Category Archives: Social Media

Blockchain in 2018 and beyond

Buoyed by Bitcoin’s latest price and a steady supply of Initial Coin Offerings (ICOs), the blockchain ecosystem in 2018 resembles the Web ecosystem of 1995 – an ecosystem that eventually disrupted advertising and marketing models by having companies such as Amazon, Google and Facebook outplace traditional retail sales and marketing companies.  This time around, however, the financial levers presently held by banks and related financial services firms will be retooled – as well as the present centralized server model so very important to the same companies who previously benefited from the Web ecosystem, namely Amazon, Google and Facebook.

Speculation vs. Utilization

in September 2017, Bitcoin was famously derided by the financial titan Jamie Dimon as “a fraud”.  The JPMorgan CEO went so far as to say he would fire anyone on his trading team who bought Bitcoin.  His gratuitous digs at Bitcoin did not temper the rise of Bitcoin and became noteworthy – and a likely source of friction with his traders, because the Bitcoin cryptocurrency went on to increase in value over three-fold a mere 1Q after Dimon’s public derision.   As of December 31, 2017, Bitcoin sits at a price of near $14,000 whereas when Mr. Dimon’s bold pronouncements were made Bitcoin “only” had a price of $4,115.

Similarly, another banker – Vitor Constancio, the vice president of the European Central Bank, said in July 2017 that Bitcoin “is not a currency but a mere instrument of speculation” – comparing it to tulip bulbs during the 17th century trading bubble in the Netherlands.

In the same way that the World Wide Web was never defined solely by Pets.com, the benefits of blockchain technology should never be defined solely by the latest price of Bitcoin.  Even Mr. Dimon acknowledges as much given during his tirade against the speculative nature of Bitcoin he also said “he supported blockchain technology for tracking payments.”

By way of background, a blockchain is nothing more than an expandable list of records, called blocks, which are linked and secured using cryptography, namely cryptographic hashes that point to each prior block and result in an unbreakable “chain” of hashes surrounding the blocks.  More accurately referred to as a distributed ledger of accounts, a blockchain ecosystem will disrupt more than one industry beginning in 2018.

The inevitable changes that will occur in 2018 spring from several unique attributes of the blockchain ecosystem.  First, because a blockchain ledger is distributed it takes advantage of the vast amount of compute power available in most every computer device.  Similar to how the Mirai botnet distributed denial of service (DDos) attack became the largest DDoS attack by simply using unsecured IoT access, blockchain technology harnesses secure unused compute power in powerful and productive new ways.  Our new IoT ecosystem – which itself is an outgrowth of the Web ecosystem, will only feed into that result.

Secondly, blockchain ledger transactions are the closest thing to an immutable form of transaction accounting we have given the transactions have been verified and cannot be changed once written to the blockchain without evidence of obvious tampering – which was always the reason Bitcoin derived any actual intrinsic value.  In other words, the promise of blockchain coupled with pure speculation has solely driven Bitcoin pricing.  By buying Bitcoin and other cybercurrencies, it is almost as if people were given a chance to turn back the clock and bet on the Web ecosystem in 1995.  Without usage for its intended purpose, namely being a trusted and immutable listing of Bitcoin transactions, Bitcoin would most certainly go to the zero valuation postulated by Morgan Stanley.  The logic is pretty straight forward – without an actual intrinsic store of value, there is no actual intrinsic store of value.  And, without some sort of intrinsic store of value there is no reason to consider Bitcoin an asset.  Accordingly, unless utilized by choice or forced to be used by a government, speculation will never be a sustainable impetus for the pricing of Bitcoin – or any other cryptocurrency for that matter.  Without utilization, tokens/app coins/cryptocurrencies will all die on the vine given external utilization will always be needed to create a store of value.

Utilization under the Ethereum protocol

Disregarding the unlikely scenario of governmental adoption, the future of any blockchain/cryptocurrency ecosystem necessarily ties directly to utilization.  Even though there are several protocols with smart contracts amendable to utilization, there is only one founded by a visionary who understands the issue of scalability and why scalability is the sine qua non of a successful blockchain ecosystem – in the same way a non-scalable Web ecosystem was always a non-starter.  An early December 2017 presentation given by that visionary – Vitalik Buterin,  talks to scalability as being the most important new initiative of Ethereum going forward in 2018.   Mr. Buterin – who will likely take the blockchain ecosystem where Gates took the PC ecosystem and Bezos took the Web ecosystem, suggests that “sharding” using a Validator Manager Contract –  a construct that maintains an internal proof of stake claim using random validators, will eventually solve the problem of scalability.  Simply put, not all blocks/shards will need to be placed under the main chain.  This is a natural evolutionary progression given as it stands now everyone seeking an Ethereum wallet needs to download Ethereum’s entire trove of over four million blocks – hardly a scalable solution for the many app tokens or coins running the Ethereum protocol.  Moreover, each Ethereum block currently also takes about 14.70 seconds to promulgateIn 2014, Buterin anticipated the feasibility of a 12 second block time so has certainly been moving in the right direction.  Given security and propagation issues, work on this remains in the infancy stage with a great deal of work necessary in 2018.  Nevertheless, in 2018 and beyond, smart contracts such as those available under Ethereum will allow for the utilization necessary for the blockchain ecosystem to thrive.

Adoption by financial markets and the Ripple Effect

Ripple/XRP surged at the very end of 2017 and quickly became a rumored stealth initiative by the regulated banking industry to combat unregulated cryptocurrencies.  Ripple promises “end-to-end tracking and certainty” for those banks using its RippleNet closed-loop network.  More than anything, this initiative demonstrates that unregulated ICOs and unregulated “currencies” may have spooked the world’s financial markets sufficiently to justify taking sides by investing in a Ripple contender – a “blockchain-like” service seeking to displace existing cryptocurrency mindshare.  Indeed, Ripple just replaced ETH/Ethereum as the second largest market cap cryptocurrency.   Even though only two financial institutions are listed as investors, that does not mean other financial institutions would not want to prop up this “currency” on the open market – the list of “advisory board members” is telling in that regard.  This bank-sponsored version of Bitcoin certainly looks like it has more legs than Bitcoin given there exists budding utilization – banks are currently already using the RippleNet network, coupled with massive speculation given its ballooning market cap.

In 2018, acceptance of blockchain technology by the financial industry will be indelible proof those mistakes of 1995 made by retail sales and marketing companies will not be repeated by the financial industry or even the server sector represented by the likes of Google – who has invested in Ripple.  More than likely, upcoming technology developments under the Ethereum protocol will beget future tokens with smarter utilization and even greater potential upside than either Bitcoin or Ripple.  In other words, the blockchain ecosystem in 2018 will be no different than the Web ecosystem as it existed in 1995.

Carpenter may prod monetization of consumer data property rights

On November 29, 2017, the United States Supreme Court heard oral argument in U.S. v. Carpenter – a case involving robbery suspects who were convicted using cellphone tracking data obtained without a probable cause warrant.  Subpoenas and warrants available under the Stored Communications Act (“SCA”) allow for access to such records without any probable cause showing.    As previously pointed out, the ACLU is looking to push the Supreme Court into making a technology-forward decision by stressing how data collection methods have improved since the 2011 arrest of Carpenter.

According to Law360, Justice Samuel Alito said at the hour-long oral argument:  “I agree with [Carpenter] that this new technology is raising very serious privacy concerns, but I need to know how much of existing precedent you want us to overrule or declare obsolete.”  Justice Alito referenced the third-party doctrine that offers no added protections to material freely given to third parties given such material is generally provided without any expectation of privacy.

At oral argument, Law360 reports Carpenter’s counsel Nathan Wessler of the ACLU said that the bank records and dialed phone numbers found in third-party doctrine cases were “more limited” and freely given to a business as opposed to cellphone location records, which many users don’t understand can “chart a minute-by-minute account of a person’s locations and movements and associations.”

Law360 also reported that Justice Sonia Sotomayor raised doubt that the third-party doctrine found in prior precedent was applicable given there are instances when sensitive data freely given to third parties – such as medical records, still require consent.  According to Law360, Justice Neil Gorsuch said:  “It seems like your whole argument boils down to if we get it from a third party we’re OK, regardless of property interest.”   And, finally according to the SCOTUS Blog, Justice Stephen Breyer recognized at oral argument: “This is an open box. We know not where we go.”

Despite the third-party doctrine, it seems the Court is leaning towards carving out Constitutional exceptions to the SCA based on data gathering technologies that may give rise to an expectation of privacy.   As often done, the Justices will likely come up with a result that takes into consideration stare decisis while meshing with new technological capabilities far removed from earlier cases.   As recognized by Justice Sotomayor in the U.S. v. Jones case of 2012, “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.  This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”

To that end, the most interesting aspect of this case involving robberies in Detroit will be how far the decision goes in helping define property rights for consumers of digital services.  In a nod to Justice Breyer’s Pandora’s Box allusion, this decision might eventually give rise to a newfound consumer awareness mandating a change in how consumer data is used by companies.  In other words, property rights acknowledged in this case may help prod consumers into seeking compensation for their consumer data property rights – something the tech amicus might not have envisioned when filing their brief in U.S. v. Carpenter.

CA lawmakers do not pass AB 375 – The California Broadband Internet Privacy Act

Succumbing to the pressure of heavy lobbying, the proposed California Broadband Internet Privacy Act was shelved early this morning by the California Senate:

If enacted, the law would have beginning in 2019 barred ISPs from monetizing consumer browsing data without first obtaining consumer consent.  In essence, large ISPs such as AT&T and Verizon would have been barred from refusing to provide service or limiting service if customers did not waive their privacy rights.  It would have also barred them from charging customers a penalty or offering discounts in exchange for waiving privacy rights.

By way of background, the FCC earlier this year pulled back on those Obama-era regulations that impacted ISPs – regulations that completely ignored the data collection practices of companies such as Google and Facebook given they were not subject to FCC regulation.  The “Net Neutrality” Red Herring previously used by lobbyists to protect those tech companies alleged ISPs deserve different treatment because they curtail broadband usage for certain segments of society – alleging that ISPs closed out the Internet for many in poorer rural communities.

Current FCC policy, however, maintains rules that protect the “openness” of the Internet.  And, the stated intent on the FCC’s May 2017 pullback was a desire to implement a “light-touch regulatory framework” that immediately leveled the field, allow the FTC to continue enforcing privacy infractions, and ultimately defer for a later date the exact parameters of any  federal consumer privacy consent law.

Currently, the privacy infractions of companies like Google and Facebook are policed by the FTC and not the FCC so having the FTC also focus on ISPs is perfectly natural within our current regulatory scheme.  After all, the only reason large ISP’s such as AT&T, Cox and Verizon even came under the FCC’s purview was because they are also telecom and cable operators.  To use this FCC front door to regulate the backdoor Internet businesses of telecom and cable operators was always forced and unnatural.  Indeed, this very public dispute between ISPs and website owners was itself s a subterfuge.  Not surprisingly, AB 375 was also opposed by Google and Facebook because “expanded privacy regulations could indirectly affect the websites’ own ability to gather and monetize user data.

As accurately stated by a libertarian blog:  “By framing this as a dispute between ISPs and websites — instead of accurately presenting it as a struggle between Internet users and anyone who would mine and sell their data, the powers that be (including lawmakers, bureaucrats, corporations, and the media) have muddied the waters to conceal a simple fact: This is actually a struggle between those who value their privacy and those who would profit by violating it.”

Perhaps fearing the demise of AB 375, a California ballot initiative proposed on September 1, 2017 would allow California consumers to know what personal information businesses are collecting from them as well as how that information is used.  As it stands, consumers obviously have no clue who ultimately processes, uses or outright purchases their data.  The California Consumer Privacy Act of 2018 will be placed on the November 2018 statewide ballot if it obtains 365,880 valid voter signatures.  This ballot initiative goes further than AB 375 given it would apply to any business that collects and deals in data for commercial purposes and not just ISPs.

The apparent premise behind this ballot initiative is that there is no longer any such thing as anonymous data – it only takes about 10 visited URLs in total to uniquely identify someone, and there certainly is no difference between what a Google or an AT&T  ultimately do with consumer data.  As it stands, relatively few use a Firefox browser set to its highest privacy setting or a Privacy Badger extension to keep Google scripts from running Google Analytics.  Even fewer users forgo Google in favor of the donation-funded DuckDuckGo search tool that allows users to browse the web without storing search results.

As suggested years ago:  “It may one day be determined, however, that an even more effective means to satisfy all constituent needs of the [online behavioral advertising] ecosystem (consumer, merchant, publisher, agency, etc.) will be to find a means to directly correlate between privacy rights, consumer data, and a merchant’s revenue.”

Until such direct financial correlation takes place – with the ensuing compensation to consumers, the true value of consumer data will never be known.  Very likely, companies who continue pilfering something consumers do not properly value will never do as well as companies that actually pay for what they want.

Given any present mass consumer education necessary to prod these issues forward will rely on online tools provided by companies with the most to gain or lose, the only immediately viable solution necessarily requires agreement from the likes of Google and Facebook.  Unfortunately, given current circumstances, there simply is no financial incentive for these companies to rock a very lucrative boat.

 

 

 

 

AG’s move against Google’s latest cy pres settlement

Without tackling the underlying merits of the case, the Attorneys General of Alaska, Arizona, Arkansas, Louisiana, Mississippi, Missouri, Nevada, Oklahoma, Rhode Island, Tennessee, and Wisconsin asked the Third Circuit to reverse approval of a $5.5 million settlement involving consumer privacy claims against Google.   Relying on Fed. R. Civ. P. 23(e)’s prohibitions against unfair settlements, the AG’s argued in their July 5, 2017 brief, the proposed cy pres settlement fund would be unfair given consumers would not receive a dime from these settlements.

In their brief, the AG’s point out that because “class members extinguish their claims in exchange for settlement funds, the funds belong to class members.”  Brief at 5.  And, simply giving these proceeds to various privacy rights groups chosen by Google and class counsel would be unfair to the actual class members.

The underlying multidistrict lawsuit – which was previously before the Third Circuit (In re: Google Inc. Cookie Placement Consumer Privacy Litigation), was filed in 2012 and alleges that Google deliberately circumvented default privacy settings used to prevent advertisers from tracking the browsing activities of persons using Safari and Internet Explorer.

Google is no stranger to cy pres funds pegged at $5.5 million.  In August 2016, Google settled a privacy suit by paying $5.5 million into a cy pres fund benefiting some of the same privacy groups looking to benefit from this latest settlement.  And, years earlier Google and Quantcast settled yet other privacy matters by way of a cy pres fund.

A cy pres fund provides the best of both worlds for defendants such as Google – it allows resolution of costly disputes while being able to fund non-profit organizations that ultimately help their cause.  Moreover, they have willing partners in class counsel given it really does not matter if an unnamed class plaintiff sees compensation so long as the settlement is approved and counsel’s fees are paid.  Hopefully, the United States Court of Appeals for the Third Circuit issues a well-reasoned opinion that guides courts around the country on this very troublesome practice.

Google pays $5.5 million to cy pres fund

Gavel at the computer keyboard

On August 29, 2016, Google resolved yet another privacy suit – this one for $5.5 million with again nothing going to consumers.  Instead, the money will go to privacy groups agreed upon by Google and class counsel. Specifically, the list of proposed recipients of this latest cy pres fund include:

  1. Berkeley Center for Law & Technology;
  1. Berkman Center for Internet & Society at Harvard University;
  1. Center for Democracy & Technology (Privacy and Data Project);
  1. Public Counsel;
  1. Privacy Rights Clearinghouse; and
  1. Center for Internet & Society at Stanford University (Consumer Privacy Project)

As previously discussed, the cy pres method of settling privacy class actions is sought after by tech companies given such a mechanism more easily helps fund non-profit partners – organizations that more often than not push for the very policies advocated by defendants.  Given that class counsel look to resolve cases as soon as possible, the settling defendant obviously dictates the cy pres recipients.   More than likely, this latest Google settlement will obtain the necessary court approval.

Hopefully, Courts in the future take a harder look at this settlement method given the lack of direct benefit to those most impacted.

Is New Jersey Seeking to Become the New California When it comes to Privacy?

By way of a recent opinion of the New Jersey Supreme Court, New Jersey became the first state establishing a Constitutional right to cell-phone location information – thereby precluding law enforcement’s retrieval of such information without a warrant or exigent circumstances.   See State v. Earls, No. A-53-11, slip op., (NJ July 18, 2013) (unanimous opinion).

Recognizing that its decision “creates a new rule of law that would disrupt the administration of justice if applied retroactively”, the Court limited its ruling to the subject defendant and prospective cases only.  Interestingly, the Court did not even make a passing reference to a 2011 New Jersey appellate court that previously ruled no privacy tort existed for the surreptitious use of a location tracking device on a car.  The Earls case is the first appellate case to build on the United States Supreme Court’s GPS decision in United States v. Jones or address in great detail the proliferation and use of location-based information.

The Court in Earles recognized that “[w]ith increasing accuracy, cell phones can now trace our daily movements and disclose not only where individuals are located at a point in time but also which shops, doctors, religious services, and political events they go to, and with whom they choose to associate.”  Not surprisingly, the Court also realized “that cell-phone location information can be a powerful tool to fight crime.” 

Relying on the New Jersey Constitution, however, the Court reasoned that individuals expect that information provided to a third party in order to procure services will only be used by the recipient – in this case a telephone company – to provide the services in question.  In addition to this affirmative expectation of privacy, there is also a concomitant expectation that this information will not also be provided to the government. 

New Jersey’s landmark decision comes on the heels of one state legislator’s proposal of an amendment to the New Jersey Constitution stating that “people have a right to privacy from government intrusion, unless the government follows the due process of law.”  In addition to a proposed Constitutional amendment, Assemblywoman Handlin is also the sponsor of six bills and another resolution that address a person’s right to privacy as well as the freedom of the press:

A-4305:  prohibits the improper release of photographs or videos captured by security cameras or other recording devices operated by public entities.

A-4306:  prohibits a governmental entity from obtaining a biometric identifier of an individual without that individual’s consent. The bill does not prohibit any law enforcement agency from obtaining biometric identifiers of someone who has been placed under arrest. A “biometric identifier” is a retina or iris scan, fingerprint, voiceprint or DNA.

A-4307:  a person who knowingly obtains or discloses personally identifiable health information, in violation of the federal health privacy rule, is guilty of a crime of the third degree.

A-4308:  this bill increases the penalties for the unlawful disclosure or use of taxpayer information by State tax officials. The purpose of this bill is to provide enhanced deterrence against violations of taxpayer confidentiality.

A-4309:  requires a Superior Court judge to approve the installation of any video camera by a public entity.

A-4310:  requires an administrative agency to include a privacy impact statement when adopting, amending, or repealing a rule.

ACR-201:  requests the President and Congress enact a federal shield law for journalists. A shield law would grant journalists notice and an opportunity to be heard in federal court in order to challenge a federal subpoena seeking phone records or other information identifying a source. Federal bills S.987 and H.R.1962, both titled the “Free Flow of Information Act of 2013,” were introduced in May 2013. The bills would establish the federal shield law.

Sandwiched between these privacy-protective efforts, exists a bill aimed at safeguarding the social media accounts of employees.  Before it was conditionally vetoed by Governor Christie in May 2013, New Jersey was teetering on passing the most onerous law in the country regarding employee social media protections – allowing for a private right of action and seeking to bar employers from even asking if an employee has a social media account.  As it currently stands, the bill – if it is ever finally signed by the Governor – will still be among one of the stronger such laws.

Despite its recent efforts, New Jersey still has a great deal of heavy lifting before it can catch up with the land of SB 1386 – California already has a constitutionally guaranteed right to privacy, over seventy privacy-related laws on the books, and multiple regulatory agencies set up to enforce these laws.   It is no surprise that Attorney General Kamala Harris’s recent report opens with the words:  California has the strongest consumer privacy laws in the country.

California’s Right to Know Law Put on Hold

As reported by the LA Times, “a powerful coalition of technology companies and business lobbies that included Facebook, Inc., Google, Inc., the California Chamber of Commerce, insurers, bankers and cable television companies as well as direct marketers and data brokers” were able to stop a California bill aimed at giving consumers greater insight as to the use of their personal data.

First introduced in February by Assemblywoman Bonnie Lowenthal (D-Long Beach), the proposed Right to Know Law (AB 1291) would have implemented major revisions to existing law and created new rights for consumers.  Specifically, the proposed law would require

any business that has a customer’s personal information, as defined, to provide at no charge, within 30 days of the customer’s specified request, a copy of that information to the customer as well as the names and contact information for all 3rd parties with which the business has shared the information during the previous 12 months, regardless of any business relationship with the customer.

This new level of transparency might have helped sooth consumer concerns.  According to a 2012 USC Dornsife/Los Angeles Times poll, “82 percent of Californians said they are “very concerned” or “somewhat concerned” about Internet and smartphone companies collecting their personal information.”   On the other hand, providing a full and accurate accounting of who had access to a consumer’s data – even to only the small percentage of consumers who would actually take the time to request it – would have generated a major undertaking for a wide range of companies.  It is not surprising that the companies who fought so hard to pull the plug on this bill represent a very diverse coalition of businesses.

Even if this bill does not get revived in a new form sometime in the future, the prospect of what it might have brought to the table should serve as a wake up call to those businesses deep into online behavioral advertizing.  It may be time to better understand just who has access to what information – and it may not eventually matter whether that information belongs to a current client or consumer or whether it was anonymized.  As usual, staying in front of the regulatory curve remains a sound business practice.

Financial Correlation of Privacy Rights

In Letting Down Our Guard With Web Privacy, published on March 30, 2013, the author details ongoing research being conducted by Alessandro Acquisti, a behavioral economist at Carnegie Mellon University.  Mr. Acquisti’s research is cutting edge when it comes to online behavioral advertising (OBA)  and associated consumer behavior.  Indeed, he’s the academic who famously announced in 2011 that one might be able to discover portions of someone’s social security number simply by virtue of a posted photograph.   His research often distills to one major premise – consumers may not always act in their best interests when it comes to online privacy decisions.

It appears consumers and merchants alike may be missing out on fully cultivating a very valuable commodity.  According to the World Economic Forum, “personal data represents an emerging asset class, potentially every bit as valuable as other assets such as traded goods, gold or oil.”  Rethinking Personal Data:  Strengthening Trust, at 7, World Economic Forum Report (May 2012).  Before this asset class can ever be completely exploited and fully commercialized, however, its constituent value components must be correlated by all in the privacy food chain.

Over three decades ago, it was recognized that the three pillars of privacy – the very foundation of personal data – secrecy, anonymity, and solitude, were distinct yet interrelated.  See Gavison, Ruth, Privacy and the Limits of Law, 89 The Yale Law Journal 421, 428-429 (1980) (“A loss of privacy occurs as others obtain information about an individual, pay attention to him, or gain access to him. These three elements of secrecy, anonymity, and solitude are distinct and independent, but interrelated, and the complex concept of privacy is richer than any definition centered around only one of them.”).

Current OBA has made it so these three privacy pillars may be confusing for consumers to value, manage, and isolate when online – it is not generally up to consumers whether they will be fed an ad based on previous website visits or purchases – it will just happen.  Indeed, according to a survey of 1,000 persons conducted by Ipsos Public Affairs and released by Microsoft in January 2013, forty-five percent of respondents felt they had little or no control over the personal information companies gather about them while they are browsing the Web or using online services.  This view may not be unfounded given that data routinely gathered online, e.g., operating system, browser, IP address, persistent cookies, last used server, can be used to divulge the activity of individual devices.

The privacy trade-offs being researched by Mr. Acquisti and others offer insight into the true value of these data constituents.  Consumers who try to “shut off” or render anonymous access to their device’s data or settings, would not only likely fail in their attempt at being anonymized, they would also lose out on access to most social media and other websites requiring browsers to accept cookies as well as product offers that may presumably are of interest.  Indeed, this coordinated tracking of consumers is not even unique to the Internet.   See generally Bibas, Steve, A Contractual Approach to Data Privacy, 17 Harv. J. Law & Public Policy 591 (Spring 1994) (“Although the ready availability of information helps us to trust others and coordinate actions, it also lessens our privacy. George Orwell presciently expressed our fear of losing all privacy to an omniscient Big Brother.  Computers today track our telephone calls, credit-card spending, plane flights, educational and employment records, medical histories, and more.  Someone with free access to this information could piece together a coherent picture of our actions.”).  There are even companies that bridge the gap between offline and online activities by taking in-store point of sale purchases and converting such data to an anonymous online cookie ID that will eventually be used online by clients.  Such use of in-store data is generally permissible under a retailer’s loyalty program.

Current law does not generally prevent someone from collecting public information to create consumer profiles – nor is there the right to opt out of having your public record information sold or shared.  And, when one wants to self-determine whether data will be disclosed or whether he or she will be “untraceable”, “anonymous” or “left alone”, there may not always exist the ability to easily curtail these rights from being exploited – there is certainly no way to obtain a direct financial gain in return for the relinquishment of such privacy rights.  Instead, there has generally been a “privacy for services” marketing/advertizing arrangement that has been accepted by consumers – which, in fact, has helped pay for and fuel the growth of the commercial Internet.

The current OBA ecosystem does not posit a “loss of privacy” as much as it offers a bartering system where one party feels the value of what is being bartered away while the other party actually quantifies with cascading/monetizing transactions what is only felt by the other party.  In other words, it is not a financial transaction.  Those who are able to find an entertaining online video or locate a product online using a search engine don’t really mind that an ad will be served to them while visiting some other website given they feel this loss of privacy is worth the value of the services being provided.

Ironically, the interactive advertising industry itself may believe it is collecting too much sensitive consumer data.  According to a study conducted by the Ponemon Institute, 67 percent of responding online advertisers believe “limiting sensitive data collection for OBA purposes is key to improving consumer privacy and control when browsing or shopping online.” Leading Practices in Behavioral Advertising & Consumer Privacy:  A Study of Internet Marketers & Advertisers, at 2, The Ponemon Institute (February 2012).

As recognized by privacy researchers, “[e]mpirical evidence on the behavioral effects of privacy is rather scarce.”  Regner, Tobias; Riener, Gerhard, Voluntary Payments, Privacy and Social Pressure On The Internet: A Natural Field Experiment, DICE Discussion Paper, No. 82 (December 2012) at 6.  Although “some consumers are willing to pay a premium to purchase from privacy protective websites”; there is no measure of what that premium should be or how widespread a factor it is for consumers as a whole.  Id. at 7.

More often than not, consumers have been “often willing to provide personal information for small or no rewards.”  Losses, Gains, and Hyperbolic Discounting: An Experimental Approach to Information Security Attitudes and Behavior, presented by Alessandro Acquisti and Jens Grossklags at the 2nd Annual Workshop on Economics and Information Security, College Park, Maryland, May 2003, at 4.

This does not mean researchers have not tried to quantify a “privacy valuation” model.  In 2002, a Jupiter Research study found 82% of online shoppers willing to give personal data to new shopping sites in exchange for the chance to win $100.  See c.f. Tsai, Janice; Egelman, Serge; Cranor, Lorrie; Acquisti, Alessandro; The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study, Information Systems Research (February 2010) at 22 (describing survey results which concludes that “people will tend to purchase from merchants that offer more privacy protection and even pay a premium to purchase from such merchants.”); Beresford, Alastair; Kübler, Dorothea; Preibusch, Sören, Unwillingness To Pay For Privacy: A Field Experiment, 117 Economics Letters 25 (2010) (“Thus, participants predominantly chose the firm with the lower price and the more sensitive data requirement, indicating that they are willing to provide information about their monthly income and date of birth for a 1 Euro discount.”).

In his 1994 paper, A Contractual Approach to Data Privacy, Steve Bibas suggests that individual contracts may provide the best solution to the privacy compensation dilemma:  “In the hands of the contracting parties, however, flexibility allows people to control their lives and efficiently tailor the law to meet their needs. Flexibility is the market’s forte; the pricing mechanism is extremely sensitive to variations in valuation and quickly adjusts to them.”  Bibas, 17 Harv. J. Law & Public Policy 591 (Spring 1994).   Mr. Bibas, however, recognized the limitations in what could be accomplished with privacy transactions that relied only on static privacy trades.  In other words, a model that might be effective is one that customizes the financial rewards to consumers are based on a continuous exchange of information between the consumer and merchant.

One problem most consumers face when using commonly marketed solutions that are meant to safeguard their privacy is that they fail to also create an acceptable value proposition for merchants.  As well, those recently formed companies promising a private web experience will not be able to – nor should they even try – to curtail firms from using OBA to reach consumers.  For the foreseeable future, OBA will continue to drive the Internet and “pay” for a much richer and rewarding consumer experience than would otherwise exist.  It may one day be determined, however, that an even more effective means to satisfy all constituent needs of the OBA ecosystem (consumer, merchant, publisher, agency, etc.) will be to find a means to directly correlate between privacy rights, consumer data, and a merchant’s revenue.

Sins of our Marketers: SMS, the Telephone Consumer Protection Act, and Strict Liability

In continuing a trend that took hold nearly four years ago in Satterfield v. Simon & Schuster, Inc., 569 F. 3d 946 (9th Cir. 2009), a putative class action was filed on January 25, 2013 alleging that unsolicited SMS texts give rise to statutory damages under the Telephone Consumer Protection Act (TCPA).  Although the suit may have been brought against a big box retailer the allegations are based on the conduct of “a mobile technology company whose identity is currently unknown.”

Under the TCPA, it is unlawful to make “any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system [ATDS] . . . [to any] cellular telephone service.” 47 U.S.C. Sec. 227(b)(1)(A).  Although the TCPA was enacted years before SMS was a reality, the FTC, as well as courts in California and Chicago, have interpreted the undefined term “any call” to include  SMS texts so long as the SMS text was sent using an ATDS.

Courts have already ruled that “the TCPA is essentially a strict liability statute which imposes liability for erroneous unsolicited faxes.” Alea London Ltd. v. Am. Home Services, 638 F.3d 768, 776 (11th Cir. 2011) (citation omitted).  See also Universal Underwriters Ins. Co. v. Lou Fusz Auto. Network, Inc., 401 F.3d 876, 882 (8th Cir. 2005) (“The Act makes no exception for senders who mistakenly believe that recipients’ permission or invitation existed.”).  This means that class action counsel need only demonstrate that the SMS messages went out unsolicited via an ATDS and statutory damages will likely follow.

As now being pressed in the Hill putative class action filed on January 25, 2013, this strict liability for unsolicited SMS messages may also extend from the actual sender, i.e., marketer, to the retailer.  Several years ago, the FTC responded to a request for public comments filed by the FCC regarding the following two questions:   “First, does a call placed by an entity that markets a seller’s goods and services qualify as a call made on behalf of, and initiated by, the seller, even if the seller does not physically place the call?; and second, what should determine whether a telemarketing call is made “on behalf of” a seller, thus triggering liability under the TCPA?”

The FTC answered with a vigorous defense of its view that “the plain meaning of the law and its regulations supports holding sellers liable for calls made for the seller’s benefit.”  Given the FTC was merely responding to the FCC’s request for comments and given the FCC has yet to release its final ruling, it remains to be seen whether the courts will ultimately side with the FTC view.  Indeed, several courts have explicitly rejected the FTC position regarding vicarious strict liability.  See e.g.Mey v. Pinnacle Security, LLC, No. 5:11CV47, slip op. at  (N.D.W.Va. Sept. 12, 2012) (“In the Spring of 2011, the FCC released a public notice requesting comment on the issue of strict “on behalf of” liability under §227(b)(3), and this Court has not received information that a ruling has yet been issued on the matter.  26 FCC Rcd 5040. . . . Accordingly, this Court finds that the TCPA does not provide strict “on behalf of” liability under § 277(b)(3).”) (citing Thomas v. Taco Bell Corp., 2012 U.S. Dist. LEXIS 107097, No. SACV 09-01097-CJC (C. D. Calif. June 25, 2012).

Whether or not the FTC is ultimately vindicated by the courts on this issue, it is clear that the FTC is not oblivious to the mechanics of mobile marketing.   For example, the FTC has found that a one-time text message confirming a consumer’s request that no further text messages be sent was not violative of the TCPA.  Notwithstanding any current temporary safe harbor that may exist, the takeaway remains that firms may be on the hook for what their marketing, promotional, and advertising firms are doing when it comes to SMS campaigns.

Given the FTC’s stated desire to visit on innocent retailers the sins of their marketers and the difficulty to insure against this risk, it is obviously more important than ever for those who rely on SMS campaigns to always verify appropriate consent and obtain suitable contractual indemnifications.

First Amendment Does Not Save NJ Teacher from Postings Firing

In a January 11, 2013 ruling, the New Jersey Appellate Division upheld the administrative dismissal of a first grade teacher.  She had argued that the First Amendment precluded her firing — which was based on two Facebook postings.  In the Matter of the Tenure Hearing of Jennifer O’Brien, (NJ App. Div. January 11, 2013).  One of her statements was, “I’m not a teacher — I’m a warden for future criminals!”

O’Brien said she posted the statement that her students were “future criminals” because of “their behaviors, not because of their race or ethnicity.”  She also stated that “six or seven of her students had behavioral problems, which had an adverse impact on the classroom environment.”  Id. at 4 – 5.

In finding that she failed to establish her Facebook postings were protected speech, the Appellate Division found that “even if O’Brien’s comments were on a matter of public concern, her right to express those comments was outweighed by the district’s interest in the efficient operation of its schools.”  Id. at 11.

This ruling sits in contrast to the NLRB’s frequent warnings regarding the sanctity of worker postings — especially when the postings pertain to workplace conditions.  The cringe-worthy nature of these postings, the fact they were directed at first graders, and the deference accorded administrative proceedings certainly all made it easy for the Appellate Division to rule as it did.  In other words, employers should not take great comfort in this ruling when evaluating whether to discipline employees for inflammatory postings.