Updates

Dallas Buyers Club LLC v iiNet Limited [2015] FCA 317

Security Privacy and IoT

The advent of wireless broadband networks has seen an increase in the amount of information that is available on the Internet. A major problem with the information is that humans have assembled it – this “human router” has multiple flaws compared with the most basic computer device: it is time poor, less accurate, and has a much poorer attention to detail.

Our physical environment, the things that we consume, food, clothing, shelter, and travel need to be quantified and tracked in the interests of efficiency and costs. If an appliance collected this information it could alert its manufacturer that it required a new light bulb and this part could be shipped without the intercession of any person. Or an inventory of the produce available at your local convenience store could be generated including information on their delivery date and freshness.

Security

As we have become more connected so has the ability to access confidential information and wreak havoc, illustrated by the recent hacking of the Associated Press’s Twitter account regarding an explosion in the White House which lead to a 1% decline in the US stock market before it was revealed as a hoax. Similarly some of the keyless electronic locks used in hotels have been hacked leading to numerous break ins. More recently Apple iPhone’s have been hacked and locked by criminal gangs with their owners having to pay ransom in order to unlock them.

As the demand for connected consumer devices increase with reports there will be as many as 50 billion of these by 2020 traditional manufacturing companies will have to deal with the cyber security issues that software developers are familiar with. Products will have to be designed to respond to such cyber threats from the early design phase.

An Internet enabled fridge with access to a consumers banking details and security system to enable a delivery person to access a consumers house requires that a manufacturer implements integrated robust security protections. Using the open standards will be less costly than deploying a proprietary system, particularly if flaws in security lead to customers harm, legal expenses and damage to the manufacturers brand.

Privacy

The ability to instantaneously share data with every authorised device could be abused. Who owns the data that is collected, who can access it and for what purpose? Do consumers, manufacturers, or other third parties own it and who is responsible for its security? There are many legal issues to be addressed in a world where data is shared freely between devices that are situated in different jurisdictions.

New approaches to cyber security are needed to address access to and deployment of this shared data. Participants need to guarantee each other that there will be no breach with so many bytes moving across so many different networks and organizations. If we look at the standard privacy policies used in a system that connects devices surely it is the consumer that has the right not to have their information shared and not the manufacturer. The consumer must have greater ability to opt out of data sharing if they find it too intrusive. Businesses will need to address the benefits of connecting to and demonstrate the transparency of the operating system as well as the usual product marketing.

Privacy concerns (both legitimate and unfounded) are raised by the collection and profiling of consumers as the perception between collecting data and stalking, (particularly when market research has shown that the majority of consumers are unhappy with such targeting) can be narrow.

In The Right Stuff the enemy of test pilots were flight doctors, similarly the enemy of the marketing department in any business setting are lawyers. Marketing will be excited about collecting the most data about the spending patterns and behaviour of customers from their browsing patterns, and Lawyers will advise if such collection contravenes legislation in the jurisdictions that the company operates in.

29/5/2014

Adventures in Net Neutrality

The European Parliament has voted that ISPs would be barred from blocking or slowing down selected services for economic or other reasons. The EU telecoms regulator BEREC (the Body of European Regulators of Electronic Communications)  has reported that several ISPs were blocking or slowing down the use of services like “Skype”.

The purpose of the legislation is to make sure that  internet access be treated equally 

“without discrimination restriction or interference independent of the sender recipient type content device service or application.”  

While the legislation is based on the principal of net neutrality it does not limit ISPs from offering specialised services such as video on demand or cloud based data storage as long as the services are not supplied to 

“the detriment of the availability or quality of internet access services”

 Similarly ISP’s will be permitted to block or slow down services to enforce a court order, preserve network security or prevent temporary network congestion. If used these measures must be   

"transparent, non-discriminatory and proportionate" and "not be maintained longer than necessary".

Industry bodies have stated that whilst supporting an open internet the legislation was both anti-innovation and anti-consumer choice. The industry body believes that the legislation reduces innovation due to the lower quality of service for consumers and business in Europe threatening new growth opportunities and investment in new technologies including e-education and tele medicine.

The industry bodies believes that such legislation will distort competition as it benefits some players to the detriment of others. Furthermore the new legislative regime blocks growth by creating legal uncertainty as it inhibits the ability for regulators to react to new technologies or markets and stifling. The industry advocates that the EU adopt future proof measures in order that the innovation of the Digital Economy and the functioning of the internet is not inhibited.

In 2010 the European Commissioner for Digital Agenda, Neelie Kroes, advocated a best practice model. The Commissioner advocated a consultative approach between  the national regulatory authorities (NRA’s) mandating minimum quality of service requirements to consumers to ensure that there is not service degradation; ISPs informing their customers of any traffic management measures they are deploying, and the Commission monitoring all stakeholders.

The Commissioner in advocating this model stated that if there were significant and persistent problems in creating and maintaining truly open networks he would not be afraid to change the legislation to achieve the competition and consumer choice that the end users deserve.

United States 

In the United Staes the notion of net neutrality has been under threat for almost a decade. In "National Cable & Telecommunications Association v. Brand X Internet Services 545 U.S. 967 (2005)", the Supreme Court held that cable Internet providers were not a "telecommunications service" as classified under the Telecommunications Act of 1996. BrandX had argued that the FCC must regulate cable Internet providers as common carriers under the Communications Act of 1934. BrandX lost, setting the precedent that ISP’s provide "information services."

In 2010 the Federal Communications Commission (“the FCC”) narrowly passed rules in order to regulate Internet traffic by preventing ISP’s from selectively blocking web sites. The then FCC chairman Julius Genachowski  claimed that the regulations would enhance consumer choice whilst protecting freedom of speech online and preserve open access to all lawful Internet content. 

At the time those in favour of net neutrality argued the rules didn't go far enough whereas Senate Republicans introduced The Freedom for Consumer Choice Act the purpose of which is to limit the ability of the FCC to declare the actions of an ISP illegal except where the actions of the provider clearly caused harm to the consumer providing that this practice would not be corrected by market forces. Similarly Telecommunications companies Verizon, AT&T and Comcast argue that the mandating of net neutrality would restrict their effective management of internet traffic.

In 2010 "Comcast Corp. v. FCC, 600 F.3d 642" the US Court of Appeals for the District of Columbia Circuit held that unlike the power that the FCC had over cable television providers that was considered by the US Supreme Court as “reasonably ancillary” to its power of broadcast television it  didn't have the necessary ancillary jurisdiction  to regulate  Comcast's network management practices because it failed to tie that authority to any express statutory delegation  made by Congress.

The Court relied on the precedent for ancillary authority, formulated in "Am. Library Ass'n v. FCC, 406 F.3d 689" which found that a commission may exercise ancillary authority only if 

“(1) the Commission's general jurisdictional granted under Title I [of the Communications Act] covers the regulated subject and 
(2) the regulations are reasonably ancillary to the Commission's effective performance of its statutorily mandated responsibilities.”

Comcast agreed that the FCC satisfied the first prong of the test , however the Court was not satisfied that barring Comcast from interfering with its customer's peer-to-peer use was reasonably ancillary to the effective performance of its statutorily-mandated authority and if it decided otherwise it would “virtually free the Commission from its congressional tether,” allowing the FCC unlimited ability to regulate ISPs. In the aftermath of the Comcast decision the FCC issued the Open Internet order the purpose of which was the enabling consumer choice, freedom of expression, end-user control, competition, and the freedom to innovate without permission

In order to meet this purpose it mandated Transparency, No Blocking, and No Unreasonable Discrimination. Which is not too dissimilar to the rules adopted by the EU.

In January of this year the US Court of Appeals for the District of Columbia Circuit affirmed the earlier decision in Verizon v Federal Communications Commission and dealt a blow to  net neutrality with the court finding that the FCC regulations fell outside the scope of its statutory grant of authority. Similarly it restricts companies like Verizon and AT&T , who having invested heavily in infrastructure in how they manage their networks. The Court vacated the rules stipulating no blocking and no unreasonable discrimination and upheld the notion of transparency.

The Court raised concerns that an ISP might limit access to a site that competes directly with their own content the example the court gave was a provider like Comcast limiting its end user subscribers’ ability to access the New York Times website if it wanted to spike traffic to its own news website or by promoting the content of a provider that has paid a fee to the ISP at the expense of a non fee paying provider. 

It was a serious blow to the FCC as these rules represented the first attempt to impose network neutrality among ISPs. A small positive was that, the D.C. Circuit hinted that the court would accept separate jurisdictional arguments under other titles of The Communications Act. 

Last week the FCC announced new rules that are a switch from their current position of requiring ISPs to adopt non discriminatory practices. The FCC believe that the new rules ensuring that ISPs promote transparency with their consumers will provide for fair competition and innovation. However it appears that these rules could lead to companies entering into commercial arrangements (something that concerned the court in its judgment in January) that enable data to be transmitted at faster speeds. There have already been opposition to this plan by several advocacy groups who claim that the creation of an internet “fast lane” would make it easier for large companies with deep pockets to restrict access to smaller players. Tim Berners-Lee has renewed his call for an internet Magna Carta to enshrine universal access and benefits to all people.

2/7/2014

The Importance of Terms of Service

A Websites Terms of Service, (also known as terms of use and terms and conditions), are rules set out by a service provider that dictate the use of the service offered on their website. Often Terms of service are a disclaimer, limiting the liability of a website owner when their site is used by an end user.

Legally speaking when a website is used either to buy products or access services or information a contractual relationship is formed and it is necessary that a website owner defines the terms of the contract in order that there is a valid contract.

If the terms of a contract are 'vague or ambiguous', incomplete or an 'agreement to agree' as they will not be legally enforceable.

Agreement to Agree

An example of an agreement to agree is where X offers to make and sell to Y playing cards featuring Football players. Prior to agreeing to the quantity, the football players featured, or price, Y decides not to continue. At this stage, there is no legally binding contract between X and Y because there is no definite offer for Y to accept as the essential terms of the bargain have not been decided.

Consideration

It is an essential requirement there must be consideration for a contract to be binding. Consideration is the “price” stipulated by the promisor for the promise made. The “price” is not necessarily of monetary value; but requires some 'detriment' on behalf of the promisee, it could be a promise to undertake or to not undertake a particular act.

“A valuable consideration,…may consist either in some right, interest, profit, or benefit accruing to the one party, or some forbearance, detriment, loss or responsibility, given, suffered, or undertaken by the other”

Therefore consideration must move from the promisee to the promisor.

Legal Relations

To create a contract there must be a common intention of the parties to enter into legal obligations. The parties’ intentions must be mutually communicated either expressly or impliedly. If an agreement is a commercial one, the parties will normally intend that it to be legally binding. In such a case, showing otherwise will be difficult.

Capacity

Whilst all elements are important there are members of society who lack the capacity to enter into a contract. If a person lacks capacity the contract is not enforceable against them. Chief among those who lack capacity to form a contract are those suffering from a mental disorder, those who are intoxicated, and minors.

Formalities

As referred to above the terms and conditions of a contract can be communicated expressly or impliedly and do not have to comply with any formalities. Therefore your Terms of Service can follow any format that you wish.

Click wrap v Browse wrap

In re Zappos.com, Inc., Customer Data Security Breach Litigation, No. 3:2012cv00325, the United States District court for the State of Nevada held that Zappos.com's customers were not held to the browse wrap terms of service because of their obscure nature.

“the advent of the Internet has not changed the basic requirements of a contract, …A party cannot assent to terms of which it has no knowledge or constructive notice, and a highly inconspicuous hyperlink buried among a sea of links does not provide such notice.”

Zappos could have saved themselves a lot of grief if it had used a click wrap (sometimes called a click through) agreement.  Zappos.com sells shoes and clothing online, a simple “By clicking the ‘purchase’ button, you agree to the Zappos terms of use” statement with a link to the Terms of Service document would have provided the knowledge, and/or notice required by the users.  

If your site is not an ecommerce sight a click wrap agreement can be built into the account registration process, presenting the terms as “By [creating an account], you agree to the user agreement” with a link to the Terms of Service document.

As a minimum Terms-of-Service should contain the following sections:

• Definition of key words and phrases

User rights and responsibilities, including (but not limited to); Usage; (and potential misuse), Accountability for online actions, including the cancellation or termination of account by user and or Website owner

• Opt-out policy,
• Limitation of Liability outlining the website owners legal liability and Indemnification for damages incurred by users (including dispute resolution and choice of Jurisdiction)
• Copyright licensing on user content

Privacy Policy
Recent Commonwealth legislation provides compensation in the case where a Website owner is negligent in its security practices and procedures leading to wrongful loss or gain to any person.
Therefore a Privacy Policy is necessary. (Even where your website falls outside the specific requirements under the Privacy Act and National Privacy Policies.)

• Clear and easily accessible statements of its practices and policies;
• Type of personal or sensitive personal data or information collected;
• Purpose of collection and usage of such information;
• Disclosure of information including sensitive personal data or information.

Conclusion

So Terms and conditions are very important for your website. People do not always read them but you need to ask them to click that they have read and understood the conditions prior to using the site in order to protect your business from dispute resolution which can be costly and time consuming. 

17/7/2014

The recent decision of the United States Supreme Court in American Broadcasting Companies v. Aereo, 573 U.S.  (2014) reminded me of the Full Federal Court of Australia’s decision in National Rugby League Investments Pty Ltd v Singtel Optus Pty Ltd [2012] FCAFC 59. In both instances the Court ruled on the validity of the copyright exceptions for a service provided using disruptive technologies.

Optus Service

Optus' TV Now service allowed subscribers to nominate free to air TV programs to be recorded. Optus would stream data to a subscriber logging in to view the nominated program, in the form suitable for the subscribers’ device from one of four recordings of the program held in Optus' data system for a period of 30 days, after which the recordings were deleted from the system
The concern to rights holders in the popular football leagues in Australia was that customers of the Optus TV Now service would record and view football games within minutes of their original broadcast, which would lessen the commercial value of exclusive rights. Telstra (a competitor of Optus) held the exclusive internet and mobile rights to these games.

Although section 111 of Copyright Act 1968 (Cth) provides an exception for time shifting of programs by individual’s for private or domestic use the Full Federal Court held that Optus' service did not fall within this exception. The Court held that Optus' had too great a role in making the copy, therefore had infringed copyright. Interestingly the Court found that s111 is not technology neutral as differing technologies may yield different conclusions on the question of "who makes the copy".

Primary judgment