MediaTech Law

By MIRSKY & COMPANY, PLLC

Protecting Children’s Privacy in the Age of Siri, Echo, Google and Cortana

Posted September 26, 2016 by Rob Ellis 0

“OK Google”, “Hey Cortana”, “Siri…”, “Alexa,…”

These statements are more and more common as artificial intelligence (AI) becomes mainstream. They serve as the default statements that kick off the myriad of services offered by Google, Microsoft, Apple and Amazon respectively, and are at the heart of the explosion of voice-activated search and services now available through computers, phones, watches, and stand-alone devices. Once activated, these devices record the statements being made and digitally process and analyze them in the cloud. The service then returns the search results to the device in the form of answers, helpful suggestions, or an array of other responses.

A recent investigation by the UK’s Guardian newspaper, however, claims these devices likely run afoul of the U.S. Children’s Online Privacy Protection Act (COPPA), which regulates the collection and use of personal information from anyone younger than 13. If true, the companies behind these services could face multimillion-dollar fines.

COPPA details, in part, responsibilities of an operator to protect children’s online privacy and safety, and when and how to seek verifiable consent from a parent or guardian. COPPA also includes restrictions on marketing to children under the age of 13. The purpose of COPPA is to provide protection to children when they are online or interacting with internet-enabled devices, and to prevent the rampant collection of their sensitive personal data and information. The Federal Trade Commission (FTC) is the agency tasked with monitoring and enforcing COPPA, and encourages industry self-regulation.

The Guardian investigation states that voice-enabled devices like the Amazon Echo, Google Home and Apple’s Siri are recording and storing data provided by children interacting with the devices in their homes. While the investigation concluded that these devices are likely collecting information of family members under the age of 13, it avoids conclusion as to whether it can be proven that these services primarily target children under the age of 13 as their audience – a key determining factor for COPPA. Furthermore, according to the FTC’s own COPPA FAQ page, even if a child provides personal information to a general audience online service, so long as the service has no actual knowledge that the particular individual is a child, COPPA is not triggered.

While the details of COPPA will need to be refined and re-defined in the era of always-on digital assistants and AI, the Guardian’s claim that the FTC will crack down harshly on offenders is not likely to happen, and the potential large fines are unlikely to materialize. Rather, what will likely occur is the FTC will provide guidance and recommendations to such services, allowing them to modify their practices and stay within the bounds of the law, so long as they’re acting in good faith. For example, services like Amazon, Apple and Google could update their services to request on installation the age and number of individuals in the home, paired with an update to the terms of service requesting parental permission for the use of data provided by children under 13. For children outside of the immediate family who access the device, the services can claim they lacked actual knowledge a child interacted with the service, again satisfying COPPA’s requirements.

Read More

Copyright of “Public Facts”: Craigslist v. PadMapper (updated)

Posted November 29, 2012 by Andrew Mirsky 0

Craigslist was meant for the common good, or as founder Craig Newmark puts it, “doing well by doing good”.  At least, that has been its announced mission since it began as an email distribution among friends. Craigslist kept its mantra through its rise to Silicon Valley stardom, snubbing multi-million dollar buyout offers and fighting attempts to monetize the site along the way.

The physical layout of Craigslist hasn’t changed much over the years. Point your browser in its direction and, like an old friend, you’ll be greeted with the same underlined blue links you’ve known for years. Fans are legion, but so too are critics: Critics see stagnation in this comfort, some of whom have taken matters into their own hands through attempts at innovation. However, as some have already discovered, developing tools to work around (critics would say “enhance”) Craigslist’s simple functionality can invite legal response. Is an early darling of Silicon Valley showing a decidedly uglier side, or is Craigslist still simply looking out for the common good?

This past July, Craigslist filed a lawsuit in the US District Court, Northern District of California, alleging that apartment-hunting site PadMapper and its data exchange partner, 3Taps, unlawfully repurpose Craigslist postings and therefore undermine “the integrity of local Craigslist communities, ultimately harming both Craigslist and its users.”  While the complaint parallels Craigslist’s “common good” business model, 3Taps CEO Greg Kidd sees it differently. “We believe Craigslist is acting like a copyright troll,” Kidd recently told AllThingsD.  Kidd’s company provides PadMapper an API for data about Craigslist postings that 3Taps gathers via means it claims are not subject to Craigslist’s Terms of Use and that likewise do not violate Craigslist’s copyrights.

This isn’t the first time Craigslist has claimed such violations, including several now-shuttered earlier services built on top of Craigslist’s platform. In July 2010, Newmark took to Q&A site Quora to defend his company’s actions in a case similar to Padmapper’s, saying he did not take issue with sites that do not affect Craigslist’s servers. “Actually, we take issue with only services which consume a lot of bandwidth, it’s that simple,” Newmark wrote.

June 22: Craigslist sends Padmapper a cease and desist letter and blocks PadMapper from pulling CL ads (at least from doing so directly).  According to CL’s complaint (filed July 20th), traffic to Padmapper immediately plummeted.  

PadMapper claims not to siphon off Craigslist’s servers. Through its partnership with 3Taps, PadMapper accesses a database of Craigslist listings found and organized from search engines including Google and Bing.

 July 9: Padmapper re-launches using 3Taps data.

July 20: Craigslist sues 3Taps and Padmapper.  CL claims:

  • Copyright infringement (for the CL site and for CL listings)
  • Contributory copyright infringement (against 3Taps)
  • Breach of contract (TOS)
  • Trademark infringement
  • Trademark dilution
  • Unfair trade practices

Perhaps that’s why Craigslist is now requiring users to “expressly grant and assign to Craigslist all rights” to enforce the copyright. Other sites like Yelp! and Facebook only require a non-exclusive license to their users’ content. But even if courts interpret this as a legally binding transfer of copyright to Craigslist, facts, like those in classified listings, often cannot be copyrighted. Therefore, it is possible that details such as an apartment’s price, address and number of bedrooms will not be protected.

This is of course Greg Kidd’s argument. “No Terms of Use can ride roughshod over the fact that there is no copyright in facts,” Kidd says. “Padmapper’s use of exchange posting is not infringing use. It is fair use or free use … of public facts.” According to Kidd, PadMapper could just be the beginning to what could be, “a whole class of use case conflicts if this stands.” Via this interpretation, as Kidd sees it, “a [Craigslist] posting retweeted via Twitter is going to be just as problematic as one through PadMapper.”

This argument inelegantly ignores 2 obstacles under contract and copyright.

Contract

First contract law, by virtue of the binding nature of Craiglist’s TOU as a contract.  So, as Craigslist notes in its complaint:

[3Taps and Padmapper] regularly accessed the CL website and affirmatively accepted and agreed to the [TOU] to, among other things, test, design, and/or use the software that allows Defendants to provide their services.  Likewise … Defendants regularly accessed the CL website with knowledge of the [TOU] and its prohibitions against copying, aggregating, displaying, distributing, performing and derivative use of the CL website and any content posted on the CL website … and regularly access the CL website and copied, aggregated, displayed, distributed, and made derivative use of the CL website and the content posted therein.

3Taps disagrees: 3Taps cannot be bound by Craigslist’s TOU, since 3Taps never touches Craigslist’s servers to obtain the data it provides via its API.  Says Kidd:

The [CL] data in question is indexed by public search engines and is made available in the public domain.  One does not have to belong to or even go to Craigslist to find this information on the description, price, and time of availability of a posting. The information is freely available in the public domain and is a fundamental component of transparency of supply and demand and price discovery that are the foundation of free markets.

Craigslist then says that 3Taps’ argument about not directly accessing data from Craigslist is absurd:

3Taps copies all of craigslist’s content – including time stamps and unique craigslist user ID numbers – and makes it available to third parties for use in competing websites or, for whatever other purpose they wish. On information and belief, 3Taps is obtaining this content by improperly accessing craigslist’s website and “scraping” content.

Copyright – Facts and Facts

Kidd’s “public domain” argument – challenging Craigslist’s private ownership of public “facts” – has its own problems.  That’s because there are public facts and … there are public facts. For starters, what makes an apartment listing a public fact? Arguably, an apartment listing is a private piece of information uniquely created and formatted by a landlord and Craigslist: How listed, what information is listed, what pricing, etc.  Perhaps not the most highly creative of copyright subject matters protected by “original works of authorship fixed in any tangible medium of expression” US Copyright Act (Title 17 US Code), but nonetheless protected by copyright.

No, Craigslist may not be able to protect names and addresses, but it may be able to protect Craigslist’s particular presentation of those names and addresses.  And Craigslist makes this very point in its complaint, claiming that 3Taps “displays craigslist’s copyrighted content in virtually identical visual fashion to the manner in which they appear on craigslist.”

August 1: After filing its July suit, Craigslist amends its TOU, telling users they were not permitted to cross-post their sales items anywhere else on the internet:

Clicking ‘continue’ confirms that Craigslist is the exclusive licensee of this content, with the exclusive right to enforce copyrights against anyone copying, republishing, distributing, or preparing derivative works without its consent.

August 5: Craigslist instructs all general search engines to stop indexing CL postings.

August 9: CL amends its TOU – again – to remove “exclusive license” language from its TOS:

Second, Craigslist may be able to rely on copyright arguments similar to those historically made by mapmakers and telephone book publishers, where the compilation of otherwise public facts is itself copyrightable. (See, for example, Feist Publications, Inc. v. Rural Telephone Service Co., 499 US 340 (1991).)  This argument, where the unique presentation, design, layout, or formatting give a compiler a copyright edge, still gives scant protection to the component parts, but it can give viability to a legal claim of misappropriation.

Other Arguments – Trademark and Unfair Competition

Craigslist makes other legal arguments, including most notably trademark infringement and dilution claims and California state law unfair competition claims.  These are subjects beyond the scope of the present discussion, although they do seem to raise the kinds of issues that the likes of Rockefeller Plaza in New York City deals with: Once a year, every year, the plaza is closed to public access in order to allow its owners to continue to assert their private ownership.   Perhaps Craigslist, too, feels some periodic necessity to remind its users that freedom of internet use is not free.

September 24: 3Taps files answer and counterclaim against CL.  Counterclaims:

  • Antitrust
  • Unfair competition
  • Interference with economic advantage

From 3Taps antitrust counterclaim complaint:

3taps is not alleging that craigslist acquired its widespread monopoly power improperly – far from it; craigslist should be applauded for bringing online classifieds into the modern age and achieving its initial dominance over various U.S. markets for the “onboarding” (i.e., the process of inputting and uploading factual content on the internet) of user-generated classified ads by those seeking a personal exchange transaction for various goods and services, including apartment rentals, jobs, personal services, general goods, and other sales.

What 3taps is complaining about is how craigslist has maintained (and continues to maintain) its monopoly power in these three related markets. Certainly, craigslist has not maintained this power by competing on the merits. Indeed, for years, craigslist has espoused the classic principles of a monopolist that believed it did not need to compete: a “strategy” of “unbranding,” “demonetizing,” and “uncompeting” —the epitome of a lethargic monopolist. And why not?  As an unchallenged monopolist across these various markets, craigslist has generated revenues somewhere between $100-$300 million per year, and that’s without sinking any significant costs into research and development or innovation.

September 24: Craigslist launches its own mapping capability.

Bruce Fryer, an intern with Mirsky & Company, PLLC, contributed to this post.

Read More

HTML5 Unintended Consequence? Getting Around Apple In-App Sales Restrictions.

Posted October 10, 2011 by Andrew Mirsky 0

One unintended consequence of the accelerating popularity of HTML5 for mobile app development is an ability to skate past Apple’s App Store restrictions on in-app sales.  So I put this question to Piotr Steininger of Tapangi Consulting:

There’s talk out there about being able to use HTML5 to get around Apple’s App Store ban on charging for in-app purchases.  In other words (I think), somehow HTML5 allows content producers to get around this problem by making apps (and other things) downloadable directly through web browsers.  So … how is it that HTML5 allows getting around this issue?

Some background: Apple announced a policy change earlier this year, specifically in Section 11.14 of its App Store guidelines,

Read More

Update: Privacy for Mobile Apps – The Limits of Transparency

Posted September 8, 2011 by Kate Tummarello 0

In June of this year, Senator Al Franken (D. Minn.) introduced the “Location Privacy Protection Act of 2011” (S. 1223).  According to the bill summary available on Franken’s website, a 2010 investigation by the Wall Street Journal revealed that 47 of the top 101 mobile applications for Apple iPhones and Google Android phones disclose user location without consent of the user.

According to Franken’s bill summary, current law prevents disclosure of user location during telephone calls without user consent. Currently, no similar legislation protects user location when a user accesses information through a mobile web browser or mobile application. Franken claims that his bill will close loopholes in the Electronic Communications Privacy Act that allow for this distinction.

If S. 1223 passes, companies will be required to obtain permission not only to collect mobile user location information but also to share that information with third parties. Additionally, the bill seeks to put in place measures to prevent stalking through location information.

As of this writing, Franken’s bill has been assigned to the Senate Judiciary Committee and is being cosponsored by Sens. Blumenthal, Coons, Durbin, Menendez, and Sanders.

Original Post (published 9/8/2011)

When was the last time you read a license agreement after installing software or downloading an app on your smartphone? If you’re like most people, the answer is probably never.

According to some estimates, fewer than 8 percent of us actually read the entirety of those agreements, despite rising concerns about digital privacy and data collection.

Read More

Apple Changes App Store Guidelines, Developers Seek End-Around

Posted August 24, 2011 by Kate Tummarello 0

Kate Tummarello is a Research and Social Media Intern with Mirsky & Company and a reporter at Roll Call/Congressional Quarterly.  Follow Kate on Twitter @ktummarello.

Apple’s App Store is full of subscription-based content providers. Whether you’re watching a movie on the Netflix app, reading a book through the Kindle app or streaming a TV show using the Hulu Premium app, you’re probably used to paying for the app and then paying more for the content.

But that’s changing, thanks to Apple’s new policy, which will prohibit developers from requiring users to make a second purchase to access content once they have purchased the app itself.

Apple rumor website MacWorld reported earlier this summer that Apple was planning on this new policy. The article quoted Section 11.14 of Apple’s App Store guidelines:

Apps can read or play approved content (specifically magazines, newspapers, books, audio, music, and video) that is subscribed to or purchased outside of the app, as long as there is no button or external link in the app to purchase the approved content. Apple will not receive any portion of the revenues for approved content that is subscribed to or purchased outside of the app.

Previously, developers could charge one price for the app and then offer more content for a second price within the app. Unlike purchases made through the app store, where Apple receives 30 percent of the profit, profits made from purchases within the app itself would go entirely to the developer. In eliminating the possibility for in-app purchases, Apple is ensuring that it retains its 30 percent.

But developers are looking to find ways around this policy. According to MacWorld, Netflix has found a loophole in instructing users to “visit Netflix.com” without providing a button for users to do so.

Others are turning to the much anticipated HTML5. According to Piotr Steininger, co-founder of Tapangi Consulting [http://tapangi.com/] based in Washington, DC, HTML5 may open floodgates for apps that are accessed through a device’s web browser rather than through an app store.  Or in other words, “Rather than buying an app in the app store you just go to a URL and you’ve got an app to go,” Steininger says. “You load it once on the iPad and download a book locally, and you’re good to go.”

Amazon has already unveiled an HTML5-based Kindle app that works within a device’s browser, including on the iPad. The app synchronizes with a user’s Kindle library, and users can shop for Kindle content within the app. According to many reports, other content providers, including Wal-Mart, are similarly attempting to use HTML5-based apps to avoid the Apple App Store and its rules and fees.

Read More

Twitter API and Legal Issues for App Developers

Posted August 1, 2011 by Andrew Mirsky 0

Much has been made lately of tension between Twitter and its outside developers.  The issues stoking the fire are less legal issues than business issues brought to front-burner by two particular factors:

(1) The maturity of Twitter as a development platform, or in the words of Ryan Sarver of Twitter, “In the early days, all the clients except Twitter.com were built out by ecosystem companies, mainly because Twitter was so focused on keeping the lights on.  But we learned that in order for us to really grow, we had to start taking over that core experience.” (quoted in the NY Times, 7/17/11).

(2) A reported Federal Trade Commission inquiry into the relationship by the , which has (in some views) caused Twitter to re-think its liberal open-door policy when it came to permitting outside development on its platform.

An excellent story and accompanying podcast on this subject appeared in the NY Times last week, written by Claire Cain Miller.

Bottom line: Twitter is seeking to control the applications that control access to Twitter, meaning desktop and mobile, and leaving the field open to enterprise applications, usability applications, analysis and similar applications.

Certainly the business reasons seem pretty clear, in that Twitter seeks to control core functionality – and the development of that core functionality – of the mother ship.  Although it is not terribly surprising that that strikes some critics as cynical, see for example here (“Twitter, just be honest: ‘The only way we can figure out how to make money is same ol’ display ads and we need to own the client for that.’”)

There are legal issues here, namely the ability of the platform to restrict access to its API.  As Claire Miller and others have noted, part of the problem for Twitter is that developer expectations may have been artificially inflated.  But there is more.  The FTC hint of antitrust scrutiny may be causing Twitter some heartburn about its historical open-ness.  Some analogy from two unrelated contexts: In trademark law, the concept “use in commerce” requires confirmation of continued public use of a registered trademark every 5 years or so.  In real property law, a property owner’s failure to restrict public access to property – and thus demonstrate its private claim – can, under some circumstances, support a court’s granting a permanent public right of way.

Quoting Rob Diana from Regular Geek, “Twitter also now owns the platform as a whole and must be as reliable as a utility company.  They must provide all of the capabilities that consumers need in the clients.” (emphasis added) A danger for a “public utility” of the information superhighway is creeping expectation of the duties and obligations of public purpose: Loss of commercial freedom, permanent regulatory scrutiny and public stakeholder claims.  It may very well be that Twitter is acting much like New York’s Rockefeller Center, which closes public access to traffic one day a year as a legal “fiction” in order to continue to assert private ownership rights.

Twitter rolled out its new API TOS (“Developer Rules of the Road”) in March of this year.  Rob Diana noted at that time that the announcement may have been – or perhaps should have been – anticlimactic, in that “A basic Twitter client is a terrible idea in today’s ecosystem.”  Wrote Diana:

Unless there is major functionality outside of the existing solutions, a new client is a losing idea. There is a high barrier to entry when we already have third-party clients like Tweetdeck, Seesmic, HootSuite and PeopleBrowser. This does not include some of the other applications that focus on team or brand management. So, by saying not to develop a new client, Twitter has saved us and investors a lot of time and money.

Read More

Copyright 2022 Mirsky & Company, PLLC