If you cannot view this message, you can read the newsletter on the Cyberspace Law Committee website.
Newsletter of the ABA Business Law Section
  Cyberspace Law Committee
Join the Committee Online

Message from the Chair

Upcoming CLC Programs and Events
  CLC Offers Four Programs at BLS Spring Meeting:
  Maps to the Social Media Minefield Part III: Getting Social and Going Mobile
  Avoiding the Privacy Cross-Hairs: Keeping Companies that Advertise on the Internet and App Providers Away from Privacy Regulators and the New Class Action Plaintiffs
  Deploying Tools to Build or Self-Sabotage the Enterprise: How Do We Square Legal Obligations for Cybersecurity with the Increasing Use of Technologies that Undermine It?
  Tidying Up the Internet: Take Down of Unauthorized Content under Copyright, Trademark and Defamation Law

Other Programs of Interest
  March 5: Generic Top Level Domain Names: What the Recent Expansions Mean for Your Brand
  March 15: Social Media, Data Privacy, Online Gambling, and Other Hot Topics in Advertising & Promotions
  March 28-30: ABA-IPL 27th Annual Intellectual Property Law Conference
  May 3-4: ITechLaw 2012 World Technology Law Conference & Annual Meeting/b>
  Business Law Section Social Media Campaign

CLC Projects
  Project Updates from the International Trade Subcommittee
  Annual Survey of Cyberspace Law -- Authors Wanted
  Other Publication Ideas Sought
  mCommerce Subcommittee Work Session at BLS Spring Meeting

Cyber News You Can Use
  Organization for Security and Co-operation in Europe (OSCE) Releases Report on Freedom of Expression and the Internet
  Preparations Begin for 7th Annual Internet Governance Forum
  Updates on Social Media Cases of Note
  White House Proposes Online Consumer Privacy Bill of Rights
  The New gTLDs and Legal Resources

Presentations and Papers of Interest
  Cloud Computing
  Are "Clickwrap" and "Browsewrap" Legally Significant Classifications? A Note on Fteja v. Facebook, Inc. (2012 U.S. Dist. LEXIS 12991, S.D.N.Y. Jan. 24, 2012)
  Your Name Here

Newsletter Editors:
    Cheryl Dancey Balough
    cbalough@balough.com

    Lois Mermelstein
    lois@loismermelstein.com
  Message from the Chair
  Jonathan T. Rubens, Committee Chair

On the heels of an action-packed Winter Working Meeting and Cyberspace Law Institute in San Francisco, we are gearing up for a full slate of activities at the Business Law Spring meeting March 21-24 in Las Vegas. Read on for details of the terrific programming we will be presenting. And don't forget to book your ticket for our joint dinner with the corporate counsel committee.

For those of you perusing this newsletter for the first time or who have only recently joined us at a meeting, get involved with one of our subcommittees or task forces. There are several ongoing projects looking for additional contributors, and we are always interested in proposals for new projects and collaboration with other committees or groups.

Here in San Francisco, the conferences just keep coming. I expect to bump into a few cyberlawyers on the streets during the upcoming RSA and AdTech conferences, both of which should offer fertile grounds to hear about the latest in cybersecurity and digital media issues.


Jonathan T. Rubens
Chair, Cyberspace Law Committee, Business Law Section
Jonathan.Rubens@leclairryan.com


back to top ↑

 
  Upcoming CLC Programs and Events
   
CLC Offers Four Programs at BLS Spring Meeting
Kristine Dorrain, CLC Program Director

If you haven't yet registered for the Business Law Section Spring Meeting, there's still time. You will find an exciting slate of programs, including four offerings from our own Cyberspace Law Committee:

Maps to the Social Media Minefield Part III: Getting Social and Going Mobile
Kathleen Porter, Chair; John A. Rothchild; Ahmed Datoo

This program will explore the benefits and risks of employee use of mobile devices and social media in and out of the workplace, including:

  • How to strike a balance between using mobile devices for enhanced productivity and accessibility and managing security and privacy risks
  • Understanding NLRA claims for unfair labor practices resulting from an employer's promulgation and enforcement of social media policies
  • Avoiding hostile workplace claims based on one employee's harassment of another via social media postings
  • Knowing the risks an employer faces from using social media postings to evaluate job applicants
  • Challenges in accessing social media postings and personal emails or documents stored on an employee-owned device
  • Determining which employees/contractors are eligible for a device and for network access
  • Rules and technology tools for monitoring and accessing swiping mobile devices and social network postings
  • Privacy/data security compliance for data in motion and stored data
  • How training and education on use, discovery, monitoring, security, and privacy issues can improve compliance, enhance value, and minimize loss and damage

Avoiding the Privacy Cross-Hairs: Keeping Companies that Advertise on the Internet and App Providers Away from Privacy Regulators and the New Class Action Plaintiffs
Lisa Lifshitz, Chair; Ian Ballon; Andrew Serwin

In the past 18 months, more than 150 putative class action suits have been filed against social networks, mobile application providers, and advertisers who merely advertise online. This program will teach attendees what they need to know about the latest trends and legal issues relating to privacy litigation and regulation, including (i) key privacy class action and other litigation and (ii) federal and FTC enforcement of privacy laws in the social media, mobile, and web 2.0 spaces. Listen to our experts discuss corporate best privacy practices and provide insights on how companies can minimize and avoid privacy lawsuits as well share tips and strategies should privacy litigation arise.

We will cover enforcement trends with the FTC, including its new focus on the Fair Credit Reporting Act in the mobile and social media space, emerging issues in class actions involving misuse or loss of data, how social media is used by today's consumers, and issues regarding damages in private litigation. We will also cover some best practice tips on avoiding litigation, including the use of disclaimers and class action waivers, as well as emerging issues regarding mobile technology and litigation.

Deploying Tools to Build or Self-Sabotage the Enterprise: How Do We Square Legal Obligations for Cybersecurity with the Increasing Use of Technologies that Undermine It?
Roland Trope, Chair; Jamie Clark; Tanya L. Forsheit

Our panel will consider how boards of directors may need to address the growing tension between obligations to fulfill cybersecurity legal requirements and companies' efforts to take advantage of technologies such as mobile computing devices, flash drives, smartphones, social networks, and cloud computing, each of which increases cyber vulnerabilities.

Tidying Up the Internet: Take Down of Unauthorized Content under Copyright, Trademark and Defamation Law
Susan Stephan, Chair; Jon Garon

As business clients make available an ever-increasing array of online content and services, the specter of liability for inappropriate online content looms large. Still, federal law protects businesses that adopt appropriate take-down regimes for copyright infringement, defamatory content, and even improper use of competitors' trademarks. Our presenters will discuss the potential rewards, as well as the risks under federal law, of hosting user-generated content and using third party sites to promote business content online.

back to top ↑

 
  Other Programs of Interest
   

March 5: Generic Top Level Domain Names: What the Recent Expansions Mean for Your Brand
Format: Webinar

March 15: Social Media, Data Privacy, Online Gambling, and Other Hot Topics in Advertising & Promotions
Format: Webinar

March 28-30: ABA-IPL 27th Annual Intellectual Property Law Conference
The annual ABA-IPL conference will be held in Washington, DC this year. The programming includes several sessions on Internet-related issues. Early registration ends March 14.

May 3-4: ITechLaw 2012 World Technology Law Conference & Annual Meeting
ITechLaw invites you to the ITechLaw 2012 World Technology Law Conference & Annual Meeting, to be held in Washington, D.C. at the Ritz Carlton, May 3-4, for an unrivaled program featuring unique sessions led by prominent speakers from around the world.

Members of the ABA Business Law and Science & Technology Sections are eligible to register at the ITechLaw Member & Affiliate level; enter ABA12 as the affiliate code at the prompt during the registration process. Early Bird Registration savings end March 26.

You can expect a high-level, professional exchange of knowledge and skills related to technology law at this conference, which includes:

  • More than 225 industry professionals from over 40 countries;
  • 35+ renowned speakers providing in-depth presentations and contributed papers; and
  • One-on-one discussions with your colleagues from around the globe during the many networking opportunities throughout the conference.

Grow your global network through the conference's many social events, including a Welcome Reception at the exclusive Cosmos Club on Wednesday, May 2, a formal, black-tie Gala Dinner on Thursday, May 3, and our Closing Reception following the conference on Friday, May 4. Contact ITechLaw Member Services or call 1-781-876-6299 for additional information.

Business Law Section Social Media Campaign
The ABA Business Law Section has embarked upon a social media campaign. If you have not yet "liked" the BLS Facebook page, please check it out. You might also want to follow the BLS on Twitter. See https://twitter.com/#!/ABABusLaw.

back to top ↑

 
  CLC Projects
   
Project Updates from the International Trade Subcommittee
John Gregory and Hal Burman, Co-Chairs of the International Trade Subcommittee

The International Trade Subcommittee held a conference call on February 21 to follow up on its discussion at the Winter Working Meeting about the creation of a survey of activities of international organizations that may affect the law of electronic commerce. The 90-minute call reviewed work being done at the United Nations Conference on Trade and Development (UNCTAD), the United Nations Commission on International Trade Law (UNCITRAL), the Association of South-East Asian Nations (ASEAN), Asia-Pacific Economic Council (APEC), Mercosur (South American trade bloc), CARICOM (a Caribbean states trade bloc), the Organization of American States (OAS), and several African bodies, such as the Trans-Kalahari Corridor.

In the conference call, the subcommittee also considered the results of February's plenary meeting of the United Nations Council for Europe's Electronic Commerce Trade Facilitation body, UNE/CEFACT, in respect of its Recommendation 37 on interoperability of digital signature systems. This document had been the subject of some controversy. Thanks to US, Canadian and Russian submissions, as well as remarks from UNCITRAL and the International Standards Organization (ISO), Recommendation 37 will be subjected to further review by a group comprising all three bodies. This will get under way in the autumn of 2012, since the UNCITRAL Working Group on E-Commerce does not meet until October. ABA participation and especially that of Cyberspace Committee members was key to turning this around at the Geneva-based CEFACT organization.

This subcommittee will hold another call, notably on including the work of various standards bodies that may have legal implications, very likely involving collaboration with the Section of Science and Technology. That call will probably be held on March 15. A previously scheduled call will also be held that day at 2 p.m.Eastern time to discuss UNCITRAL's work on electronic transferable records, and possibly its work on online dispute resolution (ODR). Timing of the calls will be confirmed on the subcommittee's web page; call-in details can be obtained from either co-chair. The subcommittee's session at the Spring Meeting in Las Vegas will focus on UNCITRAL's work on cross border e-commerce ODR in particular.

The subcommittee is pleased that it gets its acronyms at a bulk rate.

Annual Survey of Cyberspace Law - Authors Wanted
Sarah Jane Hughes, CLC Publications Director

Committee members interested in writing for the 2012 Survey of Cyberspace Law should email BOTH Kristine Dorrain and Sarah Jane Hughes with the proposed subject and the number of book pages (1.6 double-spaced typed pages with footnotes also double-spaced = 1 book page) that they would like to use for their pieces. On average, we are looking for pieces that are about 5-10 typed pages, though we will consider pieces of greater length if needed. Kristine and Sarah Jane will get back to those interested before Spring Meeting and review page assignments and the due dates for initial drafts and follow-up work. Survey articles should cover the period from May 1 of the prior year (here 2011) to the point at which the first draft is submitted. They need to cover developments in the law - the more concrete the development is the better. They must be footnoted in compliance with scholarly journal standards, and citations should conform to the Bluebook. Please review the taxonomy of topics if you need help with a topic idea.

Other Publication Ideas Sought

If your subcommittee has an idea for an article in Business Law Today, a non-Survey piece for The Business Lawyer, an article for another journal, or a book or model contract/form project that the Business Section might publish, please let Sarah Jane Hughes know as soon as possible.

mCommerce Subcommittee Work Session at BLS Spring Meeting
Ted Claypoole and Richard Balough, mCommerce Subcommittee Co-Chairs

The mCommerce subcommittee will meet on Thursday, March 22, 2012, at the Business Law Section Spring Meeting. The subcommittee will continue with its planning for development of a paper/presentation on privacy issues concerning mobile devices, that is, cell phones, iPads, and car devices. The paper/presentation will be designed to assist business attorneys in advising clients regarding:

  • How does the collection of data affect my client?
  • What information may a business collect?
  • How may a business use the information collected?
  • What must a business disclose if it collects user data?
  • How are individuals protected from the inappropriate collection/use of data?

To answer these questions, the subcommittee will need several people to assist in conducting research and completing the paper/presentation. If you are interested in contributing to this project but cannot attend the subcommittee meeting, contact either Ted Claypoole or Richard Balough, the subcommittee co-chairs.

back to top ↑

 
  Cyber News You Can Use
   
Organization for Security and Co-operation in Europe (OSCE) Releases Report on Freedom of Expression and the Internet
Hank Judy and David Satola, Co-Chairs of Internet Governance Task Force

The OSCE is the world's largest regional security organization with 56 participating States from Europe, Central Asia and North America. The OSCE Representative on Freedom of the Media commissioned a report to assess whether and how access to and content on the Internet are regulated across the OSCE region by examining existing laws and practices related to freedom of expression, the free flow of information, and media pluralism. The comprehensive 238-page report assesses whether and how these provisions are incorporated into national legislation by the OSCE participating States, as well as the compliance of applicable national Internet legislation and practices with existing commitments under Article 19 of the Universal Declaration of Human Rights, Article 19 of the International Covenant on Civil and Political Rights, Article 10 of the European Convention on Human Rights (where applicable), as well as the case law of the European Court of Human Rights. The report is available here.

Preparations Begin for 7th Annual Internet Governance Forum
Hank Judy and David Satola, Co-Chairs of Internet Governance Task Force

The Multistakeholder Advisory Group (MAG) met at the UN Office in Geneva on February 14-16 to commence planning for the UN's 7th annual Internet Governance Forum (IGF) to be held in Baku, Azerbaijan. The MAG is the body that plans and organizes the IGF. It consists of 56 members, each participating in his/her individual capacity representing a cross-section of constituencies from governments, the private sector and civil society, as well as the academic and technical communities. Each year approximately one-third of the MAG members are replaced, and the current MAG will be reconstituted with its new members at its next meeting in Geneva in May 2012. The theme for the Baku IGF is "Internet Governance for Sustainable Human, Economic and Social Development." The meeting will include sessions on intellectual property rights, human rights, freedom of information, "net neutrality," cybersecurity and cybercrime, to name a few. You can find more information about the IGF here.

Updates on Social Media Cases of Note
Erik Pelton, Co-Chair of Marketing & Advertising Subcommittee

The US District Court for the Northern District of California ruled on January 30 that claims by PhoneDog against a former employee regarding use of the Twitter account set up by the employee were sufficiently pleaded. You can read the court's opinion here.

On January 25, the National Labor Relations Board issued a second report describing social media cases reviewed by its General Counsel. Several of the employer social media policies reviewed in the report were found to be unlawfully overbroad. Several dismissals based on Facebook posts were found to be unlawful. For more details, see the NLRB website.

White House Proposes Online Consumer Privacy Bill of Rights
Ted Claypoole and Richard Balough, Co-Chairs of mCommerce Subcommittee

Individual privacy rights would receive some protection online under a proposed "Consumer Privacy Bill of Rights" the White House recently unveiled. The Bill of Rights would be enforced by the Federal Trade Commission and individual state attorneys general. It would establish "safe harbors" for businesses that comply with guidelines established as part of an industry initiative.

The 62-page " Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy ", which incorporates the Consumer Privacy Bill of Rights, noted that privacy protections are critical to maintaining consumer trust in networked technologies. "When consumers provide information about themselves-whether in the context of an online social network that is open to public view or a transaction involving sensitive personal information-they reasonably expect companies to use this information in ways that are consistent with the surrounding contest. Many companies live up to these expectations, but some do not. Neither consumers nor companies have a clear set of ground rules to apply in the commercial arena. As a result, it is difficult today for consumers to assess whether a company's privacy policies warrant their trust," the framework stated. The framework recognizes that consumers have choices on privacy settings and whether to share personal data with others. When companies provide notice regarding privacy, the notice must be designed for mobile devices. Companies must "strive to present mobile consumers with the most relevant information in a manner that takes into account mobile device characteristics, such as small display sizes and privacy risks that are specific to mobile devices."

The Consumer Privacy Bill of Rights provides for the following:

  1. Individual control. Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
  2. Transparency. Consumers have a right to easily understandable and accessible information about privacy and security practices.
  3. Respect for context. Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  4. Security. Consumers have a right to secure and responsible handling of personal data.
  5. Access and accuracy. Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  6. Focused collection. Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  7. Accountability. Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

The White House said it will propose legislation to implement the Consumer Privacy Bill of Rights. As well, the Department of Commerce will convene stakeholder meetings to seek consensus on an appropriate, legally enforceable code of conduct.

The New gTLDs and Legal Resources
David Satola, Co-Chair of Internet Governance Task Force

Here are links to three resources the WIPO Center has compiled for parties interested in learning about ICANN's Legal Rights Objection procedure (which we hope brand owners and IGOs will not need to invoke!) and the WIPO Center's role:

  1. An FAQ on "Legal Rights Objections under ICANN's New gTLD Program - Filing a Legal Rights Objection at WIPO: What You Need To Know" ;
  2. A WIPO Center-produced summary of "Trademark Rights Protection Mechanisms for New gTLDs" ; and
  3. An updated page (a policy snapshot) on "WIPO Observations on New gTLD Dispute Resolution Mechanisms".

back to top ↑

 
  Presentions and Papers of Interest
   
Cloud Computing

Lisa R. Lifshitz, partner at Gowlings Lafleur Henderson LLP, will be speaking on March 26, 2012, at the Federated Press' 4th Cloud Computing Conference on "Understanding Cloud Computing: The Legal Risks and Components."

Are "Clickwrap" and "Browsewrap" Legally Significant Classifications? A Note on Fteja v. Facebook, Inc. (2012 U.S. Dist. LEXIS 12991, S.D.N.Y. Jan. 24, 2012)
Juliet M. Moringiello, Professor, Widener University School of Law

For over a decade, web site operators have been including forum selection clauses in their terms of service, and for over a decade, the users of those sites have challenged the enforceability of those clauses, claiming lack of notice. Fteja v. Facebook Inc. is merely the latest installment in the terms of service enforceability series. Although the court ultimately reaches the right decision on the law, holding that the user was bound because he performed the acts requested for assent after receiving reasonable notice of the terms, the court seemed to get sidetracked by a possibly insignificant distinction between clickwrap and browsewrap terms.

The plaintiff, Fteja, was a member of Facebook who claimed that Facebook disabled his account for discriminatory reasons, causing him hurt feelings, emotional distress, and damage to his reputation. Some might argue that Mr. Fteja needed to get out more. In any event, he sued Facebook in New York, and Facebook moved to transfer the action to the U.S. District Court for the Northern District of California. Facebook's terms of service state that all disputes shall be resolved "exclusively in a state or federal court located in Santa Clara County [California]." Mr. Fteja claimed that he did not remember agreeing to this clause or any part of the Facebook agreement. Facebook claimed that such a claim was impossible because no one can "become an actual Facebook user unless and until they have clicked through the registration page where they acknowledge they have read and agreed to" the terms of use.

Of course, it's possible that both Facebook and Fteja were right, but whether Fteja remembers agreeing to the terms is irrelevant if they were reasonably communicated to him. Facebook's sign up process requires prospective members to click a sign up button immediately above the sentence "By clicking Sign Up, you are indicating that you have read and agree to the Terms of Service." That sentence is underlined, indicating that it is a hyperlink. A person clicking on the hyperlink is brought to the terms of service.

In analyzing the problem, the court quickly jumped to a discussion of clickwrap and browsewrap terms. Terms of service are said to be presented in a clickwrap format when the user is asked to check a box indicating his agreement to terms that are presented on the same screen as the check box; browsewrap terms are presented by hyperlink and tend to state that use of the website constitutes assent to the terms. The court then made broad statements to the effect that clickwrap agreements are enforceable while browsewrap terms often are not unless the parties are both businesses. The statement about browsewrap may at one time have been true, but it is no longer the case.

The problem with the Facebook terms is that, like many web site terms of use, they do not fall squarely into the browsewrap or clickwrap category. The court recognized this, yet compared the terms to both the clickwrap and browsewrap formats in order to apply the case law analyzing both. Ultimately, the court discarded the clickwrap and browsewrap analogies and applied common sense, comparing the hyperlink to paper standard form terms that state at the beginning, "SUBJECT TO CONDITIONS ON LAST PAGES IMPORTANT! PLEASE READ CONTRACT." That's the right result. As the court recognized, anyone whose loss of Facebook privileges causes him mental anguish knows enough about web sites to know what a hyperlink means. If he did not read the terms, it's his tough luck.

So where does that leave the terms clickwrap and browsewrap? About a decade ago, members of this committee published two articles in the Business Lawyer (Christina L. Kunz, et al., Click-Through Agreements: Strategies for Avoiding Disputes on Validity of Assent, 57 Bus. Law. 401 (2001); Christina L. Kunz, et al., Browse-Wrap Agreements: Validity of Implied Assent in Electronic Form Agreements, 59 Bus. Law. 279 (2003)) discussing the enforceability of web site terms of use. (The groups were ably led by Professor Christina Kunz; I was a member of the second group.) The first article provided suggestions for ensuring the validity of terms requiring a click to agree, and the second discussed and analyzed the then-new case law opining on the validity of terms that did not require a click to agree. The terms clickwrap and browsewrap were convenient ways to classify the two methods of presentation, but the point of those articles was to give guidance on presenting terms in a way that would reasonably communicate their existence to offerees. Courts applied a reasonable communicativeness test to standard form paper terms long before electronic contracts came into being. Some courts faced with electronic contracts, however, embraced the terms clickwrap and browsewrap as ways to organize the exotic and intimidating world of electronic contracting.

Ultimately, the judge in Fteja recognized the enforceability of Facebook's terms depended on whether they were reasonably communicated, not whether they could be classified as clickwrap or browsewrap. Many terms today cannot be so easily classified, and individuals today are far more familiar with how web sites work than they were ten years ago. The judge in Fteja used old-fashioned contract law to rule in Facebook's favor, showing us once again that the common law of contracts is malleable enough to solve many of today's problems. Courts have long enforced choice of forum clauses in paper standard form terms, and whether one agrees or disagrees with this result, the issues presented by electronic choice of forum clauses are no different from the issues presented by those clauses in paper standard forms.

Your Name Here

We are always looking for fresh and relevant content for the CLC newsletter. Have you written or presented on something your fellow committee members would be interested in? Let them know! Email your contribution to committee Communications Directors Cheryl Balough (cbalough@balough.com) and Lois Mermelstein (lois@loismermelstein.com).

back to top ↑

 
You are receiving this Committee Newsletter because you are a member of the ABA Business Law Section Cyberspace Law Committee.
To opt-out of this publication, please visit the ABA Subscription Portal.
*        *        *
You can access the Cyberspace Law Committee website here.
*        *        *
Your e-mail address will only be used within the ABA and its entities. We do not sell or rent e-mail addresses to anyone outside the ABA.
Update your profile | Unsubscribe | Privacy Policy
American Bar Association: 321 N Clark | Chicago, IL 60654 | 800-285-2221
Business Law Section: 312-988-5588 | Section Staff | businesslaw@americanbar.org | www.ababusinesslaw.org
Copyright © 2012