The New York Appellate Division has ruled that an email exchange between two parties can amend a contract—even if the agreement specifically states amendments “must be in writing signed by both parties” (Arthur Stevens v. Publicis USA). Here, an employment agreement was the subject of emails between the parties. The court ruled that emails containing the name of the sender in a signature block are a “signed writing” sufficient to amend the contract! Ouch! It is not hard to imagine any email communication with all the elements of a meeting of the minds (“gee, that sounds perfect”), an intent to be bound (“I agree”) and authenticated as attributable to the parties—would fit the argument. Have you looked at your contracts lately? Your outgoing email messages? Our own Peter Raymond and John Webb argued and won this case for our client Publicis USA and have authored a Rimon Bulletin. Our ATM team is working with them to counsel clients on how best to protect themselves in light of this decision.
New E-Discovery Rules
With file sizes growing, you would think computers that can rapidly process large files and storage capability would be all the rage. For compliance officers, record managers and lawyers, it’s retrieving the information that is the hot issue and hardly a trivial one. New Federal rules relating to civil litigation took effect at the end of last year, requiring companies involved in federal litigation to produce electronically stored information as part of the pre-trial discovery process. The new rules apply to employee e-mails, instant messages and other electronic, digitally stored information. In the event the companies are sued, legal experts say, companies will need to start worrying about everything in electronic form—from digital photos on employee cell phones to text (“SMS”) messages.
Companies need to have sound record retention and destruction of records policies to ensure compliance with regulatory record-keeping requirements and to avoid potentially massive costs of searching and retrieving information that could and should have been purged. Absent actual or an expectation of specific litigation or a subpoena requiring production of data, companies can purge their systems of information that may no longer be relevant or necessary to their business operations. As the cost of storage has come down, however, companies routinely store information and don’t bother to delete unnecessary information—because it’s easy and affordable to simply keep everything!
The opposite is also an issue. Communication between lawyers and technology folks is less than perfect. A lawsuit arrives, but no one tells data management or systems. Tapes and disks continue to be routinely erased or written-over, with corresponding loss of data. Lots of companies don’t have policies and don’t know what information they have, where it is stored, and who may have, have kept or destroyed copies of information in electronic form. Lack of information is a weakness for lawyers. If you remember the adage, “never ask a question you don’t already know the answer to,” imagine how a litigator for the company will feel blindsided by records she was unaware of or cited by a court for destroying records he didn’t know his client had.
Why pay attention? Because by exercising preventive care, you can avoid potentially huge legal and operational expenses. By crafting and enforcing compliant and well-thought-out record retention and destruction policies, you can avoid high-priced lawyers sorting through email messages about the staff luncheon, and the pitfalls associated with a “smoking gun” needlessly showing up in that pesky lawsuit. Call us. The ATM Legal Team can help!
The Truth Shall Set You Free: Deception Gives Rise to Personal Liability
A court has held an individual personally liable to the tune of $17 million for deceptive mail solicitations because of his exercise of control over companies that mailed solicitations, his review of some of these solicitations, and his personal knowledge of customer complaints. If a person is directly involved in the act, has the authority to control them, knew of material misrepresentations or was recklessly indifferent to the truth, or knew there was a high probability of fraud and intentionally avoided the truth, that person can be held personally liable under Section 5 of the FTC Act.
Should You Hear Me Now?
Clients often ask whether customer service calls can be taped or recorded for training, monitoring, security or other purposes. They want to know if they need to get express consent from the customer or even their employees when setting up the recording process. Many states have specific laws that deal with both monitoring and recording of telephone or other electronic communications—not to mention federal wiretap laws. Well recently, the California Supreme Court ruled that a business located in the state of Georgia that recorded a call with a California resident violated California’s two-party consent rule, even if you are in Georgia (which only requires one of the parties to consent— i.e., yours). In addition to California, a number of states have two-party consent laws (for example, Pennsylvania, Florida, Connecticut and Washington, to name a few), and if you are or are thinking of monitoring or recording any calls, check with a lawyer to be sure you know what you must do to comply—on second thought, don’t just check with a lawyer, call Rimon. Our Advertising, Technology & Media Law practice has what it takes—record that please!
The Medium May Be the Message, but Content is Still King — Sex, Lies and Videotape
The Mobile Marketing Association has promulgated guidelines, now adopted by many leading wireless carriers and programming networks, to deal with the growing use of email, SMS (text messaging) and similar mechanisms in advertising and marketing. As you will recall, legal and regulatory actions have arisen based on the fact that some companies’ marketing practices fail to adequately disclose the charges, whether subscription or imposed by the wireless carriers, that apply to some of their services and, in some cases, to the advertisements and marketing messages themselves.
Wireless carriers are beginning to adopt content guidelines for what they will or will not transmit from content partners—regulating such things as sexually explicit, graphic violence, profanity, hate speech and other topics, words and images—in some cases including lengthy lists of “forbidden words.” CTIA, the wireless industry trade association, issued fairly broad content guidelines last November, but left the specific implementation to the individual carriers. Some carriers have carried this implementation to a level of detail that covers everything from games, music, images and video, and in some cases even governs the file names of anything downloaded or transmitted.
Wait until you wake up to the issues raised by transmission and posting of “user generated content.” As you may know, in addition to the FTC regulating advertising and certain content in the U.S., and on top of state laws, the Federal Communications Commission (“FCC”) having authority to regulate indecent content on television and radio and the mobile phone as a media and entertainment device is no longer fiction, but fact in many cases. Did you know that our Advertising, Technology & Media Law group has significant experience in all these areas (Judith Harris for FCC and communications; Doug Wood for advertising and marketing; and, of course, any of us or me, if you simply can’t figure out where your need fits).
Ro’bots’ Are So Yesterday–It’s Just ‘Bots’ Now
Want some scary statistics for Halloween? In the first six months of 2005, the average number of “phishing” e-mails went from about 3 million to more than 5½ million, according to the Symantec, distributor and licensor, among other things, of firewall and virus protection software. Phishing, in case you’ve missed the news, is a scam which uses e-mail to spoof legitimate businesses such as banks and airlines, and attempts to entice you to enter personal data which can then be used by criminals. “Update your account” or “Your Security May Have Been Compromised and We Need You to Verify Your Password” are typical messages, often accompanied by logos and names that appear to be all too real.
Symantec also discovered 1,862 new software vulnerabilities, over the six month period—almost all moderate to high security threats and 60 percent were in Web-based applications. Symantec also found that the average number of denial-of-service attacks jumped from 119 to 927 a day during the first half of 2005. Why the increase? Personal computers are being overwhelmed with “bots”—penetrating vulnerabilities in personal computer software that allow the hackers—online criminals—to remotely control home computers. Not convinced? By monitoring customers and their networks the numbers of active bots more than doubled from 4,348 to 10,352 bot computers. The SANS Internet Storm Center, a not-for-profit organization that tracks hacking trends, detects an average of 260,000 bots each day that are out there looking for computers that are vulnerable to attack. No longer limited to “denial of service” attacks by triggering junk data to attack—and ultimately overwhelm—a legitimate website, these bots now are beginning to be used to generate SPAM and malicious code.
Big Brother Has Indeed Been Watching
The FTC has been checking compliance with its e-mail opt-out requirements promulgated under CAN-SPAM, and recently announced the results of a compliance survey it undertook with e-Tailers. The survey indicates that 89 percent of those online merchants who participated in the survey were complying with consumer requests to opt-out of future commercial e-mail. The FTC essentially selected 100 merchants that are big users of the Internet in retail sales and then visited their websites, created test e-mail accounts and registrations, and signed up for promotions—using the retailers systems to prompt both an initial message and their ability to reply with an “opt-out” request. All of the merchants selected did provide clear notice to consumers of their opt-out rights and a relatively easy means to do so. After six weeks of monitoring, about 89 percent of the merchants honored all opt-out requests, with 93 percent honoring some. In case you were thinking the FTC doesn’t take CAN-SPAM enforcement seriously or can’t possibly monitor and track your compliance efforts, think again. Use e-mail/e-Tail advertising and marketing? Need to understand your obligations? Need to develop policies and practices for compliance? How quickly and with what level of accuracy do you honor the requests? Need help in understanding when and to what CAN-SPAM applies? Contact either Joe Rosenbaum or Doug Wood at Rimon. We can help.
Broadband Cable Internet Providers Don’t Have to Play by Common Carrier Rules
We were so busy last month telling you about Grokster, we didn’t even get a chance to mention the Supreme Court also ruled providers of cable modem services are not subject to the common carrier regulations that apply to telecommunications services—most significantly the requirement they allow competitors to connect or interconnect with their networks and provide competitive choice and equal access to consumers. Technically, the decision held that the FCC didn’t exceed its authority and has the discretion to interpret the scope of its regulation and rulemaking authority when it declined to force cable broadband providers to provide competitive access similar to that accorded the telecommunications’ common carriers. The FCC had characterized cable modem services as “information services” and thus not telecommunications services, which are subject to the common carrier (and consequently, competitive) regulations.
Judge Awards $1 Billion in Spam Suit
In what may be the largest judgment in a suit against spammers so far, a company that offers subscribers an e-mail service in Iowa has been awarded more than a billion dollars by a federal judge; the allegations were that the company’s servers were inundated with as many as 10 million spam e-mails a day. The judgments were obtained under the Federal Racketeer Influenced and Corrupt Organizations Act (“RICO”) and the Iowa Ongoing Criminal Conduct Act. Iowa law allows damage claims of $10 per spam message and were tripled under RICO. Not particularly surprising, no attorneys for the defendants were present during a bench trial in November and the judgments were entered by default.
Voice Over IP—-The FCC Says “Can You Hear Me Now?”
In what is being hailed as a major victory for VoIP, the Federal Communications Commission ruled that some state telecommunications regulations do not apply to providers of “voice over IP” services, and ruled that states are barred from imposing telecommunications regulations on Internet phone service providers. The FCC clearly indicated that existing regulations which rely on where a call originates and terminates (“geography-based”)—relevant when the original laws and regulations were written—are increasingly irrelevant today. The decision calls into question the validity of numerous state regulations which conflict with the Commission’s policies and regulations, but the hard work is yet to come—the FCC still must draft rules for services that rely on the “Internet Protocol,” the backbone of the Internet’s infrastructure. The Commission also did not address whether cable service providers were or were not covered by this ruling. Dozens of states are currently trying to regulate voice over IP, nervous that revenues from telecommunications taxes will diminish as businesses and consumers migrate their voice traffic to the unregulated Internet, although the FCC’s ruling does not diminish the power of state to enact and enforce consumer protection laws for the benefit of their citizens. Taxation and other regulation, however, may be a different matter.