Protection for Voice Actors is Artificial in Today’s Artificial Intelligence World

As we all know, social media has taken the world by storm. Unsurprisingly, it’s had an impact on trademark and copyright law, as the related right of publicity. A recent case involving an actor’s voice being used on the popular app TikTok is emblematic of the time. The actor, Bev Standing, sued TikTok for using her voice, simulated via artificial intelligence (AI) without her permission, to serve as “the female computer-generated voice of TikTok.” The case, which was settled last year, illustrates how the law is being adapted to protect artists’ rights in the face of exploitation through AI, as well as the limits of current law in protecting AI-created works.

Standing explained that she thinks of her voice “as a business,” and she is looking to protect her “product.” Apps like TikTok are taking these “products” and feeding them into an algorithm without the original speaker’s permission, thus impairing creative professionals’ ability to profit in an age of widespread use of the Internet and social media platforms.

Someone’s voice (and aspects of their persona such as their photo, image, or other likeness) can be protected by what’s called the “right of publicity.” That right prevents others from appropriation of one’s persona – but only when appropriation is for commercial purposes. In the TikTok case, there was commercial use, as TikTok was benefiting from use of Standing’s voice to “narrate” its users’ videos (with some user videos apparently involving “foul and offensive language”). In her Complaint, Standing alleged TikTok had violated her right of publicity in using her voice to create the AI voice used by TikTok, and relied upon two other claims:  false designation of origin under the Lanham Act and copyright infringement, as well as related state law claims. The false designation of origin claim turned on whether Standing’s voice was so recognizable that another party’s misappropriation of it could confuse consumers as to whether Standing authorized the Tik Tok use. The copyright infringement claim was possible because Standing created the original voice files for a company that hired her to record Chinese language translations. TikTok subsequently acquired the files but failed to get a license from Standing to use them, as TikTok was legally obligated to do because Standing was the original creator (and therefore copyright owner) of the voice files.

As with other historical technological innovations (one of the earliest being the printing press), the law often plays catch-up, but has proven surprisingly adaptable to new technology. Here, Standing was able to plead three legal theories (six if you count the state statutory and common law unfair competition claims), so it seems artists are well-protected by existing law, at least if they are alleging AI was used to copy their work or persona.

On the other hand, the case for protecting creative expression produced in whole or in part by AI is much more difficult. Some believe AI deserves its own form of copyright, since innovative technology has increasingly made its own music and sounds. Currently, protection for these sounds is limited, since only humans can be identified as authors for the purposes of copyright. Ryan Abott, a professor of law and health science at the University of Surrey in Britain, is attempting to bring a legal case against the U.S. Copyright Office to register a digital artwork made by a computer with AI as its author. The fear, says Abott, is that without rights over these sounds, innovation will be stifled — individuals will not have incentive to create AI works if they cannot protect them from unauthorized exploitation.

Agencies and Regulators Focus on AML Compliance for Cryptocurrency Industry

This year, regulators, supported by a slate of new legislation, have focused more of their efforts on AML violations and compliance deficiencies than ever before. As we have written about in the “AML Enforcement Continues to Trend in 2021” advisory, money laundering provisions in the National Defense Authorization Act for fiscal year 2021 (the NDAA) expanded the number of businesses required to report suspicious transactions, provided new tools to law enforcement to subpoena foreign banks, expanded the AML whistleblower program, and increased fines and penalties for companies who violate anti-money laundering provisions. The NDAA, consistent with Treasury regulations, also categorized cryptocurrencies as the same as fiat currencies for purposes of AML compliance.

In addition, as discussed in the “Businesses Must Prepare for Expansive AML Reporting of Beneficial Ownership Interests” advisory, the NDAA imposed new obligations on corporations, limited liability companies, and similar entities to report beneficial ownership information. Although the extent of that reporting has not yet been defined, the notice of proposed rulemaking issued by FinCEN raises serious concerns that the Treasury Department may require businesses to report beneficial ownership information for corporate affiliates, parents and subsidiaries; as well as to detail the entity’s relationship to the beneficial owner. Shortly after passage of the NDAA, Treasury Secretary Janet Yellen stressed that the Act “couldn’t have come at a better time,” and pledged to prioritize its implementation.

Money laundering in the cryptocurrency space has attracted increased attention from regulators and the IRS may soon have an additional tool at its disposal if H.R. 3684 (the bipartisan infrastructure bill) is signed into law. That bill includes AML provisions that would require stringent reporting of cryptocurrency transactions by brokers. If enacted, the IRS will be able to use these reports to identify large transfers of cryptocurrency assets, conduct money laundering investigations, and secure additional taxable income. Who qualifies as a “broker,” however, is still up for debate but some fear the term may be interpreted to encompass cryptocurrency miners, wallet providers and other software developers. According to some cryptocurrency experts, such an expansive reporting regime would prove unworkable for the industry. In response, an anonymous source from the Treasury Department told Bloomberg News that Treasury was already working on guidance to limit the scope of the term.

In addition to these legislative developments, regulators are already staking their claims over jurisdiction to conduct AML investigations in the cryptocurrency area. This month, SEC Chair Gary Gensler, in arguing that the SEC had broad authority over cryptocurrency, claimed that cryptocurrency was being used to “skirt our laws,” and likened the cryptocurrency space to “the Wild West . . . rife with fraud, scams, and abuse” — a sweeping allegation that received much backlash from not only cryptocurrency groups, but other regulators as well. CFTC Commissioner Brian Quintez, for example, tweeted in response: “Just so we’re all clear here, the SEC has no authority over pure commodities . . . [including] crypto assets.” Despite this disagreement, both regulatory agencies have collected millions of dollars in penalties from companies alleged to have violated AML laws or BSA reporting requirements. Just last week, a cryptocurrency exchange reached a $100 million settlement with FinCEN and the CFTC, stemming from allegations that the exchange did not conduct adequate due diligence and failed to report suspicious transactions.

With so many governmental entities focused on combatting money laundering, companies in the cryptocurrency space must stay abreast of these fast-moving developments. The combination of increased reporting obligations, additional law enforcement tools, and heightened penalties make it essential for cryptocurrency firms to institute strong compliance programs, update their AML manuals and policies, conduct regular self-assessments, and adequately train their employees. Companies should also expect additional regulations to be issued and new legislation to be enacted in the coming year. Stay tuned.

©2021 Katten Muchin Rosenman LLP

National Security Meets Teenage Dance Battles: Trump Issues Executive Orders Impacting TikTok and WeChat Business in the U.S.

On August 6, 2020, Trump issued two separate executive orders that will severely restrict TikTok and WeChat’s business in the United States.  For weeks, the media has reported on Trump’s desire to “ban” TikTok with speculation about the legal authority to do so.  We break down the impact of the Orders below.

The White House has been threatening for weeks to ban both apps in the interest of protecting “the national security, foreign policy, and economy of the United States.”  According to the Orders issued Thursday, the data collection practices of both entities purportedly “threaten[] to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”

This is not a new threat.  A variety of government actions in recent years have been aimed at mitigating the national security risks associated with foreign adversaries stealing sensitive data of U.S. persons.  For example, in 2018, the Foreign Investment Risk Review Modernization Act (FIRRMA) was implemented to expand the authority of the Committee on Foreign Investment in the United States (CFIUS) to review and address national security concerns arising from foreign investment in U.S. companies, particularly where foreign parties can access the personal data of U.S. citizens.  And CFIUS has not been hesitant about exercising this authority.  Last year, CFIUS required the divestment of a Chinese investor’s stake in Grindr, the popular gay dating app, because of concerns that the Chinese investor would have access to U.S. citizens’ sensitive information which could be used for blackmail or other nefarious purposes.  That action was in the face of Grindr’s impending IPO.

In May 2019, Trump took one step further, issuing Executive Order 13873 to address a “national emergency with respect to the information and communications technology and services supply chain.”  That Order stated that foreign adversaries were taking advantage of vulnerabilities in American IT and communications services supply chain and described broad measures to address that threat.  According to these new Orders, further action is necessary to address these threats.  EO 13873 and the TikTok and WeChat Orders were all issued under the International Emergency Economic Powers Act  (IEEPA), which provides the President broad authority to regulate transactions which threaten national security during a national emergency.

Order Highlights

Both Executive Orders provide the Secretary of Commerce broad authority to prohibit transactions involving the parent companies of TikTok and WeChat, with limitations on which transactions yet to be defined.

  • The TikTok EO prohibits “any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States,” with ByteDance Ltd., TikTok’s parent company, “or its subsidiaries, in which any such company has any interest, as identified by the Secretary of Commerce”
  • The WeChat EO prohibits “any transaction that is related to WeChat by any person, or with respect to any property, subject to the jurisdiction of the United States, with Tencent Holdings Ltd., WeChat’s parent company “or any subsidiary of that entity, as identified by the Secretary of Commerce.”
  • Both Executive Orders will take effect 45 days after issuance of the order (September 20, 2020), by which time the Secretary of Commerce will have identified the transactions subject to the Orders.

Implications

Until the Secretary of Commerce identifies the scope of transactions prohibited by the Executive Orders, the ultimate ramifications of these Orders remain unclear.  However, given what we do know, we have some initial thoughts on how these new prohibitions may play out.  The following are some preliminary answers to the burning questions at the forefront of every American teenager’s (and business person’s) mind.

Q:  Do these Orders ban the use of TikTok or WeChat in the United States?

A:  While the Orders do not necessarily ban the use of TikTok or WeChat itself, the app (or any future software updates) may no longer be available for download in the Google or Apple app stores in the U.S., and U.S. companies may not be able to purchase advertising on the social media platform – effectively (if not explicitly) banning the apps from the United States.

Q:  Will all transactions with ByteDance Ltd. and Tencent Holdings Ltd. (TikTok and WeChat’s parent companies, respectively) be prohibited?

A:  Given the broad language in the Orders, it does appear that U.S. app stores, carriers, or internet service providers (ISPs) will likely not be able to continue carrying the services while TikTok and WeChat are owned by these Chinese entities.  However, it is unlikely that the goal is to prohibit all transactions with these companies as a deterrent or punishment tool – which would essentially amount to designating them as Specially Designated Nationals (SDNs) – the  Orders clearly contemplate some limitations to be imposed on the types of transactions subject to the Order by the Secretary of Commerce.  Furthermore, the national security policy rationale for such restrictions will not be present in all transactions (i.e. if the concern is the ability of Chinese entities to access personal data of U.S. citizens in a manner that could be used against the interests of the United States, then presumably transactions in which ByteDance Ltd. and Tencent Holdings Ltd. do not have access to such data should be permissible.).  So while we do not know exactly what the scope of prohibited transactions will be, it would appear that the goal is to restrict these entities’ access to U.S. data and any transactions that would facilitate or allow such access.

Q:  What does “any property, subject to the jurisdiction of the United States” mean?

A:  Normally, the idea behind such language is to limit the prohibited transactions to those with a clear nexus to the United States: any U.S. person or person within the United States, or involving property within the United States.  It is unlikely that transactions conducted wholly outside the United States by non-U.S. entities would be impacted.  From a policy perspective, it would make sense that the prohibitions be limited to transactions that would facilitate these Chinese entities getting access to U.S.-person data through the use of TikTok and WeChat.

Q:  What about the reported sale of TikTok?

A: There is a chance the restrictions outlined in the TikTok EO will become moot.  Reportedly, Microsoft is in talks with ByteDance to acquire TikTok’s business in the United States and a few other jurisdictions.  If the scope of prohibited transactions are tailored to those involving access to U.S. person data and if a U.S. company can assure that U.S. user-data will be protected, then the national security concerns of continued use of the app would be mitigated.  Unless and until such acquisition takes place, U.S. companies investing in TikTok or utilizing it for advertising such be prepared for the restrictions to take effect.  At this time, there do not appear to be any U.S. buyers in the mix for WeChat.

Q:  The WeChat EO prohibits any transaction that is “related to” WeChat…what does that mean?

A:  The WeChat prohibition is more ambiguous and could have significantly wider impact on U.S. business interests. WeChat is widely used in the United States, particularly by people of Chinese descent, to carry out business transactions, including communicating with, and making mobile payments to, various service providers.  The WeChat EO prohibits “any transaction that is related to WeChat  with Tencent Holdings Ltd., or any of its subsidiaries.  Unlike TikTok, WeChat’s services extend beyond social media.  While the language of the ban is vague and the prohibited transactions are yet to be determined, it appears likely that using WeChat for these communications and transactions may no longer be legal. It is also unclear if the WeChat prohibition will extend to other businesses tied to Tencent, WeChat’s parent company, including major gaming companies Epic Games (publisher of the popular “Fortnite”), Riot Games (“League of Legends”), and Activision Blizzard, all in which Tencent has substantial ownership interests.  There has been some reporting that a White House official confirmed Tencent’s gaming interest are excluded from the Order as being unrelated to WeChat, but until the Secretary of Commerce specifies the prohibited transactions, the scope of the Order remains uncertain

Bottom Line

Until the Secretary of Commerce issues its list of transactions prohibited under these Executive Orders, the scope and effect of these Orders is conjectural.  This Administration’s all-in posture towards China would suggest that the prohibitions could be broad and severe.  U.S. companies utilizing WeChat or TikTok for business purposes or conducting business with the apps’ owners, should think carefully about ongoing and future transactions.  Of course, there is an election right around the corner and a new Administration may bring significant change to related foreign, trade and technology policy.  Thoughtful planning for a variety of scenarios will enable companies’ to respond appropriately as the restrictions on TikTok and WeChat are crystallized.


Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.

DOJ Gets Involved in Antitrust Case Against Symantec and Others Over Malware Testing Standards

The U.S. Department of Justice Antitrust Division has inserted itself into a case that questions whether the Anti-Malware Testing Standards Organization, Inc. (AMTSO) and some of its members are creating standards in a manner that violates antitrust laws.

AMTSO says it is exempt from such per se claims by the Standards Development Organization Act of 2004 (SDOA). Symantec Corp., an AMTSO member, says the more flexible “rule of reason” applies – that it must be proven that standards actually undermine competition, which the recommended guidelines do not.

Malware BugNSS Labs, Inc., is an Austin, Texas-based cybersecurity testing company which offers services including “data center intrusion prevention” and “threat detection analytics.”

In addition to Symantec, AMTSO members include widely recognized names like McAfee and Microsoft, as well as names known well in cybersecurity circles: CarbonBlack, CrowdStrike, FireEye, ICSA, and TrendMicro. NSS Labs also is a member, but says it is among a small number of testing service providers. The organization is dominated by product vendors who easily outvote the service providers like NSS, AV-Comparatives, AV-Test and SKD LABS, NSS maintains, claims disputed by the organization.

On Sept. 19, 2018, NSS Labs filed suit in U.S. District Court for the Northern District of California against AMTSO, CrowdStrike (since voluntarily dismissed), Symantec, and ESET, alleging the product companies used their power in AMTSO to control the design of the malware testing standards, “actively conspiring to prevent independent testing that uncovers product deficiencies to prevent consumers from finding out about them.” The industry standard requires a group boycott that restrains trade, NSS Labs argues, hurting service providers (NSS Labs v. CrowdStrike, et al., No. 5:18-cv-05711-BLF, N.D. Calif.).

The case is before U.S. District Judge Beth Labson Freeman in Palo Alto, who has presided over a number of high-profile matters.

AMTSO moved to dismiss NSS Labs’ suit, citing its exemption from per se antitrust claims because of its status as a standards development organization (SDO). Further, it argues that the group is open to anyone and, while there are three times more vendors than testing service providers in the organization, that reflects the market itself.

On June 26, the DOJ Antitrust Division asked the court not to dismiss the case because further evidence is needed to determine whether the exemption under the SDOAA is justified.

AMTSO countered that the primary reason the case should be dismissed has “nothing to do” with the SDOAA. NSS failed to allege that AMTSO participated in any boycott, the organization says. All the group has done is “adopt a voluntary standard and foster debate about its merits, which is not illegal at all, let alone per se illegal,” the group says, adding that the Antitrust Division is asking the court to “eviscerate the SDOAA.”

Symantec first responded to the suit with a public attack on NSS Labs itself, criticizing its methodology and lack of transparency in its testing procedures, as well as the company’s technical capability and it’s “pay to play” model in conducting public tests. NSS Labs’ leadership team includes a former principal engineer in the Office of the Chief Security Architect at Cisco, a former Hewlett-Packard professional who established and managed competitive intelligence network programs, and an information systems management professional who formerly held senior management positions at Deloitte, IBM and Aon Hewitt.

On July 8, Symantec responded to the Antitrust Division’s statement of interest. It argued that the SDOAA does not provide an exemption from antitrust laws. Instead, it offers “a legislative determination that the rule of reason – not the per se rule” to standard setting activities. “That simply means the plaintiff must prove actual harm to competition, rather than relying on an inflexible rule of law,” Symantec says.

The company wrote that the government may have a point, albeit a moot one. “Symantec does not believe so, but perhaps the Division is right that there is a factual question about whether AMTSO’s membership lacks the balance the statute requires for the exclusion from per se analysis to apply,” Symantec says. Either way, the company argues, it doesn’t matter to the motions for dismissal because the per se rule does not apply.

Judge Freeman has set deadlines for disclosures, discovery, expert designations, and Daubert motions, with a trial date of Feb. 7, 2022.

Commentary

The antitrust analysis of standards setting is one of the sharpest of two-edged swords: When it works properly, it reflects a technology-driven process of reaching an industry consensus that often brings commercialization and interoperability of new technologies to market. When it is undermined, however, it reflects concerted action among competitors that agree to exclude disfavored technologies in a way that looks very much like a group boycott, a per se violation of Section 1 of the Sherman Act.

Accordingly, the Standards Development Organization Advancement Act of 2004 (SDOAA) recognizes that, when they are functioning properly, exempting bone fide standards development organizations (SDOs) from liability for per se antitrust violations can promote the pro-competitive standard setting process. But, when do SDOs “function properly”? The answer is entirely procedural, and is embodied in the statutory definition of SDO: an organization that “incorporate[s] the attributes of openness, balance of interests, due process, an appeals process, and consensus … “

The essential claim in the complaint by NSS Labs, therefore, is that the rules and procedures followed by AMTSO do not provide sufficient procedural safeguards to ensure that the organization arrives at a pro-competitive industry consensus rather than a group boycott for the benefit of one or a few industry players dressed in the garb of standard setting.

This is a factual inquiry that cannot be countered by a legal defense that simply declares the defendant is an SDO and, therefore, immune to suit under the statute. Whether the AMTSO is an SDO under the law or not depends on how it conducts itself, the make-up of its members, and its fidelity to the procedural principles embodied in the statute. The plaintiff’s claim is that AMTSO has not followed the procedural principles required to qualify as an SDO under the Act. This is a purely factual issue and, as such, cannot be resolved on a motion to dismiss.

The DOJ should be commended for urging the court to proceed to discovery to adduce the necessary facts to distinguish between legitimate standard setting and an unlawful group boycott and it should continue to be vigilant in the face of SDOs and would-be SODs that might be tempted to use the wrong side of the standard setting sword to commit anticompetitive acts instead of the right side to produce welfare-enhancing industry consensus.

This is particularly true in vital industries like cybersecurity. Government agencies, businesses, and consumers are constantly and increasingly at risk from ever-evolving cyber threats. It is therefore imperative that the cybersecurity market remains competitive to ensure development of the most effective security products.


© MoginRubin LLP
This article was written by Jonathan Rubin and Timothy Z. LaComb of MoginRubin & edited by Tom Hagy for MoginRubin.
For more DOJ Antitrust activities, see the National Law Review Antitrust & Trade Regulation page.

Hush — They’re Listening to Us

Apple and Google have suspended their practice of reviewing recordings from users interacting with their voice assistant programs. Did you know this was happening to begin with?

These companies engaged in “grading,” a process where they review supposedly anonymized recordings of conversations people had with voice assistant program like Siri. A recent Guardian article revealed that these recordings were being passed on to service providers around the world to evaluate whether the voice assistant program was prompted intentionally, and the appropriateness of their responses to the questions users asked.

These recordings can include a user’s most private interactions and are vulnerable to being exposed. Google acknowledged “misconduct” regarding a leak of Dutch language conversation by one of its language experts contracted to refine its Google Assistant program.

Reports indicate around 1,000 conversations, captured by Google Assistant (available in Google Home smart speakers, Android devices and Chromebooks) being leaked to Belgian news outlet VRT NWS. Google audio snippets are not associated with particular user accounts as part of the review process, but some of those messages revealed sensitive information such as medical conditions and customer addresses.

Google will suspend using humans to review these recordings for at least three months, according to the Associated Press. This is yet another friendly reminder to Google Assistant users that they can turn off storing audio data to their Google account completely, or choose to auto-delete data after every three months or 18 months. Apple is also suspending grading and will review their process to improve their privacy practice.

Despite Google and Apple’s recent announcement, enforcement authorities are still looking to take action. German regulator, the Hamburg Commissioner for Data Protection and Freedom of Information, notified Google of their plan to use Article 66 powers of the General Data Protection Regulation (GDPR) to begin an “urgency procedure.” Since the GDPR’s implementation, we haven’t seen this enforcement action utilized, but its impact is significant as it allows the enforcement authorities to halt data processing when there is “an urgent need to act in order to protect the rights and freedoms of data subjects.”

While Google allows users to opt out of some uses of their recordings; Apple has not provided users that ability other than by disabling Siri entirely. Neither privacy policy explicitly warned users of these recordings but do reserve the right to use the information collected to improve their services. Apple, however, disclosed that they will soon provide a software update to allow Siri users opt-out of participation in grading.

Since we’re talking about Google Assistant and Siri, we have to mention the third member of the voice assistant triumvirate, Amazon’s Alexa. Amazon employs temporary workers to transcribe the voice commands of its Alexa. Users can opt out of “Help[ing] Improve Amazon Services and Develop New Features” and allowing their voice recordings to be evaluated.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

Reporters Committee and Media Companies Back Google, Microsoft in Foreign Intelligence Surveillance Court (FISA)

ArmstrongTeasdale logo

In a historic move for The Reporters Committee for Freedom of the Press (RCFP), the organization has filed an amicus brief with the secretive Foreign Intelligence Surveillance Court (FISA) to support the free-speech rights of Google and Microsoft. The July 15, 2013 action marks the first time RCFP has both filed with the FISA Court and backed the First Amendment interests of Internet companies.

The RCFP has provided free legal advice, resources, support, and advocacy to journalists for more than 40 years.  It is joined in the brief by the following media companies: The Associated Press, Bloomberg L.P., Dow Jones & Company, Inc., Gannett Co., Inc., Los Angeles Times, The McClatchy Company, National Public Radio, Inc., The New York Times Company, The New Yorker; The Newsweek/Daily Beast Company LLC, Reuters America LLC, Tribune Company, and the Washington Post.

In June, both Microsoft and Google filed petitions with the FISA Court seeking permission to publish data on national security requests they received and which had been authorized by the court. The same month the American Civil Liberties Union (ACLU) and the Media Freedom and Information Access Clinic at Yale Law School filed a brief with the FISA Court requesting that it publish its opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act.

That section authorizes the government to obtain “any tangible thing” relevant to foreign-intelligence or terrorism investigations.  It was the legal basis for an April FISA Court order requiring Verizon to turn over “on an ongoing daily basis” to the National Security Agency all call logs “between the United States and abroad” or “wholly within the United States, including local telephone calls.” The order was revealed by U.K.-based newspaper The Guardian in early June.

The amicus filing by RCFP and the coalition of news-media organizations supports the ACLU arguments that the court should release decisions that interpret the FISA laws and create binding precedent. However, the RCFP  brief emphasizes a related point: that the public has a First Amendment right to know both about the secretive court’s core activities and receive information from Google and Microsoft. The brief describes the two companies as “speakers” with significant free-speech interests who want to provide the public with information about the government surveillance programs in which they have been required to participate.

“In addition to implicating their rights as speakers, the Google and Microsoft cases raise important concerns relating to the interests of the public in receiving information, an interest that the Supreme Court has long recognized as a separate component of the speech and press freedoms under the First Amendment,” the brief argues. “Where the communications providers are willing speakers, the public has a heightened interest in hearing their speech. That interest is heightened even more when the government is itself choosing to provide information to the public regarding issues central to the Google and Microsoft cases.”

The information Google and Microsoft want to share with the public is not prohibited by law, the media coalition states, and this information “will better explain the nature of their participation in these (government-surveillance) programs and correct popular misconceptions about the operation of key antiterrorism initiatives undertaken by the government.”

The brief continues that the issues raised in the petitions are vitally important to both national security and civil liberties: “They inevitably and rightfully are going to be the subject of public reporting and debate, and secrecy is preventing the public and the press from having even the rudimentary information needed for the kind of informed discussion that the country deserves.”

 of

Round Up – Intellectual Property and Cyber Security Things You May Have Missed (Including Some Good Summer Cocktail Banter Material)

Giordano Logo

Cyber Security Report – Earlier this year, Verizon released its 2013 Data Breach Investigations Report.  The report analyzes and presents data regarding the current state of various data breaches and network attacks.  Some of the results are surprising.

  •             92% of breaches are perpetrated by outsiders
  •             19% of breaches are attributed to state-affiliated actors
  •             76% of network intrusions exploit weak or stolen credentials
  •             66% took months or more to discover

Do Trademark Lawyers Matter? – An empirical study, published in the Stanford Technology Law Review, provided the results of a grueling analysis of 25 years worth of data from the United States Patent and Trademark Office records on whether being represented by a trademark attorney makes a difference in the likelihood of success in getting your mark registered.  The results?  YES!  It turns out that, overall, trademark applicants who are represented by an attorney are 50% more likely to have their marks registered.  The results are even more dramatic when an application faces an obstacle (e.g., an office action).  In those instances, applicants were found to be 68% more likely to proceed to publication when represented by counsel.  Perhaps its time for a national trademark lawyer appreciation day! (I’m not holding my breath).

Does Keyword Advertising Really Work?  eBay recently released a study, entitled “Consumer Heterogeneity and Paid Search Effectiveness: A Large Scale Field Experiment” which analyzed the effectiveness of eBay’s keyword advertising efforts.  So does keyword advertising really work?  Not so much.  According to the study, for well known brands (like eBay), new and infrequent users may be more influenced by keyword triggered advertisements.  But more experienced searchers and otherwise loyal brand users are not influenced by the ads.  When eBay stopped its keyword advertising, almost all of the traffic lost from the absence of the ad was picked up in the native search results.  It’s important to note, however, that this study was focused on a single well known brand.  The results may be quite different for other brands or for less well known brands.  Moreover, the study says nothing about the use of a trademark by a competitor as a keyword to drive traffic to the competitor’s website.

Marketing Your Mobile App – The FTC has released guidelines for mobile app developers when advertising their software.  The plain language guide is very high level, but does include some helpful tid bits to remember.  Highlights include:

  • Advertising is everything a company tells a prospective buyer about its app (whether its in the formal ad campaign or in other communications).
  • Don’t bury key disclosures in “dense blocks of legal mumbo jumbo” or behind hyperlinks.
  • Build in privacy by design, including principles used in selecting default settings.
  • If you change your privacy policy, you need to get user’s consent.  Merely editing the language of the policy isn’t enough.

Effective Disclosures in Digital Advertising – The FTC also released guidelines for online advertising.  This new guidance focuses on the peculiarities and challenges associated with online advertising.  Where this adds new value is in its analysis and detail (with examples!) of the following areas:

  • Proximity and Placement – where disclosures have to be placed to be effective
  • Hyperlinks – including proper labeling and placement
  • Prominence – including use of size, color and graphics
  • Distractions – risks from graphics, sounds and links that may distract from disclosures
  • Multimedia – use of audio and video

Attack on “Happy Birthday” Copyright.  Salon.com reported yesterday that a class action suit has been filed to attack the copyright in the popular birthday celebration tune.  According to the report, the lawsuit was prompted by a documentary uncovering evidence that the song was originally published as early as 1893 and that the current copyright is based on a 1924 publication date which grants the work 95 years of copyright protection.  Based on my count, there’s only about 6 years left in the alleged copyright to begin with.  Hopefully the lawsuit gets resolved before then.

Article By:

 of

China’s First-Ever National Standard on Data Privacy – Best Practices for Companies in China on Managing Data Privacy

Sheppard Mullin 2012

Companies doing business in China should take careful notice that China is now paying more attention to personal data privacy collection. This would be an opportune time for private companies to internally review existing data collection and management practices, as well as determine whether these fall within the new guidelines, and where necessary, develop and incorporate new internal data privacy practices.

The Information Security Technology-Guide for Personal Information Protection within Public and Commercial Systems (“Guidelines”), China’s first-ever national standard for personal data privacy protection, came into effect on February 1, 2013. The Guidelines, while not legally binding, are just what they purport to be – guidelines – some commentators view these as technical guidelines. However, the Guidelines should not be taken lightly as this may be a pre-cursor of new legislation ahead. China is not quite ready to issue new binding legislation, but there are indications it seeks to develop consistency with other internationally accepted practices, especially following recent data legislation enacted in the region by neighboring Hong Kong and other Asian countries.

What should companies look for when examining existing data privacy and collection policy and practices? As the Guidelines provide for rules on collecting, handling, transferring and deleting personal information, these areas of a company’s current policies should be reviewed.

“Personal Information”

What personal information is subject to the Guidelines? The Guidelines define “personal information” as “computer data that may be processed by an information system, relevant to a certain natural person, and that may be used solely or along with other information to identify such natural person.”

“General” and “Sensitive” Personal Information

The Guidelines makes a distinction on handling “general” as opposed to “sensitive” personal information. Sensitive personal information is defined as “information the leakage of which will cause adverse consequences to the subject individual” e.g. information such as an individual’s identity card, religious views or fingerprints.

Consent Required

If an individual’s personal information is being collected, that individual should be informed as to the purpose and the scope of the data being collected; tacit consent must be obtained- the individual does not object after being well informed. With “sensitive” personal information being collected, a higher level of consent must be obtained prior to collection and use; the individual must provide express consent and such evidence be retained.

Notice

Best practices dictate a well-informed notice be given the individual prior to collection of any personal information. The notice should clearly spell out, among other items, what information is being collected, the purpose for which the information will be used, the method of collection, party to whom the personal information will be disclosed and retention period.

Cross Border Transfer

The Guidelines further limit the transfer of personal information to any organization outside of P.R. China except where the individual provides consent, the government authorizes the transfer or the transfer is required by law. It is unclear as to which law applies where transfer is “required by law”- PRC law or law of any other country.

Notification of Breach

There is a notification requirement. The individual must be notified if personal information is lost, altered or divulged. If the breach incident is material, then the “personal information protection administration authority.” The Guidelines, however, do not define or make clear this administration authority is here.

Retention and Deletion

Best practices for a company is to minimize the amount of personal information collected. Personal information once used to achieve their intended purpose should not be stored and maintained, but immediately deleted.

The Guidelines may not be binding authority, but at a minimum sets certain standards for the collection, transfer and management of personal information. Especially for companies operating in China, the Guidelines is a call to action, and for implementation of best practices relating to data privacy. Companies should take this opportunity to assess their data privacy and security policies, review and revise customer information intake procedures and documentation, and develop and implement clear, company-wide internal data privacy policies and methods.

Article By:

 of

Federal Trade Commission (FTC) Has Released New Guidance on the Use of Disclosures by Mobile and Online Advertisers

The National Law Review recently featured an article, Federal Trade Commission (FTC) Has Released New Guidance on the Use of Disclosures by Mobile and Online Advertisers, written by the  Retail Industry Group with Morgan, Lewis & Bockius LLP:

Morgan Lewis logo

 

Background

In 2000, the FTC issued the guidance “Dot Com Disclosures: Information about Online Advertising,”which emphasized that consumer protection laws applied equally across all mediums, including to computers and the Internet. The FTC counseled that, where a disclosure is needed to prevent an advertising claim from being misleading, the disclosure must be both “clear” and “conspicuous” and provided advice and examples on how the FTC would interpret and apply those terms.

With the rise of smartphones and tablets, which have smaller screens, and the prevalence of social media marketing, the FTC decided to update the guidance and began seeking public comment in May 2011. The FTC issued the new guidance, “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,”on March 12, 2013.

The new “Dot Com Disclosures” guidance emphasizes that consumer protection laws apply to all mediums, including smartphones and tablets, and to all formats, such as social media platforms, regardless of the space constraints those particular mediums and formats may impose. Space constraints are not considered an excuse for failure to provide the disclosures necessary to prevent advertising from being misleading or unfair. The new guidance includes helpful advice on compliance and an appendix with illustrative examples of ads and related disclosures.

The New Guidance

In the new guidance, the FTC recommends that problems with disclosures in the context of mobile devices and social media are best resolved by incorporating the relevant limitations and qualifying information into the ad itself and thus avoiding the need for any disclosure.

Where a disclosure is necessary to prevent an ad from being misleading, the disclosure must be “clear and conspicuous.” This requirement applies to all devices and platforms on which an ad may be viewed by consumers. If disclosures cannot be made in a clear and conspicuous manner on a particular medium, the advertiser should not use that medium for advertising.

In order to ensure that a disclosure is clear and conspicuous, the guidance advises advertisers to consider the placement and proximity of the disclosure to the specific advertising claim it is related to. The FTC says that disclosures should be “as close as possible” to the triggering claim. Advertisements should also be designed so that “scrolling” is not necessary to find a disclosure. Where a website is lengthy or where there are multiple routes through a website, it may be necessary to repeat disclosures.

Disclosures should be displayed so they are noticeable to consumers. To that end, advertisers should evaluate the size, color, and graphic treatment of a disclosure in comparison to the triggering claim and other parts of the website. The disclosure should be viewed in the context of the entire ad and other elements, such as graphics, sound, or audio, to ensure that consumers are not distracted from the disclosure.

Like the earlier guidance, the new guidance advises advertisers to avoid hyperlinks for disclosures that involve either product cost or significant health and safety issues. Where hyperlinks are used, care should be taken to (a) make the links obvious, (b) label the links accurately and as specifically as possible, (c) use hyperlink styles consistently, and (d) place the link as close to the relevant claim as possible. Advertisers should be careful to consider how hyperlinks may function on certain devices and assess the effectiveness by monitoring click-through rates.

Placement of disclosures on pop-ups is discouraged since they are often blocked and may not be viewed on certain devices.

Practical Implications

The new guidance is a reminder of the importance of ensuring that advertising complies with consumer protection laws, even where ads are viewed on new devices and in novel formats. The guidance indicates how the FTC will exercise its own enforcement powers, and it will be a touchstone for how state regulators, courts, and plaintiffs’ attorneys evaluate retailers’ marketing. Although particular advertising claims must be evaluated on a case-bycase basis and compliance with the guidance will not eliminate the threat of enforcement actions or class action litigation, the new “Dot Com Disclosures” guidance provides some helpful direction to retailers seeking to stay on the right side of the line.


1. View the original guidance at http://www.ftc.gov/os/2000/05/0005dotcomstaffreport.pdf. 

2. View the new guidance at http://www.ftc.gov/os/2013/03/130312dotcomdisclosures.pdf.

Copyright © 2013 by Morgan, Lewis & Bockius LLP