MediaTech Law

By MIRSKY & COMPANY, PLLC

Legal Threats Don’t Stop Growth of Textbook Pricing Application

OccupyTheBookstore, a Chrome browser add-on from Texts.com, has become the subject of legal threats from Follett Higher Education Group, one of the largest college textbook retailers in the U.S.  Textbook price comparison tools are not new, with websites like Chegg and SlugBooks, compiling textbook prices from retailers, university bookstores, and online retailers on their own websites.  What makes OccupyTheBookstore unique is that it is provided directly to the user as a downloadable plug-in and works immediately on top of a user’s browser to show cheaper options for print and digital rentals while the user browses a bookstore’s website.

The fact that the user is given the option to employ an immediate filter on top of Follett-affiliated websites rankled the company and prompted it to threaten Texts.com with legal action.  According to an email from Follett to Texts.com’s founders obtained by the Wall Street Journal, the add-on “effectively chang[es] the presentation of the information on the screen.”  Texts.com has not backed down.  In an interview with Red and Black, University of Georgia’s student newspaper, Texts.com says that it “determined that we are totally within our rights to manipulate information in the client’s browser. As it’s opt-in and doesn’t touch the bookstore servers at all….”

Read More

A Simple Takeaway from the Recent Sony Hack

The hack of Sony Pictures Entertainment placed Sony Entertainment Pictures in the spotlight for the last two months of 2015, highlighting the company’s lax security protocols and placing international focus on the recently released James Franco/Seth Rogan comedy “The Interview”. For the uninitiated, a group calling themselves the “Guardians of Peace” (with the unfortunate acronym “GOP”) hacked into the Sony’s computer systems, gaining unauthorized access to a treasure trove of sensitive data, including: social security numbers of over 47,000 celebrities, freelancers, and Sony employees; several unreleased movie titles that were later released to file-sharing websites; and corporate files including email correspondence, film budgets and passport/visa information for movie casts and crew. The data breach appeared to be supported by North Korea, which denied responsibility. While the United States National Security Agency directly blamed North Korea for the attack, other industry insiders claim North Korea had nothing to do with the attack.

Read More

Fertilizer by Any Other Name: District Court Denies Trademark Protection for Generic Term

Trademark law is designed to protect consumers from confusion as to the sources of products or services.  Strong trademarks are those that are distinctive – that is, they are capable of identifying the source of a particular good.  At the other end of the trademark spectrum are generic marks.  These marks are incapable of functioning as trademarks because they have come to be identified by the relevant purchasing public as common names for the goods or services with which they are associated.  A finding that a mark has become or is generic means that it has lost (or has never had) the ability to identify the source of a product or service, and thus cannot function as a trademark.  For this reason, a finding that a potential mark is “generic” presents a serious problem to a trademark application because it means that a mark has become synonymous in the public’s mind with a particular product or service as opposed to its source.

Dr. Earth, a California organic gardening company, learned this lesson after a lengthy legal battle in which its trademark application for PROBIOTIC was ultimately denied by the U.S. District Court for the Eastern District of Virginia.  Dr. Earth sought to register the word PROBIOTIC for fertilizers.  The U.S. Patent and Trademark Office (PTO) Examiner initially refused registration, stating that the term was generic in connection with fertilizer, and that at most, the term was merely descriptive and had not acquired a secondary meaning.  Merely descriptive marks are similar to generic marks and are considered “weak” marks because they simply convey information about a function, characteristic, or purpose of the goods or services.  As Jeffrey Davidson states in his IP Registration and Enforcement blog, “[d]escriptive terms by their very nature apply to all goods of a particular type, and therefore do not identify any single source.”  Nonetheless, merely descriptive marks can become distinctive of a source by achieving “secondary meaning.”  Daniel A. Tysver, of the comprehensive Bitlaw Legal Resource, notes that if evidence such as long term use or large amounts of advertising and publicity can show that a mark has achieved this “‘second meaning’” (the first meaning being the generally understood meaning of the term or phrase), a protectable trademark is developed.”

Read More

Ubergate: Year-end troubles persist for the popular rideshare company

The rideshare and taxi service Uber has had a very public and turbulent end to 2014. From privacy abuse allegations and Congressional scrutiny, to public protests and all-out bans in certain countries, the San Francisco-based, mobile-app-focused company has managed to retain its valuation of $40 billion. The company, which provides its service in 45 countries and over 200 cities, ran into trouble after a Buzzfeed report detailed November 14th remarks by the company’s Senior Vice President Emil Micahel who spoke of his desire to dig up dirt on the personal lives of journalists critical of the company. In particular was the intent to spread the personal details of one Sarah Lacey, editor of the Silicon Valley website PandoDaily. The Buzzfeed report also detailed the examination of private travel records of a reporter by an Uber executive. The combination of the aggressively toned nature of the comments and the willingness of the company to access user’s personal data gave rise to the November trending hashtag #Ubergate.

Read More

Granting Access: Real and Imagined Threats Regarding Terms of Service

Introduction

The latest Nielsen data show that the average smartphone owner uses approximately 26 apps in a given month. (Median use is probably quite a bit lower, but the numbers are still impressive.)  Marketplaces for apps, like Apple’s App Store and Google Play, have standardized how apps are distributed. Users are informed of an app’s features, as well as the extent to which the app may function on a particular smartphone. From taking pictures and recording video, to collecting GPS and location data, to accessing contact lists, apps have access to larger and larger sets of personal information. For all practical purposes, each of those apps employs some type of Terms of Service (“TOS”) agreement and privacy policy outlining its required permissions before it may be installed and used.

Practically, it is oftentimes unlikely that users downloading an app fully read and comprehend the terms of service or privacy policy, but instead give the app’s list of requested permissions no more than a cursory glance. A 2008 study by Aleecia M. McDonald and Lorrie Faith Cranor found that – based on the median length of privacy policies and the standard reading pace of 250 words per minute – it would take an individual approximately 30 work days to read all of the privacy policies encountered on a daily basis. The study only accounted for privacy policies, and not terms of service agreements or user agreements. Due to the length and ubiquity of these terms and policies, it is reasonable to think that many users do not take the time to fully understand the terms and policies to which they agree. This explains why users may not know exactly what permissions and capabilities they’ve approved for the apps they use.

Read More

What Should You Consider When Drafting a Privacy Policy?

Businesses are often faced with the challenge of collecting information about their clients in order to tailor and improve their products and services, while respecting their customers’ privacy and protecting their personal information.  But outside of a narrow set of specific state requirements mandating minimum content requirements for privacy policies (see, for example, this discussion of California’s Online Privacy Protection Act (CalOPPA)), and other than the Federal Trade Commission (FTC) Act, which prohibits deceptive or unfair commercial practices, there are no federal laws or regulations that explicitly say what should be included in a privacy policy.  Nonetheless, the statements a company makes in its privacy policy regarding use and disclosure of personal information are enforceable by consumer protection agencies under regulations such as the FTC Act and state laws that prohibit deceptive commercial activity.

Read More

Google Ordered to Cull Both European and Global Search Indexes

Google & Europe’s Right to Be Forgotten

A recent round of court decisions has forced Google, the internationally known search behemoth, to shrink its search index, instead of expanding on it. This past May, a ruling by the Luxembourg-based Court of Justice of the European Union (CJEU) required Google to provide a means by which citizens of the EU could request the search provider to delete information collected on individuals where the search result(s) “appear to be inadequate, irrelevant or no longer relevant or excessive in the light of the time that had elapsed.

Read More

Privacy Roundup: 6/26/2014

Will the ECJ Kill the Privacy Safe Harbor for Facebook, Google and All Others?

Christie Barakat reports in SocialTimes that the ECJ, the European Court of Justice, will review the compatibility of the EU-US Safe Harbor with Europe’s Charter of Fundamental Rights.

The Safe Harbor is a legal convention under which US companies doing business in Europe may permissibly transfer the personal information of EU residents outside of the EU zone.  To qualify, the Safe Harbor requires that American companies commit to certain protections of that data in their processing and sharing practices, including stringent commitments on security of data.  The Safe Harbor is a self-certification process rather than a license or regulatory ruling process.  Although a little bit dated, see Henry Farrell’s nice primer on the Safe Harbor, here.

Barakat quotes from Farrell’s Washington Post blog, “Monkey Cage”, covering the immediate issue, which involves an Irish resident who sued Facebook in Ireland claiming that Facebook’s Safe Harbor self-certification status could not meet European Constitution standards for privacy protection due to Edward Snowden’s revelations of US government snooping of foreigners’ personal data.  As Farrell blogged in the Post, “the judge has presented the case to the ECJ in a way that seems designed to get the higher court to rule that the Safe Harbor is incompatible with European human rights standards, and hence invalid.”

Farrell describes the likely outcome of the ECJ’s review as “very hard to say”, at best. 

Read More

Expanding Accessibility: UN Adopts Article 9, Raising Accessibility Standards

Introduction
In April 2014, the United Nations (UN) Committee on the Rights of Persons with Disabilities adopted its General Comment No 2 on the issue of Accessibility, which applies to member States within the UN that have signed the treaty. The General Comment to the Convention on the Rights of Persons with Disabilities (CRPD) seeks to provide guidance to all relevant stakeholders, such as states and international organizations, on how to ensure accessibility for persons with disabilities. The treaty serves as the first of its kind to address access to information and communication technologies (ICT) for users with disabilities, and may now serve as a basis for State parties to reinforce and regulate national legislative frameworks.

Notably the CRPD, Article 9, paragraph 13 places particular onus on public and private actors regarding ICT. “The focus is no longer on legal personality and the public or private nature of… information and communication, and services. As long as goods, products and services are open or provided to the public, they must be accessible to all, regardless of whether they are owned and/or provided by a public authority or a private enterprise.” This public and private distinction is a first of its kind. Prior regulations placed the requirements for accessible ICT solely on public or government entities. These entities were essentially held to be established in some way for the public good, and therefore had a right to be accessible to the public audience. The shift in language which now includes “all products and services open or provided to the public” places such accessibility requirements on private industry as well, and will set the tone for implementation of such standards by UN treaty members to the CRDP.

Read More

Privacy Roundup: 6/18/2014

European Court of Justice’s Recent Ruling Has Many Asking: “What Now?”, Google’s Response, And the EU’s Counter-Response 

Mark Scott reported for The New York Times that 28 data privacy regulators from various agencies across the EU will carry out the European Court of Justice’s (EUCJ’s) recent ruling that Google can be forced to remove links from certain searches.  “But”, wrote Scott, “the court gave agencies little guidance in applying the ruling, and they (the regulators) are likely to interpret it in different ways.”  Scott reports that there are two other issues with the ruling: First, the question of whether non-Europeans would be eligible for petitioning European regulators to have information removed and second, the question of what obligation Google or other search engines will have in responding to requests to remove information.

Scott explained that, although Google has previously been confronted with requests to take down information, neither Google nor any other search provider has ever “faced the prospect of handling so many demands for unlinking online content that the new European ruling may have unleashed.”

Read More

Privacy Round Up

Oh Snap, SnapChat Agrees to Settle FTC Charges/ Incriminating Selfies Could Come Back to Haunt You
In a news release issued Thursday, the Federal Trade Commission (FTC) reported that SnapChat, Inc., maker of the mobile app “Snapchat”, “has agreed to settle Federal Trade Commission charges that it deceived consumers with promises about the disappearing nature of messages sent through the service.”  According to the FTC’s complaint, Snapchat had previously touted privacy and security as selling points in providing its service which allows users to share “snaps”, ephemeral photos or videos with other users.  The FTC’s release quotes FTC Chairwoman Edith Ramirez: “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”  Additional charges against SnapChat included misrepresented information regarding data collection in its privacy policy, the tracking and transmission of Android users’ geo-location information despite Snapchat claiming otherwise, and the collection of names and phone numbers from users’ mobile address books without notice or permission.

*          *          *

Honey Badger, Stand Down: There’s a New Badger in Town
Peter Eckersley, Copper Quintin and Yan Zheuff announced on the Electronic Frontier Foundation’s (EFF) Deeplinks Blog that EFF has released Privacy Badger, a browser extension for Firefox and Chrome which “automatically detects and blocks spying ads around the web”.  Eckersley, Quintin, and Zheuff report that, according to recent Mozilla research, users want privacy more than anything else in a web browser.  According to the post, EFF considers Privacy Badger a part of the organization’s “growing campaign to deliver privacy by giving you the technical means to disallow trackers within the pages you read on the Web.”

Privacy Badger is currently in alpha release and they want your feedback.  You can install it here.

Read More

Privacy Round Up

Can you Tweet That?

Venkat Balasubramani writes on the Technology & Marketing Law Blog about a suit filed recently in federal court by Uli Behringer against “John Doe” Twitter users claiming (among other things) violations of the Computer Fraud and Abuse Act (CFAA [http://www.law.cornell.edu/uscode/text/18/1030]), 18 U.S. Code § 1030, unfair competition, trademark and copyright infringement, cyberpiracy and libel.

The claims arise from the failed efforts of Mr. Behringer to have Twitter disable the accounts of users using the Twitter handles “@NotUliBehringer” and “@fakeuli”.  This, despite the fact that as Balasubramani writes, “the first thing that jumps out is that both accounts are clearly parody accounts – no reasonable twitter user would think otherwise.”  According to Balasubramani, Twitter responded that the accounts did not violate any of Twitter’s policies and therefore refused to disable the accounts, prompting Behringer to bring his case to federal court.

Balasubramani clearly thinks Behringer’s suit is frivolous, although not just because of the protected status of parody under First Amendment and fair use law.  He describes the copyright, trademark unfair competition and interference with contract claims as “tenuous at best”.

What is the Reach of US Jurisdiction Over Personal Data?

Hunton & Williams, in its Privacy and Information Security Law Blog, writes about a U.S. federal court ordering Microsoft to release user data to U.S. law enforcement in response to an otherwise valid search warrant even where the data was physically stored on servers based outside the United States.

In this case, the data was stored on servers in Ireland.  According to H&W, Microsoft argued that “U.S. courts are not authorized to issue warrants for extraterritorial search and seizure of emails.”  In response, a federal magistrate judge held that a search warrant for online data should be viewed – and treated – differently than a conventional warrant, and particularly should be viewed much more liberally for extraterritorial access purposes.  Allison Grande of Law360.com reports that the judge held that the Stored Communications Act, 18 U.S. Code § 2701 “does not explicitly bar extraterritorial access.” 

Read More