Round 2: Facebook under fire once again, but this time for scanning private messages

Round 2: Facebook under fire once again, but this time for scanning private messages

In a previous post, we discussed the lawsuit filed against Facebook in Illinois for its facial recognition technology. Surprisingly, Facebook is under fire once again for its data collection methods. This time Facebook may have violated federal privacy laws by scanning user’s private messages. A class-action lawsuit was filed on May 18, 2016 against the social media site. The suit claims that Facebook was scanning and logging URLs sent through its private messaging system. The plaintiffs claim Facebook scans these URLs to better advertise to its users by providing more user-targeted ads. Facebook has said they engage in the practice of scanning URLs for anti-malware protection and to comply with industry standards on child pornography searches. The company also said URLs are scanned in bulk and that URL data is anonymous. This statement originally made it seem like Facebook would not be able to come up with user-targeted ads by scanning private messages. However, the company later said they may have also used their scanning for advertising purposes and to boost “like” counts.

If Facebook did use their system to better target users with their advertisements, the social media giant may have violated the Electronic Communications Privacy Act and the California Invasion of Privacy Act. Attorneys for the plaintiffs’ were able to gain an abundant amount of information about the site’s data collection methods, but there were some exhibits that were still sealed. After engaging in the discovery process, the plaintiffs’ attorney said “the records that Facebook creates from its users’ private messages, and which are stored indefinitely, may be put to any use, for any reason, by any Facebook employee, at any time.” This statement definitely would shock Facebook users and may be the reason Facebook is aggressively fighting the lawsuit.

Facebook continues to argue that their users remain anonymous after their private messages are scanned. The plaintiffs completed a technical analysis on their own to disprove Facebook’s claims and they were successful. The analysis showed that Facebook collected the date, time, content, sender, and recipient of each private message. Attorneys for Facebook said they were”speculative” of this analysis.

Although the plaintiffs may succeed in their lawsuit against Facebook, they should not expect any monetary damages. The court ruled that Facebook can be prohibited from scanning private messages in the future, but the company would not be required to payout the plaintiffs because the company’s  conduct did not result in actual harm. Everything shared on Facebook is often shared on purpose, but users should have been able to expect privacy when sending private messages. The plaintiffs filed an amended complaint. Facebook continues to hold its position that it never aimed to compromise the security or identity of its users to third parties.

Source referenced: The Verge

Facebook under fire for Facial Recognition Technology

Facebook under fire for Facial Recognition Technology

In a previous post, we discussed how we will be seeing a rise in litigation over biometric data in the near future. Facebook’s photo tagging lawsuit is one of the first examples. Despite Facebook’s attempts to throw out the case, a federal judge has permitted a class action lawsuit against the social media giant’s facial-recognition technology. The technology automatically matches names to faces in photos uploaded to Facebook. It was an attempt to make “tagging” friends easier for users and first became available in 2010.

The case was initially filed in Illinois and has since transferred to California. The suit alleges that Facebook’s facial-recognition technology violates an Illinois Biometric Information Privacy Act (BIPA) statute by not informing users about the collection of biometric data. Facebook has said that photo-tagging is disclosed in its terms of service and that users can opt out of the technology at any time. Judge Donato, the San Francisco federal judge who denied Facebook’s request to toss the lawsuit, said protecting the privacy of its users must be a priority for Facebook and that collecting biometric data without their permission is unethical. Facebook previously said they invented the technology to help users, but did not comment on Judge Donato’s decision.

Why is Facebook being targeted?

Facial recognition technologies have been widely used by other social media websites and apps as well. Snapchat is a great example. The app uses the front-facing camera to put “filters” on the user’s face. Like Facebook, Snapchat is known to use facial recognition technology to store information about its users. This brings up the question of why Facebook is being targeted, while other social media websites and apps seem to be getting a free pass. The answer is actually quite simple: Facebook is too good at facial recognition. When comparing Facebook’s facial recognition technology to the FBI’s system, Facebook performs much better. According to Facebook, they are able to identify a person correctly 98% of the time. The FBI’s General Identification system only identifies people correctly 85% of the time. Part of the problem with the FBI’s system is that they are only able to recognize photographs taken straight on, such as a mugshot, whereas Facebook can identify users in nearly any setting. The FBI also has a larger database than Facebook to search. Facebook’s facial recognition software has become one of the world’s most advanced systems in the world and this lawsuit may be seen as an attempt to curve their power and capabilities.

Sources referenced:

  1. ABA Journal
  2. USA Today
  3. NPR
California Authorities and Biometric Technology

California Authorities and Biometric Technology

Police Departments and Biometric Data

Police departments in California have been using biometric data to identify fingerprints and recognize faces in an effort to find suspects. Agencies around the state have been using smartphone cameras and mobile apps to recognize faces of suspects. Los Angeles, San Jose, and a couple of other agencies use fingerprint data from biometrics to match them with criminal files. Some police departments are also beginning to use tattoo and iris recognition to catch lawbreakers. Los Angeles County police departments are willing to go as far as using DNA recognition and analysis to catch criminals, but this new technology will likely come with a hefty price tag. The facial and tattoo recognition biometric technology has already cost $2 million and the next step of the technology can cost up to $10 million.

Why are Los Angeles Country Police Departments in the Spotlight?

Los Angeles County police departments seem to be at the forefront of biometric technology. This may be a result of the San Bernardino Shooting. As people around the nation were watching Apple and the FBI battle over unlocking the San Bernardino shooter’s phone, something else was going on in Glendale, a city only an hour away from San Bernardino. Authorities in Glendale had found a phone that belonged to an Armenian gang member. When they found the suspect’s girlfriend,Paytsar Bkhchadzhyan, authorities wanted her to unlock her phone so they could get more information about the alleged gang activity. Her iPhone was protected by her fingerprint, but she was required to comply with the authorities and provide her fingerprint. This forced many to ask the question of how far the government could go to obtain fingerprints and other biometric markers.

Is the government going too far with biometric data?

Many lawyers and scholars were outraged after Bkhchadzhyan was forced to provide her fingerprint. Law professor Susan Brenna said the contents of a phone may be incriminating and therefore forcing someone to provide their fingerprint may be a violation of the 5th Amendment. Bkhchadzhyan’s finger was seen as testimony by many scholars and the information in the phone was seen as physical evidence. The US Supreme Court allows authorities to search phones and has permitted authorities to compel people in custody to provide fingerprints without a judge’s permission. Many people were upset by this issue of forced unlocking with a fingerprint, but others argue that the information found in a phone is similar to something that would have been found with a warrant. George Dery, a law professor and a lawyer, said, “Before cell phones, much of this information would be found in a person’s home. This has a warrant. Even though it is a big deal having someone open up their phone, they’ve gone to a judge and it means there’s a likelihood of criminal activity.”

The legal battle between Apple and the FBI really forced many people to take a critical view at the government and how authorities may be collecting too much information about average Americans. Although it was uncommon to see lawsuits over fingerprints and biometric data in the past, we expect to see a lot more litigation on this issue in the coming years. Since police departments in California are working on purchasing newer technologies to gather more data, we may see more lawsuits arising in the state in the near future.

Sources referenced:

  1. ABA Journal
  2. PC Mag
  3. Los Angeles Times
Is your Smart TV spying on you?

Is your Smart TV spying on you?

Quick Recap

Vizio, a consumer electronic company known for its affordable televisions, recently came under fire for its data collection methods. A feature in the televisions, Smart Interactivity, collects information about the user’s viewing habits and remains active unless you opt out of it. Vizio then shares the data it collects with third parties, such as advertisers and content providers. However, Vizio argues they never shared any information that would lead the third parties to identify the user. It is important to note that Vizio does not consider IP addresses to be personal information.

Lawsuits

Two federal lawsuits were filed in California against Vizio in November of 2015, one in Northern California and the other in Central California. The suits allege that tracking violates CA consumer laws because private information is disclosed without permission of the viewer. While purchasers can opt out of the data collection, they are not provided with adequate disclosures on the information being shared about them in the time they did not opt out. Both lawsuits were mainly concerned with Vizio violating the Video Privacy Protection Act, which prohibits “any company engaged in rental, sale or delivery of audio visual content and not necessarily just video tapes—from divulging any personally identifiable information about its customer to a third party, except where the customer has clearly consented to such data sharing.” Vizio consumers never consented to the data sharing. In addition to Vizio being named as the defendant, the lawsuits also went after the company that provided the software to track users.

The new year brought good news for Vizio. Judge Beeler, in the Northern California lawsuit against Vizio, approved the order for the companies to use mediation to resolve their dispute. Since these lawsuits quickly became class action lawsuits, there are hundreds of thousands of people demanding answers from the television company.

With the majority of the televisions becoming smart televisions, we urge consumers to be careful in protecting their privacy. Not only are smart televisions capable of tracking your viewing habits, they can also track your cell phone number if that cell phone is connected to the same Wi-Fi as the television. While Vizio did not directly respond to the lawsuits, they continue to state that users can opt out of the Smart Interactivity feature.

Sources:

  1. ABA Journal
  2. TechHive
  3. Top Class Actions
  4. Northern California Lawsuit
  5. Central California Lawsuit
Giving away your Trade Secrets to protect them?

Giving away your Trade Secrets to protect them?

California Code of Civil Procedure Section 2019. 210 is something to consider if you want to pursue trade secret litigation, especially if you are the one alleging the trade secret misappropriation. California’s Section 2019. 210 requires that the party alleging the misappropriation must identify the allegedly stolen trade secret “with reasonable particularity” before commencing discovery in litigation.

This may not seem as a problem right away, but imagine being in the following situation. Your company has three key trade secrets. One of your employees decides to leave your company and work for your competitor. She also takes a briefcase full of documents with her, but you do not know which documents she took. In order to sue the former employee and get any discovery in the case, you must identify those stolen trade secrets. Now, the question is whether you should give away all three trade secrets, or only two. What if you identify two trade secrets and the employee only had one? Clearly, the person alleging the trade secret misappropriation faces a lot of trouble.

On the other hand, Section 2019. 210 can be a powerful weapon to fight frivolous lawsuits and discovery requests. However, the key point here is that if you are looking to file a trade secret misappropriation case, you should probably consider other options before starting a lawsuit.

Source referenced: JD Supra

Legal Challenges with Online Reviews

Legal Challenges with Online Reviews

If you have ever bought something on Amazon or tried to find a new restaurant to eat at, one of the first things you probably did was read reviews and consider what other people had to say about the product or the restaurant. Turning to Yelp or the reviews section on Amazon is becoming an ordinary thing. People selling these products and business owners know the value potential customers place in their reviews and they are trying their best to keep customers happy or prevent them from writing negative comments. Some business owners are even willing to pay random people, who have never bought the product or visited their business, to write positive reviews. Robert Lee found himself in the middle of an online review lawsuit after visiting a New York City dentist.

The Incident with the Dentist

Lee visited Dr. Stacy Makhnevich at Aster Dental when he was in desperate need of treatment for his toothache. Before Dr. Makhnevich treated Lee, he signed a “mutual agreement to maintain privacy” contract which said he would not be able to comment about the services of the business. The dentist, according to the agreement, had a copyright protection and Lee would not be able to publicly comment on her services. Lee received his treatment and later realized he was overcharged. In addition, Dr. Makhnevich would not give him the dental records he needed to be reimbursed by his insurance company. Lee started writing negative reviews of the dentist on Yelp and other dental sites. When Dr. Makhnevich read the reviews, she demanded the online companies take the reviews down. She also sued Lee for copyright infringement. Lee fought back and aimed to invalidate her copyright claim. In the end, the U.S. District Court for the Southern District of New York said the privacy agreement was null and void. The agreement was found to be deceptive and Lee was awarded more than $4,700.

The reason dentists like Dr. Makhnevich and other business owners are so aggressive about their online image is because a 2015 survey by Mintel Group Ltd. showed that 54% of people read online reviews before purchasing goods or services. Harvard Business School found that adding even one star to a restaurant’s Yelp page can increase business by 5-9%. However, consumers are very intelligent and can be very suspicious of companies with only positive reviews. This should serve as a warning to business owners.

Freedom of Consumer Speech

Consumers have certain rights in the market and one of these rights is to speak their mind about the products and services they purchase. Since more and more business owners are including consumer gag clauses into their agreements, there are laws being put in place to protect consumer speech. Strategic lawsuits against public participation, or SLAPP suits, specifically spell out consumers’ rights to post negative, fact-based reviews. California’s Civil Code 1670.8 made the state the first in the nation to give consumers the right to post negative, honest reviews on Yelp. Congress is working towards passing a nation-wide law similar to California’s.

Companies like Amazon and Yelp are working with the FTC to make sure no fake reviews are posted online. The FTC also says consumers cannot be reimbursed in any way for writing positive reviews. Amazon and Yelp have even stricter guidelines and use “artificial intelligence to determine whether a review is legitimate and whether the poster and marketer have a connection.” Some authors on Amazon believe the company is being too strict by taking down reviews of people who received the book for free. Fans of the author are also not permitted to post reviews. A petition has been started by several authors to get Amazon to change its online book reviews policy. However, this effort seems unlikely to succeed.

Taking Fake Reviewers to Court

In 2015, Amazon named more than 1,000 John Doe users who created fake reviews. In an effort to provide customers with honest reviews, Amazon specifically shows “Amazon verified purchase” tags from consumers who bought the product. However, the problem of whether these people actually received the product and used it before reviewing it still remains. Many believe Amazon and other companies should not take their concerns over online reviews to the court because “the Communications Decency Act holds that an internet service provider can’t be held liable for something published by a third party—like a reviewer.” Amazon’s suit did lead to the shutting down of a few websites that sold reviews. Yelp filed a similar lawsuit against websites selling reviews and won by default when the defendant failed to show up to court. Both Amazon and Yelp agree that going to court is their last resort. They have practices in place to detect and stop fake reviewers before taking them to court.

New York Attorney General Eric T. Schneiderman has been working with Yelp and other companies to identify fake reviews. Many companies pay workers overseas $1-$10 per fake review, which is a violation of New York’s false advertising laws. A total of 19 fake review companies were identified and fined. Different states and the FTC are working together to stop these companies. The hope is that companies will come together to protect consumer rights and business owners will be more honest about their online image.

Source referenced: ABA Journal

 

Forced Windows 10 Upgrade Costs Microsoft $10K

Forced Windows 10 Upgrade Costs Microsoft $10K

Those of us that run a business know how important our laptops and desktop computers are to us. We rely on them on a daily basis to get work done and keep in contact with our clients. If you own a Windows 7 system, Microsoft has most likely asked you to update to Windows 10 several times. Many people continue to ignore the update simply because they do not want to learn a new interface or deal with all the new features of Windows 10. Teri Goldstein was in the same position. As a travel agent, Goldstein avoided upgrading to Windows 10 until the computer automatically updated one day. Goldstein said she never approved the upgrade. After the upgrade failed several times, her computer started crashing and nearly forced her to stop using the machine altogether.

Goldstein filed a claim against Microsoft in Small Claims Court arguing that the upgrade “crippled her work PC.” Goldstein said her problems with the computer began in August 2015 and she tried to work with Microsoft to resolve her issues. Not only did she spend countless hours on the phone with technical support representatives, Goldstein even visited a local Microsoft store for help. Nothing seemed to be helping. All this took place during Goldstein’s busiest booking season. Since she was not able to respond to client emails or answer their questions about bookings, her business suffered. When the busy season was over in December, she bought a new desktop PC to replace her crippled computer.

Goldstein estimated that she lost about $17,000 worth of business and additional expenses due to her PC. Although she repeatedly contacted Microsoft, she said the representatives were unable to help her. One representative even offered to pay her $150 to “go away.” Goldstein used this as proof of guilt in building her case against Microsoft. The Small Claims Court heard her case in March. While Goldstein came to court very prepared with all of her documents, Microsoft did not even bother to send an attorney. They sent an unprepared store representative. Goldstein based her claim on California’s UCC arguing that Microsoft’s forced upgrade led to lost wages. She won the case and was awarded $10,000. Microsoft originally said they would appeal, but ended up paying Goldstein the full amount one month later to avoid fees associated with further litigation.

Windows 7 users know that Microsoft has aggressively been pushing the update for months now. They started off by asking customers to “reserve” their copy of the new update, but later got more aggressive and automatically started updating certain PCs. More and more people are starting to complaint about the company’s tactics. The Electronic Frontier Foundation (EFF) is currently investigating Microsoft. Goldstein says she suffered from the update and urges other to speak up if they lost any money due it. Goldstein believes companies should not be allowed to push their products at the expense of small businesses. She provided her phone number and e-mail address in the link below for anyone interested in speaking to her about her case.

Source referenced: Computer World

Is Flashing Your Head Lights Illegal?

Is Flashing Your Head Lights Illegal?

Michael Eli was cited in November 2012 for having signaled an approaching vehicle with his head lights. He was trying to warn of an impending speed trap. Such a signal is prohibited by a Louisville, Missouri ordinance. The municipal judge overseeing the case, told Eli that the standard fine would be $1,000.00. When Eli announced he would be pleading not guilty to the charge, the judge became frustrated and claimed Eli was obstructing justice.

The case was then taken on by the American Civil Liberties Union of Missouri who sued on behalf of Eli. The Federal Judge hearing the case was Judge Henry Autrey, who predicted that the plaintiff will succeed in his free speech claim against the City of Ellisville. Autrey wrote that Eli’s form of communication was in no way illegal and said his conduct, “was clearly inapplicable to the expressive conduct at issue.” With this Autrey issued a preliminary injunction to prevent Missouri towns from ticketing or further prosecuting drivers for flashing their head lights. Now, Ellisville City Attorney George Restovich has confirmed that the city changed it’s policy and no longer pulls over people for flashing headlights.

Eli’s charge was of course dropped as the case continued through court.The American Civil Liberties Union legal director representing Eli, states that this will be the first instance in which a federal judge will address the issue and he hopes other jurisdictions will take notice.

With this, Autrey has taken the first steps toward protecting yet another expression protected under the 1st Amendment, which had been unlawfully persecuted. Flashing headlights, even if it is to warn other drivers of a speed trap, is constitutionally protected speech.

Source Referenced: ABA Journal

Taking a Closer Look at the “Kill Switch” Law for Smartphones

Taking a Closer Look at the “Kill Switch” Law for Smartphones

What is the “Kill Switch” law?

Senate Bill No. 962, introduced in the California Senate on August 2014 and authored by Senator Mark Leno, proposed adding an act to Section 22761 to the Business and Professions Code. The specific language of S.B. 962 required “any smartphone… that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale… that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features… of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user.” Governor Brown signed the bill into law on August 25, 2014.

What does S.B. 962 mean and why do we need it?

While the language of S.B. 962 may seem hard to understand, the proposal itself is very simple. With the approval of Bill, any smartphone manufactured or sold in California on or after July 1, 2015 must include an optional and reversible “kill switch.” The kill switch must be optional so that the owner of the phone or an authorized user is able to opt-out of the function. The kill switch must be reversible so that an authorized user is able to unlock and utilize the functions of the phone if it is obtained after being in the possession of an unauthorized user. An example would be a stolen phone being found and returned to the rightful owner. The goal of this law was to deter the surge in violent smartphone thefts. Many law enforcement officials, including the Chief of the Los Angeles Police Department, believed S.B. 962 would effectively reduce incidents of cell phone theft.

What is the problem with S.B. 962?

Up to this point, you may be thinking this new is absolutely great! Not only does it protect smartphone owners, it also has the potential to decrease rates of violent cell phone thefts. However, there is a problem. The problem is that this new law would be directed at  smartphone retailers, not manufacturers. Retailers knowingly selling a phone in violation of S.B. 962 may be punished with a civil penalty of $500 and at most $2,500 per smartphone. The same penalties apply if the kill switch can be easily circumvented by hackers and the retailer is aware of this. The key to these civil penalties is knowledge on behalf of the retailers, which can be tricky to prove since the law does not require retailers to give written notification of either compliance or noncompliance with the new law. For example, while Wal-Mart acknowledged the new law and said they would try their best to adhere to it, Best Buy has remained quiet. Critics also claim the penalties for this law are absurd because they exceed the amount spent on buying an average smartphone.

Since the new law applies to retailers of phones, its influence carries beyond California State Lines. Therefore, S.B. 962 may be infringing on Congress’s power to regulate interstate commerce. However, the law was successfully passed after being signed by Governor Brown in August 2014. No mention of interstate commerce or infringing on Congress’s right was made in the bill or during the signing.

How effective has S.B. 962 been?

The “Kill Switch” law has been in effect for almost two years and the technology industry is very pleased. In a study published by Consumer Reports, the number of cell phone thefts dropped from 3.1 million to 2.1 million in the year following S.B. 962. A former smartphone thief also said he would think twice about stealing a smartphone with a kill switch because he is not interested in stealing a phone he cannot access. S.B. 962 has been effective so far and the hope is that smartphone thefts will continue to decrease in the coming years.

Sources referenced:

  1. JD Supra
  2. CNET

Federal Court Officially Protects Blogger’s Freedom of Speech!

Are internet blog posts afforded the same 1st amendment rights granted to those working with traditional news media?  Yes, according to this recent 9th Circuit Court case which appears to be the the first federal case that specifically addresses and protects the rights of bloggers. Internet writers can now take a deep breath and write a little more freely.

In defamation suits, bloggers and citizen journalists are at par with the professional journalists. The legal standards for judging their actions should be the same in relation to the First Amendment.

Crystal Cox, the blogger in question, was taken to court by Obsidian Finance Group, for having allegedly defamed the company.  In her blog, Cox accused the Finance group of fraud, corruption and other deeds of misconduct.  While Cox posted various blogs about this company, the one post that went to trial contained allegations that one of the company’s principals had failed to pay taxes for a company that filed Chapter 11 bankruptcy.

During the initial trial, the court stated that this was not the first time Cox had made such allegations against a company in the hopes of gaining a payoff in exchange for a retraction. Subsequently, the jury awarded Obsidian Finance Group $2.5 million for damages allegedly caused by her posts. Cox then appealed.  She never argued the validity of her posts or the fact that such posts did cause damage, but rather claimed that the trial court could not allow any damage award without proof of negligence on her part.

The 9th Circuit Court of Appeals agreed with Cox’s argument stating that the jury should have been instructed to determine whether Cox had acted negligently because the subject of her comments were of public interest.  Furthermore, the harm the jury claimed was brought upon the plaintiffs could not be proved and thus the jury lacked the power to grant such awards.  The court voted unanimously that the defamation award brought against Cox be overturned.

“The protections of the 1st Amendment do not turn on whether the defendant was a trained journalist, formally affiliated with traditional news entities,”

Case citation: Obsidian Finance Group v. Cox, Nos. 12-35238 & 35319 (9th Cir. Jan 17, 2014)