Virtual reality takes to the air and rests beneath your feet, a smart toy and a weaponized GIF inspire lawsuits (separately), Slack invests in bots, and more!
Posted
“Life Is Short. Settle with the FTC” – The Cost of Ashley Madison’s 2015 Data Breach
On December 14, 2016, operators of online extramarital dating and social networking website AshleyMadison.com came to an agreement with the Federal Trade Commission, and several States, to settle FTC and related state charges that the website deceived consumers and failed to protect 36 million users’ account and profile information. As we discussed immediately following the July 2015 breach (and in several later posts) the data of some 36 million AshleyMadison.com accounts was posted online. It was reported by KrebsOnSecurity that the breach included the theft of user databases, financial records (including salary information), and other records from AshleyMadison, Cougar Life, and Established Men, three social networking web sites operated by the Toronto, Canada-based firm Avid Life Media, now known as Ruby Corp.
Posted
The Freedom to Yelp: Congress Curbs ToS Overreach
Worried about a company retaliating against you when you post a negative review on Yelp or TripAdvisor? Worry no longer because Congress has your back. Last week, Congress passed a law that will make it illegal for companies to retaliate against U.S. consumers who post negative reviews online.
Posted
DMCA Safe Harbor: Re-Register Your Designated Agent with the U.S. Copyright Office!
The U.S. Copyright Office issued a final rule effective December 1, 2016, addressing one of the requirements for social media operators and other companies that allow users to post content online to qualify for the DMCA safe harbor. In “DMCA Safe Harbor: Registration Time,” colleagues Michael Heuga and Cydney Tune discuss what companies with a DMCA designated agent need to do to satisfy the new registration requirement under the updated rule.
Posted
FriendFinder Data Breach Exposes 400 million+ Accounts
FriendFinder Networks is a company in the adult entertainment, social networking, and online dating space. Several databases from FriendFinder Networks web sites with more than 412 million accounts, including usernames, e-mails, and passwords, have been breached and leaked.
November reports of this data breach on The Verge, LeakedSource and TechCrunch, to name a few, describe it as of one of the largest security breaches of 2016, and possibly the largest breach to date, surpassing the breach of approximately 360 million Myspace usernames, passwords and e-mail addresses reported earlier this year.
Posted
The FBI Dips into Twitter’s Data Stream
Following up on our earlier post regarding the Era of Hashtag Surveillance, the FBI has published documents indicating that it intends to enter into a deal with a Twitter data miner, appropriately named Dataminr (and partially owned by Twitter), for access to its monitoring technology. Techcrunch reports that the FBI disclosed its intent to enter into a licensing agreement with Dataminr for access to Twitter’s “firehose” data stream. As opposed to the normal data streams that Twitter makes available to the public which only provide access to a fraction of the posts made to the site, the “firehose” stream contains all public posts made on Twitter and would essentially allow a user to search, in almost real-time, every post made to the service.
Posted
When It Comes to the DMCA, a Red Flag Becomes Harder to Fly
It is unlikely that when Stephanie Lenz posted a home video of her children dancing to Prince’s “Let’s Go Crazy” on YouTube, she could have anticipated that, nearly a decade later, she would be seeking U.S. Supreme Court review in connection with that video. In Lenz v. Universal Music Corp., Ms. Lenz sued Universal Music Corporation for taking her video down from YouTube pursuant to a takedown notice sent to YouTube. That was in 2007. Universal claimed that the video violated their copyright in the “Let’s Go Crazy” song. As we previously discussed, the takedown notice is a provision in the Digital Millennium Copyright Act (DMCA) that allows copyright holders to require a service provider, like YouTube, to “expeditiously” remove copyright-infringing content in order to avoid any liability for the infringement. Critics of this provision complain that it is often abused by corporate copyright holders to unjustifiably take down content that might otherwise constitute fair use. Ms. Lenz sent a counter notification to YouTube claiming fair use, and the video was subsequently reposted weeks later. Nonetheless, Ms. Lenz sued Universal for misrepresentation based on a little used provision of the DMCA and sought a declaration that her use was non-infringing. That provision, or Section 512(c)(3)(A)(v), requires that for the takedown notice to be effective, the copyright holder must have a “good faith” belief that use of the content is not authorized by the copyright holder, its agent or the law.
Posted
The FTC Offers Businesses Tips on How to Respond to a Data Breach
It seems like managing data breaches has become a part of doing business these days. From the October denial of service attack on Dyn (a company that provides core internet services to companies like Twitter, Spotify and Netflix) to the recent hacks of the Clinton campaign’s emails, data breaches are increasing in frequency, scope and cost. The average cost of a data breach increased to $4 million in 2015, and the 2016 Cost of Data Breach Study: Global Analysis published by IBM and the Ponemon Institute places the likelihood of a company having a material data breach involving 10,000 lost or stolen records in the next 24 months at 26 percent.
Posted
#BigBrother and the Era of Hashtag Surveillance
Earlier this month, the ACLU published a report alleging that it had obtained public records showing that social media user data such as location tracking, photos and hashtag usage may have been used by law enforcement to monitor activists and protests. ACLU claims that records show that Twitter, Facebook and Instagram provided user data access to Geofeedia, a developer of a social media monitoring program that is marketed to law enforcement agencies as a tool for such tracking. According to the report, law enforcement used the monitoring program to track protests in Baltimore and Ferguson, Missouri.
Posted
Augmented Reality, and the Inevitable Regulations, Go!
Well before Pokémon Go burst onto the mobile gaming scene in July, we had written about some of the pitfalls associated with AR gaming. When the game netted some 45 million daily users in just a few weeks, we talked about Pokémon Go some more (potential liabilities and clickwrap enforcement challenges). But while the game’s popularity has begun to wane, the enthusiasm for augmented reality has likely just begun.