Blog for technology / startup-focused news, articles and resources.
Author: David
I am a the founder of a boutique intellectual property law firm based in Chicago, Illinois. In my role as a trusted advisor, I act as the primary transactional attorney for my clients, reporting directly to a company’s executive staff and/or its General Counsel. I provide advice to business units and executives on copyright, trademark, ecommerce, software/IT, media & entertainment and issues associated with creating and commercializing innovations and creative content, drafting and negotiating contracts and licenses, advising on securities laws and corporate governance and managing outside counsel. My clients frequently rely on me to successfully draft and negotiate complex commercial and intellectual property transactions such as supply/distribution agreements, IP development and license agreements and documentation related to mergers, acquisitions and divestitures.
Representative Markey is no stranger to mobile privacy issues. Last year, Rep. Markey asked the FTC to investigate the practices of the Carrier IQ software company as a possible unfair or deceptive act or practice.
On September 12, 2012, Rep. Markey, co-Chair of the Bi-Partisan Congressional Privacy Caucus, released H.R. 6377, “The Mobile Device Privacy Act.” The legislation would require companies to disclose to consumers the capability to monitor telephone usage, as well as require express consent of the consumer prior to monitoring.
“Just because a mobile device is hand held doesn’t mean it should hand over personal information to third parties without permission,” said Markey in a released statement.
The Federal Trade Commission has published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC’s new publication, “Marketing Your Mobile App: Get It Right from the Start,” notes that there are general guidelines that all app developers should consider. They include:
Tell the Truth About What Your App Can Do. – “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises;
Disclose Key Information Clearly and Conspicuously. – “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”
Build Privacy Considerations in From the Start. – Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”
Offer Choices that are Easy to Find and Easy to Use. – “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”
Honor Your Privacy Promises. – “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers – like all other marketers – have to live up to those promises.”
Protect Kids’ Privacy. – “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”
Collect Sensitive Information Only with Consent. – Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.
Keep User Data Secure. – Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information.
Illustration of Facebook mobile interface (Photo credit: Wikipedia)
A recent New Jersey District Court case underscores the rise in tensions between employers and employees when it comes to Social Media Accounts. In Ehling v. Monmouth-Ocean Hospital Service Corp., the Court denied an employer’s motion to dismiss a former employee’s invasion of privacy claim that alleged a supervisor accessed the employee’s Facebook account. Ehling worked for Monmouth-Ocean Hospital Service Corporation (“MONOC”) and became Acting President of the local union for Professional Emergency Medical Services. Ehling alleged that MONOC began engaging in a pattern of retaliatory conduct against her eventually leading to termination of her employment.
Posting Limited to “Friends”
Ehling maintained an account on Facebook, but kept access to her wall post limited to Facebook “friends,” many of whom were coworkers, but none of whom were members of MONOC’s management. Ehling alleged that MONOC surreptitiously gained access to her Facebook account when a supervisor summoned a MONOC employee, who was a Facebook friend, and coerced, strong-armed, and/or threatened the employee to access his Facebook account in the supervisor’s presence for the purpose of viewing and copying Ehling’s posts.
Ehling alleged that MONOC then sent letters regarding a certain posting to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services as it was concerned that Plaintiff’s Facebook posting showed a disregard for patient safety. Ehling alleged the letters were malicious and meant to damage her professionally.
Ehling’s claim for common law invasion of privacy was premised on Defendants’ alleged unauthorized “access of her private Facebook postings” The Court denied MONOC’s motion to dismiss which argued that Ehliong did not have a reasonable expectation of privacy in her Facebook posting. The Court stated that Under New Jersey law, to state a claim for intrusion upon one’s seclusion or private affairs, a plaintiff must allege sufficient facts to demonstrate that (1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person. See Bisbee v. John C. Conover Agency Inc., 186 N.J. Super. 335, 339 (App. Div. 1982). “[E]xpectations of privacy are established by general social norms” and must be objectively reasonable – a plaintiff’s subjective belief that something is private is irrelevant. White, 344 N.J. Super. 211, 223 (Ch. Div. 2001).
The Impact of Social Media on Privacy is Unsettled
The Court went on to make further observations on the impact of Social Media on Privacy:
“Privacy in social networking is an emerging, but underdeveloped, area of case law. See Robert Sprague, Invasion of the Social Networks: Blurring the Line between Personal Life and the Employment Relationship, 50 U. Louisville L. Rev. 1, 13 (2011) (discussing the undefined legal boundary between public and private communications on social networking websites).
There appears to be some consistency in the case law on the two ends of the privacy spectrum. On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view. See, e.g., United States v. Gines-Perez, 214 F.Supp.2d 205, 225 (D.P.R. 2002), rev’d on other grounds, 90 F. App’x 3 (1st Cir. 2004) (“[I]t it strikes the Court as obvious that a claim to privacy is unavailable to someone who places information on an indisputably, public medium, such as the Internet, without taking any measures to protect the information”); Yath v. Fairview Clinics, N.P., 767 N.W.2d 34, 44(Minn. Ct. App. 2009) (holding that privacy was lost when private information was posted on a publicly accessible Internet website and “[a]ccess to the publication was not restricted”).
Some Reasonable Expectation of Privacy
On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communications. See, e.g., Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (N.J. 2010) (employee could have reasonably expected that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private); Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F. Supp. 2d 548 (S.D.N.Y. 2008) (employee had a reasonable expectation of privacy in personal, password-protected e-mail messages stored on a third party’s server, although the employee had accessed that outside server while at work).
Legal Approaches Continue to Develop
The Court note that a consistent approach hasn’t yet developed. While most courts hold that a communication is not necessarily public just because it is accessible there is disagreement as to how far that theory extends. Some courts have adopted the rule that when one shares private information to one or more persons, there may still be a reasonable expectation that the recipients of the information will not disseminate it further. What is clear is that privacy determinations are made on a case-by-case basis, in light of all the facts presented.
Cybersecurity, the subject of this month’s Minnesota International Center’s “Great Decisions” dialogue, is a hot topic in the Beltway, Silicon Valley and on Wall Street. It’s also an important subject in Foggy Bottom and Turtle Bay.
Cybersecurity News Roundup: MyAgent Trojan; Virus Infects Saudi Oil Giant; and Pro-Censorship Hackers. This week’s IT security news roundup features stories on the newly discovered MyAgent Trojan; malware that forced a Saudi Oil Giant to shut down.
Congress is now in recess. But before its members left town, back on Friday, Aug. 3, they rejected a bipartisan bill that would have established optional “cybersecurity” standards for the computer systems that operate the country’s power grids, dams.
Will Obama use the Dream Act model of bypassing Congress to advance his cybersecurity agenda? Obama’s counterterrorism adviser John Brennan hints that such an order could come [see Cat Out of Bag on Infosec Regulation?].
When the Waldo Canyon fire roared closer to Colorado Springs on June 26, Jeff Beauprez, president and CEO of Colorado Networks, started getting frantic phone calls from businesses along the Garden of the Gods Road corridor.
Today’s cars have grown vulnerable to the threat of computer viruses or hackers — security researchers have even shown how to remotely unlock a vehicle or start a car’s engine using simple text messages. But a group of U.S. students who attended the …
Senate Republicans recently blocked cybersecurity legislation, but the issue might be revived by the White House, a federal law enforcement official told the Law Enforcement Examiner on Monday.
Stephanie Daman, CEO at the Cyber Security Challenge UK, said the cyber camp concept is something completely new for this year’s Challenge: “It represents a great opportunity for our expert sponsors to work closely with a group of young talent.”
Harford Community College will receive $74000 to put toward its work with the Regional Cybersecurity Education Initiative. HCC, University of Delaware and Delaware Technical and Community College formed the education initiative with industry partners …
The lobby shop is advocating for the Schaumburg, Ill.-based telecommunications company on “[i]ssues related to public safety/D block spectrum; issues related to cybersecurity; issues related to tax reform legislation,”
The official Microsoft Security Blog provides in-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance.
The Cybersecurity Blame Game Continues
The stalling, bickering, almost-breakthrough, and eventual demise of cybersecurity legislation in the United States Senate was a sad thing to watch.
Although courts have called the Internet “one large catalyst for rumor, innuendo, and misinformation,” nevertheless, it provides large amounts of evidence that may be relevant to litigation matters. Increasingly, courts are facing presentation of, and challenges to, data preserved from various websites. According to a survey conducted by the X1ediscovery blog, there are over 320 published cases involving social media/web data in the first half of 2012.
Evidentiary authentication of web-based data, whether it’s Internet site data available through browsers, or social media data derived from APIs or user credentials, presents challenges. Given the growing importance of social media posts and data, businesses should be prepared to offer foundational evidence to authenticate any posts that are vital to a case.
Authentication of social media and web data is a relatively novel issue for many courts. Courts have been extremely strict in applying foundation requirements due to the ease of creating a profile or posting while masquerading as someone else. Therefore it is important to go beyond the surface of a social media profile or a post to provide the foundation necessary to authenticate what he evidence for use in court.
Regardless of the type of data, it must be authenticated in all cases. The authentication standard is found in Federal Rule of Evidence 901(a), “The requirement of authentication … is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).
The foundational requirement of authentication is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims. See US v. Tank, 200 F. 3d 627, 630 (9th Circuit 2000) (citing Fed.R.Evid. 901(a)). This burden is met when “sufficient proof has been introduced so that a reasonable juror could find in favor of authenticity.” This burden was met where the producer of chat room web logs explained how he created the logs with his computer and stated that the printouts appeared to be accurate representations. Additionally, the government established the connection between the defendant and the chat room log printouts based on IP addresses.
Clearly, there is an emerging trend in the use of social media and web data as evidence. As the use of this type of evidence increases, so too will the consistency and predictability of the foundational matters required by courts. Thus, businesses are well advised to include web collection and social media support in the investigation process so they are prepared to offer the necessary foundational evidence to authenticate any social media posts that may be vital to a case.
PRNewswire via COMTEX/ — MutualMind, an award-winning social media technology developer based in Dallas, Texas, announced an agreement today with LexisNexis, a leading provider of legal content and technology solutions.
While consumer brands have embraced Facebook as a key tool in building deeper customer engagement, the biggest social network largely remains terra incognita in the legal world. The sector has certainly harnessed professional networking sites.
Legal action could be taken against people in Bahrain, who incite violence and spread sectarianism on social media, said a top official. The initiative comes as a new code of honour for social media users is set to be launched by the Bahrain Bloc.
An overwhelming majority of investigators using social media for investigative purposes are “self taught,” according to a new survey of 1200 Federal, state, and local law enforcement professionals.
That’s but one of the many conclusions found in a comprehensive new survey — conducted in a partnership between PoliceOne and LexisNexis Risk Solutions — focused on the impact of social media on law enforcement in criminal investigations. Among the …
The State of Maryland already has passed a law forbidding employers from asking job candidates for their passwords to Facebook and other social media sites, and California is considering a similar law. 01fgSCREEN2.jpg View full size · The Society for …
With an understanding of some of the relevant issues, employers can implement meaningful and reasonable policies and guidelines for employees and respond appropriately and legally to social media issues that arise. Below are a few of the discrete issues …
The trick for us is trying to provide legally correct information, in such a way that is easy to understand, to the American public so that investors truly understand their options with retirement savings.” “Internet, the online experience and social media are the 21st Century.”
Below are methodologies and metrics for determining the ROI of these specific social media use cases. The metrics roll up to three major categories of benefits: revenue impact, operational efficiencies, and legal and compliance risk avoidance.
David M. Adler, Esq. is an attorney, author, educator, entrepreneur and partner with Leavens, Strand, Glover & Adler, LLC, a boutique law firm in Chicago, Illinois created with a specific mission: provide businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value.
We meet this challenge by providing legal counsel on issues related to creation, protection and commercialization of intangible assets, our comprehensive understating of the relevant law, our team of seasoned professionals and our client service philosophy.
Charles Colton famously stated “Imitation is the sincerest (form) of flattery.” This has never been more true than in the fast-paced world of fashion where designers constantly draw on prior art for inspiration. As Tim Gunn (mentor to would-be fashion designers on the television show Project Runway) often says, “Make it your own.”
Legislation under consideration in the U.S. may provide limited protection for Haute Couture fashion designs.
See on Scoop.it – Social Media Legal & Regulatory Compliance France’s new data retention law requires online service providers to retain databases of their users’ addresses, real names and passwords, and to supply these to police on demand. See on boingboing.net
Ping® by AdlerLaw A Legal Blog 