Tag: Internet

California District Court Holds that Providing Cellphone Number for an Online Purchase Constitutes “Prior Express Consent” Under TCPA – Telephone Consumer Protection Act

DrinkerBiddle

 

A federal district court in California recently ruled that a consumer who voluntarily provided a cellphone number in order to complete an online purchase gave “prior express consent” to receive a text message from the business’s vendors under the TCPA. See Baird v. Sabre, Inc., No. CV 13-999 SVW, 2014 WL 320205 (C.D. Cal. Jan. 28, 2014).

In Baird, the plaintiff booked flights through the Hawaiian Airlines website. In order to complete her purchase, the plaintiff provided her cellphone number. Several weeks later she received a text message from the airline’s vendor, Sabre, Inc., inviting the plaintiff to receive flight notification services by replying “yes.” The plaintiff did not respond and no further messages were sent. The plaintiff sued the vendor claiming that it violated the TCPA by sending the single text message.

The central issue in Baird was whether, by providing her cellphone number to the airline, the plaintiff gave “prior express consent” to receive autodialed calls from the vendor under the TCPA. In 1992, the FCC promulgated TCPA implementing rules, including a ruling that “persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.” In re Rules & Reg’s Implementing the Tel. Consumer Prot. Act of 1991, 7 F.C.C.R. 8752, 8769 ¶ 31 (1992) (“1992 FCC Order”). In support of this ruling, the FCC cited to a House Report stating that when a person provides their phone number to a business, “the called party has in essence requested the contact by providing the caller with their telephone number for use in normal business communications.” Id. (citing H.R.Rep. No. 102–317, at 13 (1991)).

The court found that, while the 1992 FCC Order “is not a model of clarity,” it shows that the “FCC intended to provide a definition of the term ‘prior express consent.’” Id. at *5. Under that definition, the court held that the plaintiff consented to being contacted on her cellphone by an automated dialing machine when she provided the number to Hawaiian Airlines during the online reservation process. Id. at *6. Under the existing TCPA jurisprudence, a text message is a “call.” Id. at *1. Furthermore, although the plaintiff only provided her cellphone number to the airline (and not to Sabre, Inc., the vendor), the court concluded that “[n]o reasonable consumer could believe that consenting to be contacted by an airline company about a scheduled flight requires that all communications be made by direct employees of the airline, but never by any contractors performing services for the airline.” Id. at *6. The Judge was likewise unmoved by the fact that the plaintiff was required to provide a phone number (though not necessarily a cellphone number) to complete the online ticket purchase. Indeed, the court observed that the affirmative act of providing her cellphone number was an inherently “voluntary” act and that, had the plaintiff objected, she could simply have chosen not to fly Hawaiian Airlines. Id.

Baird does not address the October 2013 TCPA regulatory amendments that require “prior express written consent” for certain types of calls made to cellular phones and residential lines (a topic that previously has been covered on this blog). See 47 CFR § 64.1200(a)(2), (3) (emphasis added). “Prior express written consent” is defined as “an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial prerecorded voice, and the telephone number to which the signatory authorized such advertisements or telemarketing messages to be delivered.” 47 CFR § 64.1200(f)(8). Whether the Baird rationale would help in a “prior express written consent” case likely would depend on the underlying facts such as whether the consumer/plaintiff agreed when making a purchase to be contacted by the merchant at the phone number provided, and whether the consumer/plaintiff provided an electronic signature. See 47 CFR § 64.1200(f)(8)(ii).

Nonetheless, Baird is a significant win for the TCPA defense bar and significantly reduces TCPA risk for the defendants making non-telemarketing calls (or texts) to cellphones using an automated dialer (for which “prior express consent” is the principal affirmative defense). If that cellphone number is given by the consumer voluntarily (and, given the expansive logic of Baird, we wonder when it could be considered “coerced”), the defendant has obtained express consent. Baird leaves open a number of questions worth watching, including how far removed the third-party contractor can be from the company to whom a cellphone number was voluntarily provided. Judge Wilson seemed to think it was obvious to the consumer that a third-party might be utilized by an airline to provide flight status information, but how far does that go? We’ll be watching.

Article By:

Of:

Drinker Biddle & Reath LLP

New Social Network for Attorneys Now Online

The Rainmaker Institute mini logo (1)

 

A new social network for attorneys – Foxwordy – has now launched and is offering any lawyer who is “an innovator and influencer in the legal industry” a free three-month membership to what its founder is calling an “invitation-only private social-networking platform brings together relevant top-tier legal colleagues to efficiently collaborate in real-time.”

Lawyer Attorney Social Media

It appears that this new site is aimed at creating a new attorney-to-attorney referral platform.  Foxwordy founder Monica Zent said that the site provides a way for attorneys to gain a peer validated reputation and encourages collaborations that would normally happen via the phone, in person or by email.

Some of the site’s features include:

  • Real-time collaboration with other lawyers working on common issues
  • Ability for attorneys to share best practices and language for legal documents
  • Listing of job opportunities similar to LinkedIn

Zent says there are currently 1,000 members on the website that is now out of beta.  The network will not be available to the public; it is designed solely as a website for attorneys to share information and collaborate, and membership is by invitation only.  You provide your name and email address on the home page to request an invitation.

It was unclear on the site how you are vetted for membership; since the site’s revenue model is based on subscriptions alone ($10 per month), I was guessing that the bar isn’t set too high.  And I was proven right after I had one of my non-attorney staff members enter her name and Gmail address, and she received a congratulatory email minutes later on her acceptance.

I’d be interested to hear from attorneys who sign up and participate on this new social network for lawyers – what are you finding of most value for your practice from this new social media tool?

Article by:

Stephen Fairley

Of:

The Rainmaker Institute

Digital Currency Identified as an “Emerging Risk” in the Canadian Federal Government’s 2014 Budget

Dickinson Wright Logo

 

On February 11, 2014, the Canadian Federal Government released its 2014 Budget. In the 2014 Budget, the Federal Government pledged to introduce legislative amendments to strengthen Canada’s anti-money laundering and terrorist financing regime in the area of virtual (digital) currency.

2013: Year of Bitcoin?

At the beginning of 2013, one bitcoin could be purchased for $12. For a brief period in November 2013, one bitcoin was worth more than one ounce of gold ($1242 to $1240, respectively). Forbes and MarketWatch wrote articles proclaiming 2013 as the year of bitcoin, and “bitcoin” was chosen as the word of the year by the Australian National Dictionary Centre (beating out worthy candidates, including “selfie” and “twerk”).

This increased popularity of digital currency has brought increased scrutiny from regulators and law enforcement. Last year in the United States, the Financial Crimes Enforcement Network issued guidance with respect to whether activities by individuals and companies related to virtual currencies are subject to registration, reporting, and recordkeeping requirements, and the FBI arrested the “mastermind” of Silk Road (a marketplace selling illegal items and accepting payment in virtual currency). In early 2014, a prominent member of the bitcoin community was indicted on money laundering charges.

Canada Revenue Agency (“CRA”) Release Its Position on Bitcoin

Prior to the release of the 2014 Budget, the main Canadian government references to digital currency were from the CRA. The first notable CRA acknowledgment of bitcoin was in April 2013 in the form of a CRA communication to the Canadian Broadcasting Corporation (“CBC”). The communication stated that transactions involving bitcoin are barter transactions and that gains resulting from bitcoin transactions could be income or capital depending on the specific facts.

On November 5, 2013, the CRA issued its first release on the taxation of digital currency. This release reinforced the CRA’s earlier position on bitcoin that was set out in its April 2013 e-mail to the CBC. On December 23, 2013, in CRA Document No. 2013-0514701|7, subject “Bitcoins,” the CRA further clarified its position with respect to bitcoin “in response to a summary of comments that were provided in response to a recent media enquiry describing the income tax consequences of various transactions involving digital currency.”

Accordingly, the CRA considers bitcoin to be a commodity, not a currency. Therefore, using bitcoins to purchase goods or services is considered a barter transaction. The sale of bitcoins at a profit is treated as either income or capital depending on a particular taxpayer’s circumstances.

Virtual Currency in the 2014 Budget

Virtual currency is identified in the 2014 Budget as an “emerging risk” that threatens Canada’s international leadership in the fight against money laundering and terrorist financing. Bitcoin is cited in the 2014 Budget as an example of such virtual currency.

In the 2014 Budget, the Federal Government proposed to introduce anti-money laundering and anti-terrorist financing regulations for virtual currencies, such as bitcoin.

The Federal Government noted in the 2014 Budget that this proposal was based on a report by the Standing Senate Committee on Banking, Trade and Commerce entitled Follow the Money: Is Canada Making Progress in Combatting Money Laundering and Terrorist Financing? Not Really (the “Report”). The Report is a five-year review of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “Act”) and was issued in March 2013. However, the only reference in the Report to digital currency is a brief note that the development of electronic methods to launder money must be addressed through timely amendments to the Act and its regulations.

2014: Year of Bitcoin Regulation

The Federal Government has identified digital currency as an “emerging risk” in the fight against money laundering and terrorist financing. Accordingly, the regulation of digital currency in Canada is imminent, and individuals and businesses dealing in bitcoin will soon be subject to certain registration, reporting, and recordkeeping requirements.

Article by:

Dickinson Wright PLLC

 

Retail Shopping: Virtual or Reality?

logo

 

In the 1998 movie, “You’ve Got Mail,” the charming children’s bookshop owned by Meg Ryan’s character is threatened by the mega-box book store owned by Tom Hank’s character. Despite the small shop’s long history as a part of the Main Street USA-style neighborhood, the store eventually folds underneath the pressure exerted by the discount powerhouse next door. Flash forward to 2014, and Borders book stores have closed their doors due in large part to Amazon.com’s supremacy in the sale of on-line books. According to Bloomberg News, in December 2013, “Cyber Monday web sales surged, sending online shoppers to a single-day record as Amazon.com and EBay, Inc. siphoned customers from brick and mortar stores.” At first glance, it seems like there’s only bad news for traditional retail shops.

Retail Shopping You've Got Mail

But here’s some good news: physical shopping centers can compete with the convenience of one-click online shopping by offering the right combination of stores, services, restaurants and entertainment that will draw consumers to live retail destinations.

Consumers will be more likely to shop in brick and mortar stores for products they want to touch and try out first hand, such as beauty products by Sephora, home furnishings by Boston Interiors, or high end clothing.  Specialized fitness studios such as yoga studios or indoor cycling classes and luxurious salon and spa services will also attract even the most avid online shoppers.

In addition, many new outdoor centers offer more immersive options than the traditional strip center or enclosed mall: These so-called “urban villages” feature amenities and entertainment venues such as walking boulevards, outdoor plazas for concerts, retro bowling alleys, ice skating rinks and even life-size Chess boards. In addition, many of the new centers offer a wide range of culinary options to satisfy every craving, from an elegant first-class steakhouse to a casual French bakery and cafe — the perfect place to indulge in a sidewalk cappuccino or chocolate croissant. Chain restaurants and discount stores strung along the highway don’t stand a chance against a restaurant or boutique located in one of these vibrant centers. These shopping hubs often have plenty of space and facilities for special events: restaurants can host celebrity chef events, and the outdoor spaces can accommodate fashion shows, fine art performances, art shows and other seasonal and community events.

By offering products and services that people prefer to buy in real life and by creating destination centers where friends and families will flock to shop, eat, socialize and have fun, the experience of shopping on Main Street USA will surely remain an integral part of the future of retail.

Article by:

Jane Errico

Of:

Sherin and Lodgen LLP

California Continues to Shape Privacy Standards: Song-Beverly Act Extended to Email Addresses

Womble Carlyle

 

Executive Summary: California retailer restricted from requiring a customer email address as part of a credit card transaction. We knew that asking for zip codes is intrusive personal questioning, and now asking for email has been added to the list.

California’s Song-Beverly Credit Card Act (Cal. Civ. Code Sec. 1747 et seq.) (“Song-Beverly Act” or “Act”) restricts businesses from requesting, or requiring, as a condition to accepting credit card payments that the card holder provide “personal identification information” that is written or recorded on the credit card transaction form or otherwise. “Personal identification information” means “information concerning the cardholder,other than information set forth on the credit card, and including, but not limited to, the card holder’s address and telephone number.” The California Supreme Court has previously ruled that zip codes are also “personal identification information” under the Song-Beverly Act. See Pineda (Jessica) v. Williams-Sonoma Stores, Inc., 2011 Cal. LEXIS 1502 (Cal. Feb. 10, 2011).

Recently, a United States federal district court in California expanded “personal identification information” to include email addresses in a decision denying retailer Nordstrom’s motion to dismiss claims it violated the Song-Beverly Act. The plaintiff sued Nordstrom for collecting his email address as part of a credit card transaction at one of its California stores in order to email him a receipt, then subsequently using his email address to send him frequent, unsolicited marketing emails. See Capp v. Nordstrom, Inc., 2013 U.S. Dist. LEXIS 151867, 2013 WL 5739102 (E.D. Cal. Oct. 21, 2013).

Raising a case of first impression under California law, Nordstrom claimed that email addresses are not “personal identification information” under the Song-Beverly Act, so the Act did not apply. The court disagreed with Nordstrom and found the opposite based on the California Supreme Court’s earlier ruling in Pineda. Nordstrom’s argument that email addresses can readily be changed, unlike zip codes, and consumers can have multiple email addresses was not persuasive. The court held that an email address regards a card holder in a more personal and specific way than a zip code. Unlike a zip code that refers to the general area where a card holder works or lives, email permits direct contact with the consumer and implicates their privacy interests. The court concluded that the collection of email addresses is contrary to the Song-Beverly Act’s purpose to guard against misuse of personal information for marketing purposes. In particular, the plaintiff’s allegation that his email address was collected to send him a receipt and then used to send him promotional emails directly implicates the protective purposes of the Act as interpreted in Pineda.

Pineda held that zip codes are personal information for purposes of the Song-Beverly Act, and therefore a brick and mortar retailer violated the Act when it requested and recorded such data. In the Pineda decision, the California Supreme Court found that zip codes, like the card holder’s address expressly called out as “personal identification information” under the Act, were unnecessary to completing the credit card transaction and inconsistent with the protective purpose of the Act. This is especially true when a zip code is collected to be used with the card holder’s name in order to locate the card holder’s address, permitting a retailer to locate indirectly what it is prohibited from obtaining directly under the Act.

Nordstrom also argued that the plaintiff’s claims under the Song-Beverly Act were preempted by the federal “Controlling the Assault of Non-Solicited Pornography and Marketing Act” (better known as the CAN-SPAM Act), but the court disagreed. While the CAN-SPAM Act contains a preemption provision, it only preempts state laws that regulate the manner in which email messages are sent and their content, both of which are not regulated under the Song-Beverly Act.

Retailer tip: The federal court issuing this most recent decision recommends waiting to request an email address (or a zip code) until after the consumer has the receipt from their credit card transaction in hand, and then sending the consumer emails only in conformance with the CAN-SPAM Act.

In the wake of Pineda, retailers faced class action lawsuits for requesting consumer zip codes at check out. This new decision could have a similar effect.

Article by:

Of:

Womble Carlyle Sandridge & Rice, PLLC

Registering Your Trademark with the Trademark Clearinghouse – Is Your House in Order?

Dickinson Wright Logo

 

“It’s happening – the biggest change to the Internet since its inception” is how the president of ICANN’s Generic Domains Division has described the new gTLD Program being implemented by The Internet Corporation for Assigned Names and Numbers (ICANN), and rightfully so. The new program will result in the expansion of available generic Top-Level Domains (gTLDs), such as .COM, .NET or .ORG, from the list of 22 that we’ve all become familiar with through the years, to a list of possibly 1,400 generic Top-Level Domains.

On October 23, 2013, the first new gTLDs were “delegated”. This means they were introduced into the Internet’s “Root Zone”, the central authoritative database for the Internet. As a result, the domain name Registries, the organizations approved to operate these and other soon-to-be-delegated gTLDs, can execute the final processes required to make their domain names available to Internet users. ICANN claims that the purpose of this unprecedented expansion of domain name extensions is to enhance competition, innovation and choice in the Domain Name space, providing a wider variety of organizations, communities and brands new ways to communicate with their audiences. As available real estate in the “.com” territory has become increasingly scarce, it is hoped that the new gTLDs will provide additional space for entities and individuals to set up an online presence. While it is true that virtually every two or three letter combination seems to have already been registered in the “.com” Top-Level Domain, this explosion of new generic top-level domains also means big bucks for domain name registrars and additional costs for trademark owners who properly protect their marks.

While 4 new gTLDs were delegated in October, the delegation has been a rolling process, with new generic Top-Level Domains being released in November, December and January. Below are just a few of some the gTLDs that have successfully completed the process. The list will continue to be expanded as the measured rollout of the new gTLDs progresses over the coming years:

.equipment

.kitchen

.diamonds

.bike

.shoes

.technology

.enterprises

.gallery

.education

.graphics

.ceo

.ventures

As the new gTLD program is rolled out, many trademark owners are wisely looking for ways to protect their brands from being registered by third parties as domain names in the new gTLD space without their knowledge or consent. In view of the rapidly changing gTLD landscape, owners need to be aware of how to protect their marks, sooner rather than later.

What Does All This Mean for Brand Owners?

Over the past year, there has been significant discussion and concern in the legal community regarding the potential for trademark infringement by third parties seeking to register domain names that incorporate the brands of others under these newly released gTLDs.

In light of the potential for infringement, ICANN has established certain mechanisms for the new gTLD program in order to try and protect the rights of brand owners. The main tool for doing so is the Trademark Clearinghouse (TMCH), an entity created by ICANN with which trademark owners can register their marks in advance of the new gTLD launches.

Brand owners who register their trademarks with the TMCH can take advantage of a priority, or “sunrise”, period during which they are entitled to register domain names that are identical to their marks, before registration opens to the general public. In addition, the TMCH provides the brand owner with automatic notification of any third-party attempts to register domain names that are identical to their marks, enabling the mark owner to then take appropriate legal action. To be clear, this mechanism does not stop third-parties from registering domain names identical to marks registered with the TMCH, but does notify the brand owner, or its representative, of such registration. These devices provide brand owners with help against cyber squatters seeking to register infringing domain names under the new gTLDs.

Registration of a trademark with the TMCH is available for registered trademarks, marks protected by statute or treaty, or court-validated marks. Registration is also available for any other marks protectable under the new gTLD registry’s policies and that meet the eligibility requirements of the TMCH. Registration with the TMCH is encouraged for brand owners in order to combat infringement of their brands in cyberspace and registration costs currently are $150 per mark for a one-year term of registration, $435 for a three-year term, and $725 for a five-year term. Such registration with the TMCH does not include fees that will be charged by the new gTLD registrars to register domain names during the “sunrise” or general public registration periods.

The biggest change to the Internet since its inception is happening now…make sure your marks are protected!

Article by:

Nicole M. Meyer

Of:

Dickinson Wright PLLC

New Online Privacy Policy Requirements Take Effect January 1, 2014

VedderPriceLogo

 

California Online Privacy Protection Act (CalOPPA)

Owners of websites, online services or mobile applications (apps) that can be accessed or used by California residents should ensure their compliance with the new amendments to the California Online Privacy Protection Act of 2003 (CalOPPA) by the law’s January 1, 2014 effective date.  The borderless nature of the Internet makes this law applicable to almost every website or online service and mobile application.  Accordingly, companies should review and revise their online privacy policies to ensure compliance with the new law and avoid potentially significant penalties.

Previously, CalOPPA required the owner of any website or online service operated for commercial purposes (an “operator”) that collects California residents’ personally identifiable information (PII) to conspicuously post a privacy policy that met certain content requirements, including identifying the types of PII collected and the categories of third parties with whom that information is shared. The new law requires that companies subject to CalOPPA provide the following additional disclosures in their privacy policies.

  • How an operator responds to “do not track” signals from Internet browsers and any other mechanism that provides consumers a choice regarding the collection of PII about an individual consumer’s online activities over time and across third-party websites and online services.  A company may satisfy this requirement by revising its privacy policy to include the new disclosures or by providing a clear and conspicuous hyperlink to a webpage that contains a description of any program or protocol the company follows to provide consumers a choice about tracking, including the effects of the consumer’s choice.
  • An affected company must disclose to users whether third parties may collect PII about a user’s online activities over time and across different websites when a consumer uses the operator’s website or online service. However, an operator is not required to disclose the identities of such third parties.

The California law does not require that operators honor a user’s “do not track” signals. Instead, operators must only provide users with a disclosure about how the website or mobile app will respond to such mechanisms. “Do not track” mechanisms are typically small pieces of code, similar to cookies, that signal to websites or mobile apps that the user does not want his or her website or app activities tracked by the operator, including through analytics tools, advertising networks, and other types of data collection and tracking practices.  Further, the Privacy Enforcement and Protection Unit of the California Office of the Attorney General recently stated that the required disclosures should not be limited to tracking simply for online behavioral advertising purposes, but those disclosures must extend to any other purpose for which online behavioral data is collected by a business’s website (e.g., market research, website analytics, website operations, fraud detection and prevention, or security).

A violation of the law can result in a civil fine of up to $2,500 per incident. The California Attorney General maintains that each noncompliant mobile app download constitutes a single violation and that each download may trigger a fine.

Given that most company websites will have California visitors, companies should consider taking the following steps to ensure compliance with the CalOPPA amendments by January 1, 2014:

  • Identify the tracking mechanisms in place on your company’s websites and online services, including (a) the specific types of PII collected by the tracking mechanism and (b) whether users have the option to control whether and how the mechanisms are used and how the website responses responds to “do not track” signals by seeking input from those familiar with your website, including (i) technicians and developers who understand the mechanics of how the website operates, including how it responds to “do not track signals,” (ii) financial and marketing personnel who understand how user PII is monetized, and (iii) any other stakeholders who access or handle user PII.
  •  Review the practices of any third parties that have the ability to track users on your website. To draft the new disclosures, you will need to understand how those third parties track your users and whether they are capable of doing so before or after the users leave your service.
  • Incorporate the information identified above to modify your online privacy policy to include the required behavioral tracking disclosures.
  • Retain the prior version of the policy in your records, including the date on which each version was posted to the site. The new version should have an updated effective date to distinguish it from the previous version.

Expansion of California’s Data Breach Notification Requirements

Under another new law taking effect on January 1, 2014, California will expand its data breach notification requirements by adding new types of information to the definition of “personal information” under California Civil Code §§ 1798.29 and 1798.82. The new law requires notification if a California resident’s personal information is compromised, and, as with CalOPPA, the breach notification requirements apply regardless of the location of the organization that sustains the breach.  Therefore, to the extent that your business collects and retains California residents’ PII, then the amended California breach notification law would apply.

Previously, the California law required notification of a data breach in the event of the unauthorized access to or disclosure of an individual’s name, in combination with that individual’s (i) Social Security number, (ii) driver’s license or California ID number, (iii) account, credit or debit card number, together with a security or access code, (iv) medical information, or (v) health information, where either the name or the other piece of information was not encrypted. Under the new definition, “personal information” will also include “[a] user name or email address, in combination with a password or security question and answer that would permit access to an online account.”

Accordingly, if your business or organization collects this type of information, then it should consider undertaking the following proactive measures to reduce the risk and magnitude of a potential data breach:

  • Periodically and systematically delete nonessential personal information. By deleting obsolete PII and other sensitive information, businesses can significantly reduce the risk of a breach.  Retaining such obsolete legacy PII serves no business purpose, but only adds unnecessary exposure and potential liability.
  • Conduct a PII inventory and perform a risk assessment of your security measures.  Identify what PII is being collected by your organization, where it is retained, who has access to the PII and  the security measures to protect the PII.  Ensuring that sufficient protections are in place may not prevent every incident, but they can reduce the possibility of an incident occurring in the first place and limit the disruption to your business if there is a breach.
  • Limit the disclosure of PII to third parties only when necessary to provide services or products. You can be equally responsible for a data breach notification if the person or entity who experiences the data breach was a third party who received PII from you. Any vendor or third party with whom you share PII should contractually represent and warrant that they have in place certain standards for protecting that information and agree to indemnify your company for any loss that results from a breach.

 

Article by:

Of:

Vedder Price

Dark Sites Re: Secret Websites

DrinkerBiddle

 

In our modern media age, it sometimes feels as though everyone in the entire world has noticed the same thing at the same time.  So it is with the Deep Web and the darknes that lurk in the shadows – it was an obscure topic until few months ago, and now your grandparents have probably heard of them.  Once the type of thing that only geeks (like me!) would think and/or talk about, the topic has now made the front cover of Time Magazine (in a piece by legendary fantasy author and critic Lev Grossman).  It has also made national news (with the takedown of the infamous SIlk Road marketplace) and inserted itself into a far more noticeable place of prominence in our culture.

These hidden sites can be found through a collection of anonymous servers that enable a vivid underground of dissidents, hackers, criminals, law enforcement, drug runners and folks who seem like refugees from a James Bond movie.  All you need is a specialized tool like TOR, and (if you believe the stories) you can live a secret life online.  But should you care?  As a character says in one of my novels, “you may not be interested in the deep web, but the deep web is very interested in you.”

In the past when we talked with clients about the dark sites of the deep web, people really thought that it sounded like something out of a William Gibson story, like Chiba City in Neuromancer, or the Night Market in Nick Harkaway’s Angelmaker.   But now companies are suddenly finding themselves confronting deep web issues as never before, whether because someone has “doxed” their employees or executives (by releasing personally identifiable information on persistent sites that cannot be taken down), because their products are being counterfeited and distributed by online networks, because they are being defamed on chat boards that cannot be reached let alone turned off, because someone has used TOR to anonymously hack their passwords — the possibilities are endless, troubling, and happening now.  If you want to steal someone’s trade secrets and want to ensure that the transaction is untraceable, suddenly there are tools to accomplish exactly that.  If you’ve learned how to copy a product using a 3-D printer, you can distribute the plans.  If you want to cause trouble, you can hire someone directly to do that, pay them in bitcoins, and watch the damage from afar.

As a lawyer, it is impossible not to see how this is going to have a dramatic impact on IP, privacy, and nearly every other thing we do.  The Internet of Things is coming shortly (the FTC just held a workshop on the topic this week), and the facial recognition technologies and environmental advertising predicted in Minority Report are no longer futuristic fictions.  3-D and electronic printing promises to give ever smaller groups the ability to make things based on electronic schematics without access to heavy industry.  More and more information will be available about more people, and will be available to more people – and the fact that there are genuinely secure ways where those who are so inclined can use that data for criminal purposes should give everyone pause.

To be sure, all of this seems rather abstract, and it can sound like a tabloid scare tactic.  But there are some things that everyone can do to deal with the risks in their own lives.  First, engage in some data security hygiene: change your passwords regularly, don’t pass them out, don’t allow them to be easily engineered by people who know a few random facts about you.  Second, think about whether you are in a business where people will want to copy your products, will want to pretend to be you, will want to steal your information.  If you are that type of business, it is worth checking from time to time to see if you have been targeted.  And finally, as always, if is critical that everyone in this day and age try to stay abreast of what is happening in the world of tech – it is easy to assume that because you make donuts, or own a small clothing store, or manage a bank, or run a hedge fund, that you don’t need to know about the cutting edge developments coming down the pipe.  But you do.  The time when you could just stick to your knitting and ignore the tech world is past, and you need to assume that the tech world is very interested in you, indeed.

Article by:

Darren S. Cahr

Of:

Drinker Biddle & Reath LLP

A Tech Industry-Friendly Stance On Cloud Computing Tax

GT Law

In a pleasant surprise, the New Jersey Division of Taxation recently issued guidance announcing that sales tax is not due on most cloud computing services. New Jersey’s position is contrary to a growing national trend in which many states have taken the position that cloud computing is subject to sales tax as the sale of software.

New Jersey demonstrates a pro-information technology industry position. It also comes at the same time that Massachusetts, traditionally an extremely technology-friendly state, appears to have changed its policy direction on taxation of information technology services.

New Jersey Technical Bulletin 72 addresses three types of cloud computing services:

software as a service (SaaS), which offers the use of software on a per transaction basis, through a service contract or by a subscription;

platform as a service (PaaS), which provides access to computing platforms; and

infrastructure as a service (IaaS), which provides hardware, software and other equipment and services necessary to support and manage the content and dataflow of its customers.

The technical bulletin says that software as a service is not subject to New Jersey sales tax as the sale of software because it is not delivered in tangible form, it is not downloaded onto the customer’s computer and title to the software is not transferred to the customer.

However, the bulletin does say that certain types of SaaS may be subject to sales tax as a taxable information service. A taxable information service is defined as:

The furnishing of information of any kind, which has been collected, compiled or analyzed by the seller and provided through any means or method, other than personal or individual information which is not incorporated into reports furnished to other people.

The bulletin then cites examples of taxable information services such as Westlaw, LexisNexis, Commerce Clearing House (CCH) and Rich Internet Application (RIA). But it would appear that most other classes of

SaaS that do not involve compiling or analyzing information should not fall into the taxable information service category. This is a fact-based determination, which would require analysis on a case-by-case basis.

The bulletin states that platform as a service and infrastructure as a service would not be subject to sales tax because they do not represent the sale of tangible personal property, but merely access to the software. The bulletin states that IaaS arrangements that show billing for the rental of hardware (e.g., servers) are not taxable because the customer does not have title or possession of the equipment.

Finally, the bulletin says that web hosting and data hosting services are not subject to New Jersey sales tax.

The position taken by the New Jersey Division of Taxation is quite favorable to providers and customers of cloud computing services, as other states have been taking the opposite approach, saying that many of these services are taxable, including states such as New York, Pennsylvania and Vermont.

Companies that provide cloud-based computing services should determine the states in which they might have a sales tax collection obligation, and whether the services they provide are subject to that state’s sales tax.

To see the full text of this new technical bulletin, please follow this link and click on TB-72.

This pro-IT industry move is in contrast to a new Massachusetts law that went into effect on July 31, just a few weeks after the bill being passed by its Legislature. This new Massachusetts law signals a sea change in the Bay State’s pro-technology industry policy.

Massachusetts now imposes sales tax on most software and hardware design, installation and integration services, including the modification, integration, enhancement, installation and configuration of prewritten software.

So, this new tax will include amounts paid in order to customize any prewritten software for the needs of the customer, including macros and plug-ins that operate in conjunction with the software (although there are exemptions for modifications to free open source software, and software that operates industrial machinery).

This expansion of the Massachusetts sales tax will cast a wide net that will tax hardware and software consulting services that have not been taxable in the past, from the biggest, most sophisticated software consulting firms that manage the integration of software for large corporations, down to the high school student who helps non-tech savvy baby boomers set up their home computer for $20 an hour.

This apparent new direction taken by Massachusetts is a huge contrast to the position staked out by the state’s then-Gov. Paul Cellucci in the early years of the Internet boom, when the debate on the taxation of e-commerce sales was just beginning.

A bill had been introduced in Congress to exempt all e-commerce sales from state taxation. Cellucci was quoted in the Feb. 4, 2000, edition of State Tax Notes as being in favor of the measure because it would be bad tax policy to tax the emerging Internet industry:

Arguing that ‘the rapid growth of high-tech in the past five years’ has created 450,000 new jobs in his state, Cellucci said the taxation of remote and electronic commerce is ‘not just a real threat to the economy of Massachusetts, but for the nation as a whole. Unlike traditional brick-and-mortar businesses, e-commerce ventures are extremely portable, and could easily move their headquarters to an offshore island where they would be immune from any sales tax from this country. (Tax Analysts Document Number: Doc 2000-3441.)

The new Massachusetts law indicates a reversal of the state’s earlier pro-industry policy, while New Jersey, which in prior years has taken an aggressive tax approach to IT taxation, has apparently also reversed course, but in the opposite positive direction.

It is possible that Massachusetts has grown complacent, assuming that its enormous stockpile of human innovation capital will stay put, while New Jersey appears to be recognizing the value of cultivating the IT industry in the Garden State. Time will tell if these shifts in policy toward the IT industry will result in any measurable migration.

This article was previously published by Law360.

Article By:

 of

Starting an Online Business: Licensing Requirements

Odin-Feldman-Pittleman-logo

Individuals interested in starting an online business are often confused or uninformed as to the licensing requirements for such businesses.  In many ways, an online business is like any “brick and mortar” store and the owner will probably be required to obtain certain licenses or permits to operate.

Federal Requirements

Business Licenses.  Most businesses do not require a federal business license or permit.  However, a business engaged in one of the following activities should contact the responsible federal agency to determine the requirements for doing business:  Investment Advising, Drug Manufacturing, Preparation of Meat Products, Broadcasting, Ground Transportation, Selling Alcohol, Tobacco, or Firearms.

Tax Identification Number.  A federal tax identification number, also known as an Employer Identification Number (EIN), is a federal identification number issued by the Internal Revenue Service to identify a business entity.  Nearly all businesses are required to have a tax identification number.

If a business is operated as a sole proprietorship, the owner may use his or her social security number in place of an EIN on all governmental forms and other official documents.  However, most small business advisors recommend using a federal tax identification number instead.

To obtain a federal tax identification number, a business owner should contact the nearest Local IRS Field Office or call the IRS Business and Specialty Tax Hotline at 800-829-4933.  The necessary form, IRS Form SS-4, can be downloaded directly from the Small Business Administration website.

State Requirements

Many states and local jurisdictions require a person to obtain a business license or permit before beginning business operations.  A business that operates without the required license or permit may be subjected to fines or may be barred from further business activity.  In some localities, a business operating out of a residence may require an additional permit.

While business licensing requirements vary from state-to-state, the most common types include:

·    Basic Business Operation License – a legal document issued by a local governmental authority that authorizes a person to conduct business within the boundaries of the municipality.  Many states have established small business assistance agencies to help small businesses comply with state requirements;

  • Fictitious Name Certificate – a document, usually filed with a state agency, which is required to operate a business using an assumed name or trade name (essentially, any name other than the full, formal name of the individual or company);
  • Home Occupation Permit – a permit which may be required to conduct business from a residence;
  • Tax Registration – if the state has a state income tax, a business owner must usually register and obtain an employer identification number from the state Department of Revenue or Treasury Department.  If the business engages in retail sales, the owner must usually obtain a sales tax license;
  • Special State-Issued Business Licenses or Permits – these permits may be required for a business that sell highly-regulated products like firearms, gasoline, liquor, or lottery tickets;
  • Zoning and Land Use Permits – may be required to develop a site or property for specific purposes
  • Employer Registrations – if the business has employees, the owner must usually make unemployment insurance contributions;

Additional state licenses may be required for regulated occupations such as building contractors, physicians, appraisers, accountants, barbers, real estate agents, auctioneers, private investigators, private security guards, funeral directors, bill collectors, and cosmetologists.

Article By:

 of