This is the third in a series of blog articles relating to the topics to be discussed at the 30th Annual Media and the Law Seminar in Kansas City, Missouri on May 4-5, 2017. Blaine C. Kimrey and Bryan K. Clark of Vedder Price are on the planning committee for the conference. In this article, we discuss the Tor Browser and its relationship to privacy laws. Tor’s impact on anonymous speech and the tension between First Amendment rights and online threats to reputation, privacy and public safety will be among the topics discussed at the 2017 seminar.

Even among somewhat sophisticated privacy professionals and lawyers, the Tor Browser is sometimes a bit of a mystery. What is Tor, is it even legal, and, if so, what are the pros and cons associated with Tor? At a fundamental level, Tor is actually quite simple—Tor protects the privacy of its users by spreading communications across of a series of servers around the world to make it difficult to determine who or where the individual user is. Tor is a volunteer operation and it is available to anyone willing and able to download the free software from Tor’s Web site.

In some circles, using Tor has taken on a negative connotation because (not surprisingly) individuals engaged in nefarious activities online have turned to Tor as a way to mask their identities. But there is nothing per se illegal about using Tor, and it can be a legitimate way to avoid unwanted digital tracking from corporations and circumvent censorship in countries under the thumb of oppressive regimes. In fact, the U.S. State Department has contributed millions of dollars over the years to help with the development of Tor in the interest of encouraging free speech in other countries. Continue Reading Tor Presents Compelling Privacy Puzzle

Businesses have largely benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, such technologies also make it increasingly difficult to monitor and control the unauthorized distribution of confidential data. On March 30, UK regulators fined a former managing director of Jeffries Group for divulging confidential client information. The banker, Christopher Niehaus, shared confidential information with two friends using WhatsApp, a popular text messaging app. The exposed information included the identity of a Jeffries Group client, the details of a deal involving the client, and the bank’s fee for the transaction. Perhaps the most surprising aspect of this story is that the leak was discovered at all. Because data sent on WhatsApp are encrypted and Mr. Niehaus used his personal mobile phone to send the messages, Jeffries Group only viewed the communications—and subsequently informed regulators—after Mr. Niehaus turned his device over to the bank in connection with an unrelated investigation. Continue Reading Encrypted Messaging Apps Create New Data Privacy Headaches for Employers

If you follow developments in TCPA case law, you’ve probably heard by now that the DC Circuit Court of Appeals last week overturned the 2015 FCC Order that had required TCPA opt-out notices on both solicited and unsolicited faxes. The court held that the FCC’s rule was “unlawful to the extent that it requires opt-out notices on solicited faxes.” See Bais Yaakov of Spring Valley v. FCC, et al., Case No. 14-1234 (D.C. Cir.). In fact, the DC Circuit—despite years of FCC guidance, 13 consolidated appeals and more than two dozen lawyers participating in the briefing—seemed to view this as a relatively simple issue of statutory construction: “The text of the Act provides a clear answer to the question presented in this case. . . . Congress drew a line in the text of the statute between unsolicited fax advertisements and solicited fax advertisements. Unsolicited fax advertisements must include an opt-out notice. But the Act does not require (or give the FCC authority to require) opt-out notices on solicited fax advertisements. It is the Judiciary’s job to respect the line drawn by Congress, not to redraw it as we might think best.” Continue Reading DC Circuit Opts Out of Flawed FCC Ruling

The following March 3 blog post inspired the Law360 article, “Challenging Personal Jurisdiction In Online Conduct Cases,” published on March 24, 2017. See full article below.

Earlier this week, Judge Edmond Chang of the Northern District of Illinois rejected Google’s arguments that application of the Illinois Biometric Information Privacy Act (BIPA) to facial geometry scanning by Google Photos is, on its face, an improper extraterritorial application of Illinois law. See Rivera v. Google, Inc., Case No. 16-cv-22714, Docket Entry 60.  Faced with Google’s arguments that the claims would require extraterritorial application of the statute and/or would violate the Dormant Commerce Clause by reaching beyond state boundaries, the court essentially punted, saying that “[d]iscovery is needed to determine whether there are legitimate extraterritoriality concerns.” Id. at p. 22.  The court also rejected Google’s argument that BIPA does not cover facial geometry scans pulled from photographs. Continue Reading Biometric Data Claims against Google Survive – But What about Personal Jurisdiction?

Smiling PigPlaintiffs’ lawyers across the land have trumpeted the U.S. Supreme Court’s decision in Spokeo as a victory (or at least not a loss). Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016).  At least one plaintiff’s lawyer has gone so far as to suggest that defense lawyers who raise Spokeo-based arguments should fear sanctions.  As a Southern colleague of mine would say, those lawyers are trying to make a silk purse of a sow’s ear.

Although many post-Spokeo decisions have not yielded dismissal, many have, and they have done so based largely on Spokeo, which does more than reaffirm prior notions of standing and rather strengthens them in a way that is quite beneficial to corporate defendants facing trumped-up claims with no real harm.  One of the most recent defense victories post-Spokeo is Meyers v. Nicolet Rest. of De Pere, LLC, 2016 U.S. App. LEXIS 22139 (7th Cir. Dec. 13, 2016). Continue Reading Spokeo Was a Loss for Plaintiffs, Seventh Circuit Reaffirms

Change bulb idea to money with smartphone

On December 6, 2016, the U.S. Supreme Court, in Samsung Electronics Co. Ltd., v. Apple Inc., 580 U.S. ____ (2016), unanimously ruled that in multicomponent products, the “article of manufacture” subject to an award of damages under 35 U.S.C. §289 is not required to be the end product sold to consumers but may only be a component of the product.

In 2007, when Apple launched the iPhone, it had secured several design patents in connection with the launch. When Samsung released a series of smartphones resembling the iPhone, Apple sued Samsung, alleging that the various Samsung smartphones infringed Apple’s design patents. A jury found that several Samsung smartphones did infringe those patents. Apple was awarded $399 million in damages for Samsung’s design patent infringement, the entire profit Samsung made from its sales of the infringing smartphones. The Federal Circuit affirmed the damages award, rejecting Samsung’s argument that damages should be limited because the relevant articles of manufacture were the front face or screen rather than the entire smartphone. Continue Reading U.S. Supreme Court Revisits Design Patent Damages

The symbol of copyright protection. Seal and imprintAs of December 1, 2016, the Copyright Office requires that each online service provider designate an agent to receive notifications of claimed infringement as required under the Digital Millennium Copyright Act (“DMCA”) by the Office’s new online system, located here: https://dmca.copyright.gov/osp/p1.html. This online registration system and corresponding electronically generated directory replace the Office’s old paper-based system and directory. As a result, the Office will no longer accept paper designations, and service providers that appointed agents under the old paper-based system must submit a new designation under the new online system by December 31, 2017 in order to maintain its safe harbor1 from copyright infringement.

The DMCA includes provisions directed to copyright infringement on the Internet, notice and takedown procedures for copyright owners to report claimed infringement and safe harbors from copyright infringement liability for online service providers. Generally, online service providers are considered to be any provider of online services or network access, such as, Internet service providers, websites, hosting companies, mobile app publishers, others that allow users to post or store material on their systems, and search engines, directories, and other information location tools, etc. Continue Reading Online Service Providers – Important Update – Copyright Safe Harbor

I. Overview

While the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (the TCCWNA) has been around for over 30 years, there has been a recent surge in the filing of class action lawsuits under the statute against businesses engaged in e-commerce. The statute was enacted in 1981 to regulate “consumer contracts, warranties, notices and signs contain[ing] provisions which clearly violate the rights of consumers.” Although such provisions are legally unenforceable, the legislature reasoned that “their very inclusion in a contract, warranty, notice or sign deceives a consumer into thinking that they are enforceable and for this reason the consumer often fails to enforce his rights.”

Initially, the statute was not used very much and remained dormant during the first 30 years following its enactment. Recently, however, the plaintiffs’ bar has resurrected the statute, targeting the website terms and conditions of businesses engaged in e-commerce. This resurrection began in 2013 as a result of the New Jersey Supreme Court holding that certificates issued by restaurants and offered for purchase by an Internet marketer are subject to TCCWNA rules1, and it has continued for a few reasons. First, plaintiffs are asserting that the TCCWNA is very broad in scope. Indeed, plaintiffs’ lawyers contend that it applies to consumers who suffered no actual injury. Additionally, the statute provides for statutory damages of $100 per customer as well as attorney’s fees and costs, which creates the potential for very large monetary awards. Finally, while more guidance is necessary to determine how courts will treat e-commerce TCCWNA claims, there have been several plaintiff-friendly TCCWNA decisions in New Jersey. Continue Reading New Jersey Consumer Statute Presents Trap for Unwary Retailers Engaged in E-Commerce

This is the first in a series of blog articles relating to the topics to be discussed at the 30th Annual Media and the Law Seminar in Kansas City, Missouri on May 4-5, 2017. Blaine C. Kimrey and Bryan K. Clark of Vedder Price are on the planning committee for the conference. In this article, we explore recent developments related to “champerty,” which involves the funding of a lawsuit by a person with no direct interest in the case. The topic of revenge and retaliation against the media through litigation funding will be one of the topics at the 2017 seminar.

Earlier this month, Hulk Hogan settled his lawsuit against what remains of Gawker Media for $31 million, bringing to an end years of litigation that resulted in a stunning $140 million verdict that rocked the media defense bar. But the lasting implications of the case that ultimately shuttered Gawker.com remain unclear. For lawyers who defend media entities, the Gawker case is viewed as a cautionary tale of bad facts making bad law and the dangers of going against an adversary funded by an enemy with deep pockets. But not everyone agrees with this perspective. Speaking recently to the National Press Club, Peter Thiel (the billionaire who funded Hogan’s litigation) seemed to suggest that it was Hogan, rather than Gawker, who was unable to get fair treatment in the courts. “One of the striking things is if you are middle class, upper middle class, a single-digit millionaire like Hulk Hogan, you have no effective access to our legal system,” Thiel said. “It costs too much.” Continue Reading What Hath Hulk Wrought – Media Girds for Battle vs. Billionaires

After nine months of intense negotiations and uncertainty, and despite ongoing criticisms from powerful data protection regulators, the new EU-U.S. Privacy Shield program went into effect this week as the U.S. Department of Commerce began accepting applications online. Some companies that are self-certifying their compliance have already submitted their documentation and many more are expected to do so in the coming days and weeks as they seek shelter under the replacement for the long-standing EU-U.S. Safe Harbor arrangement that was invalidated by the European Court of Justice last year.

Companies can now “sign up” for the Privacy Shield list, but they should not expect a rubber stamp from the Commerce Department just because they have self-certified. To ensure that their applications are approved, companies should take the following steps:

  • Confirm that they are eligible to participate—not all organizations are. Only companies subject to the jurisdiction of the FTC or the DOT may participate at this time
  • Develop a Privacy Shield-compliant privacy policy statement
  • Identify their independent recourse mechanism—under the new framework, self-certifying organizations must provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual
  • Ensure that they have compliance verification mechanisms in place
  • Designate contacts within their organizations to serve as liaisons regarding the Privacy Shield
  • Review the information required to self-certify
  • Go online to www.privacyshield.gov to self-certify

Continue Reading Time to Raise Your Shield: The New EU-U.S. Framework Is Here