Facebook Law: Consequences of Hacking Into Another Person’s Account

Facebook law attorney
Facebook Law: Consequences of Hacking Into Another Person’s Account

You wake up one day and power on your phone. BOOM! Life exploded overnight. An enemy successfully hacked your Facebook account, and then sent outrageous emails to your friends and family — emails which appear to be coming from you!

Nightmare, right? And one that Chantay Sewell says she endured at the hands of her former paramour.

In response to the incident, Sewell filed a lawsuit, but the court dismissed the claim because the statute of limitations had expired. Recently, though, an appeals panel reversed the lower court’s decision; Sewell can now move forward with her online defamation case.

The lawsuit is significant because it could further define the scope of the Computer Fraud and Abuse Act. In non-legal terms, the case is important because it highlights the very real – and very damaging – consequences for seeking “digital revenge” – against a person or business rival.

The lawsuit is significant because it has the potential to further define the Computer Fraud and Abuse Act’s scope.

Example Incident: Ex-Lover Allegedly Hacks Facebook Account & Sends Messages

One day, in the not so distant past, a woman named Chantay Sewell suddenly couldn’t access her email and social media accounts. The logins just weren’t working. Frustrated, Sewell enlisted an attorney to investigate the issue. And guess what: the lawyer found a treasure trove of potential illegality, in the form of emails sent from the account during the time Sewell was locked out.

At first, Sewell believed the Culprit to be her ex-lover’s wife and filed a lawsuit against the woman. But it turned out that the wife was innocent; instead, the alleged culprit was Sewell’s former paramour, who allegedly confessed.

Lower Court Tossed Facebook Law Case

A lower-court initially tossed the case, claiming Sewell waited too long to bring the charges. But a three-judge appeals bench disagreed, in part, with the lower court’s decision, ruling that even though the statute of limitations had expired for the email account claims, Sewell could move forward with the Facebook ones.

Why the discrepancy between the two courts? The appeals judges considered the persistent realities of present-day digital life.

Judges Starting To Consider Digital Culture In Social Media Rulings

In the initial ruling, the court – for lack of a better term –considered Sewell’s online accounts as one entity. But the appeals court wisely reasoned that people no longer have a single email address or account; between Facebook, Twitter, Instagram, your favorite blog, news portals – you name it – the average person has upwards of 15 to 25 different digital accounts.

And since Sewell hadn’t discovered her hacked Facebook till 2012, the statute of limitations for the Computer Fraud and Abuse Act and the Stored Communications Act had yet to expire.

facebook defamation case
Posing as someone else on Facebook may be a violation of federal law in some cases.

Potential Consequences of Hacking, Defaming or Otherwise Misappropriating

Although it’s tempting and oh-so-easy (the keyboard is right there!),  seeking digital revenge by either a) hacking into another person’s online accounts or b) pretending to be someone else on the Internet is a monumentally stupid idea. These acts aren’t only a violation of the Computer Fraud and Abuse Act, but breaches of an inordinate amount of state impersonation, privacy, and Internet law statutes. If Sewell wins, her former flame could, in theory, go to jail. He could also find himself in bankruptcy court on account of massive fines.
Hacking is a violation of the Computer Fraud and Abuse Act, and also violates an inordinate amount of various state impersonation, privacy, and Internet law statutes.

Hacking is a violation of the Computer Fraud and Abuse Act, and also breaches an inordinate amount of various state impersonation, privacy, and Internet law statutes.

All because of a little churlish social media tomfoolery.

Even If You Don’t Hack,  Legal Consequences Abound

Let’s say you buy a URL that features someone’s name. Then you take it upon yourself to litter said website with lies; the person whose name you co-opted could successfully sue for online defamation or false light invasion of privacy.

An Online Alias May Not Protect You From Being Found

What about anonymous online reputation attacks, you ask? Don’t fool yourself into thinking that an online alias is an invisibility cloak. All that’s required to denude an anonymous defamer is a court order compelling an ISP or web host to hand over identifying information. If a judge believes that a plaintiff has a shot at winning their case, there’s a good chance they’ll issue a court order.

“What about a VPN to hide your IP?” Also discoverable.

When faced with the taste for revenge, the best thing to do is step AFK and engage in something you enjoy. Zen out, because that one “muwahahahahaha” could, in theory, land you on Skid Row – or behind bars.

Do you need a Facebook law attorney? Get in touch with Kelly Warner today.


Neumeister, L. (2015, August 4). Woman can go ahead with lawsuit alleging Facebook defamation. Retrieved September 28, 2015, from http://finance.yahoo.com/news/woman-ahead-lawsuit-alleging-facebook-203809655.html

FTC Favors Companies With Data Breach Contingency Plans

data breach contingency plan
Having a data breach contingency plan may mitigate penalties in the event of an incident.

A couple of months ago, Mark Eichorn posted a quietly significant post on the Federal Trade Commission’s blog. In it, Eichorn gives an overview of how the FTC approaches breach and data security investigations.

In the post, Eichorn advises:

“We’ll also consider the steps the company took to help affected consumers, and whether it cooperated with criminal and other law enforcement agencies in their efforts to apprehend the people responsible for the intrusion. In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach. Therefore, in the course of conducting an investigation, it’s likely we’d view that company more favorably than a company that hasn’t cooperated.”

In other words, when deciding on punitive measures in data security cases, the Federal Trade Commission is often more lenient with businesses that report breaches to the proper authorities promptly. Or, conversely, if you try to hide a data breach from authorities, and the FTC discovers your deception, the commissioners may – and are legally allowed to – dole out a larger fine.

Three Data Privacy Best Practices For SMBs

  • Have a “privacy officer” on speed dial. Privacy officers are usually attorneys; they’re the people businesses can call in the wake of a data breach to determine their legal responsibilities based on the nature of the data attack or hack. Your privacy officer, depending on the information you provide, will let you know what you need to do to satisfy local, state, federal and international data breach regulations. On occasion, contingent on the circumstances, you may not have to report the incident.
  • Don’t ignore security issues. Digital hacking is a serious reality. Laboring under the assumption that “it will never happen to you” or “only the big guys get hit” is erroneous. Implement certain data security measures at your office. Also, establish data security rules amongst your employees – the most fundamental being that they’re forbidden from accessing files remotely without authorization and instruction.
  • Have data security, maintenance and breach procedures in place. Moreover, companies should make a habit of corporate-wide password changes on regular intervals. Additionally, like a fire drill, businesses should establish a data breach drill. Not only will it be helpful in the event of an attack, but being able to prove to officials that you did take precautions may mitigate eventual punishments handed down by the FTC or other government agencies.
data breach law
Kelly Warner Law can create a comprehensive data breach contingency plan for your business.

Consult A Data Breach Lawyer

Lawyers at Internet law firm Kelly Warner act as the privacy officers for several startups and businesses. We’d be happy to help you establish a data security and / or data breach program or procedure that satisfies all state, federal and international regulations. If you’re not yet ready for a consultation, you may want to read through these blog posts [will be linked to online privacy blog]. They will give a better idea of the types of online privacy and data security laws that businesses must follow. When you’re ready to move forward with an online privacy and data security plan, contact Kelly Warner’s online privacy lawyers.

Native Advertising Laws: A Very Brief Summary

native advertising law picture: words on blackboard with doodles

Media chatter suggests that the Federal Trade Commission has turned its gaze towards “native ads” – a.k.a., sponsored content. At an industry conference, FTC director Mary Engle explained the agency’s core apprehension regarding native advertising. She explained:

“For us [the FTC], the concern is whether consumers recognize what they’re seeing is advertising or not.”

Is It Enough To Use A “Sponsored” Label?

A lot of websites demarcate promotional sections with a “Sponsored Stories” headline. Does that satisfy FTC guidelines? Not anymore.

Some marketers label native advertising in fine print. Think: sponsored (don’t worry, you’re not the only one who can’t read it). At the event, FTC’s Engle reminded attendees that the commission had won cases, against brands and marketers, in which the word “advertorial” was so small the average person didn’t notice it.

If It Misleads, Your Business May Bleed

A journalism axiom instructs: “If it bleeds, it leads!” In other words, gory stories get front-page coverage. Call it “rubbernecking syndrome.” As a variation on the theme, native advertisers should remember: “If it misleads, a business may bleed!”

And remember: Advertisers, designers, and even marketers can all be held responsible in a “native advertising” sting.

Native Advertising and Marketing Audits: A Business’ Best Friend

U.S. brands courting overseas customers must adhere to both domestic and foreign advertising laws.

Are you positive you understand – and follow – every state, federal, and international marking law, regulation and guideline? Ask yourself:

A marketing legal review may cost a couple of hundred dollars; a censure from the Federal Trade Commission could set you back millions.

Contact Kelly Warner’s online marketing lawyers and e-commerce attorneys to schedule a native advertising audit or full online marketing review.

Can You Be Prosecuted For Things You Say Online?

can you be prosecuted for things you say online?
Can you be prosecuted for things you say online?

Do you treat Google as a confessional or a digital counter spy? If someone stumbled upon your private searches, would they think:

  1. “Dear Authorities: I have convincing proof that the hybrid of Patrick Bateman and Omen Damien now walks among us. Can you get on that, quickly? K? Thanks. Signed, Everyone Ever.”
  2. “Jabba the Hutt, is that you?”
  3. “Holy boring.”

In our digital world, where is line between “deviant fantasy” and “attempted criminality”? A post-modern meditation on free speech and individual freedom, HBO’s new documentary, Thought Crimes: The Case of the Cannibal Cop, forces each of us to consider our relationship with the swami search engine, Google. The film begs us to debate questions like:

  1. Should online searches be a factor in harassment and other criminal cases?
  2. Can you be prosecuted for things you say online?
  3. Can you be prosecuted for things you say on a “fantasy forum”?
  4. Is there a right answer?

Thought Crimes: The Case of the Cannibal Cop: A Summary


HBO (now also known as: high-brow Court TV) debuted another true crime documentary that will leave you disturbed for days. Entitled Thought Crimes: The Case of the Cannibal Cop, the film lures you into the world of Gilberto Valle, a cop-turned-convict whose “fantasies” veered in the yikes-omgwtf direction.

Bottom Line: Gilberto Valle was a New York State police officer who spent off duty time trolling the darkest parts of the Web. Parts where men talked about kidnapping, raping and then eating women. Yup. Valle was an active member of a purported online cannibal community.

When Online Talk Starts Getting Real

Eventually, Valle started chatting with another user and talked turned to taking their fantasies AFK. Around this time, Valle allegedly accessed a police database to gather personal information about a woman he mentioned in his “cannibal chat community.” Obviously, this was a big no no.

Investigation & Arrest

In time, Valle’s wife uncovered his secret. And like any wise woman, she ran to authorities. Law enforcement investigated, unearthed Valle’s online cannibal activity and discovered his questionable access of police records.

In 2013, police arrested Valle. He was found guilty of kidnapping conspiracy and served a year behind bars; then, the guilty verdict was overturned.

Can You Be Prosecuted For Things You Say Online?

Sure, the film is a bit salacious, snarky and sometimes cringe-worthy, but Thought Crimes is more than mindless true crime fodder. It’s a brain teaser that delves into the philosophical and legal quagmire stewed by the 21st century. Should online searches be admissible evidence, ever? What level of criminal intention can a Google search legally convey?

Throughout the documentary, Valle’s mindset is poked and probed – by the filmmakers and us, the audience. The film juxtaposes his conversations about cannibalism with videos of him eating or cooking. We jump to conclusions, only to have those suppositions questioned a frame later. We waiver between two poles: Were Valle’s actions simply, as he insists, an online-only “sick fantasy”? Or did the prosecutors have it right, and use next-level police work to stop a violent criminal before he took his “sick fantasies” to actual streets?

A Minority Report Warning?

In retrospect, perhaps the only message Thought Crimes makes clear it is this:

Be careful what you search for online. Very careful. Because Phillip K. Dick’s prescient Minority Report seems to be playing out right before our very eyes — and “PreCrime” seems to be a real thing.

Kelly / Warner: The Digital Communication Litigation

Kelly / Warner is an internet law firm with a team of attorneys that concentrates on legalities affecting digital communications. To learn more about our firm, please head here. If you’re primarily interested in our online speech litigation practice, please go here.

Got any other questions like, “can you be prosecuted for things you say online?” Give us a ring or send a message.

Explained: The Arizona Data Breach Notification Law

Arizona data breach notification law
Make sure you’re in compliance with the Arizona data breach notification law.

By the end of this post, you’ll understand Arizona’s “data breach notification law” and what you’re legally required to do in the wake of a hack, leak or manual data breach. Ready to speak to a lawyer about your situation? Get in touch.

Arizona businesses – and websites accessible to Arizonians – are legally required to inform users and customers of data breaches. In this blog post, we’ll review § 44-7501 of the Arizona Revised Statutes – a.k.a., the Notification of breach of security system; enforcement; civil penalty; preemption; exceptions; definitions law. For brevity’s sake, we’ll call the regulation 44-7501.

What is “personal information” under the Arizona data breach notification law?

Arizona’s data security law only applies when personal information is compromised, which raises the fundamental question: What constitutes “personal information” under Arizona State law?

Answer: Any person’s first name or first initial and last name, coupled with:

a) A social security number,
b) Driver’s license or official ID information, or
c) Credit or debit card numbers, with password or security code data that could grant access to accounts.

Who has to follow Arizona’s Data Breach Law?

Any person, group or business, operating within the State of Arizona, that owns, maintains or licenses unencrypted user data, must follow 44-7501. Examples include (but are not limited to):

  • Companies headquartered in Arizona;
  • Commercial websites that permit Arizona residents to access or interact with their sites; and
  • Large companies with offices or customers in Arizona.

Uncertain if Arizona’s data breach law applies to you? Consult with an Internet law attorney to find out.

What constitutes a “breach” under Arizona’s ?

Not all leaked or stolen information is a notification-triggering breach. For a data security incident to qualify, personal data (described above) must have been compromised – or fell into unauthorized hands – and the potential exists for user / consumer economic loss. Examples of possible breaches:

  • Hacking incident;
  • Loss of laptop, memory stick, computer or hard drive;
  • Employment misconduct with digital records and accidental emails;

The above examples aren’t the only models of data breaches that require notification, they’re simply an overview of things that have previously been deemed breaches under Arizona law.

What is the general purpose of 44-7501 – Arizona’s Data Breach Notification Law?

Passed in 2006, 44-7501 outlines the required notification process in the event of an unauthorized data breach.

When are you required to launch a data security breach investigation?

Under Arizona’s data breach law, the moment business operators become aware of a potential security issue, they are obligated to launch a “prompt investigation.” If it’s discovered that you looked afoul when the signs pointed to a potential breach, you’ll be fined – heavily.

How long do companies have to notify the affected users / people?

If your investigation concludes that a third party could have gained access to records, you’re required, by law, to alert the affected parties:

“…in the most expedient manner possible and without unreasonable delay.”

What are allowable notification methods according to Arizona’s data breach notification rules?

If you’re responsible for alerting affected consumers about an Arizona data breach, acceptable contact methods include:

  • Phone;
  • Regular Mail;
  • Email, only if the person has indicated email as their preferred contact medium.

If more than 100,000 people are affected by a breach, or if the cost of notification would exceed $50,000, businesses can use so-called “substitute notification methods,” which include:

  1. Email (some restrictions apply; consult with an Internet lawyer about the details of your case.)
  2. Conspicuous notification on company website; or
  3. Notification to major, statewide media outlets.

Law enforcement agencies can delay notification if the incident affects a larger investigation.

What is the penalty for breaking Arizona’s data breach law?

What happens if you don’t comply with Arizona’s data breach law? A huge fine. Violators are responsible for actual damages caused by the ignored breach, plus $10,000 per breach.

Who is allowed to sue for violations of Arizona’s Data Breach Notification Law?

Only the Arizona Attorney General can bring breach notification violation charges against a defendant. Additionally, State law supersedes municipal and county laws addressing the issue. This would not, however, preclude private citizens from bringing causes of action for other claims.

Kelly / Warner is a top-rated legal practice that focuses on Internet law. To learn more about our pioneering firm, head here. To speak with an experienced Internet law attorney, get in touch.


Got Arizona Data Breach Notification Questions? We’ve Got Answers.
Set Up A Consultation Today!

Social Media’s Stand Against Revenge Porn

Picture of Blackboard that says new rules to accompany a blog post about Twitter stance on revenge porn

Twitter is taking a stand against “revenge porn.” Perhaps the 2014 “Fappening” drove them to change. Or maybe the social media platform is falling in line with legislators across the country who are eagerly passing laws the punish people who engage in the act.

From Denial to Action

Twitter’s stand against revenge porn comes after a leaked internal correspondence by CEO Dick Costolo made its way to the Internet. In it, Costolo admitted:

“we [Twitter] suck at dealing with abuse and trolls on the platform and we’ve sucked at it for years.”

The Exact Twitter Revenge Porn Rule Change

So, how, exactly, did Twitter address the revenge porn problem on its platform? The site amended the “private information” and “abusive behavior” sections of its terms of service policy. Now, according to the TOS:

You may not post intimate photos or videos that were taken or distributed without the subject’s consent.

Yeah, But, Is Twitter’s New Anti-Revenge Porn Stance Really Going To Help?

If you’re a skeptic, you may be thinking, “So what. This is all just lip service. Nothing will change.” And you’re not alone. Many people think Twitter’s announcement was simply a transparent PR effort that won’t result in change, because “banning” revenge porn on a social media platform would ultimately result in an everlasting game of whack-a-mole.

Facebook Is Also Making Noise About Indecency Issues

Twitter isn’t the only social media platform publicly addressing the revenge porn issue in recent months. Facebook has also made changes to its use policy to read:

“You may not post intimate photos or videos that were taken or distributed without the subject’s consent.”

The ‘threats and abuse’ section of Facebook’s terms now also read:

“In addition, users may not post intimate photos or videos that were taken or distributed with the subject’s consent.”

Further Reading & Attorney Contact Information

To find out if your state has a specific revenge porn law, click here.

To set up a consultation with a lawyer that handles Internet law issues, click here.


List of California Online Privacy Laws

California online privacy law and lawyer
List of California Online Privacy Laws

California rung in 2015 with a slew of new online privacy laws. If you run a commercial website – or otherwise collect personal data about users – there’s a good chance you’re beholden to California’s online privacy laws.

But why? You don’t operate out of California, right?


California’s online privacy laws aren’t only for websites and companies based in California. They apply to any and all commercial websites or apps available for use in California.

Below is a list of the Golden State’s latest digital privacy statutes. The state’s original online privacy law is still in effect, also. To speak with an Internet lawyer about an online privacy matter, head over here.

List of California Online Privacy Bills That Became Law In 2015

Privacy Rights for California Minors in the Digital World Senate Bill No. 568

Digitally marketing firearms, tobacco, or alcoholic beverages to California’s minors is no longer allowed. Neither is compiling personally identifiable information about people aged 17 and younger, nor enabling other people to do so. Think of SB 568 as “COPPA for teenagers.”


Data Breach Notification Amendments Assembly Bill No. 1710

Assembly Bill No. 1710 broadened the liability for data brokers holding information on California residents. Specifically, the new law requires data brokers to:

“…implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”


Patient Medical Breach Notification Period Extension Assembly Bill 1755

Most of the 2015 California online privacy laws tighten restrictions, but AB 1755 does the opposite. Known as the Medical Information Breach Notification Bill – it extended the notification grace period for patient data breaches from 5 to 15 days.

In addition, AB 1755 allows for email as an acceptable method of patient contact and notification. The law does stipulate, however, that email cannot be used unless the patient gives consent.

Pupil Records Privacy; 3rd-party contracts; digital storage services and digital educational software Assembly Bill No. 1584

Assembly Bill No. 1584 allows “educational agencies” (e.g., school districts, universities, etc.) to put both feet in the 21st century by granting leeway to contract cloud computing programs on a mass scale.


Pupil Records and Social Media Assembly Bill No. 1442

Another online privacy law protecting students, AB 1442 focuses on social media data. If school representatives collect information about students’ social media accounts, they’re not allowed to sell it, rent it or use it in an unauthorized manner. The law goes so far as to give “destruction instructions” for information inadvertently (or purposefully) collected.


Student Online Personal Information Protection Act Senate Bill No. 1177

Another student-focused online privacy law, Senate Bill No. 1177 addresses advertising in educational software. Essentially, the new law prohibits marketers from a) using in-app, targeted advertising and b) building student profiles using information gathered via platforms used in schools and other educational institutions. The law also calls for on-demand information deletion under certain circumstances.


Consult With An Online Privacy Lawyer

Kelly / Warner attorneys intimately understand the parameters of both state and federal online privacy regulations. If you run a website in the U.S., there’s a significant chance you’re beholden to not only California online privacy laws – but foreign (yep, foreign) statutes, too. If you have an online business presence, get a privacy audit with an experienced Internet lawyer.

Do Foreign Companies Have To Follow FTC COPPA Regulations?

do foreign companies have to follow FTC COPPA rules
Must you adhere to FTC COPPA regulations if you’re outside the U.S.?

Do Foreign Companies Have To Follow FTC COPPA Rules? (Yes!)

Can the U.S. Federal Trade Commission fine foreign websites and apps for not following state-side online marketing regulations? It sure can. Here’s the bottom Internet marketing line: All commercial products and services available to U.S. citizens are subject to FTC regulations.

BabyBus COPPA Violations: Example of a Foreign Businesses Being Investigated By The FTC

Recently, Chinese app developer BabyBus Network Technology Co. (“BabyBus”) learned the answer to the question, “Do foreign companies have to follow FTC rules?,” when the Asia-based developer got a Children’s Online Privacy Protection Act (COPPA) violation warning:

“Because you are collecting precise geolocation information, which is considered ‘personal information’ under the rule, you must provide notice and obtain verifiable parental consent before collecting, using, or disclosing this information. Your failure to do so appears to violate COPPA and its implementing rule.”

Exhibiting a bit of Internet law diplomacy, the Federal Trade Commission gave BabyBus a month to review its product, and then make necessary changes.

The next time someone answers “no,” to the question: “Do foreign companies have to follow FTC COPPA regulations,” set them straight using the BabyBus example.

What Are The Main Things To Remember About The Children’s Online Privacy Protection Act (COPPA):

  • If your commercial website, app or platform is used by children younger than 13, you must adhere to restrictions outlined in the Children’s Online Privacy Protection Act – the only (currently) extant federal online privacy law in the U.S.
  • Without parental/guardian consent, it’s against regulations for commercial websites, apps and platforms to collect personally identifiable information about people younger than 13.
  • There are specific COPPA rules regarding acceptable parental consent. For example, simply collecting a credit card number doesn’t meet standards. To make compliance easier, the FTC recently approved a program in which developers can submit their “parental consent gathering” apps for COPPA safe harbor certification. If the FTC accepts an app or platform for the program, said app or platform can be incorporated into websites and software that are beholden to COPPA regulations. It’s akin to blogs using a program like “Disqus” as a commenting engine.
  • Even if tweens are not your target demographic, if you have “actual knowledge” that minors are using your commercial site or software, platform or application, then you’re beholden to COPPA regulations. You’re best bet is to consult an FTC marketing lawyer to make sure you’re in the legal clear.

What Does ‘Commercial’ Mean In Regards To The Children’s Online Privacy Protection Act?

Unsure if your website would legally be considered “commercial” by a court? Have an Internet lawyer look at it. You may not think your website is “commercial,” but a plugin or process may deem it so in the eyes of the Federal Trade Commission.

Get An FTC Marketing Audit

Do you run a commercial website or app that a child may use? Have you developed an app, platform or plugin that could be deployed on a commercial website that a kid might visit? If yes, then you should be aware of regulations laid out in the Children’s Online Privacy Protection Act. An FTC marketing lawyer can review your operation and let you know if your product or service is beholden to COPPA.

The next time someone answers “no” to the question: “Do foreign companies have to follow FTC COPPA regulations,” you can set them straight using the BabyBus example.

Kelly / Warner offers COPPA audits. They’re inexpensive (dare we say, “cheap”!) and will save you a major FTC COPPA investigation headache. Get in touch today to learn more.

Source Article

FTC Mobile Payment App Report: Disclose and Ask More Questions!

mobile payment app law
The FTC recently published a report on mobile payment plugins and apps. Does this mean a new mobile payment app law? Probably not; but, there are new guidelines to follow.

The Federal Trade Commission has been earning their keep lately. Hearings, investigations and workshops, oh my! One of its latest efforts is a report and recommendations on mobile payment and coupon apps/plugins. While the commission didn’t announce a new, formal mobile payment app law, it did make strong regulation suggestions — suggestions with which online marketers are legally bound to comply.

The commission’s two main conclusions:

  1. Developers and app companies aren’t doing enough to alert consumers about the liabilities associated with payment apps; and
  2. Consumers should stop using mobile payment apps that don’t feature clear and concise disclosures that appear before they download the program.

The FTC’s 2014 Review of Mobile Payment Apps and Plugins

The Federal Trade Commission concentrated on three categories of apps in both the Google Play and iTunes App stores:

  1. Price comparison apps,
  2. Deal and coupon redemption apps, and
  3. Mobile payment apps.

What were Federal Trade Commission staffers reviewing about these apps?

  1. Whether or not the app had pre-download disclosures on:
    • Procedures for fraudulent transactions,
    • Billing errors, and
    • Payment-related disputes.
  2.  Privacy Policies – Since multiple users can participate in a group buy via some mobile payment apps, FTC investigators examined the privacy policies of the reviewed applications / plugins.

What Did The FTC Discover After Reviewing Mobile Payment Apps?

  1. Most mobile payment apps didn’t feature pre-download disclosures about “issues that are important to consumers.”
  2. After downloading the apps, investigators noticed that nearly all of the associated terms of use policies “placed all liability for unauthorized charges on the consumer.”
  3. Nearly all of the reviewed apps had “strong security promises and linked to privacy policies.”
  4. Most of the apps’ privacy policies used “vague language” and allowed for the collection and third-party use of consumer data.

What The FTC Wants Mobile Payment App Developers To Do Moving Forward; A New Mobile Payment App Law?

  1. Create pre-download disclosures regarding “consumers’ rights and liability limits for unauthorized, fraudulent or erroneous transactions.”
  2. Clean up the language in their privacy policies and use plain English to explain, clearly, what data is collected and what is done with it.
  3. Better evaluate whether or not they have a valid “business need” for the data they are collecting, and do a better job of describing these “business needs” to consumers (i.e., if you’re collecting data for shady purposes, and it’s not clear in your privacy policy, the FTC may come a-knocking on your door soon).
  4. “Companies should ensure that their strong data security promises translate into strong data security practices.”

What The FTC Wants Consumers To Do Regarding Mobile Payment Apps

  1. Start “asking questions” about the mobile payment apps they use.
  2. “Consumers should look for services that tell them upfront how the payment service works and what they can do if they encounter a problem. If the information is not available, consumers should consider taking steps to minimize their liability by choosing a different payment app or funding such payments with low-dollar amounts.”

So there you have it folks, after months of researching, debating, analyzing and then writing a 40-page report on the top 25 most downloaded mobile payment apps, the FTC says:

Do not try to cheat people! Follow the Dot Com Disclosures! Oh, and consumers, start asking more questions!

And this concludes our latest installment of “How the FTC Turns.”

Sign up for our newsletter (footer) and add our RSS feed.

Do you have a mobile payment app law question? Get in touch with Internet law attorney, Aaron Kelly, with all your questions.

5 Facts About The “Right To Be Forgotten” Ruling

right to be forgotten ruling in EU
Will US defamation victims be able to take advantage of the new EU right to be forgotten ruling?

UPDATE: Google now accepts “right to be forgotten” removal requests. To see if you qualify, get in touch.

*** Original Article ***

The top European Union court announced a landmark ruling furthering the discussion about “right to be forgotten” Internet laws. We’ll explain the meat of the ruling and explore how it could affect online defamation victims.

What Is The Best Way To Get Defamatory Material Removed From The Internet?

The best way to mitigate the effects of online defamation is to get the offending material removed from the Web. But, if you can’t expunge it completely, the second best option is getting libelous info erased from search engines. That way, if someone pumps your name or business into Google, Yahoo! or Bing, the reputation damaging webpage won’t show up in the results.

How Easy Is It To Get Libelous Content Removed From Search Engine Indexes in the United States?

How easy is it to get defamatory content removed from search engines? It depends on the situation. It’s possible to get a court order compelling a  search engine to remove material, but in order to do so, one must first prove defamation.

If your lawsuit is in the beginning stages, you can sometimes get a temporary restraining order compelling website operators to remove material during the course of litigation.

How Easy Is It To get Libelous Content Removed From Search Engine Indexes in the European Union?

The United States may enjoy eviable free speech rights, but EU online privacy laws are a lot stricter than ours.

In May 2014, the European Court of Justice announced a landmark search engine defamation ruling. In 1998, a man living in Spain suffered a reversal of fortune. But, over the past several years, he’s turned things around. Unfortunately, when you pump his name into Google, his 2–year-old blunders are still front and center.

The man’s woes, though, will soon be over, because the EU Court said Google must remove the information about his old financial troubles.

The Right to Be Forgotten v. The Right To Erasure

People on the “legal beat” are calling the new European online privacy stance “the right to be forgotten.” Officials in Europe, however, are taking it one step further and calling for a “right to erasure” law, which would allow individuals control over personal online information that is “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed.”

Will The EU Right To Be Forgotten Ruling Affect The U.S. Tech Industry?

The EU’s right to be forgotten ruling will cost search engines money – lots of it. Why? They’ll have to implement new procedures to comply with the legal standard, as well as hire a slew of attorneys to focus on related issues.

And there’s another concern: censorship. According to the Computer & Communications Industry Association, whose membership ranks include Facebook Inc., Yahoo, Google, and Microsoft, said about the EU right to be forgotten ruling:

“[It] opens the door to large scale private censorship in Europe,” adding that “our concern is it could also be misused by politicians or others with something to hide who could demand to have information taken down.”

Can U.S. Businesses ‘Take Advantage’ of the new EU Right To Be Forgotten?

Are you wondering, “I wonder if I, a U.S. citizen, can somehow make the new EU ruling work for me? There is some unsightly information about me on the Web, and I’d really like it gone.”

Unfortunately, the answer isn’t simple and depends on whether or not you have any ties to Europe.

If you’re curious if you qualify to take action under the new European “right to be forgotten” standard, contact Kelly / Warner. We’ve successfully handled countless online defamation removal cases. Let’s talk.

Get in touch today to learn more about your legal options regarding the right to be forgotten laws.

An Update On Revenge Porn Laws Across The Country & Abroad

revenge porn laws update
Revenge Porn Has Gone Viral and Politicians Worldwide Are Eager To Make New Laws

Anti-Revenge porn laws have gone viral. Most states in the union have a bill in the draft-to-ratification pipeline. Even Japan and Canada are crafting and passing revenge porn laws.

Quickly, Refresh My Memory, What Is Revenge Porn?

Revenge porn is the Internet law topic du jour. So, what is it? Basically, it describes the act of jilted ex-lovers posting intimate selfies of former paramours — without said paramours consent or knowledge.

In some instances, images or videos are used to humiliate or destroy professional reputations. In other instances, less stable – often dangerous — people use the threat of revenge porn to blackmail partners into continuing a bad relationship.

Is Revenge Porn Legal In The United States?

Last year, in response to the question: “Is revenge porn legal in the United States?” I would have said, “Yes.” But now, not so much. In just a few scant months, most states have, at the very least, begun drafting anti-revenge porn legislation. Some legislators –- like Arizona and California — have already passed bills criminalizing the act.

Go here to get a state-by-state rundown of revenge porn laws.

U.S. National Revenge Porn Law? A Prediction.

Prediction: Within two years, revenge porn will be illegal everywhere in the United States. Why commit? Bi-partisan support for revenge porn laws is unusually strong, and it provides politicians an easy way to “reach across the aisle.” Brass tacks, save for some arguably legitimate (albeit perhaps only theoretical) libertarian objections, revenge porn is an effective vehicle for politicians to garner support. And hey, why not. Anti-revenge-porn laws are a good thing, so long as they don’t inadvertently trample free speech rights.

Japan’s New Public Push For Revenge Porn Legislation

Last year, Japan’s National Police Agency reported approximately 300 cases involving explicit photos or videos of minors — a distressing 30 percent increase from 2012.

The significant increase in Japanese revenge porn cases has prompted legislators to draft a law criminalizing the act. The current political makeup of the Japanese Parliament, though, is not what one could call “copacetic,” and analysts predict it will take years to pass a bill that all parties can agree on. (Hmmmmmm, sound familiar?)

Junko Mihara, the current secretary-general of the Liberal Democratic Party, was asked to comment on the seriousness of these incidents. He explained that revenge porn is nothing less than “… sexual violence and an offense that could very well haunt its victims for the rest of their lives.”

Canada Revenge

The public face of Canada’s C-13 Act, or Protecting Canadians from Online Crime Act, is cyberbullying. Speculation is that the new law could be amended to cover revenge porn, too.

Bill C-13 has several distinct components. Aside from provisions dealing with cyber-sexual assault, the bill contains troubling privacy elements. It allows, for example, the police to request information about any person from any company or Internet service provider — without warrants nor customer consent.

Advocates argue that C-13 is not the ideal way to combat cyber-bullying, but some think it’s the perfect revenge porn legal tool.

Speak With A Revenge Porn Lawyer

If you are dealing with a revenge porn situation and looking to take legal action, get in touch with Kelly / Warner Law.

FTC Fines Snapchat For Being Loosey-Goosey With Data

snapchat FTC fine

Snapchat entered into a consent decree with the Federal Trade Commission for supposedly misleading users about data collection and inter-device privacy. Avoid the same outcome by making sure your apps and websites are outfitted with proper legal disclosures.

Why Did The FTC Go After Snapchat? (Answer: Playing Fast and Loose With Customer Data)

iOS7 Bug

Snapchat users can take screenshots of a “snap,” but the original user is supposed to get a notification when it happens. But the Federal Trade Commission reported that recipients with Apple devices running iOS 7 can exploit the app to avoid screenshot detection.

Encryption Issue

The FTC also reported that Snapchat stores videos on recipients’ devices without encryption, meaning the videos can be accessed even after “disappearing” on the Snapchat application.

Successful Hacker Breach

On top of all that, in January, hackers snagged a whole lot of valuable Snapchat user data. Making matters more complicated for the app company, security experts had warned Snapchat that the application was exploitable, but the company, allegedly, did little to fix the issue.

Android Issue

iOS users weren’t the only affected people. Android Snapchaters’ locations were also transmitted to the Snapchat servers, even though the company claimed it didn’t collect any information from users.

Snapchat Got The Same “Sweetheart” Punishment As Facebook Did For Beacon

Like Facebook before them, part of Snapchat’s FTC agreement requires the company to implement a 20-year privacy monitoring program, which will be overseen by an external privacy expert.
The FTC warned Snapchat that violation of the agreement will result in a civil penalty of up to $16,000 for each offense. Snapchat has since made some upgrades, reporting: “we continue to invest heavily in security and countermeasures to prevent abuse.”

FTC Unfair and Deceptive Marketing Lawyer

Entangled in an FTC investigation? Get in touch with Kelly / Warner Law. Click here to learn more about our online marketing legal practice.