Posted on September 29, 2009 by Joseph I. Rosenbaum

Online Behavioral Advertising - Congress Poised to Act

Late last week, Rep. Rick Boucher (D-Va.), who chairs the Subcommittee on Communications, Technology and the Internet, released a statement indicating that despite industry collaboration and efforts at self-regulation, his belief is that government regulation remains necessary. Rep. Boucher intends to introduce legislation, regulating online behavioral advertising. His statement notes that the intention would be “to assure Internet users a high degree of privacy protection, including transparency about the collection, use and sharing of information about them and to give them control over that collection, use and sharing,” and that the advertising industry’s self-regulatory principles, “while proactive . . . . do not go far enough.”

In deference to the industry, however, Rep. Boucher’s statement also acknowledges that “online advertising supports much of the commercial content, applications and services that are available to Internet users today without charge,” and mentions that the intention of any legislation is not to disrupt well-established business models. The announcement asserts the legislation will have bipartisan support, and although it notes that actual draft legislation is not yet ready for prime time, it will be targeted primarily at privacy concerns, seeking to establish baseline standards relating to the disclosure, collection and use of consumer information, and safe harbors for advertisers that adhere to certain online practices in connection with these issues. In addition, the Federal Trade Commission will be given the authority to enforce the principles in the legislation and define the specific policies and practices that would allow advertisers to take advantage of the proposed safe harbor protections.

You can read all of Rep. Boucher’s statement right here. Fittingly, there is still time to register for tomorrow’s teleseminar “Are You Behaving Badly”, sponsored by the Advertising Technology & Media law practice at Reed Smith.

Tags: , , , , , ,
Posted on September 25, 2009 by Joseph I. Rosenbaum

Self-Regulatory Online Behavioral Advertising Principles: What's Déjà New?

In a speech in November 1942, Sir Winston Churchill remarked, “Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.”

So, if you have been following along with the original announcement and each of the following “principle summaries” posted on Legal Bytes:

. . . and, if you have read the actual report, then you will appreciate that “Self-Regulatory Principles for Online Behavioral Advertising”, consistent with the Federal Trade Commission’s support of industry self-regulation, are patterned after the highly successful record of the Council of Better Business Bureaus in regulating the traditional advertising industry for more than 30 years. A record that includes industry collaboration, self-regulatory principles and monitoring, and close collaboration with the Federal Trade Commission over the years, as the industry and advertising models evolved.

While one is always careful to ensure that at some point governmental intervention may be necessary to protect consumers from those who abuse the system or violate the law, the question to ask is whether and to what extent new or different regulation is required. That is certainly a question being asked (and being answered) by a coalition of 10 consumer advocacy and privacy groups in its recently released report, “Online Behavioral Tracking and Targeting Concerns and Solutions”, in response to the industry principles. More importantly, one may ask whether a concretized and codified piece of legislation is likely to remain relevant or even defensible in the face of innovation and technology that could not have been predicted five years ago and, I believe, will remain relatively unpredictable in the future.

That said, some aspects of advertising are predictable. Development, display and distribution mechanism will evolve dynamically as technology and innovation continue. Notions of consumer privacy and data protection will continue to evolve and be difficult to harmonize across nations, across cultural and local boundaries, and—because privacy is and has always been context specific—in time and space. What might have been considered private in 16th century France is very different from the concept of privacy that permeates the hearts and minds of citizens of Japan or Brazil today. Indeed, even the role of government in protecting one’s right to privacy and the use of information about oneself, is an ever-changing one. Advertising models and economics will continue to change, with metrics and quantification methodologies being sparred and argued over, recognizing that even the roles of advertisers, agencies, media buyers, and broadcast and publishing networks, as well as ISPs, search engine, browser and web hosting companies—the technology players—are and will continue to change. Wireless and mobile devices will continue to expand the domain of advertising and challenge our ability to capture consumers’ interest on tiny mobile screens, while the opposite is taking place in our living rooms—with the separation of desktop or laptop computing and home television and entertainment centers being increasingly irrelevant (and screens becoming larger). Oh, and did we forget to mention how online gaming and the interplay between gaming console, entertainment and product placement, virtual worlds and display advertising, are all blurring (pardon the pun) right before our eyes?

So if you have ever attempted to change a tire on a moving automobile, you have a vision of what the “industry” is and will look like in the future. Under these circumstances, traditional regulation as we knew it, may not make sense. What might make sense is a more dynamic system of regulation. One that is more flexible, more adaptable and more capable of interacting and reacting to changing circumstances, mechanisms, technology and the environment. Perhaps allowing the industry and the Federal Trade Commission, in conjunction with other agencies already tasked with the mission of protecting consumers within their particular areas of authority (e.g., FDA, FCC, FAA, and the list goes on) to develop self-regulatory enforcement mechanisms, referral mechanisms, and a track record, may be the best way to determine what, where and when regulation may be needed.

In the meantime, you may want to ask yourself if you are misbehaving as an advertiser or marketing professional, and register and listen in to our “Are You Behaving Badly” Teleseminar Sept. 30, which will tackle current issues in global regulation of behavioral advertising.

As always, I and my colleagues in the Advertising Technology & Media law practice at Reed Smith are ready to assist in guiding, advising and providing legal support where and when you need it. We’ve been changing tires for more than a century!

Tags: , , , , ,
Posted on September 24, 2009 by Amy S. Mushahwar

Reed Smith DC Office Hosting Next FCBA Privacy/Data Security & Legislative Committees Meeting

Reed Smith will host the next brown bag lunch meeting of the Federal Communications Bar Association’s joint Privacy/Data Security and Legislative Committees. The meeting will be held on October 13, 2009 between 12:00 noon – 2:00 p.m. at Reed Smith’s Washington, D.C. offices (1301 K Street, NW, Suite 1100 East Tower). The Committees will discuss the legislative priorities for the 111th Congress with special emphasis on behavioral marketing and data security legislation. The following speakers are confirmed to-date: Amy Levine, Legislative Counsel to Congressman Rich Boucher; and Paul Cancienne, Legislative Aide to Congresswoman Mary Bono Mack. We also have invited staff from the U.S. Senate. Please RSVP to Desiree Logan at dlogan@reedsmith.com to attend.

Tags: , , , , ,
Posted on September 23, 2009 by Joseph I. Rosenbaum

University Licensing Gets a Jolt - Exclusivity Is Not Patently Obvious

This post was written by Craig P. Opperman.

The United States Court of Appeals for the Federal Circuit has just overturned a lower court’s decision to throw out a patent infringement action brought by AsymmetRx against Biocare Medical. Why, you ask? The Appeals Court concluded in AssymetRx, Inc. v. Biocare Medical LLC that the patent owner, Harvard, should have been included in the lawsuit. Why should you care? Bear with me, especially if you are involved in any way in licensing, exploiting or otherwise commercializing technology, inventions or other intellectual property related to colleges and universities – or in litigating related licensing disputes.

Harvard gave AsymmetRx an exclusive license (including the right to enforce its rights) under a fairly standard and typical “university” licensing agreement. AsymmetRx sued Biocare and won. So far, all is right and ‘normal’ with the world. BUT, not so fast. Biocare appealed the decision and – are you ready?- The Appeals Court for the Federal Circuit sent the case right back to the District Court saying, exclusive? Not really. Harvard should have been joined in the infringement action. What, you say? How can this be? Read on.

The appellate court ruled that reading all the terms and conditions of the standard university license altogether, AsymmetRX didn’t really have the equivalent of full ownership of the patent or the subject matter – exclusive license notwithstanding. So Harvard, the owner, must be a party to the action for any determination on the merits. Specifically, the Court stated: “When viewing the retention of the right to sue in conjunction with all of the other rights retained by Harvard, it is clear that Harvard conveyed less than all substantial rights under the patents. While any of these restrictions alone might not have been destructive of the transfer of all substantial rights, their totality is sufficient to do so.”

In other words, since Harvard, under the terms of its license, still kept a significant amount of control over the patent rights, AsymmetRx as a licensee did not have enough of an interest in the patents to sue without joining Harvard – even though the license terms purported to give AsymmetRx the right to do so. Hmmmm.

Who cares? First of all, universities may now end up having to be joined in every intellectual property infringement action or disputes over intellectual property rights – even though it/they may have given an exclusive license, including the right to bring an action in its own name, to someone else. Are the litigators seeing dollar signs, and are university officials seeing legal costs and additional expenses, in the licensing process?

Just as significantly, if you are a transactional or intellectual property lawyer (or if you are involved in the licensing process from a transactional, contractual or licensing point of view), it gets more complicated. Universities have crafted standard licensing terms which, with rare exceptions, are used in virtually all of their licensing arrangements. So do you change the terms and conditions of these license agreements, relinquishing a greater degree of control – in which case the contract might look more like an ‘assignment’ than a ‘license’ – OR do colleges and universities start gearing up for being involved in more and more intellectual property infringement and rights disputes and lawsuits? If so, does the license agreement specifically need to state that the university is willing or amenable to being joined in the action? What if it’s not? What if it wants to decide on a case-by-case basis? What if the Court decides the university must be joined anyway? What if . . .?

So, are you a licensee? An investor? A university? A rights holder? Doing due diligence? Negotiating licensing agreements? Representing any of these folks? You can do nothing and hope for the best, or you can contact Reed Smith’s Craig P. Opperman. In uncertain times, no one may have all the answers, but at least you will have an informed basis to make some decisions from lawyers who know.

Tags: , , , , ,
Posted on September 21, 2009 by Joseph I. Rosenbaum

Will Net Neutrality Compromise Net Profits?

Earlier today, Julius Genachowski, Chairman of the Federal Communications Commission (FCC), telegraphed the Commission’s plans to open a formal rule-making process on the issue of “net neutrality.” It’s likely the specifics regarding hearings and a timetable for any proposed rulemaking procedures will be on the agenda for the FCC's October meeting.

While many of the major carriers – including wireless carriers who have typically been out of the fray when it comes to the Web – have argued against both the need and the wisdom of competitive regulation amongst carriers, open Internet advocates, many of whom were ardent campaign contributors and supporters of President Obama, have been aggressively pushing for regulation. Companies such as Amazon.com and Google, have long argued for rules that would prohibit carriers from denying their right to give consumers complete freedom of choice when it comes to both the content they receive and the devices they use to receive it. While not necessarily quibbling with what appears, on its face, to be a reasonable and market driven approach, opponents point out that the government stay away from intervening in yet another major marketplace – this time one, they argue, that isn’t broken. Further, and perhaps more significantly, companies such as ATT and Verizon, now joined by ATT Wireless, Verizon Wireless, Sprint (Sprint Nextel) and T-Mobile (Deutsche Telekom) argue that forcing carriers to open up their networks without corresponding economic counterbalances in place will force them to either raise consumer prices to keep up with virtually unrestricted broadband demand, but may require them to limit availability and accessibility for capacity and technological reasons. Wireless carriers may have special reasons to be concerned given current pricing models and the technological limits of current bandwidth capacity. That said, the major cable television, fiber optic and DSL-based Internet providers have long had to cope with government regulation and requirements.

Back in the days following the breakup of AT&T’s telephone monopoly (anyone remember Judge Green and his landmark 1983 rulings?), the regional and local companies spawned by carving up the nations’ previously regulated monopoly – the so-called ‘Baby Bells’ - worried about long-distance carriers (including the remaining long distance carrier, AT&T) making deals for preferential treatment over interconnections. Thus the principle of equal (“neutral”) treatment for interconnectivity arose. When cable companies started offering Internet service – previously the domain of phone-line intensive telephone companies (remember dial-up?) – they tried to convince everyone that neutrality didn’t apply to them. They carried information, and weren’t, after all, common carriers.

OK. Fast forward to the market response. Phone companies decided to get into the content business! Cable companies are offering Internet and VOIP services, telephone companies are offering entertainment, programming and information services, wireless phone services stream video content and provide messaging of news, sports scores and applications galore (oh, they do still carry voice traffic when you need to make a call).

So back to 2009 and the future. According to Commissioner Genachowski: "This is not about government regulation of the Internet," adding that "We will do as much as we need to do, and no more, to ensure that the Internet remains an unfettered platform for competition, creativity, and entrepreneurial activity." That said, his proposal would add a fifth principle to the FCC’s existing four that relate to the Internet. To wit, that carriers will not be permitted to be selective about the content they carry (subject, of course, to their continued ability to block illegal content) and will be required to be transparent about how they are managing the carriage of content across their networks. Violations and allegations of discriminatory practices would still be reviewed by the FCC as and when the facts of each specific case arise. You can read or download the complete statement of Commissioner Genachowski’s prepared statement today, entitled “Preserving a Free and Open Internet: A Platform for Innovation, Opportunity, and Prosperity,” right here.

Clearly if you are a small Internet application provider or software developer that has traditionally had to pay for access through a carrier, open, non-discriminatory access would prove a major boon. Then again, Internet carriers – wired and wireless - have invested huge amounts of capital in building their own proprietary networks. Since there is no evidence that there is a lack of competition, why should the government tell any of them what they should or should not carry on their networks? Indeed, since the early 1990s, when the Web evolved from a glimmer in the eye of Tim Berners-Lee, to a reality, there have been so few real complaints (and so few complaints from consumers, even as competitors bash each other about), why fix something that doesn’t appear to be or have been broken for almost two decades?

Confused as to how the FCC proceedings might or might not affect your business? Thinking about participating in the dialog or submitting comments to the FCC? Let Reed Smith help you. To stay informed, keep your mouse tuned to Legal Bytes, and if you need to know more, please feel free to call me or the Reed Smith attorney with whom you regularly work.

Tags: , , , , ,
Posted on September 16, 2009 by Joseph I. Rosenbaum

Veoh Vindicated; Vivendi Vanquished. DMCA Rules.

Veoh Networks, which makes both professionally created programming content and entertainment, as well as user-generated content, available through its website, has often lived in the shadow of Google, YouTube, and Apple’s iTunes. Earlier this week, Veoh got a bit of sunshine.

Two years ago, Universal Music Group (a company owned by Vivendi SA), sued Veoh for copyright infringement. The suit alleged that Veoh’s business was essentially based on the infringing use of copyrighted works of others, notably from Universal’s viewpoint, musical groups and artists.

Veoh countered with the fact that it used filtering technology to detect and remove protected content and, in the words of Judge Matz, writing for the U.S. District Court for the Central District of California, when Veoh “did acquire knowledge of allegedly infringing material . . . . it expeditiously removed such material . . .,” vindicating Veoh supporters who have consistently maintained Veoh is protected by the provisions of the Digital Millennium Copyright Act (DMCA). This is the second time the legal sun has shone on Veoh. A similar lawsuit brought by Io Group, an adult entertainment company, was also decided in favor of Veoh last year.

Legal Bytes has previously reported the criteria necessary to comply with the DMCA (you did read that, right?), thus you know that a key requirement for insulation from liability for copyright infringement under the DMCA is the question of whether, when a company becomes aware of infringing content, it promptly removes it from use and display. The California Court rules that Veoh had done just that, and consequently the safe harbor provisions of the DMCA served to protect Veoh from liability in this case. Judge Matz’ order notes: "The DMCA does not place the burden of ferreting out infringement on the service provider". You can read the full text of the Summary Judgment Order of the California Court.

Universal is expected to appeal, claiming the Judge’s order fails to adequately take into account Universal’s claim that everyone connected with Veoh must have known about rampant infringement and that alone should sustain the ‘knowledge’ which would remove the shield from their entire business model – a shield otherwise available to web hosting companies. However, it may well be an uphill battle since the Court specifically addressed this issue, noting “If such general awareness were enough to raise a 'red flag,' the DMCA safe harbor would not serve its purpose".

If you are concerned you don’t know enough about digital rights management; compliance with the provisions of the DMCA; about liability applicable to website owners and operators or the rights available to content owners, the Advertising Technology & Media group at Reed Smith is for you. Try us. You might like us. Feel free to call me or, if you are already a client, call the Reed Smith attorney with whom you regularly work. 

Tags: , , , , , ,
Posted on September 16, 2009 by Joseph I. Rosenbaum

A Pirate's Life (Not) For Me: France Strikes Out Internet Piracy

This post was written by Andrew Boortz and Joseph Rosenbaum.

Over the last several months, France’s Parliament has been focusing on the issue of Internet piracy. In May, both houses of the French parliament passed the so-called “three strikes” law which would have given an independent body the ability to disconnect file-sharers from their ISPs. In June, the law was declared unconstitutional by the Constitutional Council because, under French law, the power to force such disconnection could only come through issuance of a court order. In response, French President Nicolas Sarkozy gave the first Presidential speech to the French Parliament in 150 years and passionately defended regulation of Internet piracy. 

After President Sarkozy's speech, the French Senate drafted and passed a modified version of the “three strikes” law which would allow alleged infringers to present their case to a French court, prior to losing their Internet connection. Judges in these hearings would have the power to: (1) order disconnection of the alleged infringer's Internet access; (2) fine the alleged infringer up to €300,000; and/or (3) sentence the alleged infringer to a two-year prison term. Just yesterday (September 15th), the French National Assembly gave preliminary approval to the measure by a vote of 285-225 and now, a joint committee will unify the Senate and Assembly versions and present a final bill to both houses for a vote on September 22nd.

In looking back over the piracy-related events of this year, it may well turn out that 2009 will be remembered as a watershed year in the struggle between Internet pirates and rights holders.  With the Jammie Thomas and Joel Tenenbaum verdicts in the States, the pseudo-shuttering of the Pirate Bay in Sweden, the implementation of a self-imposed, self-regulatory “three strikes” policy by Ireland’s largest ISP (created under threat of massive litigation) and now France’s revised and revitalized new “three strikes” law, the global community is indeed tilting towards greater sanctions and regulation of Internet piracy.

This raises questions for technology innovators. For example, Facebook, which according to a CNN report out today has a social network population nearly as large as the population of the United States, will soon launch a voice chat feature.  Most likely, the feature could be used to stream media across the globe as well as the nation? Would Facebook be liable for creation and distribution of such a feature, which is similar to that which created liability for the Pirate Bay creators for their torrent-tracking website?

Need help? Confused by the torrent of information, technology and legal rights?  Need to know more? Contact Andrew (“Drew”) Boortz, in our Washington, D.C. office, call me or contact the Reed Smith attorney with whom you regularly work.

Tags: , , , , , ,
Posted on September 15, 2009 by Joseph I. Rosenbaum

Privacy: FTC Announces the First in a Series of Public Roundtables

Earlier today the Federal Trade Commission announced details of the first of a series of Public Roundtables being held to deal with continuing efforts to examine, evaluate and determine if, and to what extent, regulation may be needed in connection with consumer privacy. In its announcement, the FTC specifically cites its intention to review privacy practices related to social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers and third-party applications.

The FTC’s announcement acknowledges the beneficial uses of information and technological innovation, while seeking to balance those against the need to protect consumer privacy. The first full-day session will be held Monday, December 7, 2009, at the FTC Conference Center at 601 New Jersey Avenue, N.W., Washington, D.C., and no registration is required. Those who cannot attend in person are welcome to go to FTC.gov and will be able to view the proceedings as a webcast.

The FTC has invited individuals and organizations to participate and/or to suggest topics. To participate, your request can be submitted directly to the FTC by email sent to privacyroundtable@ftc.gov on or before October 30th, and comments surrounding the issues to be discussed can be submitted on or before November 6th. The FTC has prepared a list of specific questions it intends to use in opening the dialog at this first in its series of public roundtable discussions and has invited written comments, as well as research submissions. Details can be found at the Privacy Roundtable Workshop page of the FTC’s website. Comments can be mailed to the FTC, or you can check the FTC website for instructions as to submitting comments electronically. Of course, Reed Smith stands ready to assist clients in preparing comments or providing representation, and if we can be of assistance, don’t hesitate to contact us. If you need to know more, please feel free to call me or the Reed Smith attorney with whom you regularly work.

Tags: , , , , , ,
Posted on September 11, 2009 by Joseph I. Rosenbaum

Self-Regulatory Online Behavioral Advertising Principle No. 7: Accountability

This post was written by Adam Snukal and Joseph Rosenbaum.

Well, here it is. A summary of the last of the seven principles contained in the Self-Regulatory Online Behavioral Advertising Principles released by the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus. The seven principles are:

The Accountability principle is the one concerned with the “effect,” rather than the “cause” and calls upon the industry to establish and implement programs to monitor its online behavioral advertising activities and take steps to ensure compliance with the principles within a self-regulatory framework. In the context of the self-regulatory principles, Accountability means – monitoring, transparency, reporting and compliance.

  • Monitoring: Both random and systematic, depending on the circumstances;
  • Transparency: Widely available, easy to use communication tools and channels so that the public, competitors and government agencies can file complaints when the Principles are violated;
  • Reporting: Violators will be publicly reported, including the reason for a finding of violation, a description of the violation, and the actions taken in response to, and to correct, the non-compliance; and
  • Compliance: The establishment of mechanisms and procedures to bring any publicly-reported entity into compliance with the principles, or, if necessary, to refer the violation to the appropriate government agency.  

The Accountability principle also notes the importance of coordination and consistency among programs to promote efficiencies in implementation, so as to avoid multiple enforcement actions against the same entity for the same violation. 

While the blueprint for the specifics surrounding the proposed monitoring, transparency, reporting and compliance initiatives under this principle are yet to be drawn, the Direct Marketing Association (“DMA”) and National Advertising Review Council of the Council of Better Business Bureaus (“CBBB”), have agreed to cooperate and collaborate, with the stated goal of having something in place by early 2010. Both the DMA and the CBBB were called upon to provide leadership in this area because of their widely respected existing self-regulatory accountability programs. The DMA also has agreed to integrate the principles into its longstanding DMA Self-Regulatory and Compliance Tools.

If you would like to read the entire “Self-Regulatory Principles for Online Behavioral Advertising” report now, in its entirety, just follow the link, but stay tuned for next week, when we will post a short consolidated summary of all seven principles and you can always read the entire “Self-Regulatory Principles for Online Behavioral Advertising” report here. So now, as always, if you have any questions or need help, please feel free to contact Adam Snukal or me, or any of the Reed Smith attorneys with whom you regularly work.

Tags: , , , , , ,
Posted on September 10, 2009 by Joseph I. Rosenbaum

Broadband Network for the Birds? Not So Fast.

Under normal circumstances, this post would appear in the Useless But Compelling Facts section of Legal Bytes. But although this is compelling, it is not quite useless. 

It appears that a South African IT company (Unlimited IT) was so frustrated by the level of broadband Internet service it was receiving from Telkom, that it challenged Telkom to a race with a carrier pigeon. As you might have guessed, the absence of significant competition limited Unlimited IT’s choices of providers, hence the frustration.

The challenge was a simple one. The company would send a homing carrier pigeon from Howick (on the coast) to Unlimited’s head office in Durban, and at the same time upload the data using the ISP lines with the file addressed to the same location.

So they tied a 4 gigabyte memory stick data card to Winston’s (the pigeon’s) leg and released him to hone it on "home." Well, it took good old Winston, depending on which agency you listen to, somewhere between one to two hours to make the journey of less than 60 miles. Are you ready? By the time two hours had elapsed . . . . here it comes . . . . less than 4 percent (yes, less than 4 PERCENT) of the data had made the trip to its destination. We really can’t make this up.

As reported in The Christian Science Monitor, Kevin Rolfe, head of information technology at the Unlimited Group, reported that "Winston arrived after two hours, six minutes, and 57 seconds," but "when we finally stopped the computer, about 100 megs had transferred, which is about 4 percent of the total."

So next time you think your network or the Internet servers are for the birds, let’s be a little less insulting to our fine feathered friends.

If you need to know more, please don’t call me. I can’t explain it either.

Tags: , ,
Posted on September 9, 2009 by Joseph I. Rosenbaum

Are You Behaving Badly? Global Regulation of Behavioral Marketing

On Wednesday, September 30, 2009, from 12 noon – 1 p.m. (U.S. EDT), Reed Smith will be hosting a teleseminar as part of its “Doing Business Globally” series. Entitled Global Regulation of Behavioral Marketing, this seminar will be presented by Reed Smith partners Douglas J. Wood and Joseph I. Rosenbaum from New York, and Gregor Pryor from London. The seminar will explore the legal implications to advertisers, marketing professionals and brands associated with the labyrinth of global regulation increasingly applicable, or newly enacted, in connection with the targeting of consumers — on and off the web — through behavioral marketing.

Privacy and consumer groups object to such sophisticated techniques, fearful it further erodes what little privacy protection remains. Regulators are concerned such practices may violate privacy and data protection laws, or worse, are simply not covered by existing law and regulation. Marketers respond that such advances allow for a far more efficient, consumer-friendly marketplace, and that self-regulation has been a successful model in the advertising industry for more than 30 years. In this interconnected, networked age of social networking and global communication, understanding the implications and the legal and regulatory landscape is critical for every advertising professional and marketer, and the brands they represent. The camps remain far apart. Advertising industry associations call for self-regulation, recently releasing a report entitled Self-Regulatory Principles for Online Behavioral Advertising. Only about two months later, as previously reported in Legal Bytes, a coalition of 10 consumer advocacy and privacy groups released a fresh call for new regulation in a report referred to as a Legislative Primer, entitled Online Behavioral Tracking and Targeting Concerns and Solutions. The dividing lines remain drawn, tensions remain high, and the balance unclear – perhaps because the technology environment keeps rewriting the rules of engagement. Want to know more? Don’t miss this informative presentation.

Join us for this exciting and timely Reed Smith Teleseminar. You can view the Invitation to obtain more information, or go right to the Registration page. We look forward to your participation. 

Tags: , , , , , , ,
Posted on September 9, 2009 by Joseph I. Rosenbaum

Self-Regulatory Online Behavioral Advertising Principle No. 6: Sensitive Data

This post was written by Anthony S. Traymore and Joseph I. Rosenbaum.

Almost down to the wire, here is the next installment summarizing the sixth of the seven principles contained in the Self-Regulatory Online Behavioral Advertising Principles released by the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus. For reference, the seven enumerated principles are:

The Sensitive Data principle segments sensitive data into two basic categories - personal information of children under the age of 13, and financial and health-related information, regardless of the age of the individual.

The Sensitive Data principle segments sensitive data into two basic categories - personal information of children under the age of 13, and financial and health-related information, regardless of the age of the individual.

With respect to the collection and use of data for online behavioral marketing purposes, if you have actual knowledge that any of the information being collected is from individuals under the age of 13, or if your website is targeted at children under the age of 13, the Sensitive Data principle states you should not be collecting any personal information from or be engaged in any online behavioral advertising with regard to that individual, unless you comply with the Children's Online Privacy Protection Act (COPPA), and then, only to the extent specifically allowed by COPPA.

In case you’ve forgotten, COPPA requires you to have "verifiable parental consent" prior to collecting any personal data from children under the age of 13. The Federal Trade Commission routinely enforces COPPA, and violations may carry fines in excess of $1 million, in addition to the damage to goodwill and public image that can result. Compliance with the provisions of COPPA is tricky. While this post will not belabor the ambiguities that have already been reported about what constitutes "verifiable parental consent", suffice it to say that when dealing with children under the age of 13, it is best to exercise considerable caution in connection with online marketing efforts – behavioral or otherwise – and to always consult an attorney well-versed in guiding you through the compliance maze.

With respect to personal information related to an individual’s financial or health status, age is not relevant to this sixth principle. What is relevant is the requirement that you obtain the consent of the individual if you are collecting the information online and you intend to use it. Prudent practice would indicate you should affirmatively obtain the individual’s consent in advance – whether during the process of registration, through formal acceptance of terms of use that clearly solicit consent, or through any other means. Clearly, if you plan to share this information with third parties in connection with online behavioral marketing efforts, you should indicate that to the individual. In all cases, the principle notes that you should always provide the individual with the right and an option, at any time, to opt-out of the use of his or her information for such purposes.

As mentioned, this is the sixth of the seven principles being highlighted, but if you would like to read the entire “Self-Regulatory Principles for Online Behavioral Advertising” report now, in its entirety, just follow the link. Legal Bytes will be bringing you a summary of the remaining principle next week. And now, as always, if you have any questions or need help, please feel free to contact Anthony S. Traymore or me, or any of the Reed Smith attorneys with whom you regularly work.

Tags: , , , , , , ,
Posted on September 4, 2009 by Joseph I. Rosenbaum

Privacy and Consumer Groups Want More Than Just Self-Regulation

This post was written by Adam Snukal and Joseph Rosenbaum.

As previously reported in Legal Bytes, it seems that not everyone is satisfied with the Self-Regulatory Principles for Online Behavioral Advertising recently promulgated by several leading advertising associations. A group of 10 consumer and privacy advocacy organizations (i.e., Center for Digital Democracy, Consumer Federation of America, Consumers Union, Consumer Watchdog, Electronic Frontier Foundation, Privacy Lives, Privacy Rights Clearinghouse, Privacy Times, U.S. Public Interest Research Group and The World Privacy Forum called on Congress earlier this week to enact legislation in response to what they feel are genuine threats to privacy arising from online behavioral tracking and targeting.

The guiding principles the coalition wants Congress to follow in its enactment of privacy legislation are substantively contained in the following Fair Information Practices (“FIP”), which the coalition claims has been the foundation of U.S. privacy policies for decades: collection limitations, data quality, purpose specification/communication, use limitation, security safeguards, appropriate openness, individual participation and knowledge rights, accountability, and redress. FIP was coined by a U.S. government advisory committee in 1973 in response to the use of automated data systems that contained information about individuals. The U.S. Privacy Act of 1974 established a code of fair information practices, and the FTC refers to these practices in a report entitled, Privacy Online: Fair Information Practices in the Electronic Marketplace (May 2000).

A sample of the principles contained in the coalition’s Legislative Primer, entitled Online Behavioral Tracking and Targeting Concerns and Solutions, includes:

  • A definition of “sensitive information,” along with guidelines as to the kinds of data that should not be collected or used for behavioral tracking/targeting
  • A prohibition on the collection or use of data from anyone under the age of 18
  • The right of an individual to obtain access to his/her personal or behavioral data
  • Personal and behavioral data collected must be relevant for the purposes for which they are to be used
  • A private right of action given to each individual whose data is collected and tracked, along with liquidated damages and appropriate federal/state regulation and oversight

Given the July release of self-regulatory principles, crafted and widely embraced by the advertising industry, with explicit support for self-regulation from the FTC itself, and three decades of successful self-regulation in the advertising industry (guided by the Council of Better Business Bureaus), it is not clear why a spokesperson for the Privacy Rights Clearinghouse would take the position that “The record is clear: self-regulation doesn’t work. It is time for Congress to step in and codify the principles into law.” Or why a spokesperson for Consumer Watchdog commented: “We’ve seen in industry after industry what happens when the fox is left to guard the chicken coop – consumers lose.”

With Congressman Boucher (D-Va.), Chairman of the Subcommittee on Communications, Technology and the Internet, indicating that his Subcommittee intends to visit this issue in the fall, it is not clear whether Congress will allow the industry and the FTC an opportunity to give self-regulation time to work, or if a perceived need to “do something” and change the status quo remains. One thing has not changed: the positions of the industry and consumer and privacy advocacy groups.

Legal Bytes will keep you posted on developments in this area as they evolve, but if you need help or want further information, feel free to contact Adam Snukal, me, or any of the Reed Smith attorneys with whom you regularly work.

Tags: , , , ,
Posted on September 4, 2009 by Joseph I. Rosenbaum

Self-Regulatory Online Behavioral Advertising Principle No. 5: Material Changes

Here is the fifth in our installments of summarizing the seven principles contained in the Self-Regulatory Online Behavioral Advertising Principles released by the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus, For reference, the seven enumerated principles are:

The Material Changes principle requires an organization engaged in behavioral advertising to obtain consent before applying any material changes to its existing online behavioral advertising policies and practices – specifically, to the data collection-and-use policies and practices that apply to data collected prior to the effective date of any material change to these policies and practices.

This principle also makes it clear that a change in policy or practice that would result in less data collection or more restrictive use of the data (i.e., less or more restrictive use of the data than existing usage) is NOT a material change that would require prior consent. This makes sense considering that the purpose of the principle, when coupled with Transparency and Consumer Control, is not to merely give consumers an absolute right to consent or to reject any and all changes, but only those that would broaden, deepen or alter in an expansive or materially different manner, the existing collection-and-use practices of the organization. If a change would result in less data being collected or more constrained use of the data being collected, a consumer would likely be notified of the change, but consent would not be required.

Legal Bytes will be bringing you a summary of the remaining two principles in the next week. And now, as always, if you have any questions or need help, please feel free to contact me or any of the Reed Smith attorneys with whom you regularly work.

Tags: , , , , ,
Posted on September 3, 2009 by Joseph I. Rosenbaum

Death Knell or Glimmer of Hope: Care to Bet on Online Gambling?

Legal Bytes has previously reported to you concerning Title VIII of the Security and Accountability For Every Port Act of 2006 (or SAFE Port Act), which is the part of the SAFE Port Act endearingly known as UIGEA (the Unlawful Internet Gambling Enforcement Act of 2006). On Tuesday, the U.S. Court of Appeals for the Third Circuit rejected a claim by the Interactive Media Entertainment & Gaming Association that UIGEA is too vague or unconstitutional or infringes on the individual's right to privacy. The unanimous ruling was issued amid a tug-of-war between the Justice Department that is anxious to crack down on the gambling industry, and the actions of Rep. Barney Frank (D-Mass.) and other members of Congress who are advocating legislation to legalize the gaming industry. 

The decision to uphold UIGEA, which banned payment processing by U.S. financial institutions for online betting, might appear to be a blow to the gaming industry, but there is a potential ray of hope. On page 8 of the Court’s Opinion, the Third Circuit concluded UIGEA was not constitutionally vague, nor had the law made any gambling activity illegal. Rather, the vagueness problem cited by the Court arose from the underlying state law. To wit, the Court explicitly notes what many in the industry have known for a long time: "[T]he Act itself does not make any gambling activity illegal [under the UIGEA]. Whether the transaction in Interactive’s hypothetical constitutes unlawful Internet gambling turns on how the law of the state from which the bettor initiates the bet[.]"

One can thus read this decision as an opportunity for state gambling clarity. Currently, only six states in the United States have an outright prohibition against Internet gambling; the other 44 states (and U.S. territories) have an opportunity, if they wish to seize it, to legalize, authorize, license, regulate and potentially tax online gambling. 

For the record, the Frank Internet gambling legislation that proposes to delay enforcement of UIGEA pending the enactment of a federal online gambling licensing and regulatory framework, has been pending in committee since May, and there are many pressing items on Congress's plate. Thus, it is unlikely that Congress is poised for quick action on this legislation. That said, the court’s decision appears to leave the door to online gambling enabled by state legislation open. Stay tuned.

If you need to know more, contact Amy S. Mushahwar directly, or you can always contact me, or the Reed Smith attorney with whom you regularly work. We are happy to help.

Tags: , , ,
Posted on September 3, 2009 by Joseph I. Rosenbaum

Useless But Compelling Facts - September 2009

While Oscar Wilde is credited with saying, "Life imitates art far more than art imitates Life", perhaps I can coin the phrase "Technology mimics living organisms far more than living organisms mimic Technology." Yes we have robotic arms, biotechnology and more, but come on – clouds, pods, viruses and worms – what’s next, social networks? What, they are here . . . did you miss that one?

In any event, that’s why it comes as no surprise to me the first use of the term "robot" is generally attributed to the wonderful Czech playwright Karel Čapek. Now Čapek never envisioned some metallic assemblage of mechanical parts. Oh no, he viewed robots more like our notion of androids - creations of chemistry. (I was a chemistry major at one point in life so I should have known this.) It probably also wouldn’t surprise you to learn the term "robotics" was first used in a short story ("Runaround") by the acclaimed science fiction writer, Isaac Asimov. But I digress again.

Now Čapek’s play R.U.R. (Rossum’s Universal Robots), which was first published in 1921, used the Czech word robota, which in English translates to labor, and "Rossum" is generally considered to refer to the Czech word rozum, which translates to either "reason," "wisdom" or "common-sense." Now you know all this background is leading up to a useless but compelling question, right? Of course. There is actually some evidence that the term "robot" was suggested by someone else, before Čapek penned his work. Another writer to whom Čapek actually gave credit and attribution for the term may well deserve the credit. Can you identify who that might be? If you think you know, send your answer first and fast directly to me at jrosenbaum@reedsmith.com

Tags:
Posted on September 3, 2009 by Joseph I. Rosenbaum

Useless But Compelling Facts - August 2009 Answer

For last month’s contest, we extend our congratulations to first-time winner Kevin K. Forrester, who first sent us the key significant events that occurred July 4, 1826 – notably, in addition to being the 50th Anniversary of the signing of the Declaration of Independence, it was also the date both Thomas Jefferson and John Adams died. Many other folks noted this was also the birth date of Stephen Collins Foster. Foster, often cited as the "father of American music," was the pre-eminent songwriter of the 19th century in the United States, publishing his first song when he was only 18. His songs remain popular to this day, with such favorites as "Oh! Susanna," "Camptown Races," "Old Folks at Home" (generally known as "Swanee River"), "My Old Kentucky Home," and "Beautiful Dreamer." Foster was born and lived in a part of what is now Pittsburgh (Lawrenceville).

Tags:
Posted on September 2, 2009 by Joseph I. Rosenbaum

Could the Government Seize Control of the Internet?

The text of the Cybersecurity Act of 2009 (the “Act”) is now available, and individuals, organizations and associations, and, of course, lawyers, are now starting to digest its contents. 

This legislation, introduced by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), would appear to give the federal government sweeping and unprecedented authority over the Internet. Section 2 of the bill starts off with a lengthy series of observations about horrible things and consultants’ wisdom concerning our vulnerability to “attack.” Curiously, it is unclear exactly how the bill and the powers to be granted the government will correct that issue. But I digress.

So when the title of this post says “the Internet,” you’re kidding, right? Of course, you must mean government-operated networks or defense or intelligence systems, right? Well . . . not really. Hmm. Then you must mean those critical infrastructure systems related to national defense – you know, communications and transportation systems? Well . . . not exactly. You see the bill includes, within the meaning of systems and networks covered by the Act, “State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.” In other words, we’ll know what they are when the President tells us what they are. Comforting for federal legislation, isn’t it?

Non-governmental includes financial institutions – then again, the government already owns a chunk of those anyway – wired and wireless carriers, electricity grids, gas and power systems, and air and rail transportation systems, to name a few. All of these are currently in the hands of private companies and management. Go ahead, name some systems that aren’t directly or indirectly critical or connected to critical systems – my refrigerator, for instance, or your digital music account.

There is even a section in the Act that proposes to enable the President, with almost no restriction, to shut down all message traffic on the Internet in an emergency, and to order the disconnection of all critical infrastructure systems in furtherance of national security. Now if that amount of authority, without any guidance or parameters built into the legislation, isn’t enough, here’s more. The bill also gives the Secretary of Commerce the right to access all relevant data concerning these critical infrastructure networks without regard to any provision of law, regulation, rule, or policy that would otherwise temper or restrict such access. No standards. No limits on what data or why. No opportunity for judicial review, much less intervention. 

Curiously, just this past June, the Government Accountability Office (GAO), in testimony before Congress entitled Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information, noted that continuing efforts to remedy systems security and network vulnerability needed far less dramatic remediation - fixing things like correcting insufficient access controls, better network management, inadequate or poor audit procedures, ineffective information security programs, and in some cases, simply adding encryption where none exists today. Critics of the Act have questioned whether granting the President far-reaching and ambiguous power is proper, but just as significantly, whether they will actually deal with the problem. 

As with many legislative initiatives, this appears to deal with the aftermath of a cyber-attack, not at preventing one from ever occurring. Has it occurred to anyone that mandating standards for security, updating and maintaining security where appropriate, and simply requiring government or other critical systems to practice security measures that have been known for years or even decades, is much more likely to allow the nation to avoid and withstand a cyber-attack?

One can only wonder whether placing control of the Internet in the hands of the government might actually make vulnerability to a devastating cyber-attack greater. When the ‘net was first conceived, it was precisely it’s dispersion, diversity and lack of central control that was at its core, and its endearing and enduring characteristic. No one point of control, no single point of vulnerability. Redundancy, multiple pathways, mirror image reflections and files ensured that if one part was crippled, others would continue to function. True, times change, technology changes, and, so too, must our defense mechanisms and postures. But one has to wonder whether centralizing command and control in an emergency might not just give the bad guys a single point of vulnerability and failure to concentrate on, instead of making it more difficult – precisely when we need the Internet the most. Food for thought.

For information about security (can you say PCI compliance?) or privacy (GLB anyone?) or data breach assistance (is your identity safe?) look up Joseph I. Rosenbaum, send me an email, or contact the Reed Smith attorney with whom you regularly work. We are happy to help.

Tags: ,
Posted on September 2, 2009 by Joseph I. Rosenbaum

Self-Regulatory Online Behavioral Advertising Principle No. 4: Data Security

The Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus, recently released its Self-Regulatory Online Behavioral Advertising Principles. When we announced these principles, we also promised to provide you with a bit more detail regarding each of these principles, which are listed below; so here is a brief summary of the fourth – Data Security. For reference, the seven enumerated principles are:

The Data Security principle requires entities to provide reasonable security for, and limited retention of, data collected and used for online behavioral advertising purposes. Consistent with the FTC standard, entities must maintain appropriate physical, electronic and administrative safeguards based upon the sensitivity of the data. Further, data collected and used may not be retained any longer than necessary to fulfill a legitimate business need (e.g., testing and auditing) or as required by law. In addition, the principle sets forth the steps that service providers (e.g., entities that provide Internet service, toolbars, web browsers or comparable desktop applications) must take in connection with data collection and use, including alteration, anonymization or randomization (e.g., hashing) of personally identifiable information; enhanced notice and disclosure at the time the data is collected; and the protection of the non-identifiable nature of data shared with non-affiliates. Under the Data Security principle, service providers will be held accountable for compliance with these principles in connection with their collection and use of data for online behavioral advertising purposes. Thanks to Stacy Marcus for her analysis.

We can now also report to you that yesterday a coalition of 10 consumer and privacy advocacy groups (i.e., Center for Digital DemocracyConsumer Federation of America, Consumers UnionConsumer WatchdogElectronic Frontier FoundationPrivacy LivesPrivacy Rights ClearinghousePrivacy Times, U.S. Public Interest Research Group, and The World Privacy Forum, has released a draft of their own principles, in the form of a Legislative Primer, entitled Online Behavioral Tracking and Targeting Concerns and SolutionsLegal Bytes will have a more detailed report for you on this new development in the next day or two, and in the meantime – or any time – feel free to contact me, Stacy Marcus, or any of the Reed Smith attorneys with whom you regularly work.

Tags: , , , , , ,