Communication Media & Internet Archives - Page 47 of 66

Microsoft Acquiring LinkedIn as Move into Enterprise Social Media

Microsoft has announced that it is buying LinkedIn for $26.2 billion, one of the largest tech acquisitions in history, and that it intends to use the business social media giant to put Microsoft at the center of our work lives.

Currently, LinkedIn has 433 million members in 200 countries. Microsoft has 1.28 billion Office users worldwide. Microsoft CEO Satya Nadella said in an interview with Bloomberg:

“This is about the coming together of the leading professional cloud and the leading professional network. This is the logical next step to take. We believe we can accelerate that by making LinkedIn the social fabric for all of Office.”

Nadella said that Microsoft’s vision is to place your LinkedIn profile at the center of your online work life, connecting it with Windows, Outlook, Skype, PowerPoint and other Microsoft products.

For example, Cortana (Microsoft’s digital assistant) could provide users with information on other participants in an upcoming meeting by pulling data from LinkedIn profiles. Members working on a project could pull up LinkedIn articles concerning their project or use LinkedIn profiles to search for an “expert” to help with the project.

Microsoft also sees LinkedIn playing a major role in developing a new customer relationship management (CRM) tool for sales organizations. LinkedIn analytics could be integrated with Microsoft’s Dynamics tool, which competes with Salesforce.com, to assist companies with managing their customers.

Here’s a CNBC interview with Nadella and LinkedIn CEO Jeff Weiner explaining the opportunities.

ARTICLE BY Stephen Fairley of The Rainmaker Institute

Employee Error Accounts for Most Security Breaches

A recent study by a well-known information security company captures one of the most common information security fallacies: that information security is a technology problem. Most businesses view mitigating information security risks as falling squarely in the purview of their information technology department. However, this study reports that human error actually accounted for nearly two-thirds of security compromises, far exceeding causes like insecure websites and hacking.¹While technological measures (e.g., anti-virus software, access controls, firewalls, and intrusion detection systems) are clearly important, their effectiveness pales in comparison to the benefits gained by effective security awareness training.

Just as troubling, another recent study found a 789% increase in e-mail phishing attacks containing malicious code, including ransomware, in the first quarter of 2016 over the final quarter of 2015.² Phishing, which is an attempt to obtain confidential information or access by fraudulently posing as a legitimate company seeking information via e-mail, instant message or other electronic communication, specifically preys on employees who have not been trained to recognize the scam. A successful phishing expedition can result in the loss of confidential and financial information, system disruption and consumer litigation exposure. Every industry is impacted and at risk.

The results of these studies should serve as a clarion call to businesses. While we have long known that the human component is the key to improved security,³ it is also one of the most neglected areas in many business’ information security programs. Security awareness training for employees is one of the most important and effective means of reducing the potential for costly errors in handling sensitive information and protecting company information systems. Regardless of how much money and effort a business spends on its technological security measures, it cannot achieve an adequate level of security without addressing the human component.

Awareness training can ensure employees have a solid understanding of employer security practices and policies, as well as the tell-tale signs of an attempt to gain improper access to computer systems and confidential information. In contrast, uninformed employees are susceptible to mistakes, malware, phishing attacks, and other forms of social engineering. They can do substantial harm to a company’s systems and place its data at risk. The recent spate of ransomware attacks highlight just how critical the human element really is, as almost every one of those attacks resulted from human error.

First and foremost, it is critical that training programs have the participation of and include input from all relevant stakeholders at the company, including Human Resources, IT, Information Security, Legal, and Compliance.

Key aspects of any successful training program should also include the following:

Train on an ongoing basis. Avoid limiting training to when an employee is first hired or assigned to a new role in the organization
Train creatively, not just in a non-interactive classroom setting
Look for means to introduce interactivity into the training process
Have a means of measuring progress

To be truly effective, a security awareness program must provide “multiple methods of communicating awareness and educating employees as well (for example, posters, letters, memos, web based training, meetings, and promotions).”^[1]

Training can be conducted through a number of means:

Classroom sessions
Webinars
Security posters and other materials in common areas
Brown bag lunches
Helpful hints distributed to employees via e-mail or corporate intranet posts
Simulated phishing attacks (e.g., systems that will periodically send phishinge-mail to employees attempting to lure them into clicking on an attachment or a hyperlink and then alerting the employee that they have engaged in an insecure activity)

Additionally, having comprehensive and understandable employee policies is critical to a company’s information security safeguards. Readable and effective policies can be used in conjunction with effective employee training to reduce data security incidents caused by human error.

Finally, one of the most effective ways to increase employee security awareness is to help employees understand that good security practices can also benefit them personally. Being security-aware not only serves to protect their employer’s systems, but also helps in better securing the employee’s own personal data and computers. For example, by being more vigilant in identifying potential phishing attacks at work, the employee will become more vigilant in using home e-mail accounts and thereby protect their own data, photographs, financial accounts, etc.

ARTICLE BY Chanley T. Howell, Michael R. Overly & Eileen R. Ridley of Foley & Lardner LLP

¹_{https://www.egress.com/news/egress-ico-foi-2016

²http://phishme.com/phishme-q1-2016-malware-review/

³ See, e.g., Common Sense Guide to Mitigating Insider Threats, 4th Edition.http://www.sei.cmu.edu/reports/12tr012.pdf.}

New Legal Framework for Electronic Signatures Coming Soon to the EU

The use and acceptance of electronic signatures are becoming more commonplace around the globe. One estimate has the number of transactions using electronic signatures growing from 210 million in 2014 to 700 million in 2017. In our practice, we are seeing more companies implement electronic signature solutions in their commercial contracting practices and procedures.

Given this increased usage of electronic signatures, we think it’s a good time to remind our readers that a new legal framework for electronic signatures is set to take effect in the European Union on July 1.

Adopted almost two years ago on July 23, 2014, the regulation (910/2014/EU) titled “Regulation on electronic identification and trust services for electronic transactions in the internal market” (the eIDAS regulation) introduces a new framework for electronic signatures, seals, time stamps, and electronic documents. The eIDAS regulation replaces the Directive on Electronic Signatures (1999/93/EC) (the Directive).

The Directive caused issues in the European Union because each member state interpreted and implemented the law in its own way, leading to different electronic signature rules among EU nations. Thus, the eIDAS regulation is designed to establish a uniform framework to recognize electronic signatures, electronic seals, and identification among EU member states through the creation of electronic trust services for the European internal market. The eIDAs regulation defines the requirements for legally valid and mutually recognized electronic signatures (advanced and qualified), electronic seals, electronic time stamps, electronic delivery services, website authentication, and electronic documents.

As of July 1, the Directive and any EU member state laws that conflict with the eIDAS regulation will be replaced or modified. If you are among the many companies that incorporate electronic signatures into commercial contracting practices, remember that this new EU framework is just a month away from taking effect and be sure to brush up on the details.

Article By Edward J. Hansen & Christopher C Archer of Morgan, Lewis & Bockius LLP

Senate Panel Passes “Internet of Things” Bill

Internet of Things.jpg On Wednesday April 27th, the Senate Commerce Committee passed a bill meant to increase government involvement in the development of the “Internet of Things” (IoT).

By a voice vote, the committee approved the Developing Innovation and Growing the Internet of Things (DIGIT) Act, sponsored by Sen. Deb Fischer (R-Neb.), Sen. Kelly Ayotte (R-N.H.), Sen. Cory Booker (D-N.J.), and Sen. Brian Schatz (D-Hawaii). The bill would require the establishment of a working group tasked with identifying proposals meant to facilitate IoT growth. The working group would include representatives from the Transportation Department, the Commerce Department, the Federal Trade Commission, the Federal Communications Commission, Office of Science and Technology Policy, and the National Science Foundation. Separately, the Commerce Department recently issued a Request For Public Comment seeking comment on the role of government in fostering the advancement of IoT.

The bill also sets up a steering committee that will include industry stakeholders. Both the working group and the steering committee will examine a range of IoT issues, including the regulatory challenges that may limit the growth of IoT and the availability of wireless spectrum for IoT devices. The committee also approved several minor amendments to the bill, which, among other things, expanded the government agencies involved in the working group.

Article By Ani Gevorkian of Covington & Burling LLP

March 2016 – gTLD Sunrise Periods Now Open

As first reported in December 2013, the first new generic top-level domains (gTLDs, the group of letters after the “dot” in a domain name) have launched their “Sunrise” registration periods.

As of February 29, Sunrise periods are open for the following new gTLDs:

.HOTELES	.xn--xhq521b (.广东 – Chinese for “guangdong”)
.xn—1qqw23a (.佛山 – Chinese for “foshan”)	.xn--tckwe (.コム – Japanese for “.com”)
.barcelona	.mom
.xn—vuq861b (信息 – for “knowledge”)

ICANN maintains an up-to-date list of all open Sunrise periods here. This list also provides the closing date of the Sunrise period. We will endeavor to provide information regarding new gTLD launches via this monthly newsletter, but please refer to the list on ICANN’s website for the most up-to-date information – as the list of approved/launched domains can change daily.

Because new gTLD options will be coming on the market over the next year, brand owners should review the list of new gTLDs (a full list can be found here) to identify those that are of interest.

Article By Monica Riva Talley, Tracy-Gene G. Durkin & Shana L. Olson of Sterne, Kessler, Goldstein & Fox P.L.L.C.

February 2016 – gTLD Sunrise Periods Now Open

As first reported in our December 2013 newsletter, the first new generic top-level domains (gTLDs, the group of letters after the “dot” in a domain name) have launched their “Sunrise” registration periods.

As of December 31, Sunrise periods are open for the following new gTLDs:

.YACHTS
.BOATS
.xn--tckwe (.コム – Japanese for “.com”)
.HOTELES
.BET
.BIBLE
.barcelona
.PET
.istanbul
.ist

Because new gTLD options will be coming on the market over the next year, brand owners should review the list of new gTLDs to identify those that are of interest.

Article By Monica Riva Talley, Tracy-Gene G. Durkin & Ivy Clarice Estoesta of Sterne, Kessler, Goldstein & Fox P.L.L.C.

EU Policy Update – February 2016 re: Dutch Presidency and Brexit, Digital Single Market Policy, Energy and Environment

Dutch Presidency and Brexit

In January, the Netherlands took over the Presidency of the Council of the European Union from Luxembourg. In line with the political intentions of the Juncker Commission to be ‘big on the big issues but small on the small issues’, the Netherlands promises to focus on the essentials during its Presidency. In particular, the Dutch Presidency would like to focus on migration and international security. Another priority is to strengthen the free movement of services and the free movement of workers, where the Presidency would like to strengthen the protection of workers posted abroad.

Additionally, on February 2, the President of the European Council, Donald Tusk, presented his proposals for a ‘new settlement of the United Kingdom within the European Union’. If accepted, they would allow David Cameron to campaign in the ‘Brexit’ referendum on the continuing membership of the UK in the bloc. The Heads of State and Government will discuss and adopt the text in a meeting on February 18. For Covington’s analysis of the proposals presented and the referendum, please see here.

Digital Single Market Policy

The formal adoption of the EU Network and Information Security (NIS) Directive is a step closer following a vote on January 14 by the European Parliament’s internal market and consumer protection (IMCO) committee. The committee confirmed that the minimum harmonisation requirements under the Directive do not apply to digital service providers. This means that Member States will not be able to impose any further security or notification requirements on digital service providers beyond those contained in the Directive, when transposing it into national law. The NIS Directive will now be put forward for a plenary vote in the European Parliament. Once it is published in the Official Journal of the European Union and enters into force later this year, Member States will have 21 months to transpose it into national law. Member States will then have a further 6 months to apply criteria laid down in the Directive to identify specific operators of essential services covered by national rules. These processes are likely to be complicated, and companies that may fall within scope should participate in consultations and monitor developments across the EU over the coming months.

On January 19, the European Parliament adopted a resolution on the Digital Single Market Strategy of the European Commission. The parliamentarians called for ambitious and targeted actions to complete Europe’s digital single market. Among other things, the MEPs support the end of geo-blocking practices across Europe, the setting of a single set of contract rules and consumer rights for online sales and for digital content, and the modernization of the copyright framework.

On February 2, the European Commission and U.S. Government reached a political agreement on the new framework for transatlantic data flows. The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework. The EU’s College of Commissioners has also mandated Vice-President Ansip, in charge of the Digital Single Market, and Commissioner Jourová, Commissioner for Justice, Consumers and Gender Equality, to prepare the necessary steps to put in place the new arrangement. For Covington’s full analysis of the announcement of the EU-U.S. Privacy Shield, please see here.

Energy and Environment Policy

The European Commission published a proposal to update the approval requirements and market surveillance of new passenger cars and their respective systems and components. The Commission’s proposal aims at strengthening the credibility and enforcement of the applicable safety and environmental requirements for cars, following the controversy regarding Volkswagen last year.

In a significant departure from past EU legislation, the proposal would empower the Commission to impose administrative fines on economic operators who are found not to have complied with the approval requirements, of up to €30,000 per non-compliant vehicle.

The Commission’s proposal focuses on three elements. First, the European Commission proposes to reinforce the credibility of the type-approval assessment of new vehicles by ensuring that the technical services testing the new vehicles are fully independent from car manufacturers. For this purpose, the proposal would enhance the financial independence of such technical services and require Member States to create a national fee structure to cover the costs of type-approval testing and market surveillance activities for vehicles. Moreover, in order to prevent the use of ‘defeat devices’, as in the Volkswagen controversy, the proposal would grant approval authorities and technical services access to the software and algorithms of the vehicles tested.

Second, the proposal includes measures to strengthen the market surveillance of vehicles after they are type-approved and in circulation. Member State authorities and the Commission would be able to conduct tests and inspections on cars available on the market and would be empowered to adopt restrictive measures in case of non-compliance of vehicles. Among other proposed measures, the Commission would establish and chair a forum to coordinate the network of national authorities responsible for type-approval and market surveillance. Member States would also be able to inspect and take measures against vehicles type-approved in a different EU Member State.

Third, the Commission proposes measures to ensure that non-compliant manufacturers are penalized in case of non-compliance. Member States would be required to adopt penalties for non-compliant economic operators, including car manufacturers, importers and distributors, as well as technical services. This may be complemented by administrative fines, imposed by the Commission, of up to €30,000 per non-compliant vehicle, as referred to above.

Finally, the European Commission hopes to ensure a more uniform application of the legislation in the EU by proposing a Regulation as opposed to the current Framework Directive 2007/46/EC. If adopted, the Regulation would be directly applicable in national law with no requirement of transposition.

The Commission proposal is available here; it has been sent to the Council and European Parliament for consideration.

The European Commission is expected to propose a revision of the Fertilizers Regulation (EC) 2003/2003 in March 2016. This revision comes in parallel to the Circular Economy Package announced in December 2015, which aims to create a single market for the reuse of materials and resources.

Under the current EU Regulation 2003/2003, manufacturers and importers of fertilizers may choose to comply with the laws of the Member States where they market their products, or to get their products approved and CE-labeled under the Regulation. However, Regulation 2003/2003 only regulates a limited number of categories of fertilizer products.

According to Commission officials, the proposal aims to create a level playing field between existing, mostly inorganic categories of fertilizers, and innovative fertilizers, which often contain nutrients or organic matter recovered and recycled from biowaste or other secondary raw materials. Therefore, the proposal will make the approval process more flexible for new categories of CE-labeled fertilizers.

The draft legislative text is structured in four parts: (i) a list of materials that could be used for the production of CE-marketed fertilizing products under the conditions included in the annexes of the proposal; (ii) a list of product function categories for fertilizers, rules for blends of different product categories, and respective safety and quality requirements for each category included in the annexes; (iii) an annex with the labelling requirements by product function; and (iv) a section with the different conformity assessment procedures. Fertilizers that follow the harmonized EN standards will be presumed to conform with the requirements of the regulation.

Moreover, the proposal would continue to allow Member States to regulate national fertilizing products. Products that are not in compliance with the EU Fertilizers Regulation and do not carry the CE label would be able to marketed in a particular Member State if they comply with its national legislation.

Importantly, the revised Fertilizers Regulation is also likely to include an EU-wide limit on the presence of cadmium in fertilizers. In November 2015, the Scientific Committee on Health and Environmental Risks published an opinion concluding that new scientific information available justifies an update of the 2002 opinion on Member State Assessments of Risk to health and the Environment from Cadmium – see here.

The draft proposal is currently in inter-service consultation among the different Directorates General of the European Commission. Fertilizer manufacturers wishing to voice their opinion regarding the future Regulation on fertilizers should reach out now to the different services of the Commission.

Internal Market and Financial Services Policies

On January 15, the European Commission launched a public consultation on non-binding guidance for reporting non-financial information by certain large companies, following Article 2 of Directive 2014/95/EU – see here. Directive 2014/95/EU aims at improving the transparency of certain large companies related to Environmental matters, social and employee matters, human rights, and anticorruption and bribery matters. The feedback gathered during the consultation will be used to prepare the guidelines and facilitate the disclosure of non-financial information by undertakings. The public consultation will run until April 15, 2016.

On January 28, the European Commission presented its so-called Anti-tax Avoidance Package – see here. The initiative includes: (i) a new communication on tax avoidance in the EU; (ii) a proposal for an Anti-Tax Avoidance Directive; (iii) a proposal for a Directive implementing the G20/OECD Country by Country Reporting (CbC Reporting); (iv) a Recommendation to the Member States on Tax Treaties, and (v) a Communication on an External Strategy regarding tax avoidance.

The Anti-Tax Avoidance Directive includes six measures, which aim at limiting the abuse of six well-established practices used to avoid taxes in various jurisdictions in Europe. These include the mismatch in legal characterisation of financial instruments or legal entities between Member States, excessive inter-group interest charges, and a general anti-abuse rule against arrangements the essential purpose of which is to obtain a tax advantage.

The legislative proposal on CbC Reporting aims to strengthen the existing mandatory and automatic exchange of information between the Member States in the field of taxation. The proposal also requires the parent entity of a multinational group to report to the competent authorities the aggregated information on the revenue, profit (or loss) before income tax, income tax paid, income tax accrued, stated capital, accumulated earnings, number of employees, and tangible assets other than cash equivalents, in respect of each jurisdiction in which the group operates.

Finally, because tax avoidance has a strong global dimension, the EU will also cooperate better with third countries on tax issues. The Commission therefore proposes to adopt a common EU system to screen, list and put pressure on third countries that refuse to adopt policies to limit tax avoidance. In addition, before the end of 2016, the Commission and Member States will consider whether to put in place sanctions to incentivize third countries to improve their tax systems.

Life Sciences and Healthcare Policies

At the beginning of February 2016, the Dutch presidency will resume trilogues on the legislative proposals regarding the medical devices Regulation (“MD proposal”) and the in vitro diagnostic medical devices Regulation (“IVD proposal”). The European Commission presented this pair of proposals in September 2012, and recently called upon the Council of Ministers and the European Parliament to reach an agreement in the first half of 2016. The Dutch delegation therefore intends to ramp up the number of trilogues between the institutions to five political meetings and 10 to 15 technical meetings during its presidency. Nonetheless, important differences remain between the negotiators on the reprocessing of single use devices, liability insurance for manufactures, and the classification of devices in the framework of the IVD proposal. It is understood that the Dutch presidency hopes to achieve an agreement by the Employment, Social Policy, Health and Consumer Affairs Council of June 17, 2016.

Trade Policy and Sanctions

On January 1, the Deep and Comprehensive Free Trade Area (“DCFTA”) between the EU and Ukraine became operational. According to the Commission, the implementation of the DCFTA will improve the Gross Domestic Product of Ukraine by circa 6% and increase economic welfare for Ukrainians by 12% over the medium term.

On January 13, the European Commission held an initial orientation debate on Market Economy Status for China in anti-dumping proceedings. Under the current WTO rules, the EU can calculate potential anti-dumping duties on the basis of data from another market economy country rather than the domestic prices used in China, because there is a presumption that market economy conditions do not prevail in China. However, this provision, included under Article 15(a)(ii) of China’s Protocol of Accession to the WTO, will expire on December 12, 2016. The Commission is therefore considering its options for changing the methods used to calculate dumping margins in respect of China. It is important for the Commission to start the process on time, because any change in the anti-dumping rules are likely to require legislation to be adopted by the Council and the European Parliament. Given the delicate nature of such negotiations, the process is expected to take a year.

January 16, 2016, saw the Implementation Day of the Joint Comprehensive Plan of Action (“JCPOA”) – the historic deal reached among China, France, Germany, Russia, the UK, the U.S., the EU and Iran to ensure the exclusively peaceful nature of Iran’s nuclear program. As part of that agreement, the Council of the EU lifted all nuclear-related economic and financial EU sanctions on Iran. It did so by bringing into force the EU legislative package adopted on October 18, 2015, following the verification by the International Atomic Energy Agency (“IAEA”) that Iran had complied with the requirements laid down in the JCPOA. As of January 16, many sectors and activities have been reactivated, including, among others: financial, banking and insurance measures; oil, gas and petrochemical; shipping and transport; gold and other metals; software; and the un-freezing of the assets of certain persons and entities. Note that proliferation-related sanctions, including arms and missile technology sanctions, will remain in place until 2023 (subject to various conditions). For the Council press release, see here. For more details, see the Council Information Note here.

Article By Sebastian F.A. Vos of Covington & Burling LLP

Criminal or Civil Liability for Sharing Streaming Accounts?

We are at the beginning of a new era of media consumption. Traditional content delivery systems such as satellite and cable television are hemorrhaging customers to a wave of “cord cutting” that has been facilitated by the availability of streaming services such as Hulu Plus, Netflix and HBO Go.^[1] Now that smart televisions are becoming more common place, cord cutting is no longer limited to the technologically hip youth, as accessing a Netflix account is as easy as changing the channel.

1-26-2016 3-38-45 PM But with the proliferation of streaming services, users have elected to share the benefits of the accounts―i.e. their passwords―with others. A staggering 46% of accountholders admit to sharing their streaming account password with people outside of their household.^[2] This raises some interesting questions of federal and state criminal, tort and contract laws. What sort of liability might someone have for sharing their account with friends or family? For using a shared account of a friend?

But in order to figure out if sharing of passwords violates the law, we first have to see if it violates the streaming service’s terms of service.

Netflix

Netflix is arguably the pioneer in password sharing. For years Netflix has allowed multiple user profiles to better enable its suggestion algorithm to tailor its offerings to a targeted user. By tactical use of user profiles, parents can limit the likelihood that Netflix will suggest the latest episode of Barney and Friends based on their child’s viewing of Teletubbies the week before.^[3] Netflix has also long offered the ability to stream its services on a limited number of devices simultaneously. ^[4] Netflix’s commitment to account sharing was recently echoed by its CEO Reed Hastings who stated: “As kids move on in their life, they like to have control of their life, and as they have an income, we see them separately subscribe. It really hasn’t been a problem.”^[5] But Netflix’s position on non-family members sharing the passwords has been a little more vague.

Hulu Plus

Hulu has not taken the vocal stance on account sharing that Netflix has. Though it is apparent that Hulu has at least contemplated password sharing to some degree. In section 5 of its terms of use, Hulu acknowledges that people within the same household are likely to use the account, and holds the primary account holder accountable for their activities: “You are responsible for all use of your account, including use of your account by other members of your household. By allowing others to access your account, you agree to be responsible for ensuring that they comply with these Terms and you agree to be responsible for their activity using the Services.”^[6] However unlike Netflix, Hulu Plus accounts are limited to streaming on one device at a time, which minimizes the advantage of sharing.

HBO Go

Like Netflix, HBO Go specifically contemplates the idea of multiple users within the same household. HBO has two tiers of accounts. The first is a “Registered Account” which consists of account holders who meet certain eligibility criteria, namely, they subscribe to HBO and HBO On Demand or Cinemax and Cinemax on Demand.^[7] These Registered Account holders can create “Household Member Accounts” for members of their household. The Register Account serves as the master account for the Household Member Accounts and can control what content the junior accounts have access to. However, despite the ability to create Household Member Accounts, HBO Go appears to take an antagonistic view of sharing the master account password itself. HBO Go’s terms of service specifically state that “You are responsible for all activity occurring under your Registered Account and any Subaccount authorized by you, including maintaining the confidentiality of each Username and Password, and you agree that any household member account users authorized by you will not permit the disclosure of any Username and Password to any person.” Contrast the above statements to Hulu’s request to “Please keep your password confidential,” and it is apparent that one is an order, and the other a request.

But statements by HBO’s CEO bely the strict terms of their agreement. In an interview with Buzzfeed, HBO’s CEO stated: “It’s not that we’re ignoring it, and we’re looking at different ways to affect password sharing. I’m simply telling you: it’s not a fundamental problem, and the externality of it is that it presents the brand to more and more people, and gives them an opportunity hopefully to become addicted to it. What we’re in the business of doing is building addicts, of building video addicts. The way we do that is by exposing our product, our brand, our shows, to more and more people.”^[8]

So HBO intends on building a legion of addicts, and with shows like Game of Thrones, they are well on their way to being the Pablo Escobar of digital content. But like any drug dealer, the first sample is free, but the second is going to cost you. No one knows for sure when HBO will start demanding money for that next “hit.”

It is apparent that these three streaming services all authorize sharing of an account among members of a household. A reasonable argument could be made that this extends to college age children who are away from the home during the school year, but whose primary residence is still their family home.

But what about sharing the account with third parties? What liability might an individual incur if they use a friend’s account with the friend’s permission? Arguably such activity goes beyond the terms of service of a user’s account, and presents some interesting questions of both state and federal law.

Trouble in Tennessee

In 2011, Tennessee, the home of Nashville and the birthplace of country music, became one of the first states to formally criminalize user account sharing. HB1783, effective July 1, 2011, modifies Tennessee Code Annotated Section 39-11-106 subdivision 35 by adding “entertainment subscription service” to the list of services protected by its theft of services offence.^[9] Section 39-14-104 defines theft of services as any person who: “(1) intentionally obtains services by deception, fraud, coercion, false pretense or any other means to avoid payment for the service; (2) having control over the disposition of services to others, knowingly diverts those services to the person’s own benefit or to the benefit of another not entitled thereto.” The punishment for violation of this provision ranges from a misdemeanor to a felony depending on the value of the services rendered.

The first provision of 39-14-104 targets the friend who is using the primary account holder’s password without permission from the streaming service. The person has “obtain[ed] services by . . . any other means to avoid payment for the service.” The second provision targets the account holder who has shared his password with a friend. That person has control of a subscription service and diverts it to his friend, who is not entitled to the service.

California is Not the Golden State For Sharing

It is unsurprising that California would not take kindly to people sharing the fruits of its most visible industry. California Penal Code Section 502 is an “anti-hacking” statute that covers a broad variety of activities. To the extent that sharing a primary accountholder’s password with people outside of the household is beyond the scope of the terms of use of the streaming service, there are several provisions of Section 502 that would criminalize such activity (along with giving a private cause of action), including subsections: (1) “knowingly accesses and without permission . . . otherwise uses any data in order to . . . wrongfully control or obtain . . . data;” (3) “knowingly and without permission uses or causes to be used computer services;” (6) “knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section;” and (7) “knowingly and without permission accesses or causes to be accessed any computer, computer system or computer network.” Violation of these sections can range from a misdemeanor to a felony.

Like the Tennessee law, sections 1, 3 and 7 apply to the friend who is using the account without permission of the streaming service. Section 6 applies to the account holder who is sharing the account with a friend without the permission of the streaming service.

It Might Be A Federal Offense

The Computer Fraud and Abuse Act offers broad protection against unauthorized access to computers. It has been amended a half dozen times in its nearly 20 year history, and likely covers password sharing that is beyond the scope of the terms of service of a streaming account.

18 U.S.C. § 1030(a)(2) makes it a crime to “intentionally access a computer without authorization or exceeds authorized access, and thereby obtains . . . (c) information from any protected computer.” A “protected computer” is defined by 18 U.S.C. § 1030(e)(2) as any computer “which is used in or affecting interstate or foreign commerce or communication.” A streaming service’s streaming servers undoubtedly qualify as a protected computer under the Act as they stream their stored media all across the country.

Using a third party’s password to access a streaming service clearly “exceeds authorized access” as it is beyond the scope of the access defined in Netflix, Hulu Plus, or HBO Go’s terms of use. The user of the password is “obtaining information”―the streamed media―from the protected computer.

An interesting wrinkle is that the Act arguably has a jurisdictional requirement of $5,000 in damages over the course of one year. 18 U.S.C. § 1030(c)(4). This would probably be hard for a streaming site to demonstrate, especially against an individual who is making use of a friend’s password. However, it would be easier to meet the limit for the primary account holder who decided to share the account with a group of friends. All it takes is sharing a $20 dollar a month account with 21 people to meet the $5,000 threshold.

So what does all of this mean? Sharing an account with members of a household is just fine under Netflix, Hulu Plus, and HBO Go’s terms of use. Arguably this extends to children of the account holder who are away at school but whose primary residence is still the family home.

But sharing the password with people outside of the household or using someone else’s account opens up the potential for liability. Not only does sharing a password expose the primary account holder to the possibility of a claim of breach of contract, it also gives rise to various causes of action under both state and federal law for everyone involved.

At the moment none of the sharing services seem to care all that much, and it would be easy for them to mitigate their exposure to shared accounts by simply limiting the number of devices that the account can be used on simultaneously. Some seem to view account sharing as a marketing tool. But all that may change without notice. Sharer beware.

Article By Drew Wilson of Proskauer Rose LLP

_{[1] Todd Spangler, Cord-Cutting Gets Ugly: U.S. Pay-TV Sector Drops 566,000 Customers in Q2, Variety (August 8, 2015).}

_{[2] Is it Okay to Share Log-Ins for Amazon Prime, HBO Go, Hulu Plus, or Netflix?, Consumerreports.org (Jan. 28, 2015).}

_{[3] Netflix User Profiles, Netflix (Jan 14, 2016) https://help.netflix.com/en/node/10421.}

_{[4] Terms of Use, Netflix (Jan 14, 2016) https://help.netflix.com/legal/termsofuse.}

_{[5] Sarah Perez, Netflix CEO Says Account Sharing is OK, TechCrunch (Jan 11, 2016),}

_{[6] Terms of Use, Hulu (Jan 14, 2016), http://www.hulu.com/terms}

_{[7] Terms of Use, HBO Go (Jan. 14, 2016), http://www.hbogo.com/#terms/}

_{[8] Greg Kumparak, HBO Doesnt Care if You Share Your HBO Go Acccount . . . For Now, TechCrunch (Jan 20, 2014),}

_{[9] http://www.capitol.tn.gov/Bills/107/Bill/HB1783.pdf}

Smartphone Wars – Supreme Court Awakens: Samsung Files Petition for Certiorari in New Hope to Harmonize Design Patent Law

On Monday, in the latest episode of the smartphone wars, Samsung filed a petition for certiorari with the Supreme Court.

Smartphone Wars

Samsung is appealing a Federal Circuit decision that upheld a $399 million judgment against Samsung for infringing three of Apple’s design patents. Samsung argues that the decision, if left unchecked by the Supreme Court, could dramatically increase the value of design patents. While the Supreme Court is the ultimate power in patent jurisprudence, it was a long time ago that it last considered a design patent case; more than 120 years ago according to Samsung. Samsung’s petition presents two fundamental questions concerning design patents:

1. Where a design patent includes unprotected non-ornamental features, should a district court be required to limit that patent to its protected ornamental scope?

2. Where a design patent is applied to only a component of a product, should an award of infringer’s profits be limited to those profits attributable to the component?

With respect to the first question – whether a district court should be required to limit the protection of a design patent to only ornamental features – Samsung argues that the Federal Circuit’s decision conflicts with both Section 171 of the Patent Act and with the Supreme Court’s precedent requiring judicial construction of patent claims.

According to Samsung, the Federal Circuit refusal “to cabin design patents to their protected ornamental scope” conflicts with Section 171 and allows infringement to be “found based on the use of nonornamental attributes.” Thus, argues Samsung, the Federal Circuit broadened the protectable scope of design patents, which are limited to “any new, original and ornamental design for an article of manufacture,” under section 171. Samsung argues the Federal Circuit’s ruling also creates tension with other areas of intellectual property law that routinely enforce limitations to protectable scope, such as copyright doctrine of “filtration” and trademark law’s doctrine of functionality.

Samsung also maintains that the ruling is contrary to Supreme Court precedents in the analogous context of utility patents, which recognize that district courts have a duty to construe patent claims and eliminate unprotected features. In Samsung’s view, similar to a Markman hearing, a district court should instruct a jury to identify non-ornamental features of a design patent and exclude them from the infringement analysis.

Turning to the second question – whether damages should be limited to the profits attributable to the infringing component – Samsung argues that the Federal Circuit’s decision conflicts with Section 289 of the Patent Act and the basic principles of causation and equity.

Samsung urges that “the Federal Circuit’s holding as a matter of law that an infringer of a design patent is liable for all of the profits it made from its entire product, no matter how little the design contributed to the product’s value or sales” be corrected. Samsung argues that the Federal Circuit’s conclusion that the article of manufacture is the entire smartphone, and not specific subcomponents, is wrong based on a natural reading and purpose of Section 289 of the Patent Act, contemporary extrinsic evidence regarding the definition of “articles of manufacture,” and non-controlling case law (see note below).

According to Samsung, the Federal Circuit’s “interpretation of Section 289 also flies in the face of well-settled tort principles of causation” and “ignores that disgorgement of the defendant’s profits is a classic equitable remedy for which the accepted measure of recovery generally is ‘the net profit attributable to the underlying wrong.’” “The cardinal principle of damages in Anglo-American law is that of compensation for the injury caused to plaintiff by defendant’s breach of duty,” This is the backdrop in which Section 289 was adopted. “Where disgorgement is available in patent cases, it has [] been ‘given in accordance with the principles governing equity jurisdiction, not to inflict punishment but to prevent an unjust enrichment by allowing injured complainants to claim ‘that which … is theirs, and nothing beyond this.’”

Samsung claims that certiorari should be granted because the Federal Circuit’s decision dramatically increases the value of design patents relative to other forms of intellectual property. Without correction, design patents will have whatever scope juries choose to give them, and a design-patent holder will be entitled to the infringer’s profits on the entire product even if the patented design applies only to a part of the product, and contributes to only a minor faction of the overall value. The Federal Circuit’s decision allows design patent owners to obtain the infringer’s total profits – a remedy not available under utility-patent law. Samsung contends that such leverage “poses a real danger for companies everywhere,” that it will lead to an “explosion of design patent assertions and lawsuits.”

Will the Supreme Court agree with Samsung that the Federal Circuit has caused a great disturbance in design patent jurisprudence? Difficult to see. Always in motion is the future.

Bush & Lane Piano Co. v. Becker Bros., 222 F. 902, 904 (2d Cir. 1915), (allowed an award of infringer’s profits from the patented design of a piano case but not from the sale of the entire piano, holding that “recovery should be confined to the subject of the patent.”); Young v. Grand Rapids Refrigerator Co., 268 F. 966 (6th Cir. 1920), (Affirmed the denial of all profits from the sale of refrigerators where the infringed patent related only to the design of the refrigerator’s door latch, explaining that it was not even “seriously contended” that the patentee could recover all profits from sales of refrigerators containing that latch.)

Article By, Patrick T. Driscoll, James Wodarski, Michael T. Renaud & Michael C. Newman of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

FAST Act Calls for Examination of Internet of Things

The Internet of Things (IoT), as defined by Wikipedia, is the network of physical objects or “things” embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. The IoT allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between the physical world and computer-based systems, and resulting in improved efficiency, accuracy and economic benefit. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure.

In short, if we look at the objects we use in everyday life – from our phones, to our laptops, to even our copy machines or printers at work – each is able to collect and potentially exchange vast amounts of data. While the capabilities of these devices and objects to collect data and exchange data will likely improve our daily lives, it is also important to examine how to protect the privacy and security of the information and data which is collected and shared.

The Fixing America’s Surface Transportation Act (FAST Act) includes a number of provisions related to privacy, including an amendment to the Gramm-Leach-Bliley Act (GLBA) as well as the enactment of the Driver Privacy Act of 2015. Interestingly, the FAST Act also requires a report on the potential of the IoT to improve transportation services in rural, suburban, and urban areas.

Specifically, Section 3024 of Title III, requires the Secretary of Transportation to submit a report to Congress not later than 180 days after December 4, 2015 (the enactment date of the FAST Act). The report, presumably to address the issues discussed above, is to include (1) a survey of the communities, cities, and States that are using innovative transportation systems to meet the needs of ageing populations; (2) best practices to protect privacy and security, as determined as a result of such survey; and (3) recommendations with respect to the potential of the IoT to assist local, State, and Federal planners to develop more efficient and accurate projections of the transportation.

While it is unclear exactly what information will be captured in the report, it’s clear the drafters of Section 3024 have recognized the importance of data privacy and security while utilizing the IoT to improve transportation. On a more personal note, I have to believe I am not alone in hoping that the report will finally address (and correct!) the traffic patters related to my daily commute!

Article By Jason C. Gavejian of Jackson Lewis P.C.

Category: Communication Media & Internet

Employee Error Accounts for Most Security Breaches

Like this:

New Legal Framework for Electronic Signatures Coming Soon to the EU

Like this:

Senate Panel Passes “Internet of Things” Bill

Like this:

March 2016 – gTLD Sunrise Periods Now Open

Like this:

February 2016 – gTLD Sunrise Periods Now Open

Like this: