Important Social Media Guidance Issued for Financial Institutions

The Federal Financial Institutions Examination Council (FFIEC) issued final supervisory guidance that financial institutions are expected to use in "their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement with social media."

The FFIEC is the formal inter-agency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by, among others, the Federal Reserve System, the Federal Deposit Insurance Company (FDIC) and the Consumer Financial Protection Bureau (CFPB).  The memorandum issued by the Council, "Social Media: Consumer Compliance Risk Management Guidance,"  is meant to "address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via  social media by banks, savings associations, and credit unions, as well as nonbank entities supervised" by the CFPB.  Compliance officers with financial institutions as well as other senior managers at such institutions would be well served to review the Council's Guidance not only pursuant to their own responsibilities and obligations as outlined in the memorandum, but also because the memorandum provides a brief, yet substantive, overview of a wide variety of laws applicable to the financial sector's use of social media.  The Guidance makes reference to, and provides relevant summaries of, a variety of laws including, but not limited to, the Truth in Savings Act, the Equal Credit Opportunity Act, the Truth in Lending Act and the Fair Debt Collection Practice Act.

The Guidance  states that a "financial institution should have a risk management program that allows it to measure, monitor, and control the risks related to social media."  It also specifies that the risk management program should provide guidance and training for employee official use of social media.  The components of the risk management program include, in brief, the following:

• a governance structure with clear roles and responsibilities;
• policies and procedures regarding the use and monitoring of social media and compliance with all applicable  consumer protection laws and regulations, and incorporation of guidance as appropriate;
• a risk management process for selecting and managing third-party relationships in connection with social media;
• an employee training program;
• an oversight process for monitoring information posted to the financial institution's social media site;
• audit and compliance functions to ensure ongoing compliance; and
• parameters for providing appropriate reporting to the financial institution's directors and senior management  for periodic evaluation.

The Guidance points out that "Since this form of customer interaction tends to be both informal and dynamic, and may occur in a less secure environment, it can present some unique challenges to financial institutions."

Court Says Social Media Sites Off Limits to Sex Offenders

A New Jersey appellate court has upheld the state parole board’s restriction disallowing convicted sex offenders from accessing social media or other comparable web sites.

Superior Court Judge,  Jack Sabatino, writing for the three judge panel, said, “we are satisfied that the Internet restrictions adopted here by the Parole Board have been constitutionally tailored to attempt to strike a fair balance.”  Judge Sabatino continued, “We recognize that websites such as Facebook and LinkedIn have developed a variety of uses apart from interactive communications with third parties.  Even so, the Parole Board has reasonably attempted to draw the line of permitted access in a fair manner that balances the important public safety interests at stake with the offenders’ interests in free expression and association.”

The defendants, several convicted sexual offenders whose cases were consolidated, challenged the constitutionality of the restrictions as infringing their First Amendment rights of free speech and association, a violation of their Due Process rights and  corresponding rights under New Jersey’s Constitution.  The restrictions stem from Megan’s Law, which is a series of laws, originally passed in New Jersey, aimed at sex offenders.  One component of Megan’s law includes a requirement that those persons convicted between 1994 and 2004 of certain sexual offenses must serve, in addition to any existing sentence, a special sentence of  “community supervision for life,” and those convicted after that date range are sentenced to “parole supervision for life.”

The New Jersey Parole Board’s restriction does provide for parolees to seek special permission for gaining access to certain sites for work or another “reasonable purpose.”  The state’s Deputy Attorney General said, “It is not the Parole Board’s intention that these provisions bar appellants from having Internet access to news, entertainment, and commercial transactions.”

The New Jersey restriction is hardly novel as these cases have been sprouting up throughout the nation with varied outcomes.  You can read the full opinion here.  

Law Enforcement and the Social Media Stakeout

Law enforcement techniques that were previously used by only federal agencies are becoming more readily accessible to law enforcement at the local level.

Police sitting in a car, with a cup of coffee in hand, waiting for something to "go down" at the building across the street is a scene we have all watched countless times in movies over the years.  While possibly not as dramatic for cinematic purposes, today police are able participate in big data stakeouts from their own desks.  At a meeting last month for the International Chiefs of Police (IACP), a cloud based service was unveiled that will allow local law enforcement to monitor social networks for evidence and clues of crimes committed in the brick and mortar world.

A piece in ArsTechnica noted that a poll of 1,200 law enforcement officers, as conducted by LexisNexis, found that four out of five officers are now using social media as part of their investigations.  New SaaS programs allow police to aggregate information culled from social media sources and then link to databases with public records to enable law enforcement to cross reference the information gathered.  The article also noted that one of the services providing this type of assistance will even "monitor the general mood of postings and pick up potential threats of violence."

While police have been using social media for some time as an aid to investigations, new technology and services are providing them with more elaborate tools to assist them with their online efforts.

Creating Fake Profile of Your Competitor on LinkedIn…Bad Idea

If you think making bad choices on social media is limited to high school students and politicians, you should take a look at AvePoint, Inc. and AvePoint Public Sector, Inc. v. Power Tools, Inc. d/b/a Axceler and Michael X. Burns.

In this Virginia, District Court case, the court refused to dismiss most counts in the complaint brought by AvePoint, Inc. against its software competitor, Axceler.  The complaint alleges that Axceler and its agents made false, defamatory, and deceptive claims and statements regarding Avepoint through both Twitter and LinkedIn, as well as through direct communications with customers and prospective customers.  Specifically, the allegations against Axceler state that the company attempted to confuse customers into falsely believing that (i) AvePoint is a Chinese company, not an American company, (ii)  AvePoint’s software is not made, developed or supported in the U.S., (iii) AvePoint’s software is maintained in India, (iv) that Axceler’s ControlPoint software is “Microsoft recommended” over AvePoint’s DocAve software, (v) AvePoint’s customers are “dumping out of 3 year deals in year 2 to buy Axceler’s ControlPoint, and (vi) Axceler uses its maintenance revenue to improve its customers’ existing products, whereas AvePoint uses its maintenance revenue to develop new products to which its customers have no access.

If all of the allegations are true, it appears the defendant went to remarkable lengths to execute its campaign against the plaintiff.  The complaint alleges that the defendant created an account on LinkedIn for a fictitious AvePoint representative named Jim Chung and, in connection with the account, used the plaintiff’s registered trademark.  Emphasizing the confusion caused by the defendant’s actions, the plaintiff noted Jim Chung’s LinkedIn connection list.  Further, taking full advantage of the opportunities afforded by social media, the defendant’s Regional Vice President of Sales for Western North America, while at the SharePoint conference in Las Vegas, tweeted in regard to the fictitious AvePoint representative, “Just ran into jim chung from avePoint Good guy.” To add further credibility to Jim Chung’s existence, another Axceler employee tweeted, “@MICHAELBURNS Free Jimmy! #Axceler.”

The District Court refused Axceler’s request to dismiss most of the nine counts set out in AvePoint’s complaint.  The counts the court refused to dismiss included defamation, breach of contract (defendant also allegedly acquired trial software from the plaintiff through deceptive means), trademark infringement, false association or false endorsement under the Lanham Act, False Advertisement under the Lanham Act and certain violations of Virginia law.

The court’s full opinion is available here. 

Facebook Considers Using Cursor Tracking Technology

The Wall Street Journal reports that Facebook is currently looking into technology that will enable the social network to track the location of a user’s cursor on their screen or interface.

The Journal noted that Facebook would not be the first company to engage in this type of behavioral tracking as Shutterstock, a digital image marketplace, has already done so.  The article quotes Shutterstock CEO, Jon Oringer, as saying, “Today, we are looking at every move a user makes, in order to optimize the Shutterstock experience.”

The potential Facebook tracking technology could collect data on how long a user’s cursor hovers over a part of the website and whether user’s newsfeed is visible at a specific time on the user’s mobile phone.  Facebook is still in the process of testing the technology, but the Journal reports that the company should know whether it will be proceeding with the technology within months.

Ken Rudin, Facebook’s head of analytics, is working on increasing the volume of the company’s available data and storing it in a way that can be accessed more efficiently. He referred to the review of the new technology as a “never-ending phase” noting that it will not necessarily be rolled out.

With the knowledge that Facebook is now considering this technology and, if it uses it, will not be the first company to do so, another layer of behavioral tracking can be added to the myriad ways data can be collected and used on social media platforms.

Potential Landlord Liability in Facebook Stalking Case

A recent ruling by an Ohio appellate court indicates that the landlord of an apartment complex could have liability in a negligence action brought in connection with a Facebook stalking incident.

The facts of this case, as outlined by the Court of Appeals Twelfth Appellate District’s opinion, are particularly disturbing.  The case involves a single mother, Lindsay P., who resided with her young daughter in an Ohio apartment complex.  The mother complained to the management company, Towne Properties Asset Management Co., Ltd., about excessive noise, including fighting and loud music, which emanated from the apartment below.  The apartment below was occupied by both the resident named on the lease as well as her live in boyfriend who was not a party to the lease and whose presence was not contemplated by the lease terms.  The dispute eventually led to the downstairs neighbors’ boyfriend banging on Lindsay P.’s door and engaging in other intimidating behavior.  The intimidating behavior included the neighbor’s boyfriend eventually contacting Lindsay P. through her Facebook account.  He “began the exchange by stating that he knew the two had differences, that he had seen Lindsay upset and crying, and that he knew things were not ‘easy for a single mom.”  He proceeded to make apparently sexual overtures to Lindsay P. and even attached a link to a pornographic website showing a man and woman having sexual relations and who the court said “looked similar” to both Lindsay P. and her neighbor’s boyfriend.  After the matter continued to escalate in this manner and Lindsay P.’s concern and fear continued to grow, she allegedly informed the management company that she would like to leave her current residence and look for another place to live.  The management company told her that “was not an option,” but that instead she could move to a different apartment managed by the company a few blocks away.  While not an ideal alternative, as termination of the lease appeared to be rejected by the management company, Lindsay P. agreed to the move even though it was in a first floor apartment that she expressed concern over “because of safety and accessibility reasons.”  Soon after moving into the new apartment, the neighbor’s boyfriend broke into Lindsay P.’s apartment and proceeded to rape her with her young daughter in a nearby room overhearing the attack.

The record of the case indicates that the management company had been provided with a copy of the contents of the parties Facebook exchange and informed Lindsay P. to contact the local police, which she did.  “It is undisputed that the police did not pursue charges against Haynes (the neighbor’s boyfriend) because of the Facebook exchange, nor did they investigate the matter.” There was some dispute as to whether Lindsay P. had expressly requested that her lease be broken and the court reasoned that such lack of clarity was an issue of credibility that “must be determined by the trier of fact.”  Moreover, while the landlord’s “counsel suggested at oral arguments that the record did not contain evidence that Towne Properties let tenants out of their leases…’the record, however, does appear to contain such testimony.”

In the Lindsay P. v.Towne Properties Asset Management Co., Ltd. opinion the court  states that “it is cognizant that the criminal acts of third parties are very difficult to predict and that a landlord does not generally have a duty to protect its tenants from the criminal acts of third parties.  However, there are issues of fact regarding whether Towne Properties should have reasonably foreseen Haynes’s criminal activity.”

Haynes was apprehended by the police, was tried and convicted of rape and aggravated burglary and was sentenced to nine years in prison.

Failure to Follow DMCA Safe Harbor Requirements Leads to Stormy Seas

Recent cases suggest that Internet Service Providers or “ISPs” need to understand, and act upon, the statutory requirements associated with the safe harbor provisions of the Digital Millennium Copyright Act(“DMCA”).  Recall that the DMCA’s safe harbor provisions protect service providers from copyright liability related to user generated content that might infringe the rights of a third party copyright holder.

In order to qualify for safe harbor protection, the service provider must first adhere to certain requirements including the following:

            (i)         be a “service provider” as that term is defined in the DMCA;

            (ii)        adopt and implement a repeat infringer policy; and

(iii)       not interfere with technical measures copyright owners use to protect their copyrighted works.

Once it is determined that the ISP meets the necessary qualifications for safe harbor protection, the next part of the analysis includes whether the ISP had

(i)         actual knowledge of the infringement at issue (referred to as the “red flag” test);

(ii)        whether the ISP received any direct financial benefit as a result of the infringement; and 

(iii)       whether the ISP acted quickly to disable the infringing material.

In a recent Southern District of New York case, Capitol Records v. Vimeo, the court refused to recognize that, as a matter of law, all content that was the subject of claims brought by Capitol Records and EMI Blackwood Music against Vimeo, a video upload site, fell under the safeguards provided by the DMCA’s safe harbor.  While the court did find that much of the content did fall under the act’s protection, the court also found that a sizeable portion of the content required a fact finder’s assessment in order to properly determine if the statutory requirements were properly followed.

In Vimeo, certain materials had been uploaded by employees of the site itself, which raised the issue of whether the content was user directed or uploaded as a result of the site’s own employees.  In fact, labels identifying the content as having been uploaded by “STAFF” were included on the site to identify the related content.  In addition, raising the “red flag” rule, Vimeo employees had placed certain content in specific sections or categories of the site including on employee only channels and, moreover, employees had commented on some of the content as well.  As a result, the court found that the content associated with these actions presented triable issues of fact.

It should also be noted that this case follows on the heels of a recent U.S. District Court for the Southern District of Florida case, Disney Enterprises, Inc. v. Hotfile Corp. that found no safe harbor protection where a site failed to take action against repeat infringers after receiving proper takedown notices by rights holders.

Florida Legislator Looks to Restrict Employer Access to Employee Social Media Accounts

Florida, a state that is generally considered to be friendly to employers will be taking steps to protect employee and prospective employee privacy if a South Florida State Senator has his way.

Florida State Senator, Jeff Clemens of Lake Worth, wants Florida to join the growing list of states that restrict employer access to employee or prospective employee social media accounts.  The proposed bill defines a social media account as “an interactive account or profile that an individual establishes and uses through an electronic application, service, or platform used to generate or store content, including, but not limited to, videos, still photographs, blogs, video blogs, instant messages, audio recordings, or e-mail that is not available to the general public.”  The bill would restrict employers from doing the following:

(a) Requesting or requiring that an employee or prospective employee disclose a username, password, or other means of access to a social media account through an electronic communications device;

(b) Requesting or requiring an employee or prospective employee take action that allows the employer to gain access to the employee’s or prospective employee’s social media account if the account’s contents are not available to the general public;

(c)  Retaliating against an employee for refusing to give the employer access to the social media account; and

(d)  Failing or refusing to hire a prospective employee as a result of a prospective employee’s refusal to allow the employer access to the prospective employee’s social media account.

Thirty-six states have already taken similar action with 11 already enacting statutes including California, Michigan, Maryland and Colorado. Some, including New Jersey governor, Chris Christie, have questioned the broad scope of such laws. Nevertheless, Governor Christie did recently sign such legislation into law, which takes effect December 1^st of this year.  See States Continue to Enact Privacy Laws Protecting Employees from Employers.

The proposed Florida bill would enable an employee or prospective employee to bring a civil action against the employer within two years after the violation and also provides for the seeking of injunctive relief.  If the Florida bill is passed in its current form it would take effect on October 1^st of next year.

Equifax, Transunion, Experian and FACEBOOK!!??

Might lenders start reviewing your social media activities to determine your creditworthiness?

Erika Eichelberger wrote a sobering piece in Mother Jones last month addressing that very issue.  Actually, Eichelberger points out that some lenders are already engaging in the practice and that it could only be a matter of time before mainstream lenders begin doing the same.

Eichelberger reports that lenders who use information found on social media sites argue “that they are able to serve borrowers that traditional banks deem risky because they are able to evaluate credit risk based on more subtle social media-based indicators.”  These indicators include the number of friends applicants have, how often they interact ad even the quality and quantity of one’s LinkedIn contacts “for clues to how quickly laid-off borrowers will be rehired.”

The practice which is currently being used primarily by lenders providing loans to low-income borrowers raises issues of both credibility and fairness.  Does the information available on social media sites really provide valuable information when assessing a potential borrower and is it being applied in a fair and non-discriminatory manner?  The two key laws applicable in this area are The Fair Credit Reporting Act (FCRA) and the Equal Credit Opportunity Act (ECOA).  The FCRA provides citizens with certain rights related to the use and disclosure of their personal information by credit reporting agencies.  The ECOA seeks to provide equal opportunity to customers of banks, credit card companies, loan and finance companies and others.  It prohibits discrimination against applicants based on race, color, religion, national origin, sex or marital status and age. Eichelberger notes that critics of the practice question whether the information provided is truly indicative of the likelihood of repayment on the part of a prospective borrower.  Quoting Ashkan Soltani, an independent expert on consumer privacy and behavioral economics, “For you and I to call each other friends in the real world, we’d have to hang out a lot’…’I might follow you on Facebook because you post funny cat pictures.”  In addition, Eichelberger writes that experts say these lenders may be “discriminating against applicants who essentially appear socially undesirable’…’But discrimination law does not yet cover people who are unpopular.” 

NY Attorney General Takes Steps to Combat Fake Social Media Reviews

Gartner predicts that by 2014 between 10% and 15% of social media reviews will be fake. This information was provided by the New York Attorney General’s office, which announced an agreement recently with 19 companies to stop them from writing fake online reviews.

 

New York Attorney General, Eric T. Schneiderman, stated that the companies would be required to pay penalties ranging from $2,500.00 to just under $100,000.00.  Many of the companies had apparently created fake online profiles on various consumer review websites, such as Yelp, Google Local and CitySearch, and outsourced the review writing to freelancers in the Philippines, Bangladesh and Eastern Europe.  The announcement said that the false reviews violated multiple state laws against false advertising and that the companies had engaged in illegal and deceptive business practices.

The announcement revealed that under the guise of a yogurt store, the AG’s office had contacted “leading SEO companies” in New York to request assistance in combating poor reviews on the consumer sites.  Some of the SEO companies responded by offering to write positive reviews on the company’s behalf, which they said fell under their reputation management services.  It was further revealed that several of  the SEO firms had been using advanced IP spoofing techniques to hide their identities and, moreover, were setting up hundred of fake profiles.

The practice of writing fake reviews that a reasonable consumer would believe has been prepared by a neutral third-party is referred to as “astroturfing.”  Interestingly, the AG’s announcement cited a 2011 Harvard Business School study that estimated a one-star rating improvement could translate to an increase of 5% to 9% in revenues for a restaurant. 

You can read the AG’s entire announcement here.

On Second Thought…Delete My Post!

Imagine having the right to demand that websites you have posted on take down the content or information that you later regret having posted.  California is on its way to enacting such a law, albeit for the benefit of minors only.

 

California filed what is referred to as an “eraser” law with its Secretary of State on September 23^rd.  If Governor Jerry Brown does not veto the bill, which he apparently has taken no position on, it will go into effect as of January 1, 2015.  The New York Times quoted James Steyer, the chief executive of Common Sense Media, an advocacy group that supported the bill, as stating, “Kids and teenagers often self-reveal before they self-reflect…It’s a very important milestone.”

The bill, Chapter 21 of Division 8 of California’s Business and Professional Code would require “the operator of an Internet Web site, online service, online application, or mobile application to permit a minor, who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted on the operator’s Internet Web site, service, or application by the minor, unless the content or information was posted by a 3rd party, any other provision of state or federal law requires the operator or 3rd party to maintain the content or information, or the operator anonymizes the content or information.”  Moreover, the bill would require the site to notify the minor that the minor has such a right.

Concerns about the legislation, identified in Somini Segupta’s piece in the New York Times, include the fact that companies will be able to collect more information on minors as they would need to identify their age and presence in California and, further, that the passage of similar laws in other states could create a hodgepodge of varied laws with varied requirements throughout the nation.  This latter concern, however, is seemingly endemic of the U.S.’s approach to privacy protection in general, which tends to be ad hoc on a state level and industry specific on the federal level.

There has been ongoing pressure in Europe for “right to-be-forgotten” legislation, which differs from California’s legislation in that it would provide for a similar “eraser” right for all Europeans regardless of age.

You can find the proposed California legislation here.  

Turns Out “Like”ing Something on Facebook Constitutes Actual Speech

The Fourth Circuit Court of Appeals ruled today that “Liking” something on Facebook constitutes protected speech.

In an important, but hardly surprising, decision, the court reversed a ruling by federal district judge, Raymond A. Jackson. In a decision that must have upset admirers of symbolic and actual speech everywhere, Judge Jackson ruled that a Facebook “like” was “insufficient speech to merit constitutional protection.” The lower court judge distinguished the Facebook “like” by noting that in other opinions recognizing protected speech on Facebook “actual statements” were used.”  Regardless, if one should ever come upon a sign while driving that simply says “stop” assume it is an actual statement.

The case stems from a lawsuit brought by a group of deputy sheriffs in Hampton, Virginia, one of whom, Daniel Ray Carter, Jr., claimed to have been fired from his job because he had “liked” the individual running in a campaign against the current sheriff (i.e. his boss). The Fourth Circuit’s Chief Judge William Byrd Traxler writes, “Once one understands the nature of what Carter did by liking the Campaign Page, it becomes apparent that his conduct qualifies as speech. On the most basic level, clicking on the “like” button literally causes to be published the statement that the User “likes” something, which is itself a substantive statement.”  Chief Judge Traxler also noted that “Carter’s speech was political speech, which is entitled to the highest level of protection.”

The case is Bland v. Roberts.  You can read the 81 page decision in its entirety here.

State Social Media Privacy Legislation Now an Issue for Securities Regulators

The Financial Services Institute, which represents individual financial services firms and individual financial advisors, warned that 70 social media bills introduced throughout the U.S. could conflict with Finra advisor regulations.

An article in Financial Advisor magazine said that a spokesman for the North American Securities Administrators Association expressed concern that privacy provisions in the bills might interfere with supervisory and record-keeping responsibilities of advisors under state and federal securities laws and regulations.

Recall that many states have started to pass legislation restricting employers’ ability to acquire employee passwords or gain other means of access to employee social media accounts.  In his Financial Advisor article, Ted Knutson reports that Finra has been in contact with 12 states about the legislation. In the organization’s letter to the Colorado legislature, it noted that “the objective may be accomplished through a specific exemption for broker-dealers whose employees use a personal account or service for business communications.”

While courts continue to deal with the ongoing challenge of applying traditional legal doctrine to social media platforms, it is also worth noting how regulators must now contemplate not only social media itself but the way both current and future laws passed in response to social media will impact their own regulations.

Facebook Posts Lead to Judge Tossing Verdict

Facebook posts may have played a role in a Georgia judge throwing out a plaintiff's verdict.

The suit involved a claim brought by Michael Bowbliss, who suffered nerve damage as a result of a lab technician's failure to properly draw blood for a routine, insurance related blood test. The award, originally for 5.7 million dollars, was first reduced by State Court Judge Patsy Porter to 4 million dollars, and then further reduced after the judge questioned Bowbliss's spouse's award for consortium damages, which exceeded Bowbliss's award for his original injury.  However, the Georgia judge eventually eliminated the entire verdict as a sanction against the couple for perpetrating a fraud upon the court.  Evidence, including the couple's Facebook posts, seemed to indicate that the couple had been in a troubled marriage during the time Dee Anna Bowbliss was seeking loss of consortium damages.  The attorneys for the defense claimed the marriage itself was a sham and that the Bowbliss's intention was to divorce after the completion of the trial. Moreover, the plaintiff's Facebook posts indicated that his injuries may not have been as severe as professed to the court.  One such post included, "can not go to gym til lawsuit over...due to it not looking right for me to be working out...and saying I have a bad arm."  With respect to the defense attorney's "sham marriage" assertion, one of the plaintiff's other posts read ""Judge is f[**]king on my case...dee and I aren't divorced yet because of piece of s[**]t judge and case."

Although the attorneys for defendant, Quick-Med, Inc. and its parent Quest Diagnostics, requested that the suit be dismissed with prejudice, Judge Porter refused.  The plaintiff's attorneys have already refiled the case.

Read more about this case in The Daily Report.

Harvard Law Professor Sends Message on Copyright in the Digital Age…and it Requires an Answer in 21 Days

Lawrence Lessig , copyright scholar and Harvard Law School professor, sued Liberation Music in federal court last week seeking damages for Liberation’s “knowing and material misrepresentation that’ he ‘infringed Liberation’s copyright interests.”

 

Lessig, who posts many of his “Open” lectures on YouTube, included in one such lecture clips from videos created by amateurs, which all include people dancing to the song, “Lisztomania,” by the French band, Phoenix.  Liberation, who claims the right to license the song, submitted a Digital Millenium Copyright Act (DMCA) takedown notice to YouTube claiming that it was hosting material that infringed Liberation’s copyright in the song.  Recall that pursuant to §512 of the DMCA online service providers are granted a “safe harbor” as long as they meet certain requirements.  These requirements include maintaining a notice and takedown system that allows owners of copyrighted material to submit a “takedown notice” to the provider.  Among other requirements, the party submitting the notice must assert a “good faith belief” that the material’s use on the site is not authorized by either the copyright owner or the law.

In his complaint, Professor Lessig argues that Liberation knows that his use of the song, in association with the clips, is consistent with a fair use affirmative defense and, consequently, does not infringe.  The statutory factors when making a fair use analysis include (i) the purpose and character of the use; (ii) the nature of the copyrighted work; (iii) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (iv) the effect of the use on the potential market for or value of the copyrighted work.  The complaint goes on to analyze the factors as follows: (i) the purpose and character is non-commercial and highly transformative as it is meant to educate and not entertain or make money, (ii) the nature is creative, which ordinarily leans toward the copyright holder, but in this case Lessig’s use of the song did not compromise “Phoenix’s or the defendant’s rights to control the first appearance of the song, (iii) the amount was minimal, ranging in length from 10 seconds to 47 seconds, and (iv) there was no market harm as the “Open” lecture “is not a market substitute for the song’ and ‘the lecture did not harm any market for the song.”

Per the complaint, Lessig claims to have been injured in the form of financial and personal expenses, harm to his free speech rights under the First Amendment and attorneys’ fees and costs.

An article about the suit in The Boston Globe notes that Daniel Nazer, an attorney with the Electronic Frontier Foundation, who is also listed on the complaint, “said the lawsuit is about more than an academic lecture on YouTube; the plaintiffs want to send a message about how copyright law is used in the digital era.”    

North Carolina Appellate Court Finds Ban on Sex Offenders’ Use of Social Media Unconstitutional.

A North Carolina appellate court found a state law banning registered sex offenders from commercial social networking sites, which also permit minors to become members or maintain personal web pages, to be unconstitutional. The opinion, written by Judge Rick Elmore who was joined by Judge Martha Geer and Judge R. Christopher Dillon, held that the statute “arbitrarily burdens all registered sex offenders by preventing a wide range of communication and expressive activity unrelated to achieving its purported goal.”

The appeal was brought by a registered sex offender who was found guilty of maintaining a personal web page or profile on Facebook.  In keeping with the new law, members of the Durham Police Department investigated profiles on sites such as Facebook and Myspace for evidence of use by registered sex offenders and recognized the defendant who was subsequently indicted.  It was argued on appeal that the NC statute violated the defendant’s federal and state constitutional rights to free speech, expression, association, assembly, and the press under the First and Fourteenth Amendments.  Moreover, the defendant argued that the statute was overbroad, vague and not narrowly tailored to achieve a legitimate government interest.

The court noted that the law was content-neutral to the extent it banned access to commercial social networking sites without any reference to the content or type of speech disseminated or posted on the site.  Citing to the U.S. Supreme Court decision in Ward v. Rock Against Racism, the court noted that “Content-neutral regulations are subject to intermediate scrutiny: they must be both ‘narrowly tailored to achieve a significant governmental interest’ and ‘leave open ample alternative channels for communication.”  The court did not need to address the issue of “alternative channels of communication” as it found the statute not to be narrowly tailored.  “The U.S. Supreme Court has stated that a narrowly tailored statute ‘targets and eliminates no more than the exact source of the evil it seeks to remedy.  A complete ban can be narrowly tailored, but only if each activity within the proscription’s scope is an appropriately targeted evil” wrote Judge Elmore citing to the 1988 U.S. Supreme Court opinion in Frisby v. Schultz.  He continued, citing to a similar case in Nebraska dealing with a 2012 statute, that “[T]he ban potentially restricts the targeted offenders from communicating with hundreds of millions and perhaps billions of adults and their companies despite the fact that the communication has nothing whatsoever to do with minors.”  The NC court also noted that similar decisions in both Nebraska and Indiana were applicable only to those registered sex offenders whose offenses involved a minor whereas the North Carolina statute had no such limitation.

The North Carolina Court of Appeals also found the law to be both vague and overbroad noting that “while persons of ordinary intelligence would likely interpret the statute as prohibiting access to mainstream social networking sites such as Facebook.com and Myspace.com’…’the ban is much more expansive.”  “For example, while foodnetwork.com contains recipes and restaurant suggestions, it is also a commercial social networking Web site because it derives revenue from advertising, facilitates the social introduction between two or more persons, allows users to create user profiles, and has message boards and photo sharing features,’’ all of which are consistent with the characteristics included in the statute’s definition of a “Commercial networking Web site.”

You can read the court’s opinion here.    

Twitter’s IPA Part of Conversation on Patent Protection and Its Use

Twitter recently launched version 1.0 of the Innovator’s Patent Agreement or “IPA.”  The IPA is meant to establish a standard, but evolving, document that companies can sign on to in order to clearly establish how company developed patents will be maintained and used.

A couple of key points covered by the IPA include the following:

·                    The company agrees not to bring any claims of one or more patents except for “Defensive Purposes”; and

·                    The IPA grants inventors, often employees of the company, a license enabling them to grant non-exclusive sublicenses.

Twitter has agreed to adopt the IPA overall with respect to its patenting practices, but companies can also elect to adopt the agreement on a case by case basis depending upon its circumstances and business models.  Generally speaking, the purpose of the document is to help foster more open and innovative development, especially in the software community and to help shape the discussion related to the current state of the patenting process and act as a means to slow down and counter the effects of “patent trolls” or non-practicing entities.

Some have expressed reservations about the various carve outs and ambiguities present in the document including the agreement’s definition of “Defensive Purposes,” which includes the right to bring claims against entities that (i) file, maintain, threaten or voluntarily participate in a patent suit against the company, (ii) file, maintain, threaten or voluntarily participate in a patent suit against anyone in the past ten years, unless brought defensively, and those suits  (iii) brought to deter a patent litigation threat against the company, users, affiliates, customers, suppliers or distributors.  One can imagine the broad interpretation that can be used in conjunction with deterring a patent litigation.

In any event, Twitter’s initiative makes a substantive contribution to the ongoing discussion regarding the proper role of intellectual property and the way its protection and use should be maintained and, when necessary, enforced.

The actual IPA can be found here.  In addition, a comprehensive piece on the IPA can be read at Jolt Digest of the Harvard Journal of Law and Technology. 

Magistrate's Order Raises First Amendment and Other Issues

First Amendment of the U.S. Constitution

I have given a good deal of thought as to whether this blog is an appropriate forum to write on this subject and decided it is.  While social media law obviously touches on many practice areas, perhaps its most foundational is that of free expression.  After all, social media is about expression, the immediacy with which our views can now be communicated, whether those views are ordinary or idealistic, and the potential consequences of using social media platforms to bring our views to others.  It is with this in mind that I bring to your attention a truly extraordinary order issued by a Tennessee Child Support Magistrate this week.

It seems Tennessee Child Support Magistrate, Lu Ann Ballew ordered that the first name of a seven month old infant be changed from Messiah to something else.  Specifically, she ordered it changed from Messiah to Martin. According to reports, Magistrate Ballew stated that “the word Messiah is a title and it's a title that has only been earned by one person and that person is Jesus Christ.”  Whether what appears to be Magistrate Ballew’s view on religion and baby names serves as a proper basis for judicial action, we can of course defer to the Tennessee appellate court to decide and parse out the various First Amendment issues present in her order.  However, I would like to point to another statement Magistrate Ballew made in support of her decision.  She said, “It could put him at odds with a lot of people and at this point he has had no choice in what his name is.”  This is of particular interest in that it raises the issue of whether the power of the state may/can/should be used to limit expression on the part of a parent in order to protect a child from the persecution or ill will of third parties.  It’s reported that Magistrate Ballew stated that the decision was best for the child as he will be growing up in a largely Christian county and, consequently, at least in Magistrate Ballew’s view, will be subject to ridicule for having been given the audacious name of Messiah.  Magistrate Ballew’s order, if we are to follow it to its logical conclusion, is meant to protect Messiah, or rather Martin, from the persecution directed at him by certain members of society who believe that those named Messiah should be the target of persecution.

One can only wonder if Magistrate Ballew is familiar with the 1984 case decided by the U.S. Supreme Court, Palmore v Sidoti, 466 U.S. 429 (1984). While Palmore dealt with race and adoption, and consequently drew the scrutiny and analysis required by such cases, a line in the majority opinion offered by Chief Justice Burger is informative.  The Chief Justice wrote, “Private biases may be outside the reach of the law, but the law cannot, directly or indirectly, give them effect.”  While the equal protection clause may not be at issue in the Tennessee case, Chief Justice Burger’s admonition is still instructive, namely that the law is not meant to contemplate and then assist in the advancement of private biases as doing so can ultimately lead to the entrenchment of those biases rather than their dismantling.

While our expression has consequences, arguably on a minute to minute basis on social media platforms, so does the restriction of that very expression when it is sanctioned and empowered by the state and those meant to impartially carry out the readily apparent constitutional principles upon which our legal system is based.     

According to the Social Security Administration, Messiah was number four among the fastest growing baby names in 2012, so Magistrate Ballew might have her hands full.

You can read more about this case here.

FBI Pressuring ISPs to Install Surveillance Software

In a fascinating article by Declan McCullagh, CNET is reporting that the U.S. government is “pressuring” telecommunications providers to install eavesdropping software on their internal networks in order to assist in governmental surveillance activities.  Apparently, the FBI has asserted that the software’s interception of metadata is authorized under the Patriot Act. It remains unclear; however, to what extent these “port carriers” have actually been installed by carriers.  According to McCullagh, AT&T, T-Mobile, Verizon, Comcast and Sprint have all declined to comment.  “A government source familiar with the port reader software said it is not used on an industry-wide basis, and only in situations where carriers’ own wiretap compliance technology is insufficient to provide agents with what they are seeking,” writes McCullagh.

Generally speaking, police and other investigative agencies are required to obtain a court order to intercept the content of real-time communications.  In addition to email, this would include information available via social media platforms, such as Facebook and others.  It is important to understand the distinction between information that falls into the pen register category and that which falls into the more substantive, content category.  Pen register type data includes metadata, such as “IP addresses, email addresses, identities of Facebook correspondents, web sites visited, and possibly search terms as well.”  Access to pen register has historically required a lower bar for access by investigators than other forms of investigative practices, such as wiretapping where full blown communications can be monitored.

The concern with the software that would be used by the carriers at the government’s prodding is that the software might collect more information than would necessarily fall under a pen register type of collection.  According to a source cited in the article, “the FBI wants providers to use their existing CALEA [Communications Assistance for Law Enforcement Act] compliance hardware to rout the targeted customer’s communications through the port reader software. The software discards the content data and extracts the metadata, which is then provided to the bureau.”

The CNET article can be found here. http://news.cnet.com/8301-13578_3-57596791-38/fbi-pressures-internet-providers-to-install-surveillance-software/

States Continue to Enact Privacy Laws Protecting Employees from Employers

It is certainly worth noting the trend of password protection laws sweeping the nation. Several statutes have been signed into law recently prohibiting employers from seeking to gain access to employer and/or employee social media sites. Ever since Maryland got the ball rolling, several other states have passed similar legislation. These states include Arkansas, California, Colorado, Illinois, Michigan, Nevada, New Mexico, Oregon, Vermont and Washington. Overall, similar legislation has been introduced in at least 36 states. A more detailed listing of the states, the status of such legislation and a description of the legislation can be found here.

Kristin Bergman, an intern at Harvard’s Digital Media Law Project and a third year law student at William and Mary, has written an interesting piece questioning the need for such statutes. Recall that New Jersey governor, Chris Christie, raised similar questions regarding the Garden States’ version of such legislation, which has still not been made law. In Bergman’s article, she notes that according to recent surveys few employers actually seem to request social media login information, thus raising the question of whether the laws provide a solution for a nonexistent problem. In addition, Bergman provides a relatively simple, but nevertheless worthwhile, overview of certain common law claims that might be used to curb the practice (e.g. intrusion upon seclusion privacy tort, tortuous interference with contract) and other statutory considerations (discrimination laws, state data privacy laws and unfair labor practice laws)
Bergman’s article can be found here.

Fraud Examiners are Using Social Media to Gather Information

Forbes’s Walter Pavlo, who dedicates his column to white collar-crime, has an eye-opening piece on how fraud examiners are using social media to gather information on targets.  The column centers on a meeting in Las Vegas of the Association of Fraud Examiners.

The article makes the point that frequently people enjoy bragging about their interests on social media sites, such as Facebook, LinkedIn, Twitter and Pinterest.  Investigators are able to observe what individuals are claiming on social media and reconcile that same information with the target’s apparent means.  As the piece observes, “Bill in Accounting”, ‘who makes $100K/year is tweeting about his new Ferrari.”  Obviously, a red flag.

The four key areas for consideration related to the performance of an online investigation include:

·         finding out where people are claiming to spend their time;

·         assess a person’s “Likes” and “Dislikes”;

·         look for clues to determine other social media sites the target is visiting; and

·         see who people are following and being followed by and look for conflicts of interest.

Pavlo’s piece underscores the double-edged nature of the transparency social media brings with it.  As a society we might appreciate the effective way investigators utilize tools to bring potential wrongdoers to justice, as individuals it may make us inclined to look over our shoulders to see who is peering and wonder what their motivation is.

You can read the full article at   http://www.forbes.com/sites/walterpavlo/2013/06/25/criminals-beware-fraud-investigators-take-to-social-media/.

Reuters is reporting that a New York ethics panel has ruled that a judge's "friend"ing of the parents of victims of a criminal case before the judge is not necessarily sufficient to warrant recusal.  

 

The Reuters piece notes that NY is one of at least nine states in which ethics panels have offered guidance on judges' use of social media.  It also notes that, generally, while finding that a judge's joining of a social network site is not inherently unethical, judges should "tread carefully and disclose connections on a case-by-case basis."

 

The committee also reiterated in its report that recusal was up to the judge's discretion.  The article quotes Stephen Gillers, New York University Law School's esteemed professor and expert in the area of professional responsibility who makes the point that the code of judicial conduct in New York and other states requires judges to take steps to avoid even the appearance of impropriety.  Gillers is quoted as saying there is "no reason why being a 'friend' on Facebook, LinkedIn, or any other site should change the rules that have worked so well in...the physical world."

 

This represents yet another chapter in the never-ending book to be written on the incongruous relationship between technology and law.

 

You can read the article in its entirety here.