This document provides an overview of social technology and legal issues related to its use. It begins with introductions and an agenda, then covers topics like understanding the mechanics of social media, its impact, limitations, risks, opportunities, and recommendations for action. Key points discussed include how social media can cause government overthrow, the myth of user consent, integration risks, jurisdiction issues, privacy concerns, and resources for further reading on relevant case law and regulations. The overall message is that technology is complex and constantly evolving, so legal and risk management expertise is needed to properly understand and address potential issues.
2. Meet Amy Larrimore
@AmyAllStar
#140 Speaker
2013
New York, NY
Advisor to Three
Heads of State,
including the USA
Pennsylvania Bar Institute
Faculty and Course Planner
Managing Partner,
The Empire
Builders Group
$43.25 = average daily web revenue
generated her first cup of coffee
3. Agenda
Today, we work on understanding:
Mechanics
Impact
What you don’t know
What they don’t know
Limitations
How events occur
Risks, Probability and Severity
Opportunities
What to do now
Resources and References
5. All the Legal Disciplines
Plus regulations that are
industry specific.
• Employment Law
• Litigation
• IP Issues
• Contract Law
• Family Law
• Privacy and Security
• Defamation
7. Username
(begins with @)Display Name
(link to profile)
Avatar
(Photo)
See related
tweets
(blue line)
Types of Interactions
• Reply (Respond to all, into conversation view)
• Retweet (Republish to your followers)
• Favorite (Bookmark or save – public)
Content
limited to 140
characters including
usernames, spaces and
links.
#funny
Understanding
Mechanics
8. Stop Thinking It’s One Monster
One brand technology
(“Facebook”) is actually a
combination of many
separate products with
separate terms managed by
separate entities in separate
places.
9. Technology Architecture
Domain
Website + Web Hosting
Ecommerce Platform
Financial System
Shopping Cart
Payment Gateway
Merchant Processing
MRP or ERP
Order Fulfillment
Shipping
CRM Email Host
Email Client
SEM & Social
Hootsuite Google Analytics
There are so many secret terms and conditions, your head might explode.
10. The New Real Estate
http://dodynamic.com/latest-news/a-website-is-like-a-house/
11. Domains
ICANN regulates Ownership
and Use of Domain Names
• empirebuilders.com (TLD)
• teaching.empirebuilders.com (SLD)
• empirebuilders.technology (gTLD)
Inclusion on DPML requires an
application to TMCH.
Recourse for domain names
held hostage via URS.
ICANN: Internet Corporation for
Assigned Names and Numbers
TLD and SLD: Top and second level
domain (respectively)
gTLD: (new!) Generic top level
domain which shows as a suffix at
the end of a domain name
DPML: Domains Protected Marks
List
TMCH: Trademark Clearinghouse
URS: Uniform Rapid Suspension
System
12. Integrations
Social Media
Planning or Scheduling Tools
Email Marketing
Customer Service and Support
CRM
Invoicing
Document Management
Affiliate Tools & Sponsored Content
Google Analytics/Forms/Adwords
Example: Plugins are
foreign code embedded
into your website to run
executable scripts.
20. Understanding What You Don’t Know
Technology is built on trickery and most people try extra hard to trick the lawyers.
21. The Myth of Opt In
• SaaS forces the user to agree to
terms to proceed.
• It is outside of regular contract
negotiation.
• Good user experience designs
trickery to deliver a “seamless
experience”
22. The Mirage of User Experience
“The Redirect - Masked”
23. The Mirage of User Experience
“The Redirect - Obvious”
26. If you think hiring an
expert is expensive,
wait until you see the
cost of an amateur.
• Requirements Creation
• Sourcing/Due Diligence
• Deployment
• Management
30. The sales chat rep says it’s just
three easy steps:
1. Enter company credit card
2. Upload all company data
3. Watch a six minute video
31. Stored
Communications Act
Courts are moving in a more protective
direction regarding Fourth Amendment
and electronically-stored information
Privacy rights in electronically-stored
information are not lost solely because
that data is stored in a medium owned
by another.
SCA provides a potential loophole in
most jurisdictions that may allow the
government to issue a subpoena for
past emails in the possession of the
service provider but also future emails.
Are Facebook Messages Email?
41. The Theft of @N
A story of how
hacking, extortion &
bad vendor practices
can lose $50,000 in 7
hours.
Social Media
setup with
company email
and connected
to website
Website
content
stored on a
Host
Empirebuilders.com
Domain
registered at a
Registrar
42. The Theft of @N
A story of how hacking, extortion & bad vendor practices can lose $50,000 in 7 hours.
43. The Theft of @N
A story of how hacking, extortion & bad vendor practices can lose $50,000 in 7 hours.
44. What @N teaches us
Phone Staff are the largest risk for breach.
Not understanding how it all works together
is the largest risk for exposure.
Company security policies need to be
sensible.
Company case review policies need to
consider exposure.
Both the business unit and IT needed
proactive legal and risk management help
that they didn’t receive.
Not embracing new technology (two factor
authentication) is a serious exposure.
45.
46. Establishing
Controls
Protection of Trade Secrets
What is unauthorized access?
Employees, Third Party Providers,
Social Media
Importance of policy vs.
hardware controls
Social media
Use or Excessive Use
Social Media Policy
CFAA: Computer Fraud
and Abuse Act
U.S. v. Nosal, 676 F.3d
854 (9th Cir. 2012)
47. You Can’t Make Me Be
Friends!
Piccolo v. Paterson (Pa.
Common Pleas 2011)
48. The SCA applies to
entities
Largent v. Reed (Court of
Common Pleas of the 39th
Judicial District of PA –
Franklin County –
November 8, 2011)
58. Digital Millennium Copyright Act
Computer maintenance
DVDs
Ebooks
Distance learning
Interoperability
are only a few carve out
examples.
59. Is staff creating content
the company can own?
Getty will come after you for
licensing.
Did the theme go home with the
assistant web developer?
Source of Inspiration?
Employment Agreements
60. Protecting company IP
Staff Training and Policies – Trade
Secrets
Understanding Provider Recourse
– Copyright and Trademark
Proactively securing brands online
– Copyright and Trademark
61. Are you paying attention?
www.google.com/alerts
www.twitter.com/search
www.addictomatic.com
www.whois.com
63. Think Differently
Approving NOTHING is the worst
strategy
Avoid the BRAND trap
Focus on the DATA and the
PROCESS, not the tool.
Start the conversation with IT now
and support funding for experts.
64. Make some POLICIES
Mainly, because it requires you to review
the process.
Secondly, because it requires
documentation in accordance with
regulation, standards and best practice.
http://socialmediagovernance.com/polici
es/
http://www.womma.org/ethics
67. CFAA
U.S. v. Nosal, 642 F. 3d
781 (9th Cir. 2011)
U.S. v. Tolliver, 2011 U.S.
App. LEXIS 19090 (3rd Cir.
2011)
68. Copyright and Trademark
The Copyright Act of 1976
Crossfit, Inc. v. Alvies 2014 U.S. Dist
LEXIS 7930 (N.D. Cal. Jan. 22, 2014)
Digital Millennium Copyright Act, 17
U.S.C. §512 (DMCA)
Edelman v. N2H2
Flava Works Inc. v. Gunter
IO Group, Inc. v. Veoh Networks, Inc
Lenz v. Universal Music Corp.
Ouellette v. Viacom International Inc.
RealNetworks, Inc. v. DVD Copy
Control Association, Inc.
Sony v. George Hotz
Viacom Inc. v. YouTube, Google Inc.
Vernor v. Autodesk, Inc.
69. Data Breach
Anderson v. Hannaford
Bros. Co., 659 F.3d 151
(1st Cir. 2011)
HIPAA
Resnick v. AvMed Inc.,
693 F.3d 1317 (11th Cir.
2012)
Sony Gaming Networks
and Customer Data Sec.
Breach Litig.,
No.11md2258, 2012 U.S.
Dist. LEXIS 14691 (S.D. Cal
Oct. 11, 2012)
PCI
70. E-Discovery
Columbia Pictures, Inc. v. Bunnell, 245
F.R.D. 443 (C.D. Cal. 2007)
Consol. Edison Co. of New York, Inc.
v. United States, 90 Fed. Cl 228, 231
(Fed. Cl. 2009)
FRCP
FACTA
Largent v. Reed (Court of Common
Pleas of the 39th Judicial District of PA
– Franklin County – November 8,
2011)
McMillen v. Hummingbird Speedway,
Inc. (2010 Pa Dist. & Cnty. –
September 9, 2010)
Piccolo v. Paterson (Pa. Common
Pleas 2011)
Stored Communications Act (SCA)
(SEE ALSO PRIVACY)
71. Jurisdiction
Business Software Alliance
The EU Data Protection
Directive
Forward Foods LLC v. Next
Proteins, Inc., 2008 BL
238516 (N.Y. Sup. 2008)
Gelmato S.A. v. HTC Corp.,
2011 U.S. Dist. LEXIS
133612 (E.D. Tex. Nov. 18,
2011)
72. Privacy
Crispin v. Christian Audigier,
Inc., 717 F. Supp. 2d 965 (C.D.
Cal, 2010)
Matter of United States, 770 F.
Supp. 2d 1138 (W.D. Wash.
2011)
McMillen is Zimmerman v.
Weis Markets, Inc. (2011 Pa.
Dist. & Cnty. – May 19, 2011)
State v. Bellar, 217 P.3rd 1094
(Or. App. Sept. 30, 2009)
Stored Communications Act
(SCA)
U.S. v. Warshak, 631 F. 3d 266
(6th Circ. 2010)
The most interesting aspect of the court’s decision was in addressing whether the privacy requirement was also met. In addition to examining whether the requirement was met under Pennsylvania law, the court analyzed whether the requirement was met under federal law, namely The Stored Communications Act. As part of the Electronic Communications Privacy Act, The Stored Communications Act (SCA) limits the government’s ability to force Internet Service Providers (ISPs) to reveal information about their users and limits the right of ISPs to voluntarily reveal information about their users. The court noted only one case thus far has addressed whether Facebook is covered by the SCA, Crispin v. Christian Audigier, Inc. In that case, a subpoena was served directly on Facebook to obtain information about the plaintiff’s status postings. The Crispin Court held Facebook was covered by the Act and concluded subpoenas are never allowed under the SCA. The Largent Court distinguished the facts of the Crispin case, noting the defendant was seeking information directly from the plaintiff, not from Facebook. As an individual, the plaintiff was not an entity regulated by the SCA. Finding the privacy requirement was satisfied, the court ordered the plaintiff to turn over her user names, log-in names and passwords for Facebook and MySpace.