Posted on

The Medium May Be the Message, but Content is Still King — Sex, Lies and Videotape

The Mobile Marketing Association has promulgated guidelines, now adopted by many leading wireless carriers and programming networks, to deal with the growing use of email, SMS (text messaging) and similar mechanisms in advertising and marketing. As you will recall, legal and regulatory actions have arisen based on the fact that some companies’ marketing practices fail to adequately disclose the charges, whether subscription or imposed by the wireless carriers, that apply to some of their services and, in some cases, to the advertisements and marketing messages themselves.

Wireless carriers are beginning to adopt content guidelines for what they will or will not transmit from content partners—regulating such things as sexually explicit, graphic violence, profanity, hate speech and other topics, words and images—in some cases including lengthy lists of “forbidden words.” CTIA, the wireless industry trade association, issued fairly broad content guidelines last November, but left the specific implementation to the individual carriers. Some carriers have carried this implementation to a level of detail that covers everything from games, music, images and video, and in some cases even governs the file names of anything downloaded or transmitted.

Wait until you wake up to the issues raised by transmission and posting of “user generated content.” As you may know, in addition to the FTC regulating advertising and certain content in the U.S., and on top of state laws, the Federal Communications Commission (“FCC”) having authority to regulate indecent content on television and radio and the mobile phone as a media and entertainment device is no longer fiction, but fact in many cases. Did you know that our Advertising, Technology & Media Law group has significant experience in all these areas (Judith Harris for FCC and communications; Doug Wood for advertising and marketing; and, of course, any of us or me, if you simply can’t figure out where your need fits).

Posted on

Ro’bots’ Are So Yesterday–It’s Just ‘Bots’ Now

Want some scary statistics for Halloween? In the first six months of 2005, the average number of “phishing” e-mails went from about 3 million to more than 5½ million, according to the Symantec, distributor and licensor, among other things, of firewall and virus protection software. Phishing, in case you’ve missed the news, is a scam which uses e-mail to spoof legitimate businesses such as banks and airlines, and attempts to entice you to enter personal data which can then be used by criminals. “Update your account” or “Your Security May Have Been Compromised and We Need You to Verify Your Password” are typical messages, often accompanied by logos and names that appear to be all too real.

Symantec also discovered 1,862 new software vulnerabilities, over the six month period—almost all moderate to high security threats and 60 percent were in Web-based applications. Symantec also found that the average number of denial-of-service attacks jumped from 119 to 927 a day during the first half of 2005. Why the increase? Personal computers are being overwhelmed with “bots”—penetrating vulnerabilities in personal computer software that allow the hackers—online criminals—to remotely control home computers. Not convinced? By monitoring customers and their networks the numbers of active bots more than doubled from 4,348 to 10,352 bot computers. The SANS Internet Storm Center, a not-for-profit organization that tracks hacking trends, detects an average of 260,000 bots each day that are out there looking for computers that are vulnerable to attack. No longer limited to “denial of service” attacks by triggering junk data to attack—and ultimately overwhelm—a legitimate website, these bots now are beginning to be used to generate SPAM and malicious code.

Posted on

Big Brother Has Indeed Been Watching

The FTC has been checking compliance with its e-mail opt-out requirements promulgated under CAN-SPAM, and recently announced the results of a compliance survey it undertook with e-Tailers. The survey indicates that 89 percent of those online merchants who participated in the survey were complying with consumer requests to opt-out of future commercial e-mail. The FTC essentially selected 100 merchants that are big users of the Internet in retail sales and then visited their websites, created test e-mail accounts and registrations, and signed up for promotions—using the retailers systems to prompt both an initial message and their ability to reply with an “opt-out” request. All of the merchants selected did provide clear notice to consumers of their opt-out rights and a relatively easy means to do so. After six weeks of monitoring, about 89 percent of the merchants honored all opt-out requests, with 93 percent honoring some. In case you were thinking the FTC doesn’t take CAN-SPAM enforcement seriously or can’t possibly monitor and track your compliance efforts, think again. Use e-mail/e-Tail advertising and marketing? Need to understand your obligations? Need to develop policies and practices for compliance? How quickly and with what level of accuracy do you honor the requests? Need help in understanding when and to what CAN-SPAM applies? Contact either Joe Rosenbaum or Doug Wood at Rimon. We can help.

Posted on

Broadband Cable Internet Providers Don’t Have to Play by Common Carrier Rules

We were so busy last month telling you about Grokster, we didn’t even get a chance to mention the Supreme Court also ruled providers of cable modem services are not subject to the common carrier regulations that apply to telecommunications services—most significantly the requirement they allow competitors to connect or interconnect with their networks and provide competitive choice and equal access to consumers. Technically, the decision held that the FCC didn’t exceed its authority and has the discretion to interpret the scope of its regulation and rulemaking authority when it declined to force cable broadband providers to provide competitive access similar to that accorded the telecommunications’ common carriers. The FCC had characterized cable modem services as “information services” and thus not telecommunications services, which are subject to the common carrier (and consequently, competitive) regulations.

Posted on

Judge Awards $1 Billion in Spam Suit

In what may be the largest judgment in a suit against spammers so far, a company that offers subscribers an e-mail service in Iowa has been awarded more than a billion dollars by a federal judge; the allegations were that the company’s servers were inundated with as many as 10 million spam e-mails a day. The judgments were obtained under the Federal Racketeer Influenced and Corrupt Organizations Act (“RICO”) and the Iowa Ongoing Criminal Conduct Act. Iowa law allows damage claims of $10 per spam message and were tripled under RICO. Not particularly surprising, no attorneys for the defendants were present during a bench trial in November and the judgments were entered by default.
 

Posted on

Voice Over IP—-The FCC Says “Can You Hear Me Now?”

In what is being hailed as a major victory for VoIP, the Federal Communications Commission ruled that some state telecommunications regulations do not apply to providers of “voice over IP” services, and ruled that states are barred from imposing telecommunications regulations on Internet phone service providers. The FCC clearly indicated that existing regulations which rely on where a call originates and terminates (“geography-based”)—relevant when the original laws and regulations were written—are increasingly irrelevant today. The decision calls into question the validity of numerous state regulations which conflict with the Commission’s policies and regulations, but the hard work is yet to come—the FCC still must draft rules for services that rely on the “Internet Protocol,” the backbone of the Internet’s infrastructure. The Commission also did not address whether cable service providers were or were not covered by this ruling. Dozens of states are currently trying to regulate voice over IP, nervous that revenues from telecommunications taxes will diminish as businesses and consumers migrate their voice traffic to the unregulated Internet, although the FCC’s ruling does not diminish the power of state to enact and enforce consumer protection laws for the benefit of their citizens. Taxation and other regulation, however, may be a different matter.

Posted on

Court Sanctions UBS for Destroying E-Mails

On July 20, the U.S. District Court for the Southern District of New York imposed sanctions against UBS Warburg for destroying relevant e-mail messages during the course of litigation (Zubulake v. UBS Warburg LLC, et al., 2004 U.S. Dist. LEXIS (S.D.N.Y, July 20, 2004)). The Court ordered UBS to pay expenses and attorney fees incurred by the plaintiff, granted plaintiff’s request for further discovery, and agreed to instruct the jury that a negative inference may be drawn against UBS as a result of the missing evidence. The case provides important guidance for counsel on electronic discovery issues and record management, and the Court notes counsel is expected to take some affirmative steps: (1) “identify sources of discoverable information”; (2) “put in place a litigation hold and make that known to all relevant employees by communicating with them directly” and not only repeat these instructions “regularly” but also “monitor compliance”; (3) “call for employees to produce copies of relevant electronic evidence”; and (4) “safeguarding any archival media” the client must preserve. Given the notoriety of the case, these practices will likely become a de facto standard in evaluating electronic discovery issues and requests for sanctions. Got litigators? Call Rimon—we not only have knowledgeable litigators, but we also have an entire team of professionals skilled in data management, record retention, and compliance in and out of litigation. Try us, you’ll like us.

Posted on

Disaster Recovery – The Short List

Disaster recovery and continuity planning is still on everyone’s mind. Recent trends focus on data management and recovery—not necessarily to ensure continued operations in the event of an unplanned interruption, but most notably to ensure that regulators can monitor, audit and enforce compliance with the laws and regulations that have arisen in the wake of 9-11, and the corporate ‘scandals’ that have plagued businesses over the past few years.

But as many of you know, record-keeping and data backup is only a piece of the puzzle, albeit an important one. Two years ago (September 2002), Rimon conducted a legal briefing to review the issues related to continuity planning, and this month we thought it might be helpful to repeat some of the simple tips that may help you think about disaster recovery. Of course, if you would like a copy of the presentation, or help, just let us know.

  • Get senior management support: Without it you have no money or authority.
  • Identify, evaluate, prioritize: Which critical operations must continue?
  • Retrieve and restore: What resources need to be available?
  • Plan, plan, plan: Alternate locations, communication methods and control centers. Avoid single points of failure.
  • Money: Emergency cash and lines of credit.
  • Communicate: Media, emergency personnel, employees, customers and suppliers.
  • Practice, practice; Test, test, test: Got the message?
  • Educate, train and inform: Everyone should be advised and trained in his or her role.
  • Update, plan, update, plan: Continuity planning is a continuous process.
  • Insurance: Not prevention, but damage control and worth considering.
  • Consider others: Employees, customers, suppliers, business partners. Involve those who will be affected, to the extent you can.
  • Think relationship, not lawsuit: Contracts can be roadmaps for cooperation.
  • Tear up the plan and start again: What if your primary plan doesn’t work?
  • Think globally, act locally: International operations have international problems.
  • Safety first: Safety of people is the first priority. Good people can overcome the toughest challenges—treat them accordingly.
Posted on

CAN-SPAM: It’s Not Phat!

Federal Commercial E-Mail Legislation Takes Effect A major change in the law that affects privacy and commercial e-mail on the Internet took effect on January 1, 2004. The CAN-SPAM Act of 2003 doesn’t simply establish an “opt-out” framework for commercial e-mail, it completely pre-empts state law. Although an individual consumer doesn’t have the right to sue an offender under the Act, the Federal Trade Commission, along with the Attorneys General of each state, do. So what should you know?

First, the Act only applies to commercial e-mail—an e-mail whose primary purpose is promoting a commercial product or service. Although the FTC has not yet promulgated any regulations under the Act, simply because an e-mail has a URL link to a commercial website or refers to product or service doesn’t make it commercial e-mail. There are, of course, certain obvious exemptions built into the law. Product safety recall information or e-mails notifying you about changes or important notices concerning your subscriptions, memberships, purchase confirmations, accounts or e-mail related to your employment—all of these are so-called “transactional relationship messages” where the main purpose is communication related to a commercial transaction, rather than promotion or advertising.

Second, what does the law require. Starting January 1, 2004, all commercial e-mail (even if an existing business relationship exists and whether or not the e-mail was solicited or not) must contain a clear and conspicuous notice that a consumer can opt out of future e-mails and provide a web-based means to do so. A consumer’s request to opt out must be honored within 10 business days and marketers can’t sell or share the e-mail addresses of those who have opted out. The e-mail must also clearly identify itself as an advertisement—unless a consumer has specifically asked to receive commercial e-mail from a particular commercial entity. Third, the e-mail must contain a postal, physical address of the sender. Although it is not yet clear if a post office box is enough, the less-risky approach is to have a street address.

The Act has a number of other requirements related to labeling—for example, the subject (header) must accurately reflect the body or content of the message and the sender (the sponsor of the promotion) must be identified. Although the Act preempts state commercial e-mail laws, beware of the fact that state fraud, trespass and certain consumer protection laws can still apply.

Violations of the CAN-SPAM Act are criminal offenses and involve both fines and potential jail time upon conviction. As with most Federal crimes, aggravating factors increase the penalties and implementing good faith and reasonable measures to attempt to comply with the Act can lessen them. These penalties can be serious—jail-time of up to five years, $250 per e-mail up to $2 million in fines (which can be tripled up to $6 million if aggravating factors are present) and all computers and software used in the commission of the crime can be forfeit.

Although the primary purpose of Legal Bytes is to enlighten and inform you, it obviously does promote Rimon and encourages you to call us when you need legal support. Accordingly we will always give you the opportunity to opt out of receiving our publication by email and when we send you an e-mail, it will be clear as to what it is and who is sending it. This is not just the law, it’s good practice.

Posted on

Instant Messaging – SEC Regulations Likely

According to the TowerGroup (Bank Technology News, January 2004), an estimated 15 percent of the securities industry in North America uses Instant Messaging for sharing market-related data with client. As we mentioned in our July 2003 issue, the NASD is already requiring member firms to retain records of instant messages for at least three years, and is requiring them to supervise the use of instant messaging technology by their employees. It is likely that
SEC regulations will emerge specifically on the subject this year or next year at the latest.

In the meantime, most securities dealers are choosing to be safe rather than sorry, and are attempting to apply the same rules they have for e-mails to instant messages as well—although the technology isn’t going to make that chore easy. Stay tuned.