Everything Attorneys Need to Know About Web Based Technology
1 like685 views
This document provides an overview of social technology and legal issues related to its use. It begins with introductions and an agenda, then covers topics like understanding the mechanics of social media, its impact, limitations, risks, opportunities, and recommendations for action. Key points discussed include how social media can cause government overthrow, the myth of user consent, integration risks, jurisdiction issues, privacy concerns, and resources for further reading on relevant case law and regulations. The overall message is that technology is complex and constantly evolving, so legal and risk management expertise is needed to properly understand and address potential issues.
Everything Attorneys Need to Know About Web Based Technology
- 1. Social Technology Points of Practice Amy Larrimore | Managing Partner
- 2. Meet Amy Larrimore @AmyAllStar #140 Speaker 2013 New York, NY Advisor to Three Heads of State, including the USA Pennsylvania Bar Institute Faculty and Course Planner Managing Partner, The Empire Builders Group $43.25 = average daily web revenue generated her first cup of coffee
- 3. Agenda Today, we work on understanding: Mechanics Impact What you don’t know What they don’t know Limitations How events occur Risks, Probability and Severity Opportunities What to do now Resources and References
- 4. Social Media the Noun? Or the Verb? Or something else entirely.
- 5. All the Legal Disciplines Plus regulations that are industry specific. • Employment Law • Litigation • IP Issues • Contract Law • Family Law • Privacy and Security • Defamation
- 6. Technology: What’s Your Goal? Selection, Setup and Management Litigation Business Risk Management It all starts with understanding.
- 7. Username (begins with @)Display Name (link to profile) Avatar (Photo) See related tweets (blue line) Types of Interactions • Reply (Respond to all, into conversation view) • Retweet (Republish to your followers) • Favorite (Bookmark or save – public) Content limited to 140 characters including usernames, spaces and links. #funny Understanding Mechanics
- 8. Stop Thinking It’s One Monster One brand technology (“Facebook”) is actually a combination of many separate products with separate terms managed by separate entities in separate places.
- 9. Technology Architecture Domain Website + Web Hosting Ecommerce Platform Financial System Shopping Cart Payment Gateway Merchant Processing MRP or ERP Order Fulfillment Shipping CRM Email Host Email Client SEM & Social Hootsuite Google Analytics There are so many secret terms and conditions, your head might explode.
- 10. The New Real Estate http://dodynamic.com/latest-news/a-website-is-like-a-house/
- 11. Domains ICANN regulates Ownership and Use of Domain Names • empirebuilders.com (TLD) • teaching.empirebuilders.com (SLD) • empirebuilders.technology (gTLD) Inclusion on DPML requires an application to TMCH. Recourse for domain names held hostage via URS. ICANN: Internet Corporation for Assigned Names and Numbers TLD and SLD: Top and second level domain (respectively) gTLD: (new!) Generic top level domain which shows as a suffix at the end of a domain name DPML: Domains Protected Marks List TMCH: Trademark Clearinghouse URS: Uniform Rapid Suspension System
- 12. Integrations Social Media Planning or Scheduling Tools Email Marketing Customer Service and Support CRM Invoicing Document Management Affiliate Tools & Sponsored Content Google Analytics/Forms/Adwords Example: Plugins are foreign code embedded into your website to run executable scripts.
- 14. Social Media is CAUSAL It’s not about breakfast cereal and grandkids pics.
- 15. • Anonymous • Instant • Global
- 16. Government Overthrow • 2009 Moldova civil unrest • 2009 Iranian election protests • 2010 Tunisian Jasmine Revolution • 2011 Egyptian Revolution
- 17. Big Data & Research Predict Disease Outbreak Locations
- 19. Messaging is Viral – No Relationship Required
- 20. Understanding What You Don’t Know Technology is built on trickery and most people try extra hard to trick the lawyers.
- 21. The Myth of Opt In • SaaS forces the user to agree to terms to proceed. • It is outside of regular contract negotiation. • Good user experience designs trickery to deliver a “seamless experience”
- 22. The Mirage of User Experience “The Redirect - Masked”
- 23. The Mirage of User Experience “The Redirect - Obvious”
- 24. The MIRAGE of USER EXPERIENCE “The Jigsaw Puzzle”
- 25. Understanding What They Don’t Know Don’t Bet on the IT Department
- 26. If you think hiring an expert is expensive, wait until you see the cost of an amateur. • Requirements Creation • Sourcing/Due Diligence • Deployment • Management
- 27. Where exactly is our CONTENT? The Jurisdiction of “Everywhere”
- 28. Uzbekistan Inventory of States and Countries Whose Regulations May Apply or Where Jurisdiction May Be Established
- 30. The sales chat rep says it’s just three easy steps: 1. Enter company credit card 2. Upload all company data 3. Watch a six minute video
- 31. Stored Communications Act Courts are moving in a more protective direction regarding Fourth Amendment and electronically-stored information Privacy rights in electronically-stored information are not lost solely because that data is stored in a medium owned by another. SCA provides a potential loophole in most jurisdictions that may allow the government to issue a subpoena for past emails in the possession of the service provider but also future emails. Are Facebook Messages Email?
- 32. Understanding Your Limitations Contract Management vs. Risk Management Contract Law is backwards now.
- 33. Understanding how events actually occur McMillen is Zimmerman v. Weis Markets, Inc. (2011 Pa. Dist. & Cnty. – May 19, 2011) I miss my ivory tower…
- 34. The Business Unit Can’t Help You Either.
- 36. The green software or the blue one mentioned in a Linkedin Group? I really like the green one…
- 37. The Data Keepers – Enforcing Destruction Policy
- 38. Understanding risks, probabilities and severity
- 40. Suddenly Toy Planes Have Everyone Talking….
- 41. The Theft of @N A story of how hacking, extortion & bad vendor practices can lose $50,000 in 7 hours. Social Media setup with company email and connected to website Website content stored on a Host Empirebuilders.com Domain registered at a Registrar
- 42. The Theft of @N A story of how hacking, extortion & bad vendor practices can lose $50,000 in 7 hours.
- 43. The Theft of @N A story of how hacking, extortion & bad vendor practices can lose $50,000 in 7 hours.
- 44. What @N teaches us Phone Staff are the largest risk for breach. Not understanding how it all works together is the largest risk for exposure. Company security policies need to be sensible. Company case review policies need to consider exposure. Both the business unit and IT needed proactive legal and risk management help that they didn’t receive. Not embracing new technology (two factor authentication) is a serious exposure.
- 46. Establishing Controls Protection of Trade Secrets What is unauthorized access? Employees, Third Party Providers, Social Media Importance of policy vs. hardware controls Social media Use or Excessive Use Social Media Policy CFAA: Computer Fraud and Abuse Act U.S. v. Nosal, 676 F.3d 854 (9th Cir. 2012)
- 47. You Can’t Make Me Be Friends! Piccolo v. Paterson (Pa. Common Pleas 2011)
- 48. The SCA applies to entities Largent v. Reed (Court of Common Pleas of the 39th Judicial District of PA – Franklin County – November 8, 2011)
- 49. Understanding Opportunity Get your head out of the sand and get out of the way.
- 50. Provide Good Customer Service Pissed off people take to the web and businesses who don’t react quickly pay dearly.
- 51. Proactive Crisis Management •Haitian Earthquake •Mumbai Shootings •Boston Marathon
- 52. Recruitment…
- 53. Management Get fired and almost lose your company a few billions in funding.
- 54. …Termination
- 56. Showcase Your Work When “Going Viral” is cause for celebration.
- 58. Digital Millennium Copyright Act Computer maintenance DVDs Ebooks Distance learning Interoperability are only a few carve out examples.
- 59. Is staff creating content the company can own? Getty will come after you for licensing. Did the theme go home with the assistant web developer? Source of Inspiration? Employment Agreements
- 60. Protecting company IP Staff Training and Policies – Trade Secrets Understanding Provider Recourse – Copyright and Trademark Proactively securing brands online – Copyright and Trademark
- 61. Are you paying attention? www.google.com/alerts www.twitter.com/search www.addictomatic.com www.whois.com
- 62. WHAT DO WE DO? Evolve or Die.
- 63. Think Differently Approving NOTHING is the worst strategy Avoid the BRAND trap Focus on the DATA and the PROCESS, not the tool. Start the conversation with IT now and support funding for experts.
- 64. Make some POLICIES Mainly, because it requires you to review the process. Secondly, because it requires documentation in accordance with regulation, standards and best practice. http://socialmediagovernance.com/polici es/ http://www.womma.org/ethics
- 65. Vanquish the Luddite Basic operational know how of how the interwebs works is the best risk management.
- 66. Index and Resources Resource Guides, Case Law, Regulations, Standards
- 67. CFAA U.S. v. Nosal, 642 F. 3d 781 (9th Cir. 2011) U.S. v. Tolliver, 2011 U.S. App. LEXIS 19090 (3rd Cir. 2011)
- 68. Copyright and Trademark The Copyright Act of 1976 Crossfit, Inc. v. Alvies 2014 U.S. Dist LEXIS 7930 (N.D. Cal. Jan. 22, 2014) Digital Millennium Copyright Act, 17 U.S.C. §512 (DMCA) Edelman v. N2H2 Flava Works Inc. v. Gunter IO Group, Inc. v. Veoh Networks, Inc Lenz v. Universal Music Corp. Ouellette v. Viacom International Inc. RealNetworks, Inc. v. DVD Copy Control Association, Inc. Sony v. George Hotz Viacom Inc. v. YouTube, Google Inc. Vernor v. Autodesk, Inc.
- 69. Data Breach Anderson v. Hannaford Bros. Co., 659 F.3d 151 (1st Cir. 2011) HIPAA Resnick v. AvMed Inc., 693 F.3d 1317 (11th Cir. 2012) Sony Gaming Networks and Customer Data Sec. Breach Litig., No.11md2258, 2012 U.S. Dist. LEXIS 14691 (S.D. Cal Oct. 11, 2012) PCI
- 70. E-Discovery Columbia Pictures, Inc. v. Bunnell, 245 F.R.D. 443 (C.D. Cal. 2007) Consol. Edison Co. of New York, Inc. v. United States, 90 Fed. Cl 228, 231 (Fed. Cl. 2009) FRCP FACTA Largent v. Reed (Court of Common Pleas of the 39th Judicial District of PA – Franklin County – November 8, 2011) McMillen v. Hummingbird Speedway, Inc. (2010 Pa Dist. & Cnty. – September 9, 2010) Piccolo v. Paterson (Pa. Common Pleas 2011) Stored Communications Act (SCA) (SEE ALSO PRIVACY)
- 71. Jurisdiction Business Software Alliance The EU Data Protection Directive Forward Foods LLC v. Next Proteins, Inc., 2008 BL 238516 (N.Y. Sup. 2008) Gelmato S.A. v. HTC Corp., 2011 U.S. Dist. LEXIS 133612 (E.D. Tex. Nov. 18, 2011)
- 72. Privacy Crispin v. Christian Audigier, Inc., 717 F. Supp. 2d 965 (C.D. Cal, 2010) Matter of United States, 770 F. Supp. 2d 1138 (W.D. Wash. 2011) McMillen is Zimmerman v. Weis Markets, Inc. (2011 Pa. Dist. & Cnty. – May 19, 2011) State v. Bellar, 217 P.3rd 1094 (Or. App. Sept. 30, 2009) Stored Communications Act (SCA) U.S. v. Warshak, 631 F. 3d 266 (6th Circ. 2010)
Editor's Notes
- #49: The most interesting aspect of the court’s decision was in addressing whether the privacy requirement was also met. In addition to examining whether the requirement was met under Pennsylvania law, the court analyzed whether the requirement was met under federal law, namely The Stored Communications Act. As part of the Electronic Communications Privacy Act, The Stored Communications Act (SCA) limits the government’s ability to force Internet Service Providers (ISPs) to reveal information about their users and limits the right of ISPs to voluntarily reveal information about their users. The court noted only one case thus far has addressed whether Facebook is covered by the SCA, Crispin v. Christian Audigier, Inc. In that case, a subpoena was served directly on Facebook to obtain information about the plaintiff’s status postings. The Crispin Court held Facebook was covered by the Act and concluded subpoenas are never allowed under the SCA. The Largent Court distinguished the facts of the Crispin case, noting the defendant was seeking information directly from the plaintiff, not from Facebook. As an individual, the plaintiff was not an entity regulated by the SCA. Finding the privacy requirement was satisfied, the court ordered the plaintiff to turn over her user names, log-in names and passwords for Facebook and MySpace.