Kudos to the New Jersey Supreme Court.  Last week, the court ruled that ISPs can’t release personal information about their New Jersey users without a valid subpoena.  The court, in a unanimous 7-0 ruling, found that the New Jersey Constitution gives its residents greater protection against unreasonable searches than the U.S. Constitution does.  In the case before the court, the court ruled that the police were required to first obtain a grand jury subpoena before learning a woman’s identity from an ISP.  Her ISP apparently released this information at the request of the police. 

This is an important decision.  First, the New Jersey Supreme Court is one of the more highly regarded state courts in the United States.  Other state courts wrestling with these types of issues will undoubtedly look to see how the New Jersey court decided this case.  Second, it illustrates the continued rise of “state constitutionalism.”  People typically don’t realize that the federal constitution sets a “floor” on a person’s constitutional rights, not a “ceiling.”  In other words, a state court can’t rule that its state’s constitution gives less protection than the federal one does, but can find that the state constitution gives more—at least to its own residents.

Given the perception that the U.S. Supreme Court is less friendly (and somewhat hostile) to privacy rights—especially when it comes to the rights of law enforcement to obtain personal data in these post-9/11 times—combined with the continued paralysis in Congress over individual privacy rights, a ruling from a state’s highest court on issues such as this serves as an implicit rebuke at the lack of leadership at the federal level.  While it’s only one state so far that has now recognized a reasonable expectation of privacy for internet users, it’s got to start somewhere.  Let’s hope other states follow suit.  

France once again reminds us how fortunate we are to live in a truly free country, where freedom of speech is often taken for granted.  Apparently, France is in the process of trying to pass a law to ban what it deems to be “pro-anorexia” websites and publications.  The new law would impose jail sentences of 2 to 3 years and impose fines of 30,000 euros ($47,400) to 45,000 euros ($71,100) on anyone who violates the law.  The legal standard is dubious (if not laughable):  ”Incitement to excessive thinness by publicising of any kind.”

According to the French health ministry, 90% of the country’s estimated 30,000 to 40,000 anorexics are young women, who are supposedly under constant pressure from the fashion, advertising, and movie industries to attain unhealthy weight levels.  No one will deny that encouraging young, impressionable girls to starve themselves, vomit, lie to doctors, and take appetite suppressants are bad things.  But the idea of trying to ban and fine websites—and jail the site operators—is a draconian cure that’s worse than the disease. 

And talk about a slippery slope.  What’s next?  How about sites that encourage excessive weight gain? Or consumption of fried foods?  Or excessive exercise (surely that’s killed quite a few people)?  And how does one even define “excessive thinness” anyway, let alone “incitement”?  The French ban doesn’t have quite the same urgency to it as the “incitement to imminent lawless action” standard articulated by the Supreme Court in Brandenburg v. Ohio to ban certain speech in extraordinary situations.  While encouraging anorexia is appalling, it certainly doesn’t rise to the level of mandating censorship.  The French government may be asking the right questions, but it’s getting the wrong answers. 

Of course such a law could never be passed in America.  Or rather, it could never go into effect.  It would be struck down by the courts so quickly on content discrimination, overbreadth, and/or vagueness grounds that the ink wouldn’t have time to dry.  Our democracy subscribes to the “marketplace of ideas” concept which provides that a free exchange of ideas will allow for the creation of the best policies and practices.  Quite simply, the cure for bad speech is good speech—or at least, more speech.  (While our government can curtail advertising for things such as smoking and alcohol, “commercial speech” is subject to some restriction and regulation.)

This isn’t the first time that France has demonstrated its tendency towards censorship.  In November of 2000, a French court ordered Yahoo! to stop selling Nazi memorabilia to French internet shoppers on auction sites due to France’s law that banned incitement of racial hatred.  (The French do like that “incitement” standard, don’t they?) Of course, this is the same country that passed a law banning the use of foreign words on television shows, radio broadcasts, business communications, and public service announcements if the French language had a “suitable local equivalent” which could be used instead.  What chutzpah!  What cojones!  Oh well, c’est la vie . . . .

Talk about a slow news day.  A recent article in USA Today discusses the so-called “fine print” in ISP contracts and then concludes that it doesn’t really matter anyway.  This non-story highlights the fact that ISP contracts, which their company lawyers draft, give ISPs rights to read their subscribers’ e-mail, block their subscribers from accessing certain websites, and can terminate their subscribers for overusage of their networks.  The horror.  Imagine that?  A business that protects itself.  The shareholders will be outraged.

As an attorney who drafts these contracts, this article is much ado about nothing.  Yes, ISPs put all sorts of language into these agreements to make sure that their services are not abused by users.  But simply because an ISP has the right to read a user’s e-mail or block a user from accessing certain sites doesn’t mean that it will actually do so.  The article makes it sound inevitable.

An ISP, like every other business in America, is keenly aware of the public relations disaster that would result if it was disclosed that they routinely read their users’ e-mails, blocked access to websites, or simply terminated their users accounts due to overusage, without good cause.  They would quickly and perhaps permanently lose users as the media and blogosphere savaged them.  And as they know all too well, everything in cyberspace lives on indefinitely. 

But think of the public relations disaster that would result if it was disclosed that an ISP was aware or suspected that a user was engaging in wide scale spamming, copyright infringement, or the downloading of child pornography.  Or that certain users were hogging bandwidth to the point that other subscribers’ service was affected, while the ISP took a laissez-faire attitude?  It’s not exactly a model of corporate responsibility in these post-Sarbanes Oxley times.  The blogosphere would again be buzzing, albeit for different reasons.  You’re damned if you do, and damned if you don’t.

Furthermore, some of these clauses are economic necessities.  The RIAA has begun targeting ISPs whose users engage in massive and sustained downloading of copyrighted music through their networks.  If an ISP suspects that a user is downloading copyrighted material and does nothing, it can be held liable for contributory copyright infringement in certain instances.  But by terminating the offending user’s account, it may insulate itself from liability.  The “fine print” of the contract allows an ISP to do so.

Is an ISP contract really that different from signing a lease with a landlord?  A landlord has the right to access your apartment with or without notice and can potentially invade your privacy.  A landlord puts certain restrictions as to how its property can be used and how many people can live in it.  And a landlord can evict you under the right circumstances.  While internet access is certainly important nowadays, so is having a place to live.  Yet many tenants have rules not unlike what their ISPs impose, but don’t assume that their landlords will exercise them indiscriminately.

So the contractual provisions such as those described in the article are not necessarily a bad thing.  It all depends upon the circumstances.  If an ISP does include a provision that a court finds to be unfair or onerous, it can be struck from the contract (to say nothing of the scrutiny the ISP would get from that state’s attorney general).  So it’s not as if an ISP can do anything it wants.  While it may sound like this is a case of “ISPs gone wild,” the simple fact is that—for the moment at least—this was an article in search of a story.  But when an ISP does overreach or overreact, I’m sure we’ll hear about it somehow.

     A Pennsylvania couple recently added their names to the long list of people who have sued Google.  Aaron and Christine Boring, who own a home in Pittsburgh, have filed suit against Google after learning that their house appears on Google’s controversial “Street View” feature, which allows its users to see an actual street-level view of a particular road, including all of the homes, apartments, people, and anything else that appears on it.  The Borings claim that Google violated their privacy, devalued their property, and caused them mental distress.

      This isn’t the first time that the Street View feature has raised privacy concerns, both here or abroad, when it made its debut last year.  Still, the Borings’ suit illustrates the shape of things to come with respect to the growing conflict between privacy rights and First Amendment rights.  Expect more lawsuits like this, especially as sites like Google continually roll out more and more features to provide detailed and information-rich experiences for their users.

     By and large, there’s no expectation of privacy on a public street, so Google hasn’t broken any laws.  Anybody and their property can be photographed on a public street at any time.  And the company does provide a means by which people can submit a request that certain images be removed.  Nevertheless, it’s still a bit creepy and just because a company has the right to do something doesn’t mean that it should do it.  Unless you’re Google—who has piles and piles of money.

      Of course, the problem with suing the 800 pound gorilla is that the gorilla has the resources to fight back.  And Google isn’t exactly known for rolling over and writing large checks to make litigants go away.  But despite Google’s claim that there’s no merit to the lawsuit—a common response from the company—the Borings’ case may have some teeth to it.  It appears that Google may have trespassed onto the Borings’ property in order to take the picture.  If so, then Google may indeed be in the wrong. 

    Damages, however, are another matter.  Assuming that the Borings’ privacy was violated, it’s hard to see how a picture of their home—which has apparently since been removed by Google—has either devalued their property or caused them mental suffering (which usually has to be severe in order to be compensable).  So if there are damages here, they seem somewhat nominal in nature.  But as any trial attorney knows, when you have either a sympathetic plaintiff or,  as in this case, an unsympathetic defendant (or both),  and a potentially unpredictable jury which may have the ability to award punitive damages, discretion on Google’s part may indeed be the better part of valor.  So perhaps the case will go away quietly.  Until the next one pops up.

     Although it should hardly be considered to be news anymore, an appellate court in New York has ruled that a series of e-mails constituted “signed writings” within the meaning on New York’s Statute of Frauds.  Consequently, they could be used to modify an employment agreement which provided that all modifications had to be signed by the parties.

     The court found that when each party typed his name at the end of his respective e-mail prior to sending it, this signified each party’s “intent to authenticate” the e-mail’s contents.  Thus, the e-mails fell within the scope of the modification provision of the employment agreement, and the contract was deemed to have been modified in accordance with the e-mail’s contents.

      There’s nothing remarkable about this ruling.  It relates back to the standard caveat nowadays that parties need to be careful about what they put in their e-mails, as they can obviously impact legal rights.  In this instance, if the parties didn’t want the e-mails to be considered writings, they should have had an express provision in the employment agreement which excluded e-mails from modifying the contract.  

     In fact, provisions such as these are becoming increasingly common as more and more people communicate via e-mail.  It depends, however, upon the client.  I have several technology clients who prefer e-mails and pdfs to actual paper when communicating with just about everyone, including their customers, prospects, employees, contractors, and attorneys.  While this may be easier and more efficient, it’s also easy—given the daily deluge of e-mails—to delete or overlook them (especially if they get caught in spam filters).  Thus, for those of you who prefer to communciate this way, just be aware of the potential ramifications.

     After my post about privacy yesterday, it’s nice to know that there are entrepreneurs out there who seek to make sure that our government—which generally has little problem with how private industry treats and shares our personal information—is as transparent as possible when it comes to its own information.  According to a story in the Washington Post, congressional staffers are outraged by a website, LegiStorm, which posts public information about the financial affairs of senior congressional staffers.       

     Under federal law, congressional staff members who earn more than $110,000 per year are required to file disclosure forms which list, among other things, their detailed financial holdings.  Why shouldn’t such staffers be subject to almost as much scrutiny as their bosses?  If they have the ear of some of the most powerful politicians in the world and serve as their handlers and gatekeepers, it only seems fair that the voters know if their financial interests may perhaps be influencing how their bosses vote on certain issues.  (Like issues involving privacy, for example.)  We sometimes forget that behind any politician is a group of people who write these influential laws.     

     And therein lies the irony:  Congress wrote these disclosure laws to help prevent public corruption and instill a sense of confidence in our public officials.  All staffers are obviously aware of them when they took their jobs.  So disclosure doesn’t seem to be the issue—it is the law, after all—but the dissemination that’s problematic.  Oh well, welcome to the internet age.  If congressional staffers really live in that much of a bubble where they think that they’re somehow exempt from close scrutiny in these politically polarizing times, then perhaps they’re as out of touch as some of the people they advise.         

     But the staffers have some legitimate concerns as well.  Some of the documents, which have since been redacted by the site, reportedly contained social security and bank account numbers.  Given the prevalence and ease of identity theft, this information obviously has to be removed prior to posting.  And if there is an instance of identity theft that can actually be traced back to the site (which is very unlikely), the site could conceivably be held liable.  There is such a thing as being too transparent.  While I may want to know if a staff member for a senator on the Finance Committee has large holdings in Fidelity, I don’t need to know the account numbers.  And we don’t want to dissuade smart, talented, and motivated people from joining the government if every conceivable detail of their financial lives is made public and widely disseminated.  Beyond these obvious concerns, however, sites like LegiStorm may help to keep Big Brother from getting too big . . . at least for a little while.

     In yet another invasion of privacy couched in the rhetoric of “but the consumer will benefit!” comes this story from the Washington Post.  Apparently, a small but growing number of ISPs are monitoring their users’ every click and keystroke.  The ISPs then harvest the data to determine a user’s interests and preferences and provide it to advertisers who make highly targeted pitches to the user.  I can see the pitch now:  “We’ve noticed that you’ve typed in the word “hemorrhoids” 12 times, searched Google 3 times, and visited 9 sites.  Here’s a coupon to try Preparation H for free.  It will stop the itch!”

      This monitoring is known as “deep-packet inspection” and it divides every aspect of a user’s data into packets that an ISP can analyze for content.   First, as a general matter, whenever I see anything with the words “deep” and “inspection” in a title, I get somewhat concerned without even having to read any further (similar to how the FBI first named its now infamous packet-sniffing software ”Carnivore,” but later changed it to the more benign-sounding “DCS1000″).  From a more substantive perspective, however, it represents a considerable escalation of an ISP’s ability to monitor its users.  Barring any legislative or regulatory action, it won’t be long until all ISPs engage in this practice.  According to the article, only 100,000 users are affected at the moment.

     As usual, the ISPs gain their users’ consent by burying the monitoring in their lengthy customer service agreements.  According to the article, one ISP—Knology—has a 27 page agreement and only makes vague reference to the system.  Few people actually have the time and energy to read them, and those that do will not necessarily understand them anyway.  The lawyers that draft them are not exactly known for their clarity, especially when it comes to a controversial subject such as this.  In fact, according to one Knology executive, there’s no violation of privacy at all.

     The article is silent as to how long an ISP actually retains all of this information, but presumably can retain it indefinitely.  And even if it doesn’t, once the information is disclosed and sold to advertisers, copies of it could continue to reside in cyberspace even if the ISP purges its records.  The article is also silent as to how such information could easily be disclosed to law enforcement or to parties involved in civil litigation.  So the march towards “zero privacy” continues. <sigh>

      There was an interesting consumer protection suit filed by the Pennsylvania Attorney General (”AG”) recently.  It seems that Waltham, Massachusetts resident Areg A. Sakanyan, who was operating a website,  www.unclaimedmoney.us.com, to supposedly help people locate unclaimed money, didn’t provide the advertised service.

     According to the AG, the site lured consumers to conduct an initial free search and then enticed them to purchase a “membership” for $24.95 which would give them the details they needed to claim any assets that the search uncovered.  The problem was that everyone apparently qualified for unclaimed assets—even superheroes and cartoon characters.  When the AG’s undercover investigators input names such as “Batman” and “Wily E. Coyote,” the site stated that they had multiple unclaimed assets waiting for them.  Not surprisingly, no details or information about a person’s supposed unclaimed assets were ever provided by the site once the $24.95 fee was paid.

     In many ways, this is a standard type of consumer action that one would expect an AG to undertake:  A service was advertised, money was paid, and nothing was provided.  What was interesting, however, was one of the disclosures that the site allegedly failed to make.  According to the AG, the site—among other things—failed to inform consumers that its unclaimed money database is based upon publicly available sources which could generally be accessed without charge.   

     While this was just one part of the AG’s complaint, it’s somewhat troubling if the AG is attempting to establish precedent that a for-profit content or database website would have to make disclosures that its information is available from free public sources.  The internet is replete with such services.  For example, while many lawyers can find cases, statutes, and other public records for free, for-profit services such as Westlaw and Lexis provide the same service for what can sometimes be a hefty fee.  Would a disclosure be warranted in this instance?  Perhaps not just yet . . . .

      Again, given some of the overtly fraudulent conduct alleged in the AG’s complaint, this is only one small part of the action.  But all AGs are given a great deal of discretion when deciding to pursue those businesses that it deems to be engaging in unfair or deceptive practices.  And most businesses settle or fold once the AG has them in its sights, especially given the lengthy and expensive proceedings that can ensue, as well as all of the negative publicity that such actions generate.  The proverbial “slippery slope” gets even slipperier if aggressive and politically-motivated AGs (i.e., those seeking higher office) are specifically looking for “high value targets” upon which to focus their energies.  And failure to put appropriate disclaimers on a site are particularly easy targets to pursue.

     For those of us who practice in the technology law field, one of the most exciting and novel areas is what’s happening in virtual worlds and with “massive multi-player online role-playing games” (”MMORPGs”).  The variety and depth of the legal issues are fascinating, and I’ll do my best to cover them in this blog and on my site.  From a societal perspective, virtual worlds and MMORPGs present a glimpse of where things are headed.  It’s not quite “The Matrix” yet, but stay tuned.  In the minds of many, this is where social networking will be heading sooner rather than later.  

     There’s a short but interesting article on wired.com regarding Congress’s apparent overreaction about the possibility of Second Life (”SL”)–or any virtual world, for that matter–being used by terrorists to launder funds.  While the article downplays the potential for such abuse given SL’s low retention and transaction rates among users, it misses the point.  Yes, for the moment our government may be overreacting as only a post-9/11 government can.  But its fears are not unfounded even if somewhat overzealous.

     First, despite the relatively “unpopulated” nature of SL and other virtual worlds, it’s foolhardy to think that their appeal won’t continue to grow—for both good and bad guys.  As of March of 2008, it’s been reported that SL has 13 million registered accounts.  While many users have more than one account and many accounts are inactive or used infrequently, the fact still remains that virtual worlds and MMORPGs are growing at a phenomenal rate.  One study estimated that this market will increase from $3.4 billion to $13 billion in 2011.  Also even in the absence of such statistics, moving from the margin to the mainstream is the usual trajectory that technology takes.  There’s no reason to think that SL and MMORPGs won’t do the same.  It just takes time.  Furthermore, despite the Wired article’s emphasis on SL’s low retention and transaction rates, there’s a reason that Congress is looking to tax virtual assets and property.  A great deal of real money is being made in the virtual world.  So it’s only logical that the government investigate the criminal implications of using these forums.  They’ll only become more and not less “populated.”

     Second, terrorists—despite their evil and depraved nature—are, sadly, quite creative.  It’s naive to think that they won’t be using virtual worlds in the same manner in which they now use the internet, e-mail, or any other technology to recruit followers, disseminate their hate, and devise attacks.  Laundering money may be at the bottom of their list, but it’s probably there.  While virtual worlds will hopefully provide a way to track and monitor such people, these technologies may nevertheless be quite appealing to increasingly savvy criminals who intend to do us great harm.  At least our govenment is asking the right questions.  Time will tell if it arrives at the right answers.