Accepting Guest Blog Posts

I have accepted a position that will not allow me to write in 2016. However, I want to continue to provide information on cyber, intellectual property (IP), social media, security, privacy, and technology law and policy to you all.  So…. I am accepting  submissions from guest bloggers!

Please send me your best cyber, IP and tech law and policy posts. Many of this blog’s followers are entrepreneurs, technophiles, tech novices, bloggers, social media user and those intrigued by tech, so please cater your posts to that audience. Please send posts to thedigitalcounselor@gmail.com. I will notify you if your post is selected.

Thank you for your submission, in advance, and more importantly, THANK YOU FOR READING!

I hope the readers find previous posts and any information others are able to provide in my absence helpful! And I look forward to returning in 2017!!

Quick Tip: Don’t Make False DMCA Claims

Automattic Inc. v. Steiner, 2014 U.S. Dist. LEXIS 182295 (N.D. Cal. Oct. 6, 2014) is the first time a party which received a DMCA takedown notice with material misrepresentations has been awarded money damages.

What is DMCA?

DMCA is the Digital Millennium Copyright Act, limits the liability of the providers of online services for copyright infringement by their users but created a mechanism for those whose copyrighted works have been infringed to file a complaint to have the content removed. If they do not take appropriate action they may find themselves liable.   It is easy to file a DMCA claim and every site providing online services must have a DMCA policy to remove content that infringes the copyrights of individuals. Many sites like Facebook, Twitter, & WordPress even have forms that you can fill out to stream line the process and make sure you’re providing the information required under the law.

What happened in the case?

Automattic, the owner of WordPress.com and a major developer of the WordPress software, and blogger Oliver Hotham, Plaintiffs, sued the Defendant, Straight Pride UK, for using the notice-and-takedown provision of the Digital Millennium Copyright Act (“DMCA”) to stifle criticism. Automattic alleged that the Defendant abused the provision and are seeking damages under 17 U.S.C. § 512(f) for misrepresentation. The Court agreed.

“[T]he Court finds that Defendant knowingly misrepresented that Hotham violated his copyright because Defendant could not have reasonably believed that the Press Release he sent to Hotham was protected under copyright. Moreover, there can be no dispute that Defendant knew, and indeed, specifically intended, that the takedown notice would result in the disabling of Hotham’s article[,]” Magistrate judge Joseph Spero wrote in the opinion.

Although the court awarded damages for the costs of the suit and for “lost work and time” spent responding to a fraudulent takedown notice for copyright infringement. The Northern District denied monetary relief for Plaintiffs’ alleged reputational harm, Hotham’s alleged emotional distress, and Hotham’s alleged chilled speech.

What does that mean?

Do not file DMCA claims lightly and be prepared for a fight. People do not often fight these cases so vigorously but is does happen. Make sure you have a valid claim for copyright infringement. Copyright protects original works of authorship including literary, dramatic, musical, and artistic works, such as poetry, novels, movies, songs, computer software, Web sites, and architecture. Copyright does not protect facts, ideas, systems, or methods of operation, although it may protect the way these things are expressed. Unauthorized reproductions, derivatives and distribution are illegal unless they fall under the fair use exemption. Have a good understanding of your rights and theirs before filing.

Hotham’s original blog post is now available on several other WordPress-hosted sites, including here and here.  And his account of the tale is here.

Internet Updates March 2015

Three of the most popular social media platforms—Facebook, Twitter and Reddit—have recently amended their terms of use to state that they will remove digital images of nudes that have been posted without the subjects’ permission. “Twitter executives have said the company will lock the accounts of users who post content that violates their user policy,” Mashable reports. These policies are critical weapon in the war against revenge porn because they can be used to remove revenge porn photos before they have been widely disseminated.

The Digital Advertising Alliance (DAA) recently announced two new mechanisms that will allow consumers to manage ad preferences on their mobile devices. (Loeb & Loeb LLP summarized the new mechanisms in an Alert.) These new consumer opt-out tools, which are intended to complement the existing opt-out mechanisms that are part of the DAA’s self-regulatory program for online targeted advertising, complete the DAA’s self-regulatory program for the mobile environment and set the stage for the enforcement of the program, which is expected to begin this summer.

Twitter revamped its retweet feature on Monday, making it easier for users to plug other people’s tweets and add commentary of their own, according to Mashable.  This latest approach does not require copy-pasting instead you’re prompted to insert a remark before hitting the retweet button.

Twitter’s new harassment-reporting tool is making it easier for users to report threatening tweets to the police. Users who report threatening tweets now have the option of receiving an emailed report, summarizing the tweet, when it was sent and other information that may be relevant to law enforcement. It’s still up to individual users, however, to bring these reports to the attention of police and other officials. It’s not clear what, if any, impact this will have for police investigations. For more information read the rest of Mashable’s article.  This is part of Twitters overall initiative to protect users and address incidents quicker.

Internet Law & Security Updates

So much is happening online that it can be hard to keep up. I have compiled some of the most recent events in Social Media, Internet law & Cybersecurity. Know how these changes affect your privacy and other rights. If you have any questions leave them in the comments!

Social Media

Comments on social media considered and Facebook “Likes” enjoy federal protection. On August 25, the National Labor Relations Board found in Three D, LLC, d/b/a Triple Play Sports Bar and Grille v. Sanzone, Case No. 34-CA-012915, and Three D, LLC, d/b/a Triple Play Sports Bar and Grille v. Spinella, Case No. 34-CA-012926, that an employer had violated federal labor law by terminating an employee who had “liked” a former co-worker’s negative comment about the employer posted on Facebook.  The Board also ruled that the employer violated the National Labor Relations Act (the “Act”) by firing another employee for posting an expletive-laced comment about the employer in response to the former co-worker’s comment, and it found that the employer’s “Internet/Blogging” policy banning “inappropriate discussions” regarding the company unlawfully chilled employees’ exercise of their right to engage in protected, concerted activity under the Act.

BYOD

Reimburse employees for wireless service. A recent California ruling that requires companies to reimburse employees for wireless serviceAlthough the case raised more questions than it answered about what level of reimbursement is required, it seems clear that companies will bear a larger portion of the cost of BYOD programs than they had previously borne.

Security 
According to the New York Times, when one adds the compromised records in Target, PF Chang’s, Neiman Marcus, Sally Beauty, Michaels, UPS and others, the number of affected customers amounts to more than one-third of the U.S. population.

Home Depot the latest victim of security breach. Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations. Krebs’ reporting is here. This latest incident raises yet another round of concerns about the malware known as “Backoff” and the potential widespread effect on retailers. Home Depot has been hit with a class action lawsuit stemming from a suspected data breach at the home improvement retailer 

Using your cellphone’s gps to stay ahead of fraudsters. In a new effort to use technology to foil credit-card fraud, a company called BillGuard is testing a system that would monitor the precise whereabouts of mobile devices to detect possible payment issues. The tech firm is tracking mobile-phone locations in an attempt to stay one step ahead of fraudsters. Because smartphones are almost always near their owners, the technology would register and flag those occasions when a phone is not near the owner’s credit card. The technology would only be used with the consumer’s consent.

Healthcare.gov Server Hacked.The Department of Health and Human Services disclosed on Sept. 4 that malware had been uploaded on the Obamacare test server back in July. HHS officials say the malware was designed to launch a distributed-denial-of-service attack against other websites when activated and not designed to exfiltrate personally identifiable information. No consumer data was exposed in the incident, officials say (see HealthCare.Gov Server Hacked).

Apple plans to add safeguards to help address security vulnerabilities exploited by celebrity-photo hackers. The proposed changes include alerting users – using both e-mails and push notifications to devices – every time someone:

  • Changes an account password;
  • Uses a new device to log into an account;
  • Restores an iCloud backup to a new device.

After receiving a related alert, the user can immediately change their account password, or file a report of a suspected security breach with Apple. The company has yet to detail how exactly it will respond to those reports.

Privacy

Magazines in Michigan cannot share your personal information. The Michigan’s Video Rental Privacy Act limits the ability of companies to disclose information regarding customers’ video rental activities. In a case filed by a consumer who alleged that a magazine company had improperly disclosed her personal information, along with information about the magazines to which she subscribed, the U.S. District Court for the Eastern District of Michigan recently held that the law does in fact apply to magazines. The court noted that the statute is directed to companies “engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings,” and that magazines constitute “other written materials.”

They’re Lying! How to Combat Online Defamation

Has anyone ever posted false information about you or your company online? I don’t mean things you would prefer not to be out there but​ completely false and potentially damaging information. If you have you know how overwhelming it can seem to get this information down because it can so quickly “go viral” and often is unattributable. Luckily, there are steps you can take to get this information down.

First Line of Defense: Terms of Service
Most online service providers (OSPs)​ have Terms of Service (ToS) or Terms of Use (ToU) that govern the use of their website. Usually those terms prohibit the posting of defamatory material and include the OSP’s right to remove such content.  Even websites that offer consumers places to “vent” and post complaints about companies and individuals, such as RipOffReport.com and Complaints.com,  usually require that users post only information that is truthful and accurate.  Unfortunately, there is not validation process to confirm accuracy prior to posting.

If you identify false and potentially defamatory information about you or your company online, your first step is to check the site’s terms of service. If this is a violation of their terms of service, contact the OSP where the content is posted and notify them of the violation of their terms of service.  Many of the sites we frequent and use to promote our businesses have forms or contact emails designated for this purpose. At the end of this post you will find resources for reporting defamation on a few of the most popular social media sites.

The Content is on its own Website
If you identify potentially defamatory content on a website created but the poster they are not likely to have terms of service that you can use to make a case for removal. However, contact information is required when someone registers a website so you can often obtain the relevant contact information through a WhoIs search on a registrar website, such as whois.domaintools.com. Armed with this information you can work with an attorney to draft a cease and desist letter that will hopefully result in the removal of the content. Site owners do have the option for private registration so if they have elected this service this option is not feasible. Additionally, you should reserve this course of action for sites stood up by the poster because hosts, ISPs, and other OSPs are protected from litigation under the Communications Decency Act.

Dealing with Mr. Anonymous
If you are unable to identify the poster or are unable to get assistance from the OSP you still have legal recourse to get the content removed. Legal proceedings can be commenced against anonymous “John Doe” Internet users.  Once an action is filed, a subpoena can be served on the host website to obtain the Internet Protocol (“IP”) address of the perpetrator, as well as other personally identifiable information (“PII”). You can also subpoena the ISP that assigned the IP address to discover the perpetrator’s identity.

Beware of SLAPP
SLAPP stands for Strategic Lawsuit Against Public Participation, which essentially is a lawsuit filed against a defendant in retaliation for speaking out on a public issue or controversy in, for example, a blog or social media. The goal is to burden them with legal fees until they abandon their criticism. Over half of the states in the United States and District of Columbia have enacted “anti-SLAPP” legislation to protect an individual’s right to free speech and prevent such lawsuits.  “Public issues” include those involving celebrities, public officials and the financial solvency of large companies.

The defendant can use SLAPP to get the suit dismissed. If a defendant is able to demonstrate that the SLAPP action was brought merely for harassment purposes, he or she may file a “SLAPPback” lawsuit against the plaintiff.

If the potentially defamatory statement is not of public interest about a public issue, there really is no SLAPP concern.  Of course, if the subject statement truly is defamatory and all of the elements of a defamation claim are present, there really is no SLAPP concern either way. Make sure the content you seek removal for is truly defamatory if you elect to pursue a lawsuit or other legal action. 

Have you ever been the victim of defamatory content online? How did you handle it? Do you have any tips to add?

Content Removal Resources:

 

​**”Defamation” is a catch-all term for any statement that hurts someone’s reputation. Written defamation is called “libel,” and spoken defamation is called “slander.” Defamation is a legal conclusion that can only be made by a judge. ​

 

Internet Updates June 2014

There is so much going on in the Internet space that I have compiled some of the most interesting happenings of June. They all link to more info. Please read, enjoy and let me know if you want me to expand on anything!

Are threats made on social media protected free speech, or potentially criminal actsThe U.S. Supreme Court has agreed to examine the constitutionality of a federal law making it a crime to transmit communications containing “any threat to injure the person of another.” In this case, the “threats” were in a series of Facebook postings.

Be careful what you post on Facebook, you might get a ticket for it… A woman in a Chicago suburb received a $50 ticket in the mail alleging that she had used a dog park without a permit. The ticket was based entirely on a Facebook posting that the woman had made, and the police immediately rescinded it, saying  that they do not monitor social media in search of potential lawbreakers.

It might be a crime to friend your boss if you live in Arkansas! Arkansas legislators are considering changing a 2013 law after Facebook informs them that the law may have inadvertently made it a crime for a boss and an employee to become Facebook friends.

Snapchat may have competition. According to the Los Angeles Times, Facebook prematurely released, then withdrew, a new mobile app called Slingshot that is intended to compete with Snapchat and permit users to send each other photo and video messages.

Is Twitter in trouble? Twitter’s leadership was thrown into disarray on June 12 after Ali Rowghani resigned suddenly as the company’s chief operating officer amid a dispute with Chief Executive Dick Costolo. Twitter’s stock has fallen about 42 percent this year as concerns have arisen that the company is not signing up enough new users.

Should you make social media rules for your marriage? More and more couples are sitting down with their lawyers before marriage to discuss a social media clause in their prenuptial agreement – covering what they can and cannot say or post about each other. These agreements appear to be enforceable in court if they are specific enough.

The CIA is on Twitter! The CIA has entered the realm of social media, setting up a Twitter presence and a Facebook account. There one can find, among other things, reflections on intelligence history and fun facts from the CIA World Factbook.

Can’t ask for personal social media account logins in Louisiana! 
On May 23, Louisiana became the latest state to enact a law prohibiting employers and public and private educational institutions from requiring applicants, employees, and students to provide access to their personal online accounts.

Every company would be well advised scrutinize their marketing practices on an ongoing basis to ensure that they do not inadvertently expose the company to risks under the Lanham Act. Two US Supreme Court cases decided this term could result in a substantial increase in the number of Lanham Act claims brought under that statute alleging “unfair competition” resulting from product labeling and marketing practices that are alleged to be false or misleading.

  • Lexmark International, Inc. v. Static Control Components, Inc., No. 12-873, slip op. (March 25, 2014), in which the Supreme Court broadly construed the Lanham Act to permit lawsuits by all companies alleging injuries that were proximately caused by false or misleading advertising or promotion, even if the plaintiff was not a direct competitor of the defendant and suffered only “collateral damage.”
  • Pom Wonderful LLC v. Coca-Cola Co., No. 12–761, slip op.  (June 12, 2014), the Court’s second Lanham Act case of the term,  in which it eliminated a potential safe harbor from Lanham Act claims for companies in regulated industries who complied fully with applicable regulations regarding the labeling and marketing of their products.

Interested in being social anonymously? It is harder than you think… Recently a variety of “private” media platforms have emerged. For years, social media platforms have facilitated (or even, in many cases, required) us to use our real identities, with the aim of building friendships and networks in the online world. But these new social media apps (such as “Secret,” “Whisper,” “Yik Yak”) are designed specifically to enable users to share posts anonymously.

“Anonymous” doesn’t necessarily mean anonymous. Even if users are not required to provide any form of contact details to use an anonymous app, the app is very likely to collect certain information that will help identify the user (e.g., the unique digital ID of the user’s phone, location information, etc.). Therefore, it could be be fairly easy to trace a user if required (e.g., by subpoena/court order). Indeed Secret’s Terms of Service state, “We may share information about you … in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, regulation or legal process.”

For more updates visit: http://www.sociallyawareblog.com

Make Sure to Change Your Privacy Settings on Facebook…Again!

Tired of changing your privacy settings on Facebook? Well… Sorry!  You need to do it again…  If you do not want Facebook to track your browsing both on and off their site and track the apps you use, change your settings!

argyllfreepress.com
argyllfreepress.com
Today, Facebook announced that it would begin targeting advertisements to users based on the websites they visit and apps that they use. In a blog post, the company explained that users can opt out of the web browser-based tracking through an online ad industry program and can also opt out of the app-based tracking through their smartphones’ privacy controls.

If you have to see ads while using Facebook, they might as well cater to your specific needs and likes, right? It’s seemingly harmless and most people do not have anything to hide. However, this kind of customization is a double edge sword. On one side you have the benefit of a tailored experience while on the other hand your private searching is being consumed by entities like Facebook. A more specific and more troubling concern is that children as young as 13 will be monitored… Are your teens thinking about the ramifications of having Facebook watch their every movement? Congress is promising to monitor the implications of this new advertising system and so should you. Your privacy and the privacy of your family is important! 

Privacy is the price of convenience. Decide which one matters to you most.

How Much of Your Data can Apple Hand to Law Enforcement?

We are all aware (or at least we should be) that our telecom providers are handing over our data to the police when necessary. Well have you ever wondered just how much and what it takes to get that data? iphone-privacy-2011-04-06-1302104043Apple posted their new guidelines describing what data the company can provide to law enforcement and the processes for requesting that data.

The document breaks it down into two basic types of data: information stored on Apple’s servers and information stored locally on iOS devices.  I have outlined the kinds of data and how they can be obtained in a chart below.

Essentially anything you’ve backed up to or stored on iCloud is available for Apple to provide to law enforcement, including connection logs and IP addresses you’ve used. Additionally a lot of the data associated with your Apple ID is available as well. Therefore, any information you’re providing Apple is available for them to pass along. This is something to consider when deciding if or what to back up on iCloud.  You may want to avoid backing up sensitive company data or private information on iCloud. Some information cannot be avoided, such as anything associated with your Apple ID.

Can they access data on my iOS device???

Yes. Apple can bypass security passcodes on our iOS devices to extract “certain categories of active data,” though it apparently cannot bypass that protection entirely. If provided with a valid search warrant, Apple can hand over SMS messages, pictures and videos, contacts, audio recordings, and your phone’s call history, but it can’t access e-mails, calendar entries, or information from third-party applications. Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage.

Will I know if this is happening?

Maybe. The guidelines state that Apple will “notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself.” Apple will also avoid notifying users if the company “believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment,” though this is entirely up to Apple and not to the law enforcement agencies involved. These notification requirement will help prevent random and unfounded searches.

What is missing?

The policies and capabilities surrounding iCloud Keychain, iMessages and FaceTime calls are unclear and disputed. Apple claims iMessage & Facetime are encrypted but there is some speculation otherwise.

Is this unusual?

No, other tech companies have similar policies. For example, Google provides a similar “Transparency Report” outlining the types of data available to law enforcement. The notification policy is new and several other tech giants, including Facebook and Microsoft, have already indicated that they plan to expand their policies on notifying customers whose data has been requested by law enforcement

 

Where is the Data? Type of Data Means to Obtain Data Restrictions
Information stored on Apple Servers Data Associated with your Apple ID contact inormation obtainable with a subpoena or greater legal process
customer service records
transaction history both in store & online
iTunes gift card information
Data Associated with your iCloud Account connection logs & IP address used Any iCloud information that the user deletes cannot be accessed.
60 days of iCloud mail logs that “include records of incoming and outgoing communications such as time, date, sender e-mail addresses, and recipient e-mail addresses” e-mail logs require a court order or search warrant
any e-mail messages that the user has not deleted requires a search warrant
any other information that can be backed up to iCloud – As of this writing, this list includes contacts, calendars, browser bookmarks, Photo Stream photos, anything that uses the “documents and data” feature (which can include not just word processors but also photo and video apps, games, and data from other applications), and full device backups
Information stored locally on iOS devices SMS messages requires a search warrant – Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage. Cannot access e-mails, calendar entries, or information from third-party applications
pictures and videos
contacts
audio recordings
phone’s call history

Enforcing Trademarks on Social Media

As a trademark owner you have an obligation to “police” your trademark. What does that mean? You are responsible for finding and addressing infringement of your trademark rights. (Copyright holders have a similar obligation.)  A major part of policing or enforcing those rights is monitoring and addressing violations on social media.

Platform Content Removal Policies

Each social media platform has their own policies for removal of content whether trademarks or copyrighted work.  It is important to determine the appropriate method and provide all the necessary information to secure timely removal. Social media content changes very quickly so to be effective at protecting brand perception you must be swift and efficient about requesting content removal.

Use this infographic I created as a quick reference guide for Takedown Policy Requirements On Top Social Media Sites.

What Do I Take Down?

Not only is knowing the policy requirements important you need to determine when a post/content warrants removal. This is a strategic decision your company should make while engaging all necessary stakeholders including but not limited to management, legal and marketing/PR. Below are a few things to consider when determining when to take down a post:

  1. As an organization develop a policy for what types of brand use or content use are important to the company. Use that as a guide to addressing infringement.
  2. Embrace positive uses of your mark. There are positive uses that can promote your brand. Coca Cola illustrates a great example of embracing what could have been trademark infringement when two fans created a Facebook page for them.  Coca cola just dedicated a few members of their team to monitor the content.
  3. Know the social media platform rules and policies on content removal. See the infographic for some help but visit the policies on the platform.
  4. Figure out who is likely to comply with your request for content removal. It is usually easier to make a request through the platform. It can be hard to determine who posted content and their contact information. Additionally, it is unlikely that they will cooperate. Remember that the social media content provider is not likely liable for anything unless you can prove a partnership or joint ownership and control over the account.
  5. Reviews & other commentary about your brand, positive or negative, are allowed. Most social media sites will not take down content of this nature and this can cause backlash that will outweigh the potential benefit. This is a great opportunity to engage consumers and either address concerns or reinforce positive perceptions.
  6. Consider the public relations implications of requesting removal. Will attempting to remove the content cause backlash that will be more detrimental? There have been a number of instances of brands garnering greater negative media attention for trying to take something down justified or not. If infringer’s presence is significant enough to cause concern consider joining the conversation.
  7. Include all the requested information. Incomplete requests for content removal may cause unnecessary delays.
  8. Include trademark registration numbers for all jurisdictions. Some social media platforms will only block content in the applicable jurisdiction or country if you only provide proof of one registration. Provide all registrations so the social media platform is aware of the extent of your protection.
  9. List exactly where infringements are located on the site. Platforms are not required to search for infringements.
  10. Submit evidence of current use. This information only serves to strengthen your claim and is as easy as providing the url to your website.

Remember your objective when policing your mark is to make sure consumers will not be confused. Your trademark is your calling card, do not let anyone use it in a way that dilutes your reputation or capitalizes on the goodwill or value created in that trademark. If you do not have in-house legal counsel consult with an attorney to develop a comprehensive plan to address trademark infringement.