Unlike the FTC report, the Green Paper does not recommend implementing a do-not- track (DNT) mechanism. Instead, the role of the Commerce Department in developing DNT and similar technologies and will be addressed through the Federal Register notice.

The Agency also intends to use the formal comment period to examine the circumstances under which expanded FTC rulemaking authority may be warranted.

In addition, the report calls for Administration review of the Electronic Communications Privacy Act (ECPA) in order to ensure strong privacy protection in cloud-based computing environments and location-based services, while preserving the ability of law enforcement to engage in “legitimate” information gathering. This recommendation comes amidst ongoing Congressional ECPA reform efforts and in the wake of recent court decisions that have acknowledged the difficulty of applying the law, enacted in the mid-1980s, to the continually evolving technologies and communications platforms.

TThe report also notes that different approaches to “commercial” data privacy, both in the U.S. and abroad, can pose challenges for business (and potential consumer harm), and interfere with the promotion of trade and commerce of cross-border compliance obligations. It recommends that the U.S. continue work with the EU and other trading partners to promote “increased global interoperability of privacy frameworks”. It also recommends that the U.S. support the APEC Data Privacy Pathfinder Project as a model framework for countries with “common values” but “divergent privacy legal frameworks.”

The Green Paper can be viewed by clicking: http://www.ntia.doc.gov/reports/2010/IPTF_Privacy_GreenPaper_12162010.pdf. Comments are due on due January 28, 2011. The filing period provides a useful opportunity for business to potentially shape the regulatory outcome of this proceeding.

For additional information, please contact Karen Neuman at kneuman@slrno.com.

Flash cookies, more accurately known as "locally stored objects", can be used by websites to collect cookie like information on a user's computer. They can be used for such diverse purposes as remembering preferences, watching online video, setting default volume levels on video players or assigning a unique ID to users for tracking across the web, regardless of browser. Most users are unaware that when a Flash cookie is deposited on a computer the steps they take to prevent online tracking by deleting traditional browser cookies typically do not remove Flash cookies.

The Plaintiffs in Quantcast brought suit against MTV, ESPN, Hulu, MySpace & Scribd, among other websites, alleging that their use of LSOs (or Flash cookies) secretly stored user data on Adobe's Flash Player to recreate information contained in browser cookies that had been deleted by users. Also named as a defendant was San Francisco-based advertising technology company Quantcast – creator of the LSO used by the websites.

Clearspring was filed on behalf of parents and their children against one of Quantcast's competitors, Clearspring Technologies, as well as several websites including Disney, Warner Bros. Records, SodaHead and Demand Media. The Plaintiffs claim that Clearspring simultaneously deposited http cookies and a Flash cookie in users' Flash media payers when users visited the defendants' websites. When users deleted the http cookies from their browsers, unbeknownst to them, the Flash cookie restored and/or recreated history and other information, including the user's name and IP address, which in turn, was used by the defendants and others for online tracking and ad serving. The Plaintiffs also claim that the defendants' privacy policies failed to disclose that users' activities were being tracked online through the use of Flash cookies.

While some of the factual allegations in each action may differ somewhat the fundamental grievance is the same: that the defendants used a technology to track the plaintiffs' online activities without notice or consent.

Although the lawyers are, for the most part targeting high-profile, "deep pocket" defendants, at least one of the defendants, SodaHead, is a small online polling company; no website should be considered under the radar. It would not be surprising to see this effort expanded to other websites that rely on Flash or similar tracking technology, including social media sites, particularly as those sites add location based features.

We expect that this suit will be closely watched by the Plaintiffs'bar, privacy advocates and policymakers. The larger issue appears to be one of consumer knowledge about and control over the collection and use of their information and less about specific technology. That said, the use of technologies like Flash cookies should be viewed as risky because they enable tracking online activities without a user's knowledge, including when consumers believe they have taken the necessary steps to prevent tracking.

Companies that employ Flash cookies or similar tracking technologies that can be used to override consumer privacy preferences should monitor developments in these proceedings. In the process, they should consider taking measures to try to minimize the potential for becoming a target for this type of lawsuit. At a minimum, companies should firmly understand the capabilities of the tracking technologies they employ and the extent of information collected; they should provide clear notice of the use of these technologies in their privacy policies. If Flash cookies are employed, companies should prominently disclose their use and provide a link to Adobe's site for instructions for deleting these cookies. Companies may also want to consider alerting customers to other tools that can delete flash cookies or prevent them from being used altogether.

Please contact Karen Neuman at kneuman@slrno.com if you would like more information about this litigation or guidance about the use of online tracking technologies.

The plaintiff, an artist, initiated a copyright infringement action against a clothing designer alleging breach of an oral license for the limited use of the Plaintiff’s artwork in the manufacture of certain types of garments. The Complaint included allegations that the Defendant violated the terms of the license by failing to include the Plaintiff’s logo on various garments displaying the Plaintiff’s designs and also sublicensed the Plaintiff’s design work without the Plaintiff’s consent. During discovery the Defendants served subpoenas on various third parties, including Facebook, MySpace and other social networking websites. The Defendants claimed that the Plaintiff’s social media communications revealed the nature and terms of the agreement between the parties. The Court granted the Plaintiff’s motion to quash the subpoenas granted by a Magistrate on grounds that 1) the social network sites’ private messaging and e- mail webmail services constituted “electronic communications services “(ECS) under the SCA and 2) the web hosting websites and social networking websites were ECS providers under the SCA, which protects unopened private messages transmitted via an ECS provider as temporary storage. 18 U.S.C. § 2510(17) (A). In so ruling, the Court concluded that a private, undeleted message opened by a user renders the communication “stored” for backup purposes as defined in the statute.

The Court noted that other aspects of social networking sites, Facebook “wall” postings and “comments” and MySpace comments presented a distinct and more difficult question requiring an analysis of the SCA, including understanding the distinction between an RCS provider and an ECS provider. Analyzing the statute, the Court first noted observed that the SCA defines an ECS provider as “any service which provides to users… the ability to send or receive wire or electronic communications.” 18 U.S.C. § 2510 (15). The Court next observed that the SCA defines an RCS provider as an entity “providing the public computer storage or processing services by means of an electronic communications system”, and that an electronic communications system is defined as any wire, radio electromagnetic, photo-optical or photo electronic facilities for the transmission of wire or electronic communications and any computer facilities or related electronic equipment for the electronic storage of such communications. Id. §2510(14); §2702(a)(2).

The Court construed these provisions to conclude that social networking services are RCS providers with respect to wall postings and comments since the posts, once made, are stored by the provider within the meaning of the SCA. Accordingly, the Court held that wall postings and comments are protected under the SCA either as restricted access electronic bulletin boards or because social networks are RCS providers that store comments for limited use by a restricted number of users.

The case was remanded to the Magistrate to ascertain whether the Plaintiff’s privacy settings rendered the wall postings public and beyond the protection of the SCA.

This case illustrates the challenge courts face when applying a law enacted over two decades ago to rapidly evolving electronic communications technologies. This dilemma is ongoing as regulators and policy makers struggle to keep pace with innovation resulting in a platform specific approach to protecting privacy – an approach that poses challenges to users and business alike as each tries to discern a predictable framework for ascertaining privacy protection for user generated content.

This case should also be seen as a cautionary tale for employers who may now find themselves running afoul of the law if they obtain access without consent to their employees' social networking sites communications when the employees have opted to restrict access. This decision also calls into question whether an employer can use legal processes such as a subpoena to obtain information from the private social networking accounts of employees.

Please contact Karen Neuman at kneuman@slrno.com if you would like additional information about this case or if you would like guidance about the application of privacy law to social media communications.

Quon exceeded the monthly character limit, prompting the Police Chief to investigate whether 1) the character limit was too low for the City’s law enforcement needs and, if so, 2) whether police officers were being required to pay for sending work-related messages. At the City’s request, its service provider, Arch Wireless, searched the text messages on Quon’s pager and provided the City with a transcript of his messages. The City then conducted an audit of Quon’s on-duty messages. The audit revealed that the majority of the messages Quon sent during work hours were personal, many of which were sexually explicit. Quon, his wife, and the two other colleagues brought suit against the City and Arch Wireless claiming in part that the audit violated their Fourth Amendment rights. The district court concluded that the City’s audit was reasonable because its purpose was to determine whether the service plan was appropriate and not simply to investigate Quon’s use of his government- issued pager. The Ninth Circuit reversed. It ruled that although conducted for a legitimate purpose, the search was unreasonable because there were less intrusive means the City could have utilized to determine whether the service plan was inadequate for the police department’s needs. The Supreme Court reversed the Ninth Circuit. Writing for the majority, Justice Kennedy concluded the search was reasonable, noting that the City’s policy reserved the right to monitor employee communications and therefore limited employee expectations of privacy in them. The Court rejected Quon’s argument that the policy was informally modified by his superior’s assurance that his text messages would not be audited as long as he paid for overages. Although narrowly decided on Fourth Amendment grounds, this opinion seems to recognize that the Court will ultimately be asked to decide the appropriate framework for determining the respective rights of employers and employees with respect privacy in the workplace when it comes to employee communications and employee privacy regarding those communications. Nevertheless, this case strongly suggests that employers can take the following measures to minimize the risk of litigation initiated by employees, as well as by non- employees involved in a questionable exchange:

• Public employers will want to pay particular attention to the impact of state public records laws when assessing public employees’ privacy interests in workplace communications. The majority surmised that Quon should have known that, as a law enforcement officer, his on-the-job communications were likely subject to disclosure under California’s Public Disclosure Act.
• The Court noted that employers increasingly (if reluctantly) tolerate personal use of employer equipment for private use. Increased employee access of personal e-mail accounts, social media and texts using employer-issued devices requires a thoughtful, holistic evaluation of the workplace technology and communications “ecosystem”, and a realistic assessment of employee practices. This evaluation should result in carefully written use and privacy policies that put employees on unambiguous notice about the circumstances under which the employer can monitor and access employee communications.
  • Use and privacy policies should be comprehensive and address all media, platforms, devices and technologies, including social media.
  • Use and privacy policies should ensure that access to the contents of employee communications is obtained pursuant to a clearly articulated, legitimate business or work-related purpose, such as the investigative purpose asserted by the City in this case. Employer activities that are performed for a legitimate business purpose will be less likely to be found unreasonable.
  • Develop employee training materials and conduct employee training programs to minimize the potential that a supervisor will unintentionally create an expectation of privacy, like appears to have happened in Quon, verbally or through other means. Training materials and programs should be periodically updated to reflect changes in the law and communications technologies or practices.

Please contact Karen Neuman at kneuman@slrno.com if you would like more information about this case or guidance about privacy in the workplace.

¹2010 WL 2400087, No. 08-1332 (U.S., Jun. 17, 2010).

Particularly in light of the Commission’s pending Net Neutrality rulemaking, the agency has several options for addressing the D.C. Circuit’s concerns. Obviously, it could seek rehearing (and suggest rehearing en banc), but the odds of success are not high. Similarly, Supreme Court review could be sought, and while that court might agree to consider the case given the potential importance of the issue, the likelihood of a favorable outcome seems problematic. Historically, the Supreme Court has not been very expansive in its interpretation of the scope of the FCC’s powers under Title I ancillary jurisdiction.

The agency can always seek a congressional fix, but pursuing that course can prove uncertain as well, in terms of both substance and timing. The Commission’s best option - - both on the merits and from a timing perspective as well - - seems to be to address the D.C. Circuit’s decision head on in the context of the ongoing Net Neutrality rulemaking. There, two general approaches are available. The first is to parse the jurisdictional issues a bit more finely than was done in the NNP, using the guidance provided by the court to establish the necessary substantive nexus that was found lacking in Comcast. The record assembled in the rulemaking should provide the Commission with ample evidence for such an approach. However, this course still leaves the agency relying on Title I ancillary jurisdiction, which is always something of a weak reed upon which to base a significant regulatory regime.

The better approach is to jettison the Title I jurisdictional predicate and, instead, recognize what now is obvious and declare that Internet service providers (“ISPs”) are in fact carriers, directly subject to Title II jurisdiction. While this would represent a reversal of longstanding Commission policy, the agency has full statutory authority to reverse a prior policy course based upon, e.g., changed circumstances. Clearly, the record assembled in the Net Neutrality rulemaking, coupled with the lengthy proceedings that led up to the adoption of the NBP, provide a more than adequate basis for the Commission to conclude that its old policy of categorizing ISPs as non-carriers no longer serves the public interest and that, as a factual matter, ISPs now conduct themselves - - particularly from a consumer’s perspective - - in a manner indistinguishable from traditional common carriers.

For example, when the FCC first decided that ISPs should not be subject to Title II regulation, it did so in part because: (1) the then-nascent ISPs had no market power; (2) their services were distinguishable from traditional communications services; and (3) the agency did not want to stifle the new industry’s development through unnecessary regulation. As with any similar Commission policy judgment, there would be adequate opportunity to revisit the issue as the industry evolved. Today, the ubiquity of the Internet, its central role in commerce, and the ISPs’ growing head-to-head competition with traditional telephony-based services (e.g., VOIP), provide an unassailable basis for revisiting the Title II question. The Commission can reasonably conclude that in a marketplace in which traditional wireline and mobile carriers are subject to Title II (and the agency’s statutory forbearance authority), it is irrational to leave one - - now mature - - competitor operating essentially unregulated. Articulated properly - - and backed by record evidence - - such a policy reversal should be sustained on the inevitable appellate review.

The above scenario has been dubbed the “nuclear option,” mainly by the ISPs and their financial backers, because it arguably would subject the ISPs to a host of new regulations and, most importantly, financial burdens, mostly in the form of having to contribute to the Universal Service Fund (“USF”) for the first time. However, it does not necessarily follow that exercising the nuclear option will inexorably lead to “nuclear winter” for the ISPs.

First, the bulk of Title II requirements that might otherwise be imposed on the ISPs can be eliminated under the Commission’s forbearance authority, just as those burdens have been eliminated for the traditional carriers. Second, it makes no sense to continue to exempt the ISPs from USF obligations when it is generally agreed that a critical national goal for the next decade is to ensure universal broadband access to the Internet, just as universal access to the telephone network was a national goal of the last century. While this no doubt would subject the ISPs to new financial obligations - - and perhaps skew their near-term financial projections - - such a result would hardly signal the devastation of this industry segment. To the contrary, there is no reason to believe that the ISPs will find that, simply by virtue of having become subject to Title II, the entrepreneurial acumen that drove them to their current level of success suddenly will desert them.

In short, whatever basis previously existed to support the regulatory fiction that the ISPs were not really acting as common carriers, the facts on the ground today no longer sustain that position. In a sense, the Comcast court did the FCC a favor by forcing it to at least consider revisiting the matter. Particularly given the centrality of the Internet-based economy to the nation’s future well-being, it would be irrational for the agency to continue to rely on a patently out-dated rationale to maintain this regulatory fiction.

Moreover, the courts historically have accorded the FCC considerable deference when it has reversed course based on substantial record evidence and a reasoned explanation for its actions. This is so, even when the Commission’s action has the effect of “overturning” a prior adverse court decision. The Commission clearly has the statutory authority to take such action in the context of the ongoing Net Neutrality rulemaking, and the evidentiary basis for doing so.
¹ Comcast Corp. v. Federal Communications Commission, No. 08-1291 (D.C. Cir., Apr. 6, 2010).

In the notice published in the Federal Register, the FTC emphasized that changes to the online environment, including the increasing use of mobile technology by children to access the Internet warrant accelerated review of the rule. The notice specifically seeks comment on how the use of this technology, interactive television and gaming or other interactive media impact COPPA enforcement.

The outcome of this proceeding could have a significant impact on businesses that are subject to its requirements. Expansion of the definitions of such key terms and “personal information” and the “Internet” could impose additional burdens on operators of children’s and general audience websites alike, which could, in turn, make it more difficult for businesses to engage young people and even adults online. The interest in age verification and filtering technologies should be seen as an indication that the FTC may not be satisfied with the current framework for protecting children’s privacy.

The FTC is specifically interested in:

• the use of automated systems to filter technology prior to posting as a means for effectively reviewing content generated by children;
• whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the rule’s definition of “personal information” should be expanded accordingly;
• whether there are additional technological methods for obtaining verifiable parental consent that should be added to the rule, and whether any of the methods currently included should be removed;
• Whether parents are exercising their right under the rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents; and
• Whether the rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.

Comments are due June 30, 2010. A public “roundtable” meeting has been scheduled for June 2, 2010, during which interested parties may share their views with agency staff, scholars, privacy advocates and businesses. Click here to view the text of the request for comment.

If you would like more information about the rule and the proposed changes, please contact Karen Neuman at kneuman@slrno.com.

The NBP outlines six specific goals to be adopted by 2020:

• At least 100 million homes should have affordable access to broadband at actual download speeds of at least 100 megabits per second, and actual upload speeds of at least 50 megabits per second;
• The U.S. should lead the world in mobile innovation, with the fastest and most extensive wireless networks of any nation;
• Every American should have affordable access to robust broadband service and the means and skills to subscribe to it if they so choose;
• Every American community should have affordable access to at least 1 gigabit per second broadband service for anchor institutions, such as schools, hospitals, and government buildings;
• Every first responder should have access to a nationwide, wireless, interoperable broadband public safety network; and
• Every American should be able to use broadband to track and manage their real-time energy consumption.

One of the most interesting provisions of the NBP is the identified need for some 500 MHz of additional spectrum to support mobile broadband, a substantial portion of which is proposed to be reallocated from television broadcasting. The broadcast and mobile services industries have been engaged in a running battle over spectrum for decades. In the late-1970s through early-1980s the FCC reallocated the then-generally fallow 800 MHz segment of the UHF TV band for the development of the first cellular networks. Twenty-some years later, the broadcasters surrendered another hefty slice of their upper-UHF allocation, the 700 MHz band (the bulk of which was auctioned off 3 years ago for Advanced Wireless Services), in return for which they were authorized to provide digital television, as well as multichannel video and information services. Now, having completed that not-inexpensive transition to digital operation a year ago, the FCC is proposing that television licensees “voluntarily” surrender their licenses for reallocation and auction for mobile services, in return for a portion of the auction revenue.

While the FCC clearly has the legal authority under the Communications Act to reallocate the subject spectrum today (setting aside whether it has the political will to exercise that authority), granting the broadcasters a piece of the auction pie is not within the agency’s gift. That part of the proposed “deal” will require congressional approval, which, if granted, will also provide the Commission with the necessary political cover for the reallocation.

Another component of this deal that that has been mentioned is granting those broadcasters who surrender their licenses the opportunity to become (for lack of a better characterization) local cable channels, with guaranteed access to the local cable systems (the ex-broadcast signal presumably would be distributed directly to cable head-ends via fiber). Here, too, congressional action would be required to create this new “broadcast”/cable relationship. How this might fare in the face of the inevitable constitutional challenge is problematic at best, given the fairly thin constitutional reed that presently upholds the current must-carry regime.

The obvious battle lines have been drawn on the Hill, and, as always, the devil will be in the details, while the law of unintended consequences - - the most pervasive law in Washington, DC - - will be fully in play. It will be fascinating - - if not necessarily an inspiring civics lesson - - to watch this process play itself out.

Additional spectrum-related issues also will be addressed in the various inquiry and rulemaking proceedings that will be initiated or reactivated by the FCC during the following months. These will involve, among others, examining ways to accelerate the deployment of spectrum-based smart-grid systems, low-power patient-monitoring technologies, and networks designed to operate in the “white spaces.” Particularly with respect white-space technologies, the Commission faces a potential dilemma. Its recent opening of the TV white spaces for various “smart” low power technologies has generated considerable investment in the development and deployment of such systems. However, the goal announced in the NBP, to reallocate a substantial portion of the TV band, may negatively impact the development of these new white space systems. The Commission must take considerable care to not inadvertently undermine these valuable new technologies, which can greatly increase the efficiency of use of many spectrum bands.

To read the full text of the National Broadband Plan, please click here.

For additional information on this or other matters, please contact Jeff Olson at jolson@stlro.com, 202-454-9401 or 703-628-2142.