MediaTech Law

By MIRSKY & COMPANY, PLLC

Privacy Roundup: 6/26/2014

Will the ECJ Kill the Privacy Safe Harbor for Facebook, Google and All Others?

Christie Barakat reports in SocialTimes that the ECJ, the European Court of Justice, will review the compatibility of the EU-US Safe Harbor with Europe’s Charter of Fundamental Rights.

The Safe Harbor is a legal convention under which US companies doing business in Europe may permissibly transfer the personal information of EU residents outside of the EU zone.  To qualify, the Safe Harbor requires that American companies commit to certain protections of that data in their processing and sharing practices, including stringent commitments on security of data.  The Safe Harbor is a self-certification process rather than a license or regulatory ruling process.  Although a little bit dated, see Henry Farrell’s nice primer on the Safe Harbor, here.

Barakat quotes from Farrell’s Washington Post blog, “Monkey Cage”, covering the immediate issue, which involves an Irish resident who sued Facebook in Ireland claiming that Facebook’s Safe Harbor self-certification status could not meet European Constitution standards for privacy protection due to Edward Snowden’s revelations of US government snooping of foreigners’ personal data.  As Farrell blogged in the Post, “the judge has presented the case to the ECJ in a way that seems designed to get the higher court to rule that the Safe Harbor is incompatible with European human rights standards, and hence invalid.”

Farrell describes the likely outcome of the ECJ’s review as “very hard to say”, at best. 

Read More

Expanding Accessibility: UN Adopts Article 9, Raising Accessibility Standards

Introduction
In April 2014, the United Nations (UN) Committee on the Rights of Persons with Disabilities adopted its General Comment No 2 on the issue of Accessibility, which applies to member States within the UN that have signed the treaty. The General Comment to the Convention on the Rights of Persons with Disabilities (CRPD) seeks to provide guidance to all relevant stakeholders, such as states and international organizations, on how to ensure accessibility for persons with disabilities. The treaty serves as the first of its kind to address access to information and communication technologies (ICT) for users with disabilities, and may now serve as a basis for State parties to reinforce and regulate national legislative frameworks.

Notably the CRPD, Article 9, paragraph 13 places particular onus on public and private actors regarding ICT. “The focus is no longer on legal personality and the public or private nature of… information and communication, and services. As long as goods, products and services are open or provided to the public, they must be accessible to all, regardless of whether they are owned and/or provided by a public authority or a private enterprise.” This public and private distinction is a first of its kind. Prior regulations placed the requirements for accessible ICT solely on public or government entities. These entities were essentially held to be established in some way for the public good, and therefore had a right to be accessible to the public audience. The shift in language which now includes “all products and services open or provided to the public” places such accessibility requirements on private industry as well, and will set the tone for implementation of such standards by UN treaty members to the CRDP.

Read More

Privacy Roundup: 6/18/2014

European Court of Justice’s Recent Ruling Has Many Asking: “What Now?”, Google’s Response, And the EU’s Counter-Response 

Mark Scott reported for The New York Times that 28 data privacy regulators from various agencies across the EU will carry out the European Court of Justice’s (EUCJ’s) recent ruling that Google can be forced to remove links from certain searches.  “But”, wrote Scott, “the court gave agencies little guidance in applying the ruling, and they (the regulators) are likely to interpret it in different ways.”  Scott reports that there are two other issues with the ruling: First, the question of whether non-Europeans would be eligible for petitioning European regulators to have information removed and second, the question of what obligation Google or other search engines will have in responding to requests to remove information.

Scott explained that, although Google has previously been confronted with requests to take down information, neither Google nor any other search provider has ever “faced the prospect of handling so many demands for unlinking online content that the new European ruling may have unleashed.”

Read More

Privacy Round Up

Oh Snap, SnapChat Agrees to Settle FTC Charges/ Incriminating Selfies Could Come Back to Haunt You
In a news release issued Thursday, the Federal Trade Commission (FTC) reported that SnapChat, Inc., maker of the mobile app “Snapchat”, “has agreed to settle Federal Trade Commission charges that it deceived consumers with promises about the disappearing nature of messages sent through the service.”  According to the FTC’s complaint, Snapchat had previously touted privacy and security as selling points in providing its service which allows users to share “snaps”, ephemeral photos or videos with other users.  The FTC’s release quotes FTC Chairwoman Edith Ramirez: “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”  Additional charges against SnapChat included misrepresented information regarding data collection in its privacy policy, the tracking and transmission of Android users’ geo-location information despite Snapchat claiming otherwise, and the collection of names and phone numbers from users’ mobile address books without notice or permission.

*          *          *

Honey Badger, Stand Down: There’s a New Badger in Town
Peter Eckersley, Copper Quintin and Yan Zheuff announced on the Electronic Frontier Foundation’s (EFF) Deeplinks Blog that EFF has released Privacy Badger, a browser extension for Firefox and Chrome which “automatically detects and blocks spying ads around the web”.  Eckersley, Quintin, and Zheuff report that, according to recent Mozilla research, users want privacy more than anything else in a web browser.  According to the post, EFF considers Privacy Badger a part of the organization’s “growing campaign to deliver privacy by giving you the technical means to disallow trackers within the pages you read on the Web.”

Privacy Badger is currently in alpha release and they want your feedback.  You can install it here.

Read More

Privacy Round Up

Can you Tweet That?

Venkat Balasubramani writes on the Technology & Marketing Law Blog about a suit filed recently in federal court by Uli Behringer against “John Doe” Twitter users claiming (among other things) violations of the Computer Fraud and Abuse Act (CFAA [http://www.law.cornell.edu/uscode/text/18/1030]), 18 U.S. Code § 1030, unfair competition, trademark and copyright infringement, cyberpiracy and libel.

The claims arise from the failed efforts of Mr. Behringer to have Twitter disable the accounts of users using the Twitter handles “@NotUliBehringer” and “@fakeuli”.  This, despite the fact that as Balasubramani writes, “the first thing that jumps out is that both accounts are clearly parody accounts – no reasonable twitter user would think otherwise.”  According to Balasubramani, Twitter responded that the accounts did not violate any of Twitter’s policies and therefore refused to disable the accounts, prompting Behringer to bring his case to federal court.

Balasubramani clearly thinks Behringer’s suit is frivolous, although not just because of the protected status of parody under First Amendment and fair use law.  He describes the copyright, trademark unfair competition and interference with contract claims as “tenuous at best”.

What is the Reach of US Jurisdiction Over Personal Data?

Hunton & Williams, in its Privacy and Information Security Law Blog, writes about a U.S. federal court ordering Microsoft to release user data to U.S. law enforcement in response to an otherwise valid search warrant even where the data was physically stored on servers based outside the United States.

In this case, the data was stored on servers in Ireland.  According to H&W, Microsoft argued that “U.S. courts are not authorized to issue warrants for extraterritorial search and seizure of emails.”  In response, a federal magistrate judge held that a search warrant for online data should be viewed – and treated – differently than a conventional warrant, and particularly should be viewed much more liberally for extraterritorial access purposes.  Allison Grande of Law360.com reports that the judge held that the Stored Communications Act, 18 U.S. Code § 2701 “does not explicitly bar extraterritorial access.” 

Read More

Aereo and WWE: Disruptive Upstarts in the Land of Live Broadcast TV

Ever since YouTube streamlined the process for allowing anyone to easily post and watch videos online, the barrier to entry to provide and consume video has become incredibly low. Traditional television outlets have embraced online video to some extent, offering access to their most popular shows within a week, or sometimes a day after they originally air. What’s more, Internet-only services like Hulu Plus, Netflix, and Amazon’s Prime provide an extensive catalog of shows available on demand. One of the few remaining holdouts regarding online access to broadcast television is in the arena of live sports. Organizations like the National Football League (NFL) tightly control broadcast rights for live events, while other organizations, like World Wrestling Entertainment (WWE) and the Ultimate Fighting Championship (UFC), control access to their live events through pay-per-view broadcast. Both of these models, however, threaten to be up-ended by the new and novel approaches to content delivery.

WWE and the Digital Only Approach

A shake-up in the delivery of live sports can be found in this February’s launch of the World Wrestling Entertainment’s WWE Network. The WWE Network is a subscription-only streaming Internet video service that broadcasts professional wrestling events that were previously only available on cable and satellite television. The $9.99 a month subscription provides subscribers with access to WWE’s pay-per-view events, network original series, as well as a catalog of vintage wrestling programs from the past four decades.

Read More

Privacy Roundup: 4/21/2014- 4/27/2014

Sarah N. Lynch reported that Digital 4th, a group that defines itself as “ a non-partisan coalition dedicated to bringing Fourth Amendment protections into the 21st century.”, is slamming the United States Securities and Exchange Commission (SEC) for resisting changes to federal privacy laws proposed in Congress in 2013.  The legislation would force government agents to obtain warrants prior to accessing the email of any individual under investigation.  In urging the public to lobby the White House to support this reform, Digital 4th launched the website notwithoutawarrant.com.  Lynch writes that, currently, government investigators can legally access certain emails with only a subpoena, which has a lower legal threshold than a warrant since it doesn’t require a judge’s approval.

In The Economist’s “Babbage” blog, H.G. reported that a couple of Harvard students created a service which allows users to delete or alter the content of messages that they have already sent.  The service, Pluto Mail, also lets email senders see whether or not recipients have opened their messages.  The service was released in beta on March 1, currently has about 2,000 users, and accepts new recruits each day from a waitlist.  H.G. reports that, although the sender can access and alter or delete the content of a message via the cloud, senders cannot delete the actual message from a recipient’s inbox.  “The ability to delete all trace of an email would require access to all other messaging services, obliging Pluto Mail to collaborate with every other email provider in the world—a feat they did not consider feasible.”

Read More

Open Source, Dynamic Linking and Licensing Consideration for Developers

Introduction:

There is often confusion among software developers regarding the licensing of open source code. Questions center on what can be done with open source code and what is considered a derivative work.  One particular area of confusion arises when the derivative work uses static or dynamic links when compiling the source code.  This distinction is critical and implicates different licensing requirements dependent upon this decision.  It is important for developers to have an understanding of the basic principles of the most popular open source licenses and how static versus dynamic links can affect the end result from a licensing perspective.

GNU GPL

The GNU General Public License (GNU GPL or GPL) is the most widely used free software license. It grants end users the freedom to use, study, copy and modify a piece of software. Originally written by Richard Stallman of the Free Software Foundation in 1989, the GPL is now in its third iteration with the GPLv3. The GPL is based on the idea that nobody should be restricted by the software they use. To meet this goal, every user should have the freedom to: use the software for any purpose; change the software to suit a particular need; share the software; and share changes to the software. To this end, GPL-licensed software requires that source code be made available to all users. Furthermore, users have the right to use and modify that source code. Should those modifications be distributed, the source code of that distribution must also be licensed under the GPL.

Read More

Privacy Roundup: 4/14/2014- 4/20/2014

Hunton & Williams’ Privacy and Information Security Law Blog reported on the FTC’s settlement with two data brokers, Instant Checkmate, Inc. and InfoTrack Information Services, Inc., in connection with those firms’ practices of selling public record information about consumers. The FTC had filed complaints against the 2 companies claiming for “providing reports about consumers to users such as prospective employers and landlords without taking reasonable steps to make sure that they were accurate, or without making sure their users had a permissible reason to have them.” The FTC entered into consent orders with each of the companies (together with payment of fines) requiring future compliance with the Fair Credit Reporting Act.

Mary Ellen Callahan and Esteban M. Morin wrote on the blog of the International Association of Privacy Professionals (IAPP) about a workshop last week hosted by the National Institute of Standards and Technology on the topic of privacy engineering, and in particular, the “lack of clear standards that exist for regulating privacy”. Similar to concepts broadly being espoused by proponents of Privacy by Design, the authors “stressed the importance of organizational structure that emphasizes privacy, the value of developing a ‘culture of privacy’ that raises every employee’s awareness of privacy issues and generally explained how to establish a privacy-protective environment”. For more on Privacy By Design and its concepts and proponents, please see our separate recent blog post here .

Read More

The Candy Man Cometh: Candy Crush Developer King Crushes Sweet Dreams in Trademark Disputes

United States Patent and Trademark Office (USPTO) records indicate that King, also known as Digital Entertainment PLC, publisher of the popular game Candy Crush Saga, applied to register a trademark for the word “candy” in February, 2013.  (US Trademark Application Serial Number 85842584.)  PCMag reported that King had already trademarked “candy” in the EU where, according to King’s spokesperson, the company’s intellectual property is constantly being infringed upon.  The firm sought the same security in the US market, leading critics to pounce weeks before March 26, when, according to Forbes, the company tanked in its market debut.

The application to register the “candy” trademark was approved on January 15, 2014.  One intellectual property commentator told the San Jose Mercury News that King’s move was “blatantly anti-competitive and not what trademark law is about”.  Forbes contributor Eric Kain wrote “No corporation should have legal rights to any word I can use in Scrabble—words like ‘candy’ or ‘saga’ for instance.”

Read More

ICYMI: Privacy Laws Effective Jan 1, 2014

In case you missed it: We recently wrote here that over two dozen state privacy laws were passed in 2013.  While little to nothing is happening in Congress – at least in terms of actual privacy legislation – state legislatures continue to fervently address the issue of privacy.  Many new state laws became effective January 1st of this year.  Here is just a sampling of those directly impacting both individuals’ privacy and technology.

Read More

GitHub and Developers: The perils of licensing after code release.

The licensing practices of open source software developers have often centered around copyleft or permissive licenses that provide free public access to a project’s source code with only a few restrictions on how the code may be used. These licenses often require that any derivative work created from the source code must also be licensed under similar terms.  Websites, GitHub being a prominent example, allow developers to post their code so that others can download the master code, make changes to it and push those changes back up to the master copy.  Sites like these are described as “distributed reversion control repositories” (DRCRs).  With advancements in DRCRs, some trends show that today’s open source developers do not take into account licensing considerations until well after a project has been created and made available to the public.  Labeled the POSS (Post Open Source Software) approach in a 2012 tweet by James Governor of RedMonk, many open-source developers are now skipping past licensing and governance considerations regarding code, and simply posting their work to sites like GitHub.  This trend may offer more risks than opportunities regarding the ability of the code to be adopted into the OS community, and may expose code developers to greater liability regarding non-disclaimer of warranties.

Read More