LinkedIn, Facebook and Zynga in the courts, Congress considers a cyber-security bill.
|0 Comments
Court and legislative activity of interest to the legal technology community:
CALIFORNIA
• Fraud—LinkedIn: Spambots have infiltrated LinkedIn, and the professional networking site is fighting back.The Mountain View, Calif.–based company filed suit in the Northern District of California on Jan. 6, alleging that unknown intruders used automated software programs to create thousands of fake LinkedIn accounts and scrape data from legitimate user profile pages. The company, which believes the abuse began in May 2013, has nearly 260 million members. In a 16-page complaint filed by Munger Tolles & Olson, LinkedIn says those involved not only breached the company's user agreement, but also violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, and California's Comprehensive Computer Access and Fraud Act.
LinkedIn contends that the defendants are using information scraped from its site to compete with the company's Recruiter product, a fee-generating premium service that allows headhunters to locate and recruit candidates. The company says it employed numerous defenses against fraud that the intruders managed to circumvent, and launched an investigation after observing thousands of seemingly fake accounts rapidly viewing numerous profiles.
Its probe showed that the defendants operated through a cloud platform offered by Amazon Web Services, which allows users to rent virtual computers to run programs. Amazon was not targeted in the suit, but LinkedIn says it will serve the company with a subpoena in order to identify those behind the spambot program. The suit, which asks for expedited discovery to identify those responsible, seeks an injunction against the defendants as well as damages and attorney fees.
LinkedIn also turned to Roth to defend the company in a Northern District privacy class action, in which the company is accused of misappropriating user identities and contact lists for marketing purposes. —Chelsea Allison, The Recorder. Full story here.
• Privacy—Facebook & Zynga: Two privacy class actions with the potential for millions in statutory damages against Facebook and Zynga sounded destined to fail Friday at the U.S. Court of Appeals for the Ninth Circuit. But Facebook may not be completely off the hook, because a three-judge panel sounded willing to entertain breach-of-contract and other state law claims against the social network for revealing user IDs to third parties.
Facebook attorney Aaron Panner of Kellogg, Huber, Hansen, Todd, Evans & Figel argued that disclosure of mere ID numbers didn't cause any appreciable damage under California law, but Judge Richard Tallman didn't sound convinced. "We're here on basically a pleadings appeal," he said, "so we don't have any discovery about how valuable is this information." The Ninth Circuit may have to certify the state law issues to the California Supreme Court, he added.
How much those claims would be worth is unclear, though plaintiff attorney Kassra Nassiri argued the user IDs lead to "a goldmine of information" on which Facebook's entire business model is predicated.
Robertson v. Facebook, 12-15619, and Graf v. Zynga, 11-18044 were filed in 2010 shortly after The Wall Street Journal revealed that Facebook user IDs were being transferred to advertisers via HTTP referers when users clicked on advertisements appearing on Facebook or apps like Zynga. U.S. District Judge James Ware of the Northern District of California dismissed both cases in 2011. Earlier this month, the Ninth Circuit panel, comprised of Tallman, Sandra Ikuta and Arthur Alarcon, consolidated arguments in the two cases. Tallman and Ikuta are known as two of the court's more conservative judges. —Scott Graham, The Recorder. Full story here
• Privacy—Car Tag Scanners: The next privacy battle in the Legislature is brewing—over license plates. Two lawmakers have introduced bills this month to regulate what car tag scanners can do with the information they collect. Assembly Bill 1442 by Mike Gatto, D-Silver Lake, focuses on law enforcement's surveillance of license plates. Sen. Jerry Hill, D-San Mateo, would bar the sale of data that parking enforcers, repossession companies and others collect using by automatic license plate readers. Automatic license plate reader technology is a "useful tool for law enforcement," Hill said about his SB 893. "But use of this technology must be balanced with personal privacy."
The issue of amassing license plate data, including vehicle location and times, gained traction over the past year with the release of a report by the American Civil Liberties Union of widespread use but little oversight of the practice. The two bills should offer a legislative test for law enforcement, which has typically won most fights with civil rights groups over privacy bills.While a battle over license plate scanning heats up, another legislative privacy skirmish has ended. Assemblyman Ed Chau, D-Monterey Park, has withdrawn a bill that would have forced websites and apps to drop the words "Privacy Policy" and to replace them with "Using Your Information."
With tech groups lobbying hard against his Assembly Bill 242, Chau could not secure enough votes in the typically consumer-friendly Assembly Judiciary Committee and did not even submit the legislation for a vote. A Chau spokesman said he had no plans to revive the bill this year. — Cheryl Miller, The Recorder. Story here.
GEORGIA
• E-Discovery: Opposing sides are closer to a consensus on proposed state legislation regulating e-discovery that will be taken up by the House Judiciary Committee this month, but sticking points remain, particularly on sanctions for spoliation of electronic documents. A group of judges, trial lawyers and defense attorneys called together by House Judiciary Committee Chair Wendell Willard, R-Sandy Springs, met twice last fall to hash out a bill filed late in the 2013 session. The bill sprung from recommendations made last year by a State Bar of Georgia task force on e-discovery. Willard said he expects to file an amended version of House Bill 643 soon after the new session begins on Jan. 13.
"I listened to everyone's concerns, and we'll try to address them the best we can," said Willard, the city attorney for Sandy Springs. Willard said he believes the only major area of discord that will come up during committee hearings revolves around a safe harbor provision that defines what actions constitute bad faith or willful misconduct when it comes to preserving discoverable electronic records.
"I think it would be wise to hold up and have more hearings in committee," he said, adding that he's inclined to wait for the courts to address e-discovery spoliation by making case law rather than codifying specific standards.
Some stakeholders, particularly defense lawyers, are eager for more precise law, said Rocco Testani, a partner at Sutherland Asbill & Brennan who sits on both the state bar's task force and Willard's ad hoc group. Testani said federal case law on the issue has been fairly inconsistent. He also noted that the standards set forth in the proposed legislation are modeled after federal advisory committee recommendations."I think it's better to get out in front," he said. "If we're going to make these changes in Georgia law, we ought to be thinking about what are the current and best practices."
Georgia Trial Lawyers Association's chief lobbyist Bill Clark likened legislating specific standards to mandatory minimum criminal sentences. They were hailed until lawmakers and lawyers realized they weren't working as intended and were overly restrictive in many cases.
Georgia is one of fewer than a dozen states with no regulations on e-discovery. —Kathleen Baydala Joyner, Daily Report. Full story here.
WASHINGTON, D.C.
• Cybersecurity—Data Breaches: U.S. Senators Tom Carper (D-Del.) and Roy Blunt (R-Mo.) are taking aim at retailers with new legislation intended to improve safeguards for consumer information, following recent revelations about data breaches at Target Corp. and Neiman Marcus Group Ltd. The Data Security Act [PDF], which the bipartisan duo introduced Wednesday, would require companies that accept credit or debit card payments to have policies and procedures in place to protect consumer data from hackers and act on breaches when they occur. Under the bill, businesses would have to investigate breaches and work to secure the data targeted by hackers. Companies also would have to tell their customers and federal authorities about any breaches. And if a breach involves at least 5,000 customers, businesses must notify credit-reporting agencies, too.—Andrew Ramonas, Corporate Counsel. Full story here.
Read more: http://www.lawtechnologynews.com/id=1202639206111/Tech-Docket-Watch%3A-Privacy-Suits-in-California-and-Georgia-E-Discovery#ixzz2rXtvAOAR
Jason Atchley
No comments:
Post a Comment