Blog Rss Feed

Hansen Quoted in Article on New E-Commerce Focus for Visa, MasterCard

Thu, 02 Sep 2010 13:08:12 GMT

Perkins Coie Partner Dax Hansen was quoted this week in an article published by Internet Retailer, "Changing Their Stripes." The article discusses initiatives recently launched by Visa and MasterCard Worldwide in response to an increase in e-commerce and the rise of online competitors like PayPal and Facebook Credits.

One example is MasterCard's Open APIs, which according to the article "is designed to make it easier for mobile and web developers to integrate MasterCard payments into their applications." The author quoted Hansen as saying this "appears aimed at developers looking for ways to sell games, music and other digital content to mobile consumers."

"Developers are looking for flexible, easy solutions that don't require customers to input their card numbers," Hansen says.

Reingold Quoted in BNA Article on Cloud Computing Liability

Wed, 01 Sep 2010 17:20:59 GMT

Perkins Coie Partner Barry Reingold was quoted this week in an article published by BNA entitled, "'Cloud' Customers Facing Contracts With Huge Liability Risks, Attorneys Say."

The article focuses on the risks companies face when they agree to store their data with third party providers. Reingold said companies in regulated industries like health care and banking need to be especially careful. "You may lose physical control over your data, but you never lose legal responsibility," he told BNA.

FTC Tags Public Relations Firm for Posting Phony Product Endorsements on iTunes Store

Fri, 27 Aug 2010 12:52:59 GMT

On August 26, 2010, the FTC announced a consent decree with Reverb Communications, a public relations firm whose clients included developers of video games, including mobile gaming apps. http://www.ftc.gov/opa/2010/08/reverb.shtm. This represents the first enforcement action under the agency's revised Guidelines Concerning the Use of Endorsements and Testimonials in Advertising. http://ftc.gov/os/2009/10/091005revisedendorsementguides.pdf

Reverb, which was typically paid a percentage of its clients' sales on advertised games, in 2008 and 2009 posted on the iTunes store reviews of those games. Typical reviews consisted of "Amazing new game," "One of the best apps just got better," and [Reverb's client] does it again!" Although the reviews seemed to come from disinterested consumers, they were actually posted by Reverb's employees, a fact never disclosed.

The type of conduct challenged (endorsements by an advertiser's employees) represents a classic violation of the guidellines. What's interesting about the case is that none of Reverb's clients were included as co-defendants. If they were unaware that Reverb was using its own employees to generate positive reviews, this represents the rare case where "ignorance was bliss."

Ninth Circuit Upholds Unmasking of Online Anonymous Speakers

Mon, 16 Aug 2010 23:21:31 GMT

The Ninth Circuit affirmed a federal district court decision ordering the disclosure of the identities of three anonymous online speakers who made allegedly defamatory statements as part of a company's online "smear campaign" against a competitor. In Re: Anonymous Online Speakers, No. 09-71265 (9th Cir. July 12, 2010). The alleged victim of the "smear campaign" sought the identities of the three anonymous speakers as part of the civil discovery process. The anonymous speakers objected to the disclosure of their identities on First Amendment grounds, arguing that their right to anonymous speech outweighed the need for discovery of their identities. The district court disagreed and ordered disclosure of the speakers' identities.

On a writ for mandamus, the Ninth Circuit upheld the district court order, suggesting that when district courts are "consider[ing] the important value of anonymous speech balanced against a party's need for relevant discovery … [t]he specific circumstances surrounding the speech serve to give context to the balancing exercise." Therefore, the nature of the speech should "be a driving force in choosing the standard by which to balance the rights of anonymous speakers" and "commercial speech should be afforded less protection that political, religious, or literary speech." The speech at issue was commercial speech, so the anonymous online speakers were not entitled to the full First Amendment protection.

The Court did not, however, identify which of the four standards currently used by courts to balance the rights of anonymous speakers against the need for civil discovery - (1) a prima facie showing of the claim, (2) a motion to dismiss/good faith standard, (3) a standard in between a prima facie showing and the motion to dismiss standard, or (4) surviving a hypothetical motion for summary judgment - should apply to the commercial speech at issue. Instead, the Court concluded only that the district court (1) had appropriately considered the "great potential for irresponsible, malicious, and harmful communication" and the "speed and power of internet technology" and (2) did not clearly err by applying the most exacting standard for compelled disclosures of identity, the "hypothetical motion for summary judgment" (plus notice to the anonymous user) standard, as explicated by the Delaware Supreme Court in Doe v. Cahill.

Lyon Quoted on "The Dark Side of the Smart Grid"

Thu, 12 Aug 2010 16:11:46 GMT

Perkins Coie Of Counsel Susan Lyon was quoted this month in an article on smart grid technology published in SmartHome magazine entitled, "Smart Grid: Plug In Or Jump Off?" In a sidebar, "The Dark Side of the Smart Grid," Lyon explained the security and privacy concerns associated with the new technology. "Basically, it is two-way communications from and to homes and even can include smart grid appliances," she said. "Utilities are quickly increasing the amount of data they collect, tracking and recording more activities."

Gidari Quoted in Front-Page Wall Street Journal Article on Cellphone Tracking

Tue, 10 Aug 2010 12:21:55 GMT

In last week's Wall Street Journal article, "Stalkers Exploit Cellphone GPS," Perkins Coie Partner Albert Gidari explained the challenges cellphone carriers face when police request location-tracking data. "Police, [Gidari] says, often claim they need data immediately for an emergency like a kidnapping, and therefore don't have time to obtain a warrant, in which a judge must approve an information request."

The article goes on to say that "law-enforcement's easy access to such data makes the systems easy to abuse. [Gidari] says carriers would like to have a system in place requiring agents to get warrants. Without such a requirement, there is little carriers can do to resist warrantless requests."

FTC Testifies on Consumer Privacy Enforcement Past, Present and Future

Mon, 09 Aug 2010 08:50:54 GMT

The Federal Trade Commission’s (“FTC” or “Commission”) Congressional testimony of July 22, 2010 provides an excellent overview of the Commission’s views on consumer privacy enforcement past, present, and future and should be of interest to consumers, industry stakeholders and privacy professionals alike.

The testimony begins with a detailed summary of the FTC’s consumer privacy enforcement actions over the last two decades, including a discussion of its two main policy approaches: (1) promoting the fair information practices of notice, choice, access, and security (the “FTC Fair Information Practices approach”); and (2) protecting consumers from specific and tangible privacy harms (the “harm-based approach”) such as failures to maintain reasonable security for consumer data.

This historical discussion is followed by a summary of the Commission’s current policy initiatives, including its self-regulatory principles for online behavioral advertising: (1) transparency and consumer control; (2) reasonable security and limited retention for consumer data; (3) affirmative express consent for material retroactive changes to privacy policies; and (4) affirmative express consent for (or prohibition against) the use of sensitive data.

The testimony concludes with a brief discussion of the FTC’s views of the privacy landscape going forward, including its opinions on legislation currently pending in Congress. For example, the Commission reiterated its recent criticism that the Fair Information Practices model puts too much burden on consumers to read and understand “lengthy and complicated privacy policies” that “often seem designed to limit companies’ liability, rather than to inform consumers about their information practices.” The Commission also noted that while its harm-based approach has traditionally focused on financial or other tangible harm, it could be extended to areas where there may be no risk of financial harm (e.g., where information about a consumer’s medical condition is made available to third-party marketers, “even if receiving advertising based on that condition might not cause a financial harm.”).

Regarding the privacy legislation proposed by Representatives Bobby Rush and Rick Boucher, the FTC supports many provisions, but suggests that others be added or modified. Specifically, the Commission would like a statutory requirement for “short, clear” privacy disclosures “at a relevant point for consumers.” Also, the Commission suggests that any privacy legislation account for the possibility that “consumers often do not understand relationships between companies based on corporate control” and, thus, “if a company states that it does not share data with third parties, consumers may be surprised if that company shared data with dozens, or even hundreds, of affiliates.” Finally, the Commission noted its “concerns about the safe harbor mechanism contained in the proposed legislation, under which the FTC could approve multiple industry-led ‘choice programs.’” The Commission is concerned about this provision because “[c]reating multiple consent mechanisms that may differ in important ways risks adding to consumer confusion.”

Gidari quoted in AP article on proposed FBI expansion of authorities

Fri, 30 Jul 2010 14:23:51 GMT

Perkins Coie Partner Albert Gidari was quoted in an Associated Press article this week on a proposed change to federal law that would allow the FBI to obtain electronic records from Internet service providers - without a court order. The article, "FBI access to e-mail and Web records raises fears," says one controversial aspect of the change is that it is buried within an intelligence reauthorization bill. "This is a huge expansion" of the FBI's authority "and burying it this way in the intelligence authorization bill is really intended to bury it from scrutiny," Gidari said.

iPhone Bricking Class Certified, But CFAA, California Penal Code & Tresspass Claims Dismissed

Thu, 15 Jul 2010 10:35:43 GMT

A federal court in the Northern District of California dismissed Computer Fraud and Abuse Act (“CFAA”), California Penal Code Section 502, and trespass to chattel claims against Apple Computer, Inc. arising out of its transmission of a software update that caused iPhones, which had been unlocked so they could be used with other service providers, to become unusable. In re Apple & ATTM Antitrust Litig. No. 07-05152 (N.D. Cal. July 8, 2010). This complete disabling of the iPhone has been termed “bricking.”

While Apple scored a victory in getting these three claims dismissed, the Plaintiffs scored a larger victory as the court granted class certification for the remaining claims as to “[a]ll persons who purchased or acquired an iPhone in the United States and entered into a two-year agreement with Defendant AT&T Mobility, LLC for iPhone voice and data service any time from June 29, 2007, to the present." The newly certified class action will address Plaintiffs’ claims arising out of the “bricking” allegations that Apple and AT&T Mobility secretly agreed to technologically restrict voice and data service to iPhones in the aftermarket for five years (three years beyond the two-year service agreement with AT&T Mobility), and that Apple monopolized the aftermarket for third-party software applications for the iPhone.

The court addressed the CFAA, California Penal Code (“CPC”) § 502, and trespass to chattels claims together because Apple asserted that no Plaintiff was damaged by the “bricking” that resulted when upgraded software (1.1.1 Software) was installed on unlocked iPhones. In so doing the court first summarized the applicable law as to each cause of action and then addressed the elements of damages, intentional acts, and authorization, finding that Plaintiffs failed to establish each of those required elements.

Trespass to Chattels:

In California, a trespass to chattels claim requires “actual harm” and “lies where an intentional interference with the possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 30 Cal. 4th 1342, 1350-51 (2003) (emphasis omitted) (internal quotation marks and citation omitted).

Computer Fraud and Abuse Act:

The CFAA creates liability for “knowingly caus[ing] the transmission of a program, information, code, or command, and as a result of such conduct, intentionally caus[ing] damage without authorization, to a protected computer.” 18 U.S.C. § 1030(a)(5)(A).

The term “damage” means “any impairment to the integrity or availability of data, a program, a system, or information.” Id. § 1030(e)(8). A plaintiff must also demonstrate that the defendant’s action caused over $5,000 in damage over a one-year period. Id. § 1030(a)(4). Plaintiffs may aggregate individual damages over the putative class to meet the damages threshold. In re Toys R Us, Inc., Privacy Litig., No. 00-cv-2746, 2001 WL 34517252 at *11 (N.D. Cal. Oct. 9, 2001).

California Penal Code § 502:

CPC § 502 permits an action against an individual who “[k]nowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer.” CPC § 502(c)(4). Additionally, the CPC allows an action against an individual who “[k]nowingly introduces any computer contaminant into any computer, computer system, or computer network.” Id. § 502(c)(8). Under the CPC, a “computer contaminant” is defined as “computer instructions that are designed to . . . damage [a computer] . . . without the intent or permission of the owner.” Id. § 502(b)(10).

The court then found three separate reasons for dismissing the three causes of action.

Damages: A temporary loss of personal use does not constitute damage, and while destruction of third-party applications was a viable theory of damages, Plaintiffs failed to provide evidence of actual damage.

Apple conceded that there were allegations that third-party applications were erased when the iPhone’s were bricked, and that these allegations were sufficient to put Apple on notice that destruction of third-party applications could provide a theory of injury. The court then looked to the evidence of injury that was actually plead by Plaintiffs and adduced during discovery. It found that Plaintiffs had not produced sufficient evidence of injury because they had admitted that they weren’t injured, and that they had received free replacement phones within a few days after installing the 1.1.1. Software. The court found that the temporary loss of use of a personal phone is not a “substantial” or “measurable” amount as required in Hamidi. It also disregarded the temporary loss of use as sufficient for showing harm in the context of the CFAA or CPC.

When considering whether the deletion of third-party applications caused injury, the court noted that there was no evidence that any of the three named plaintiffs had suffered an actual injury. For one of the Plaintiffs, there was no evidence that he had paid for any third-party applications. Another plaintiff had kept a backup copy on his computer. And the third had deleted many of his third-party applications prior to downloading the 1.1.1 Software.

Intentional Acts: Apple did not intend to damage Plaintiffs’ iPhones.

Even if Plaintiffs could establish standing by showing damage, the court found that Plaintiffs had not produced sufficient evidence to show that Apple intended to damage Plaintiffs’ iPhones because there was no evidence that Apple had designed the 1.1.1 Software to “brick” iPhones.

Unauthorized Access: Voluntary installation of a software update was not unauthorized access.

Finally, the court noted that installing the 1.1.1 Software was voluntary, that the voluntary installation ran counter to the notion of a trespass and that the download did not qualify as unauthorized access under the CFAA or as without permission under the CPC.

The Direct Marketing Association Challenges Colorado’s Tax Notification and Sales Reporting Requirements for Out-of-State Retailers on Privacy and Free Speech Grounds

Thu, 15 Jul 2010 10:02:06 GMT

The Direct Marketing Association, a trade association with over 3000 members, has filed a complaint against the Executive Director of the Colorado Department of Revenue (“Department”) in her official capacity challenging Colorado’s tax notification and sales reporting requirements for out-of-state retailers in federal court. See The Direct Marketing Association v. Huber, No. 10-cv-1546 (D. Colo. June 30, 2010).

Colorado H.B. 10-1193, which went into effect March 1, 2010, requires out-of-state retailers, including Internet retailers, not otherwise obligated to collect Colorado sales tax to inform their Colorado customers of Colorado’s requirement that they self-report use tax to the Department. It also requires out-of-state retailers to file with the Department a Customer Identification Report that discloses the names of their Colorado customers based on billing addresses along with the amount of purchases made by each one. See Colo. Rev. Stat. § 39-21-112(3.5)(d)(II); Colo. Reg. 39-21-112.3.5.

The Direct Marketing Association claims that H.B. 10-1193 discriminates against and unduly burdens interstate commerce in violation of the commerce clause, violates Colorado consumers’ rights of privacy guaranteed by the U.S. and Colorado Constitutions, interferes with out-of-state retailers and Colorado consumers’ rights of free speech under the U.S. and Colorado Constitutions, deprives out-of-state retailers of property in violation of the Due Process Clause of the Fourteenth Amendment, and constitutes a taking under the U.S. and Colorado Constitutions.

The Direct Marketing Association’s privacy and free speech claims on behalf of Colorado consumers are particularly noteworthy. The privacy claims allege that that act of identifying to the Department an “individual’s status as a purchaser from certain businesses and organizations,” including non-profit political, religious or advocacy groups, “will reveal personal information about the purchaser, including not only the personal purchaser’s private interests and individual predilections, but also, among other things, potentially his or her religious beliefs, political opinions, medical conditions, financial situation, family concerns, or sexual orientation” in violation of Colorado consumers’ privacy rights under the U.S. and Colorado Constitutions. (Complaint at ¶¶ 79, 91.)

The First Amendment claim further alleges that the reporting requirements “may reveal information regarding the expressive content of products obtained by the purchaser,” which “will have a chilling effect on the exercise of the right to freedom of speech guaranteed by the Constitution” both by consumers and retailers. (Id. at ¶¶ 105, 109.) This claim is bolstered by a similar free speech claim under Article II, Section 10 the Colorado Constitution, which in conjunction with the First Amendment has been interpreted by the Colorado Supreme Court to protect “the right of the public to buy and read books anonymously, free from governmental intrusion.” Tattered Cover, Inc. v. City of Thornton, 44 P.3d 1044, 1051 (2002). This right to purchase and read books anonymously would likely extend to all forms of expressive materials protected by the First Amendment and the Colorado Constitution.

In the event traditional commerce clause arguments under Quill Corp. v. North Dakota, 504 U.S. 298 (1992), are unsuccessful, the Direct Marketing Association’s privacy and free speech claims provide possible alternative grounds to invalidate the Colorado reporting requirement.

YouTube Obtains Summary Judgment in Viacom Case

Mon, 12 Jul 2010 11:31:15 GMT

YouTube received a resounding win in a recent decision in the long-running Viacom v. YouTube case (Viacom Internationa, Inc. v. YouTube, Inc., 2010 WL 2532404 (SDNY June 23, 2010)). YouTube moved for summary judgment based on the safe harbor provisions of the Digital Millennium Copyright Act (DMCA), and despite Viacom's argument that the safe harbor was not applicable to YouTube on a wide variety of grounds, the court granted summary judgment on all direct and secondary copyright infringement claims. Although this is only a lower court decision, this is an important victory for social media sites, as they rely on the DMCA safe harbor to provide protection from copyright infringement claims for content posted by third parties.

The relevant part of the DMCA provides that an online service provider is not liable for copyright infringement for storing content at the direction of a user, provided that certain conditions are met. In addition to certain preliminary requirements, such as designating an agent to receive take-down notices and adopting and implementing a repeat infringer policy, these conditions require online service providers to remove or disable access to content if a proper take-down notice is received, if the online service has actual knowledge that such content is infringing, or if it becomes aware of facts or circumstances from which infringing activity is apparent,. The safe harbor will also not apply if the online service provider has the right and ability to control the infringement and it derives a direct financial benefit from the infringement. Viacom raised a number of arguments as to why the safe harbor was not applicable, but it did not prevail on any of them.

The decision was surprisingly short, given the importance of this case, and most of the discussion centered around the question of whether a generalized awareness that there are infringements on a site is sufficient to trigger the obligation to remove infringing content (i.e. whether such generalized knowledge constitutes "actual knowledge" or "facts and circumstances from which infringing activity is apparent" under the DMCA). Although YouTube promptly removed all clips when it received a specific take down notice, Viacom argued that the DMCA safe harbor was inapplicable because YouTube was aware of widespread infringement on the site and failed to act to stop it. After examining the legislative history and relevant case law, the court concluded that mere knowledge of the prevalence of infringing activity is not sufficient. Rather, the court found that the required knowledge must be of specific and identifiable infringements of particular, individual items. This decision is consistent with previous cases, such as Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1113 (9th Cir. 2007), which have found the threshold for proving the required knowledge to be quite high. It is also consistent with the recent decision in Tiffany, Inc. v. eBay, Inc., F. 3d 93 (2d Cir. April 1, 2010), in which the Second Circuit held that generalized knowledge of trademark infringement on the site was not sufficient to impose liability for trademark infringement.

The court quickly dismissed Viacom's argument that the replication, transmittal and display of videos on YouTube did not qualify for the safe harbor because it goes beyond merely storing content at the direction of a user. The court held that this is too narrow an interpretation of the word "storage," citing the case of Io Group, Inc. v. Veoh Networks, Inc., 586 F. Supp. 2d 1148 (N.D. Cal. 2008).

The court also did not find anything wrong with the way YouTube adopted and implemented its repeat infringer policy. The DMCA requires that online service providers adopt, notify users of, and reasonably implement "a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers." However, the statute does not define what those "appropriate circumstances" are or what constitutes a "repeat infringer." YouTube adopted a "three strikes" policy whereby it terminated users after three warnings, which were triggered by DMCA take-down notices. Viacom claimed YouTube did not reasonably implement its repeat infringer policy because of the way it counted strikes (e.g. it only counted as one strike a single take-down notice covering multiple videos and it did not count as a strike content removed through use of the Audible Magic filtering tool). The court, however, disagreed, citing langue from UMG Recordings, Inc. vs. Veoh Networks, Inc., 665 F. Supp. 2d 1099, 1116, 1118 (CD Cal. 2009) which concludes that Congress intended to leave the requirements of the repeat infringe policy and the subsequent obligation of the service provide loosely defined. The court also noted that even DMCA-compliant notices did not in themselves provide evidence of blatant infringement. This decision supports the view that companies have considerable latitude in adopting and implementing their repeat infringer policy.

Perhaps one of the most interesting holdings in the case, although one that has received little attention so far, is that the "right and ability to control the infringing activity" also requires item-specific knowledge of the activity. There has been little case law so far on the meaning of the "right and ability to control" language, and the requirement that the provider must know of a particular infringing activity before he can control it is a fairly narrow interpretation of this requirement.

This is certainly not the last we have heard from this case, as Viacom has already stated it will appeal the decision. For now, however, it has eased concerns that the DMCA safe harbor is not an effective tool to protect social media sites from the copyright infringement liability inherent in their business models.

Senate rejects expansion of FTC enforcement authority

Mon, 28 Jun 2010 12:01:19 GMT

Lost in the shuffle surrounding the Senate Banking Committee's deliberations about the financial reform legislation (H.R. 4173) was its decision on June 22, 2010 to reject U.S. House of Representatives-authored language that would have broadened the FTC's enforcement powers. Although the rejected provisions were procedural, rather than substantive, they were important.

First, they would have permitted the agency to issue industry-wide rules under flexible "notice and comment" procedures, rather than the cumbersome procedures now imposed on the FTC through the Moss-Magnuson Act. Second, they would have permitted the FTC to pursue third-party claims against firms found to be "substantially assisting" an act prohibited by the FTC Act. Third, they would have permitted the agency to seek civil penalties in court without first getting approval from the Department of Justice.

The Senate's rejection of the House-authored language was no accident; it reflected aggressive lobbying by the United States Chamber of Commerce and a coalition of over 30 advertising, financial, retail and media industry groups.

French Data Protection Authority Permits Certain Copyright Holders to Collect IP Addresses of P2P Downloaders

Mon, 21 Jun 2010 09:12:39 GMT

The French data protection authority (i.e., Commission nationale de l’informatique et des libertés, or “CNIL”) has authorized music copyright holders to begin collecting Internet protocol (“IP”) addresses on illegal downloaders using P2P sites in order to identify them to authorities.

CNIL has granted permission to four associations: the société Civile des Producteurs Phonographiques (“SCPP”), the Société Civile des Producteurs de Phonogrammes en France (“SPPF”), the Société des Auteurs Compositeurs et Editeurs de Musique (“SACEM”) and the Société pour l'administration du Droit de Reproduction Mécanique (“SDRM”).

These associations can now report the IP addresses of illegal downloaders/sharers to the newly created High Authority for Diffusion of Works and Protection of Rights (“HADOPI”). HADOPI can then investigate file sharing complaints, issue initial warnings to illegal downloaders, and require Internet service providers to suspend Web access for up to a year for users who continue downloading or sharing copyrighted works after two warnings.

The French text of CNIL’s June 14 announcement is available at http://www.cnil.fr/la-cnil/actualite/infos-seances/article/article/699/seance-pleniere-du-10-juin-2010/

Supreme Court Declines to Address Technology and Expectations of Privacy

Thu, 17 Jun 2010 13:34:55 GMT

Today, the Supreme Court in City of Ontario v. Quon, et al., decided not to address whether a city police officer had a reasonable expectation of privacy in text messages sent using an employer-provided pager. Rather than confront the issue, the Court declined to "elaborat[e] too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear." The Court also declined to "establish far-reaching premises that define the existence, and extent, of privacy expectations enjoyed by employees when using employer-provided communication devices." Instead, the Court assumed that the police officer had an expectation of privacy in text messages sent through his employer-provided phone and found that the warrantless search of his text messages was reasonable.

In 2001 and 2002, Jeff Quon, a police officer for the City of Ontario in California, allegedly violated the police department's policy regarding use of employer-provided pagers to send text messages. To investigate the violations, the police department reviewed Quon's text messages and eventually disciplined him for violating department regulations. Quon and several individuals who had sent personal text messages to Quon then sued the City for, in part, violating their Fourth Amendment right to be free from unreasonable searches and seizures and sued Arch Wireless, the text messaging provider, for violating the Stored Communications Act ("SCA") in disclosing the content of the text messages to the City.

The district court held that Quon had a reasonable expectation of privacy in the text messages, that the warrantless search of those messages was reasonable, and that Arch Wireless had not violated the SCA. The Ninth Circuit opinion agreed that plaintiffs had a reasonable expectation of privacy in the messages but found that the search was unreasonable because there were less intrusive measures the City could have taken, and therefore concluded that the City had violated the plaintiffs' Fourth Amendment rights. The Ninth Circuit also disagreed with respect to the SCA claim. The City appealed the Fourth Amendment ruling and Arch Wireless appealed the ruling under the SCA. The Supreme Court accepted review of only the City's appeal of the claim under the Fourth Amendment.

Before the Supreme Court, the parties disagreed about whether Quon had a reasonable expectation of privacy in text messages sent through his employer-provided pager. The Court did not resolve this issue and declined to adopt "[a] broad holding concerning employees' privacy expectations vis-a-vis employer-provided technological equipment [that] might have implications for future cases that cannot be predicted." Instead, the Court decided to "dispose of th[e] case on narrower grounds." To that end, the Court assumed that Quon had a reasonable expectation of privacy in the text messages and proceeded to hold, regardless of the analytical framework used to address the issue, that the warrantless search of the messages was reasonable and therefore did not violate the Fourth Amendment.

In so holding, the Court noted that it has “repeatedly refused to declare that only the ‘least intrusive’ search practicable can be reasonable under the Fourth Amendment … because judges engaged in post hoc evaluations of government conduct can almost always imagine some alternative means by which the objectives of the government might have been accomplished.” The court also considered whether the search of Quon's messages violated the Fourth Amendment rights of the individuals who sent personal text messages to Quon and held that because the search was reasonable as to Quon, "it necessarily follows that the other respondents cannot prevail."

The Quon opinion seems most notable for its reluctance to address the legal implications of emerging technologies. The Court was concerned that "[r]apid changes in the dynamics of communication and information transmission are evidenced not just in the technology itself but in what society accepts as proper behavior" and that "it is uncertain how workplace norms, and the law's treatment of them, will evolve." The Court also noted that it "ha[d] difficulty predicting how employees' privacy expectation will be shaped by [technological] changes or the degree to which society will be prepared to recognize those expectations as reasonable."

FTC Rejects i-SAFE's Proposal to Operate COPPA Safe Harbor Program

Thu, 10 Jun 2010 17:55:23 GMT

On June 2, 2010 the Federal Trade Commission ("FTC") rejected a proposal by i-SAFE, Inc. to operate a self-regulatory program that would provide businesses with an additional mechanism to certify compliance with the Children's Online Privacy Protection Act ("COPPA"). COPPA generally prohibits websites from collecting personally identifiable information about children under the age of 13 without providing notice of the nature and purposes of the information collection and obtaining verifiable parental consent before collecting such information. The rule includes a safe harbor provision, which effectively provides a defense against prosecution by the FTC or a state for alleged COPPA violations. The provision states that websites that can demonstrate full compliance with an approved safe harbor program shall be deemed to be in compliance with the FTC's COPPA regulations.

To be approved by the FTC, self-regulatory guidelines must meet the following three requirements:

· provide "substantially similar" requirements to those included in the COPPA rule;

· provide an independent mechanism for assessing participants' compliance with the safe harbor program; and

· provide "effective" incentives for participants' compliance with the program's guidelines.

After examining the i-SAFE proposal, the FTC concluded that it did not satisfy these criteria, and that the proposed guidelines would actually result in lesser protection for children than the rule currently provides.

For more information, a copy of the FTC letter is available at http://www.ftc.gov/os/2010/06/100608isafecoppa.pdf.