of war, but also how to respond when they occur. A big challenge in the cyber warfare world is identifying who did it. In 2007, Estonia asked NATO to come to its defense when a cyber attack disabled government and bank websites. Apparently in 2008 we didn’t need a cyber attack to bring down some of our financial institutions (sorry, couldn’t resist). Question—how does one respond to a cyber attack—with bullets or chips?
By August 2008, there were more publicly disclosed data breaches among U.S. businesses than for all of 2007. More information is created, flowing and stored by commercial enterprise than ever; more clever schemes are being hatched by criminals for hacking or disrupting information; employees don’t appreciate the value of assets you can’t feel; and consumers are befuddled by a maze of privacy notices, data theft notices, credit report advertisements, and scare tactics launched by advocacy groups—well intentioned though they may be. More than 40 U.S. states have laws requiring disclosure of data breaches. If these were intended to create incentives to prevent data breaches and reduce occurrence, how do we explain the steady rise? Are the laws ineffective? Are businesses accountable beyond some adverse publicity, once they provide legally mandated disclosure? Have we become jaded by news reports, privacy and breach notices as just so much junk mail? In the credit card world, consumers generally have a maximum $50 liability if a card is lost or stolen. In situations where there are no real time approvals, credit card companies take the risk. In that environment, a business decision is made to accept certain loses because the potential revenue generated by the business model yields a greater reward. In the world of consumer privacy and personally identifiable information disclosure, who is taking what risk? Studies for years indicate IT professionals appreciate that digital crime—theft of intellectual property, piracy, theft of trade secrets, customer data or employee information—is a problem. Many companies may not even know their security is breached and others have little incentive to solve the problem. Need more information? Come to my web page, contact me and tell me what you think. Call if you need help with a policy, a position or an understanding of your legal rights and obligations. We can help.
Reaching for that bottled water? At an average of $1.49 per bottle, that comes to $21/gallon. You could supercharge your tank with Starbucks coffee at $12+ per gallon. Better yet, Bud Light at $9.73 per gallon looks like a bargain—although good ol’ Vitamin D milk checks in at only $3.50/gallon. Now when compared with Absolut Vodka at about $58 per gallon or Chanel No. 5 perfume at $25,600 per gallon—well gasoline doesn’t sound all that expensive, does it?