On May 17, 2012, plaintiffs filed a First Amended Consolidated Class Action Complaint  in the United States District Court for the Northern District of California, consolidating 21 related lawsuits filed in 2011 and early 2012.  The lawsuit claims that the social media giant violated users’ privacy by tracking their online movements after the subscribers logged off Facebook.   This tracking takes place via “like” buttons found on various websites.  The plaintiffs seek damages on behalf of United States residents who subscribed to Facebook between May, 2010, and September, 2011. 

Plaintiffs have alleged that Facebook’s user tracking violates the Federal Wiretap Act (18 U.S.C. § 2510, et. seq.), the federal Stored Communications Act (18 U.S.C. § 2701, et. seq.); and the federal Computer Fraud and Abuse Act (18 U.S.C. § 1030).  In addition, the plaintiffs have alleged claims against Facebook for invasion of privacy, intrusion upon seclusion, conversion, trespass, and violations of several California state laws.  According to the complaint, the Wiretap Act “provides statutory damages of the greater of $100 per violation per day, up to $10,000, per Facebook user.”   Thus, according to the plaintiffs, Facebook’s 800 million-plus members are entitled to a total of about $15 billion. 

According to a partner at Stewarts Law US LLP, one of the firms representing plaintiffs, “[t]his is not just a damages action, but a groundbreaking digital-privacy rights case that could have wide and significant legal and business implications.”  Stewarts added that they are looking into ways to add international plaintiffs and claims to the lawsuit.  Facebook has recently come under criticism in Europe for its privacy practices.

For more information on complying with federal and state electronic communication and privacy regulations, contact info@theiceloop.com.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.

By now, stories about social media website users revealing too much about themselves on their personal sites are widespread—from disgruntled employees getting into trouble for tweeting their dissatisfaction with their jobs to entire websites devoted to mocking parents’ inappropriate Facebook posts about their children. But according to the Federal Trade Commission (FTC), lately it’s the social media website operators themselves who have been oversharing. Over the past two years, many of the major players in social networking have entered into agreements with the FTC in order to ensure compliance with federal law (and the sites’ own published privacy policies) regarding maintaining the privacy of user information. Many of the problems have stemmed from the sites’ sales of user information to advertisers.

The most recent site to enter into such a proposed agreement is Myspace. The FTC alleged that Myspace had breached its own user privacy policy, which promised that the site would not share site users’ information (including tracking of other websites users visited) with advertisers. Specifically, the FTC claimed that Myspace had transmitted users’ internal identification numbers, ages and genders to advertisers in violation of a privacy policy promising users that Myspace would not share personally identifiable information with third parties unless the user had authorized Myspace to do so. Although Myspace did not admit liability in agreeing to the settlement with the FTC, it has agreed to submit to biannual audits of its practices for the next 20 years. In a statement, Myspace, which was acquired by California-based advertising group Specific Media and musician Justin Timberlake in June 2011, reiterated its commitment to ensuring users’ privacy in the wake of the acquisition, and noted that much of the conduct at issue had occurred prior to the acquisition. The settlement agreement still must be formally approved by the FTC, and will remain open for public comment until June 8, 2012.

Myspace is not the first, and may not be the last, social media site to enter into a user privacy-related settlement with the FTC. In November, 2011, Facebook entered a similar agreement, with the same 20 year biannual audit schedule. Google also agreed to similar reviews following the FTC’s concerns over user privacy relating to Google Buzz. In 2010, Twitter entered into a ten year audit agreement.

Although the audit schedule may appear burdensome, the threat of legislation relating to formal privacy policies has in many cases been sufficient to encourage agreements for self-policing privacy policies between social media sites and the FTC. However, regardless of the sites’ willingness to compromise with the FTC, social media consumer privacy legislation may still be on the horizon—an FTC report issued in March 2012 recommended that Congress enact privacy legislation, and the Obama administration also proposed a consumer privacy plan in February. Irrespective of the policing method used, however, it is clear that social media privacy is a matter of increasing concern to the FTC, and it’s no longer just the social media users who should be concerned about what they share.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.

Sources:

Edward Wyatt, New York Times, “F.T.C. Charges Myspace With Breaking U.S. Law in Sharing Users’ Personal Information,” May 8, 2012, available at  http://www.nytimes.com/2012/05/09/technology/myspace-agrees-to-privacy-controls.html.

Jasmin Melvin, Thomson Reuters News & Insight, “Myspace Settles FTC Charges Over Privacy,” May 8, 2012, available at http://newsandinsight.thomsonreuters.com/Legal/News/2012/05__May/Myspace_settles_FTC_charges_over_privacy/

In a May 8, 2012 ruling by the U.S. Court of Appeals for the Federal Circuit, Facebook Inc. was successful in showing invalidity of a patent on collaborative communication software owned by Leader Technologies, Inc. (Leader Technologies Inc. v. Facebook Inc., Fed. Cir., No. 2011-1366, 5/8/12).

The court affirmed findings that the patent owner offered a product covered by the patent for sale and in public use more than one year prior to applying for the patent, thus invalidating the patent under U.S. patent laws – the so-called “on-sale bar” to patenting.

At issue in the case was whether early versions of the software product that were sold embodied the patented technology (it was acknowledged that the software underwent several source code changes after the original version), when Facebook offered no evidence of such based on expert testimony, source code, or system schematics.

Leader Technologies Inc. is the developer of a software product named “Leader2Leader,” a web-based collaborative software product that uses their “LeaderBoard engine,” that was first offered for sale some time in 2001.  Leader did not get around to filing a provisional patent application for the software until Dec. 11, 2002, and that proved to be its undoing.  (U.S. Patent No. 7,139,761 eventually issued in 2006).

Inconsistent Testimony from Leader’s Founder

In 2008, Leader optimistically sued Facebook for patent infringement in the U.S. District Court for the District of Delaware, alleging that Facebook’s web site infringed Leader’s patent and that Leader was entitled to millions of dollars in damages.  However, Leader encountered problems at trial stemming from inconsistent testimony provided by its founder.  In both a deposition and a response to a written interrogatory from Facebook, founder Michael McKibben said that the ‘761 patent claims covered the LeaderBoard engine as offered in 2001-2002.  However, at trial,  McKibben back-pedaled, testifying before the jury that the earlier versions of LeaderBoard did not encompass the patented technology.  Facebook made much of McKibben’s inconsistent deposition testimony before the jury.

The jury concluded that the ‘761 patent was invalid for being on sale and publicly used more than one year prior to the patent application filing date, nullifying Leader’s claim against Facebook.  Leader appealed this finding to the Court of Appeals for the Federal Circuit, which has exclusive appellate jurisdiction in patent matters.

Facebook Offered No Evidence that the Software Sold Embodied the Patented Invention

Facebook offered no evidence, based on expert testimony, source code, or system schematics, that the early versions of the software product that were sold embodied the patented technology.

Leader’s position was that Facebook had to show by clear and convincing evidence that the earlier versions of the Leader2Leader software fell within the scope of the patent claims.  Leader argued that the only evidence available to the jury was McKibben’s discredited testimony, and it could not be used as affirmative evidence that the earlier versions of the software were covered by the patent, and that the patent was therefore invalid under the on-sale bar.  Writing for the court, Judge Alan D. Lourie, however, found that the following facts, when considered in the light of the contradictory testimony, provided “the minimum quantity of evidence to support the jury’s verdict”:

1. The interrogatory responses clearly indicated that the LeaderBoard engine “embodies” the asserted patent claims.

2.  McKibben’s deposition testimony was that he “could not identify a single instance of Leader2Leader that did not fall within the scope of the ‘761 patents’ claims.”

3. A 2002 offer for sale by Leader described the product as “fully developed” and “operational.”

4.  The co-inventor on the patent testified at trial that invention was conceived in 1999 and then Leader immediately started to implement the patented technology and completed the project within “a couple of years … [m]aybe three.”

The court therefore found that the record contained substantial evidence that the early version was covered by the patent.  “At a minimum, McKibben’s lack of credibility fortifies that conclusion and provides an independent basis for disbelieving his factual assertions,” Judge Lourie stated.  The court concluded that “the jury was entitled to disbelieve [McKibben's] transparently convenient assertion in light of all the evidence before them.”  It therefore affirmed the lower court’s decision.

The Take-Away

Leader could have avoided all of this trouble, and possibly walked away with a judgment against Facebook worth millions of dollars, if they had simply filed their patent application sooner in the development process.  Technology-driven companies need to keep their patent attorney involved in the product development cycle, so that patentable inventions can be timely identified, evaluated, and patents applied for before any commercial activities unintentionally cut off the ability to protect the company’s valuable R&D investment.

As we say at Ice Miller, It’s a Complex World.  Be Advised.^SM

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.

Late April 2012, Mark O’Mara launched an unprecedented social media campaign to defend his client, George Zimmerman, in the court of public opinion.  Zimmerman, 28, faces a second-degree murder charge in the shooting death of 17-year-old Trayvon Martin.  He has pleaded not guilty and claims self-defense.  The social media firestorm surrounding this case, however, began raging before Zimmerman’s arrest. 

An online petition, launched by Martin’s parents, calling for Florida’s 4th District State’s Attorney to investigate and prosecute Zimmerman launched the case into the national spotlight.  The petition became the fastest-growing petition in Change.org history.  Twitter users, including prominent NBA players, adopted hooded avatars and used #hoodie related hashtags as a sign of solidarity with Martin.  Rep. Bobby Rush (D-IL) was escorted off the House floor for wearing a hoodie in support of Martin’s cause.  California attorney and legal ethicist John Steele further perceives that cable television coverage of the case is slanted against Zimmerman.

O’Mara launched a website, Facebook page, and Twitter account devoted to discrediting fake websites and social profiles claiming to be Zimmerman, disputing misinformation, and discouraging speculation.  In his introductory blog post, O’Mara wrote that “social media in this day and age cannot be ignored.  It is now a critical part of presidential politics, it has been part of revolutions in the Middle East, and it is going to be an unavoidable part of high-profile legal cases, just as traditional media has been and continues to be.” 

O’Mara has indicated that social media will be his tool for responding quickly and efficiently to “misinformation” about his client and the case.  St. Louis attorney Michael Downey, who has written extensively on ethics issues, states that it is “a legitimate role of a lawyer [to protect his] client’s reputation in the public eye.”  Marcus Messner, assistant professor at Virginia Commonwealth University’s School of Mass Communications and an expert on social media, feels that although O’Mara’s social media presence may be belated in comparison to that generated by the Martin family, it is still a smart one.  “In many people’s views, George Zimmerman is guilty, even without a trial.  This of course has to do with the circumstances of this case, but also with his side’s communication strategy so far.  Messner notes that “[i]t’s a common practice for lawyers to make public statements in defense of their clients.  Moving them now to social media is a sign of the times.  It allows the legal team to present its views without media filters.”

This brand of direct-to-the-public legal marketing is not without risks.  The American Bar Association Model Rules of Professional Conduct proscribe certain forms of advertising by attorneys for their legal services.  O’Mara’s online activity on behalf of his client may be viewed as an attempt to promote his practice.  If considered advertising, it would be difficult to make the “ads” comply with the ethics rules.  Furthermore, O’Mara’s media blitz may seem opportunistic in the eyes of the public.  O’Mara recognizes this criticism and states that “if the controversy surrounding this matter subsided tomorrow, so would our efforts to address the perceived problems the way we feel is necessary.”

Lawyers are further prohibited from making public statements that could compromise a fair trial.  O’Mara, however, made clear on the website that the defense team “cannot and will not comment about the facts of the case, as that is the purpose of the courts and legal process.”  He argues that part of his presence online “is to discourage public speculation about the facts of the case”—that the defense team is in a position to distinguish fact “from the rest.”  But isn’t that the ambit of judge or jury?  On the other hand, one could argue that, with so much publicity surrounding the case already, what could O’Mara say at this point that would taint the jury pool any more than it has been tainted?  Justice Anthony Kennedy opined, in Gentile v. State Bar of Nevada, 501 U.S. 1030 (1991), “[e]mperical research suggests that in the few instances when jurors have been exposed to extensive and prejudicial publicity, they are able to disregard it and base their verdict upon the evidence presented in court.”

Ultimately, whether O’Mara’s media blitz will compromise Zimmerman’s right to a fair trial or unduly taint the jury pool will be left to the judge to decide.  Seminole County Circuit Judge Kenneth Lester Jr. issued a written order on April 30, 2012, which stated that there is no need for a gag order on O’Mara, but warned that one could be imposed if attorneys in the case say or write anything prejudicial. 

Despite the effect of the seemingly endless stream of social media on the court of public opinion, it is important to keep in mind that the ultimate ruling on this case should – and will – occur in a court of law.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.

Google released its new cloud-based backup service named Google Drive on April 24, 2012. Google Drive marks the company’s entrance into an already crowded cloud-based storage market with players such as Dropbox, iCloud, SkyDrive, and Ubuntu One. Nevertheless, Google’s entrance into the arena has prompted knee-jerk privacy concerns from bloggers and users due to Google’s over-arching Terms of Use and Privacy Policy for its products. Namely, consumers are concerned that documents and files uploaded to Google Drive may be misappropriated by Google for other purposes.

The section from Google’s Terms of Use that is drawing concern is as follows:

“When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

At first blush, this section of Google’s Terms of Use states that Google may take files you upload to Google Drive and release them to the public, create derivative works from such files, and otherwise communicate the files publicly regardless of any privacy settings you have set. Nevertheless, Google’s Privacy Policy curbs this issue by stating that Google only shares information and content you provide for a set of limited purposes and that Google will “ask for your consent before using information for a purpose other than those that are set out in [Google's] Privacy Policy.”

This language effectively mimics language from other providers in the same market. For example, Dropbox’s Terms of Use state the following:

“To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.”

In another example, Apple’s iCloud Terms of Use state the following:

“[B]y submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.”

Cloud-based storage providers appear to want to provide a product that consumers can trust. In addition to the forgoing language surrounding sharing content and files you upload, almost every cloud-based storage provider mentions that the provider takes steps to secure content you upload. Nevertheless, the security of information and files uploaded to these products may not be the only privacy concern for its users.

Google Drive presents a unique privacy concern through its potential for targeted advertisements based on content you upload to the service. In addition to the section quoted above from Google’s Privacy Policy, the following language is included:

“We also use [information we collect] to offer you tailored content – like giving you more relevant search results and ads.”

Although Google’s Privacy Policy notes that Google may not share content you upload to Google Drive publicly without your consent, the Privacy Policy seems to provide for a practice in which Google could scan content you upload in order to provide you with targeted advertisements. For example, if you upload a presentation to Google Drive that includes a market analysis of potential vendors to choose in a project, it appears that Google’s Privacy Policy would allow Google to scan such content and offer you ads that direct you to a vendor who paid for advertisement placement.

However, users should understand that this practice by Google is not new. Gmail users may remember targeted ads within emails directing the user to websites based in part on the body of the email. Google search users may recall the use of AdWords and Sponsored Links directing the user to websites based on search terms. Google’s business model for its free products appears to revolve around providing users with the most relevant advertisements to the user possible, and this is achieved through targeted advertisements based on the specific user’s use of Google’s products.

In sum, companies using Google Drive, iCloud, Dropbox, and other cloud-based storage providers may wish to understand how content stored within such providers is secured from the public and what, if any, ways each cloud provider may use stored content for purposes outside of the product’s core functionality. For example, would Google’s potential practice of scanning content uploaded to Google Drive impact standing confidentiality obligations through contract between businesses?

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.