Internet Lawyer Blog

On January 22, 2010, the Supreme Court of the United States granted unlimited corporate spending on elections. The justices overturn a century of U.S. electoral law by a 5-4 vote. Millions of extra dollars are expected to start flowing from big business to Republican candidates.

Overturning a century-old restriction, the Supreme Court ruled Thursday that corporations may spend as much as they want to sway voters in federal elections.

In a landmark 5-4 decision, the court's conservative bloc said that corporations have the same right to free speech as individuals and, for that reason, the government may not stop corporations from spending to help their favored candidates.

The ruling -- which will presumably apply as well to labor unions and other organizations -- is likely to have an impact on this year's congressional elections. Many political analysts and election-law experts predict that millions of extra dollars will flood into this fall's contests, much of it benefiting Republican candidates.

President Obama called the ruling "a major victory for Big Oil, Wall Street banks, health-insurance companies and other powerful interests that marshal their power every day in Washington to drown out the voices of everyday Americans." He promised to seek "a forceful response to this decision" from Congress. Some Democrats talked about seeking legislation that would require corporations to get approval from their shareholders before spending money on politics.

See http://articles.latimes.com for more information

U.S. DEPARTMENT OF STATE

The Newseum, Washington, D.C.

SECRETARY CLINTON: Thank you very much, Alberto, for not only that kind introduction but you and your colleagues' leadership of this important institution. It's a pleasure to be here at the Newseum. The Newseum is a monument to some of our most precious freedoms, and I'm grateful for this opportunity to discuss how those freedoms apply to the challenges of the 21st century.

Although I can't see all of you because in settings like this, the lights are in my eyes and you are in the dark, I know that there are many friends and former colleagues. I wish to acknowledge Charles Overby, the CEO of Freedom Forum here at the Newseum; Senator Richard Lugar* and Senator Joe Lieberman, my former colleagues in the Senate, both of whom worked for passage of the Voice Act, which speaks to Congress's and the American people's commitment to internet freedom, a commitment that crosses party lines and branches of government.

Also, I'm told here as well are Senator Sam Brownback, Senator Ted Kaufman, Representative Loretta Sanchez, many representatives of the Diplomatic Corps, ambassadors, charg/(c)s, participants in our International Visitor Leadership Program on internet freedom from China, Colombia, Iran, and Lebanon, and Moldova. And I also want to acknowledge Walter Isaacson, president of the Aspen Institute, recently named to our Broadcasting Board of Governors and, of course, instrumental in supporting the work on internet freedom that the Aspen Institute has been doing.

This is an important speech on a very important subject. But before I begin, I want to just speak briefly about Haiti, because during the last eight days, the people of Haiti and the people of the world have joined together to deal with a tragedy of staggering proportions. Our hemisphere has seen its share of hardship, but there are few precedents for the situation we're facing in Port-au-Prince. Communication networks have played a critical role in our response. They were, of course, decimated and in many places totally destroyed. And in the hours after the quake, we worked with partners in the private sector; first, to set up the text "HAITI" campaign so that mobile phone users in the United States could donate to relief efforts via text messages. That initiative has been a showcase for the generosity of the American people, and thus far, it's raised over $25 million for recovery efforts.

Information networks have also played a critical role on the ground. When I was with President Preval in Port-au-Prince on Saturday, one of his top priorities was to try to get communication up and going. The government couldn't talk to each other, what was left of it, and NGOs, our civilian leadership, our military leadership were severely impacted. The technology community has set up interactive maps to help us identify needs and target resources. And on Monday, a seven-year-old girl and two women were pulled from the rubble of a collapsed supermarket by an American search-and-rescue team after they sent a text message calling for help. Now, these examples are manifestations of a much broader phenomenon.

The spread of information networks is forming a new nervous system for our planet. When something happens in Haiti or Hunan, the rest of us learn about it in real time ,— from real people. And we can respond in real time as well. Americans eager to help in the aftermath of a disaster and the girl trapped in the supermarket are connected in ways that were not even imagined a year ago, even a generation ago. That same principle applies to almost all of humanity today. As we sit here, any of you ,— or maybe more likely, any of our children ,— can take out the tools that many carry every day and transmit this discussion to billions across the world.

Now, in many respects, information has never been so free. There are more ways to spread more ideas to more people than at any moment in history. And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.

For more information go to Financial Times website at http://www.ft.com/cms/s/0/f0c3bf8c-06bd-11df-b426-00144feabdc0.html

Copyright The Financial Times Limited 2010

Redmond's top legal mouthpiece Brad Smith is calling on US lawmakers to overhaul rules on cloud computing, just as the company ramps up its efforts to belatedly step on other vendors' toes in that marketplace.

He asked Congress yesterday to legislate cloud computing, in a move to protect business and consumer information.

Smith's comments came on the same day that Microsoft inked a deal with cloud rival Intuit, and spun out a survey about the relevance of small businesses climbing on board the hosted services wagon.

Microsoft's top lawyer proposed a Cloud Computing Advancement Act in a speech at the Brookings Institute in Washington DC on Wednesday. He also penned an op ed piece for the Huffington Post.

"While the benefits of these new [cloud computing] technologies are clear - accessing data at your fingertips whenever and wherever you want - these benefits also come with challenges. The recent security breaches reported by Google last week once again make this abundantly clear," he opined.

Smith then crossed his fingers and prayed for a sprinkling of fairy dust. We need a safe and open cloud - a cloud that is protected from the efforts of thieves and hackers while also serving as an open source of information to all people around the world," he said.

The MS legal beagle then took on the role of rights advocate, by asking anyone who cared to listen if they understood online privacy law and what that meant for an individual's cloud-based data.

"Are you confident that your privacy is being protected? If you live in one country but your data is stored in another, whose laws govern?" he demanded to know. "These questions about privacy, security, and international sovereignty require immediate attention."

Microsoft, of course, has data centres dotted across the globe - holding exactly the sort of information Smith appears to be having sleepless nights about.

At the same time, Smith was keen to point out the validity of cloud computing - quite right too, given that Microsoft is finally making a play for all things fluffy.

But for customers to take Microsoft's efforts seriously, Smith thinks that the interwebulator needs to be better policed to keep the yobs out.

Clutching at straws

"The internet should not be a 'town square,' where anyone wandering the street can get a peek at what you are doing. But current law is not clear about how to deal with privacy concerns as they relate to the cloud. Users' privacy is something that businesses, governments, consumers, and other key stakeholders must seriously address," he said.

In effect, Microsoft wants some degree of consistency about how such a lockdown can be achieved across countries that have different regulatory concerns about how data and apps are hosted in the cloud.

Under Smith's proposed Cloud Computing Advancement Act, he has called on Congress to improve privacy protection and data access rules by strengthening the Electronic Communications Privacy Act.

Microsoft also wants to see the legislature of the US federal government overhaul the Computer Fraud and Abuse Act to hand police the tools to go after hackers and cut down instances of online-based crimes.

Add to that some "truth-in-cloud-computing principles", and a "pursuit of a new multilateral framework to address data access issues globally" and Microsoft pretty much has its very own manifesto on hosting info and apps on the web.

But its call to arms comes nearly a year after an Open Cloud Manifesto landed, led by old guard tech titan IBM.

At the time Microsoft snubbed any involvement in that particular "call to action for the worldwide cloud community".

The reality is that different software vendors have very different ideas about how online data should be regulated. Microsoft can lobby Congress all it likes, and may have some powerful people making the right sort of noises in there to do it, but the company still has to get in line and form a queue with its rivals.

Until all the disparate parties shake hands (never gonna happen), it's hard to foresee a happy-ever-after up in the clouds.

After all, back down on earth, software makers large and small bump heads all the time over how the industry should be shaped and governed. Why should Microsoft, or anyone else for that matter, expect cloud computing to get an easy ride?

Article By: Kelly Fiveash

Posted in IT Director, 21st January 2010 16:02 GMT

Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts.

For several years, piracy groups that run services allowing music, video and software to be illegally shared online have been using legal loopholes across a wide range of countries as a way of escaping prosecution for copyright infringement.

In the last year there has been a significant shift, say piracy experts, as the groups have worked to stay beyond the reach of western law enforcement.

The change is rooted in the evolution of "bulletproof hosting", or website provision by companies that make a virtue of being impervious to legal threats and blocks. Not all bulletproof services are linked to illegal activities, but they are popular among criminal groups, spammers and file-sharing services.

Rob Holmes, of the Texas law firm IP Cybercrime, which has worked to close down several bulletproof operations, said successful hosts were now starting to get stronger. "Some of the more popular ones have become more strongholds than they were previously," he said. "It's an industry and it always will be. When you think about it, bulletproof hosting is just a data version of money laundering."

Late last year a Swedish court found four men guilty of breaking copyright law through their links to the Pirate Bay website, one of the internet's most notorious gateways for pirated films and television shows.

That decision prompted many piracy services to seek jurisdictions beyond the reach of western law. Pirate Bay moved its web servers to Ukraine, while another popular file-sharing service, Demonoid, which started in Serbia, also relocated.

"Before going completely dark in October [2009], Demonoid physically moved their servers to Ukraine, and remotely controlled them," said John Robinson, of BigChampagne, a media tracking service based in Los Angeles. "Ukrainian communications law, as they paraphrase it, says that providers are not responsible for what their customers do. Therefore, they feel no need to speak about or defend what they do."

Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as the infamous host McColo, which was based in San Jose, California, and remained in operation until last year.

Pirate Bay, after its brief excursion to Ukraine, is now run out of a Dutch data centre called CyberBunker, which is based in an old nuclear facility of the 1950s, about 120 miles south-west of Amsterdam.

Research published last year showed that most bulletproof hosts are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution.

Despite officials in Beijing talking in tough terms about computer crime ,— hacking potentially carries a death sentence in China ,— the authorities rarely co-operate with other countries to take action against hi-tech criminals. As a result, just a handful of firms in China are responsible for hosting thousands of criminal enterprises online.

A study of online crime conducted by the University of Alabama at Birmingham, in the US showed that more than 22,000 websites which sent pharmaceutical spam were hosted by six bulletproof servers in China.

Richard Cox of Spamhaus, a British organisation that watches spammers and monitors bulletproof hosts, said it was almost impossible to stop expansion of such services. "At the moment there are a number of individuals who are setting up bulletproof hosting sites in China," he said. "No matter how big a part of the Chinese network we block, the administrators there just do not care."

Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as ,— the infamous host McColo, which was based in San Jose, California, and remained in operation until last year.

But the long-term impact of offshore hosting is becoming more problematic as investigators worldwide try to cut the links between criminal groups and protected internet servers.

One notorious gang of hackers, known as the Russian Business Network, after disappearing for two years amid scrutiny from the authorities in Moscow, has also reportedly returned to action. The group started as a bulletproof host in St Petersburg but had connections to a wide range of criminal activities online. Widely known in the computer security community, it is being investigated by the FBI. The Russian authorities, meanwhile, have been keen to foster greater communication to stop the spread of criminal activity online.

Some are hopeful that greater co-operation between international governments will help prevent the development of new piracy havens, but others suggest that it is unlikely that a complete block on such activities will ever be possible.

"There will always be a place to run to," said Rob Holmes, of IP Cybercrime. "Each time a law passes, or a new country creates some kind of stumbling block for them, they'll always find another place to do this. It goes back to the speakeasies in the 1920s ,— when one place got busted, they would just congregate in another place."

Bobbie Johnson, technology correspondent

The Guardian, Tuesday 5 January 2010

PHILADELPHIA (AP) - A federal appeals court must decide whether "sexting" by three Pennsylvania teens amounts to child pornography or is a free-speech right.

A three-judge panel in Philadelphia is hearing arguments Friday in a case between a county prosecutor and the American Civil Liberties Union.

The prosecutor is threatening to file child-pornography charges against three girls after racy cell-phone images of them circulated through their high school. The photos show one girl topless and the others in bras.

The ACLU says the case is the first in the nation to challenge whether prosecutors can file child-pornography charges in "sexting" cases. It argues that harmless photos shouldn't be criminalized.

Wyoming County prosecutor George Skumanick Jr. hopes the appeals court will overturn a federal judge's stay of prosecution.

By: Associated Press

Internet users face regular "brownouts" that will freeze their computers as capacity runs out in cyberspace, according to research to be published later this year.

Experts predict that consumer demand, already growing at 60 per cent a year, will start to exceed supply from as early as next year because of more people working online and the soaring popularity of bandwidth-hungry websites such as YouTube and services such as the BBC's iPlayer.

It will initially lead to computers being disrupted and going offline for several minutes at a time. From 2012, however, PCs and laptops are likely to operate at a much reduced speed, rendering the internet an "unreliable toy".

When Sir Tim Berners-Lee, the British scientist, wrote the code that transformed a private computer network into the world wide web in 1989, the internet appeared to be a limitless resource. However, a report being compiled by Nemertes Research, a respected American think-tank, will warn that the web has reached a critical point and that even the recession has failed to stave off impending problems.

"With more people working or looking for work from home, or using their PCs more for cheap entertainment, demand could double in 2009," said Ted Ritter, a Nemertes analyst. "At best, we see the [economic] slowdown delaying the fractures for maybe a year."

In America, telecoms companies are spending -#40 billion a year upgrading cables and supercomputers to increase capacity, while in Britain proposals to replace copper cabling across part of the network with fibreoptic wires would cost at least -#5 billion.

Yet sites such as YouTube, the video-sharing service launched in 2005, which has exploded in popularity, can throw the most ambitious plans into disarray.

The amount of traffic generated each month by YouTube is now equivalent to the amount of traffic generated across the entire internet in all of 2000.

The extent of its popularity is indicated by the 100 million people who have logged on to the site to see the talent show contestant Susan Boyle in the past three weeks.

Another so-called "net bomb" being studied by Nemertes is BBC iPlayer, which allows viewers to watch high-definition television on their computers. In February there were more than 35 million requests for shows and iPlayer now accounts for 5 per cent of all UK internet traffic.

Analysts express such traffic in exabytes ,— a quintillion (or a million trillion) bytes or units of computer data. One exabyte is equivalent to 50,000 years' worth of DVD-quality data.

Monthly traffic across the internet is running at about eight exabytes. A recent study by the University of Minnesota estimated that traffic was growing by at least 60 per cent a year, although that did not take into account plans for greater internet access in China and India.

While the net itself will ultimately survive, Ritter said that waves of disruption would begin to emerge next year, when computers would jitter and freeze. This would be followed by "brownouts" ,— a combination of temporary freezing and computers being reduced to a slow speed.

Ritter's report will warn that an unreliable internet is merely a toy. "For business purposes, such as delivering medical records between hospitals in real time, it's useless," he said.

"Today people know how home computers slow down when the kids get back from school and start playing games, but by 2012 that traffic jam could last all day long."

Engineers are already preparing for the worst. While some are planning a lightning-fast parallel network called "the grid", others are building "caches", private computer stations where popular entertainments are stored on local PCs rather than sent through the global backbone.

Telephone companies want to recoup escalating costs by increasing prices for "net hogs" who use more than their share of capacity.

Additional reporting: Adam Lewitt

See http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article6169488.ece

SAN FRANCISCO (AP) - Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts to outsiders.

The change of heart announced Tuesday heralds a major shift for the Internet's search leader, which has repeatedly said it will obey Chinese laws requiring some politically and socially sensitive issues to be blocked from search results available in other countries. The acquiescence had outraged free-speech advocates and even some shareholders, who argued Google's cooperation with China violated the company's "don't be evil" motto.

The criticism had started to sway Google co-founder Sergey Brin, who openly expressed his misgivings about the company's presence in China.

But the tipping point didn't come until Google recently uncovered hacking attacks launched from within China. The apparent goals: breaking into the computers of at least 20 major U.S. companies and gathering personal information about dozens of human rights activists trying to shine a light on China's alleged abuses.

Google spokesman Matt Furman declined to say whether the company suspects the Chinese government may have had a hand in the attacks.

Secretary of State Hillary Rodham Clinton said the Google allegations "raise very serious concerns and questions" and the U.S. is seeking an explanation from the Chinese government.

Google officials also plan to talk to the Chinese government to determine if there is a way the company can still provide unfiltered search results in the country. If an agreement can't be worked out, Google is prepared to leave China four years after creating a search engine bearing China's Web suffix, ".cn" to put itself in a better position to profit from the world's most populous country.

"The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences," David Drummond, Google's top lawyer, wrote in a Tuesday blog posting.

A spokesman for the Chinese consulate in San Francisco had no immediate comment.

Abandoning China wouldn't put a big dent in Google's earnings, although it could crimp the company's growth as the country's Internet usage continues to rise. China's Internet audience already has soared from 10 million to nearly 340 million in the past decade.

Google, based in Mountain View, said its Chinese operations account for an "immaterial" amount of its roughly $22 billion in annual revenue. J.P. Morgan analyst Imran Khan had been expecting Google's China revenue to total about $600 million this year.

Although Google's search engine is the most popular worldwide, it's a distant second in China, where the homegrown Baidu.com processes more than 60 percent of all requests.

Free-speech and human rights groups are hoping Google's about-face will spur more companies to take a similar stand.

"Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy & Technology, a civil-liberties group in Washington. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users."

It's "an incredibly significant move," said Danny O'Brien, international outreach coordinator at the Electronic Frontier Foundation, an Internet rights group in San Francisco. "This changes the game because the question won't be 'How can we work in China?' but 'How can we create services that Chinese people can use, from outside of China?'"

Many Web sites based outside China, including Google's YouTube video site, are regularly blocked by the country's government.

Google's new stance on China was triggered by what it described as a sophisticated computer attack orchestrated from within the country. Rep. Anna Eshoo, D-Calif., praised Google for disclosing chicanery that "raises serious national security concerns."

Without providing details, Google said it and at least 20 other major companies from the Internet, financial services, technology, media and chemical industries were targeted. The heist lifted some of Google's intellectual property but didn't get any information about the users of its services, the company said. Google has passed along what it knows so far to U.S. authorities and other affected companies.

It does not appear that any U.S. government agencies or Web sites were affected by the attack, according to two U.S. administration officials. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the issue.

The assault on Google appeared primarily aimed at breaking into the company's e-mail service, "Gmail," in an attempt to pry into the accounts of human right activists protesting the Chinese government's policies.

Only two e-mail accounts were infiltrated in these attacks, Google said, and the intruders were only able to see subject lines and the dates that the individual accounts were created. None of the content written within the body of the e-mails leaked out, Google said.

As part of its investigation into that incident, Google stumbled onto another scam that was more successful. Google said dozens of activists fighting the Chinese government's policies fell prey to ruses commonly known as "phishing" or malware. The victims live in the United States, Europe and China, Google said.

Phishing involves malicious e-mails urging the recipients to open an attachment or visit a link that they're conned into believing comes from a friend or legitimate company. Clicking on a phishing link of installs malware - malicious software - on to computers.

Once it's installed on a computer, malware can be used as a surveillance tool that can obtain passwords and unlock e-mail accounts.

Google's unfettered search results won't necessarily ensure more information will be made available to the average person in China because the government could still use its own filtering tools, said Clothilde Le Coz, Washington director for Reporters Without Borders, a media watchdog group.

"The Chinese government is one of the most efficient in terms of censoring the Web," she said. The blocking technology has proven so effective that it's become known as the "Great Firewall of China."

By MICHAEL LIEDTKE AP Technology Writer

AP Technology Writers Barbara Ortutay in New York, Jessica Mintz in Seattle and Jordan Robertson in San Francisco and Associated Press Writer Lolita C. Baldor in Washington contributed to this report.

NEW YORK (AP) - A federal appeals court in New York has revived a lawsuit that accuses major record labels controlling 80 percent of U.S. digital music sales of scheming to charge high prices.

The lawsuit brought by music purchasers had been tossed out by a lower court judge.

The 2nd U.S. Circuit Court of Appeals in Manhattan said Wednesday that the lawsuit can proceed. It said there are enough facts to consider the claims.

The New York legal action combined lawsuits brought across the country. They accused record companies of conspiring to charge at least 70 cents a song on the Internet, even though their costs were much lower than in record stores.

The Associated Press (January 13, 2010)

On June 26, 1997, in the first Internet-related U.S. Supreme Court case ever to be decided, seven justices found the disputed provisions of the Communications Decency Act (CDA) unconstitutional under the First Amendment. Justice John Paul Stevens delivered the opinion of the Court, and was joined by Justices Breyer, Ginsburg, Kennedy, Scalia, Souter, and Thomas. Justice O'Connor filed a separate opinion, joined by Chief Justice Rehnquist, concurring in the decision but dissenting in part.

Decision Highlights:

The opinion was a ringing endorsement of the Internet as a "dramatic" and "unique" "marketplace of ideas."

The Court determined that the World Wide Web is analogous to a library or a shopping mall, rejecting the government's argument that it could be viewed as more akin to a broadcast medium.

The justices found that although sexually explicit material was "widely available" online, "users seldom encounter such content accidentally."

In its First Amendment analysis, the Court explained that "the many ambiguities concerning the scope of [the CDA's] coverage render it problematic for purposes of the First Amendment," and declared that the Act "unquestionably silences some speakers whose messages would be entitled to constitutional protection."

The Court found that the lower court in this case "was correct to conclude that the CDA effectively resembles the ban on 'dial-a-porn'" invalidated in an earlier decision -- Sable Communications of Cal., Inc. v. FCC, 492 U.S. 115 (1989).

Examining the issue of whether the rights of adults should be compromised in order to protect children, the justices declared that "in order to deny minors access to potentially harmful speech, the CDA effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another...[w]hile we have repeatedly recognized the governmental interest in protecting children from harmful materials,...that interest does not justify an unnecessarily broad suppression of speech addressed to adults."

FTC BEGINS COMPREHENSIVE PRIVACY REVIEW THROUGH PUBLIC ROUNDTABLES

On December 7, 2009, the Federal Trade Commission (FTC) began the first of three public "Exploring Privacy" roundtables. To an extent, the FTC is at a similar stage as it was in 1989 when it held its conference on online profiling (now referred to as "behavioral targeting") that led to a recommendation to Congress for "legislation that would set forth a basic level of privacy protection for all visitors to consumer-oriented commercial Web sites with respect to profiling."[i] The recommendation was withdrawn under the Bush Administration to determine whether the newly established Network Advertising Initiative's (NAI) self-regulatory standards would prove sufficient.

In 2007, the FTC revisited this issue with its "behavioral targeting" workshop that led to the FTC proposing self-regulatory principles on behavioral targeting for the online advertising industry to adopt.[ii] The FTC's "suggested" principles were not warmly received by the industry. By 2009, however, the NAI and a coalition of major trade groups including the Interactive Advertising Bureau (IAB) each released proposed principles addressing behavioral advertising.[iii]

Congress is also focusing on this issue, and has held several hearings over the past two years. House Internet Sub-committee Chairman Boucher (D-VA) is expected to introduce a comprehensive privacy bill in early 2010 that will address behavioral targeting. Most think it is unlikely that such a bill will pass this Congress, but it could set the framework for debate in the next Congress which begins in 2011.

The December 7 privacy roundtable launched with Commissioner Pamela Jones-Harbour dismissing as "insufficient" industry efforts to provide notice and choice to consumers and expressing her belief that the nation "needs comprehensive privacy legislation". Newly appointed FTC Chairman Jon Leibowitz opened the conference by stressing that he was approaching this issue with an open mind while restating his belief that an opt-in standard was appropriate for behavioral targeting (i.e., advertiser or marketer must obtain consumer consent prior to creating an online profile based on past activity).

While the issues may be similar to what was discussed in 1989, its complexity had changed dramatically.

Chris Olsen, the Assistant Director of the FTC's Division on Privacy and Identity Protection, explained that the FTC would be "taking a look at a number of technologies and business practices,—including social networks, cloud computing, mobile, data broker relationships, and behavioral advertising,—and will assess both the benefits and risks of those practices." Olsen articulated a shift in the FTC's emphasis from how data is collected to how it is ultimately used and by whom. The FTC released a chart of the ecosphere for consumer data which illustrated the number of actors involved which has been accelerated by the advent of social media.

The panels of industry and consumer and privacy advocates elicited similar comments as with prior conferences, although industry representatives now conceded that some improvements were required but expressed hope that newly issued self-regulatory principles would avoid the need for regulatory action.

The next round table will be on January 28th at the University of California, Berkeley School of Law.

For more information go to http://www.ftc.gov/bcp/workshops/privacyroundtables.

Author: Bennet Kelley

Facebook Privacy Changes Claimed as Unfair and Deceptive

On December 17, 2009, the Electronic Privacy Information Center (EPIC) petitioned the Federal Trade Commission claiming that changes to Facebook user privacy settings constituted an unfair and deceptive practice.

In early November and December, 2009, Facebook changed the process by which users set their respective privacy settings. EPIC alleges that the changes are confusing, replace the simple complete opt-out of information sharing through the Facebook Platform and Facebook Connect functions, and require third party application users to provide developers with personal information that users formerly would have been able to prevent application developers from accessing. The complaint requests that the FTC compel Facebook to restore its former privacy settings.

The complaint alleges that notwithstanding Facebook's statement in its announcement of the changes that it was providing users more control, the policy creates default settings that allow increased disclosure of personally identifiable information, such as name, current city, and lists of friends, to which a user must specifically opt-out. The complaint raises the threat that crawlers data mining the automatically disclosed information would render ineffective a later opt-out.

The complaint attacks Facebook's elimination of the one click option to prevent disclosure of personal information to third party application developers for applications utilized by the user. Instead, the complain alleges, a user must engage in a laborious application specific opt-out procedure to prevent application access to the users name, profile picture, gender, and friend list, among other things.

Facebook's statements about the lawsuit have focused on its coordination with the FTC in creating its privacy policy, and Facebook's disappointment at EPIC's complaint in place of discussions between the two groups. Because the FTC has substantial enforcement powers which it has exercised in privacy matters, this matter may illustrate the extent to which the FTC will regulate a how a company discloses its use of personally identifiable information, and its ability to change those uses when affecting a substantial number of users.