Tag: Internet

Utah to Test Blockchain Voting Through Mobile Apps

As we head toward 2020, expect significant public debate relating to smartphone applications designed to increase turnout and participation in upcoming elections. The Democratic Party has dipped its toe in the water by announcing in July plans to allow telephone voting in lieu of appearing for neighborhood caucus meetings in the key early primary states of Iowa and Nevada.

Given concerns regarding security and reliability of submitting votes over the internet, jurisdictions around the country have begun to test solutions involving blockchain technology to allow absentee voters to submit voting ballots. Following initial pilot programs in Denver and West Virginia, Utah County, Utah will be the next jurisdiction to utilize a blockchain-based mobile in connection with its upcoming municipal primary and general elections.

The pilot program, which will utilize the mobile voting application “Voatz”, will allow active-duty military, their eligible dependents and overseas voters to cast absentee ballots. Eligible voters will need to apply for an absentee ballot with the county clerk and then download the mobile application. The ballot itself will be unlocked using the smartphone’s biometric data (i.e., a fingerprint or facial recognition) and then will be distributed into the blockchain framework for tabulation.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.
This article was written by Benjamin C. Jensen of Robinson & Cole LLP.

Hush — They’re Listening to Us

Apple and Google have suspended their practice of reviewing recordings from users interacting with their voice assistant programs. Did you know this was happening to begin with?

These companies engaged in “grading,” a process where they review supposedly anonymized recordings of conversations people had with voice assistant program like Siri. A recent Guardian article revealed that these recordings were being passed on to service providers around the world to evaluate whether the voice assistant program was prompted intentionally, and the appropriateness of their responses to the questions users asked.

These recordings can include a user’s most private interactions and are vulnerable to being exposed. Google acknowledged “misconduct” regarding a leak of Dutch language conversation by one of its language experts contracted to refine its Google Assistant program.

Reports indicate around 1,000 conversations, captured by Google Assistant (available in Google Home smart speakers, Android devices and Chromebooks) being leaked to Belgian news outlet VRT NWS. Google audio snippets are not associated with particular user accounts as part of the review process, but some of those messages revealed sensitive information such as medical conditions and customer addresses.

Google will suspend using humans to review these recordings for at least three months, according to the Associated Press. This is yet another friendly reminder to Google Assistant users that they can turn off storing audio data to their Google account completely, or choose to auto-delete data after every three months or 18 months. Apple is also suspending grading and will review their process to improve their privacy practice.

Despite Google and Apple’s recent announcement, enforcement authorities are still looking to take action. German regulator, the Hamburg Commissioner for Data Protection and Freedom of Information, notified Google of their plan to use Article 66 powers of the General Data Protection Regulation (GDPR) to begin an “urgency procedure.” Since the GDPR’s implementation, we haven’t seen this enforcement action utilized, but its impact is significant as it allows the enforcement authorities to halt data processing when there is “an urgent need to act in order to protect the rights and freedoms of data subjects.”

While Google allows users to opt out of some uses of their recordings; Apple has not provided users that ability other than by disabling Siri entirely. Neither privacy policy explicitly warned users of these recordings but do reserve the right to use the information collected to improve their services. Apple, however, disclosed that they will soon provide a software update to allow Siri users opt-out of participation in grading.

Since we’re talking about Google Assistant and Siri, we have to mention the third member of the voice assistant triumvirate, Amazon’s Alexa. Amazon employs temporary workers to transcribe the voice commands of its Alexa. Users can opt out of “Help[ing] Improve Amazon Services and Develop New Features” and allowing their voice recordings to be evaluated.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

When Good Sites Go Bad: The Growing Risk of Website Accessibility Litigation

For a growing number of companies, websites are not only a valuable asset, but also a potential liability risk. In recent years, the number of website accessibility lawsuits has significantly increased, where plaintiffs with disabilities allege that they could not access websites because they were incompatible with assistive technologies, like screen readers for the visually impaired.

If you have never asked yourself whether your website is “accessible,” or think that this issue doesn’t apply to your company, read on to learn why website accessibility litigation is on the rise, what actions lawmakers and the courts are taking to try to stem the tide, how to manage litigation risk, what steps you can take to bring your company’s website into compliance, and how to handle customer feedback on issues of accessibility.

The Growing Risk of Website Accessibility Litigation

In recent years, there has been a nationwide explosion of website accessibility lawsuits as both individual lawsuits and class actions. Plaintiffs have brought these claims in federal court under Title III of the Americans with Disabilities Act (ADA) and, in some cases, under similar state and local laws as well. In 2018, the number of federally-filed website accessibility cases skyrocketed to 2,285, up from 815 in the year prior. In the first half of 2019, these cases have increased 51.7% over the prior year’s comparable six-month period, with total filings for 2019 on pace to break last year’s record by reaching over 3,200.

Why Website Accessibility Litigation is on the Rise

The ADA was enacted in 1990 to prevent discrimination against people with disabilities in locations generally open to the public (known as public accommodations). The ADA specified the duties of businesses and property owners to make their locations accessible for people with disabilities, but it was enacted before conducting business transactions over the internet became commonplace. With the rapid growth of internet use, lawsuits emerged arguing that websites were places of public accommodation under the meaning of the ADA.

These claims have presented serious questions about whether, when, and how website owners must comply with the ADA. There is no legislation that directly sets out the technical requirements for website accessibility. And while the U.S. Department of Justice (DOJ) has stated that “the ADA applies to public accommodations’ websites,” it has not clarified exactly what standards websites must meet to comply with the law. In the absence of clear guidance, courts considering the question have frequently looked to the Web Content Accessibility Guidelines (WCAG), first developed by the World Wide Web Consortium (W3C) in 1999, but most recently updated in 2018.

In 2017, federal district courts in Florida and New York ruled that business websites failing to meet WCAG guidelines can violate Title III of the ADA, opening the door for litigants to bring an onslaught of claims in these courts. As a result, the rate at which these suits have been filed has skyrocketed, especially in New York and Florida, reaching businesses based throughout the U.S. and internationally. With the pace of these suits showing no signs of slowing, it is critical that every business operating a website consider how to manage the growing risk of litigation.

A Future Fix?
Some recent developments suggest that lawmakers or courts may soon stem the tide.  Congress may decide to enact precise standards, or the DOJ might give clarification or promulgate new rules. At the state level, lawmakers in New York have announced plans to address website accessibility suits based on an outcry from the business community.

Recent decisions in the Southern District of New York and the Fourth Circuit suggest that companies can successfully move to dismiss accessibility suits after mooting claims by taking swift remedial action or by showing that the plaintiff was neither eligible nor in a location to receive the goods or services provided on the website. In addition, the Eleventh Circuit and the Supreme Court may soon weigh in on whether Title III of the ADA categorically applies to all websites and apps.

How to Manage Litigation Risk for Website Accessibility

Knowing your level of exposure is an important first step. Individual risk is currently based on three factors:

  • Location: Brick and mortar locations, the delivery of products, or the performance of services in New York or Florida heighten a company’s exposure.
  • Industry: The present trend shows that retail, food service, hospitality, banking, entertainment industries, and educational institutions are especially at risk.
  • Current website structure: Sites with e-commerce functions or purchased from third-party developers not currently in compliance with WCAG standards are popular targets.

Unfortunately, it is often difficult to predict the cost and complexity of bringing a website into WCAG compliance-based simply on viewing it. An audit of the source code is often required. That said, you can start with a review of your site and develop plans and processes for accessibility. The first steps can include:

  • Assess current compliance: Use free online tools like wave and chrome vox and/or enlist a third-party audit to help you understand your current level of accessibility.
  • Plan for future compliance: Create an overall plan for achieving accessibility on a timeline that makes business sense.
  • Take immediate action: Adopt first-step improvements that can be implemented immediately, and create a process for considering accessibility before all future implementations.

Bringing your business into compliance with WCAG web standards does not need to be a standalone project. By integrating accessibility into regular updates, redesigns, and new pages, you can make meaningful improvements as part of your existing process. And if you don’t have a process for ongoing maintenance and updates on your website, consider whether your website is still looking fresh and modern and if it is still an accurate expression of your corporate brand.

Include in-house and third-party development teams as stakeholders in the process. Make accessibility a discussion in all new engagements and set expectations for accessibility going forward for new and existing teams:

  • Increase accessibility awareness: Make accessibility the topic of the next all-hands meeting with all stakeholders.
  • Ask third-party developers and vendors: Specifically, discuss your website’s current accessibility and which site options are readily available.
  • Integrate accessibility in projects: Ensure that agreements for ongoing and future site additions and upgrades incorporate accessibility. Seek representations, ask about compliance levels, and consider seeking warranties and indemnification.

Good customer care is always good business, but making thoughtful use of feedback on your website is a critical step to reducing your risk of an accessibility lawsuit. Everyone on the customer care team should be trained on the risk posed by non-compliance, and they should be empowered to carefully consider and respond to website feedback. The development team should also ensure that the site, whatever its level of WCAG compliance:

  • Encourages feedback: Provide a way for users to give feedback on and receive assistance with accessibility.
  • Supports engagement with feedback: Document, consider, and carefully respond to user feedback.
  • Reflects expert input: When receiving feedback, notices, complaints, or threatened litigation, consult with legal counsel and website accessibility experts as early as possible to ensure that your next steps limit potential liability.

Website accessibility is a fast-moving area of law that is primed for reform. With an increasing number of conflicting decisions and the possibility of new legislation or Supreme Court guidance, we will be closely monitoring this topic in the coming years.

©2019 Pierce Atwood LLP. All rights reserved.

Control Freaks and Bond Villains

The hippy ethos that birthed early management of the internet is beginning to look quaint. Even as a military project, the core internet concept was a decentralized network of unlimited nodes that could reroute itself around danger and destruction. No one could control it because no one could truly manage it. And that was the primary feature, not a bug.

Well, not anymore.

I suppose it shouldn’t surprise us that the forces insisting on dominating their societies are generally opposed to an open internet where all information can be free. Dictators gonna dictate.

Beginning July 17, 2019, the government of Kazakhstan began intercepting all HTTPS internet traffic inside its borders. Local Kazakh ISPs must force their users to install a government-issued certificate into all devices to allow local government agents to decrypt users’ HTTPS traffic, examine its content, re-encrypt with a government certificate and send it on to its intended destination. This is the electronic equivalent of opening every envelope, photocopying the material inside, stuffing that material in a government envelope and (sometimes) sending it to the expected recipient. Except with web sites.

According to ZDNet, the Kazakh government, unsurprisingly, said the measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.” As Robin Hood could have told you, the Sheriff’s actions taken to protect travelers and control brigands can easily result in government control of all traffic and information, especially when that was the plan all along. Security Boulevard reports that “Since Wednesday, all internet users in Kazakhstan have been redirected to a page instructing users to download and install the new certificate.

This is not the first time that Kazakhstan has attempted to force its citizens to install root certificate, and in 2015 the Kazakhs even applied with Mozilla to have Kazakh root certificate included in Firefox (Mozilla politely declined).

Despite creative technical solutions, we all know that Kazakhstan is not alone in restricting the internet access of its citizens. For one (gargantuan) example, China’s population of 800 million has deeply restricted internet access, and, according to the Washington Post, the Chinese citizenry can’t access Google, Facebook, YouTube or the New York Times, among many, many, many others. The Great Firewall of China, which involves legislation, government monitoring action, technology limitations and cooperation from internet and telecommunications companies. China recently clamped down on WhatsApp and VPNs, which had returned a modicum of control and privacy to the people. And China has taken these efforts two steps beyond nearly anyone else in the world by building a culture of investigation and shame, where its citizens could find their pictures on local billboard for boorish traffic or internet behavior, or in jail for questioning the ruling party on the internet. All this is well documented.

23 countries in Asia and 7 in Africa restrict torrents, pornography, political media and social media. The only two European nations that have the same restrictions are Turkey and Belarus. Politicians in the U.S. and Europe had hoped that the internet would serve as a force for freedom, knowledge and unlimited communications. Countries like Russia, Cuba and Nigeria also see the internet’s potential, but they prefer to throttle the net to choke off this potential threat to their one-party rule governments.

For these countries, there is no such thing as private. They think of privacy in context – you may keep thoughts or actions private from companies, but not the government. On the micro level, it reminds me of family dynamics –When your teenagers talk about privacy, they mean keeping information private from the adults in their lives, not friends, strangers, or even companies. Controlling governments sing the song of privacy, as long as information is not kept from them, it can be hidden from others.

The promise of Internet freedom is slipping further away from more people each year as dictators and real life versions of movie villains figure out how to use the technology for surveillance of everyday people and how to limit access to “dangerous” ideas of liberty. ICANN, the internet control organization set up by the U.S. two decades ago, has proven itself bloated and ineffective to protect the interests of private internet users.  In fact, it would be surprising if the current leaders of ICANN even felt that such protections were within its purview.

The internet is truly a global phenomenon, but it is managed at local levels, leaving certain populations vulnerable to spying and manipulation by their own governments. Those running the system seem to have resigned themselves to allowing national governments to greatly restrict the human rights of their own citizens.

A tool can be used in many different ways.  A hammer can help build a beautiful home or can be the implement of torture and murder. The internet can be a tool for freedom of thought and expression, where everyone has a publishing and communication platform.  Or it can be a tool for repression. We have come to accept more of the latter than I believed possible.

Post Script —

Also, after a harrowing last 2-5 years where freedom to speak on the internet (and social media) has exploded into horrible real-life consequences, large and small, even the most libertarian and laissez faire of First World residents is slapping the screen to find some way to moderate the flow of ignorance, evil, insanity, inanity and stupidity. This is the other side of the story and fodder for a different post.

And it is also probably time to run an updated discussion of ICANN and its role in internet management.  We heard a great deal about internet leadership in 2016, but not so much lately. Stay Tuned.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more global & domestic internet developments, see the National Law Review Communications, Medis & Intenet law page.

No Means No

Researchers from the International Computer Science Institute found up to 1,325 Android applications (apps) gathering data from devices despite being explicitly denied permission.

The study looked at more than 88,000 apps from the Google Play store, and tracked data transfers post denial of permission. The 1,325 apps used tools, embedded within their code, that take personal data from Wi-Fi connections and metadata stored in photos.

Consent presents itself in different ways in the world of privacy. The GDPR is clear in defining consent as it pertains to user content. Recital 32 notes that “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data…” Consumers pursuant to the CCPA can opt-out of having their personal data sold.

The specificity of consent has always been a tricky subject.  For decades, companies have offered customers the right to either opt in or out of “marketing,” often in exchange for direct payments. Yet, the promises have been slickly unspecific, so that a consumer never really knows what particular choices are being selected.

Does the option include data collection, if so how much? Does it include email, text, phone, postal contacts for every campaign or just some? The GDPR’s specificity provision is supposed to address this problem. But companies are choosing to not offer these options or ignore the consumer’s choice altogether.

Earlier this decade, General Motors caused a media dust-up by admitting it would continue collecting information about specific drivers and vehicles even if those drivers refused the Onstar system or turned it off. Now that policy is built into the Onstar terms of service. GM owners are left without a choice on privacy, and are bystanders to their driving and geolocation data being collected and used.

Apps can monitor people’s movements, finances, and health information. Because of these privacy risks, app platforms like Google and Apple make strict demands of developers including safe storage and processing of data. Seven years ago, Apple, whose app store has almost 1.8 million apps, issued a statement claiming that “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines.”

Studies like this remind us mere data subjects that some rules were made to be broken. And even engaging with devices that have become a necessity to us in our daily lives may cause us to share personal information. Even more, simply saying no to data collection does not seem to suffice.

It will be interesting to see over the next couple of years whether tighter option laws like the GDPR and the CCPA can not only cajole app developers to provide specific choices to their customers, and actually honor those choices.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more on internet and data privacy concerns, see the National Law Review Communications, Media & Internet page.

The Tor Browser Afforded CDA Immunity for Dark Web Transactions

The District of Utah ruled in late May that Section 230 of the Communications Decency Act, 47 U.S.C. §230 (“CDA”) shields The Tor Project, Inc. (“Tor”), the organization responsible for maintaining the Tor Browser, from claims for strict product liability, negligence, abnormally dangerous activity, and civil conspiracy.

The claims were asserted against Tor following an incident where a minor died after taking illegal narcotics purchased from a site on the “dark web” on the Tor Network. (Seaver v. Estate of Cazes, No. 18-00712 (D. Utah May 20, 2019)). The parents of the child sued, among others, Tor as the service provider through which the teenager was able to order the drug on the dark web. Tor argued that the claims against it should be barred by CDA immunity and the district court agreed.

The Onion Router, or “Tor” Network, was originally created by the U.S. Naval Research Laboratory for secure communications and is now freely available for anyone to download from the Tor website.  The Tor Network allows users to access the internet anonymously and allows some websites to operate only within the Tor network. Thus, the Tor Network attempts to provide anonymity protections both to operators of a hidden service and to visitors of a hidden service. The Tor browser masks a user’s true IP address by bouncing user communications around a distributed network of relay computers, called “nodes,” which are run by volunteers around the world. Many people and organizations use the Tor Network for legal purposes, such as for anonymous browsing by privacy-minded users, journalists, human rights organizations and dissidents living under repressive regimes. However, the Tor Network is also used as a forum and online bazaar for illicit activities and hidden services (known as the “dark web”). The defendant Tor Project is a Massachusetts non-profit organization responsible for maintaining the software underlying the Tor browser.

To qualify for immunity under the CDA, a defendant must show that 1) it is an “interactive computer service”; 2) its actions as a “publisher or speaker” form the basis for liability; and 3) “another information content provider” provided the information that forms the basis for liability. The first factor is generally not an issue in disputes where CDA immunity is invoked, as websites or social media platforms typically fit the definition of an “interactive computer service.” The court found that Tor qualified as an “interactive computer service” because it enables computer access by multiple users to computer servers via its Tor Browser.  The remaining factors were straightforward for the court to analyze, as the plaintiff sought to hold Tor liable as the publisher of third-party information (e.g., the listing for the illicit drug).

The outcome was not surprising, given that courts have previously dismissed tort claims against platforms or websites where illicit goods were purchased (such as the recent Armslist case decided by the Wisconsin Supreme Court where claims against a classified advertising website were deemed barred by the CDA).

The questions surrounding the court’s ability to even hear the case also posed interesting jurisdictional questions, as the details of the Tor network are shrouded in anonymity and there are no accurate figures as to how many users or nodes exist within the Utah forum.  The court determined that, under plaintiff’s rough estimation, there were around 3,000-4,000 Utah residents who used Tor daily and perhaps, became part of the service (“Plaintiff has set forth substantial evidence to support the assumption that many of these transactions and relays are occurring in Utah on a daily basis”). In a breezy analysis, the court found that plaintiff had provided sufficient evidence to set forth a prima facie showing that Tor maintains continuous and systematic contacts in the state of Utah so as to satisfy the general jurisdiction standard.

This case is a reminder of the breadth of the CDA, as well as a reminder that many of its applications result in painful and somewhat controversial outcomes.

© 2019 Proskauer Rose LLP.

Article by Stephanie J. Kapinos of Proskauer Rose LLP.

More more on Web & Internet issues see the National Law Review page on Communications, Media & Internet.

 

Forget About Fake News, How About Fake People? California Starts Regulating Bots as of July 1, 2019

California SB 1001, Cal. Bus. & Prof. Code § 17940, et seq., takes effect July 1, 2019. The law regulates the online use of “bots” – computer programs that interact with a human being and give the appearance of being an actual person – by requiring disclosure when bots are being used.

The law applies in limited cases of online communications to (a) sell commercial goods or services, or (b) influence a vote in an election. Specifically, the law prohibits using a bot in those circumstances, “with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving the person about the content of the communication in order to incentivize a purchase or sale of goods or services in a commercial transaction or to influence a vote in an election.” Disclosure of the existence of the bot avoids liability.

As more and more companies use bots, artificial intelligence, and voice recognition technology to provide customer service in online transactions, businesses will need to consider carefully how and when to disclose that their helpful (and often anthropomorphized) digital “assistants” are not really human beings.  In a true customer-service situation where the bot is fielding questions about warranty service, product returns, etc., there may be no duty. But a line could be crossed if any upsell is included, such as “Are you interested to learn about our latest line of products?”

Fortunately, the law doesn’t expressly create a private cause of action against violators. However, it remains to be seen if lawsuits nevertheless get brought under general laws prohibiting unfair or deceptive trade practices alleging failure to disclose the existence of a bot.

Also, an exemption applies for online “platforms,” defined as: “any public-facing Internet Web site, Web application, or digital application, including a social network or publication, that has 10,000,000 or more unique monthly United States visitors or users for a majority of months during the preceding 12 months.”  Accordingly, operators of very large online sites or services are exempt.

For marketers who use bots in customer communications – and who are not large enough to take advantage of the “platform” exemption – the time is now to review those practices and decide whether disclosures may be appropriate.

©2019 Greenberg Traurig, LLP. All rights reserved.
Article by Ed Chansky and Ian C. Ballon of Greenberg Traurig, LLP
For more on Internet & Communications see the National Law Review page on Communications, Media & Internet

Have you ever used a one-click ordering process online? Then you indirectly paid Amazon.

If you purchased anything from a website using a one-click purchase button, you indirectly paid Amazon for that ability, at least up until September 11, 2017 when Amazon’s patent to this technology expired. As a result, one-click purchasing might become the new norm.

In 1997, Amazon filed for a business method patent to one-click purchasing, which allows return shoppers to purchase items with just a single click of a button instead of having to proceed through a prolonged checkout process. The patent issued in 1999, at which point Amazon sued Barnes & Noble for patent infringement based on a similar technology used during Barnes & Noble’s checkout process. After extended litigation, the two companies settled in 2002. Not wanting to face similar litigation, Apple licensed the patent in 2000 to simplify ordering from the Apple Store.

The patent was extremely contentious, causing multiple calls to tighten patent laws or eliminate business method patents entirely. In response to the numerous attacks on the patent, Jeff Bezos called on the US Patent and Trademark Office to reduce the lifespan of patents to only 3 to 5 years, which prompted the US Patent and Trademark Office to issue an action plan to work with e-commerce companies to strengthen issued business method patents. But despite facing numerous challenges over the years, the patent survived. Thus if you have ordered anything online using a one-click purchase process, that company likely paid a licensing fee to Amazon to be able to provide that option.

Since the patent is now expired, one-click purchasing is now open to every online retailer. Large technology companies, such as Apple, Facebook, and Microsoft, are developing standardized one-click checkout procedures that can be applied internet-wide and that follow you from website to website. Google is likewise developing technology to incorporate one-click purchasing into its internet browser, Chrome.

 

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. 

Effectiveness of Foreign Remedies to Obtaining Internet Information and Enjoining Illegal Conduct

The Internet has become the common form of commerce. As such, illegal activity has migrated there. The Internet is frequently used to engage in illegal activity cloaked in anonymity. Claimants have few if any direct means of enforcing their rights and court orders against the offenders. The power to make orders against Internet companies is essential to preserving the effectiveness of law online. Obtaining a remedy is often the practical solution to enforcing rights. Moreover, illegal online conduct crosses multiple jurisdictions often time simultaneously. As courts with personal jurisdiction have the power to adjudicate claims, it is essential that remedies have extraterritorial effect so to make it easier and less expensive for proceedings having to be brought in every country where the illegality occurs and the internet company operates.

For instance, Norwich Pharmacal orders are used to compel non-parties to disclose information or documents in their possession to assist in the discovery of wrongdoers. Norwich orders have increasingly been used in the online context by plaintiffs wo allege that they are being anonymously defamed or defrauded and seek orders against the Internet service providers to disclose the identity of the perpetrator. York University v. Bell Canada Enterprises  (2009), 311 D.L.R. (4th) 755 (Ont. S.C.J.); Cartier International AG v. British Sky Broadcasting LTD., (2017), 1 All E.R. 700 (C.A.). However, in Muwema v. Facebook Ireland LTD (2017) IEHC 69, the Irish High Court refused to grant a Norwich Pharmacal order against Facebook, requiring disclosure of the identity and location of an anonymous third party operating a Facebook page containing defamatory conduct. The court found that if Facebook disclosed such information it would endanger the life of the third party. But, Facebook was ordered to notify the third party that he should remove the offending postings within a certain period of time and if not, the plaintiff could renew its request for Norwich Pharmacal relief.

In addition, worldwide injunctions are available in English common law countries to cease conduct by a wrongdoer over which the court has jurisdiction. In Cartier,  Internet service providers were ordered to block the ability of their customers to access certain websites in order to avoid facilitating infringements of trademarks.  In Google Inc. v. Equustek Solutions Inc.  2017 SCC 34, the court ordered Google to block websites that were selling goods that violated the trade secrets of plaintiff. The court further held that this was a worldwide order and not confined to google.ca..

Although the law is evolving, claimants must use existing legal remedies to protect and enforce their rights. Courts are becoming much more receptive to helping the claimant.

This post was written byEric (Rick) S. Rein of Horwood Marcus & Berk Chartered.
Read more legal analysis at The National Law Review.

States Deserve A Complete Picture In Evaluating FirstNet/AT&T Coverage Plans

FirstNet recently selected AT&T as its partner to build, operate and maintain the Nationwide Public Safety Broadband Network (“NPSBN”).  With AT&T leading the charge, network development appears to be on a fast track. In early June, the initial AT&T/FirstNet Radio Access Network (“RAN”) or coverage plans were made available electronically to all 50 states, the District of Columbia and territories of the United States (referred to as the “states” for purposes of this article). After a brief period for review, comment and consultations, the plans will be finalized and the Governor of each state must decide whether to accept the FirstNet plan or to seek an alternative coverage model through the state’s own Request For Proposal (“RFP”) process.

In evaluating its options, the goal of every state should be to obtain the best possible network coverage for its First Responders. The safety of First Responders and the public must be the primary concern in evaluating the AT&T/FirstNet plan. In order to conduct a reasonably thorough examination, the Governors and their teams must have access to the necessary financial, technical and legal information regarding AT&T’s commitments to deliver the NPSBN.

However, the states currently face a major obstacle in conducting their analysis. They do not have access to the underlying contract between AT&T and FirstNet. There have been numerous trade press reports and FirstNet/AT&T presentations about what the AT&T proposed roll-out will entail (e.g. access to the entire AT&T network, public safety usage targets, priority and preemption). However, no one from a state government is privy to the specific terms of the FirstNet/AT&T agreement. As with most agreements the “devil is in the details,” but the states cannot access the details.

There are countless issues involved in the review of state plans that turn on the conditions of the underlying FirstNet/AT&T contract. For example, how much of the statutory requirement for rural coverage can be satisfied through “deployables” as opposed to permanent hardened infrastructure under the terms of the contract? What is the specific long-term commitment to support discounted pricing for public safety use? Is there a mechanism in place to resolve any disputes that may arise between FirstNet and AT&T.

A fundamental question is whether there is an option for AT&T to “opt-out” of the contract with FirstNet if it fails to obtain a certain number of states “opting-in” or for any other reason. Another basic issue pertains to the penalties that AT&T may have to pay if it fails to meet certain levels of public safety use or “adoption” on the network. Without firsthand knowledge of the AT&T/FirstNet agreement, there is no way of knowing with certainty if there are caveats or conditions that could limit such a requirement?  What happens to the spectrum if there is zero public safety adoption in a given area or insufficient adoption on a nationwide basis? These are significant questions to which states are entitled to an answer.

For AT&T and FirstNet to simply address these and other critical questions an on ad hoc basis is not a prudent approach. The only way a full evaluation of whether the needs and objectives of public safety are being met is for FirstNet and AT&T to disclose the underlying contract to the states so that they can examine the specific terms of the agreement.

As things now stand, a Governor is being asked to accept a vendor to build and operate the public safety network within his or her state – impacting the lives of First Responders and the public – without firsthand knowledge of the terms under which AT&T will provide the service. FirstNet and AT&T should disclose the terms of their contract pursuant to an appropriately drafted non-disclosure agreement so the Governors and their teams will have a complete picture in reviewing the FirstNet/AT&T coverage plans.

This post was written by Albert J. Catalano of  Keller and Heckman LLP.