Privacy and Security Law Blog

Posted by Ronald London

The FTC recently announced a consent decree with online retailer Life is good (www.lifeisgood.com) that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered such reassurances but failed to have in place sufficient measures (from the FTC's view) to back them up, based on the ability of a hacker to use SQL injection attacks on Life is good’s website to access consumers' credit card numbers, expiration dates, and security codes. To resolve allegations in a draft complaint the FTC had prepared alleging unfair trade practices, Life is good settled the claims by entering a consent decree requiring it to adopt a comprehensive information-security program and obtain biennial audits by an independent third-party security professional … for the next 20 years.

Posted by Hozaifa Y. Cassubhai

Web users may be better able to travel incognito online by the end of the year. 

AOL unveiled a new program last week that is designed to help webusers shield their online travels from advertisers. This technology would allow users to opt-out of online ads that are targeted to them based on their Web-surfing habits. The program aspires to “engender greater trust for targeted advertising by communicating with consumers in a more visible way, and by providing them more information about their choices,” stated Curt Viebranz, president of AOL’s ad platform.

Posted by Randy Gainer

InDouglas v. United States District Court, No. 06-75424, 2007 WL 2069542, at *1-2 (9th Cir. July 18, 2007), the Court held that the terms of a revised online contract were ineffective when a user was not notified of changes when they were made.The Court statedthat the trials court’s decision finding the contract changes were effective “reflects fundamental misapplications of contract law and goes to the heart of petitioner’s claim. . . .” Id.

Although some observers seemed to believe the Douglas decision established new law, it applied long-settled principles, as others recognized. Principles regarding how online agreements may be amended are summarized in Raymond P. Nimmer & Holly K. Towle, Amending or Modifying the Terms, ¶ 8.10[7] The Law of Electronic Commercial Transactions (2007). Among those principles is that, under the common law of contracts, which generally governs service contracts, there must be an offer, acceptance, and consideration to amend a contract. Id. at *1-2. Douglas simply applied the offer and acceptance rule: a party cannot offer an amendment nor the other party accept the amendment without the offeror providing notice of the change. 

Posted by Charlene A. Brownlee

In our wired world of texting, email and the Internet, businesses continually communicate with potential and existing customers online. The majority of websites, regardless of content and functionality, post a link to an online agreement, typically referred to as the website “Terms of Use,” “Legal Terms,” “Acceptable Use Policy,” (or something similar). This agreement usually provides that, “We may amend this Agreement at any time by posting the amended terms on this Site.”

Posted by Thomas Jeffry

Monday (May 14th) marked the deadline when all facilities-based broadband Internet access providers and providers of interconnected VoIP (voice over Internet protocol) needed to comply with Section 103 and 105 of the Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279. Cable modem companies, satellite internet companies, DSL providers, and broadband over powerline join traditional telecommunications carriers in providing technology that allows law enforcement agencies to tap into email, instant messaging, web browsing logs, and other forms of electronic communications.

Posted by Charlene Brownlee

Congress approved S. 1608, the “Undertaking Spam, Spyware, And Fraud Enforcement with Enforcers beyond Borders Act of 2006,” (the US SAFE WEB Act of 2006) on December 9, 2006. The US Safe Web Act amends the Federal Trade Commission Act (FTCA) and improves the Federal Trade Commission (FTC)’s ability to protect consumers from international fraud by: (1) improving the FTC’s ability to gather information and coordinate investigation efforts with foreign counterparts; and (2) enhance the FTC’s ability to obtain monetary consumer redress in cases involving spam, spyware, and Internet fraud and deception.

Posted by Brian Bennett

The U.S. Court of Appeals for the D.C. Circuit recently ruled in American Council on Education v. Federal Communications Commission that providers of broadband Internet access and voice over Internet protocol (VoIP) must make their services “wiretap-friendly” under the Communications Assistance for Law Enforcement Act (CALEA), 47 U.S.C. §§ 1001-1010.

The emergence of new communication technologies, including DSL, cable modems and VoIP, led providers to replace physical copper wires with ethereal and encrypted digital signals, which are harder to intercept using traditional law enforcement methods. Responding to these changes, Congress passed CALEA in 1994, requiring “telecommunications carriers” to ensure that law enforcement officials can access provider networks.

Posted by K.M. Das

On Friday, May 26, 2006, United States Attorney General Alberto Gonzales and FBI Director Robert Mueller met with representatives of several Internet Service Providers (ISPs), including AOL, Comcast, Google, Microsoft and Verizon Communications, to urge them to consider retaining subscriber data for periods as long as two years. Although the initial justification for requiring ISPs to agree to retaining data was to fight child pornography, law enforcement officials now state that requiring ISPs to retain subscriber data for as long as two years will also help in the fight against terrorism.

Posted by Merrill Baumann

Historically, the Internet has "belonged" to the United States. It traces its origin to a Defense Department project; the authoritative root zone server is physically located here; and ICANN reports to the Department of Commerce. But that doesn't sit well with a growing number of countries and international organizations, including the U.N. and EU. This issue will face an increasingly public battle next month at the upcoming World Summit on the Information Society in Tunisia. And in the US, members of Congress have joined a Senate colleague in introducing legislation that calls for the US to maintain oversight control over the Internet. While creating a broader international management platform is attractive, opponents say that more governmental supervision will lead to increased regulations and bureaucracies that will stifle innovation and further development.

What do you think?