Over the law few months, we have been getting calls every week from Internet subscribers who think they’re about to lose their homes, their entire life savings, or in one particular instance, their freedom (one woman was terribly afraid that she and her husband were going to be sent to prison).
It has been over a year since we last addressed the Malibu Media issue in our post Malibu Media Makes Marylanders Miserable, but the onslaught of copyright infringement cases filed by Malibu Media in the mid-Atlantic has not slowed. At last count, Malibu Media had filed over two thousand alleged copyright infringement cases in the United States, with over 355 cases right here in STSW’s home state of Maryland. The semi-boilerplate “Complaint” that Malibu Media files with the Court in these cases is usually a frightening, lengthy, confusing document that seeks hundreds of thousands in dollars in supposed damages from the Internet subscriber, who is the “Defendant.” Each Malibu Media Complaint has an “Exhibit A” attached that lists sexually graphic video titles, and Malibu Media alleges the Defendant unlawfully downloaded and watched these sexually graphic videos with lewd titles.
If you are reading this, I am not sure where you work or with whom you live, but in my experience, explaining this to your boss or your partner usually doesn’t go over so well…that is until you and those who need to know understand who "copyright trolls" are and what "copyright trolls" do. This NBC Washington news story may help you and your boss or partner understand what has happened to you.
If you are the unlucky recipient of a letter from your Internet Service Provider (ISP) notifying you that Malibu Media is suing you for copyright infringement of its “soft-core” pornographic videos, there are a couple things you should do. First, sit down and take a deep breath. This is not the end of the world and there are hundreds, thousands even, like you. Second, contact us to discuss your options and best plan of defense or attack. We offer free consultations and can be reached during business hours Monday through Friday, though if you have a difficult schedule, we will find a way to accommodate you.
From what we have seen, the individual Internet subscribers targeted by Malibu Media generally fall into one of the three following categories:
1. No way did this happen: The subscriber is certain he personally did not download Malibu Media’s copyrighted materials and is also certain that no one else in the household did so;
2. Ummm, maybe: The subscriber is certain she personally did not download Malibu Media’s copyrighted materials, but thinks that perhaps someone else in the household may have done so, although no one has admitted to it; and
3. Ahhh, yeah: The subscriber or someone in the household thinks they may have downloaded Malibu Media’s copyrighted materials, but this is easy to do because Malibu Media’s soft-core porn videos are not obviously labeled as copy-righted materials. And guess what? Even if Malibu Media is aware of the infringement going on, they never seem to send a warning notice of the infringement under the Digital Millennium Copyright Act (DMCA). Nope. Instead, they wait to notify the subscriber by way of a Complaint with a larger number of infringements over a longer period of time and no prior DMCA notice to the subscriber. This, of course, drives up Malibu Media’s potential damages.
Though there are similarities among the cases we have seen, no two cases are alike and we approach each case on an individualized basis to offer you the best legal defense. We have substantial experience with these Malibu Media cases, with cyber- and copyright law, and with federal courts in Maryland and the District of Columbia.
Whether you want to fight the “porn troll” or simply settle with Malibu Media to make the issue disappear for personal reasons, you need an experienced attorney who will protect your name and reputation while aggressively defending you. Here at SilverMcKenna, the Internet and Privacy Law Practice Group of Silverman|Thompson|Slutkin|White|LLC, we provide individualized service by tailoring the defensive strategy to your particular needs and financial constraints. You do not have to go through this alone. We are here to help.
For more information or to arrange a consultation, please email Anne T. McKenna at email@example.com or give her a call at 443-909-7496.
The technology questions and options surrounding cybersecurity and data storage in “The Cloud” can overwhelm even the savviest of CEOs. The legal issues, however, are often overlooked. Various federal and state laws govern certain types of data storage in the cloud and dictate what your business is required to do if your website or cloud storage is breached and customer data is lost. Failure to comply with breach notification laws can result in statutory damages of hundreds of thousands if not millions of dollars.
For these reasons, it is well worth the time and minor front end cost to review these laws and your online practices with a qualified attorney, but the brief checklist below provides common sense tools to make your employees, your online business activities and your cyber data practices more secure.
At SilverMcKenna, we recommend you turn to independent cyber-security experts to develop a secure infrastructure for your data and online practices, but we also urge our business clients to take the following SIX PRACTICAL STEPS to protect business data in the cloud, to secure customers’ data and sensitive information, and to make sure employees and management are working together to do so effectively and efficiently while preserving employee and customer privacy.
1. Employee Manual
a. This is a MUST have.
b. The manual should explain, in plain English, your business’s computer and cellular policies and practices, the privacy rights of the employer and the employee for cellular and online activities conducted via work-provided digital equipment, such as cell phones, computers, laptops and iPads, and the requirements for securing and handling client confidential information.
c. If doing business in Maryland, make sure your employee manual does not run afoul of Maryland’s 2012 Social Media Password Legislation
2. Technology Acceptable Use Policies (AUPs)
Every business should draft AUPs that (1) state what is acceptable use of work-provided digital devices; (2) identify what employees are entitled to access what data; (3) identify those authorized/responsible to handle IT and data security; and (4) are reviewed and signed by every employee
3. Website banner notices/terms of agreement
Your website should have a notice about your privacy practices and, depending on the nature of data you collect and business conducted online, you should have a click/wrap style terms of agreement
4. Written Guidelines for data security, data breach and data breach notification for customers
Written guidelines are an opportunity for you to communicate fully with your employees and your customers and clients about how your business handles data, what you do to secure data, what you expect of your employees to do the same, and what you and your employees will do when a data breach of customer or client information is discovered.
a. Talk to your insurance agent: Does your Commercial General Liability (CGL) policy of insurance or other insuring agreements include coverage for business online activities?
b. Have you secured a policy of insurance to provide coverage in the event of a data breach involving sensitive customer data or trade mark protected/copyrighted materials?
6. Contracting with a Cybersecurity Provider
Understand what service you are receiving: Is this a data storage service, a data security service or both?; Who handles breach notification issues?; Who is liable for data breaches? Have a written contract that spells this out.
If you have any questions, please contact Anne T. McKenna at 443-909-7496.
Would you like to be identified by name in a federal court case that alleges you illegally downloaded, watched and shared pornography? Probably not.
Would it affect your job, your career, your reputation? Probably so.
Suing Marylanders by the hundreds, Malibu Media is using strong-arm litigation tactics to intimidate unsuspecting Marylanders to pay money to settle alleged copyright violations they may not have even committed. Malibu Media, LLC, is a California company that produces and/or owns the copyright to adult “soft-porn” movies and video content. Much of this content is available for viewing on the Internet.
Hundreds of Marylanders have received or will receive a letter from their Internet Service Provider (ISP), such as Comcast or Verizon, telling them that they’re being sued for copyright infringement by Malibu Media. Attached to the letter you receive from your ISP is a subpoena that requires the ISP to give Malibu Media your name, address and account information unless you "move to quash" the subpoena by a certain date. Also attached is a Complaint suing the “John Doe” account holder of a certain IP address. That “John Doe” IP address is linked to your Internet account with your ISP. The Complaint alleges that the “John Doe” has downloaded Malibu Media-owned porn films and seeks hundreds of thousands of dollars in damages. Once the ISP turns over the account information and your name, your name ends up on the pleadings as the named defendant.
If this has happened to you or if you’re an attorney and this has happened to your client--Do not panic! You are not alone.
Malibu Media has figured out that most folks are so terrified of their name being revealed as a viewer of pornography that they’re willing to pay Malibu Media thousands of dollars to settle before their name is revealed, regardless of the accuracy or validity of the Complaint’s allegations.
Malibu Media has engaged in these tactics across the country, particularly in California and Illinois. But now Malibu Media has set its sights on forcing settlements out of Marylanders. Malibu Media is making lots of money settling alleged copyright violations with minimal effort. At last check, Malibu Media had sued thousands of individuals using a Complaint that is largely boilerplate. Imagine if 2000 people paid Malibu Media $5,000 each—Malibu Media has made $10,000,000.00 (yes, TEN MILLION DOLLARS).
Because folks often do not understand complex digital copyright laws and the Internet, they think they may have actually broken the law. Or they think maybe their spouse or child did. They’re afraid they can’t afford a lawyer or that their job will be affected if their name is revealed. But, quite often, the case is defensible, and Malibu Media’s initial subpoena to the ISP may be quashed by a Motion. You can "quash" a subpoena by filing (or getting an attorney to file) a motion to quash with Court on the grounds that the subpoena is not proper under the law. If the Court grants the motion to quash, this means that your ISP does not have to comply with the subpoena and it does not have to turn over your name. If you quash the subpoena and if an attorney helps you discover what defenses you have, the odds are that Malibu Media will go away. It does not want to waste its money actually litigating the case. It usually just wants quick, but costly, settlements that you should not have to pay.
Some commentators and reporters call Malibu Media and companies like it "cyber copyright trolls" or "porn trolls." Whatever you want to call it--there's no question that what they're doing is very profitable for them and very terrifying for you.
If you or someone you know has been sued by Malibu Media, you should contact an attorney experienced in cyberlaw and digital copyright. At SilverMcKenna, the Internet and Privacy Law Practice Group at Silverman/Thompson/Slutkin/White LLC, we protect your name and we aggressively defend those sued by Malibu Media, and we do so in ways that are affordable for our clients. We have seen many of these Complaints, and we can and will help you.
Please contact Anne McKenna at 410-385-2225 for more information.
Your Business Has an Online Website—Does this Mean You Are an Internet Content Provider? – The Communications Decency Act and Your Online Website
Section 230 of the Communications Decency Act of 1996, 47 U.S.C.A. § 230, (CDA) provides online businesses a refuge from civil liability that could otherwise arise from content posted to a website, online blog or other social media platform by a third party. Specifically, § 230(c) of the CDA immunizes providers of interactive computer services against liability arising from content created by third parties, stating: “No provider ... of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c).
Many businesses seek shelter under this provision of the CDA for legitimate business purposes, such as a commentary section for product or service reviews, but other businesses exploit this immunity, such as revenge porn sites like yougotposted.com.
It is essential, however, that all businesses that conduct business online or that operate an online website understand that the CDA’s immunity provision is not always a safe harbor. Why? Because the CDA’s grant of immunity applies only if the interactive computer service provider is not also an “information content provider,” (ICP) which is defined as someone who is “responsible, in whole or in part, for the creation or development of” the offending content. 47 U.S.C.A. § 230(f)(3), emphasis added.
Under the CDA’s framework, a website operator can be both a service provider and a content provider: if the website operator passively displays content that is created entirely by third parties, then it is only a service provider with respect to that content. But as to content that it creates itself, or is “responsible, in whole or in part” for creating or developing, the website is also a content provider. Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1167-1168, 36 Media L. Rep. 1545 (9th Cir. 2008).
In the Roommates.com case, the Ninth Circuit found that an online roommate locater website, roommates.com, was an ICP because, although much of the content was supplied by third-parties, the website required subscribers to provide information as a condition of accessing its service, and it provided a set of pre-populated answers. Thus, the Ninth Circuit found that defendant Roommates.com was “much more than a passive transmitter of information provided by others; it [was] the developer, at least in part, of that information.” And the CDA provides immunity only if the interactive computer service does not “creat[e] or develop[ ]” the information “in whole or in part.” As the Ninth Circuit stated, by any reasonable use of the English language, Roommate is “responsible” at least “in part” for each subscriber's profile page, because every such page is a collaborative effort between Roommate and the subscriber.
Like the Ninth Circuit, federal courts in Maryland distinguish an interactive computer service provider or an Internet Service Provider (“ISP”) from an ICP upon the question of passivity. “State-law plaintiffs may hold liable a person who creates or develops unlawful content, but not the interactive computer service provider who merely enables that content to be posted online.” Hare v. Richie, 2012 U.S. Dist. LEXIS 122893 at 41 (D. Md. Aug. 29, 2012) (quoting Nemet Chevrolet v. Consumeraffairs.com, Inc., 591 F.3d 250, 254 (4th Cir. 2009)) (emphasis added). In general, courts consider “the ‘prototypical service qualifying for this statutory immunity” under the CDA to be something like “an online messaging board...on which Internet subscribers post comments and respond to comments posted by others.’” Id. at 43 (quoting FTC v. Accusearch, Inc., 570 F.3d 1187, 1195 (10th Cir. 2009)).
How can you determine if your business may face exposure as an ICP? You must consider the following questions:
• What is the level of collaboration and interactivity between your online business activities and the content posted by your users;
• Is your business a ‘prototypical’ ISP, such as an Internet message board;
• Does your business participate in the development of Internet content;
• Do you manage user activities online;
• Do you review and consult on content posted; and
• Do you generate profit from the content posted?
If the answer to any of the questions is yes, your business should consider how to minimize exposure. Cyber risk suits and other Internet-based litigation arising from defamation, business loss, IP claims, and other causes of action have exploded in the last few years. Any business operating online should seek the advice of an expert to protect the business and its customers and to prevent such suits before they happen. Clear, well-posted online use policies are a good start, but federal and state laws on cyber-risks and exposure for online actvities are complex and vary from jurisdiction to jurisdiction.
Your Employees and Social Media – Can You Read Their Online Activity? Worse, Could You Be Liable for It? Why Your Business Needs a Social Media Policy for Employees
Depending on the nature of your business, your employees may routinely handle or have access to information that is subject to privacy protection or financial/securities regulations under various federal and state laws. Improper handling or disclosure of statutorily-protected or otherwise private information could potentially result in (1) statutory and privacy violations and (2) civil liability exposure for your business generally and for your employees individually.
Even businesses that do not handle sensitive information must consider the impact of employees’ use of social media – posts can go viral within seconds. And once content is posted on the Internet, it is very challenging, if not impossible, to remove. For these reasons, it is essential that every employee be aware of and educated about these potential legal risks when posting content on social media sites—even when they do so on their own time.
Thoughtless or unthinking social media mistakes can create ethical dilemmas and embarrass both a business and its employees. And consider the potential legal claims that may arise from employee social media misuse:
• invasion of privacy
• violations of HIPPA
• violation of consumer protection laws
• infringement of intellectual property
• antitrust violations
• disclosure of trade secrets
To prevent these potential harms and avoid hundreds of thousands of dollars in legal fees, all businesses should adopt and institute an employee social media policy to protect the business, its customers, and its employees. A clear, concise, employee-signed social media policy can strongly help to protect against social media-related cyber-risks and can do so without violating an employee’s right to free speech.
What should a workplace social media policy address? It should cover the following:
1. Social media use in the workplace –is it permitted during business hours?
2. The company’s rules to maintain the privacy of customers, employees, and the privacy of others – Employees should always refrain from sharing personal information (including photographs) of co-workers unless they have express written consent to do so; and employees should never comment on social media about any customer.
3. The employee’s responsibility to be truthful in social media activity.
4. Make it clear who is posting the content – employees should never hold themselves out as representatives of the company unless they do so with explicit company permission.
5. Violations of obscenity and child pornography laws – A business should always reserve the right to terminate immediately any employee that uses social media or the Internet at any place and at any time in such a manner that violates any federal or state law concerning obscenity or child pornography.
6. Violation of copyright and trademark laws – This conduct is illegal and unacceptable.
7. Liability for misuse of social media – the business should make it clear that it is not liable for any misuse of social media by its employees.
8. Disclosure of proprietary and confidential information – it should never be disclosed on a social media platform.
9. Respect others – whether or not an employee is speaking on behalf of the business, he or she may still be seen as a representative to the general public and should act accordingly.
10. Employee acknowledgment, notice and consent – every employee should read, fully understand and acknowledge in writing that he or she is aware of and consents to the terms of the workplace Social Media Policy.
11. A business should reserve the right to view employees’ publically posted social media activities in which the employee maintains no reasonable expectation of privacy under the laws of the state in which the business operates. Because state laws vary, however, businesses should seek legal counsel to determine their right to do so.
12. Consequences for misuse of social media -- Set forth what those consequences are.
The Cyber Intelligence Sharing and Protection Act of 2013 (CISPA) -- Problematic Privacy Legislation?
Very soon, the federal government could know what you bought for dinner last night, or whether you and your wife are having a nasty email fight about something very personal—and they could know this all because of CISPA—The Cyber Intelligence Sharing and Protection Act of 2013. If you’re using gmail, Google might already know this information, but our Constitution has traditionally protected us from the federal government getting its hand on such intimate, personal information without a warrant or court oversight.
CISPA is a bill that will be voted upon very soon in the U.S. House of Representatives; it allows for voluntary information sharing between private companies and the federal government. The bill’s language and provisions continue to be amended and shaped in closed-door, secret meetings by the U.S. House Intelligence Committee. In principal, the bill is supposed to prevent cyber-attacks. But it does this through sweeping, unprecedented information sharing provisions that allow and in fact encourage private companies, like Facebook and Google, to turn over every intimate detail they’ve collected about you from your online activities, your emails, your texts, your shopping habits, your web-browsing activities, etc., to the US government.
Proponents of the bill argue that it will protect the US from cyber-attack because it allows companies to receive information from the government and turn information over to the government. This sharing of information, they say, will help prevent or at least curb the hacking epidemic.
But the Center for Democracy and Technology points out that CISPA actually allows hacking, because it allows companies to look for cyber threats—not just on their own computers—but on other companies’ computer systems as well.
Another very concerning part of CISPA is that the companies that do hand over consumers’ private information to the government get immunity from legal liability for handing that data over to the government. This means that the government is giving companies an incentive to hand over your data, i.e., immunity from civil and criminal liability, and at the same time circumventing our common law and constitutional privacy protections—such the Fourth Amendment—from the government collecting information on us without a warrant.
What can you do to protect your privacy?
You should contact your United States Congressman, and let his or her office know your thoughts on CISPA.
Sure, we’ve all heard that mobile software applications collect more personal data from our smart phones than they need to or should; and the mobile apps’ privacy policies are such a byzantine morass, none of us read them anyway. But the news that the most popular children’s mobile software apps are surreptitiously collecting and then selling to dozens, even hundreds, of marketers and third parties exactly where our children are at all times, what their mobile phone numbers are, and where exactly they go and what they do online, and that this all being done without notice to parent or child…well that creeps out even the most jaded adult.
Yesterday, December 10, 2012, the Federal Trade Commission released a detailed Report replete with research and data that demonstrates the most popular mobile software apps designed for, marketed to, and used by our children are doing all of this, and in so doing, may be running afoul of numerous federal and state consumer protection/deceptive advertising and privacy laws.
The 12/10/12 Report is a follow-up to a February 2012 FTC report wherein the FTC surmised that there may be significant privacy issues with mobile apps designed for and targeted to children. After releasing the February 2012 report, the FTC did its homework: it investigated 400 popular children’s mobile software apps; it reviewed the apps’ stated privacy policies; and it tested the apps’ actual data collection and tracking practices. What it found is troubling, to say the least.
New Jersey Appellate Court Upholds Firing of Teacher for Facebook Post Labeling her First Graders “Future Criminals”What Does this Mean for Maryland Teachers and Schools?
Jennifer O’Brien, a tenured New Jersey public school elementary teacher with 13 years of teaching experience and a master’s degree in education, was teaching a class of 23-first grade students (all of whom were minorities and mostly six-years old), when she posted on her own, private Facebook page these comments about her job to her 300+ Facebook friends and their friends of friends, “I’m not a teacher—I’m a warden for future criminals!” O’Brien didn’t stop there; she later posted to Facebook, “They had a scared straight program in school—why couldn’t [I] bring [first] graders?”
When NJ school officials came across the Facebook post and confronted O’Brien, she said she didn’t intend her comments to be offensive or racist statements, but otherwise she essentially was unrepentant. Parents were deeply concerned and angered by O’Brien’s Facebook posts; protests formed outside of the school attended by dozens; and parents demanded their children be removed from O’Brien’s classroom. O’Brien was dismissed from her position; her dismissal was affirmed by an Administrative Law Judge (ALJ); and ultimately, O’Brien appealed to a NJ state appellate court. O’Brien argued that her dismissal constituted a violation of her First Amendment rights of free speech because (1) her comments addressed a matter of legitimate public concern, i.e., school discipline, and (2) because her comments were made on her private Facebook page, they were protected speech.