Facebook and the State of Washington Join Forces in Fighting Online Spam

Photo titled "Dislike" by Charlotte Road on Flickr

For the first time since the enactment of the federal CAN-SPAM Act, a state government and a private company joined forces in protecting consumers from spammers/scammers. On January 26, 2012, Facebook and the State of Washington filed two separate lawsuits against internet marketing company Adscend Media, alleging violations of the anti-spam law. Specifically, they claimed that Adscend Media tricked Facebook users into clicking deceptive links that appeared as recommendations from their friends. These deceptive links led users to disclose their personal information, direct them to advertising sites, and continued the cycle of spreading spam to their friends.

The CAN-SPAM Act was enacted by Congress in 2003, aiming to protect consumers from unsolicited commercial email. It requires that all commercial electronic mail must clearly and conspicuously identify the message as an ad in the subject line, clearly and conspicuously disclose to the recipient an opt-out right to not receive future emails in the text body, and cease transmission of commercial emails within 10 days of recipient of the opt-out request. The Act also establishes tough penalties of up to $16,000 for each separate email, it also grants the government and private parties the right to bring civil and criminal action against violators.

The Act covers all commercial messages, defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” Courts have interpreted “electronic mail message” broadly, reasoning that such a broad interpretation is consistent with Congress’ intent to curtail the number of misleading commercial messages that overburden the infrastructure of the internet. In Myspace v. Wallace and Myspace v. the Globe.com, Inc., the Central District Court of California defined an electronic mail message as a message deliverable to a unique electronic mail address. An electronic mail address is a form of electronic communications, including a traditional email address, inbox, and other alternative forms. A message posted on a Facebook wall, news feed, or home page is an electronic mail message.

The Act grants a limited right to a private party (namely internet access service providers) to bring a civil action against alleged offenders in federal court. In order to have standing to bring such action, an internet access service provider must show an adverse effect by the violation of the Act. “An adverse effect” can be a very high standard in some jurisdictions, requiring an actual harm from specific messages, rather than a general harm from receiving messages. Despite the limited private right and high standard of proving an adverse effect, more and more private entities enjoy the success against spammers. For example, Facebook has been awarded millions of dollars in judgments under the CAN-SPAM Act since 2008, including a $873.3 million judgment against a Canadian-based site for illegally using Facebook user’s log-in information to distribute spam, and a $711 million judgment against “spam king” Sanford Wallace for fraudulently gaining access to Facebook accounts and using them to send spam throughout the Facebook network.

States have the right to bring a civil action on behalf of their residents if they reasonably believe that the interests of their residents has been or is threatened or adversely affected by commercial email senders. States can either seek to enjoin future violations, or recover monetary damage. The bar for the later is much higher than the former. A state must prove that an alleged offender had actual or implied knowledge for the alleged unlawful conduct in order to recover monetary damage which is not required in an enjoinment action.

In the current joint action against Adscend Media, it is likely that both Facebook and the State of Washington have a good chance of winning. Under the broad interpretations promulgated by the courts, messages Adscend Media sent to Facebook users were electronic messages because they reached destinations receivable by Facebook users. These messages were fraudulent, as they were not recommended by Facebook users’ friends as their outward appearance would suggest. The messages were deceptive and intended to direct unsuspecting Facebook users to third party commercial sites so as to obtain the user’s personal information. Facebook suffered damages because its rights were violated. The interests of citizens of Washington State were compromised because they were tricked into disclosing personal information and pay for unwanted subscription services through spam. Adscend Media’s alleged unlawful conduct is not likely unintentional, if their actual or implied knowledge can be proven. It is not only likely to pay damages to Facebook, but also to Facebook’s users in the Washington.

IP Kidnapping

Photo titled: "Obama propone penas de cárcel obligatorias con un mínimo de tres años para los hackers" by jediadame on Flickr

On February 6th, 2012, CNET.com confirmed that the Internet security giant Symantec offered to pay a hacker or hacker group $50,000 for a promise to not release its valuable security code on the Internet. Specifically, CNET reports that beginning in early January of this year, a hacker known as “Yamatough” reached out to Symantec in an extortion attempt. Yamatough claimed to be part of the “Anoymous” hacker group that has attracted headlines in recent months, both for their attack on local, state, and federal government websites and its support of the Occupy Movement.

The object at issue is Symantec’s source code. Source code is the text written using the format and syntax of the programming language (computer language) that is specifically designed to facilitate the specific program it supports. Source code is significant because it is useful to a user, programmer, or system administrator to better understand how a program works, or more importantly, modify the program. Symantec identified the source code as that for Symantex Endpoint and Symantec Antivirus 10.2. Evidence at the time suggests that the hacker(s) may have obtained the code after breaking into servers run by Indian military intelligence.

Although Symantec publicly stated that its customers have no significant security threats due to this situation, a rational person would of course be worried. Although Symantec can and most likely has adapted its programs to this security threat, there is great reason for alarm. The source code obtained by the hackers can give them extra knowledge of Symantec projects and procedures, along with the ability to manipulate the code to best serve their interests. In addition, and perhaps most important, the threat to expose the source code to the Internet as a whole exponentially increases this risk because there will likely be no way to track the source code once it is released.

In fact, as of approximately 9:00 p.m. on February 6th, 2012, a 1.2 GB filed labeled “Symantec’s pcAnywhere Leaked Source Code” has appeared on The Pirate Bay, a large bit-torrent file sharing site. Symantec has not yet confirmed whether this is the source code at issue. What does this mean for your average attorney? Basically, its time to add another area of concern for attorneys, along with issues such as conflicts of interests, fiduciary duties, and professional responsibilities. If an Internet security giant is breached in this manner, then it may be time for attorneys, who are entrusted with confidential and sensitive personal and professional information, to be even more careful with this type of data. As technology becomes a more crucial part of an attorney’s arsenal of tools, events like this remind the profession why some times, having a simple lock and key safe may be the better bet in protecting a client’s information.

Major Record Company Brings Copyright Action Against Upstart Company Selling Used Digital Music

Photo titled "I love my music!" by Shiv Shankar Menon Palat

Last month, EMI, a top record company, alleged that ReDigi, an upstart company that sells used digital music, creates unauthorized copies of its songs through the operation of its business. EMI brought a copyright complaint against ReDigi, asking the United States District Court for a preliminary injunction to force ReDigi to shut down its business pending the court proceedings.

While the judge denied EMI’s request for the preliminary injunction, the resolution of the case will likely answer many of the questions facing the digital age. Some of the issues raised by the case include the meaning of “copy” for copyright purposes and whether transmitting copies of digital material count as a public performance. One of the biggest issues brought up with this case are what property rights does a purchaser of digital music through a source like ITunes really have?

Back before digital music existed through purchasing sites such as ITunes, people bought music the old-fashioned way—by going to the music store and purchasing a record, tape, or CD. Once someone purchased the music album, that particular copy was their album. The person could not duplicate the album and sell copies, but he or she could use it for a year and sell it to another individual or to a music store specializing in used music albums under the First Sale Doctrine.

ReDigi claims it does the same thing with digital music, since it scans the seller’s hard-drive and deletes the music file once the transaction of sale is complete. This act makes it impossible for the song initially purchased from ITunes and sold to ReDigi to be duplicated or transferred. Is this not the same thing as selling your physical album for some cash? Something the court may have to determine is whether ReDigi has really taken away the rights of the digital music holder when it deletes the song from their hard-drive, or if in this advanced technological age the seller could in actuality retain access; posing problems for companies like EMI.

Google’s New Master Privacy Policy

Photo titled: "Scary Google with Sauron Eyes" by dullhunk on flickr

Google, Inc. announced their new “master privacy policy” earlier this week, which will take effect on March 1, 2012. The new policy will replace 60 different privacy policies currently in place. Google’s goal of implementing the new policy is as follows; “Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.”

One of the major changes stemming from the new policy is the relationship of the user to all of Google’s products. A user will be treated as a single user. Now information will be shared across Google products, including YouTube, Picasa, Calendar, and Gmail. Under the current policy, information is maintained by each individual Google produce, rather than consolidated. By sharing information across multiple products, Google has the ability to offer more innovative features for users, customize ads, and compete with Facebook.

Eight House lawmakers already reacted to Google’s updated policy by writing a letter to Google Chief Executive, Larry Page, requesting a response by mid-February. The lawmakers, which consist of 5 Democrats and 3 Republicans, requested more information about the policy mainly regarding the collection and storage of information. Their main concern stems from a user’s ability to opt out of data collection. The lawmaker’s wrote, “Google's announcement raises questions about whether consumers can opt-out of the new data sharing system either globally or on a product-by-product basis."

Betsy Masiello, the company policy manager, responded to the letter on a blog post. She said, the company looks “forward to answering those questions, and clearing up some of the misconceptions about our privacy policies.”

A lot of the criticism stems from a lack of understanding of what information Google is currently able to obtain, and what they are going to be obtaining in the future. The information Google can access has not changed, however their process for handling the information has. In Google’s 2005 privacy policy, the company states, “We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience, and to improve the quality of our services.”

Users should be aware of the new effective privacy policy to understand what type of data Google is capturing. Check out the new privacy policy below:

Google Privacy Policy, available at https://www.google.com/policies/privacy/preview

"If the Price is too Good to be True, it Probably is” - ICE Director John Morton

Photo by: mollyali's 

A coordinated government effort to crackdown on websites selling counterfeit goods is in full force, most recently seizing 150 websites on Cyber Monday 2011. The rationale for the seizures is based on the idea that these websites steal creative ideas, cost our economy jobs and revenue, and can threaten the health and safety of American consumers by selling inferior goods in the market. Opponents argue the seizures are unconstitutional because the government does not afford the site owners adequate due process protection prior to seizing the sites.

Operation in our Sites is the effort of DOJ and DHS/ICE to halt intellectual property crimes at the national level. ICE is leading the charge, and derives its authority from the seizure and forfeiture laws of 18 U.S.C § 981 and 2323. As Margaret A. Esquenet and Justin A. Hendrix explain, (http://www.ecommercetimes.com/story/72344.html) “Under Section 2323, property used to a commit federal crime, such as criminal trademark or copyright infringement, is subject to forfeiture to the U.S. government. Under Section 981, the government can apply to a federal court for a warrant to seize that property. To obtain the warrant, the government must show there is probable cause that the website violates federal criminal law. The owner of the domain name may challenge the seizure warrant in the district court that issued it. During a later forfeiture proceeding, the owner also may challenge the basis for forfeiture.”

To carry out the Operation, ICE agents make undercover purchases of various products covered by trademark, including professional sports jerseys, golf equipment, DVD sets, footwear, handbags, and sunglasses. Once the goods arrive and the trademark holders confirm that the purchased products are counterfeit, seizure orders are obtained. The intent of ICE is to protect the economy and consumers, and ensure that revenue is flowing to the rightful parties instead of to those who steal intellectual property. The objective is a good one, and the websites are property used to commit a federal crime, so the seizures and the process by which they are carried out are legitimate under federal statute.

ICE may need to revisit the effectiveness of some their procedures to reach that end, though. In February 2011, the department rightfully seized 10 sites before the Super Bowl that were accused of offering illegal streaming video of sporting events, and before Valentine’s Day, it seized 18 sites selling counterfeit luxury goods. But somehow along with those, it shut down 84,000 other legitimate sites and posted a notice that the reason was for “advertisement, distribution, transportation, receipt, and possession of child pornography.” Not good. The error may have had to do with linking sites, but the owners of the legitimate sites deserve a more robust due process procedure so as to avoid future errors.

Operation in our Sites is certainly a complicated technological effort without introducing administrative hurdles. But there is likely little harm (expense notwithstanding) in an email notice to domain name owners that their site is subject of investigation and will be shut down in 48 hours without further action on their part.

Carrier IQ: Cell Phone Data Snooping Revealed

Photo by: sam_churchill 

Earlier this week, a 25-year old security researcher named Trevor Eckhart posted a YouTube video detailing a program called “HTC IQ Agent” that was installed on his cell phone. Trevor showed that the program was recording every action taken on his phone, including key presses, text messages, and passwords - and then transmitting this data directly to the offices of the company Carrier IQ. The program started automatically with the phone, ran in the background, and could not be turned off. It wasn’t a virus, nor was it installed by an outside vendor; it came pre-installed on his phone.

The revelation that a company was extensively tracking cell phone users actions lit off a firestorm of controversy. Numerous technology blogs decried Carrier IQ's actions. Carrier IQ soon threatened Mr. Eckhard with legal action, but then apologized after Mr. Eckhard sought the protection of the Electronic Frontier Foundation.

In its defense, Carrier IQ claims that all of the recorded data transmitted is anonymous. The company provides a valuable service to many U.S. cell phone carriers, who contract with Carrier IQ to provide specialized diagnostic, trending, and troubleshooting data for the devices on their network. The issue is the sheer volume and depth of data being recorded, which seems unnecessary for purely diagnostic or reporting purposes.

Whenever I accept a terms of service or license agreement on a website, I assume that I'm giving up all of my rights related to content and privacy. However, even in this digital age, I still consider my right of privacy to extend to my personal belongings; the information in my wallet, my documents, and even information stored on my cellphone. As cellphones have become more powerful and increasingly connected, they have become personal organizers. My calendar, contact list, Christmas shopping ideas, and other personal information are all stored on my cellphone. Given that I've tapped all this information into my cell phone at some point, it is likely that this information is also now stored somewhere on Carrier IQ's servers.

So far, Carrier IQ software has been found on both Android and iOS cell phones for several U.S. carriers. Many guides and how-to documents have been posted with instructions on how to disable the software. The Senate has even gotten involved, giving Carrier IQ until December 14th to address privacy concerns. In addition, it's possible that Carrier IQ has violated federal wiretapping statutes, and already there are rumblings of class action lawsuits.

It's also quite possible that this story has been overblown. Many journalists have noted that the data stored are purely anonymized metrics that carriers use to improve their service, ultimately benefiting consumers. There is no evidence that personal, identifying information has been used in an improper manner. However, given the amount and type of data being recorded, I am uncomfortable with any company having this information on their servers. A line has been crossed, and thanks to Trevor Eckhart, the world knows.

A Step Towards Anonymous Browsing on Mobile Devices

Photo by: jeffschuler 

As Americans we “get” our right to privacy through provisions of the 1st, 4th and 14th amendments. We have the 1st amendment right to free assembly, the 4th amendment right be free from unwarranted search and seizure and the 14th amendment right to due process. Through these provisions the Supreme Court has addressed and upheld birth control rights, abortion rights, marriage rights, and child rearing rights among other issues related to privacy.

With the surge of people using the Internet over the past 2 decades, from children to college students to baby boomers, there is endless amounts of personal information on the internet, some of it intentionally put there and some of it not intentionally publicized. It is harder to maintain ones privacy in this world of instant Facebook access and oversharing on Twitter. Adding to this dilemma is the advent of the smart phone, from Iphones to Blackberries, you can now remotely upload a picture to Facebook, you can browse the Internet on the train, and update your blog while out to dinner.

Using these devices can leave the user or others vulnerable to their privacy being invaded. Not only can others access public Facebook profiles and see content that 3rd parties in pictures or mentioned may not be aware of, but websites track browsing and respond with ads and suggestions, not to mention the dangerous problems of phishing, hacking and identity theft. For example Google scans emails and then advertises for things mentioned in “personal” emails. Anyone with access to your computer or device can check your history and see where you have been poking around on the Internet.

This week, Apple approved the use of an application that will now be offered in the App Store. This Covert Browser for Ipad will allow users to confidentially browse the Internet (a similar App is also available for the Iphone). Although there are kinks to be worked out, you can purchase the peace of mind of “completely” anonymous web browsing for just $2.99. The Covert Browser is a much more secure way to browse than other secure networks. The technology behind the application is Tor. Tor triple encrypts data and routes it through three computers whereas other secure browsing only route through one computer, leaving users vulnerable to the companies responsible for the routing. The Apple endorsed application is a much needed move towards privacy for mobile devices.

Data Protection Uniformity in the European Union

Image Titled "Internet Global Advertisement" by The Miiz

On Tuesday, Vice President of the European Commission Viviane Reding, announced a plan to harmonize data protection policies throughout the European Union. The plan would allow an Internet company to operate throughout the 27 Member States as long as its data protection policies were approved by a single state.

The new directive will update the EU’s data protection laws, to patch holes created by U.S. law through the introduction of the Patriot Act, and to bring the 1995 Data Protection Directive up to speed on new and developing technologies, such as cloud computing. Based on European data protection standards, the rules Reding would like to introduce are codes of practice ensuring "adequate safeguards" for data transfers between parts of the same corporate group.

Reding hopes the new data protection regulations will make it much simpler to negotiate such binding corporate rules (BCRs) she said Tuesday at a conference in Paris organized by the International Association of Privacy Professionals.

“They [Companies] need ... to have a ‘one-stop-shop’ when it comes to data protection matters, one law and one single data protection authority,” Reding told the American Chamber of Commerce. “I want to drastically cut red tape.

Reding reiterated that European law would apply to any company operating within the European Union, even if the company is based outside the area, such as the United States. Subsequently, any non-European company with customers or clients inside Europe will have to comply fully with European regulations. Details of the plan are expected to be revealed by late January although it may take as long as 18 months before the bill becomes law.

Under the current Data Protection Directive, companies have to have their data protection policies approved by each individual country. The Directive offers basic principles and laws that each member state has built upon. This fragmented approach has made it increasingly difficult for businesses to trade, and comply with the complicated rules and regulations. Germany for example has stricter laws than the UK, making trade between the two countries difficult. Reding estimates that this bureaucratic approval process costs companies approximately $3.1 billion per year.

In order for there to be uniform E.U.-wide privacy rules, the data protection officials in individual countries would have to be granted greater power to enforce their laws and to impose penalties on violators. Under the existing system, privacy officials in some countries can only make recommendations. Jacob Kohnstamm, chairman of a panel that advises the commission on privacy issues, said the Union needed data protection authorities that were “able to bark and bite.”

Reding believes that an overhaul of the privacy regulations is crucial to increasing the competitiveness of the European economy during its present debt crisis. According to a New York Times article, Ms. Reding said, “I think I am persuaded that while bringing member states out of their debt crises, we have to do everything we can to help our companies grow.”

Such changes are necessary because the world is no longer defined by physical borders, she said. "Data races from Barcelona to Bangalore. It is processed in Dublin, stored in California and accessed in Milan. The transfer of data to third countries has become an important part of daily life, and this affects businesses and citizens."

However, getting 27 countries to agree on a uniform policy may be easier said than done. The EU must iron out differences between its members over privacy issues. Countries like France and Germany favor stronger protections for privacy, while Ireland, Britain and others prefer more market-friendly rules. A further example of international divergence is shown in the European consensus on the new plan’s possible ‘right to delete provisions, which would allow European citizens to apply to social networks or companies to delete the data held on them. The UK data protection agency called the proposals “unenforceable” and that the proposed measures should not go ahead. It is also likely that we will see conflicts between the rules in the European Union and other jurisdictions, like the United States, where data protection regulations are also under review.

Compliance and enforcement are two other major concerns surrounding the proposed plan. Kohnstamm urged the commission to draft the new privacy rules through regulation, a measure that would give E.U. member states little room for interpretation in their implementation of the law, rather than via a directive, like the current law, which means the law is not self-executing and the countries may adapt it. However, compliance and enforcement outside the European Union could prove costly. Wojciech Rafal Wiewiórowski, Poland's inspector general, raising this issue, asked, "Who will say whether a company is fulfilling its responsibilities under a BCR? "Let's assume it's the DPAs [Data Protection Authorities]: that works in Europe, but that's not really the problem. The problem is those companies moving data outside Europe. In the U.S., we can count on the support of the Federal Trade Commission, and Mexico too has a strong data protection authority,” he said. "But what about Laos? Who will check what is going on in a data center in Laos?"

The new proposal will likely have strong effects on the world outside of the bloc as well as inside. Ronald Zink, chief operating officer for E.U. affairs at Microsoft, said that harmonizing policies internationally might be just as important as doing it within the Union, but added: “I think the E.U. data protection laws can be a beacon for the U.S. and around the world. They do a lot of things right.” The details of the plan and the dates of its implementation are yet to come.

Carrier IQ, the Electronic Communications Privacy Act, and the Digital Millennium Copyright Act

Image titled Android Virus by Charliesalima

In the same week that Facebook settled its dispute with the Federal Trade Commission (“FTC”) over allegedly deceiving consumers about its privacy practices, an Android developer, Trevor Eckhart, discovered that Android phones run software that logs keystrokes and hides its presence on the phone. The discovery of Carrier IQ (CIQ) software embedded in the Android (and over the following days, other smartphones) raises legal questions that might expose both smartphone vendors and customers to liability.

The Electronic Communications Privacy Act, 18 U.S.C. 2510 et. seq. (2006)(ECPA) expanded the Federal Wiretap Act to prohibit interception of electronic communications through any “system affecting interstate or foreign commerce” without the consent of at least one of the parties to the communication. The Digital Millennium Copyright Act prohibits circumvention of effective measures designed to prevent unauthorized access to copyrighted material. 17 U.S.C.A. 1201 (2006).

Much of the analysis of Carrier IQ misunderstands the ECPA, so some discussion of what the ECPA does and does not cover is in order. The ECPA has been interpreted to allow keystroke logging which intercepted signals sent between the keyboard and the computer, because until an email or other message is actually sent, the computer is not “a system affecting interstate or foreign commerce.” U.S. v. Ropp, 347 F. Supp. 2d 831(C.D. Cal. 2004). The bulk of CIQ’s spying does not violate the ECPA. As Eckhart noted in his criticism of CIQ, when he dialed a phone number, the software logged the number before he made the call. Some states may have privacy laws prohibiting CIQ’s conduct, and certain consumers may have other claims (e.g. copyright infringement if any of their emails or texts contained material they owned a copyright to), but the ECPA does not prohibit keylogging.

Other portions of CIQ’s data collection may violate the ECPA. CIQ apparently also intercepts incoming text messages and emails. Incoming messages satisfy the “affecting interstate or foreign commerce” standard. Whether the manufacturers or carriers who installed CIQ violated the ECPA would then depend on whether they had valid contracts which allowed them to intercept their customers’ messages, a factual question specific to each carrier. Carriers’ recent panicked statements to the media indicate that most do not, as carriers have generally claimed either that they do not collect the data Carrier IQ collects, or that they only collect some less offensive subset of it. Carriers have put themselves in a precarious position by making such assertions, which smartphone manufacturers claim are false. The claim that a carrier does not collect data is only believable if the carrier does not include a data collection provision in its contracts, or includes the provision in a manner designed to keep consumers from recognizing or understanding it. Carriers who try to avoid bad publicity now may find themselves estopped from asserting a contract defense to ECPA claims in a later lawsuit.

A lawsuit may be the only option consumers have. Self-help is available to copyright owners in many scenarios, but is denied to people who want to protect their privacy from their wireless carrier. CIQ cannot be turned off through normal means, at least on the phone Eckhart tested. It can be defeated by hacking the phone. However, because CIQ is protected by digital rights management (DRM) software, consumer attempts to turn CIQ off may violate the DMCA.

In 2010, the Librarian of Congress used its powers under the DMCA to create an exemption for “jailbreaking” smartphone handsets. However, the exemption only applies when the jailbreaking is for purposes of interoperability, offering consumers no hope for protecting their privacy.

The DRM technology in use does not need to be strong to make circumventing it illegal. In spite of the word “effective” in the statute, courts have held that the DMCA also prohibits circumvention of ineffective measures designed to protect copyrighted material, because effective measures don’t need legal restrictions on circumvention and the word “effective” would be mere surplusage if it didn’t also cover ineffective measures. See Universal City Studios v. Reimerdes, 111 F. Supp. 273 F.3d 429 (2d Cir. 2001). The DMCA applies even when no copyright is violated, and it carries criminal penalties.

The DMCA leaves customers of carriers who use CIQ no other option but to accept violations of their privacy, find a carrier which does not use CIQ, or sue. Given the number of misleading press releases put out by carriers in the last few days and the frequent use of adhesion contracts that lock customers in to long periods of service, option 2 may not be so easy. While the case for ECPA violations is not as strong as some have asserted, it is still viable, and may be consumers’ only hope.

SOPA: The New Way to Stop the Feed

Photo by: donkeyhotey 

Introduced in October, the Stop Internet Piracy Act ("SOPA") is the House of Representatives attempt to place greater restrictions on websites hosting copyright infringing material. In the Congressional hearing that have thus far been held, representatives of Hollywood and the Recording Industry Association of America ("RIAA") have strongly supported this bill, as it would attempt to stem the flow of copyright infringing material, especially from websites from foreign states. This controversial bill has come under fire from internet providers, including Google, Verizon, Comcast, and AT&T, specifically focused on section 102 of the proposed bill, the site blocking provision.

Section 102 of SOPA provides the courts with the power to require an internet service provider ("ISP") to block a website that is found to contain infringing material. The location of the website is not relevant to this section, as the provider can be ordered to take measures to "prevent prevent access by its subscribers located within the United States to the foreign infringing site."

Some ISP's, specifically those running smaller servers, have already stated that such a blocking requirement is simply not technically feasible with their current network infrastructure. They would have to completely redesign their system in order to be able to screen access to a list of potentially thousands of sites, placing an immense financial burden on these smaller providers.

In addition to this worry, ISP are concerned at the vagueness of the requirements and responsibility that will be assigned to providers for complying with a blocking order. Proponents of the legislation state the SOPA does not have any specific technology requirements, or methodology for listing and blocking the infringing sites, so that it can be flexible. The problem is that such flexibility means that the court will be required to determine whether an ISP is complying with the spirit of the law, as there is no letter of the law to follow.

Regardless of whether such blocking should be required, potential costs from both possible legislation and network redesign will make the implementation of this legislation difficult to say the least.

Copyright Office Releases Discussion of “Mass Digitization”

Photo Titled "Kindle/Nook Hollow Book Holder" by Conduit_Press

Just this past month the Copyright Office released a forty page document entitled Legal Issues in Mass Digitization: A Preliminary Analysis and Discussion Document. The document is supplemented with multiple useful appendixes and comes in at just under one hundred pages total. What could possibly motivate the Copyright Office to go to such lengths? The answer is Google. More specifically, Google Books and a variety of organizations throughout the world that are attempting to compress as much printed or published material as possible into a digital medium. The problem is that the printed material, overwhelmingly books, is most likely under copyright with an owner who must grant permission for such copying. Hence copyrights.

The cases that led to this report and raised most of these concerns are Authors Guild v. Google Inc., 770 F. Supp. 2d 666 (S.D.N.Y. 2011), and the companion case American Society of Media Photographers, Inc. v. Google Inc., Civil No. 10-2977 (S.D.N.Y.). Google has been scanning books, many copyrighted, since 2004 and made full copies available to users of partner academic libraries and samples available to the general public via the internet. The report notes that the court was concerned “that exclusive rights afforded by copyright law should not be usurped as a matter of convenience, and that policy initiatives that redefine the relationship between copyright law and new technology are in the first instance the proper domain of Congress, not the courts." Google attempted to settle the matter at one point but he Department of Justice was concerned that Google’s behavior would continue and have negative long-term implications. Though settlements are expected, future litigation is almost inevitable.

The document goes on to describe how books are being mass digitized and who the interested parties are. Google is obviously one of these parties. A conglomerate made up of twelve well-known universities, Google, Microsoft and the Internet Archive created the HathiTrust Digital Library that contains three billion pages of scanned content. European governments have also partnered with private organizations to digitize as much cultural and scientific resources as possible. The Library of Congress, the Smithsonian Institution, and the National Archives all have detailed digital plans for the future as well. It is definitely worth noting that there is already a vast amount of literary work available online throughout the world. The EU, France, Germany, and China are all working on government funded projects to digitize books that are considered imperative to the preservation of history.

The fourth part of the report analyzes how copyright laws, specifically licensing, interact with book digitization initiatives. Under the Copyright Act a copyright owner possesses a “bundle of rights” that includes the right to exploit the digital rights of their work however they see fit. The Copyright Act also grants a limited exception to libraries and their ability to make copies of books. The report also notes “it is difficult to imagine an exception to copyright applying to the commercial partners of libraries.” The Fair Use exception is discussed but no concrete predictions for its application can be arrived at. Fair Use is employed as a defense once the court finds infringement, which analyzes the motives and individual circumstances of the infringer on a case-by-case basis. The last issue raised in the fourth part of the report is “orphan works.” The term orphan work is used to describe a copyrighted work without a locatable owner to obtain permission from. Congress has discussed a “safe harbor” for certain organizations that are using orphan works as long as the work is no longer used if the copyright owner reappears and objects to its use.

Licensing schemes are discussed in the last part of the report covering both direct licensing and collective licensing. Collective licensing would encompass voluntary (direct negotiation between licensee and licensor), extended (requiring some form of legislation to allow groups to bargain on behalf of licensee and licensor), and compulsory (basically forcing the copyright holder to license the use of the work) methods.

Many of the concerns brought up in this document are analogous to the concerns society and business had with the invention and rise in popularity of copiers/Xerox machines and videocassette recorders/VCRs. The use of digitized books by members of non-profit organizations like universities and public libraries does not seem to be the main problem here because the library will most likely be a good faith partner that can be negotiated or renegotiated with. The long-term concerns seem to be centered on what framework needs to be put in place to protect copyright owners from technology that isn’t “here” yet. If you told an author twenty years ago that their most lucrative royalties would come from tablets, Nooks, or Kindles they would try to have you committed. But, many if not most people’s lives now revolve around digital content. It would not be fair if that stick in copyright owner’s bundle of rights is compromised; it may ultimately prove to be the most valuable stick.

The full document can be found here: OFFICE OF THE REGISTER OF COPYRIGHTS, LEGAL ISSUES IN MASS DIGITIZATION: A PRELIMINARY ANALYSIS AND DISCUSSION DOCUMENT, (2011), available at http://www.copyright.gov/docs/massdigitization/USCOMassDigitization_October2011.pdf

Ban on French Cop-Watching Website

Photo titled "Anti-Sarkozy Demonstration & Riots (28) - 06May07, Paris (France)" by Phillipe Leroyer

Following French President Nicolas Sarkozy’s call for a more “civilized Internet,” a French court recently placed an immediate block on French website Copwatch Nord Paris, which monitored controversial actions of the French police. The website offered various images and videos of police officers while arresting suspects, including such acts as allegedly taunting protestors and committing acts of violence against members of ethnic minorities, reports the NY Times.

The French police welcomed the court’s decision, believing that the site was responsible for inciting violence against the them. Jean-Claude Delage, secretary general of the police union, Alliance Police Nationale, told Agence France Presse that the court “analyzed the situation perfectly,” stating the court had “made the right decision.”

Free speech activists, on the other hand, find the ban on the website to be an unacceptable censor, but consistent with the French government’s policy of imposing strict control over the Internet. Amnesty International issued a report in 2009 which criticized France for its police brutality, which it noted, is rarely investigated. The recently banned cop-watching website was an attempt to expose these alleged injustices.

The cop-watching movement and corresponding websites originated in the United States and have been protected by the First Amendment of the U.S. Constitution. Unfortunately for French advocates of free speech on the Internet, there is no equivalent to the First Amendment in French law. Given that no such protections exist for the French, the court was able to help Sarkozy in his attempt to clean up the Internet while free speech went by the wayside.

For further reading see:

Eric Pfanner, Court Orders French Cop-Watching Site Blocked, N.Y. TIMES, Oct. 16, 2011, available at http://www.nytimes.com/2011/10/17/technology/court-orders-french-cop-watching-site-blocked.html?_r=2&ref=technology.

Police Abuse Goes Unchecked, AMNESTY INT’L, Apr. 2, 2009, available at http://www.amnesty.org/en/news-and-updates/report/police-abuse-goes-unchecked-france-20090402.

House Subcommittee Hears Testimony on Online Gambling Regulation

On October 25, 2001, the U.S. House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing, and Trade held a hearing on the state of online gambling and the potential impact of regulation. A wide range of testimony was given by varied groups, most of it coming down in favor of taxing and regulating. Given the Joint Select Committee on Deficit Reduction, also known as the Supercommittee, and its mandate to issue a formal recommendation on reducing the budget deficit by at least $1.5 trillion over the next decade, the time seems right to get such legislation passed.

Online gambling has a rocky history in the U.S. In the early 2000’s the Bush administration attempted to use the Wire Act, mostly unsuccessfully, to prosecute online gambling; federal courts have typically held that the Wire Act only applies to online sports betting, not online gambling in general. The Bush administration responded by sneaking the Unlawful Internet Gambling Act of 2006 (UIGEA) into the SAFE Port Act as a last-minute amendment that received almost no review. The UIGEA prohibits payment processors from accepting payments in connection with unlawful online gambling, but neglects to specify what types are unlawful. The UIGEA did cause a number of large online gambling sites to pull out of the U.S. market, but the market quickly recovered and continued to grow, with online poker being a particularly popular form. On April 15, 2011, the Department of Justice seized the domain names and froze the domestic assets of three of the largest online poker sites; Poker Stars, Full Tilt Poker, and Absolute Poker. These sites no longer operate within the U.S. although many smaller sites still operate domestically.

The October 25th hearing may have marked a turning point in online gambling in the U.S. Over the past few years, numerous pieces of legislation were drafted, and at least one was formally introduced. Yet most have stalled in either the drafting or committee review stage. The recent hearing, however, shows that the momentum may have finally shifted. There was key discussion about how regulation could help with consumer protection, and subcommittee members spoke in favor of regulating online poker in particular. Perhaps surprisingly, the National District Attorney’s Association issued a statement supporting online poker. Likewise, the National Council on Problem Gambling, while recognizing that online gambling may increase the danger of gambling addiction, explained how technology could be used to help combat compulsive gambling more effectively in an online setting than in traditional casinos. Finally, former FBI Director Louis Freeh submitted testimony in favor of regulating online poker. Given the potentially large source of revenue that taxing and regulating online gambling could bring to federal and state governments, along with its widespread popular support, it is time for Congress to stop forcing online gambling underground, and instead license and regulate it to provide a safe environment for the players and much needed revenue for the government.

Odysseus Lives: The New Face of the Trojan Horse in Modern Warfare

Photo courtesy of The Hacker News

Warfare in the modern context is almost unrecognizable from what it was less than 100 years ago. Where the primary concerns of World War I were the use of barbed wire and mustard gas, today warfare is fought using an amalgamation of manpower and cyber-technology. With the battlefield changing shape, so too does U.S. policy toward the conduct of international conflict. This is particularly evident in the Obama Administration’s revelation that it considered infiltrating Libyan defense infrastructures to delay radars from discovering NATO planes. The administration abstained from the tactic, stating that it did not want to set a precedent for countries such as Russia and China to utilize such strategies in the future. This begs the question: has cyber-warfare become such a concern as to require a multi-lateral treaty?

Modern concepts of the laws of war followed closely in the wake of various horrors faced in World War I and II. After the WWI, the international community, realizing the tremendous humanitarian costs of using chemical and biological weapons, adopted the Geneva Protocols. The 1949 Geneva Conventions placed further limitations on the attack of hospitals, field ambulances and non-military medical personal. The 1983 Convention on Certain Conventional Weapons established the gradual abolition of anti-personnel mines; recognizing the extreme danger to civilian populations, primarily children, decades after a war’s end.

Pentagon reports suggest that the United States military infrastructure is subject to regular attacks by computer hackers from countries such as Russia and China. A noticeable upsurge in cyber-assaults on the U.S. began when a U.S. spy plane collided with a Chinese fighter jet in 2001. After that date, attacks from anonymous sources skyrocketed. On an international scale, Russia has been accused of hacking into Georgian networks in its 2009 conflict with the nation. Also in 2009, Indian terrorists hijacked GPS networks in orchestrating their assault on Mumbai civilians.

Following these events, President Obama proposed an internal strategy in order to address cyber-threats. The proposal called for the creation of a Cyber-security Coordinator and modest collaboration between state and local governments focusing mainly on internal prevention. Noticeably absent from the President’s plan was a strategy for international cooperation. Later in 2009, when the Russian Federation proposed a non-proliferation treaty with the United States, the U.S. walked away from the negotiating table citing a reluctance to impose any restrictions upon the Internet as a free speech medium. The proposal would have placed limitations on signatory governments from targeting civilians, or using certain malicious codes, similar to the international approach toward the utilization of chemical weapons.

Despite this suggestion, the U.S. decided to rely upon its allies to build upon its infrastructure. It’s noteworthy that the United States is a member of the Council of Europe’s Convention on Cyber-crime, but this convention merely agrees that signatories will impose regulation and penalties for certain cyber-crimes. In September of 2011, the U.S. and Australia added cyber-warfare to their joint defense agreement, continuing the U.S.’s trend toward working with allies in this area. Although these measures are a step in the right direction, they are between friendly nations. They do not restrict other nations from leading a digital offensive against the U.S. or other friendly countries in times of war. As a result, the world essentially remains the same.

The interconnectivity that the Internet offers present a tremendous danger to armed combatants and bystanders across the world. Although treaties such as the Geneva Protocol limits attacks on ambulances and non-military medical personnel in war, no treaty exists which prohibits the use of malicious code to cripple a hospital’s network or to disable targeting systems so as to cause weapons to miss their targets. The U.S.’s proposed, but unexecuted, approach toward Libya shows the reality of these scenarios. Furthermore, the U.S.’s technological dependence clearly shows that without these limitations in place the U.S. have a lot more to lose in the event of a cyber-offensive.

Private Crackdown on Copyright Infringement

Photo courtesy of Richard Ericksson

Hollywood and the music industry announced a new policy in July aimed at cracking down on copyright infringement by Internet users. The agreement, which also involved Internet service providers (ISPs) such as AT&T, Cablevision, Comcast, Time Warner, and Verizon, requires the ISPs to punish their customers who are suspected of violating copyrights. An Internet-service customer who downloads movies or music from peer-to-peer networks may be subjected to “mitigation measures.”

The mitigation measures are graduated—first, an email alert is sent to the suspected infringer stating that the user may have misused their Internet account for online content theft. If a second suspected offense is committed, the user may receive an email “educating” him/her about the legalities of online file sharing. If several more suspected violations are committed, the user’s ISP may temporarily reduce the user’s Internet speed, or redirect the user to a landing page. At this point the user would either need to contact his/her ISP or respond to some educational information regarding copyrights.

This is disturbing enough, but emails obtained through the Freedom of Information Act and provided to Wired.com, reveal something even more troubling. The U.S. copyright czar, as well as other top-ranking Obama administration officials, were involved in the closed-door negotiations leading to this agreement. This is troubling because despite the fact that the U.S. government has an extensive copyright statute to protect copyright holders, it is also pushing its enforcement policy through private action that is not subject to judicial review.

Further, consumer advocacy groups were hardly consulted during these negotiations and were not given the opportunity to provide any sort of substantive input. Some people may not be troubled by such actions taken by government officials, or some may feel indifferent. But the question that must be asked is what is the proper role of government? Here it seems that the federal government is pushing policies through private contracts between ISPs and their customers. Such contracts are much more likely to be enforced than a federal statute that says the same thing. Not to mention that Congress itself is being bypassed through such a process, eliminating the need for Congress’ approval of a de facto legislative act.

Facebook-Tapping: Facebook sued for watching you once you sign-out.

Photo courtesy of Alan Cleaver on Flickr

It seems like Facebook maybe tapping our computers without us knowing. Recently, a lawsuit was filed against the social networking site claiming that they monitor their users after they log out. The lawsuit seeks class action status and is requesting that the court block the tracking of users based on violations of federal wiretapping laws, computer fraud, and abuse fraud. With Facebook already facing privacy concerns over their new features such as “Timeline,” this could be one of many lawsuits the social-networking powerhouse faces in the near future.

The issue arose after an Australian blogger conducted tests on Facebook’s cookies. He discovered that when users logged out of Facebook the site did not delete their “tracking cookies” but modified them so they were allowed to continue monitoring users. With this allegation, Facebook admitted that that cookies were used to track users even after they logged out. Just recently, Facebook has informed users that any cookies that were installed on user computers that track their Facebook interaction and websites have been removed.

With Facebook’s recent admission of tracking users, will the lawsuit lead to users losing their trust in the social networking site? Facebook has thrived on their privacy policy over the years, and it has been a major reason why they have over-powered their competition. Facebook, however, has also flourished on the advertisements they sell and the third party applications they run. With these recent tactics Facebook is exposing their users’ privacy without them knowing for Facebook’s own financial benefit. If Facebook is found guilty of such acts, it may lead to major backlash by users and lead to more lawsuits revolving around privacy against the social networking titan.

Whatever the outcome of the lawsuit, users may feel a sense of concern over whether they will continue to be watched by Facebook. The federal wiretapping laws are set in place to prevent such monitoring without explicit authorization by a judge. However, there is already a sentiment building that the more power Facebook has over the social networking realm, the more likely they will continue to expose their users for financial and transactional purposes. With many users not technology savvy, Facebook has enough computer geniuses to figure out another way to monitor users without being detected. In the end, depending on what further information comes out of the lawsuit, if Facebook can’t continue to ensure a user’s privacy, then users may turn to emerging sites like Google+ to get their social networking fix.

E-Privacy: The Way the Cookie Crumbles

Photo Provided by: Pete Taylor on Flickr

On May 26th, 2011, a new European Union (EU) Directive came into effect revolutionizing Internet privacy. The newly enacted Directive, Directive 2009/136/EC of the European Parliament and of the Council of 25 Nov. 2009, has been appropriately labeled “the Cookie Directive” because it mandates that without an Internet user’s affirmative assent websites cannot use cookies. Cookies are files that are installed on a user’s computer during web browsing used to authenticate, track, and profile the Internet user’s web surfing behavior. The Cookie Directive requires that any Internet website that directs activities at EU Member States must allow users to opt-in, providing explicit consent to access or store personal information.

The Cookie Directive amends EU directives addressing electronic privacy (e-privacy): Directive 2002/22/EC, Directive 2002/58/EC and Regulation (EC) No 2006/2004. Unlike the earlier E-Privacy Directive that required an option to opt-out to refuse cookies, the new Cookie Directive requires that users opt-in before cookies are used at all. The Cookie Directive requires that a website get a users informed, affirmative consent before using cookies to store or access personal information or to track their website activity.

Internet users have expressed an interest in protecting their personal information. Google Inc.’s Executive Chairman, Eric Schmidt, said some pretty scary stuff in a 2010 interview with The Wall Street Journal concerning the lack of privacy on the Internet. “[W]e [at Google] know roughly who you are, roughly what you care about, roughly who your friends are." “It will be very hard for people to watch or consume something that has not in some sense been tailored for them.” The EU has responded to these concerns with multiple Directives that are representative of value Europe places in protecting individual privacy.

Companies with websites are not yet sure how to comply with the new regulations. There are worries about how to actually implement the directive. If a website is forced to comply with the directive, operators will have to spend a lot of time and resources to make the changes.

Web analytics, is third-party software installed on websites to track user behavior. Web analytics software uses cookies to track website behavior. It is one of the best methods for tracking the interest of website users. Adobe Omniture is one of the most popular web analytic software programs. The directive may require Adobe, and other web analytic companies, to implement changes to their software. The cost of the change will likely be passed on to web operator, users of the software. The online marketing industry will also take a hit, as they rely on analytics software.

If websites can no longer track user behavior, web operators will have to make uninformed, wild guesses about the best user experience. Being prevented from tracking user interests will prevent tailoring the experience and will result in less relevant and individually interesting user experience. The directive is overly broad. It should be limited to tracking individuals, but not include tracking users as a whole.

Holding Google Accountable: DOJ Settlement over Canadian Pharmaceutical Advertisements

Photo by: ahhyeah

Over eighty percent of Internet users worldwide use the Google search engine. Information sharing over the Internet has incredible benefit to society, but we must recognize that the corporation controls our access to that information. Further, any corporation’s main objective is to make profit and increase shareholder value, not to protect people. Google’s incredible control over the information we discover warrants robust government oversight – the recent settlement over illegal pharmaceutical advertising and sales is a positive step.

The issue in the Google Settlement is Google’s violation of The Federal Food, Drug, and Cosmetic Act, 21 U.S.C. § 331(a) and (d) and § 952. The Act makes it a crime to introduce into interstate commerce a misbranded or unapproved drug. Google allowed online pharmacies to buy advertising through its AdWords program and import prescription drugs into the United States. It also frequently assisted these advertisers with its “geo-tracking” function, which allows advertisers to focus on their ads in particular areas based on ad text and keywords.

Google was on notice that this activity violated US law. In March of 2003, the National Association of Boards of Pharmacy advised Google that the importation of prescription drugs from foreign countries is illegal. In response, Google hired various companies to monitor Canadian online pharmacies. The first was Square Trade, Inc., which allowed the pharmacies to self-certify their compliance with US law. Google knowingly allowed sellers who had self-certified to sell into the United States. The next was PharmacyChecker, LLC, which certified advertisers of non-controlled prescription drugs, which Google knew. Some advertisers didn’t meet either internal check and were still allowed to continue advertising. Lastly, Google knew that some advertisers, the “shady, fraudulent” ones , were not using pharmacy related terms in ad text, but instead only in key words. Since Google monitored advertisers that used pharmacy terms in text, this allowed many to go unnoticed. But Google knew of this practice and allowed it.

Google changed its practice after it became aware of the Government’s investigation, and in 2009 began to regulate online pharmacies more rigorously and allowed none from Canada. While a positive step, evading the regulatory arm of the US government in the prior years warrants this settlement. The FDA protects citizens, a vital role especially in our increasingly globalized world. We should welcome protections that safeguard our health. Accountability is vital to maintaining Google’s and society’s interests since Google has such incredible power to determine what information we discover.

An unexpected result of this settlement is the information that Canada’s regulatory regime for prescription drugs does not reach to Canadian pharmacies that ship prescription drugs to US residents. Plus, many of these pharmacies sell drugs obtained from outside of Canada, which lack adequate regulation. For the benefit of the reputation of Canada’s health system, this issue should be addressed in their government with proposed legislation to close that gap. And a request for the US government: show us the financial reporting from the Asset Forfeiture Program for the $500,000,000 dollars

A Whole New Kind of Overshare

Photo is entitled "Facebook" by Massimo Barbieri

On Thursday, September 22, 2011, Facebook founder and CEO, Mark Zuckerberg announced the newest Facebook features to come. Zuckerberg announced the new features at Facebook’s annual developers’ conference, explaining what he calls “Timeline” and “Ticker.”

According to Zuckerberg, Timeline is “the story of your life,” allowing users to fully express who they are by sharing and gathering user information in an entirely new way.

In Timeline, a user has different stories that appear at the bottom of the page on the left, while on the right side of the page, a timeline appears that basically compiles and breaks down previous user page posts from different points in time. Zuckerberg explained that these different story pages allow people to go back in time to earlier posts and feeds easily. Therefore, not only will recent shares be seen on the page, as they currently are, but posts will be organized by year, month, etc. The user will also be able to add photos and other information to these past time periods, like a scrapbook of sorts…adding information to their life that might have been missed for that period.

While Timeline appears to be a new and different way for users to gather and organize their personal information on pages, as well as efficiently view other friends’ information, the second new Facebook feature, “Ticker,” is wrought with privacy concerns.

Ticker and Open Graph are two programs that work complementary to one another. Open Graph is already existing through Facebook, and it is a map of user connections. Ticker takes Open Graph to the next step by taking everything a Facebook user is experiencing in real time and placing it on that map. Open Graph allows the user to obtain things like movies, music, games, shows, and news from different media content sources. Facebook, making it now easier through Ticker to post information to their profiles, is partnering with other companies and developers in order to stream information directly from certain sites to Facebook. What does this mean? For the Facebook user, it means that every song listened to, every movie watched, or every book read may appear on your Facebook profile page for the world to see (or at least all of your 2,000 “friends”).

Thus, without taking the extra steps to ensure that only information you want on your profile page is listed there, Facebook is taking it out of your hands by automatically wiring these things directly into your account when you log into these other sites with your Facebook account profile. Many users may decide to opt out of using Facebook for their social networking needs, as these new features could share more private matters than originally bargained for. By taking the choice out of sharing pictures, music, movies, books, and the like, Facebook may be offering more than users want, or maybe, this is exactly what this over-sharing society is looking for.

Big Tobacco v. Australia: The Battle over Branding

Image by Economicz

As of January 2012, all cigarettes in Australia will be sold in packs of uniform olive green. The color was carefully chosen after a government survey found it to be the most distasteful to Australian smokers. The brand names will be printed in black standardized font. The new legislation will also designate seventy-five percent of the front and ninety percent of the back of the pack to warning labels.

The new packaging is the next step in Australia’s push to reduce smoking rates. Last year, the government raised tobacco taxes by twenty-five percent, bringing the cost of a pack of twenty cigarettes to between sixteen and twenty Australian dollars per pack ($16.75 – 21.00). These are some of the highest prices in the world. Australia has already banned public displays of tobacco products in retail stores, forcing storeowners to keep the products hidden behind counters. Smoking-related diseases kill 15,000 Australians per year and cost the country 31.5 billion Australian dollars in healthcare and lost productivity. Cigarettes are the leading preventable cause of death in the country. Australian officials say they are confident this ban of tobacco trademarks can be justified by its public health argument.

Tobacco companies vow not to give up without a fight. They have invested substantial capital in establishing and protecting their trademarks and feel that the plain packaging requirement will deprive them of their intellectual property without compensation. Philip Morris Asia, based in Hong Kong, has already initiated legal action against the Australian government, claiming the new legislation would violate a twenty-year-old bilateral investment treaty between Australia and Hong Kong. Under bilateral investment treaties, countries pledge to protect the investments made by foreign companies within their borders. On June 27, 2011, Philip Morris Asia filed a notice of claim, starting a mandatory three-month negotiation period. Other companies will likely follow suit.

Stripped of their brand recognition, tobacco companies are concerned for lost revenue. The value of a trademark is not in its possession, but its use. Trademarks create a shortcut in the consumer’s mind between the product and the quality. While Australia represents only a modest fraction of global tobacco sales, companies fear a domino effect. Countries like Canada, New Zealand, and the United Kingdom are watching this situation closely and considering similar measures. Tobacco companies also fear that plain packaging, which is much easier to imitate, will lead to an increase in counterfeit tobacco. This could lead to a greater supply of cheaper tobacco products on the market. Many companies have threatened to lower their prices in order to remain competitive, thus incentivize smoking.

Philip Morris will likely make two main arguments against the Australia’s public health claim First, it will point to the fact that there is no evidence that removing trademarks from packaging will reduce the number of existing smokers. Even if a person may mistake one brand for another, there is nothing to show that their smoking patterns would change. However, proponents of the new packaging argue removing all trademarks will breakdown the smoking-is-cool image the cigarette companies have been working for decades to create.

Secondly, Philip Morris will likely argue that the cigarette industry is being singled out. The Australian government allows for trademark-laden packaging for other unhealthy but legal products, such as alcohol and junk food. When this issue has been raised in interviews, Australian health minister, Nikola Roxon has responded that while alcohol and junk food, if consumed in moderation, produce few health concerns, there is no safe level of tobacco intake.

Outside of the courtroom, the tobacco companies have launched a counter attack. Philip Morris and other companies have joined together to create an advertizing campaign depicting the Australian government as an overbearing parental figure. The ads feature a stern looking woman with a tagline that reads, “Do you like living in a nanny-state?” Philip Morris has also created a website that warns that plain packaging will lead to counterfeit cigarettes manufactured in squalid conditions by organized crime leaders.

At this time, Philip Morris Asia is the only company to begin legal action, although they cannot officially file suit until the law goes into effect in January. When that happens and if Philip Morris is successful, other tobacco companies are likely to follow. Besides suing under bilateral investment treaties, the tobacco companies may also try to persuade their governments to bring suit against Australia under the WTO for violations under the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPs). The countries most likey to do this would be the world’s leading tobacco producers. Indonesia, the Dominican Republic, Mexico, and the Philippines have already raised concerns. Regardless of how the tobacco companies choose to fight the anti-trademark legislation, Australia should prepare for a shoot-out that would make the Marlboro Man proud.