License Plate Numbers: a valuable data-point in big-data retention

What can you get from a license plate number?

At first glance, a person’s license plate number may not be considered that valuable a piece of information. When tied to a formal Motor Vehicle Administration (MVA) request it can yield the owner’s name, address, type of vehicle, vehicle identification number, and any lienholders associated with the vehicle. While this does reveal some sensitive information, such as a likely home address, there are generally easier ways to go about gathering that information. Furthermore, states have made efforts to protect such data, revealing owner information only to law enforcement officials or certified private investigators. The increasing use of Automated License Plate Readers (ALPRs), however, is proving to reveal a treasure trove of historical location information that is being used by law enforcement and private companies alike. Also, unlike historical MVA data, policies and regulations surrounding ALPRs are in their infancy and provide much lesser safeguards for protecting personal information.

ALPR – what is it?

Consisting of either a stationary or mobile-mounted camera, ALPRs use pattern recognition software to scan up to 1,800 license plates per minute, recording the time, date and location a particular car was encountered. Continue reading

Website Policies and Terms: What You Lose if You Don’t Read Them

When was the last time you actually read the privacy policy or terms of use of your go-to social media website or you favorite app? If you’re a diligent internet user (like me), it might take you an average of 10 minutes to skim a privacy policy before clicking “ok” or “I agree.” But after you click “ok,” have you properly consented to all the ways in which your information may be used?

As consumers become more aware of how companies profit from the use of their personal information, the way a company discloses its data collection methods and obtains consent from its users becomes more important, both to the company and to users.  Some critics even advocate voluntarily paying social media sites like Facebook in exchange for more control over how their personal information is used. In other examples, courts have scrutinized whether websites can protect themselves against claims that they misused users’ information, simply because they presented a privacy policy or terms of service to a consumer, and the user clicked “ok.”

The concept of “clickable consent” has gained more attention because of the cross-promotional nature of many leading websites and mobile apps.  Continue reading

PII at the Center of RadioShack Bankruptcy Auction and Mediation

A recent New York Times article highlights the disconnect between a company’s privacy policy and the disclosure of user data when the company is sold. According to the Times, while a company, like Hulu, declares that it “respects your privacy”, should the company go up for sale, user names, birth dates, email addresses and unique subscriber information can be made available to the highest bidder. Often it is this very information that can be of most value to a struggling or defunct company. This very issue played out recently with the bankruptcy of RadioShack, the electronics retail store founded in 1921, and the recent sale of its brand.

The now-bankrupt RadioShack reached a mediated agreement with U.S. states on May 14th over the sale of customer data, which barred the transfer of personal customer information; limited the number of emails to be included in the sale; and provided opt-out mechanisms to customers prior to transfer.

New York-based Standard General purchased 1,750 RadioShack stores and trademark and intellectual property, out of bankruptcy. The sale included personal customer information provided by customers to RadioShack over many years, including email addresses, postal addresses and phone numbers. Continue reading

.SUCKS: Extortion or Free Speech?

Domain names are an essential part of modern commerce and convey important information about the website’s affiliation and legitimacy. Consumers may briefly glance at the .com or .edu at the end of the page they land on to make sure they’re on the right site, but soon they may see an unfamiliar suffix next to their favorite brand’s page – .sucks.

In 2014, the Internet Corporation of Assigned Names and Numbers (ICANN), a California-based nonprofit that manages and coordinates domain names, agreed to allow Vox Populi, a Canadian domain name registrar, to operate the registry for the new “.sucks” top-level domain (TLD). Continue reading

Targeted Election Ads: New Frontier in Political Advertising

The next U.S. President won’t be sworn in for almost two years, but the jostling and positioning among likely candidates has already begun. When candidates consider how to reach potential voters, an increasingly sophisticated weapon in their arsenal will be targeted advertising to reach voters in-between commercial breaks of their favorite TV shows. These “addressable ads” allow advertisers – in this case political campaigns – to pay content providers, such as satellite networks, to reach specific homes. Addressable ads present a sharp departure from previous eras of political advertising that used a “shotgun approach” to appeal to as many potential voters as possible, regardless of demographics, previous political affiliation, or likelihood of voting.

Satellite television providers DirecTV and DISH Network have already embraced this technology by selling data about subscribers’ individual viewing habits to campaigns. Subscriber data are initially anonymized, but with addresses intact, and then matched to the addresses on voter-registration and canvassing databases. According to a USA Today report, once the targeted households are selected, the satellite provider sends the addressable ads to the home’s digital video recorder (DVR), and the ad airs in the next available commercial slot as part of whatever programming the customer is watching. After the ad plays, the remainder of the user’s TV show continues unaffected until the next ad slot opens. Continue reading

Free Legal Documents!! (Sure, Why Not?)

Why would lawyers give away legal documents for free? Or better yet, why wouldn’t they do it? Daniel Doktori offered some good answers to these questions when he wrote recently in TechCrunch about Big Law’s answer to the Open Data movement.

But what’s most remarkable about the big lawyer giveaway – get there early, get your legal docs, we’re opening this year at 6pm on Thanksgiving Night! – may be how unremarkable it really is.

Doktori writes of law firms’ “mimic[ing] their small clients’ ‘freemium’ business development model”, suggesting that giving away free stuff is simply a way to get clients in the door where they (hopefully) will become paying clients. Perhaps. But it seems unlikely that a cash-strapped startup will hire a $700 per hour firm of attorneys simply because that firm gave away a generic founders’ subscription agreement. And with so many law firms offering the exact same documents – Doktori cites his own firm’s service as well and those of Cooley LLP and Orrick, Herrington & Sutcliffe LLP – there’s not much here to really differentiate the value of these documents in the first place. Not to mention the various non-law firm startups getting into the same game, including Founders’ Workbench (mentioned by Doktori) and low-cost services from Rocket Lawyer and others. Continue reading

Real World Implications of Cyber Warfare

Introduction

Amid all of the publicity and media attention of the December cyberattack on Sony Pictures Entertainment, a cyber-intrusion on a German steel mill received comparably scant notice. Unlike the Sony hack, however, it highlighted an important and disturbing trend in cyber warfare. Detailed in a German government report released in December, the hacking of the German steel mill signified the second confirmed instance in which a wholly digital attack resulted in the physical destruction of equipment. By initially gaining access to the plant’s business network, the intruders were able to successfully make their way to the production network and access the controls of the plant’s equipment. They were able to control the system to such a degree that a blast furnace could not be properly shut down, resulting in “massive” damage.

According to Wired’s coverage of the incident, much information about the attack is not detailed in the report, including the name of the steel mill, exactly when it happened, and how long the hackers were in the network before the destruction occurred. The report does relay that the hackers apparently had advanced knowledge, not only of conventional IT security, but of the applied industrial controls and the mill’s production processes.

The incident highlights what is possible with the increasingly prevalent networked nature of physical real-world systems, from critical infrastructure networks like electric grids and water treatment systems, to simple and increasingly networked household and personal items in the growing Internet-of-Things (IoT). Continue reading

Legal Threats Don’t Stop Growth of Textbook Pricing Application

OccupyTheBookstore, a Chrome browser add-on from Texts.com, has become the subject of legal threats from Follett Higher Education Group, one of the largest college textbook retailers in the U.S.  Textbook price comparison tools are not new, with websites like Chegg and SlugBooks, compiling textbook prices from retailers, university bookstores, and online retailers on their own websites.  What makes OccupyTheBookstore unique is that it is provided directly to the user as a downloadable plug-in and works immediately on top of a user’s browser to show cheaper options for print and digital rentals while the user browses a bookstore’s website.

The fact that the user is given the option to employ an immediate filter on top of Follett-affiliated websites rankled the company and prompted it to threaten Texts.com with legal action.  According to an email from Follett to Texts.com’s founders obtained by the Wall Street Journal, the add-on “effectively chang[es] the presentation of the information on the screen.”  Texts.com has not backed down.  In an interview with Red and Black, University of Georgia’s student newspaper, Texts.com says that it “determined that we are totally within our rights to manipulate information in the client’s browser. As it’s opt-in and doesn’t touch the bookstore servers at all….” Continue reading

A Simple Takeaway from the Recent Sony Hack

The hack of Sony Pictures Entertainment placed Sony Entertainment Pictures in the spotlight for the last two months of 2015, highlighting the company’s lax security protocols and placing international focus on the recently released James Franco/Seth Rogan comedy “The Interview”. For the uninitiated, a group calling themselves the “Guardians of Peace” (with the unfortunate acronym “GOP”) hacked into the Sony’s computer systems, gaining unauthorized access to a treasure trove of sensitive data, including: social security numbers of over 47,000 celebrities, freelancers, and Sony employees; several unreleased movie titles that were later released to file-sharing websites; and corporate files including email correspondence, film budgets and passport/visa information for movie casts and crew. The data breach appeared to be supported by North Korea, which denied responsibility. While the United States National Security Agency directly blamed North Korea for the attack, other industry insiders claim North Korea had nothing to do with the attack. Continue reading

Fertilizer by Any Other Name: District Court Denies Trademark Protection for Generic Term

Trademark law is designed to protect consumers from confusion as to the sources of products or services.  Strong trademarks are those that are distinctive – that is, they are capable of identifying the source of a particular good.  At the other end of the trademark spectrum are generic marks.  These marks are incapable of functioning as trademarks because they have come to be identified by the relevant purchasing public as common names for the goods or services with which they are associated.  A finding that a mark has become or is generic means that it has lost (or has never had) the ability to identify the source of a product or service, and thus cannot function as a trademark.  For this reason, a finding that a potential mark is “generic” presents a serious problem to a trademark application because it means that a mark has become synonymous in the public’s mind with a particular product or service as opposed to its source.

Dr. Earth, a California organic gardening company, learned this lesson after a lengthy legal battle in which its trademark application for PROBIOTIC was ultimately denied by the U.S. District Court for the Eastern District of Virginia.  Dr. Earth sought to register the word PROBIOTIC for fertilizers.  The U.S. Patent and Trademark Office (PTO) Examiner initially refused registration, stating that the term was generic in connection with fertilizer, and that at most, the term was merely descriptive and had not acquired a secondary meaning.  Merely descriptive marks are similar to generic marks and are considered “weak” marks because they simply convey information about a function, characteristic, or purpose of the goods or services.  As Jeffrey Davidson states in his IP Registration and Enforcement blog, “[d]escriptive terms by their very nature apply to all goods of a particular type, and therefore do not identify any single source.”  Nonetheless, merely descriptive marks can become distinctive of a source by achieving “secondary meaning.”  Daniel A. Tysver, of the comprehensive Bitlaw Legal Resource, notes that if evidence such as long term use or large amounts of advertising and publicity can show that a mark has achieved this “‘second meaning’” (the first meaning being the generally understood meaning of the term or phrase), a protectable trademark is developed.” Continue reading