The New York Times recently printed a first page article and various editorial pieces about the state of education in US law schools. The New York Times claims that law schools are "in crisis" because they do not adequately prepare lawyers to enter the workforce. As I've noted elsewhere, I think the New York Times gets it all wrong. At least one of their columnists seems to agree with me.
http://opinionator.blogs.nytimes.com/2011/12/12/teaching-law/?hp
Tuesday, December 13, 2011
Monday, December 5, 2011
Facebook Settlement with FTC
Last week Facebook settled claims brought against it by the Federal Trade Commission. The terms of settlement are the subject of commentary this week by consumer advocates and lawyers. But perhaps the most fascinating thing about the whole affair is the nature of the FTC's complaint. The complaint was not an enforcement of specific U.S. privacy law. Indeed, the FTC does not have much, if any, "privacy law" to enforce. Rather, here, in order to flex its muscle, the FTC resorted to claims that Facebook had made inaccurate statements in its privacy policies and elsewhere about information-control settings available to users of the Facebook site. These statements were, according to the FTC, false and misleading. On that basis the FTC has power to punish Facebook.
The bottom line is that Facebook got itself into a tangle by making broad statements to its users and by making promises that it arguably did not keep. Would Facebook have drawn the ire of the FTC if it had, from the beginning, consistently refused to make any user-friendly statements and promises about the way it gathers, analyzes, and shares information about users and about user behavior? Perhaps not.
Here's a summary of the complaint.
1. Profile Information Made Available to Applications Used by Friends. According to the FTC, Facebook represented to users that through use of its site's Profile Privacy Settings users could restrict access to user profile information (e.g., birthday, hometown, activities, interests) to specific groups, such as "Only Friends" or "Friends of Friends." This, according to the FTC, was false, misleading, or both. The truth being that Facebook made profile information that a user chose to restrict to "Only Friends" or "Friends of Friends" accessible to any third party Facebook platform application that the user's Friends used.
2. December 2009 Privacy Changes. According to the FTC, prior to December 2009, Facebook users could, and did, use Friends' App Settings to restrict third party Facebook platform applications from accessing profile information such as name, profile picture, gender, friend list, pages, and networks. In December 2009, Facebook made the decision to no longer make available settings to protect this information. And all prior user choices to protect this information were overridden. This information effectively became publicly available information ("PAI"). To implement these changes, Facebook required each user to click through a privacy wizard that told the user:
"We're making some changes to give you more control of our information and help you stay connected. We've simplified the Privacy page and added the ability to set privacy on everything you share, from status updates to photos."
"At the same time, we're helping everyone find and connect with each other by keeping some information - like your name and current city - publicly available. The next step will guide you through choosing your privacy settings."
"Facebook's new, simplified privacy settings give you more control over the information you share. We've recommended settings below, but you can choose to apply your old settings to any of the fields."
According to the FTC, the privacy wizard did not disclose adequately that users could no longer restrict access to their newly-designated PAI via Facebook settings. For example, the notice did not disclose that a user's existing choice to share his or her friend list with "Only Friends" would be overridden, and that this information would be made accessible to the public.
According to the FTC, Facebook's failure to adequately disclose that following the December 2009 privacy changes users could no longer restrict access to their name, profile picture, gender, friend list, pages, or networks by use of settings, and its failure to disclose adequately that the December 2009 privacy changes overrode existing privacy settings, constituted a deceptive act or practice. Further, by designating as PAI certain user profile information that had previously been subject to privacy settings, Facebook materially changed its promises that users could keep such information private. It changed these promises without adequate notice and consent. According to the FTC, Facebook's failure to disclose constituted an unfair act or practice.
3. Information Not Needed. According to the FTC, Facebook made numerous statements to users that third party Facebook platform applications used by a user would access only the profile information that "the application need[s] to operate." For example,
"Allowing [name of application] access will let it pull your profile information, photos, your friends' info, and other content that it requires to work."
"Applications you use will access your Facebook information in order for them to work."
The FTC argued that third party Facebook platform applications could in many instances access profile information that was unrelated to the application's purpose or unnecessary to its operation. Thus, Facebook's statements constituted false or misleading representations.
4. Sharing Information with Advertisers. The FTC complained that Facebook broke its promise to users that Facebook would not provide profile information to advertisers. According to the FTC, Facebook made many statements that it did not share information about users with advertisers, including:
"Facebook may use information in your profile without identifying you as an individual to third parties."
"We don't share information with advertisers without your consent . . ."
"[W]e never provide the advertiser any names or other information about people who are shown, or even who click on, . . . ads."
"We never share your personal information with advertisers. We never sell your personal information to anyone."
"The only information we provide to advertisers is aggregate and anonymous data, so they can know how many people viewed their ad and general categories of information about them."
According to the FTC, contrary to these statements, in many instances, Facebook has shared information about users with platform advertisers by identifying users to the advertisers when users click on ads. Specifically, through May 2010, Facebook in many instances provided User IDs to advertisers. User IDs can be used to obtain information that after December 2009 Facebook began to categorize as PAI (i.e., profile picture, gender, current city, friend list, pages, and networks and information about the online behavior of the user). On this evidence, the FTC alleged that the Facebook statements were false and/or misleading.
5. Verified Apps Program. It was alleged by the FTC that from May 2009 until December 2009 Facebook operated a Verified Apps program in which it designated certain third party Facebook platform applications as "Facebook Verified Apps." Facebook then made statements to its users that it had taken steps to verify the security of these Verified Apps, in excess of its review of other third party applications. The FTC argued that Facebook did not in fact take these steps, making its statements false or misleading.
6. Continued Display of User Photos. The FTC contended that Facebook made statements to users that users could restrict access to photos and videos that a user uploaded by deleting or deactivating his or her user account. For example:
"To deactivate your account, navigate to the "Settings" tab on the Account Settings page. Deactivation will remove your profile and content associated with your account from Facebook. In addition, users will not be able to search for you or view your information."
In fact, Facebook continued to display users' photos and videos to anyone who accessed the content URL for such photo or video, even after a user had deleted or deactivated their accounts. Thus, according to the FTC, the representations that this content would be removed was false and misleading.
7. Faulty Self-Certification of EU Safe Harbor Framework Principles. The FTC argued that from May 2007 until the time of its complaint, Facebook had stated in its privacy policy that it complies with the "EU Safe Harbor Privacy Framework as set forth by the United States Department of Commerce." In fact, in many instances, Facebook had not adhered to the U.S. Safe Harbor Privacy Principles of Notice and Choice, making its statements deceptive acts or practices.
The bottom line is that Facebook got itself into a tangle by making broad statements to its users and by making promises that it arguably did not keep. Would Facebook have drawn the ire of the FTC if it had, from the beginning, consistently refused to make any user-friendly statements and promises about the way it gathers, analyzes, and shares information about users and about user behavior? Perhaps not.
Here's a summary of the complaint.
1. Profile Information Made Available to Applications Used by Friends. According to the FTC, Facebook represented to users that through use of its site's Profile Privacy Settings users could restrict access to user profile information (e.g., birthday, hometown, activities, interests) to specific groups, such as "Only Friends" or "Friends of Friends." This, according to the FTC, was false, misleading, or both. The truth being that Facebook made profile information that a user chose to restrict to "Only Friends" or "Friends of Friends" accessible to any third party Facebook platform application that the user's Friends used.
2. December 2009 Privacy Changes. According to the FTC, prior to December 2009, Facebook users could, and did, use Friends' App Settings to restrict third party Facebook platform applications from accessing profile information such as name, profile picture, gender, friend list, pages, and networks. In December 2009, Facebook made the decision to no longer make available settings to protect this information. And all prior user choices to protect this information were overridden. This information effectively became publicly available information ("PAI"). To implement these changes, Facebook required each user to click through a privacy wizard that told the user:
"We're making some changes to give you more control of our information and help you stay connected. We've simplified the Privacy page and added the ability to set privacy on everything you share, from status updates to photos."
"At the same time, we're helping everyone find and connect with each other by keeping some information - like your name and current city - publicly available. The next step will guide you through choosing your privacy settings."
"Facebook's new, simplified privacy settings give you more control over the information you share. We've recommended settings below, but you can choose to apply your old settings to any of the fields."
According to the FTC, the privacy wizard did not disclose adequately that users could no longer restrict access to their newly-designated PAI via Facebook settings. For example, the notice did not disclose that a user's existing choice to share his or her friend list with "Only Friends" would be overridden, and that this information would be made accessible to the public.
According to the FTC, Facebook's failure to adequately disclose that following the December 2009 privacy changes users could no longer restrict access to their name, profile picture, gender, friend list, pages, or networks by use of settings, and its failure to disclose adequately that the December 2009 privacy changes overrode existing privacy settings, constituted a deceptive act or practice. Further, by designating as PAI certain user profile information that had previously been subject to privacy settings, Facebook materially changed its promises that users could keep such information private. It changed these promises without adequate notice and consent. According to the FTC, Facebook's failure to disclose constituted an unfair act or practice.
3. Information Not Needed. According to the FTC, Facebook made numerous statements to users that third party Facebook platform applications used by a user would access only the profile information that "the application need[s] to operate." For example,
"Allowing [name of application] access will let it pull your profile information, photos, your friends' info, and other content that it requires to work."
"Applications you use will access your Facebook information in order for them to work."
The FTC argued that third party Facebook platform applications could in many instances access profile information that was unrelated to the application's purpose or unnecessary to its operation. Thus, Facebook's statements constituted false or misleading representations.
4. Sharing Information with Advertisers. The FTC complained that Facebook broke its promise to users that Facebook would not provide profile information to advertisers. According to the FTC, Facebook made many statements that it did not share information about users with advertisers, including:
"Facebook may use information in your profile without identifying you as an individual to third parties."
"We don't share information with advertisers without your consent . . ."
"[W]e never provide the advertiser any names or other information about people who are shown, or even who click on, . . . ads."
"We never share your personal information with advertisers. We never sell your personal information to anyone."
"The only information we provide to advertisers is aggregate and anonymous data, so they can know how many people viewed their ad and general categories of information about them."
According to the FTC, contrary to these statements, in many instances, Facebook has shared information about users with platform advertisers by identifying users to the advertisers when users click on ads. Specifically, through May 2010, Facebook in many instances provided User IDs to advertisers. User IDs can be used to obtain information that after December 2009 Facebook began to categorize as PAI (i.e., profile picture, gender, current city, friend list, pages, and networks and information about the online behavior of the user). On this evidence, the FTC alleged that the Facebook statements were false and/or misleading.
5. Verified Apps Program. It was alleged by the FTC that from May 2009 until December 2009 Facebook operated a Verified Apps program in which it designated certain third party Facebook platform applications as "Facebook Verified Apps." Facebook then made statements to its users that it had taken steps to verify the security of these Verified Apps, in excess of its review of other third party applications. The FTC argued that Facebook did not in fact take these steps, making its statements false or misleading.
6. Continued Display of User Photos. The FTC contended that Facebook made statements to users that users could restrict access to photos and videos that a user uploaded by deleting or deactivating his or her user account. For example:
"To deactivate your account, navigate to the "Settings" tab on the Account Settings page. Deactivation will remove your profile and content associated with your account from Facebook. In addition, users will not be able to search for you or view your information."
In fact, Facebook continued to display users' photos and videos to anyone who accessed the content URL for such photo or video, even after a user had deleted or deactivated their accounts. Thus, according to the FTC, the representations that this content would be removed was false and misleading.
7. Faulty Self-Certification of EU Safe Harbor Framework Principles. The FTC argued that from May 2007 until the time of its complaint, Facebook had stated in its privacy policy that it complies with the "EU Safe Harbor Privacy Framework as set forth by the United States Department of Commerce." In fact, in many instances, Facebook had not adhered to the U.S. Safe Harbor Privacy Principles of Notice and Choice, making its statements deceptive acts or practices.
Sunday, October 2, 2011
Righthaven v. Leland Wolf
On September 27, 2010, Judge John Kane of the District Court for the District of Colorado issued an opinion and order dismissing the matter of Righthaven v. Leland Wolf.
Late last year, the Denver Post published a photograph of a TSA agent performing an enhanced pat-down search at Denver International Airport. The photograph was originally owned by that newspaper, but at some point after its initial publication the copyright was purportedly transferred to Righthaven. Righthaven, an organization many are calling a "copyright troll," filed fifty-seven lawsuits against bloggers and others who had displayed the photograph without permission.
At issue was whether Righthaven had standing to bring a copyright infringement lawsuit against Wolf. The court said "no." According to the Court, Righthaven had obtained neither "legal ownership" nor "beneficial ownership" of an exclusive right in the copyrighted photograph and therefore lacked standing to sue under 17 U.S.C. 501. This is because Righthaven had obtained no interest from the newspaper other than the right to proceeds from infringement actions. According to the Court, Righthaven held no underlying copyright, rather it held only a "bare right to sue for infringement - no more, no less."
The Court refused to recognize the free assignment of the right to sue for infringement, as permitted by the Fifth Circuit in Prather v. Neva Paperbacks, Inc., 410 F.2d 698 (5th Cir. 1969), as to do so would "skew[] the delicate balance which underlies federal copyright law." The Court wrote:
"A third-party who has been assigned the bare right to sue for infringement has no interest in the legal dissemination of the copyrighted material. On the contrary, that party derives its sole economic benefit by instituting claims of infringement, a course of action which necessarily limits public access to the copyrighted work. This prioritizes economic benefit over public access, in direct contradiction to the constitutionally mandated equilibrium upon which copyright law is based."
On this basis, the court granted summary judgment in favor of Leland Wolf, and, in light of what Judge Kane stated is a need to discourage the abuse of the statutory remedies for copyright infringement, ordered Righthaven to reimburse Mr. Wolf's full costs in defending the action, including attorney's fees.
Late last year, the Denver Post published a photograph of a TSA agent performing an enhanced pat-down search at Denver International Airport. The photograph was originally owned by that newspaper, but at some point after its initial publication the copyright was purportedly transferred to Righthaven. Righthaven, an organization many are calling a "copyright troll," filed fifty-seven lawsuits against bloggers and others who had displayed the photograph without permission.
At issue was whether Righthaven had standing to bring a copyright infringement lawsuit against Wolf. The court said "no." According to the Court, Righthaven had obtained neither "legal ownership" nor "beneficial ownership" of an exclusive right in the copyrighted photograph and therefore lacked standing to sue under 17 U.S.C. 501. This is because Righthaven had obtained no interest from the newspaper other than the right to proceeds from infringement actions. According to the Court, Righthaven held no underlying copyright, rather it held only a "bare right to sue for infringement - no more, no less."
The Court refused to recognize the free assignment of the right to sue for infringement, as permitted by the Fifth Circuit in Prather v. Neva Paperbacks, Inc., 410 F.2d 698 (5th Cir. 1969), as to do so would "skew[] the delicate balance which underlies federal copyright law." The Court wrote:
"A third-party who has been assigned the bare right to sue for infringement has no interest in the legal dissemination of the copyrighted material. On the contrary, that party derives its sole economic benefit by instituting claims of infringement, a course of action which necessarily limits public access to the copyrighted work. This prioritizes economic benefit over public access, in direct contradiction to the constitutionally mandated equilibrium upon which copyright law is based."
On this basis, the court granted summary judgment in favor of Leland Wolf, and, in light of what Judge Kane stated is a need to discourage the abuse of the statutory remedies for copyright infringement, ordered Righthaven to reimburse Mr. Wolf's full costs in defending the action, including attorney's fees.
Wednesday, August 24, 2011
Google Reaches $500 Million Settlement With Government
The government announced Wednesday that Google will pay $500 million to settle government charges that it has shown illegal ads for online Canadian pharmacies in the United States.
The fine, which the Justice Department said is one of the largest such penalties ever, covers revenue that Google earned from the illegal advertisers and revenue that the Canadian pharmacies received from United States customers.
New York Times:
http://bits.blogs.nytimes.com/2011/08/24/google-reaches-500-million-settlement-with-government/?scp=2&sq=google&st=cse
The fine, which the Justice Department said is one of the largest such penalties ever, covers revenue that Google earned from the illegal advertisers and revenue that the Canadian pharmacies received from United States customers.
New York Times:
http://bits.blogs.nytimes.com/2011/08/24/google-reaches-500-million-settlement-with-government/?scp=2&sq=google&st=cse
Wednesday, June 15, 2011
Dolby Sues RIM for Patent Infringment
Dolby has sued RIM for infringement of Dolby patents by RIM smart phone and tablet products. According to Dolby, other manufacturers have licensed this technology.
Story here: http://www.washingtonpost.com/business/technology/dolby-sues-rim-over-patent-infringement-aims-to-halt-sales-of-blackberry-devices/2011/06/15/AGp9EtVH_story.html
Story here: http://www.washingtonpost.com/business/technology/dolby-sues-rim-over-patent-infringement-aims-to-halt-sales-of-blackberry-devices/2011/06/15/AGp9EtVH_story.html
Friday, May 20, 2011
BlackBerry App World
I recently reviewed the agreements that Research in Motion makes application developer vendors accept prior to offering products on BlackBerry App World, which is RIM’s marketplace for BlackBerry applications. Depending upon whether the code to be distributed is a free application, a paid-for application, or a product or content offered from within a distributed application, the distribution on BlackBerry App World is governed by different terms. Here’s a brief review of key and otherwise interesting provisions of the agreements that apply to all distributions (as the agreements existed on the RIM website as of May 10, 2011).
All Vendors.
All developer vendors, regardless of the type of software to be distributed at BlackBerry App World, must agree to the terms of the BlackBerry App World Vendor Agreement, submit software that is compliant with the BlackBerry SDK License Agreement, and comply with the BlackBerry App World Vendor Guidelines.
Under the BlackBerry App World Vendor Agreement, the vendor must pay a registration fee and submit the latest version of its application for review by RIM and acceptance at RIM’s sole discretion. RIM may, or may not, distribute any application or content at its sole discretion, and may at any time and for any reason discontinue the distribution of any application or content on BlackBerry App World or on any user’s phone. The vendor is solely responsible for end user support. The vendor is required to make a long list of representations and warranties about its applications and content and is required to hold RIM harmless from a similarly long list of damages and liabilities that may result from the distribution. RIM accepts no liability for any bad things that may occur as a result of the distribution. The financial terms of the distribution are straightforward. RIM claims 30% of all revenue received by vendor with respect to any application or in-app product distributed through BlackBerry App World (and any updates and upgrades to the the application or content, whether or not distributed through he RIM portal). Importantly, however, the revenue to be shared does not include any fees paid by an end user to a third-party reseller (otherwise know as a merchant of record) to obtain a copy of the application or in-app product. This is important because currently all amounts paid by end-users for applications and in-app content are, by the nature of the portal, paid to such resellers and not RIM or the vendor. Each vendor must sign separate agreements with these resellers, which include Digital River and Bango.net.
The BlackBerry SDK License Agreement states the conditions and restrictions applicable to use of the BlackBerry SDK to build software operable on BlackBerry devices. They include specific restrictions on that software, including that the software not modify, delete, duplicate, or replace any device email functionality, synchronization server technology, or attachment service distillers. The software must not install, invoke, interpret, or execute interpreted software other than software interpreted by RIM native interpreters. RIM may refuse to code-sign any software, vendor is responsible for obtaining any required certifications of airtime service providers respecting compatibility with wireless networks, and any application offered in conjunction with location-based services or functionality must obtain consent of the end user before processing location data. RIM claims that the contents of its SDK are confidential information and that vendor must treat it as confidential until it enters the public domain. The SDK License Agreement includes vendor representations and warranties, indemnification provisions, and limitations of RIM’s liability similar to the BlackBerry App World Vendor Agreement.
The BlackBerry App World Vendor Guidelines is the final of the three base documents to which all distributed BlackBerry software must adhere. Of note, under these guidelines, all software must be functionally stable, each application must alert end users of potential airtime usage charges, any cryptographic functionality must be limited to authentication, digital signature, or copyright protection functions, and the software must comply with applicable SDK license agreements.
Vendors of Paid-for Applications and In-app Products.
In addition to the terms discussed above, a vendor that wants to distribute paid-for applications and in-app products on BlackBerry App World must enter into two different reseller agreements. One with Digital River and another with Bango.net Limited. These reseller agreements are largely identical and describe the terms under which these resellers will purchase copies of vendors paid-for apps and in-app products and resell them through the reseller’s commerce solution kiosk on BlackBerry App World. Under these reseller agreements, and the distribution structure used by BlackBerry App World, a reseller, and not the developer vendor, has the commercial relationship with the end user buyer of applications and in-app products. As a result, BlackBerry apps are distributed through a multi-link chain, and not directly by the developer-vendor. The reseller has no actual obligation to resell. Vendor is responsible for product support. The reseller promises to pay vendor for each copy of the paid-for application or in-app product an amount that is 70% of the suggested retail price of that application or product set by the vendor developer.
Vendors that want to distribute in-app products from within applications distributed on BlackBerry App World must also agree to the BlackBerry Payment Service SDK Terms, which supplement the BlackBerry SDK License Agreement discussed above. This supplement makes the legalistic point that, in the case of in-app products, the vendor developer acts as the fulfillment agent of the reseller. It is the vendor that hosts and delivers the in-app products, but the reseller retains the commercial relationship with the end-user as the merchant of record.
Here are the documents discussed above, found on the RIM website as of May 10, 2011.
Monday, February 28, 2011
Harper Collins Ebooks
Last Friday Harper Collins announced that lending libraries that purchase rights to e-book versions of its titles will be entitled to check those titles out to library members only 26 times per purchased title. Many book publishers make some or all of their titles available to lending libraries for check-out an unlimited number of times. Some big publishsers, such as Simon & Shuster and Macmillan, do not make e-books available to lenders at all.
Publishers do not have e-lending figured out yet. It seems to me that placing a limit on the number of check-outs is a valid way to go. I suppose that if we assume that e-books are made available to lending libraries at the same price as paperbacks, the limit number should be set at about the number of times a paperback version of the book can be checked out before it falls apart. To the extent that e-books offer lenders and/or borrowers a benefit over paper copies, the number would be lower than the fall-apart threshold. In the end, the market sets the price of the e-book given its particular set of license privileges.
Is this just a pricing issue, or is there some other principle at play?
How is convenience to be valued?
Related Links: Library Journal
Publishers do not have e-lending figured out yet. It seems to me that placing a limit on the number of check-outs is a valid way to go. I suppose that if we assume that e-books are made available to lending libraries at the same price as paperbacks, the limit number should be set at about the number of times a paperback version of the book can be checked out before it falls apart. To the extent that e-books offer lenders and/or borrowers a benefit over paper copies, the number would be lower than the fall-apart threshold. In the end, the market sets the price of the e-book given its particular set of license privileges.
Is this just a pricing issue, or is there some other principle at play?
How is convenience to be valued?
Related Links: Library Journal
Subscribe to:
Posts (Atom)
Posts
