MediaTech Law

By MIRSKY & COMPANY, PLLC

Privacy Roundup: 6/26/2014

Posted June 26, 2014 by Andrew Mirsky 0

Will the ECJ Kill the Privacy Safe Harbor for Facebook, Google and All Others?

Christie Barakat reports in SocialTimes that the ECJ, the European Court of Justice, will review the compatibility of the EU-US Safe Harbor with Europe’s Charter of Fundamental Rights.

The Safe Harbor is a legal convention under which US companies doing business in Europe may permissibly transfer the personal information of EU residents outside of the EU zone.  To qualify, the Safe Harbor requires that American companies commit to certain protections of that data in their processing and sharing practices, including stringent commitments on security of data.  The Safe Harbor is a self-certification process rather than a license or regulatory ruling process.  Although a little bit dated, see Henry Farrell’s nice primer on the Safe Harbor, here.

Barakat quotes from Farrell’s Washington Post blog, “Monkey Cage”, covering the immediate issue, which involves an Irish resident who sued Facebook in Ireland claiming that Facebook’s Safe Harbor self-certification status could not meet European Constitution standards for privacy protection due to Edward Snowden’s revelations of US government snooping of foreigners’ personal data.  As Farrell blogged in the Post, “the judge has presented the case to the ECJ in a way that seems designed to get the higher court to rule that the Safe Harbor is incompatible with European human rights standards, and hence invalid.”

Farrell describes the likely outcome of the ECJ’s review as “very hard to say”, at best. 

Read More

Privacy Round Up

Posted May 13, 2014 by Andrew Mirsky 0

Oh Snap, SnapChat Agrees to Settle FTC Charges/ Incriminating Selfies Could Come Back to Haunt You
In a news release issued Thursday, the Federal Trade Commission (FTC) reported that SnapChat, Inc., maker of the mobile app “Snapchat”, “has agreed to settle Federal Trade Commission charges that it deceived consumers with promises about the disappearing nature of messages sent through the service.”  According to the FTC’s complaint, Snapchat had previously touted privacy and security as selling points in providing its service which allows users to share “snaps”, ephemeral photos or videos with other users.  The FTC’s release quotes FTC Chairwoman Edith Ramirez: “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”  Additional charges against SnapChat included misrepresented information regarding data collection in its privacy policy, the tracking and transmission of Android users’ geo-location information despite Snapchat claiming otherwise, and the collection of names and phone numbers from users’ mobile address books without notice or permission.

*          *          *

Honey Badger, Stand Down: There’s a New Badger in Town
Peter Eckersley, Copper Quintin and Yan Zheuff announced on the Electronic Frontier Foundation’s (EFF) Deeplinks Blog that EFF has released Privacy Badger, a browser extension for Firefox and Chrome which “automatically detects and blocks spying ads around the web”.  Eckersley, Quintin, and Zheuff report that, according to recent Mozilla research, users want privacy more than anything else in a web browser.  According to the post, EFF considers Privacy Badger a part of the organization’s “growing campaign to deliver privacy by giving you the technical means to disallow trackers within the pages you read on the Web.”

Privacy Badger is currently in alpha release and they want your feedback.  You can install it here.

Read More

Privacy Round Up

Posted May 7, 2014 by Andrew Mirsky 0

Can you Tweet That?

Venkat Balasubramani writes on the Technology & Marketing Law Blog about a suit filed recently in federal court by Uli Behringer against “John Doe” Twitter users claiming (among other things) violations of the Computer Fraud and Abuse Act (CFAA [http://www.law.cornell.edu/uscode/text/18/1030]), 18 U.S. Code § 1030, unfair competition, trademark and copyright infringement, cyberpiracy and libel.

The claims arise from the failed efforts of Mr. Behringer to have Twitter disable the accounts of users using the Twitter handles “@NotUliBehringer” and “@fakeuli”.  This, despite the fact that as Balasubramani writes, “the first thing that jumps out is that both accounts are clearly parody accounts – no reasonable twitter user would think otherwise.”  According to Balasubramani, Twitter responded that the accounts did not violate any of Twitter’s policies and therefore refused to disable the accounts, prompting Behringer to bring his case to federal court.

Balasubramani clearly thinks Behringer’s suit is frivolous, although not just because of the protected status of parody under First Amendment and fair use law.  He describes the copyright, trademark unfair competition and interference with contract claims as “tenuous at best”.

What is the Reach of US Jurisdiction Over Personal Data?

Hunton & Williams, in its Privacy and Information Security Law Blog, writes about a U.S. federal court ordering Microsoft to release user data to U.S. law enforcement in response to an otherwise valid search warrant even where the data was physically stored on servers based outside the United States.

In this case, the data was stored on servers in Ireland.  According to H&W, Microsoft argued that “U.S. courts are not authorized to issue warrants for extraterritorial search and seizure of emails.”  In response, a federal magistrate judge held that a search warrant for online data should be viewed – and treated – differently than a conventional warrant, and particularly should be viewed much more liberally for extraterritorial access purposes.  Allison Grande of Law360.com reports that the judge held that the Stored Communications Act, 18 U.S. Code § 2701 “does not explicitly bar extraterritorial access.” 

Read More

Privacy Roundup: 4/21/2014- 4/27/2014

Posted April 29, 2014 by Andrew Mirsky 0

Sarah N. Lynch reported that Digital 4th, a group that defines itself as “ a non-partisan coalition dedicated to bringing Fourth Amendment protections into the 21st century.”, is slamming the United States Securities and Exchange Commission (SEC) for resisting changes to federal privacy laws proposed in Congress in 2013.  The legislation would force government agents to obtain warrants prior to accessing the email of any individual under investigation.  In urging the public to lobby the White House to support this reform, Digital 4th launched the website notwithoutawarrant.com.  Lynch writes that, currently, government investigators can legally access certain emails with only a subpoena, which has a lower legal threshold than a warrant since it doesn’t require a judge’s approval.

In The Economist’s “Babbage” blog, H.G. reported that a couple of Harvard students created a service which allows users to delete or alter the content of messages that they have already sent.  The service, Pluto Mail, also lets email senders see whether or not recipients have opened their messages.  The service was released in beta on March 1, currently has about 2,000 users, and accepts new recruits each day from a waitlist.  H.G. reports that, although the sender can access and alter or delete the content of a message via the cloud, senders cannot delete the actual message from a recipient’s inbox.  “The ability to delete all trace of an email would require access to all other messaging services, obliging Pluto Mail to collaborate with every other email provider in the world—a feat they did not consider feasible.”

Read More

Privacy Roundup: 4/14/2014- 4/20/2014

Posted April 21, 2014 by Andrew Mirsky 0

Hunton & Williams’ Privacy and Information Security Law Blog reported on the FTC’s settlement with two data brokers, Instant Checkmate, Inc. and InfoTrack Information Services, Inc., in connection with those firms’ practices of selling public record information about consumers. The FTC had filed complaints against the 2 companies claiming for “providing reports about consumers to users such as prospective employers and landlords without taking reasonable steps to make sure that they were accurate, or without making sure their users had a permissible reason to have them.” The FTC entered into consent orders with each of the companies (together with payment of fines) requiring future compliance with the Fair Credit Reporting Act.

Mary Ellen Callahan and Esteban M. Morin wrote on the blog of the International Association of Privacy Professionals (IAPP) about a workshop last week hosted by the National Institute of Standards and Technology on the topic of privacy engineering, and in particular, the “lack of clear standards that exist for regulating privacy”. Similar to concepts broadly being espoused by proponents of Privacy by Design, the authors “stressed the importance of organizational structure that emphasizes privacy, the value of developing a ‘culture of privacy’ that raises every employee’s awareness of privacy issues and generally explained how to establish a privacy-protective environment”. For more on Privacy By Design and its concepts and proponents, please see our separate recent blog post here .

Read More

Employee Noncompetes: Enforceable if Employee Quits After 3 Months? Maybe Not.

Posted February 24, 2014 by Andrew Mirsky 0

Seems that in Illinois a noncompete covenant in an employment offer letter is unenforceable if the only consideration given the employee is the promise of continued employment.

A case in Illinois involving an individual who sued his former employer seeking a ruling that his noncompete was unenforceable illustrates a potential pitfall for employers trying to prevent employees from leaving to work for competitors.  Employers in many states routinely make offers of employment through offer letters, containing compensation terms, job duties and, sometimes, noncompete restrictions that apply during and after employment.  Sometimes – but not always – the noncompete is coupled with a pre-agreed severance payment negotiated at the start of employment that would kick in upon any employment termination.

The case, Fifield v. Premier Dealer Services, Inc., was issued in June 2013 and the report can be found here.  The question raised in the Illinois case was whether the absence of such a pre-agreed severance payment made the noncompete unenforceable.  The employer argued that the offer of employment itself was adequate consideration in exchange for the employee’s agreement to not work for a competitor.  The First District of the Illinois Appellate Court said not so, and the Illinois Supreme Court declined to review the appeal.

Read More

Republishing Defamatory Content: Hyperlinking is OK?

Posted February 6, 2014 by Andrew Mirsky 0

If someone publishes something defamatory on the internet, and I later re-publish that statement, generally I can be held liable for defamation equally as the original publisher of the defamatory statement.  (See for example, http://www.wassom.com/publication-republication-and-defamation-online-guest-post.html.)

So, for example, if I publish on my blog an unvarnished, clearly libelous statement – oh, I don’t know, say I write something like “Sheldon Adelson (the casino magnate and Republican party contributor) runs a prostitution ring in Macau” – and then my friend (let’s call him “Phil”) repeats that statement on his blog, then typically both Phil and I can be liable for defamation. 

Read More

Who Owns Twitter Followers?

Posted December 9, 2013 by Andrew Mirsky 0

Seriously, is this a real question?  Isn’t this like asking who owns rights to your friends?   Or … who owns rights to Grateful Dead fans?  And doesn’t the very question present its own obvious answer?  I mean, isn’t it a bizarre question? How can you “own” your fans?

Bizarre, perhaps, but data companies own all sorts of lists of people, so isn’t this just the same thing?  To be clear, data companies never really argue that competitors cannot make their own competing lists and sublists of Democratic voters or whatever.  The companies would just argue that others cannot copy their lists of such people.

Or is it more like last year’s Craigslist fight with Padmapper over Craigslist’s claimed exclusive rights to use Craigslist’s apartment listings: Can anyone “own” apartment listings?  See my previous discussion of this case, here.

Read More

Using Open Source Software – What Dangers Lurk for Your Own Work? When is Your Work “Derived From” the OSS?

Posted October 22, 2013 by Andrew Mirsky 0

With open source software (OSS), there seem to be 2 major misconceptions, one by end users and the other by developers.  As to users, it may be helpful to understand that restrictions and compliance burdens do not apply to the end user’s own use, but only upon subsequent transfers of the software.  As to developers, a major misconception involves what kind of newly-created work – say, a library or module component – is “derived from” the OSS and therefore bound by its same open source license.

First, with users, there is first the question of what use is restricted.  And in a big sense the answer is “none”.   So, for example, “Open source does not place a compliance burden on the end user, does not mandate acceptance of an end-user license agreement, does not subject [the end user] to para-police action from [any software industry trade group].”  Simon Phipps wrote that in 2010, adding that “If you move beyond use of the software and study the source code, there is also no compliance burden.  There is no risk associated with using the knowledge you gain for other purposes.”

Of course, the phrase “using the knowledge” is significant, because using the software (i.e. the code) is a different story.  An end user’s use of ideas and know-how and processes is not subject to OSS license restrictions, at least not under a typical OSS license.  But such use may be subject to restrictions under patent law.

Read More

Software as a Service: Is it even a License? Who Cares? What about UCC Implied Warranties?

Posted September 11, 2013 by Andrew Mirsky 0

I recently advised a client on a software contract involving the question of whether the contract would be deemed to involve “software” at all.  The context was a technology vendor bidding on a contract to provide technology to a federal government agency.  The question of whether “software” was actually being provided under the contract was important because ownership of any software created pursuant to the contract would be subject to fairly broad ownership rights to the benefit of the government.  See for example, 48 CFR 27.4 (“Rights in Data and Copyrights”) and 48 CFR 27.404-1 (“Unlimited rights data”).  However, in this case the vendor was not technically “delivering” any software at all, but instead was delivering access to a website.    

In fact, no code was being delivered, not even executables.  No downloadable software or object code or source code was being delivered at all.  The vendor was to host the service entirely, making it available to the government via an internet website, in the most literal definition of “Software as a Service” (SaaS).

Read More

Software Maker Runs into Licensing Wall: Implied and Express Warranty Problems

Posted August 27, 2013 by Andrew Mirsky 0

What is the significance of thinking of software as a “good”, as opposed to a “service”?  A recent case showed that various implied warranties under the Uniform Commercial Code (UCC) apply only to sales of “goods”, but frequently will apply to software licenses.  The case also showed how software makers can be held liable for promises they make about performance of their software, despite disclaimers in a software license agreement.

A software vendor licensed its software to a customer, who agreed to the vendor’s end user license agreement (EULA) as a condition of the transaction.  The case is Rottner v. AVG Technologies, 12-10920-RGS (D. Mass, May 3, 2013) [pdf].  The software vendor argued that the customer’s agreement to the vendor’s EULA rendered inapplicable the customer’s reliance on warranties provided anywhere other than in the EULA.  If correct, that would have meant that the only applicable warranties were those expressly made in the EULA, and the inapplicability of any warranties provided under law including under the UCC.  But also inapplicable would be any warranties based on claims made by the vendor in any advertisements or promotions about the software’s capabilities.

Read More

Copyright: Authorship, Ownership and Copyright Status

Posted May 20, 2013 by Andrew Mirsky 0

United States copyright law was changed substantially in 1976, with changes effective as of January 1, 1978 and forward.  The regulatory scheme established as of January 1, 1978 is still (essentially) in effect today, and determines how copyright status is viewed with respect to new works and to existing works.

A. US Copyright Law Pre-1978

Prior to 1978, copyright law granted a copyright of 28 years from the date of a work’s publication with notice (through a required filing of a copyright registration with the Copyright Office).  The copyright was renewable after 28 years for a single additional period of 47 years (by filing another renewal copyright registration).

After the expiration of the full 75 years (28-year initial term plus 47-year renewal term), the work went into the public domain.  Similarly, upon the expiration of the initial 28-year term, if the copyright owner failed to file a renewal registration, the work went into the public domain.  This 28/47 rule (total of 75 years) applied to works that were both author-owned copyrights and “works made for hire”.  In terms of length of term of copyright, there was no distinction under the pre-1978 law between author-owned works and “works made for hire”.

Read More

Copyright 2022 Mirsky & Company, PLLC