Technology

SMS Advertising Spam

Published on: February 24, 2013 | by Law Offices of Salar Atrizadeh

Under the Telephone Consumer Protection Act, commercial entities are barred from freely soliciting customers using a short message service (“SMS”). A SMS typically allows vendors to send short text messages to consumers’ mobile phones. In this case, vendors send text messages to customers, or potential customers, advertising their deals and offers. The Telephone Consumer Protection Act of 1991 (the “TCPA”), codified under Title 47 U.S.C. § 227, limits telemarketers from using automated telephone services to target customers using text messages. Automated telephone services, or auto-dialers, use software programs to automatically send text messages to multiple telephone numbers using a telephone number database. Additionally, where the TCPA allows vendors to solicit customers using text message, it requires these vendors to include identification and contact information in the message. Furthermore, the TCPA and Federal Communications Commission (“FCC”) regulations prohibit such messages between 9:00 p.m. and 8:00 a.m. These provisions require solicitors to maintain a “do-not-call” list and honor the National Do Not Call Registry.

Under the TCPA and FCC regulations, companies may send text messages through an auto-dialer to solicit customers if: (1) the customer has given consent to receive such messages, or (2) the message is sent in case of an emergency. These restrictions apply regardless of whether or not customers have placed their numbers on the National Do Not Call List. According to the FCC, in order to send commercial text messages, companies must obtain written consent from customers. For informational text messages, such as those involving political messages and school information, the FCC only requires oral consent.

However, vendors are drawn to text SMS advertising because it allows them to target customers more directly through cellphones. Nonetheless, companies that violate federal standards against SMS advertising face severe legal consequences. For instance, Papa John’s, the American pizza chain, is currently involved in a class action lawsuit, with a class of customers as plaintiffs, for allegedly sending 500,000 unwanted text messages to customers in 2010. Customers explain they received multiple text messages in a string offering deals for pizza, sometimes in the middle of the night. Since the TCPA makes it illegal to send unsolicited text messages to customers who have not opted to receive offers via text message, the potential award in this case may be the largest recovery under the TCPA. A jury could award up to $1,500 per each text message if it finds that Papa John’s intentionally violated the TCPA.

FTC Adopts Amendments to the Child Online Privacy Protection Act

Published on: February 19, 2013 | by Law Offices of Salar Atrizadeh

In 1998, Congress passed the Children’s Online Privacy Protection Act (“COPPA”) to ensure online privacy for children under the age of thirteen. Under this Act, online operators must obtain parental consent before they begin to collect information about online users under the age of thirteen. The Federal Trade Commission (“FTC”) implements and enforces COPPA. In December 2012, the FTC adopted the first significant amendments to COPPA since the inception of this federal law in 2000.

In 2010, the FTC began to review the terms of COPPA to determine whether changes in the cyber community would require amendments to the Act. The FTC felt that COPPA would potentially require amendments in order to keep pace with the fast-changing nature of the Internet. Before drafting any such amendments, the FTC invited interested businesses and third parties to communicate their suggestions for changes that would help improve this law. After this process, the FTC adopted three significant changes to the Act.

First, the FTC expanded COPPA’s reach to include applications, plug-ins, and advertisement networks that could potentially gather personal information about children under the age of thirteen. Although, this was a controversial addition to COPPA, the FTC was able to compromise by indicating that COPPA will only apply to these online operators if the operator is aware that it is collecting information about children. Next, the FTC expanded COPPA substantially so that it applies to a wider range of personal information subject to the Act’s regulations. Under the 2012 amendments, “personal information” now includes online contact information such as instant messaging usernames, voice over Internet protocol (“VOIP”) identifiers, video chat user data, any other screen names that serve to identify users individually. The Act will also cover “persistent identifiers,” which include IP addresses, profile pictures, or audio files that contain a child’s voice. Finally, the FTC has revised the acceptable means of obtaining parental consent. Pursuant to COPPA, online operators must obtain parental consent before collecting personal information about a child. Under the 2012 amendments, these online operators can now accept consent by a parent’s use of an online payment system, by a parent’s confirmation through video conference with trained personnel, and by verifying a parent’s identification with government-issued identification. These amendments aim to protect children’s privacy in the quickly changing environment of online operators and in light of the constant advancements in the Internet community.

Cloud Computing and Privacy Laws

Published on: January 28, 2013 | by Law Offices of Salar Atrizadeh

The proliferation of cloud computing has given rise to increased privacy concerns. These concerns are especially grounded in Google’s new terms of service that allow the company to gather user information and data and release it to government entities upon request, without obtaining user consent. According to these new terms, as of March 1, 2012, Google has been consolidating data on users who access Google and creating a single profile that contains all of this information. Google’s new terms have caused concern with the Electronic Privacy Information Center (“EPIC”), which argues that these terms conflict with an FTC Consent Order that outlined privacy standards for all Google products and services. The order required Google to obtain users’ consent before gathering and sharing personal user information with third parties.

In response to Google’s new terms, EPIC petitioned the Federal Trade Commission (“FTC”) to compel Google to abide by the terms of the 2011 consent order. EPIC brought suit in the United States District Court of the District of Columbia against the FTC, urging the organization to enforce the consent order, and stop Google’s new policy of gathering and storing user information in individual profiles. The court heard EPIC v. FTC in 2012 and ruled that the court lacked the jurisdiction over the FTC to compel it to act according to EPIC’s demands. Nonetheless, the court noted that it had “serious concerns” regarding Google’s revised terms of service.

The National Association of Attorneys General sent a letter to Google on behalf of 36 states, expressing concern with Google’s intention to gather information about users from all products that utilize Google services, such as cell phones, computers, and tablets. This is especially concerning for Android smartphones, which rely heavily on Google systems and products. Users with electronic devices use various Google products, such as Gmail, YouTube, and the Google search engine, in different ways. However, according to Google’s new terms, user profiles would consolidate usage from all such products into a single profile for each user. The Attorneys General also voiced a specific complaint towards users’ inability to opt out of these new terms. According to the letter, the lack of choice poses a severe threat to individual privacy.

Digital Estate Planning

Published on: January 21, 2013 | by Law Offices of Salar Atrizadeh

The Electronic Communications Privacy Act of 1986 (“ECPA”) prohibits disclosure of stored communications without a court order. This includes instant messages, emails, and communications on Facebook. The issues that can arise from such a standard came to light in 2005, when Loren Williams died in a motorcycle accident in Arizona, and his mother attempted to access his Facebook account in the hopes of feeling closer to her son. However, according to the ECPA, Loren’s mother did not have the authority to access her son’s Facebook account. Loren’s mother eventually sued Facebook in 2007 and a court granted an order allowing her to access his Facebook account. Facebook has revised its policy, allowing relatives to report a death online, at which time, Facebook allows restricted access to an account for friends and relatives.

However, Facebook was merely abiding by the terms and conditions that Loren had agreed to when he signed up for his Facebook account. Under these terms, the “assets” that fell under the license agreement become subject to licensing rules. Accordingly, a license expires when the license owner dies. The rights to that license and those assets do not automatically transfer to the next of kin or to the decedent’s estate upon death. Many states throughout America are in the midst of considering legislation that would allow access to online accounts after death. However, any law in this field is still in its early stages.

In light of these legal circumstances, family members file lawsuits against email servers to gain access to emails after the owner of the account dies. In some cases, the courts have allowed the servers to release the emails as raw data to family members, but courts rarely allow access to accounts. To avoid costly litigation in order to gain access to such accounts, individuals could begin incorporating social media account access and the respective passwords in their wills. Alternatively, individuals could create accounts under a trust to ensure that other members of the trust can access the account in the event that one member passes away. This issue is especially impactful in light of all the other tasks that people are able to conduct online. For example, many people manage their banking online by and through the bank’s website.

Access to Websites for Persons With Disabilities

Published on: January 14, 2013 | by Law Offices of Salar Atrizadeh

The Americans with Disabilities Act (“ADA”) requires public businesses to provide equal access to their venues for persons with disabilities. Under Subchapter III of the ADA, such public establishments include, among others, restaurants, movie theaters, stores, and places of education. Now, the increases in businesses that operate exclusively online, without a physical location, call the reach of the ADA into dispute.

In June 2012, the United States District Court for the District of Massachusetts decided this issue of first impression in National Association of the Deaf v. Netflix, Inc. The court held that the ADA applies to businesses that operate exclusively on the Internet. The National Association of the Deaf sued Netflix, Inc., arguing that by failing to provide closed captioning for all of its content, Netflix was in violation of the ADA. Netflix, Inc. argued that it was not required to provide disability access to its site because it was not a “place of public accommodation” within the meaning of the ADA. The court based its opinion on the public policy underlying the ADA, which aims to provide equal access to public amenities for persons with disabilities. With the exponential rise in online businesses, the court found that it was within this public policy to allow persons with disabilities to access these sites alongside other members of society. One month later, the United States District Court for the Northern District of California reached the opposite conclusion in Cullen v. Netflix, Inc. In this case, the court looked to its prior decisions and held that the ADA’s reach is limited to public establishments with “physical structures.” These two opposite holdings show that the nature and reach of the ADA, as it pertains to online businesses, has not been solidified yet.

The Department of Justice has reviewed the ADA and provided regulations and guidelines for accessible website designs. For example, business can make their sites accessible to persons with disabilities by adopting a simple page layout throughout the site. This makes it especially easier for visitors with visual impairments to locate information quickly and easily. Websites may also provide transcriptions for any video or audio on the site for visitors with hearing impairments. Finally, websites may improve accessibility for persons with disabilities by inviting such visitors to notify website managers of ways to improve site accessibility. Nonetheless, in the absence of a binding uniform standard for website access, the reach of the ADA towards online businesses is still very much in the hands of courts in their individual jurisdictions.

Legal Implications of Online Impersonation

Published on: January 7, 2013 | by Law Offices of Salar Atrizadeh

The possibility of identity theft is a growing concern. However, banks, credit card companies, and various other institutions that house private information regularly take steps to protect customers’ identities. Nonetheless, a different type of identity theft continues to thrive. Online impersonation is a quick and easy form of identity theft that takes place over the Internet. It is an easy type of identity theft given the breadth and convenience of social media and expanding networking sites. However, in light of the Sandy Hook Elementary School incident, state and federal authorities are considering the possibility of bringing criminal charges for online impersonation.

State legislatures called for laws against online impersonation following the case of Megan Meier, a 13-year-old girl who killed herself after a woman impersonated a boy and engaged in cyberbullying. After the Sandy Hook shooting, people began posting incorrect information about the shooting and the suspect. Others began posing as the shooter and staging crime scenes similar to the shooting. Connecticut State Police Lieutenant J. Paul Vance called attention to this matter in a public press conference. He noted that these posts, in addition to being highly inappropriate, were also threatening and criminal in nature.

A spokesman for Commissioner Reuben Bradford stated that, harassing anyone who was a victim of the shooting would be criminally prosecuted. He noted that harassment would not only include in person contact, but also harassment through via the Internet and social media sites. Charges could include criminal impersonation and criminal misrepresentation. California and several other states have established online impersonation as a criminal offense. Critics argue that criminal regulations that prohibit online impersonation may arm interest groups with the power to suppress speech. For example, Electronic Frontier Foundation argues that such laws could silence groups like The Yes Men, which utilizes online impersonation as a form of commentary on the government and large corporations.

Cyberbullying

Published on: December 24, 2012 | by Law Offices of Salar Atrizadeh

Bullying has plagued people of all ages for many generations. Now, with the expansion of the Internet, bullies are able to threaten and harass people at an even greater level through cyberbullying. Stopbullying.gov, a government supported website aimed at spreading awareness, defines cyberbullying as any bullying that involves electronic technology such as computers and cell phones. Instances of cyberbullying aimed towards adults are generally referred to as cyber-harassment or cyber-stalking, whereas cyberbullying generally refers to harassment directed towards children.

Since cyberbullying can largely remain anonymous, it can be very difficult to trace the harassment back to a specific user. The effects of cyberbullying also last longer because the inappropriate posts or messages may be difficult to delete and therefore, have a permanent presence on the Internet. Cyberbullying is also not reserved to the Internet, since cyber-bullies often also target their victims in person. However, due to the expansive nature of the Internet, victims face cyberbullying at all times of the day.

Examples of this harassment includes sending vulgar or threatening messages directly to another person, posting inappropriate information about another person online, pretending to be another person online with the intent of ruining a reputation, posting inappropriate pictures of another person online, harassing another person with a multitude of text messages, or hacking into another person’s online account. Cyberbullying can take place through email, in online chatrooms, on webpages, or through text messages. Advanced features on social networking sites have also led to increased avenues for cyberbullying. For example, the ability to tag other people in a picture on Facebook has led to instances of cyber-bullies posting inappropriate pictures of other people and tagging them in these pictures.

Cloud Computing

Published on: December 17, 2012 | by Law Offices of Salar Atrizadeh

Cloud computing offers a revolutionary new way to conduct business over the Internet. This service is a form of cyber-outsourcing where virtual servers provide certain services or applications for consumers online. Cloud computing vendors include, IBM SmartCloud, Cisco Cloud Computing, Amazon Elastic Compute Cloud (aka Amazon EC2), and various smaller vendors. These providers offer a range of services including storage services and spam filtering.

There are various forms of cloud computing available over the Internet. Managed Service Providers (“MSPs”) are the oldest form of cloud computing. A “managed service” is an application such as virus scanning for email or anti-spam services. The most common form of cloud computing is through Software as a Service (“SaaS”), which delivers an application to multiple customers through a browser using a multi-tenant architecture. Customers benefit because they do not have to invest in servers or purchase software licenses. Providers benefit because they are able to reduce costs because they only need maintain one application for their multiple customers. Salesforce.com is a well-known example of SaaS cloud computing, but Google Cloud Storage is a fast growing option as well.

Similar to SaaS computing, some providers offer Application Programming Interfaces (“APIs”), which allow developers to offer certain functions over the Internet without having to offer entire applications. These functionalities range from specific business services to wider-ranging APIs, such as Google Maps. Another version of SaaS computing allows users to develop their own application and offer the application through a provider’s infrastructure over the Internet. The developers are limited by the provider’s capabilities, but the developers benefit from the established predictability. Google App Engine is an example of such cloud computing.

Privacy Concerns for Personal Email Accounts

Published on: December 10, 2012 | by Law Offices of Salar Atrizadeh

Former CIA Director David Petraeus from his position after the FBI looked through Petraeus’ private Gmail account and discovered that he was having an extramarital affair. These events have brought to light the fragile state of individual privacy on the Internet, particularly in relation to individual email accounts.

According to the Electronic Communications Privacy Act of 1986 (“ECPA”), which is current and applicable cyber law, the FBI has the authority to look through any email account simply by accessing the account through providers such as Yahoo or Gmail. Under the ECPA, law enforcement agencies do not need a search warrant to look through such accounts if the message is more than 180 days old.

In addition, the Foreign Intelligence Surveillance Act of 1978 (“FISA”), under Title 50, sections 1801 et seq. of the United States Code, allows the government to monitor communications between foreign parties, without a search warrant. A 2008 amendment to FISA further allows the government to monitor communications between American parties if the government does not know of the parties’ exact locations or identities. A group of attorneys raised a constitutional challenge to this amendment, and the matter is now before the United States Supreme Court. The justices have focused on whether the amendment offers the government an inappropriate range of power, or whether the amendment simply expands the government’s resources to protect America.

Facebook Pictures and Privacy Concerns with Facial Recognition Technology

Published on: December 3, 2012 | by Law Offices of Salar Atrizadeh

Facebook is struggling to decide how to handle its pictures. While consumer companies urge Facebook to profit from its face recognition technology, international regulators insist that user identities remain protected. According to a New York Times article entitled, Facebook Can ID Face, But Using Them Grows Tricky, Facebook agreed to delete user identification information, which the site gathers through facial recognition technology. The technology at issue is Facebook’s “tag suggestion” which automatically matches names with faces when a user uploads a photo. Facebook has deactivated this feature to make improvements that international regulators can approve.

Chris Hoofnalge, a professor at the University of California Berkeley, School of Law stated in the article that increasing developments in this field “directly affects civil liberties.” Although, the public is more likely to accept using identifying information from facial recognition technology for security purposes, Wall Street is now pressuring Facebook to utilize its users’ personal data for profit. Legislators, such as Senator Al Franken, have expressed concern over Facebook’s “database of face prints,” which Facebook has gathered “without the explicit consent of its users.” Franken urged Facebook to provide the same right of privacy to its American users as it does its European counterparts.

The Federal Trade Commission (“FTC”) has issued a guide, “Facing Facts Best Practices for Common Uses of Facial Recognition Technologies,” aimed at defining facial recognition technology and outlining authorized uses. In addition, earlier this year Google announced a new tool that would allow individuals to blur their faces in YouTube videos. This is one of the first steps to provide “visual anonymity” in cyberspace.