Access Denied! Why You Should Care about Net Neutrality

This article was originally featured on the Truman National Security Project’s Doctrine Blog on April 26, 2017.

If you get frustrated when it takes longer than normal for a site to load or appreciate the freedom to visit the site of your choosing without impediment, you should be watching what happens with net neutrality.

But what is net neutrality? Often referred to as “Open Internet,” net neutrality is the underlying principle of the Internet that internet service providers (ISPs) provide open and consistent access to any application or content that rides over their networks. This prevents ISPs that provide broadband and telecom service, like AT&T and Comcast, from also providing preferential treatment to companies willing and able to pay more for faster speeds. After all, if ISPs aren’t required to maintain consistent connectivity, consumers will likely limit their searches and consumption to sites that load easily.

Net neutrality additionally prevents the ISPs from blocking content of their choosing, which becomes important in that such blocking can put limits on free speech and press. The Internet is often a platform for marginalized voices. Small businesses, people of color, citizens of oppressive regimes, and activists can use the Internet to amplify their otherwise discreet and often silenced messages. Without net neutrality, ISPs could block unpopular speech and prevent dissident voices from speaking freely online. Without net neutrality, we may not know of many of the injustices perpetuated around the world or in our own back yard! On another note, less politically harmful but equally as disruptive, you may not be able to find the business or product you’re looking for or watch the movie of your choosing without an additional fee. Equally alarming, limited access to information and content can also impede competition, therefore potentially manipulating the market.

No matter your economic status, political beliefs, racial identity, sexual orientation, or ISP, you deserve to have the same access to any website you choose to visit. However, FCC Chairman Ajit Pai has a draft plan, which he has not presented publicly, that will reportedly severely weaken net neutrality rules for all. Instead of clear rules that require ISPs to treat all data the same, Pai is proposing a voluntary system where providers promise in writing they will not block web pages or slow down traffic. Theoretically, under his plan, as long as ISPs commit to protecting net neutrality in their terms of service, the FCC can eliminate its rules defaulting to the Federal Trade Commission (FTC) to punish ISPs that do not comply with their net neutrality promises.

This may sound “ok” on the surface, but ISPs would only be bound by net neutrality requirements to the extent they promise to follow them — no standardization or mandatory level of protection. This type of voluntary system leaves too much room for “creativity” on how to make money by manipulating internet traffic or how to silence unwelcomed perspectives. Importantly, this construct would require changes to FTC Act, leaves unclear how consumers would know whether content is being blocked in order to file a claim, and requires claims be tied to consumer harm. Additionally, there isn’t enough competition among telecom and broadband providers to demand compliance. Not to mention, there is little to stop ISPs from removing net neutrality clauses from their terms of service in the future.

Essentially, the greatest attribute of the Internet is its freedom, and the ability to search without restriction or limit is fundamental to such freedom. Rolling back current consumer and competition protections stands in direct opposition to maintaining a free and open internet.

In 2014, citizens and businesses successfully cried out for protection from manipulation of service speeds and paid prioritization. Then FCC Chairman Wheeler released rules, “the Open Internet Order,” one year later. Earlier this month, current FCC Chairman Pai discussed plans for net neutrality with the Internet Association — a lobbying group representing Facebook, Google, Twitter, and other large tech companies — and the organization took to the media to underscore their support for these rules. Internet Association members have made clear they are prepared to fight against any dilution of net neutrality rules. Hopefully, this strong show of support for strong net neutrality will cause Chairman Pai to reimagine his plan.

On the heels of President Trump signing the Congressional resolution to overturn Internet privacy rules — the first sign of an agenda to roll back FCC protections implemented in recent years — Pai’s inclination toward a voluntary framework is a call to vigilance, if not a call to action, for those invested in and enjoying net neutrality.

This week, members of Congress have answered the call by requesting Pai to reveal his net neutrality plans. Democracy and a stable economy demand access to information. Every citizen and business who values the freedom to search the Internet without restrictions and receive all content consistently should lend their voice to preserving net neutrality rules.

View story at Medium.com

Conversational Commerce: Are You Ready?

Guest post by Jason Miller.

Texting Dominos a pizza emoji and a deliveryman showing up at you door “30 minutes” later with a pizza exemplifies the integration of Business to Consumer (B2C) transactions. Well, the same transactional principles may forever change the B2C relationship. Imagine if instead of sending a text and receiving a pizza, you could text your local grocery store your shopping list or text Amazon about a product you want—and have it delivered the same day.

These possibilities represent the next evolution of the B2C relationship called, “conversational commerce,” which has already taken Asia by storm. It allows users to order on-demand services and products through text messages or other messaging services, established a new commercial platform that may change the game yet again. TechCrunch reported that: China’s WeChat generates over $1B in revenue from its 440 million users, which allows them to use text messages to their pay bills and order products, while Japan’s LinePay takes a similar approach.

The principle is most mobile-phone users spend most of their time texting; why should they have to switch a different app, search for the product, enter their payment information, and then place their order. But soon consumers will be able too simply send a text to the company they wish to make a purchase from. Expanding texting’s potential to making payments, buying products, etc. may alleviate these cumbersome tasks altogether.

While at first-glance commercial communication may seem a bit novel, the United States has certainly taking notice of its impact in Asia. American tech-giants, like Facebook and Google, are jumping on the bandwagon. TechCrunch noted that Facebook, for example, is in the process of implementing these capabilities into their “Messenger App,” allowing users to order food and even speak with businesses directly. Meanwhile, many start-ups have also developed to take their share of this expanding market. Such as Magic, a concierge-type delivery service that lets uses order almost any product for delivery through text, which oddly enough I started using the day I read about it.

Though the market is young in the States, its validity as a commercial platform is clear and a possibly lucrative one at that. If there’s money to be made, then I think its safe to presume that large companies will attempt to adapt their current systems to implement this developing commercial space within their business model (i.e., Facebook, etc.). Hopefully allowing me text a masseuse to and recreate my favorite scene from Boy Meets World; Griff was my hero.

Note from the Digital Counselor:

Entrepreneurs and small business owners should be on the look out for ways to integrate this into their business model. Early adoption could be a standout feature and create a niche that may enable rapid growth. However, rapid growth necessitates the ability to scale quickly, which can be hard for a small business with little capital. Although a great tool, businesses looking to implement must look at potential impacts to their business model and ultimately their bottom line.

About the Author:

Jason Miller is law student at American University Washington College of Law. Jason is originally from Rockville, MD, and studied communications at University of Maryland. While in undgrad, Jason & his friends founded a globally followed music blog, with about 100k unique visitors per month. After graduating, Jason worked at the U.S. Senate for two years before going to law school.

 

Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of TheDigitalCounselor.com, any other poster/blogger of this blog or any entity affiliated with blog posters. Any comments by TheDigitalCounselor.com do not reflect the views or ideas of any organization or individual that may or may not be affiliated or associated. 

Accepting Guest Blog Posts

I have accepted a position that will not allow me to write in 2016. However, I want to continue to provide information on cyber, intellectual property (IP), social media, security, privacy, and technology law and policy to you all.  So…. I am accepting  submissions from guest bloggers!

Please send me your best cyber, IP and tech law and policy posts. Many of this blog’s followers are entrepreneurs, technophiles, tech novices, bloggers, social media user and those intrigued by tech, so please cater your posts to that audience. Please send posts to thedigitalcounselor@gmail.com. I will notify you if your post is selected.

Thank you for your submission, in advance, and more importantly, THANK YOU FOR READING!

I hope the readers find previous posts and any information others are able to provide in my absence helpful! And I look forward to returning in 2017!!

The Future of the Internet of Things: Utopia or Disaster?

Guest post by Mr. Leon Silver.

Leon Silver, National Practice Group leader of Gordon & Rees’ Retail & Hospitality Practice Group and a privacy law expert, hosted a seminar on Privacy and The Internet of Things on June 25 at the State Bar of Arizona annual convention at the Arizona Biltmore. He provided this recap of the discussion.

Throughout the many articles and blog posts on the topic of the Internet of Things (IoT), I’ve noticed a recurring theme. Everyone is talking about the fact that no one is talking about the privacy implications of ubiquitous connectivity and data mining through the IoT. This summer I had the opportunity to lead a panel discussion at the Arizona State Bar convention to further the conversation about privacy and security on the Internet of Things.

The panel included K Royal, Privacy Counsel at CellTrust, Inc., an attorney and compliance professional with over 20 years of experience in the legal and health-related fields; Dan Christensen, Global Group Counsel of IT, Privacy & Security at Intel Corporation; and David Bodney, partner at Ballard Spahr, LLP, a litigator focusing on media and constitutional law.

I kicked things off by posing the question of the day: “Will the Internet of Things result in a utopian future, or a dystopian future?”

I then asked the audience not to shut off in our back pockets, but to grab their phones, turn them on and make use of them to actively share the information being discussed. My intention? To spark more of the very conversations the seminar was seeking to have.

We were honored to have guest speaker Frank Jones, vice president of the Internet of Things Group and general manager of the Operations and Group Marketing Division at Intel Corporation, share his insight with the group. Mr. Jones provided an overview of the vast scope and rapid progress being made on the IoT. He explained that in today’s world, we create as much electronic data every two days as we did from the dawn of civilization up until 2003.

The IoT will help solve challenges around the globe, he explained, by driving growth and helping to solve critical problems such as illiteracy and water supply. According to Mr. Jones, this movement is already in process and actually began with the introduction of the smartphone.

Intel is committed to making this a positive movement, he said. “The core value and base of IoT will be security,” said Mr. Jones. “Without security as the foundation, nothing is possible.”

In order for IoT to progress, “cooperation across the industry is necessary.” Mr. Jones said companies that are otherwise competitors will have to join forces and create a uniform platform to make way for IoT because this is something that can’t be done alone. With security as the foundation and an established industry-wide standard, adopting IoT to generate global solutions will be a reality.

In his words, IoT is about connecting the unconnected and unleashing data to enable unprecedented transformations. IoT will touch everyone on Earth.

So how much connectivity can we bear to have in our personal life?

As ideal and exciting as IoT seems to be, the panel, the audience and I were all too aware of the dangers and risks associated with this new era of technology.

I asked if the one layer of security that manufacturers build into systems is enough to protect us. Mr. Christensen replied, “No it’s not. One layer at the base is not enough.” He explained that IoT is like turning a house with only one, easily secured window, into a glass house. Massive vulnerability will be created, resulting in a lack of control. Repurposing of information will be an issue, the quality of user consent will be crippled, and jurisdiction creep will become a serious issue. How will security policies/laws change from country to country? These are just a few of various concerns raised by Mr. Christensen.

When asked who would own our personal information in this IoT era, Mr. Bodney said this would depend on the agreement. Very much like today, “If you want to participate, you are consenting.” It is unknown, however, how the law will treat this issue when data is collected without consent and in the gray areas of a person’s reasonable expectation of privacy. The commercial and private use of drones, for example, has raised far more questions than have been answered.

Ms. Royal questioned whether you could own private personal data when each country defines “private personal data” differently. In the U.S., federal rights to privacy are for customers of certain industries (education, health, financial). Other countries, however, ascribe privacy rights on the basis of being an individual, rather than being a consumer. While most agree that health data and financial information are sensitive, nations differ as to the scope. Israel, for example defines personality as sensitive information. Australia includes membership in a professional organization as sensitive, whereas here in the U.S., you can buy a list containing that information. Some countries define arrests as sensitive (not just convictions), whereas the U.S. considers that public information.

So what can be done to protect personal data? Ms. Royal informed the audience that there are companies that specialize in keeping information private. She suggested that consumers read through privacy policies, find “off” switches, and disconnect devices when not in use, install security updates, opt out of Wi-Fi connectivity on devices if it isn’t important to them, and accept the fact that devices collect data or stop using them altogether.

The biggest threat, Mr. Christensen explained, remains organized crime. “Organized crime is still the biggest problem area.” These are the groups that try to get into bank accounts — hacktivists and malicious insiders.

The audience wanted to know if there would be a group to lobby for the protection of privacy as the IoT movement takes off, and if so, what group they should be keeping an eye on. Ms. Royal said there has been a Consumer Privacy Bill of Rights push more than once, but unfortunately, it has never fully materialized.

In response to the question whether we can expect Congress to provide legal protection to children, Mr. Bodney stated that because the pace of technology is so rapid, Congress has a tough time keeping up. By the time Congress gets around to adopting these new laws and policies, said Mr. Bodney, technology will have surpassed any legislation. Regardless, young people have a different sense of privacy than older generations, he added. “They grew up in this environment and are far more comfortable in it.” Ms. Royal added that younger generations are often referred to as “digital natives” and older generations are considered “digital immigrants.”

Mr. Christensen believes manufacturers should cater to the consumers that value privacy. He mentioned consumers must be aware, however, of the risks they take every time they get a hold of new devices. For example, as soon as customers open a new Intel device, the first thing they see when they open the box is a note that informs customers that by turning on the device, they are agreeing to Intel’s terms and conditions, including their privacy policy.

If you value your privacy, Ms. Royal suggests looking for companies that feel the same way. “Maybe one day there will be a list of companies that value privacy.”

As the seminar came to a close, I asked each panel member the same question I had asked earlier. Will the Internet of Things result in a utopian future, or a dystopian future? Each panel member responded with an optimistic, “Utopian,” although some were more “cautiously optimistic” than others.

I urge that not only lawyers, but everyone, pay attention to our personal privacy and what is being done with our personal data.

 

Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of TheDigitalCounselor.com, any other poster/blogger of this blog or any entity affiliated with blog posters.

New gTLDs Causing Trouble for Twitter

Screen Shot 2015-07-15 at 10.07.30 AMYesterday, a website that looked exactly like Bloomberg posted “news” that there was a $31 billion buyout offer for Twitter. Ummm not true! The website, called http://www.bloomberg.market, featuring a new gTLD, was fake. And so was the report. The fake website was a near-identical replica of Bloomberg’s site, and even used Bloomberg reporter Stephen Morris’s byline. OpenOutcrier, a Twitter account that bills itself as a destination for “Real-time stock & option trading headlines, breaking news, rumors and strategy” was the first to post about the report, although Bloomberg employees were quick to point out it was fake.

Most discussions about new gTLDs causing problems for brand owners is preventative such as with the .SUCKS and .PORN domains. This incident is a good example of a new gTLD causing the damage brand owners are trying to prevent in those other cases. As a brand owner you should make sure to not only use these new gTLDs as a tool for branding but remain aware of the release of new gTLDs to proactively register relevant domains and/or monitor for infringement like this. There are a number of free monitoring tools like Google Alerts or Talkwalker that you can use to monitor use of your brand name.  And you can see which new gTLDs have launched and when so you can remain up to date on gTLDs that you should register from a branding perspective and/or from a brand protection perspective.

As a result of this false story, Twitter shares shot up, only to fall back down when Twitter corrected . It’s not clear who was behind the faux story. With all that’s going on with Twitter, including the CEO being replaced by co-founder Jack Dorsey earlier this month, this incident was believable.  This could have caused more damage to company finances, reputation, and consumer trust. Don’t let your brand be next! Fraudsters are very savvy as you can see.

Should You Trademark Your Website?

It is extremely important for companies to protect their intellectual property. Developing a comprehensive intellectual property plan is essential to protecting your investment and protecting your consumers from confusion.  Trademarking your brand names, slogans and company name as well as copyrighting blog content, original imagery, and other original works of authorship are commonly know areas of focus for companies and entrepreneurs.  You want to be in control of your brand, your content and your creations.

Now, according to one federal court, companies can use trademark law to protect the unique look and feel of their websites from imitators. As a result of this ruling, companies should consider registering their websites as trademarks with the U.S. Patent and Trademark Office (the “USPTO”).

The U.S. District Court for the Northern District of California recently ruled in Ingrid & Isabel, Inc. v. Baby Be Mine, LLC, No. 13-01806 (N.D. Cal. Oct. 1, 2014) that the look and feel of a website used to market and sell products and services can constitute protectable trade dress under Section 43 of the Lanham Act. See 15 U.S.C. § 1125(a) (2012). Trade dress, a derivative of trademark law, protects the total image of a business or product, including the arrangement of identifying features such as graphics, packaging, designs, shapes, colors, textures, and décor.

This is an important development for companies seeking to protect their brand online. Your website is an important part of your brand as a company. It is often a customer’s first impression and point of sale.  Previous case-law suggested that a website could constitute protectable trade dress only if the website itself was the product. See Conference Archives, Inc. v. Sound Images, Inc., No. 06-00076, 2010 WL 1626072 (W.D. Pa. Mar. 31, 2010) The Ingrid & Isabel case provides an opportunity to expand those protections. This decision is reminiscent of the USPTO allowing Apple, Inc. to register a trademark for the design and layout of its unique retail stores. Your website is in effect your online store. This is a great example of the law starting to catch up with the times. Companies seeking to take advantage of this protection must make sure their website is 1)distinctive or has acquired secondary meaning and is 2) nonfunctional.RegisteredTM

  1. The court noted that the “Supreme Court has held that ‘design, like color is not inherently distinctive’ [citing a case involving Wal-Mart.]  Given the conceptual similarity between ‘look and feel’ and ‘design,’ Wal-Mart suggests that Plaintiff must show that its website‘s ‘look and feel’ is distinctive through its secondary meaning.” This eludes to the fact that the design of a website is not “inherently” distinct. You want to secure these protections before someone seeks to copy your website. However, per previous case-law  “secondary meaning may be inferred from evidence of deliberate copying of the trade dress…” Therefore, if you can show that your competitor deliberately copied your website, that will help to support your claim for acquired distinctiveness.
  2. Functional elements cannot be protected as trade dress. However, according to the court in Ingrid & Isabel “the placement and arrangement of functional elements can produce a non-functional aesthetic whole.”

This is also an important decision from a cybersecurity perspective. Most consumers are lured into phishing and other fraud scams when malicious actors mimic the look and feel of a brand’s website. Armed with a similar site they can lure unsuspecting consumers to insert personally identifiable information and financial data into their fake site. This can result in identity theft and financial loss. This is another tool in a trademark owner or company’s arsenal to combat fraud and protect their customers.

If your website is distinct, talk to an attorney about protecting it. This is an important consideration and should be part of developing a comprehensive intellectual property plan.

Trade dress protection has existed for decades, but its usefulness for websites and other Internet-based applications has been limited. It will be interesting to see how courts continue to apply the law to websites, mobile apps, and other non-traditional mediums.

Note that the court didn’t determine the ultimate outcome of this case; that’s still in dispute. This ruling merely allowed Ingrid & Isabel’s claim on this point to proceed to trial.

Recent Virginia Case Carries Major Implications for Fingerprint Passcodes and Self-Incrimination

This article was originally published in the Spring 2015 issue of the Virginia Bar Association YLC Docket Call.

The ever-evolving technological landscape constantly elicits new and interesting questions of law. Privacy and data security are areas of contention and confusion for many. Why?  Because privacy limits are unclear because the reach of technology outpacing the evolution of the law. As cell phones have advanced, they have become essential to everyday life and are no longer merely phone used to make and receive calls. Cell phones are minicomputers filled with personal, and mostly private, information including calendars, alarm clocks, books, videos and photos. People store everything from grocery lists to banking information in phones. How do the laws that govern phones solely to make and receive calls apply to these new multifaceted devices? Courts and lawmakers are slowly answering that question.

In Reily v. California, the Supreme Court shed some light on privacy limits regarding cell phones.[1] The Court held that the police generally may not, without a warrant, search digital information on a cellphone seized from an individual who has been arrested. The Court characterized cell phones as minicomputers filled with massive amounts of private information, which distinguished them from the traditional items that can be seized from an arrestee’s person, such as a wallet. This ruling is a necessary stride towards deciphering how the Fourth Amendment applies in this digital age but leaves a lot of unanswered questions.

After obtaining a warrant to search a phone how will officers access the contents? Can officers compel the accused to provide one’s passcode or fingerprint? Existing laws do not apply smoothly and presents an interesting question: Is producing one’s passcode or fingerprint to allow access to digital information on a smartphone testimonial communication subject to the Fifth Amendment privilege against self-incrimination?[2] This was the question answered in the Virginia case Commonwealth of Virginia v. Baust.[3]

In Commonwealth of Virginia v. Baust, the defendant David Baust was indicted on charges of assault.[4] The victim alleged that video of the assault was on Baust’s smartphone.[5] The police obtained and executed a search warrant, retrieving (among other items) the smart phone.[6] However, the phone was “locked” and could only be entered using a passcode or fingerprint.[7] The court decided to review each method of entry separately under the Fifth Amendment and arrived at two different conclusions.

The court held that fingerprints and passcodes are different in the eyes of law because of the testimonial nature of providing a passcode, which violates the accused’s right not to incriminate him or herself. The Judge explained that Baust could not be compelled to provide his passcode to access the smartphone, but could be compelled to produce his fingerprint to access the phone.[8] Producing the passcode would require the defendant to divulge knowledge—information from his own mind, placing it in the testimonial realm.[9] However, he concluded that a personal fingerprint does not require any similar knowledge—it is equivalent to a key that fits into a lock.[10]

This legal distinction will have a major impact on smartphone users, especially as providers market the increased security of these alternate access mechanisms. Your fingerprint is advertised as a more secure method for accessing tour phone but presents vulnerability if ever compelled to provide access to your phone. The legal differences may not be clear to users, as the passcode and the fingerprint are functionally equivalent. Should they really be distinguished under the law? Is there a distinction between telling police a passcode and typing in the passcode so that police may gain access to a phone? By typing the code, the individual does not have to provide any knowledge (testimony) directly to the police, although still providing access to data that is potentially criminally incriminating. Is the outcome or the means more important, because although not a verbal testimony providing a fingerprint or writing a passcode may lead to criminally incriminating information?

This decision raises a lot of questions and determining privacy rights in our technology will only get more complex as technology continues to evolve. The court is being charged to assess the functional and technological implications of new technology and create laws with those perspectives in mind. This is a difficult balance. Consistency will also be important to citizens as they seek to protect themselves within the bounds of these laws.

Most immediately, in Virginia, you should protect your phone using a passcode, not your fingerprint.

 

 

[1] 134 S. Ct. 2473, 2477 (2014).

[2] Commonwealth of Virginia v. Baust, No. CR14-1439, at 2 (Va. 2d Cir. Ct. Oct. 28, 2014).

[3] Id. at 1.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id. at 4.

[9] Id. at 5.

[10] Id.

Quick Tip: Sign A Pre-Nup With Your Business Partner

Co-founder disputes are common in the business world, whether in television production, restaurants, real estate,or tech start-ups. With the staggering amount of money that can be at stake in today’s tech companies, founders should exercise caution. The best of friends and the most cohesive of partnerships can end in a bitter legal battle unexpectedly. A recent Los Angeles Times article, titled “Co-founder feuds at L.A .tech start-ups show how handshake deals can blow up,” recounts several telling tales of business start-up angst. The article analyzes recent tech-based businesses that began with a handshake and ended with relationship-ending conflict.

Entrepreneurs should consider entering into a prenuptial (“prenup”) agreement to avoid such a dispute. A prenup establishes the property and financial rights of each spouse in the event of a divorce. Figuring out how to divide property and assets should a company or partnership dissolve may be a smart way to start a business. Consult counsel and think through all the potential issues.

Quick Tip: Trademark Protection In Cuba

Cuba is now an open market for US businesses. President Obama announced in December 2014 that US is taking steps towards increased travel and improved relations with Cuba. This will mean a new frontier for many businesses as commerce restrictions are lifted.

One exception to the long-standing US embargo on trade with Cuba permits US companies to file for and obtain trademark registrations in Cuba. Many companies did not consider obtaining a Cuban trademark a high priority but it is now something to consider. Cuba is a “first to file” jurisdiction – in other words, a Cuban registration for a trademark will be awarded to the first applicant, even if that applicant has no legitimate claim to the mark. An applicant does not have to use the mark in Cuba, or even plan to expand its business into that country, before filing an application for trademark registration. Proactively seeking a Cuban trademark registration now will help ensure that the mark is available when the embargo with Cuba is lifted.

There are two ways to apply for a Cuban trademark registration: (1) if a US company owns a current US trademark registration, a Cuban application can be based on the US registration and filed through the international Madrid Protocol treaty; or (2) a national Cuban trademark application can be filed through local trademark agents with the Oficina Cubana de la Propiedad Industrial (OCPI), the Cuban equivalent of the US Patent and Trademark Office. Seek advice of counsel as you expand your trademark portfolio.

Being proactive about foreign registrations is an important part of a strong intellectual property portfolio.