SEC Sheds Light on Cyber Threat Disclosure

Photo entitled "cycber_security" by CongressCheck on Flickr

As public companies increase their use of digital technology in business operations, they increase their vulnerability to cyber threats. This risk is evidenced by the large number of high profile cyber attacks conducted against corporations including Sony, RSA, Comcast, Bank of America, and JPMorgan.

Current federal securities law does not explicitly address disclosure requirements for cyber risks and attacks but the SEC’s Division of Corporation Finance recently published guidance to aid companies in making that determination. It is unclear how the SEC will handle the disclosure issue in the future, but its recent publication emphasizes the importance the government places on cybersecurity.

Cyber incidents can come in many forms including, gaining unauthorized access to digital information, corrupting data, and disrupting operations both electronically and physically. The SEC explains that the obligation of disclosure regarding the risk or actual impact of such an incident hinges on “materiality” or what a reasonable investor would consider important in making an investment decision.

Specifically, companies should disclose information about the risk of a cyber incident if it is “among the most significant factors that make an investment in the company speculative or risky.” In making this determination, companies should consider severity and frequency of previous incidents, probability of future incidents, and expected impact of such incidents including costs and consequences.

Additionally, public companies may be required to provide information on previous cyber attacks to place the extent of risk in context. The SEC guidance suggests that merely addressing the existence of a risk after a cyber attack occurs would likely not be sufficient. A discussion of the specific method of attack and its known and potential consequences may need to be disclosed in order to capture the full extent of the particular cyber risk.

Experts have differing opinions as to whether the recent disclosure guidance will have any immediate impacts on public companies revealing information about cyber attacks. However, at the very least, the publication puts businesses on notice that the SEC is aware of corporate cyber risk and recognizes the critical impacts such threats pose to using technology in conducting business. The SEC has made it clear that, despite an absence of express language dealing with cyber incidents, disclosure may be necessary in certain circumstances.

Going beyond the potential issue of having to make cyber attack details public, the SEC’s message should help focus companies on their cybersecurity plans. This in turn will hopefully get public corporations to consider and plan for the full extent to which cyber threats impact all aspects of business. While disclosure is an important step, it is only part of a much larger process businesses must take to secure their electronic media and protect their customers and investors.

Nothing gets a company more concerned about cybersecurity than being a cyber victim. Hopefully, the SEC and other government entities bringing cyber issues to the forefront will get businesses to start taking adequate measures to protect themselves before becoming cyber attack victims.

Security and Exchange Commission, CF Disclosure Guidance, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.

Carrier IQ – Has someone violated the Electronic Communications Privacy Act?

Photo Titled "Completely Taped" by Byung Kyu Park available on Flickr

141 Million handsets have a software program deployed on them which purports to only collect network diagnostic information for mobile phone service carriers. However, this software program is secretly running because is not easy for an average mobile phone user to see the program running on their phone because it does not appear as a “running application” on the applications list. Nor is there a clear disclosure of what data is being collected by the application, or a way to easily opt out of the application running on the mobile device. Nor is there any easy way to stop it from running on the Android phones. On November 28, 2011 Trevor Eckhart uploaded a seventeen minute video (shown above) exposing the extent of the data being captured by Carrier IQ, an application that mobile phone providers and/or carriers install on mobile phones. The video shows an Android developer searching his phone for privacy policy disclosures, and not finding any privacy disclosures related to the Carrier IQ program, he proceeds to show the type of data that is logged by Carrier IQ onto the phone’s debug log. For example, each time he presses a key that key press is logged, even when he enters information into a web page over his own local WiFi connection and the session is protected with SSL (which is an encrypted means of communicating between a client and host and forms the backbone of all secure communication over the Internet; as a standard and all data transferred within an SSL connection should be encrypted and protected after the SSL handshake). As of January 25, 2012, Eckhart’s video received over 1.9 Million views on YouTube.

In response, Carrier IQ sent Eckhart a letter threatening legal action unless he retracted his research, characterizing his analysis and posting of privacy policies as a breach of copyright which could expose him to an excess of $150,000 in damages. In response, Eckhart reached out to the E.F.F., who agreed to represent him; Carrier IQ has since backed off from its legal action and apologized for the cease and desist letter. The question remains now – has Carrier IQ, or the mobile phone manufacturers, or the mobile service carriers violated the E.C.P.A. by secretly running a software program on the mobile phones?

The Electronic Communications Privacy Act (E.C.P.A., 18 U.S.C.A. § 2510) was enacted to expand the scope of the Wiretap Act (which was focused on the interception of voice communication) to protect data transferred by computers. Title I of the Act protects messages that are in transit, and Title II of the Act protects messages that are in storage on a device. Within the E.C.P.A., it is unlawful for a person to distribute “any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications” (18 U.S.C.A. § 2512(1)(a)). However carriers do have an exception, where under the normal course of their business in maintaining their communication systems, they can use devices to intercept wire communications.

Senator Al Franken, who chairs the Senate Judiciary Subcommittee on Privacy, Technology and the Law, has requested more information regarding what data is being collected and where the data is being sent. Depending on the type of data that is actually collected and sent to the carriers, they may be able to claim that they were operating within their normal course of business in maintaining the stability of the wireless networks. A criminal or civil case under the E.C.P.A. may not be a guaranteed success in a court of law. However, the public surprise of the extent of data being captured, and the lack of notice and control that users are able to exercise over how much activity is being tracked has already made the carriers and Carrier IQ losers in the court of public opinion.

Carrier IQ: Cell Phone Data Snooping Revealed

Photo by: sam_churchill 

Earlier this week, a 25-year old security researcher named Trevor Eckhart posted a YouTube video detailing a program called “HTC IQ Agent” that was installed on his cell phone. Trevor showed that the program was recording every action taken on his phone, including key presses, text messages, and passwords - and then transmitting this data directly to the offices of the company Carrier IQ. The program started automatically with the phone, ran in the background, and could not be turned off. It wasn’t a virus, nor was it installed by an outside vendor; it came pre-installed on his phone.

The revelation that a company was extensively tracking cell phone users actions lit off a firestorm of controversy. Numerous technology blogs decried Carrier IQ's actions. Carrier IQ soon threatened Mr. Eckhard with legal action, but then apologized after Mr. Eckhard sought the protection of the Electronic Frontier Foundation.

In its defense, Carrier IQ claims that all of the recorded data transmitted is anonymous. The company provides a valuable service to many U.S. cell phone carriers, who contract with Carrier IQ to provide specialized diagnostic, trending, and troubleshooting data for the devices on their network. The issue is the sheer volume and depth of data being recorded, which seems unnecessary for purely diagnostic or reporting purposes.

Whenever I accept a terms of service or license agreement on a website, I assume that I'm giving up all of my rights related to content and privacy. However, even in this digital age, I still consider my right of privacy to extend to my personal belongings; the information in my wallet, my documents, and even information stored on my cellphone. As cellphones have become more powerful and increasingly connected, they have become personal organizers. My calendar, contact list, Christmas shopping ideas, and other personal information are all stored on my cellphone. Given that I've tapped all this information into my cell phone at some point, it is likely that this information is also now stored somewhere on Carrier IQ's servers.

So far, Carrier IQ software has been found on both Android and iOS cell phones for several U.S. carriers. Many guides and how-to documents have been posted with instructions on how to disable the software. The Senate has even gotten involved, giving Carrier IQ until December 14th to address privacy concerns. In addition, it's possible that Carrier IQ has violated federal wiretapping statutes, and already there are rumblings of class action lawsuits.

It's also quite possible that this story has been overblown. Many journalists have noted that the data stored are purely anonymized metrics that carriers use to improve their service, ultimately benefiting consumers. There is no evidence that personal, identifying information has been used in an improper manner. However, given the amount and type of data being recorded, I am uncomfortable with any company having this information on their servers. A line has been crossed, and thanks to Trevor Eckhart, the world knows.

Data Protection Uniformity in the European Union

Image Titled "Internet Global Advertisement" by The Miiz

On Tuesday, Vice President of the European Commission Viviane Reding, announced a plan to harmonize data protection policies throughout the European Union. The plan would allow an Internet company to operate throughout the 27 Member States as long as its data protection policies were approved by a single state.

The new directive will update the EU’s data protection laws, to patch holes created by U.S. law through the introduction of the Patriot Act, and to bring the 1995 Data Protection Directive up to speed on new and developing technologies, such as cloud computing. Based on European data protection standards, the rules Reding would like to introduce are codes of practice ensuring "adequate safeguards" for data transfers between parts of the same corporate group.

Reding hopes the new data protection regulations will make it much simpler to negotiate such binding corporate rules (BCRs) she said Tuesday at a conference in Paris organized by the International Association of Privacy Professionals.

“They [Companies] need ... to have a ‘one-stop-shop’ when it comes to data protection matters, one law and one single data protection authority,” Reding told the American Chamber of Commerce. “I want to drastically cut red tape.

Reding reiterated that European law would apply to any company operating within the European Union, even if the company is based outside the area, such as the United States. Subsequently, any non-European company with customers or clients inside Europe will have to comply fully with European regulations. Details of the plan are expected to be revealed by late January although it may take as long as 18 months before the bill becomes law.

Under the current Data Protection Directive, companies have to have their data protection policies approved by each individual country. The Directive offers basic principles and laws that each member state has built upon. This fragmented approach has made it increasingly difficult for businesses to trade, and comply with the complicated rules and regulations. Germany for example has stricter laws than the UK, making trade between the two countries difficult. Reding estimates that this bureaucratic approval process costs companies approximately $3.1 billion per year.

In order for there to be uniform E.U.-wide privacy rules, the data protection officials in individual countries would have to be granted greater power to enforce their laws and to impose penalties on violators. Under the existing system, privacy officials in some countries can only make recommendations. Jacob Kohnstamm, chairman of a panel that advises the commission on privacy issues, said the Union needed data protection authorities that were “able to bark and bite.”

Reding believes that an overhaul of the privacy regulations is crucial to increasing the competitiveness of the European economy during its present debt crisis. According to a New York Times article, Ms. Reding said, “I think I am persuaded that while bringing member states out of their debt crises, we have to do everything we can to help our companies grow.”

Such changes are necessary because the world is no longer defined by physical borders, she said. "Data races from Barcelona to Bangalore. It is processed in Dublin, stored in California and accessed in Milan. The transfer of data to third countries has become an important part of daily life, and this affects businesses and citizens."

However, getting 27 countries to agree on a uniform policy may be easier said than done. The EU must iron out differences between its members over privacy issues. Countries like France and Germany favor stronger protections for privacy, while Ireland, Britain and others prefer more market-friendly rules. A further example of international divergence is shown in the European consensus on the new plan’s possible ‘right to delete provisions, which would allow European citizens to apply to social networks or companies to delete the data held on them. The UK data protection agency called the proposals “unenforceable” and that the proposed measures should not go ahead. It is also likely that we will see conflicts between the rules in the European Union and other jurisdictions, like the United States, where data protection regulations are also under review.

Compliance and enforcement are two other major concerns surrounding the proposed plan. Kohnstamm urged the commission to draft the new privacy rules through regulation, a measure that would give E.U. member states little room for interpretation in their implementation of the law, rather than via a directive, like the current law, which means the law is not self-executing and the countries may adapt it. However, compliance and enforcement outside the European Union could prove costly. Wojciech Rafal Wiewiórowski, Poland's inspector general, raising this issue, asked, "Who will say whether a company is fulfilling its responsibilities under a BCR? "Let's assume it's the DPAs [Data Protection Authorities]: that works in Europe, but that's not really the problem. The problem is those companies moving data outside Europe. In the U.S., we can count on the support of the Federal Trade Commission, and Mexico too has a strong data protection authority,” he said. "But what about Laos? Who will check what is going on in a data center in Laos?"

The new proposal will likely have strong effects on the world outside of the bloc as well as inside. Ronald Zink, chief operating officer for E.U. affairs at Microsoft, said that harmonizing policies internationally might be just as important as doing it within the Union, but added: “I think the E.U. data protection laws can be a beacon for the U.S. and around the world. They do a lot of things right.” The details of the plan and the dates of its implementation are yet to come.

US Investigating Chinese Solar Imports

Photo by: Living Off Grid

China’s new energy manufacturing sector has been growing rapidly in the last two years. In 2009, there were $640 million in U.S. imports of Chinese solar. Last year that amount grew three times that amount to $1.5 billion. U.S. solar manufacturing however, has been struggling.

SolarWorld Industries America, Inc., joined by other American solar manufacturers, alleged in a petition to the Department of Commerce that they have suffered financial injury and requested tariffs to be imposed on Chinese solar. The Chinese government allegedly provides preferential loans, land discounts, discounted raw materials, tax breaks, export assistance grants, and export insurance to domestic solar companies. The claim is that illegal Chinese subsidies result in artificially low prices that are unfairly disrupting sales of American manufactured cells. The scale of the Chinese subsidies may violate World Trade Organization (WTO) rules. The requested tariffs on Chinese solar panels, which could potentially exceed 100%, are intended to level the playing field to allow the struggling U.S. solar manufacturing sector to compete.

U.S. solar generating companies and the Coalition for Affordable Solar Energy oppose the potential duties. The Coalition has 25 members, including U.S companies, Solar City and MEMC Electronic Materials Inc., as well as Chinese companies with U.S. arms such as Yingli Green Energy and Suntech Power Holdings. There is criticism that the tariffs will cause prices for solar to rise, making solar projects too expensive. In response to the potential action CECEP Solar Energy Technology Co. Ltd., China’s largest solar power developer, put $500 million worth projects on hold in anticipation of the foreboding rise in costs.

Instead of imposing tariffs on Chinese solar, the U.S. should provide new legal subsidies to domestic solar manufacturers. The 1603 Treasury Cash Grant Program for renewable energy projects is sunsetting in a few months. If the U.S. wants to be a part of the green energy future, incentives like these need to be extended and expanded. Inciting a trade war will not be the solution to growing solar in the U.S.

On December 5th, the ITC will vote on whether there is sufficient evidence of injury to U.S. manufactures such that a case should go forward. In January, the Commerce Department will make preliminary decisions on whether to impose the duty on Chinese-subsidized solar panels.

Copyright Office Releases Discussion of “Mass Digitization”

Photo Titled "Kindle/Nook Hollow Book Holder" by Conduit_Press

Just this past month the Copyright Office released a forty page document entitled Legal Issues in Mass Digitization: A Preliminary Analysis and Discussion Document. The document is supplemented with multiple useful appendixes and comes in at just under one hundred pages total. What could possibly motivate the Copyright Office to go to such lengths? The answer is Google. More specifically, Google Books and a variety of organizations throughout the world that are attempting to compress as much printed or published material as possible into a digital medium. The problem is that the printed material, overwhelmingly books, is most likely under copyright with an owner who must grant permission for such copying. Hence copyrights.

The cases that led to this report and raised most of these concerns are Authors Guild v. Google Inc., 770 F. Supp. 2d 666 (S.D.N.Y. 2011), and the companion case American Society of Media Photographers, Inc. v. Google Inc., Civil No. 10-2977 (S.D.N.Y.). Google has been scanning books, many copyrighted, since 2004 and made full copies available to users of partner academic libraries and samples available to the general public via the internet. The report notes that the court was concerned “that exclusive rights afforded by copyright law should not be usurped as a matter of convenience, and that policy initiatives that redefine the relationship between copyright law and new technology are in the first instance the proper domain of Congress, not the courts." Google attempted to settle the matter at one point but he Department of Justice was concerned that Google’s behavior would continue and have negative long-term implications. Though settlements are expected, future litigation is almost inevitable.

The document goes on to describe how books are being mass digitized and who the interested parties are. Google is obviously one of these parties. A conglomerate made up of twelve well-known universities, Google, Microsoft and the Internet Archive created the HathiTrust Digital Library that contains three billion pages of scanned content. European governments have also partnered with private organizations to digitize as much cultural and scientific resources as possible. The Library of Congress, the Smithsonian Institution, and the National Archives all have detailed digital plans for the future as well. It is definitely worth noting that there is already a vast amount of literary work available online throughout the world. The EU, France, Germany, and China are all working on government funded projects to digitize books that are considered imperative to the preservation of history.

The fourth part of the report analyzes how copyright laws, specifically licensing, interact with book digitization initiatives. Under the Copyright Act a copyright owner possesses a “bundle of rights” that includes the right to exploit the digital rights of their work however they see fit. The Copyright Act also grants a limited exception to libraries and their ability to make copies of books. The report also notes “it is difficult to imagine an exception to copyright applying to the commercial partners of libraries.” The Fair Use exception is discussed but no concrete predictions for its application can be arrived at. Fair Use is employed as a defense once the court finds infringement, which analyzes the motives and individual circumstances of the infringer on a case-by-case basis. The last issue raised in the fourth part of the report is “orphan works.” The term orphan work is used to describe a copyrighted work without a locatable owner to obtain permission from. Congress has discussed a “safe harbor” for certain organizations that are using orphan works as long as the work is no longer used if the copyright owner reappears and objects to its use.

Licensing schemes are discussed in the last part of the report covering both direct licensing and collective licensing. Collective licensing would encompass voluntary (direct negotiation between licensee and licensor), extended (requiring some form of legislation to allow groups to bargain on behalf of licensee and licensor), and compulsory (basically forcing the copyright holder to license the use of the work) methods.

Many of the concerns brought up in this document are analogous to the concerns society and business had with the invention and rise in popularity of copiers/Xerox machines and videocassette recorders/VCRs. The use of digitized books by members of non-profit organizations like universities and public libraries does not seem to be the main problem here because the library will most likely be a good faith partner that can be negotiated or renegotiated with. The long-term concerns seem to be centered on what framework needs to be put in place to protect copyright owners from technology that isn’t “here” yet. If you told an author twenty years ago that their most lucrative royalties would come from tablets, Nooks, or Kindles they would try to have you committed. But, many if not most people’s lives now revolve around digital content. It would not be fair if that stick in copyright owner’s bundle of rights is compromised; it may ultimately prove to be the most valuable stick.

The full document can be found here: OFFICE OF THE REGISTER OF COPYRIGHTS, LEGAL ISSUES IN MASS DIGITIZATION: A PRELIMINARY ANALYSIS AND DISCUSSION DOCUMENT, (2011), available at http://www.copyright.gov/docs/massdigitization/USCOMassDigitization_October2011.pdf

A New Business Strategy in the Technology Industry

Photo Courtesy of Honou

Apple and Samsung have been locked in an intense patent battle for months. Following drawn out litigation, the Federal Court of Australia awarded an interlocutory injunction to Apple, keeping the Samsung Galaxy Tab 10.1 off the Australian market until a full patent trial takes place. This ruling came just before Judge Koh of the U.S. District Court for Northern California ruled that Samsung’s device does indeed violate American patents held by Apple. These rulings come on top of other major losses suffered by the company in the Netherlands and Germany, where the Galaxy Tab 10.1 has been barred from sale.

Despite these enormous setbacks, Samsung is not backing down. On October 17, just days after its debut, Samsung put Apple’s iPhone 4S squarely in its sites. The company filed an injunction request in Australia and a similar suit in Japan arguing that Apple’s iPhone 4S violates wireless and user interface patents that the company holds in those countries.

However, these are not the only technology giants who have made patent litigation a core element of their business. In August, Google spent $12.5 billion to acquire smartphone manufacturer Motorola Mobility. Google CEO and co-founder Larry Page was not shy in revealing the company’s main purpose for shelling out such a large amount of cash for a company that is already a Google customer. Page stated that the move would “strenthe[n] the company’s portfolio” and better enable the company “to protect Android from anti-competitive threats from Microsoft, Apple, and other companies.” Moves like this that have led some experts to declare the existence of an “arms race” in the technology sector with companies competing to stockpile patents as insurance against potentially costly litigation.

Over the coming decade, we will have to pay attention to see if this hostility in the industry continues to cause an increase in patent litigation or, instead, results in something more cooperative. Some have suggested that the result of the current state will be cross-licensing deals between tech companies. With more patents in their portfolios, companies will be well positioned to negotiate agreements with other companies to not sue each other in a specific field. Such deals will allow companies on both sides of the deal to concentrate more time and money on continued innovation. However, if this is not the case, there is a strong possibility that companies could bring their business overseas to avoid the particularly litigious nature of the American patent system.

Dan Ravicher, executive director of the Public Patent Foundation, rather ominously summarized the current state of affairs when he said, “With arms races, we can only have peace through a lot of fear.”

E-Privacy: The Way the Cookie Crumbles

Photo Provided by: Pete Taylor on Flickr

On May 26th, 2011, a new European Union (EU) Directive came into effect revolutionizing Internet privacy. The newly enacted Directive, Directive 2009/136/EC of the European Parliament and of the Council of 25 Nov. 2009, has been appropriately labeled “the Cookie Directive” because it mandates that without an Internet user’s affirmative assent websites cannot use cookies. Cookies are files that are installed on a user’s computer during web browsing used to authenticate, track, and profile the Internet user’s web surfing behavior. The Cookie Directive requires that any Internet website that directs activities at EU Member States must allow users to opt-in, providing explicit consent to access or store personal information.

The Cookie Directive amends EU directives addressing electronic privacy (e-privacy): Directive 2002/22/EC, Directive 2002/58/EC and Regulation (EC) No 2006/2004. Unlike the earlier E-Privacy Directive that required an option to opt-out to refuse cookies, the new Cookie Directive requires that users opt-in before cookies are used at all. The Cookie Directive requires that a website get a users informed, affirmative consent before using cookies to store or access personal information or to track their website activity.

Internet users have expressed an interest in protecting their personal information. Google Inc.’s Executive Chairman, Eric Schmidt, said some pretty scary stuff in a 2010 interview with The Wall Street Journal concerning the lack of privacy on the Internet. “[W]e [at Google] know roughly who you are, roughly what you care about, roughly who your friends are." “It will be very hard for people to watch or consume something that has not in some sense been tailored for them.” The EU has responded to these concerns with multiple Directives that are representative of value Europe places in protecting individual privacy.

Companies with websites are not yet sure how to comply with the new regulations. There are worries about how to actually implement the directive. If a website is forced to comply with the directive, operators will have to spend a lot of time and resources to make the changes.

Web analytics, is third-party software installed on websites to track user behavior. Web analytics software uses cookies to track website behavior. It is one of the best methods for tracking the interest of website users. Adobe Omniture is one of the most popular web analytic software programs. The directive may require Adobe, and other web analytic companies, to implement changes to their software. The cost of the change will likely be passed on to web operator, users of the software. The online marketing industry will also take a hit, as they rely on analytics software.

If websites can no longer track user behavior, web operators will have to make uninformed, wild guesses about the best user experience. Being prevented from tracking user interests will prevent tailoring the experience and will result in less relevant and individually interesting user experience. The directive is overly broad. It should be limited to tracking individuals, but not include tracking users as a whole.

New Faction of Anonymous Targets Chinese Corporate Fraud in its First Report

Photo by: Anonymous Analytics

The computer hacking group “Anonymous,” has formed a new faction called Anonymous Analytics (Anonalytics for short) to target and expose corporate corruption. In its first report published in the last week of September, the group takes aim at a Chinese fruit and vegetable supplier allegedly involved in deceitful business practices. Interestingly, the government of Hong Kong announced that it was investigating the company on the same day Anonymous published the report. Was this a coincidence or an immediate victory for the group trying to improve corporate transparency?

Anonymous has achieved notoriety for executing a number of high profile cyber attacks against a wide range of targets including large corporations and government entities. While the group often has political or “hacktivist” motivations, its actions are not always so high-minded. Some Anonymous members have histories of defacing websites, stealing information, and executing other forms of digital hacks purely for the lulz or enjoyment, just because they can.

Anonalytics presents a face quite different from other Anonymous efforts - one of legitimacy focused on promoting access to information and transparency. Notably, the group staffed by analysts, forensic accountants, statisticians, computer experts, and lawyers, claims to use legal means to acquire information, which it fact-checks and vets prior to release.

The group focused its first publication on Chaoda Modern Agriculture, a company widely reported to have a history of fraud and deceiving shareholders and investors. The 38-page report (including full disclaimer) details a range of evidence showing fraudulent practices including the falsification of financial statements, operation through bogus companies, and illegitimate branding and promotion.

In addition to its claims and analysis of corporate fraud, the group also calls the Honk Kong Stock Exchange (HKEX) and Securities and Futures Commission into question for allowing Chaoda to operate unhindered for over 11 years. Coincidentally, HKEX’s Market Misconduct Tribunal and a Hong Kong government spokesperson released statements that they were investigating Chaoda and suspended the company from trading on the same day Anonalytics published its report. Chaoda’s stock has since plummeted and the company has hired DLA Piper to take legal action against the report.

Anonalytics admits that Chaoda presented an easy target for its first project. Regardless, its first report did not go unnoticed. It remains to be seen whether the group’s future investigations will directly influence major government action but Anonalytics certainly provides businesses with extra incentive to fly right and operate transparently.

Big businesses will likely take note of Anonalytic’s investigations and closely watch the group’s future activities. Will big businesses and regulators take measures to improve corporate transparency as a result of this new Anonymous faction? Does the forming of Anonylitics signal an evolution in Anonymous operations? It will be interesting to watch this developing situation and gauge the potential for effecting a significant change in corporate transparency.

Holding Google Accountable: DOJ Settlement over Canadian Pharmaceutical Advertisements

Photo by: ahhyeah

Over eighty percent of Internet users worldwide use the Google search engine. Information sharing over the Internet has incredible benefit to society, but we must recognize that the corporation controls our access to that information. Further, any corporation’s main objective is to make profit and increase shareholder value, not to protect people. Google’s incredible control over the information we discover warrants robust government oversight – the recent settlement over illegal pharmaceutical advertising and sales is a positive step.

The issue in the Google Settlement is Google’s violation of The Federal Food, Drug, and Cosmetic Act, 21 U.S.C. § 331(a) and (d) and § 952. The Act makes it a crime to introduce into interstate commerce a misbranded or unapproved drug. Google allowed online pharmacies to buy advertising through its AdWords program and import prescription drugs into the United States. It also frequently assisted these advertisers with its “geo-tracking” function, which allows advertisers to focus on their ads in particular areas based on ad text and keywords.

Google was on notice that this activity violated US law. In March of 2003, the National Association of Boards of Pharmacy advised Google that the importation of prescription drugs from foreign countries is illegal. In response, Google hired various companies to monitor Canadian online pharmacies. The first was Square Trade, Inc., which allowed the pharmacies to self-certify their compliance with US law. Google knowingly allowed sellers who had self-certified to sell into the United States. The next was PharmacyChecker, LLC, which certified advertisers of non-controlled prescription drugs, which Google knew. Some advertisers didn’t meet either internal check and were still allowed to continue advertising. Lastly, Google knew that some advertisers, the “shady, fraudulent” ones , were not using pharmacy related terms in ad text, but instead only in key words. Since Google monitored advertisers that used pharmacy terms in text, this allowed many to go unnoticed. But Google knew of this practice and allowed it.

Google changed its practice after it became aware of the Government’s investigation, and in 2009 began to regulate online pharmacies more rigorously and allowed none from Canada. While a positive step, evading the regulatory arm of the US government in the prior years warrants this settlement. The FDA protects citizens, a vital role especially in our increasingly globalized world. We should welcome protections that safeguard our health. Accountability is vital to maintaining Google’s and society’s interests since Google has such incredible power to determine what information we discover.

An unexpected result of this settlement is the information that Canada’s regulatory regime for prescription drugs does not reach to Canadian pharmacies that ship prescription drugs to US residents. Plus, many of these pharmacies sell drugs obtained from outside of Canada, which lack adequate regulation. For the benefit of the reputation of Canada’s health system, this issue should be addressed in their government with proposed legislation to close that gap. And a request for the US government: show us the financial reporting from the Asset Forfeiture Program for the $500,000,000 dollars

Big Tobacco v. Australia: The Battle over Branding

Image by Economicz

As of January 2012, all cigarettes in Australia will be sold in packs of uniform olive green. The color was carefully chosen after a government survey found it to be the most distasteful to Australian smokers. The brand names will be printed in black standardized font. The new legislation will also designate seventy-five percent of the front and ninety percent of the back of the pack to warning labels.

The new packaging is the next step in Australia’s push to reduce smoking rates. Last year, the government raised tobacco taxes by twenty-five percent, bringing the cost of a pack of twenty cigarettes to between sixteen and twenty Australian dollars per pack ($16.75 – 21.00). These are some of the highest prices in the world. Australia has already banned public displays of tobacco products in retail stores, forcing storeowners to keep the products hidden behind counters. Smoking-related diseases kill 15,000 Australians per year and cost the country 31.5 billion Australian dollars in healthcare and lost productivity. Cigarettes are the leading preventable cause of death in the country. Australian officials say they are confident this ban of tobacco trademarks can be justified by its public health argument.

Tobacco companies vow not to give up without a fight. They have invested substantial capital in establishing and protecting their trademarks and feel that the plain packaging requirement will deprive them of their intellectual property without compensation. Philip Morris Asia, based in Hong Kong, has already initiated legal action against the Australian government, claiming the new legislation would violate a twenty-year-old bilateral investment treaty between Australia and Hong Kong. Under bilateral investment treaties, countries pledge to protect the investments made by foreign companies within their borders. On June 27, 2011, Philip Morris Asia filed a notice of claim, starting a mandatory three-month negotiation period. Other companies will likely follow suit.

Stripped of their brand recognition, tobacco companies are concerned for lost revenue. The value of a trademark is not in its possession, but its use. Trademarks create a shortcut in the consumer’s mind between the product and the quality. While Australia represents only a modest fraction of global tobacco sales, companies fear a domino effect. Countries like Canada, New Zealand, and the United Kingdom are watching this situation closely and considering similar measures. Tobacco companies also fear that plain packaging, which is much easier to imitate, will lead to an increase in counterfeit tobacco. This could lead to a greater supply of cheaper tobacco products on the market. Many companies have threatened to lower their prices in order to remain competitive, thus incentivize smoking.

Philip Morris will likely make two main arguments against the Australia’s public health claim First, it will point to the fact that there is no evidence that removing trademarks from packaging will reduce the number of existing smokers. Even if a person may mistake one brand for another, there is nothing to show that their smoking patterns would change. However, proponents of the new packaging argue removing all trademarks will breakdown the smoking-is-cool image the cigarette companies have been working for decades to create.

Secondly, Philip Morris will likely argue that the cigarette industry is being singled out. The Australian government allows for trademark-laden packaging for other unhealthy but legal products, such as alcohol and junk food. When this issue has been raised in interviews, Australian health minister, Nikola Roxon has responded that while alcohol and junk food, if consumed in moderation, produce few health concerns, there is no safe level of tobacco intake.

Outside of the courtroom, the tobacco companies have launched a counter attack. Philip Morris and other companies have joined together to create an advertizing campaign depicting the Australian government as an overbearing parental figure. The ads feature a stern looking woman with a tagline that reads, “Do you like living in a nanny-state?” Philip Morris has also created a website that warns that plain packaging will lead to counterfeit cigarettes manufactured in squalid conditions by organized crime leaders.

At this time, Philip Morris Asia is the only company to begin legal action, although they cannot officially file suit until the law goes into effect in January. When that happens and if Philip Morris is successful, other tobacco companies are likely to follow. Besides suing under bilateral investment treaties, the tobacco companies may also try to persuade their governments to bring suit against Australia under the WTO for violations under the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPs). The countries most likey to do this would be the world’s leading tobacco producers. Indonesia, the Dominican Republic, Mexico, and the Philippines have already raised concerns. Regardless of how the tobacco companies choose to fight the anti-trademark legislation, Australia should prepare for a shoot-out that would make the Marlboro Man proud.

Cloud Computing: Terms of Service and Risks

Image Courtesy of Wikimedia Commons

Cloud computing is an increasingly used buzzword among IT departments, businesses, advertisers, and individuals. Without even knowing it, many of us use cloud computing daily. For example, the emails I receive, sent to various addresses, are all forwarded to GMail (www.gmail.com), where I’m allowed a free 7 gigabytes of storage – provided that I allow Google to search and read my email, determine what I’m most likely to buy, and serve up advertisements accordingly. Nearly all of my important documents are stored in DropBox (www.dropbox.com), a cloud computing storage drive. It’s installed on my work computer and laptop, and synchronizes with both. Documents are also accessible via the DropBox website. I can pay for more storage, or refer others to get more storage for free. Wherever I am, I have a copy of my important documents. I don’t have to worry about my hard drive crashing or spilling coffee on my laptop (well that’s still a worry but at least I can still access my materials if it happens).

What is cloud computing? There are many definitions, but generally it is a system where resources are accessed remotely from a dedicated internet-based service. In this respect, cloud computing is not a new concept; it’s core functionality has been around in one form or another since the early days of computing.

Originally, computing was prohibitively expensive and typically performed on large systems called mainframes. People would connect to, share time, and work on these systems via a ‘dumb’ terminal. As IBM, Microsoft, and Apple popularized the personal computer, the bulk of computing moved to individual machines with their own dedicated processing units. With the exponential growth of the Internet and increase in network speeds, we now see the proliferation of low (and high) cost ‘terminals’ that ultimately connect to a central resource for the bulk of computing power and storage needed. Cloud computing differs from mainframe computing in that the resources are typically spread across many datacenters and accessible from anywhere with an Internet connection. Cloud-based services can provide greater redundancy and reliability, while also offering elasticity – the ability to instantly scale as needed.

However, there are risks to moving to a cloud model. The most prominent risk is the possibility of data loss. For example, in April 2011 Amazon’s EC2 service crashed. Amazon quickly worked to restore all of their customer data, but their backups were insufficient and a small percentage of data was lost. The outage affected thousands of companies who had outsourced their web hosting and data storage needs to Amazon. The customers who lost data had little recourse; the Amazon EC2 terms of service, the terms that all users of the service must agree to, states that the customer is ultimately the one responsible for backing up his own data.

The terms of service agreements for cloud computing services, while rarely read or understood, highlight many of the risks involved, such as privacy. Data stored with a cloud vendor may physically reside on multiple servers. Any computer attached to a network is vulnerable to security intrusions. In their terms of service (TOS), companies typically do not guarantee against security intrusions. Generally, vague terms such as “Reasonable and Appropriate Measures” will describe the steps taken to secure your data. Having your files hosted and replicated across several data centers in different states and possibly different countries may also lead to some jurisdictional issues.

Another issue is ‘uptime,’ or the percentage of time that a cloud computing service is up and running. Cloud vendors should guarantee a minimum level of service, embodied in what are called Service Level Agreements (SLAs). This level is usually guaranteed to be in excess of 99.9%, with service credits or refunds offered if it dips below this level. However, there are few mechanisms available to monitor uptime for any service, and it is questionable whether the term covers service that is technically up and available, but the speed is frustratingly slow. Businesses that decide to migrate to cloud computing services should ensure that uptime is included in the agreement and determine means for enforcement.

While cloud computing typically offers redundancy, reliability and elasticity, people should be aware of the risks involved and plan on its use accordingly. Businesses should assess the potential reduction in costs by integrating cloud computing into their environments, and compare it with the loss of control inherent to using a cloud provider. However, for the general public, cloud computing storage and services are likely to be more reliable than the same services on a home PC – though having an extra backup couldn’t hurt.

Sony’s Decree: Goliath to Fight One David at a Time

Image by FallingFifth Comics

The target of public disdain over its privacy failings just months ago, Sony is again finding itself in the crosshairs of consumer activists and its large user base. Recently, Sony amended its Terms of Service and User Agreement to exclude user participation in any class-action lawsuits against it or its entities unless users submitted opt-out declarations. Using the class-action waiver to push users into individualized arbitration, Sony should escape the majority of future consumer suits derived from its Playstation, Music Unlimited, and Video Unlimited (“Playstation Network”) product lines, significantly reducing its legal exposure in one fell swoop.

Sony finds itself on firm legal footing, and its decision to amend its Terms of Service cannot be said to have been unexpected. In April, 2010, The Supreme Court upheld a contractual clause precluding class action attack in AT&T Mobility v. Concepcion. The court went on to reject nonconsensual class arbitration, finding that it defeated the purposes of arbitration and federal law. Following its decision, large companies were expected to begin implementing similar class-action-defeating clauses into their own contracts.

Sony’s new user agreement requires individuals with disputes to utilize individualized arbitration. Arbitration clauses, of course, are matters of contract and are enforced according to their terms. Having agreed to the new terms, users of the affected product lines are very much bound by the agreement. Defeating the arbitration terms would require a showing of some traditional contract defense, including duress and unconscionability, and seem unlikely given the factual circumstances.

Also interesting is the amendment’s timing. What is clear is that Sony’s decision was decidedly future-oriented—it will not escape the class action suits that were filed in April, in response to its large-scale security breaches. Given Sony’s demonstrated exposure to network attack, however, one would be justified in questioning the urgency and nature of the change. Rather than fixing its extensive network flaws, Sony appears to have undertaken a rather artful shortcut—shielding itself from punishment should such problems occur again.

Facebook’s Open Graph API - Be Afraid or Be Very Afraid?

Illustration by Hank Grebe

Mark Zuckerberg unveiled the next generation of Facebook’s Open Graph API at the F8 conference in San Francisco on Thursday, September 22nd. The updated protocol allows third party applications to more easily utilize Facebook users’ data. The goal is to encourage users to share increasingly dynamic content more frequently. A simple example of the API in action is the inclusion of a Like button on a webpage – when a visitor clicks the Like button that information is recorded in that user’s Facebook feed.

The new version of Open Graph “allows apps to model user activities based on actions and objects.” Eventually, the old-fashioned (ha!) Like button will be supplemented with a number of other verb choices. Thus, you can receive news by emulating what your friends are reading on Yahoo! News, be exposed to new music by examining what your friends are listening to on Spotify, or challenge yourself by running the same route as your friend that uses a Nike Running application.

As happens pretty much any time Facebook changes their site in a way that implicates privacy concerns, a backlash is building. Critics’ primary concern: the availability of data to application developers for more than 24 hours, strikes me as fairly harmless considering that many applications previously circumvented this restriction anyway. Other concerns focus on the fact that Facebook has a variety of new partners that automatically fall under the ‘Instant Personalization’ category and automatically ‘personalize the experience’ for you. In other words, new users have to opt out of in order to avoid sharing information that they might not otherwise want to share by using these applications. However, all of the Open Graph features can be easily disabled.

So are there any laws in the United States that will govern Facebook’s conduct when they roll out new functionality with respect to these privacy concerns? Well, not really; not any comprehensive ones, at least. The United States has taken a very pointed approach to regulating privacy issues, addressing privacy only certain specific instances such as HIPAA (Health Information), Gramm-Leach-Bliley (Financial Information), or FERPA (Educational Records). This is to be contrasted with the European (most notably French) approach to privacy regulation where privacy is implicit in the constitution. Social networking sights such as Facebook and Google have found themselves more frequently arguing privacy issues in European states. So while we are largely at the mercy of the social networking industry giants, we can take some comfort stateside in the fact that many of these concerns are mitigated by the market forces imposed on the companies because they do not want to alienate the user base.

One last point that all these Facebook shenanigans got me thinking about – are the developers of these applications adequately protecting their copyrights? Facebook encourages independent third-party development of integrated applications. For that matter, what about users that are, in addition to just going around Liking things, generating a wide variety of copyrightable material in the form of photos, blog posts, and music? If they’re not – they will be, as new tools are popping up to facilitate this protection. The website Myows provides free tools to manage your copyrightable works and to build a case for infringement. In their own words, “Myows offers a professional one-stop copyright management solution from registration through to issuing take-down notices.” Very cool. The website DepotCode is an alternate site that provides similar tools for managing and proving copyrights in source code.

Grudge Match: Amazon versus the Bear Flag Republic

Photo Courtesy of Nils Liehberr on Flickr

In an attempt to collect sales taxes from Internet retailers, California introduced the “Amazon Tax” in June. California’s new law will require Internet retailers to collect sales tax if they use an affiliate program within the state to solicit business and their cumulative sales during the preceding twelve month period are greater than $500,000.

In a move consistent with its battle over sales taxes with New York, Amazon immediately cut ties with all of its California affiliates and began to promote a ballot referendum to block the law. In an open letter to their affiliates Amazon explained, “We oppose this bill because it is unconstitutional and counterproductive. It is supported by big-box retailers, most of which are based outside California, that seek to harm the affiliate advertising programs of their competitors. Similar legislation in other states has led to job and income losses, and little, if any, new tax revenue.”

Governor Jerry Brown rejected an offer from Amazon to delay sales tax collection until 2014 in exchange for new Amazon warehouses being located in California, perhaps in response to the wide speculation that without an avenue to avoid sales tax collection, Amazon is likely to build the warehouses simply to serve its California customers better. He did, however, accept an offer from Amazon to drop the ballot referendum initiative in exchange for a grace period. The new law takes effect immediately, but does not require retailers to collect taxes until Sept. 15, 2012.

Amazon has since banded together with independent storeowners and big-box retailers, including Target and Wal-Mart, to lobby Congress for a federal law regulating sales tax collection by Internet retailers. Per the Amazon-California agreement, any federal law will supersede the California law.

Seven States Join the U.S. Justice Department in Federal Court, Seeking to Block the Merger of AT & T and T-Mobile

AT & T proposed its $39 billion plan to buy T-Mobile USA. The deal will give AT & T a 40.6% market share in the cell phone industry, and will concentrate 80% of U.S. wireless customers in two companies – AT & T and Verizon wireless, thus creating a duopoly in the mobile service market. Not surprisingly, the acquisition is challenged by the Department of Justice, jointed by seven states, including New York, Massachusetts and California, under the Federal Antitrust Law.

Section 7 of the Clayton Act, an anti-merger statute, prohibits mergers that may substantially stifle competition “in any line of commerce, in any section of the country.” The Act especially disfavors horizontal mergers. A horizontal merger is a merger between two direct competitors who compete with each other in the same line of business and in the same geographic market. A horizontal merger will have adverse anti-competitive effects because it will eliminate competition between two merging parties, and will likely increase market shares and assets of the merged enterprise. The merger will be illegal per se, unless the merger will not create or tend to create a monopoly. Market concentration and market shares of two merging companies are the determinative factors in a horizontal mergers analysis. High market concentration and dominant market shares will establish a prima facie violation of the Act.

The merger between AT & T and T-Mobile is a horizontal acquisition because the two companies compete directly with each other in the cell phone market, and both provide a national-wide service, with market shares of 28.5% and 12.1%, respectively. The merger will allow AT & T to dominate the market, enable it to set prices and instill a fear in the smaller competitors. Consequently, it will lessen the competition and create a prima facie case that the merger is unlawful. In addition, the merger will create an industry where the top two companies handling 80% of the service. The high concentration may encourage AT & T and Verizon to seek a deal for their mutual advantage at the cost of consumers, and discourage new enterprises from entering into the wireless service business. Before the merger, the cell phone market has been already concentrated, with Verizon and AT & T claiming over 50% of U.S. wireless consumers. In an already highly concentrated market, the courts will condemn any merger that increases concentration, even if that increase is minimal. The merger will be enjoined unless AT & T can provide clear evidence that the merger will not adversely affect the competition in the cell phone industry.

AT & T can argue that the extremely competitive wireless market will prevent the merger from substantially stifling the competition. It can point out that, despite the wireless service industry in the United State being concentrated in Verizon and AT & T, the competition between Verizon and AT & T is vigorous and it is impossible for them to reach any mutual advantage agreement. At & T can further argue that the merger will only put AT & T at a more competitive position. As a result, the merger will encourage the competition.

This pro-competitive argument will not likely survive the scrutiny. A pro-competitive effect on a horizontal merger will justify the merger only when two merging firms were weak before the merger, and will not result in a dominant market. The evidence shows that: both AT & T and T-Mobile are strong and aggressive competitors, both have a significant amount of market shares in the wireless industry, neither of them are failing, and the merger will produce a dominant market as AT & T will be the No. 1 provider of mobile services. The merger will not only effectively eliminate a competitor, but will likely force a higher price on T-Mobile customers with an inferior service, the effects of which the Act was enacted to prevent.

Has the Sun Set on U.S. Green Tech?

Photograph courtesy of Living Off Grid on Flickr

Solar panel maker Solyndra, LLC is turning off its lights. After receiving a $535 million loan guarantee from the federal government and raising over $1 billion from private sector investors, Solyndra filed for Chapter 11 bankruptcy. The company is looking into a possible sale of its business or licensing out its technology. Solyndra developed a unique thin-film photovoltaic technology that the company claimed to have the lowest system installation costs on a per watt basis for the commercial roof top market. Earlier this year, President Obama visited a California Solyndra facility to publicize the U.S. government’s investment in green technologies and highlight its incentive programs aimed at promoting clean tech development in the country. The shut down creates a two-fold hit; it exposes an embarrassing vulnerability for Obama administration policy and raises questions about the rationale for U.S. government investment in green technologies.

On the political front, Republican lawmakers are capitalizing on the bankruptcy to highlight a flaw in the Obama administration’s stimulus plans. At a House Energy and Commerce Committee (HECC) panel hearing on September 14, Republicans released a report suggesting that administration officials rushed Solyndra’s loan award and failed to note obvious risks in supporting the company. In response, Democrats argued that Republicans are using the Solyndra bankruptcy to garner criticism for other clean energy projects because of a disbelief in climate change. Congressman Waxman, top Democrat on the HECC noted, “The majority of Republicans on this committee deny that climate change is real. If you are a science denier, there’s no reason for government to invest in clean energy.”

Abroad, foreign governments invest heavily in renewable energy technologies within their own countries and provide incentives for the consumption of the technologies. China leads the way and invests billions of dollars in green tech. Ironically, China’s investment is one of the reasons for Solyndra’s fail. The American company was not able to provide a cost competitive product with those developed in China.

From an economic perspective, renewable energy technology does not follow the traditional supply/demand model. Significant front-end investments are needed for renewable technologies to reduce sufficient costs to allow for competition with coal, natural gas, and nuclear energy. Asian and European governments led the way in these investments and as a result, those countries have a head start in tech development. Not only are Europe and Asian in control of the most cost competitive solar technologies, but they are bringing them to the U.S.

Early policy incentives for the installation of renewable technology in Europe, particularly in Germany and Italy, led to an increase in demand that European companies met with supply, eventually driving down the cost of the products. Technology companies rapidly grew to meet the demand. In response, policy makers relaxed incentives and took a back seat, thereby allowing the market to naturally play out. The lack of incentives resulted in a leveling off of demand, while supply continued to grow as companies worked toward creating better and more cost effective products. Currently, demand is just about tapped out in Europe. Economists predict that European companies will now bring their product to the U.S. market, making it even more difficult for emerging American solar technologies.

Where does that leave the U.S.? Demand for alternative energy, including solar, will rise as traditional energy supplies deplete. The U.S. is one of the world’s top energy consumers, and therefore must play a role in the development of green technologies for security and economic reasons. A mix of policy incentives and public financial backing is needed to ensure the U.S.’s place in the green tech arena. However, the Solyndra bankruptcy is illustrative of the risks of friendly green tech policy. It is probable that the bankruptcy will dissuade lawmakers on both sides of the aisle from supporting future green tech incentives. Lawmakers must search for a swift and creative solution for this bind before we are all left in the dark.

Social Networking Requires Businesses to Reconsider How to Protect Client Lists

Image By: Hank Grebe 

Customer lists have traditionally been protected by trade secret law. According to American law, a trade secret has three main elements: (i) it must not be generally known to the public, (ii) it must bestow some economic benefit to the owner by virtue of its anonymity and (iii) the owner must use reasonable efforts to keep it secret. Many states include “customer list” in their definition of trade secret. However, even if a state does not include “customer list” in its definition of trade secret, courts regularly protect these assets as trade secrets. Keep in mind that even if trade secrets are protected by statute, they still must fit the three criteria in the definition of trade secret in order to continue receiving protection.

Prior to the rise of sites like Linkedin, third parties essentially had no way of viewing customer lists. Nowadays, with the advent of social networking sites, employees can build social networks that are viewable by the public. These social networks often include professional acquaintances, many of whom may be company clients. As such, these social networks often reveal a large chunk of a company’s customer list, therefore, rendering customer lists public and no longer protectable by trade secret law.

Given the current reality that customer lists are less likely to receive trade secret protection, firms must take measures to ensure that these assets remain confidential. For one thing, firms can require employees to sign non-disclosure agreements that include client information as confidential. Additionally, firms should add a social media section to non-compete agreements that addresses the confidential nature of social networks. A similar clause should be added to non-solicitation agreements. However, simply defining social media contacts as confidential is not enough; the company must take steps to ensure that the information is treated as confidential. For example, employers can require employees to select privacy settings that would prevent the public from viewing their social networking contacts. Whatever a company chooses to do in order to adapt, it is apparent that the rapidly changing digital world is forcing companies to reconsider the way that they do business.

Goldman Sachs Rejects U.S. Investors on Facebook Private Offering

Late last year The Wall Street Journal reported that the Securities and Exchange Commission (SEC) had preliminarily began to investigate the trading of privately held tech companies, including Facebook and Twitter. The investigation was focused on funds that obtain shares of privately held companies from a seller, like an employee of the company, and then find investors willing to buy those shares plus transaction fees. It is also believed that the investigation is examining how these funds and the potential expansion of ownership in privately held companies will affect those companies and their need to disclose certain financial information. Therefore, if a company has more than 500 shareholders and over $10 million in assets, under U.S. securities laws, they must make the appropriate disclosures.

Goldman Sachs had planned to sell up to $1.5 billion in Facebook, Inc. to clients willing to make a minimum investment of $2 million, with the provisions that such shares be held until 2013. Although the offering was to be limited, details of the deal were leaked to the media and the deal quickly became publicized, leaving Goldman with $7 billion in orders for $1.5 billon of Facebook shares. The heightened public awareness of the offering caused Goldman Sachs to conclude that “the level of media attention might not be consistent with the proper completion of a U.S. private placement under U.S. law." Therefore on January 17, 2011, Goldman Sachs announced that it would not be including U.S. investors in its private offering of Facebook. It should be noted that Goldman Sachs’ decision was their own, and was not “required or requested by any other party,” such as the SEC.

It appears that Regulation D of the Securities Act of 1933 and its corresponding rules banning a general solicitation, including any advertisements, articles in newspapers, magazines, and similar media (ex the internet), is at issue in this situation. It also appears that the rules governing the offer outside the U.S. are less strict concerning this type of offering, and is why non-U.S. investors are still able to participate in the offering.

The question raised is whether such regulations benefits U.S. investors. Critics argue that such restrictions are burdensome and place U.S. investors at a disadvantage when compared to their foreign counterparts. Supporters of the regulations noted that “[t]he notion of a private offering of a company that has been widely touted is inconsistent with our federal securities laws.” Further, it is argued that investors should think twice before taking part in such a private offering, as they do so without access to the financial disclosures required for publicly traded corporations, and therefore may not be able to make a fully informed decision regarding the potential investment. Others praised Goldman Sachs’ decision, noting that being cautious regarding rules and regulations was a step in the right direction for the firm, especially after last year’s suit by the SEC which ended in a $500 million settlement.

There are certainly differing views as to what role the government should play in the regulation of the markets. U.S. investors deprived of the opportunity to purchase Facebook shares are likely to be highly sophisticated and wealthy (at least able to afford the minimum $2 million investment) and as such may not need the same protections as consumers on the public markets. However, in being cautious and proactively ensuring compliance with U.S. securities laws, as opposed to being sued by the SEC for non-compliance, Goldman Sachs did the right thing. Actively and publically letting the American people know that they are following the rules may improve the public’s perception of Goldman Sachs and the banking industry as a whole. Although U.S. investors may feel left out, there may be other ways for them to presently acquire Facebook shares, or they may wait until Facebook goes public, which may happen in April of 2012.

Will The Real "App Store" Please Stand Up?

On March 18, 2011 Apple commenced a lawsuit against Amazon for Amazon’s use of the word “appstore” (Apple Inc. v. Amazon.com Inc., 11-1327, U.S. District Court, Northern District of California). Bloomberg news broke the story on March 22, 2011. Apple had filed the term “App Store” as a service mark in 2008 in conjunction with its release of the iPhone 3G. A few days before the release of the Amazon Appstore for Android, Apple filed a claim that Amazon’s use of the name “Amazon Appstore” would mislead customers. The question before the court will be whether an “app store” is a generic term commonly used in trade and cannot be trademarked.

Trademarks include symbols that are used in commerce to indicate the source of goods and services,

Back on January 10, 2011 Microsoft filed a motion with the USPTO to refuse registration of the term “app store”. Microsoft argued that the term “app” by itself is a generic term for a product that is in common usage and used in several dictionaries as a short hand way of saying “application”. Further, Microsoft argued that a generic name for a product followed by the word “store” is itself a generic way of describing a store that sells that product. In several previous cases, the USPTO had held that these types of marks were generic, such as “The Computer Store” or the “Shoe Warehouse.” Microsoft notes that CEO of Apple Steve Jobs himself has used the term “app store” generically, such as in Apple’s October 2010 earnings call where Jobs said:

In addition to Google's own app marketplace, Amazon, Verizon, and Vodafone have all announced that they are creating their own app stores for Android -- so there will be at least four app stores on Android, which customers must search among to find the app they want.

Of course, many are puzzled by the fact that Microsoft is arguing that Apple should not be able to trademark “app store”, especially in light of the fact that Microsoft itself has stringently defended its trademark of the term “Windows”.

One thing is certain – regardless of what you call them, a new breed of stores has risen in the marketplace and will continue to flourish as long as people want to buy “apps”.

On March 18, 2011 Apple commenced a lawsuit against Amazon for Amazon’s use of the word “appstore” (Apple Inc. v. Amazon.com Inc., 11-1327, U.S. District Court, Northern District of California). Bloomberg news broke the story on March 22, 2011. Apple had filed the term “App Store” as a service mark in 2008 in conjunction with its release of the iPhone 3G. A few days before the release of the Amazon Appstore for Android, Apple filed a claim that Amazon’s use of the name “Amazon Appstore” would mislead customers. The question before the court will be whether an “app store” is a generic term commonly used in trade and cannot be trademarked.

Trademarks include symbols that are used in commerce to indicate the source of goods and services,

Back on January 10, 2011 Microsoft filed a motion with the USPTO to refuse registration of the term “app store”. Microsoft argued that the term “app” by itself is a generic term for a product that is in common usage and used in several dictionaries as a short hand way of saying “application”. Further, Microsoft argued that a generic name for a product followed by the word “store” is itself a generic way of describing a store that sells that product. In several previous cases, the USPTO had held that these types of marks were generic, such as “The Computer Store” or the “Shoe Warehouse.” Microsoft notes that CEO of Apple Steve Jobs himself has used the term “app store” generically, such as in Apple’s October 2010 earnings call where Jobs said:

In addition to Google's own app marketplace, Amazon, Verizon, and Vodafone have all announced that they are creating their own app stores for Android -- so there will be at least four app stores on Android, which customers must search among to find the app they want.

Of course, many are puzzled by the fact that Microsoft is arguing that Apple should not be able to trademark “app store”, especially in light of the fact that Microsoft itself has stringently defended its trademark of the term “Windows”.

One thing is certain – regardless of what you call them, a new breed of stores has risen in the marketplace and will continue to flourish as long as people want to buy “apps”.