• Stakeholders’ responsibilities: does every entity with access to PII have the same obligations to consumers?
• Privacy policies and disclosure requirements
• EU privacy regulations and the impact on cross-border initiative

The Webinar will be held on Tuesday, September 21st, 2010 from 12:30 p.m. to 1:30 p.m. EDT. To register, click here.

As one of the featured speakers, Syrkin will be addressing the hot topic of interactive entertainment and will tackle structuring development and publishing agreements, intellectual property ownership and licensing, distribution and syndication models and content monetization.

To register for this seminar, please click here.

There are obviously certain elements of the iAd environment that are unique to Apple.  Apple sold the hardware the ads are displayed on (iPhones, iPod Touches and iPads), distributed and/or sold the App the ad appears in (through the App Store) and is creating many of the ads itself.  Thus, in many ways, Apple will set the “default” for flow of information among the various stakeholders– user to Apple (via Apple’s Privacy Policy and the App Store Terms and Conditions), Apple to App developer and Apple to advertisers.  Through these last two, Apple could presumably establish requirements for the use and disclosure of user information by App developers and advertisers.

But the question remains:  are the interests of all of these stakeholders aligned?  Or does the mobile ad environment lend itself to certain inherent tensions when it comes to the use and exploitation of personal information?

For example, Apple’s Privacy Policy and App Store Terms and Conditions state that information is collected and used by Apple only in aggregated form (that is, individualized information is not collected).  Location data is separately called out, with the policies providing that location data may be collected if a user “uses any service that relies on location information.”  Such location information appears to have primary value only if used on an individualized basis, for example, to serve an ad to a user based on his or her location at any given time.

But as noted above, Apple isn’t the only entity involved.  Data can be collected in an App itself, as well as through an iAd placed in an App.  And while Apple can claim that it is solely responsible for, and has sole entitlement to, data it collects through the sale of its hardware and Apps through the App Store, that is not necessarily the case for data that may be harvested through an App and/or an iAd contained in an App.

The most valuable asset in the mobile ad environment is the granularity of data that can be collected, mined and then exploited in the future, through highly targeted ads that fetch higher and higher rates because they generate more and more revenue for the advertisers.  One example that is receiving a lot of publicity is the Shopkick app, which will be available both on the iPhone and Android phones.  Shopkick can track a user through participating malls and retail stores and enable the user to accumulate points, redeemable for gift cards, as they move through the store.  App developers, publishers, advertisers, marketers and ad networks (such as Apple) all have a strong interest in user data, which effectively puts such data into play when framing the various agreements that are the foundation to the mobile ad environment.  Thus, in entering a contract for the development of an in-App ad, the developer/publisher of the App and the advertiser/marketers placing the ad can reach agreement on what user data will be collected, by whom and how it will be maintained, used and exploited.  While some of these provisions regarding use may need to comply with requirements dictated by the operator of the App store (such as Apple or Google or RIM/Blackberry) or of the ad network, it is clear that there will likely be different standards, conditions and restrictions amongst the various stakeholders.

In addition, and of importance to consumers, privacy advocates and, perhaps, regulators, is the question of responsibility and disclosure.  More likely than not, in this new mobile ad environment, consumers are not going to draw distinctions between all of the different stakeholders (e.g. the operator of the App store, developer/publisher of the App, advertiser/marketer placing the ad, and operator of the ad network).  They just want to know how to find out how their information is being collected and used.

From a functionality and user-experience perspective, there may be resistance to placing notices, privacy policies or terms and conditions at every user entryway in a mobile ad environment–which would include both App and ad.  However any entity collecting user information is going to have an obligation to disclose its collection and use policies to consumers.  And it will be up to the consumers to sort out what rights they may have with respect to the various stakeholders and how they may vary depending on where in the mobile ad landscape that information is collected.

Obviously this is a brave new world, with the rules, protocols, rights, responsibilities and risks being established and allocated in a very fluid fashion.  And these issues are particularly timely for the DigitalHHR team.  On September 21, we will be presenting a CLE-accredited webinar entitled,  “Whose Data Is it Anyway? Privacy and Data Security in a De-Centralized Digital World”.  We will be exploring the legal and business issues raised by the need to protect personally identifiable information of end users in a digital environment, including the special issues that are present in the mobile ad space.  Information on registering can be found here.

*  George Tsiatis, a summer associate with the firm, assisted in the preparation of this article.

While California Governor Arnold Schwarzenegger initially signed the Act in 2005, it has yet to be enforced.  In a lawsuit challenging the constitutionality of the law brought by the Video Software Dealers Association and Entertainment Software Association the , the United States District Court for the Northern District of California in August 2007 granted plaintiffs’ motion for  summary judgment and permanently enjoined enforcement of the Act.  We have previously written about that decision.

On February 20, 2009, the U.S. Court of Appeals for the Ninth Circuit affirmed the District Court’s decision.  The Court of Appeals held that the Act violates rights protected by the First Amendment because California failed to demonstrate a compelling interest supporting its regulation of protected speech, and even if it had a compelling interest did not narrowly tailor the restriction to that alleged interest.  Furthermore, less-restrictive alternatives exist that would further the State’s interests.  Finally, the Court held that because the Act is unconstitutional, the labeling requirement is also unconstitutional as the required labels would not disclose purely factual information but rather the State’s content-based opinion. 

The State of California  petitioned the United States Supreme Court for a writ of certiorari, which the Supreme Court granted on April 26.  The State filed its brief on the merits on July 12.  On July 19, eleven states filed an amicus brief in support of the California law, as did a number of other organizations.  The Respondents’ brief is due on September 10.  The Firm’s amicus brief on behalf of the ECA is due by September 17. 

The ECA is a non-profit membership organization that represents consumers of interactive entertainment in the US and Canada.  The primary policy of the ECA is to oppose legislative efforts that unconstitutionally restrict access to interactive entertainment. 

Bill Stein, Dan Weiner and Dan Doeschner of the Firm are representing the ECA.

The transaction received prominent media coverage, including pieces in The Deal, American Lawyer and The New York Times.

The House bill was prompted by a series of embarrassing leaks of government-held data on everything from nuclear facilities to Army officers’ Social Security numbers to confidential congressional ethics investigations.  Those ethics panel leaks were labeled by the Recording Industry Association of America as “a powerful catalyst to enact real reforms to protect consumers.”  A recent report revealing the troubling degree of insecurity in federal government file transfers will probably only add urgency to the debate on the Senate bill.  The study, titled “Why Encrypt? Federal File Transfer Report,” was released on May 11, 2010 by MeriTalk, a government IT network, in conjunction with Axway, a company specializing in business-to-business integration software.  The report surveyed 200 federal IT and information security professionals.  It found that an alarming number of these personnel use unsafe file-transfer methods, including physical media (66%), FTP (60%), and personal email accounts like Gmail or Yahoo (52%).  Although 80% claimed their agency had adequate transfer-security policies, only 58% said employees were aware of those policies, and just 42% said such policies were consistently followed. 

It will be worth staying tuned to see whether these damning statistics will convince the entire Senate to bolster federal file-transfer security — and raise awareness about the issue — by passing the Secure Federal File Sharing Act.  One might also wonder whether these legislative developments would influence private-sector policymakers — in corporations and other institutions — to follow the federal government’s lead in banning P2P software use. 

In any event, P2P security initiatives in the private sector may get a direct boost from the federal government through “The P2P Cyber Protection and Informed User Act”, introduced by Senators John Thune (R-SD) and Amy Klobuchar (D-MN). 

If the Secure Federal File Sharing Act seeks to protect the government and the public alike from the dangers of data leaks within federal networks, the Thune-Klobuchar legislation seeks to protect all individual users of P2P software from inadvertently exposing their own private files to the public.  Thune saidhis bill will take aim at “the privacy and security threats associated with” P2P file-sharing.  Klobuchar explained to the Minneapolis Star Tribune that “without proper precautions, P2P software can allow anyone on the network to gain access to all the files on your computer, not just the ones you intend to share.”  She said that because such software often “allow[s] access to private financial or family records, it’s an invitation to identity thieves and sexual predators.” 

The Klobuchar-Thune bill, whose companion legislation has already been passed in the House as the “Informed P2P User Act” (H.R. 1319), includes two major components.  First, it would require all P2P software to provide a user with “clear and conspicuous” notice of the program’s function, and obtain the user’s consent, before the software is downloaded or installed.  Second, the bill would make it illegal to prevent a user from blocking, disabling, or removing P2P software.  The bill would bestow enforcement authority upon the FTC, which in February 2010 notified about 100 private and public organizations that they had suffered P2P-based data breaches.    

It would be worth speculating on whether this wider regulation of P2P software could ultimately have a chilling effect on the general public’s use of programs like uTorrent, Shareaza, Ares, Limewire, and BitComet.  If so, one might imagine that content owners may get behind the bill in an effort to stem the losses from P2P-based infringement.  The bill has received support from the RIAA, the Direct Marketing Association, Stop Child Predators, and 41 state attorneys general.     

Stay tuned.

**  Nathaniel Fintz, a summer associate with the Firm, assisted in the preparation of this post.

Among the suggested changes is FCC Chairman Genachowski’s proposal, dubbed the “Third Way,” a method that would classify only the transmission component of broadband access service as a telecommunications service.  Doing so would render the transmission component subject to Section 202(a) of the Communications Act, which forbids any common carrier to “make any unjust or unreasonable discrimination in charges, practices, classifications, regulations, facilities, or services with like communication service.”  In effect, the “Third Way” would enable the FCC to implement net neutrality regulations on the transmission component of an ISP service without otherwise extending the full brunt of Title II telecommunications service regulations to the information service components of an ISP.

Since the proposal was initially released, advocates on both sides of the net-neutrality debate have voiced concerns that this reclassification may be beyond the Commission’s authority.  Just weeks ago, 171 Republican and 73 Democratic Congressmen urged the Commission not to take unilateral action in creating a new regulatory scheme by reclassifying broadband as a modified Title II telecommunications service.  Instead, they are insisting that any such classification change be implemented through legislative channels.  The FCC’s recent action appears to be a polite “No thanks” to those Members of Congress.

The FCC has explained that there is a legal basis for reclassifying broadband without legislative action.  A statement by the Commission’s General Counsel pointed out that in his dissent in National Cable and Telecommunications Association v. Brand X Internet Services, Inc., Justice Scalia said that the “computing functionality” and “broadband transmission component” of an ISP must be acknowledged as “two separate things,” the former an unregulated service under Title II and the latter a telecommunications service which could, in Scalia’s view, be a regulated Title II service.  In the FCC’s view, Scalia’s dissent is “consistent with, although not compelled by, the majority opinion in Brand X.”  The FCC is therefore confident that the Third Way approach will pass judicial scrutiny.

The reclassification of the transmission component under Title II would not place immediate restraints on ISPs, but some ISPs and analysts are concerned that this would lead to further price regulations that could potentially thwart investment opportunities in the broadband space.  AT&T explained that the Notice of Inquiry issuance is disconcerting as “it will create investment uncertainty at a time when certainty is most needed.  It will no doubt damage jobs in a period of far-too-high unemployment.”  Joining the opposition, Verizon suggested that these measures will have “negative consequences for online users and the Internet ecosystem would be severe and have ramifications for decades.”  While it is difficult to predict the precise impact additional regulations might have, the reclassification would undoubtedly extend regulatory authority to the Commission and leave ISPs susceptible to greater oversight.

In an effort to combat increased agency regulation, ISPs have suggested alternatives that allow for more flexible standards and less regulatory control of network management.  Comcast, in its reply comments, insisted that the FCC “should not adopt an absolute ban on discrimination” as this would “prohibit ‘socially beneficial discrimination’ and stifle innovation and investment.” Instead, Comcast explains that the rules should allow the Commission the power to supervise ISPs’ practices and address practices that are questionable while still giving ISPs “the flexibility to innovate and experiment with technologies and business models.”  Comcast further suggests that the regulations created by the FCC should operate in conjunction with independent third-party expert groups to “understand, refine, and address the various technical issues underlying key policy determinations.”   This would create industry-wide cooperation by integrating practical standards with current FCC policies.

Last week, in an effort to reclaim control of the network management debate, notable industry executives formed the Broadband Internet Technical Advisory Group (BITAG).  The purpose of the group is to “develop consensus on broadband network management practices or other related technical issues that can affect users’ Internet experience.”  The group is poised to inform and advise governmental agencies on technical and operational issues facing internet service and content providers that will help establish network management policies.

Regardless of the outcome of the regulatory debate, ISPs must continue managing bandwidth congestion within FCC policies and constraints.  Depending on the breadth of expansion of the regulatory controls, ISPs may seek alternative pricing structures as a way of managing network traffic without employing intense discriminatory network-management practices and running afoul of net neutrality principles or regulations.  Indeed, AT&T’s recent decision to eliminate “all you can eat” mobile data plans in favor of metered billing was intended, in part, to rein in the small number of users that consume a disproportionate amount of data.  AT&T hopes the new scheme will alleviate stress on the networks and help manage congestion.  This move may change the entire economic model for the wireless industry as other wireless providers follow suit.

Congress will obviously continue to debate the implications and necessities of having an unelected agency construct overarching broadband regulations.  However, it is clear that amending the Communications Act will take time and be especially difficult during an election year.

The FCC is accepting comments on the proposed reclassification methods through July 15th.  We’re not sure whether the coming weeks and months will provide much clarity, but we anticipate that there will be opportunities amidst the uncertainty.

**Julie Hanus, a summer associate with the Firm, assisted in the preparation of this post.

Most states and the federal government have specific laws that prohibit unlicensed gambling and lotteries, which are typically defined as “risk[ing] something of value upon the outcome of a contest of chance or a future contingent event not under his control or influence, upon an agreement or understanding that he will receive something of value in the event of a certain outcome” (See NY Penal Law – PEN§225.00 et seq.).  In fact, only state governments, where permitted, are allowed to run lotteries and many states outright prohibit them.  As a general matter, a lottery has three determinative, core elements: consideration (usually the payment of money), chance and prize.  Accordingly, for example, under California law Penal Code Sec. 319 , which is typical of most state anti-lottery laws, a contest or a sweepstakes becomes an illegal lottery when all three of these elements are present.  Therefore, in order to run a legal promotion (such as a sweepstakes or contest) one of the three elements of a lottery must be absent.

Sweepstakes generally enjoy an “exemption” of sorts from the lottery and gambling laws by virtue of the fact that there is no purchase required in order to enter (leading to the “NO PURCHASE NECESSARY” language that accompanies sweepstakes rules), thus eliminating the “risking something of value” element described above.  In contrast, a contest will often retain the consideration element but instead require some demonstration of skill from the participant, thus removing the core element of chance from equation.

Against this backdrop, the first slew of promotion-type apps taking advantage Apple’s revised developer terms have been sweepstakes as opposed to contests.  Specifically, these new applications are allowing entry into games where the winner is selected purely on a randomized basis, without having to demonstrate any skill in participating.  Therefore, laws applicable to the administration of sweepstakes, as opposed to contests, are at issue.

Historically, the largest legal hurdle and source of the most debate regarding the operation of sweepstakes has been over the removal of consideration from the equation.  Merely removing the requirement of an entry fee will not always satisfy the “no consideration” requirement as consideration can come in many forms, including the purchase of a product, an SMS text, subscription fees or otherwise engaging in activities that require substantial time or effort, such as completing an online survey, etc.  And even when some amount of consideration exists, promoters have generally avoided having their sweepstakes classified as unlawful lotteries by providing a universally-available, free alternative method of entry (“AME”) (such as a mail-in postcard, etc.) that provides equal treatment to entrants who use the AME.  Thus far, the sweepstakes applications available on the App Store (whether free or for a fee), such as “Scratch Off Now” from Thought Quarry LLC, which enables marketers to include their branding, messages and products on the app, are coupled with an AME on a corresponding website, allowing entrants the opportunity to participate in the sweepstakes without downloading the particular application.

However, providing an AME may not be enough, under some state laws, to make the promotion legal if the entrants that have paid consideration do not receive something of value for the payment.  An end user may not pay just for a chance to win a prize and state anti-gambling laws may be invoked (as is the case with online poker, sports betting and other forms internet-based gambling) if an end user is required to purchase (a) an app itself or (b) entry in a sweepstakes via such app and does not receive some value in return.  That “return value” needs to only be equivalent to the value paid for the app or the entry.  To take a recent example, paying entrants in a recent sweepstakes promotion tied to the Iron Man 2 movie release received a can of Dr. Pepper.

In addition to providing something of value to entrants, a sweepstakes can avoid classification as an illegal lottery if it clearly promotes the sale of “real” products or services, distinct from the game itself.  Accordingly, it is no surprise that Apple has limited its developers to creating “promotional” sweepstakes and contests. Even Facebook, which similarly allows third parties to run contests and promotions on its platform, continued to refine and post increasingly specific guidelines throughout the past year in an attempt to ensure that these gaming-style promotions are run in accordance with applicable law. In fact, Facebook now prohibits promotional sweepstakes that condition entry upon the purchase of a product, completion of a lengthy task, or other form of consideration.

Needless to say, the risks are real for both social networking sites and device manufacturers housing applications, particularly when both virtual and credit card transactions are occurring on and through the sites and platforms, including where credit card data is maintained (e.g., purchasing raffle tickets via an iPad app where the credit card charged is on file with Apple via iTunes), as the potential exists for liability to extend beyond the app developer.  Ultimately, social networking sites and platform developers need to ensure that their marketing partners, sponsors and developers carefully structure their promotions and apps to comply with anti-gambling laws.

As always, we will keep an eye out for developments in this area of the law, particularly as the lucrative and viral nature of these promotions continue to expand exponentially across new media platforms and devices.

We had previously written about the original sanction order, in which the FCC found that Comcast had violated the non-binding net neutrality principles by examining users’ connections and routing them (in actuality, slowing them down) based on whether the connection was being used for P2P uploads.  In effect, Comcast was managing traffic connections not based on destination but on application.  Comcast appealed the ruling, asserting that the FCC did not have the appropriate authority to issue the sanction.

The Circuit Court’s decision rested, in large part, on where the regulations governing ISPs fall within the provisions of the Communications Act.  In 2002, the FCC defined ISP services as “information” carriers, subject to Title I of the Communications Act, rather than as “telecommunications” services governed by Title II.  That distinction proved fatal to its attempt to sanction Comcast. 

FCC itself conceded that it did not have the express authority under Title I to regulate an ISP’s network management practices.  The FCC was therefore compelled to rely on the broad provisions of Section 4(i) of the Act, which authorizes the Commission to “perform any and all acts, make such rules and regulations, and issue such orders, not inconsistent with this chapter, as may be necessary in the execution of its functions.”  Under prior DC Circuit precedent, this “ancillary” authority may only be used if the FCC can demonstrate that its action, is “reasonably ancillary to the effective performance of its statutorily mandated responsibilities.”  The FCC relied on several Congressional statements of policy to show that regulating Comcast and other ISPs was within its “statutorily mandated responsibilities.”  But as the appeals court decision pointed out, Supreme Court and DC Circuit case law has held on numerous occasions that such statements of policy cannot create “statutorily mandated responsibilities.”  The Court went on to reject the FCC’s claim of “ancillary authority” and vacated the sanction order against Comcast.

So where does this leave the FCC’s net neutrality initiatives?  Several proponents of expanded FCC authority have suggested that the FCC reclassify ISPs as “telecommunications” services under Title II of the Communications Act.  Title II expressly makes it unlawful for common carriers “to make any unjust or unreasonable discrimination in charges, practices, classifications, regulations, facilities, or services for or in connection with like communication service”.  Such language would appear to provide solid footing for implementing and enforcing the net neutrality principles.

Indeed, immediately after the DC Circuit’s decision was handed down, FCC Commissioner Michael Copps released a statementurging the FCC to reverse its earlier 2002 determination and treat ISPs as telecommunications services saying “It is time that we stop doing the ‘ancillary authority’ dance and instead rely on the statute Congress gave us to stand on solid legal ground in safeguarding the benefits of the Internet for American consumers.” 

Congress may yet get into the action as well.  Last August, the Internet Freedom and Preservation Act of 2009 was introduced.  The Act expressly makes it unlawful to block, interfere with, discriminate against, impair, or degrade” access to any lawful content from any lawful application or device.”  However, no action has been taken on the bill since its introduction.

Stay tuned.

Dan will be part of a panel entitled “Global Perspective – Changing Rules for P2P and Cloud Computing”, which will discuss the key laws and regulations that P2P and cloud computing software developers and distributors need to comply with, the changes taking place in the regulatory environment affecting P2P and cloud-computing technologies, the impact of recent actions and rulings and other issues in the legal and policy arenas that might foster investment and commercial development of P2P and cloud computing. More information on registration is available on the DCIA’s website.

On a related note, the video from the DCIA’s March 9 conference has been posted.  At that conference, Dan participated in a  panel discussing the various business models utilized by P2P and cloud computing providers, including ad-supported, subscription, paid download and other innovative strategies.