Category Archives: Electronic Communication

What cloud computing services need to know about the Aereo decision

In June. the United States Supreme Court issued its much-anticipated decision in American Broadcasting Cos. v. Aereo, Inc. The decision effectively shut down the Aereo service, at least temporarily as it explores fundamental changes to its business model to permit it to continue distributing content while complying with the Court’s decision.

The Aereo service in question offered subscribers the ability to watch television broadcasts over the Internet, streamed in substantially real time as the programs were being distributed over-the-air by the original broadcasters. Aereo implemented this service via a network of antennas. When a subscriber selected a program, Aereo would select an antenna, deliver the program to the subscriber via the antenna, and dedicate the antenna to the subscriber until the program was complete.

The question that the Court considered was whether Aereo’s retransmission violated U.S. copyright law.  The Court focused on the section of the Copyright Act that gives a copyright owner the exclusive right to “perform the copyrighted work publicly.” The Copyright Act defines that exclusive right to include the right to “transmit or otherwise communicate a performance . . . of the [copyrighted] work . . . to the public, by means of any device or process, whether the members of the public capable of receiving the performance . . . receive it in the same place or in separate places and at the same time or at different times.”

Aereo argued that it did not transmit any performances “publicly” but rather only enabled the transmission of content privately, to a single subscriber at a time. However, the Court found that Aereo’s overall system could transmit a program to many subscribers, and that its activities constituted a “public” performance. In particular, the Court stated:  “we conclude that when an entity communicates the same contemporaneously perceptible images and sounds to multiple people, it transmits a performance to them regardless of the number of discrete communications it makes.”

The Court’s conclusion, if taken out of context, could cause cloud storage service providers to be concerned. Services that allow users to store music, video and other content online for on-demand delivery may indeed wonder whether their services permit “public performance” when a user accesses stored online content.

However, the Court took care to say that its ruling was limited to an interpretation of the Copyright Act’s Transmit Clause, which the Court said was intended to apply “to cable companies and their equivalents, [and] did not intend to discourage or to control the emergence or use of different kinds of technologies.” The Court noted that the term “public” in this context “does not extend to those who act as owners or possessors of the relevant product. And we have not considered whether the public performance right is infringed when the user of a service pays primarily for something other than the transmission of copyrighted works, such as the remote storage of content.”

Thus, not only did the Court state that it was not addressing remote storage systems, it also hinted that it would not consider distribution of remotely stored content in a cloud storage service to be a violation of copyright law because those distributions were not to the “public.”

So, at least for the present, remote storage services can take comfort in lower court decisions such as Cartoon Network LP v. CSC Holdings (2nd Cir. 2008), which held that remote DVRs may operate without violating copyright law.

 

 

Court action against FCC’s “net neutrality” rules could change rules of Internet service

The “open” nature of high-speed Internet service in the United States may be at risk based on a new appeals court ruling that struck down the Federal Communication Commission’s “net neutrality” regulations.

Since 2010, the FCC regulations, known as the “Open Internet Order,” have prohibited broadband service providers (ISPs) from blocking access to lawful content. as well as from blocking applications that compete with the  provider’s service offerings. The Order also prohibits providers of fixed broadband service (i.e., non-mobile broadband) from unreasonably discriminating in transmitting lawful Internet traffic, such as by granting preferred status or speeds to websites that are affiliated with the provider or who pay a fee to the provider.

The Court’s decision in Verizon v. Federal Communications Commission struck down most of the Open Internet Order.  In particular, the Court said that the FCC went beyond its regulatory authority in imposing the anti-blocking and anti-discrimination rules on ISPs.

Notably, the Court did not say that the FCC could never impose such rules on ISPs. Instead, the Court found issue with the way that the FCC imposed the rules on ISPs. Specifically, the Court faulted the FCC for creating rules that could be considered common carrier obligations and then imposing them on ISPs that were not considered to be “common carriers” under the Communications Act.

The Court did uphold the Order’s requirement that ISPs disclose to consumers accurate information about their network management practices, performance and commercial terms of service.  So, although an ISP can now block or slow a particular website, it must disclose that practice to its subscribers.

The FCC is expected to appeal the decision.  Alternatively, the FCC could attempt to re-write the rules within the guidelines of the decision. Either way, it will be interesting to see whether any broadband service providers change the way that they deliver services to consumers. Under the Court’s ruling, an ISP who is also a cable service provider could block or slow certain over-the-top services so long as they disclose that fact to subscribers. An ISP could charge a higher fee for access to certain sites, or perhaps a reduced fee to consumers who are  willing to accept a more limited scope of the World Wide Web.   Alternatively, some ISPs may use the Court’s ruling as an opportunity to attract new consumers by pledging to make all sites freely available without blocking or discrimination.

Either way, consumers are likely to see changes in their broadband service soon based on the new ruling.

New Data Breach 411 app helps companies navigate data breach laws

It’s a general counsel’s worst nightmare. Sensitive data. Gone. Stolen by faceless thieves who breached the company’s seemingly secure network.DataBreach411-2

As my partner Scott Vernick of Fox Rothschild recently stated:  “Data breaches can severely impact a company’s reputation and have debilitating consequences to businesses big and small.”

A new mobile phone app launched by the Fox Rothschild Privacy and Data Security Practice provides a guide to swift damage control in situations like this. The app—called Data Breach 411—can help companies who are affected by a breach navigate the various laws and regulations relating to data breaches. Currently, 46 states have laws in place addressing how organizations should prepare for and respond to the loss or theft of data.

According to Vernick:  “Our app is a ‘one stop shop’ for in-house counsel and privacy officers to instantly access the relevant state-specific details on what they need to do, who they need to notify, when and how. The ability to access these state rules at your fingertips can make all the difference in terms of what’s at stake for an organization: loss of reputational integrity, public trust and business, and time-consuming and costly remediation efforts.”

Information available via the Data Breach 411 app include:

  • State Security Breach Statutes: An alphabetical listing of the states that have data breach laws in place and links to all the relevant notification statutes.
  • HIPAA/HITECH Statutes: Breach notifications rules and other pertinent information related to the loss or theft of personal health information.
  • Resources: Links to credit agencies and credit monitoring services as well as the FTC website. Also, a section on COPPA – the Children’s Online Privacy Protection Act – and relevant information surrounding the mining of data on minors. This section also includes links to Fox’s Privacy Compliance & Data Security Blog and its HIPAA, HITECH and Health Information Technology Blog.

The Data Breach 411 app is currently available for free in the iTunes Store. An Android version will be available soon. To download the app, click here.

Does your website privacy policy describe how you handle “do not track” requests? If not, read this . . .

A new California state law is prompting businesses around the country to update their website privacy policies to more fully describe how the business handles certain customer data.

California’s Online Privacy Protection Act (CalOPPA) already required any commercial website or online service that collected personally-identifiable data from California residents to post a privacy policy. The new law amends CalOPPA to mandate that privacy policies explicitly describe how the website or service will respond to “do not track” requests from users.

My partner Mark McCreary prepared a detailed summary of the CalOPPA amendment and its additional disclosure requirements.  Mark’s summary is available via this link.

Federal Trade Commission issues new “.com Disclosures” guidance for online advertising

On March 13, 2013,  the FTC updated its “.com Disclosures” guidance document for online disclosures to address new issues resulting from the expanding use of smartphones and other mobile devices for advertising purposes.

Originally published in 2000, the FTC guide addresses how companies who are engaged in online advertising should provide the various disclosures that are required by the laws that the FTC enforces. These disclosures include those required to prevent a claim that a particular advertisement is misleading or deceptive.   Examples include: Continue reading

FTC proposes update to children’s online privacy rules

The Federal Trade Commission (FTC) has proposed an updated set of online privacy rules to address the use of new technologies — including mobile technologies – by children under the age of 13.  The original rules, issued in 2000 to implement requirements of the Children’s Online Privacy Protection Act (COPPA), require operators of commercial websites and online services directed to children under age 13 to:

  • post a privacy policy describing how the site handles children’s personal information;
  • provide direct notice to parents and obtain verifiable parental consent before collecting children’s personal information;
  • give parents the option to allow the operator to collect and use a child’s information, but not disclose it to third parties;
  • give parents access to their child’s personal information for review and/or deletion;
  • give parents the opportunity to prevent further use of the information; and
  • maintain the confidentiality, security, and integrity of information collected from children.

Changes proposed in the new rule include:

  • an expanded definition of “personal information” that includes substantially all information that can be used for online profiling or directed behavioral advertising – including geo-location information, instant messaging user IDs, voice over IP (VOIP) identifiers, video chat user IDs, and tracking cookies;
  • a requirement that key information be presented to parents in a succinct “just-in-time” notice, and not just in a privacy policy;
  • new methods to obtain verifiable parental consent, including electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that the parent’s identification is deleted promptly after verification is done;
  • a requirement that website operators ensure that service providers or others to whom they disclose a child’s personal information implement reasonable procedures to protect it, retain the information for only as long as is reasonably necessary, and properly delete the information; and
  • a requirement that self-regulatory “safe harbor programs” audit their members at least annually and report the results of those audits to the FTC.

The FTC will accept comments on the proposed rules through November 28, 2011.

Social Media Use in Doctor / Patient Communications

My colleague Rebekah Monson recently co-authored an article discussing the growth of social media as a tool for doctor/patient communications.  Although this use of social media requires careful consideration so that private information is not Tweeted, Facebooked, or otherwise make available for public view, Rebekah points out that

Social media is a powerful tool that can be used effectively and efficiently for peer, patient, and family communication, as well as a vehicle for learning, as part of patient education, graduate medical education (GME), and continuing medical education (CME). . . .The Internet is replete with lay opinions and medical misinformation. Surgeons who use social media have a unique opportunity and non-legal responsibility to critically review and correct this misinformation.

The full text of Rebekah’s article can be found here.