Category: Communication Media & Internet

How to Develop an Effective Law Firm SEO Action Plan for 2017 [WEBINAR]

What used to work in SEO just a few years ago won’t work today.12-must-do-action-steps.png Learn how to make this year your most profitable ever by getting consistent leads from SEO and positioning your firm as thought leaders.

Webinar Hosted By McDougall Interactive & The National Law Review
Tuesday, March 14, 2017 – 3:00pm EST

Join John McDougall from McDougall Interactive and Nicole Minnis, Esq. from The National Law Review for a free 60-minute digital marketing webinar, where you will learn:

  • Step-by-step actions you should take in the next 12 months to substantially increase your revenues.
  • Powerful strategies that are based on the 10,000 keyword study from Searchmetrics, including the latest Google ranking factors including Content, Social Signals, Technical Factors, Backlinks, User Signals, and User Experience
  • Highlights from the Orbit Media study of 1,000 bloggers and what they do to stand out.

Some examples of cutting-edge topics we’ll be discussing (this is way more than just “add keywords” and “add more content”):

  • Why click-through-rate, time-on-site, and bounce rate are more important than ever
  • Why merely having keywords in your meta tags and copy is not nearly enough
  • How the length of your content can affect your search rankings
  • How video and podcasts can enhance your thought leadership and improve your mobile user experience and search rankings at the same time
  • Why links are still significant, especially deep links to inner pages
  • The extremely high correlation between social signals and ranking position
  • How your website load time can directly affect your search rankings, especially on mobile devices

Click here to register now.

This webinar will leave you with 12 must-do action steps for success, based on data from industry leaders, as well as a list of ridiculously great tools you can use to speed up your process and spy on competitors.

In today’s hyper-competitive legal SEO landscape, your either need to do SEO deeply or don’t waste time doing it at all.

Law Firm SEO Action Plan
CLICK HERE TO REGISTER

 

Happy New Year Begins with Legitimate, Transparent and Trustworthy Media

fake newsIt used to be that news traveled fast, but these days, thanks to technology and social networking, it’s more accurate to say that news travels at record speeds. A news story can literally go viral in seconds. Unfortunately, sometimes these stories are entirely false – and it took a highly contentious presidential election for much of America to realize the distressing and detrimental prevalence of fake news.

Sometimes fake news stories can be detected from a mile away, but sometimes they fool even the most perceptive of readers. As NPR notes here, “…the proliferation of fake news isn’t just the responsibility of the platforms used to spread it. Those who consume news also need to find ways of determining if what they’re reading is true.” What’s the primary indicator? An authentic news story originates from a reputable and substantiated news outlet.

As a marketing and/or legal professional, you must do your homework when a media opportunity arises. Similarly to recognizing bogus news stories, you need to use your best judgment to recognize when interview and byline opportunities are not worthwhile or authentic. Interviewing and writing require valuable time and effort, so you want to ensure that every endeavor will be time and effort well spent with a news organization that is authentic, trusted and relevant in your industry. Otherwise, results could be lackluster and even detrimental. As New Year’s resolutions and goals are being set, what better occasion than now to refresh our understanding of the fundamental indicators of quality, reliable and suitable media opportunities?

The next time you are presented with a media opportunity, spend a few moments conducting some simple due diligence. When an opportunity arises, both for my clients and myself, I examine the following to weigh its value:

  • Website: Reputable and established news organizations run websites that are professional in esthetic and content. They have recognizable domains. Their sites are navigable, attractive and well-organized. They feature up-to-date news items. Ultimately, you need to ask yourself whether you want your name, commentary or original thought leadership to appear on that organization’s page. If the answer is no, then it’s definitely better to pass and hold out for the next opportunity.

  • Media Kit: Media kits are truly a treasure trove of information. They provide details such as a publication’s history, circulation, page views, editorial calendar and – perhaps most importantly – the audience. Who and how many will be exposed to your efforts? If the audience is not ideal for your message, or if numbers appear low, then you should set your sights on a different and more valuable opportunity.

  • Editor or Journalist Background: You can tell a lot about a media professional just by examining his or her professional history and repertoire of work. The beauty of media is that everything is documented. Where did he or she come from? Does the interviewer have established credentials with respected publications? What is his or her writing style – snarky and negative, or sound and informative? What other types of sources do they tend to quote in articles? Reporters are trained to find the story, so if you open yourself up to an interview, you need to make sure that it’s a “story” with no negative repercussions for you, your practice or your firm. Don’t be afraid to ask questions about the angle or direction your interviewer plans to take for his or her piece.

  • Cost: My clients often ask us about pay-to-play media opportunities. Generally speaking, my agency advises against pay-to-play. While advertising most definitely has its place, I strongly encourage and believe in conventional editorial opportunities that are gained through traditional PR methods.

  • Social Media Feeds: Who and what are the organizations/journalists following on social media? As the old adage goes, you are the company you keep. Even digitally! Reputable outlets and media professionals subscribe to other professional feeds.

For 2017, I challenge you to embrace this resolution: Support, read, share and contribute nothing but quality, enriching and authentic news. You, your clients and your colleagues will all reap the benefits. Your time is just that: yours. Make sure it’s spent reading and investing in nothing but the best.

ARTICLE BY Bethany S. Early of Jaffe

© Copyright 2008-2016, Jaffe Associates

Power of Communication in Legal Marketing – The Medium Does Change the Message Part 2

communicationsCommunication is important to almost everything we do–and today, we have more ways to reach out than ever before.  Lee Broekman of Organic Communication and Judith Gordon of LeadeEsQ presented at the LMA Tech1 conference in San Francisco, focusing on empowering communication by understanding the medium. In Part 1 we discussed some of the advantages and challenges of communicating face to face and through print.  In this article, we will examine communication over the phone and panel communication–or any way of communication through a screen.

Phone as a medium is what it sounds like–talking on the telephone either one or one or on a conference call. The danger with this form of communication is all the other things we might be doing while we are on the phone–especially on a conference call–everyone knows how easy it is to click over to email, check Facebook on your smartphone, or start to scribble your to-do list on the paper at your desk. While you are still physically on the call, your attention drifts to the other things on your to do list. This hints at what Gordon calls “the lost art of focus.”  She says, “Today’s attention spans have been radically reduced by our tether to technology. We leap from conversation to conversation—from the person speaking to us to email to headline notifications to texts back to the person speaking—without fully engaging in any one of those communications.” Staying engaged on a phone call, and reminding yourself to be present and aware is important when using the phone as a medium. One way to do this is to make sure the conversation is a back and forth–and not just a series of monologues. Additionally, if the call is a conference call with multiple participants, making sure there is a plan in place, so that each participant has a role, and that ground rules are established and enforced, can help.

Panel refers to any form of communication with a screen between the speaker and the listener.  With technology, this is becoming common–web meetings, webinars and some panels where there is an audience in the room, but also some audience members are tuning in via videoconference.  Gordon says, “Presenters are well served by understanding that their ‘audience’ may be viewing or only listening to a recording at a later point in time, and taking those parameters into account when preparing their presentations.” Going beyond just the people in the room is important–and one way to make sure everyone stays engaged is to have an interactive portion. Another good practice for webinars is to focus on visuals. Broekman says, “When our communication is on a panel, we need to color our black and white text and bulleted lists with vibrant visuals that will captivate our audience and keep them attentive to our intention. Many webinars present dry data instead of information that is new, relevant and interesting. Charismatic conversation, speaker photos and conceptual images in shorter timeframes will go a long way towards making the communication in this channel more effective.”

Another major concern with a panel can be a false sense of distance, and the tendency to feel bold when you cannot see the person you are talking to. This barrier is one reason Internet comment sections can get nasty, and people become callous over social media. These tendencies can be devastating when they seep into professional communications.  Broekman argues, “If you can’t say it to someone’s face, don’t say it behind a screen.”

Other pitfalls haunt Panel as a communication method.  Like the phone, placing the screen between people communicating removes the opportunity to see facial expressions and body language.  Gordon says, “When we remove that layer of information, our brains ‘fill in the blanks’ by superimposing our own judgment, which can be devastating.” Additionally, Broekman describes one of the biggest communication problems as a failure to listen with an intention to understanding the speaker. “Instead of listening to what the other person is saying, we listen to our own internal dialogue and filter information through our personal judgments, thoughts, opinions and ideas.”  A screen between parties can only amplify the tendency to hear what we want to hear.  With that said, clarity in transmission is crucial, and consistent checks on understanding are important.  Above all, awareness of the potential for misunderstanding is important.

For attorneys, communication is paramount. Communication is also very complicated. Gordon says, “to put it simply, lawyers ‘speak for’ their clients. Whether in transactional matters or litigation, lawyers are conduits of their clients’ intentions. To fully and accurately represent another—the essence of a lawyer’s work—understanding the fundamentals of communication is essential. Key communication skills—such as the ability to listen, understand, and then accurately present a client’s position to third parties in negotiations or litigation—are essential to a successful practice, and the smooth running of our legal system.”

Click here to read part one: Power of Communication in Legal Marketing – The Medium Does Change the Message Part 1

ARTICLE BY Eilene Spear of The National Law Review / The National Law Forum LLC
Copyright ©2016 National Law Forum, LLC

1 Broekman and Gordon spoke at the Legal Marketing Technology Conference on October 6th in San Francisco. Their session was entitled Webinars, Podcasts and Mobile (Oh My!) The Medium Does Change the Message. The LMA Tech conference is the largest conference dedicated to technologies that law firms use to identify, attract and support clients.

President Donald J. Trump – What Lies Ahead for Privacy, Cybersecurity, e-Communication?

President TrumpFollowing a brutal campaign – one laced with Wikileaks’ email dumps, confidential Clinton emails left unprotected, flurries of Twitter and other social media activity – it will be interesting to see how a Trump Administration will address the serious issues of privacy, cybersecurity and electronic communications, including in social media.

Mr. Trump had not been too specific with many of his positions while campaigning, so it is difficult to have a sense of where his administration might focus. But, one place to look is his campaign website where the now President-elect outlined a vision, summarized as follows:

  • Order an immediate review of all U.S. cyber defenses and vulnerabilities by individuals from the military, law enforcement, and the private sector, the “Cyber Review Team.”

  • The Cyber Review Team will provide specific recommendations for safeguarding with the best defense technologies tailored to the likely threats.

  • The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees.

  • Instruct the U.S. Department of Justice to coordinate responses to cyber threats.

  • Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.

There is nothing new here as these positions appear generally to continue the work of prior administrations in the area of cybersecurity. Perhaps insight into President-elect Trump’s direction in these areas will be influenced by his campaign experiences.

Should we expect a tightening of cybersecurity requirements through new statutes and regulations?

Mr. Trump has expressed a desire to reduce regulation, not increase it. However, political party hackings and unfavorable email dumps from Wikileaks, coupled with continued data breaches affecting private and public sector entities, may prompt his administration and Congress to do more. Politics aside, cybersecurity clearly is a top national security threat, and it is having a significant impact on private sector risk management strategies and individual security. Some additional regulation may be coming.

An important question for many, especially for organizations that have suffered a multi-state data breach, is whether we will see a federal data breach notification standard, one that would “trump” the current patchwork of state laws. With Republicans in control of the executive and legislative branches, at least for the next two years, and considering the past legislative activity in this area, a federal law on data breach notification that supersedes state law does not seem likely.

Should we expect an expansion of privacy rights or other protections for electronic communication such as email or social media communication?

Again, much has been made of the disclosure of private email during the campaign, and President-elect Trump is famous (or infamous) for his use of social media, particularly his Twitter account. For some time, however, many have expressed concern that federal laws such as the Electronic Communications Privacy Act and the Stored Communications Act are in need of significant updates to address new technologies and usage, while others continue to have questions about the application of the Communications Decency Act. We also have seen an increase in scrutiny over the content of electronic communications by the National Labor Relations Board, and more than twenty states have passed laws concerning the privacy of social media and online personal accounts. Meanwhile, the emergence of Big Data, artificial intelligence, IoT, cognitive computing and other technologies continue to spur significant privacy questions about the collection and use of data.

While there may be a tightening of the rules concerning how certain federal employees handle work emails, based on what we have seen, it does not appear at this point that a Trump Administration will make these issues a priority for the private sector.

We’ll just have to wait and see.

ARTICLE BY Joseph J. Lazzarotti of Jackson Lewis P.C.

Jackson Lewis P.C. © 2016

The FCC Responds to Comcast’s Negative Option

FCC ComcastOn Tuesday, October 11, the Federal Communications Commission (“FCC” or “Commission”) announced the release of an Order and Consent Decree with cable behemoth Comcast Corporation (“Comcast”) in which the company agreed to pay US$2.3M to settle an FCC investigation into whether Comcast employed negative option billing to wrongfully charge for services and equipment customers never authorized.  The settlement also requires Comcast—by some accounts the largest cable company in the country with 22.3M subscribers—to adopt a sweeping, highly detailed five-year compliance plan designed to force the company to obtain customers’ affirmative informed consent prior to adding charges to their bills.  According to the FCC’s press release, the settlement amount is the largest civil penalty the agency has ever assessed against a cable operator.

What is Negative Option Billing and How Does the FCC Regulate It?

“Negative option billing” is a practice similar to “cramming” in the telecommunications context, wherein a company places unauthorized charges on a consumer’s bill, requiring subscribers to pay for services or equipment they did not affirmatively request.  In addition to the obvious nuisance of unknowingly paying for unauthorized services and equipment, the FCC’s action is also aimed at protecting consumers from “spend[ing] significant time and effort in seeking redress for any unwanted service or equipment, which is often manifested in long telephone wait times, unreturned phone calls from customer service, unmet promises of refunds, and hours of effort wasted while pursuing corrections.”  For these and other consumer protection reasons, negative option billing is illegal; it violates both Section 623(f) of the Communications Act of 1934, as amended (the Act), and Section 76.981(a) of the Commission’s rules.  Specifically, 47 U.S.C. § 543(f) explicitly prohibits negative billing options, noting also that a failure to refuse an offer is not the equivalent of accepting the offer.

As the FCC clarified in a 2011 Declaratory Ruling, while a customer does not have to know and recite specific names of equipment or service in the course of ordering those products, the cable operator must have “adequately explained and identified” the products in order for a subscriber to “knowingly accept[] the offered services and equipment by affirmative statements or actions.”

Section 76.981(b) explains that the negative billing option does not prevent a cable operator from making certain changes without consumer consent, such as modifying the mix of channels offered in a certain tier, or increasing the rate of a particular tier (unless more substantive changes are made, such as adding a tier, which then increases the price of service).

The FCC appears to have found only one violation of the negative option billing prohibition previously, and in that context, the Commission used its discretion to refrain from imposing a penalty.  More than 20 years ago, in 1995, the Commission acted on a complaint and investigated Monmouth Cablevision for allegations that the company—which had previously rented remote controls to their subscribers—violated FCC rules when it removed the leasing fee on subscriber bills and instead included a $5 sale price for the remotes. In that case, the Commission explained that, while “in a literal sense, this is the same equipment that the customer previously rented, we cannot find that these customers affirmatively requested to purchase these remotes rather than renting them.”  The Commission went on to explain that “changing the way in which existing service and equipment is offered, e.g., from leasing to selling,” did, in fact, violate the Commission’s negative option billing prohibition.  However, due to the “de minimis difference between the $ 5.00 purchase price and the total rental price” and because of the “large number of regulatory requirements that became effective on September 1, 1993, and the associated compliance difficulties,” the then Cable Services Bureau chose not to impose a penalty.  Because state governments have concurrent jurisdiction over negative billing practices, cable companies have faced court action for these and similar allegations for decades.

The FCC Investigation

Based on “numerous” consumer complaints, the FCC’s Enforcement Bureau opened an investigation in December of 2014 into whether Comcast engaged in negative option billing.  In the course of its investigation, the FCC determined that customers were billed for “unordered services or products, such as premium channels, set-top boxes, or digital video recorders (DVRs).”  Beyond not authorizing these products, in some cases the FCC claims that subscribers specifically declined additional services or upgrades, only to be billed anyway.  In fact, the Order—which is part of the settlement but generally not subject to the non-government party’s review prior to release—details numerous complainants that claim to have been given the runaround by Comcast customer service representatives, with one customer (Subscriber A) claiming that, after three hours on the phone and multiple transfers, she was ultimately transferred to a fax machine.  Another complainant (Subscriber B) asserted that he determined Comcast had wrongfully billed him for approximately 18 months for an extra cable box he never ordered, and that he spent another year calling to request (unsuccessfully) that the company remove the charge.

The Settlement

The Order and Consent Decree are striking in terms of the level of transparency exhibited throughout.  Unlike most FCC settlements, in which facts and legal arguments are closely guarded and held confidential, this Order reads more like a Notice of Apparent Liability for Forfeiture, where the FCC explains the underlying facts and legal theories in substantially more detail.  Especially noteworthy here, is that unlike majority of the other settlements released by the FCC’s Enforcement Bureau since Travis LeBlanc took the helm, neither the Order nor the Consent Decree include a statement admitting liability.  Rather than an admission of liability by Comcast, the Consent Decree includes a lengthy discussion of the perspectives of both Comcast and the Commission.  Besides arguing that most of the services were authorized and that unauthorized services inadvertently added to consumer bills were removed, Comcast—represented by FCC regular and first Enforcement Bureau Chief David Solomon—argued that the Commission itself “has cautioned against an expansive application of the Negative Option Billing Laws, stating that a broad reading of the rule could lead to harmful consequences.”  Moreover, Comcast asserted that “the Negative Option Billing Laws are not per se prohibitions, but instead are targeted only at affirmatively deceptive conduct on the part of cable operators, and Commission enforcement requires a demonstrated pattern of violation,” rather than an erroneous charge “occasioned by employee error” that does not involve deceit or intent.  For its part, the Commission asserted that it believes “the Customer Complaints and other facts adduced during the Investigation are evidence of violations of Section 623(f) of the Act and Section 76.981 of the Commission’s Rules.”

Moreover, the settlement requires that Comcast be required to comply with the terms of the Order and Consent Decree for an uncharacteristically long term—i.e., five years instead of the three years the Bureau has normally insisted upon.

In addition to the US$2.3M civil penalty, Comcast must implement a highly detailed compliance plan.  Although in many instances, Comcast is given until July 2017 to create and implement requisite processes, the level of detail applied to the cable company’s alleged transgressions is similar to that found in certain cramming and slamming settlements.  In those instances, however, the Commission is usually acting against less sophisticated targets with decidedly fewer resources that cannot retain compliance personnel with the expertise to design, develop, and implement their own expansive compliance plans.  Among other things, and as explained in five pages of detail in the Consent Decree, the company is required to:

obtain customers’ affirmative informed consent prior to charging them for new services or equipment; send customers an order confirmation, separate from any other bill, that clearly and conspicuously describes newly added services and equipment and their associated charges; offer mechanisms to customers that, at no cost, enable them to block the addition of new services or equipment to their accounts; implement a detailed program for redressing disputed charges in a standardized and expedient fashion; limit adverse actions (such as referring an account to collections or suspending service) while a disputed charge is being investigated; designate a senior corporate manager as a compliance officer; and implement a training program to ensure customer service personnel resolve customer complaints about unauthorized charges.

Going forward, it appears that the Commission will have a substantial amount of insight into the way the company conducts its business vis-à-vis its customer service responsibilities, in the form of annual reports and extended document retention requirements.

Lessons from the Settlement

Over the past two and a half years, it has become more apparent that the FCC is willing to apply old rules in new ways, and to continue to be an aggressive enforcer of the rules in general, but particularly when it comes to protecting consumers.  Although the Commission has issued Enforcement Advisories in the past, alerting companies that it is on the lookout for noncompliance in certain areas, this US$2M+ action is proof that regulatees should not wait for FCC warnings before ensuring they are compliant with the rules.  Companies should take heed and adopt a proactive approach to understanding the rules applicable to them based on their business operations.

ARTICLE BY Koyulyn K. Miller of Squire Patton Boggs (US) LLP

© Copyright 2016 Squire Patton Boggs (US) LLP

Teenagers And D.C. Circuit Agree: Internet Service Is A Utility – Will Bankruptcy Courts Follow?

Mobile devices, wireless communication technology and internet web concept: business laptop or office notebook, tablet computer PC and modern black glossy touchscreen smartphones with colorful application interfaces isolated on white background

The topic of net neutrality has continued to be at the forefront of public discourse over recent years.  This is the result of the FCC’s repeated attempts to impose regulations designed to protect consumers while at the same time telecom companies seek to control their product and the services they provide without what they contend is burdensome regulation. This summer, in U.S. Telecommunication Association v. FCC, the D.C. Circuit Court of Appeals dealt a blow to the telecom industry when it upheld a FCC declaration that broadband internet is a telecommunication service—essentially a public utility.  Many speculate that this decision will have a broad impact (good and bad) on internet service providers in both the short and long term.  A less considered aspect of the D.C. Circuit’s ruling is how it will be applied in the bankruptcy context.

Section 366 of the Bankruptcy Code establishes safeguards for debtors when it comes to their use of public utilities.  Under Section 366, essential utility providers are prohibited from discontinuing service upon the filing of a bankruptcy petition.  Instead, the debtor is required to provide adequate assurance of payment within short order, and if the debtor complies, the utility provider must continue service.  The Bankruptcy Code does not define what a “utility” is, but the legislative history provides some insight, noting that section 366 “is intended to cover utilities that have some special position with respect to the debtor, such as an electric company, gas supplier, or telephone company that is a monopoly in the area so that the debtor cannot easily obtain comparable service from another utility.”

Bankruptcy courts have not strictly interpreted the monopoly reference in the legislative history and have continued to hold that telephone service is a utility even after the industry has been deregulated.  In the context of cable television, rather than looking to the monopoly requirement, the Fifth Circuit Court of Appeals in Darby v. Time Warner, 470 F.3d 573, 574 (5th Cir. 2006), held that the relevant analysis was whether the provider stands in a “special positon with respect to the [debtor] such that it is a utility within the meaning of the statute.”  There the Fifth Circuit held that cable television providers did not stand in a special position with respect to the debtor and further that cable television service was not a necessity and therefore not a utility under Section 366.

We have no doubt that individual debtors will begin to test whether they can claim internet service is a utility, relying principally on the D.C. Circuit’s ruling.  However, based on the Fifth Circuit’s analysis, it is entirely conceivable that bankruptcy courts will be reluctant to extend utility status to broadband internet service providers in individual bankruptcies, as it is difficult to find that internet service is a necessity.  However, in the corporate chapter 11 context, one can easily envision a scenario where broadband internet service is necessary for a debtor to continue operating its business, for example, in the e-commerce arena or simply to connect its internal computer systems.  In these circumstances, courts have already allowed debtors to consider internet service a utility under Section 366.  The D.C. Circuit’s recent opinion in U.S. Telecommunication Association v. FCC will now provide further support for commercial debtors to claim that internet service is a utility in the event that a provider dissents.

Written by Peter R. Morrison of Squire Patton Boggs Law Firm.

September 2016 – gTLD Sunrise Periods Now Open

gTLD Sunrise PeriodsAs first reported in December 2013, the first new generic top-level domains (gTLDs, the group of letters after the “dot” in a domain name) have launched their “Sunrise” registration periods. As of August 31, 2016 ICANN lists gTLD Sunrise periods open for the following new gTLDs:

gTLDs
.shopping
.games
.kerryhotels
.able
.quest
.xn-w4r85el8fhu5dnra
.doctor
.blog

ICANN maintains an up-to-date list of all open Sunrise periods here. This list also provides the closing date of the Sunrise period.  We will endeavor to provide information regarding new gTLD launches via this monthly newsletter, but please refer to the list on ICANN’s website for the most up-to-date information – as the list of approved/launched domains can change daily.

Because new gTLD options will be coming on the market over the next year, brand owners should review the list of new gTLDs (a full list can be found here) to identify those that are of interest.

Employee’s Disparaging and Misleading Tweets May Be Protected Under NLRA: Holy Guacamole!

Guacamole, Food, disparaging social mediaRetail employers dismayed by employees publicly airing workplace grievances in disparaging social media posts must think twice before taking disciplinary action.  On August 18, 2016, the National Labor Relations Board (“NLRB”) confirmed the finding by Administrative Law Judge Susan A. Flynn that Chipotle’s social media policy forbidding employees from posting “incomplete” or “inaccurate” information, or from making “disparaging, false, or misleading statements” on Twitter, Facebook and other social media sites violates Section 8(a)(1) of the National Relations Labor Act (“the Act”).

Chipotle discovered that an employee responded to a customer’s tweet thanking Chipotle for a free food offer, by tweeting back: “@ChipotleTweets, nothing is free, only cheap #labor. Crew members make only $8.50hr how much is that steak bowl really?”  Then, attaching a news article describing how hourly workers at Chipotle were required to work on snow days while certain high-level employees were not, the employee tweeted his displeasure, specifically referencing Chipotle’s Communications Director: “Snow day for ‘top performers’ Chris Arnold?”  Informed by his manager that Chipotle considered his tweets to be in violation of Chipotle’s social media policy, the employee removed them at Chipotle’s request.  Then, several weeks later, Chipotle fired the employee after he circulated a petition about employees not receiving required breaks.

Finding the provision in Chipotle’s policy prohibiting employees from spreading “incomplete” or “inaccurate” information to be unlawful, Judge Flynn opined that: “An employer may not prohibit employee postings that are merely false or misleading. Rather, in order to lose the [NLRA]’s protection, more than a false or misleading statement by the employee is required; it must be shown that the employee had a malicious motive.” Judge Flynn also found the policy provision prohibiting “disparaging” statements to be unlawful, explaining that it “could easily encompass statements protected by Section 7 [of the NLRA]” including “the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection.”   Although Chipotle’s social media policy contained a disclaimer that the policy “does not restrict any activity that is protected by the National Relations Labor Act, whistleblower laws, or any other privacy rights,” Judge Flynn concluded that this “sentence does not serve to cure the unlawfulness of the foregoing provisions.”

The NLRB adopted Judge Flynn’s decision that Chipotle was wrong, not only for firing the employee, but for attempting to limit his commentary on social media by its unlawfully termed social media policy.  While agreeing with Judge Flynn’s reasons for finding the social media policy unlawful, the NLRB disagreed with Judge Flynn’s finding that Chipotle violated the NLRA by asking the employee to delete the tweets.  In particular, while Judge Flynn opined that the employee engaged in “concerted activity” even though he did not consult with other employees before posting his tweets because “concerted activities include individual activity where individual employees seek to initiate or to induce … group action,”  the NLRB disagreed, asserting, with no true explanation, that it did not find the employee’s conduct to be concerted.  Agreeing that Chipotle violated the NLRA by terminating the employee after he engaged in protected concerted activity by circulating a petition regarding the Company’s break policy, the NLRB required Chipotle to, among other things, post signs acknowledging that its social media policy was illegal, and to re-instate the employee with back pay.

The message from the NLRB to retail employers is that, barring malicious misstatements, speech concerning terms and conditions of employment is often protected activity, even for employees who want to criticize their employers on Twitter and other social media websites.  To avoid Chipotle’s fate, ensure that your social media policies are up to date and provide for the increasing protections afforded to employee social media activity by the NLRB.

ARTICLE BY John M. O’Connor of Epstein Becker & Green, P.C.
©2016 Epstein Becker & Green, P.C. All rights reserved.

Espionage and Export Controls: iPhone Hack Highlights New World of Warfare

iPhone HackLast week, researchers at Citizen Lab uncovered sophisticated new spyware that allowed hackers to take complete control of anyone’s iPhone, turning the phone into a pocket-spy to intercept communications, track movements and harvest personal data. The malicious software, codenamed “Pegasus,” is believed to have been developed by the NSO Group, an Israeli company (whose majority shareholder is a San Francisco based private equity firm) that describes itself as a “leader in cyber warfare” and sells its software — with a price tag of $1 million – primarily to foreign governments. The software apparently took advantage of three previously unknown security flaws in Apple’s iOS software, and was described by experts as “the most sophisticated” ever seen on the market. Apple quickly released a patch of its software, iOS 9.3.5, and urged users to download it immediately.

Citizen Lab learned about Pegasus from Ahmed Mansoor, a UAE human rights activist, who received text messages baiting him to click on a link to discover “new secrets about the torture” of Emirati prisoners. Mr. Mansoor had been prey to hackers before, so he contacted Citizen Lab. When researchers tested the link, they discovered software had been remotely implanted onto the phone, and brought in Lookout, a mobile security firm, to reverse-engineer the spyware. Citizen Lab later identified the same software as having been used to track a Mexican journalist whose writings have criticized Mexico’s President. Citizen Lab and Lookout also determined that Pegasus could have been used across Turkey, Israel, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain, based on domains registered by NSO.

NSO Group, the architect of Pegasus, claims to  provide “authorized governments with technology that helps them combat terror and crime,” insisting that its products are only used in lawful ways., NSO spokesperson Zamir Dahbash told reporters that the company “fully complies with strict export control laws and regulations.” The Citizen Lab researcher who disassembled the malicious program, however, compared it to “defusing a bomb.” All of which raises the question – what laws or regulations govern the export of cyber-weapons by an Israeli firm (likely controlled by U.S. investors) to foreign governments around the world?

Cyber weapons are becoming increasingly interchangeable with traditional weapons. Governments (or terrorists) no longer need bombs or missiles to inflict large-scale destruction, such as taking down a power grid, since such attacks can now be conducted from anywhere there is a computer. Do export controls – which have long been used as foreign policy and national security tools, and which would regulate the transfer of traditional weapons – play any real role in regulating the transfer of weapons of cyber-surveillance or destruction? In fact, the legal framework underlying current export controls has not caught up (and maybe never will) to the capabilities of technological tools used in cyberwarfare. Proposals to regulate malware have been met with resistance from the technology industry because malware technology is often dual-use and the practical implications of requiring licenses would impede technological innovation and business activities in drastic ways.

The Wassenaar Arrangement

The Wassenaar Arrangement (WA) was established in 1996 as a multilateral nonproliferation regime to promote regional security and stability through greater transparency and responsibility in the transfer of arms and sensitive technologies. The United States is a member. Israel is not, but has aligned its export controls with Wassennaar lists.

In December 2013, the list of export controlled technologies under WA was amended to include commercial surveillance software, largely to curb human rights abuses by repressive governments’ use of spyware on citizens. Earlier this year, the Department of Commerce issued recommendations that the definition of “intrusion software” in the WA be modified to encompass the concept of “authorization” so that malware such as Pegasus, in which the user does not truly understand the nature of the consequences, would be controlled. Those proposals have not been implemented.

U.S. Export Controls of Malware

In 2015, following data breaches at the Officer of Personnel Management and several private companies, the Department of Commerce published proposed rules to harmonize concepts embedded in the WA into the U.S. regulatory framework for export controls. One critical proposal was a definition of “intrusion software” to require a license for the export and use of malware tools. But the definition covered much more than malware. Cybersecurity experts were alarmed by the rule’s over-inclusive and vague language. The rules would have impeded critical business activities, stifled international research and cross-border exchanges of technology, and hindered response to cyber threats.

NSO Group has been described by researchers as “incredibly committed to stealth, and  reportedly has close partnerships with other Israeli surveillance firms that seek to sell spyware, suggesting an inevitable increase in cyber mayhem. As malware becomes more sophisticated, widespread, and threatening, the need for strictly tailored export controls is not going to go away.

Regulating software is challenging at least in part, because there is no workable legal definition of what constitutes a cyber weapon. Because malware is largely dual-use, the only way to determine whether particular software constitutes a cyber weapon is retroactively. If software has been used as a weapon, it is considered a cyber weapon. But that definition arrives far too late to control the dissemination of the code. Moreover, controlling  components of that software would likely be over-inclusive, since the same code that can exploit flaws to break in to devices can also have benign uses, such as detecting vulnerabilities to help manufacturers like Apple learn what needs patching. Another challenge is that requiring  export licenses can take months, which, in the fast-moving tech world is as good as denial.

The revelation of the Pegasus iPhone spyware highlights questions that have perplexed national security and export control experts in recent years. As the use and sophistication of malware continue their explosive growth, not only must individuals and governments face the  chilling realities of cyber warfare, but regulators must quickly understand the technological issues, address the risks, and work with the cyber security and technological communities to find a path forward.

ARTICLE BY Fatema K. Merchant & Laura E. Jehl  of Sheppard, Mullin, Richter & Hampton LLP
Copyright © 2016, Sheppard Mullin Richter & Hampton LLP.

China’s Quantum Cryptography: Tales from (Quantum) Crypt

China Quantum CryptographyThe dream of hack-proof communication just got a little closer to reality. On August 16, 2016, China launched the world’s first “quantum satellite,” a project the Chinese government hopes will enable it to build a communication system incapable of being hacked. Such a system, if perfected, would allow for encrypted communications between any two devices with absolute certainty that the encryption could not be broken, and with a built-in mechanism for alerting the sender/receiver if someone tried.If you are interested in truly understanding the mechanics of quantum cryptography, I would highly recommend the article “How Quantum Cryptography Works.” For the purpose of this post, a very basic explanation is as follows:

In order to encrypt a two way communication, the sending party (who we will call “Alice”) typically encodes a message using a key and sends the message to the receiving party (who we will call “Bob”), who then decrypts the message using the same key. Since modern technology makes it possible to engineer almost unbreakable keys, the best way for an eavesdropper (who we will call “Eve”) to access the message is to find the key itself, which is vulnerable because it also needs to be communicated between Alice and Bob, but can’t itself be encrypted, or else Bob won’t be able to use it.

Quantum cryptography would allow Bob and Alice to use a new key for every message AND guarantee that if Eve tries to intercept the key, they will know. Quantum entanglement is a physical phenomenon that can cause certain particles to become “entangled” such that a change in one will elicit a predictable change in the other, no matter how far apart the entangled particles are, and without any measurable (by current scientific standards) communication between them. If Alice and Bob share entangled particles, Alice can transmit the information for a new key to Bob for every communication by altering the directional spin of her particles, which in turn will alter the spin of Bob’s particles. A complicated process of measuring particle spin and cross-checking information between Alice and Bob (more fully explained in the article linked to above) is then used to generate the key.

Since so far as science is currently aware there is nothing “communicated” between the entangled particles, there is nothing for Eve to intercept unless she can actually access Bob’s particles. Meanwhile, Heisenberg’s uncertainty principle states that anytime the spin of one of these particles is measured, the very act of measuring it changes the spin of that particle. This means that if Eve does manage to physically access Bob’s entangled particles and measures them to try and get Alice’s key before passing the particles back to Bob, Bob will know the particles were intercepted because the key he thinks he got from Alice won’t work to unlock Alice’s message after he and Alice cross-check their information, since Eve’s measuring of Bob’s particles caused the spin of those particles to change. Furthermore, since Eve is not able to cross-check her information with Alice, even if she is able to listen to Bob and Alice cross-checking their information, Eve will not be able to use her information to formulate the correct key to decode Alice’s message.

The ability to send completely secure messages between any two points has myriad applications for data security. From a commercial standpoint, it could mean the ability for enterprises to remote access data without fear of interception. It could also mean an increase in the security of customer information (especially information that is legally required to be protected, such as personally identifiable information) and a corresponding decrease in the risk of a security breach that might result in damage to a company’s brand, increased compliance costs, or potential litigation awards and expenses. For consumers, it could mean the ability to communicate private information securely in an age where so many online transactions require the sending of sensitive information over the internet.

More troubling (or liberating, depending on your point of view) are the challenges quantum cryptography poses for law enforcement and national security. Agencies such as the CIA, FBI, and NSA currently depend on access to third party data networks, such as e-mail clients and telecommunication companies, for a large part of their data collection and monitoring activities. Under the “third-party doctrine” when Alice sends a message to Bob, if a copy of that message is kept by the medium they use to communicate (e.g. by Alice’s e-mail client), a government agency can request a copy of that information directly from Alice’s e-mail client without needing to get a warrant, and without telling Alice or Bob about the request. Quantum cryptography could allow Alice to send an encrypted message to Bob such that, even if a government agency gets a copy of the message itself from Alice’s e-mail client, they will not be able to decrypt it without help from either Alice or Bob.

Quantum cryptography still has a long way to go before it lives up to its promise, and there will almost certainly be bumps along the way. Yet, if the Chinese satellite launch does kick start the quantum cryptography revolution, commercial enterprises, consumers, governments, hackers, and lawyers alike will need to find ways to respond to the new challenges it creates.

ARTICLE BY Adam Waks of Proskauer Rose LLP
© 2016 Proskauer Rose LLP.