Posted: May 22, 2014 12:00am ET
ANA has joined with fifteen other industry groups to call for Congress to pass federal data breach legislation this year. The industry letter is available here.
High-profile data breaches recently have increased the focus of policymakers and consumers on data security and privacy issues. Several data security bills have been introduced in the Congress and at least five congressional committees have held hearings this year on the most recent breaches. The White House report on “big data” which was released on May 1st called for federal data security legislation. The time has come for Congress to approve a clear federal standard. Data security bills have been introduced for several years and jurisdiction is spread across several congressional committees, however no decisive action has taken place. ANA firmly believes the time for Congressional action is now on this increasingly critical issue. A unified, federal law that preempts the patchwork of 47 inconsistent state laws would help businesses better comply with data breach standards and ensure the safety of customer data.
Posted: May 15, 2014 10:30am ET
A surprising and potentially landmark decision dealing with the future of online privacy was handed down by the European Court of Justice in Luxembourg earlier this week. The case involved a Spanish national who filed a complaint alleging that when his name was entered into Google, the search results displayed links to two articles from 1998 that discussed the auction of his home, which had been repossessed. He contended that Google should be required to remove or hide the links from appearing in a search request, as the cases were resolved and therefore “irrelevant.”
A 1995 EU directive established privacy protections regarding how personal information is processed. It allowed for consumers to request that this data be erased in certain situations. Based on this directive, the European Court of Justice found that Google is a processor and controller of personal information based on its search function and is therefore required, if asked, to remove links to web pages relating to a person from search results, even if the material contained in those links is true.
In determining when such request should be honored, the court found that a “fair balance” should be sought between the interests of free access to information and the privacy rights of individuals. This balance, the court determined, should be tilted towards the individual’s right to privacy, except in specific cases based on the nature of the information and the interest of the public having the information (such as if it concerns a public figure). If it is found that the inclusion of such links in a search result is incompatible with the rights of the individual, then a right to be “forgotten” exists and the links should be removed.
The case could have major implications on freedom of expression. It lets individuals determine what is presented in a search request online without regard for truth or falsity. It also interferes with the free expression rights of search engines and online publishers to allow legitimate information to pass to end users. Instead, it would require companies like Google or Twitter to serve basically as censors and remove data whenever the subject of the information asks, even if the information about them is true and lawfully published. The information would still exist, but search providers would be prevented from delivering it. It requires the search engines to determine whether to block access to third-party information to which they are merely providing links, asking them to use their judgment rather than any legal process.
This case also starkly demonstrates the different paths the European Union and the United States are taking on privacy issues. In the United States, such a ruling would most likely never happen due to the strong constitutional protections provided by the First Amendment in favor of free expression. Signals such as these from Europe indicate that the EU may be in the process of taking more strident positions on privacy issues across the board. Advertisers are likely to be drawn in to the debate as the EU moves forward in regard to data privacy and security.
This decision puts many online companies, not just Google, in a precarious position. Will they have to honor European requests to delete information that was lawfully published in the United States? Will Facebook need to “untag” persons in photos that show them engaged in activity they would now prefer to be hidden? How long a period will there need to have passed to make information “irrelevant?” These Solomonic decisions are far from simple. What this decision means for companies that do business in Europe remain to be seen, but is likely to be time consuming, expensive, highly burdensome, and undermine free speech values.
Posted: Nov 11, 2013 12:00am ET
ICANN has released the first nine English-language new Top Level Domains (TLDs). These are not the first new TLDs to be delegated, as four non-Latin script TLDs have been delegated previously. ICANN has said the list of new names will be updated, “as the measured rollout of the new gTLDs progresses over the coming years.” Now is the time for brand holders to take action to protect themselves within the limited trademark protections that have been approved by ICANN. Information about the Trademark Clearinghouse, which will allow brand holders to protect their names, is available here.
We encourage all brand holders to be proactive in protecting themselves in the beginning of this unprecedented expansion of Top Level Domains.
Internet Users Strongly Favor Interest-Based Advertising, Value Tools to Make Choices over their Internet Experience
Posted: Nov 5, 2013 10:15am ET
A new survey released today revealed what we’ve long suspected—people strongly support interest-based advertising on the Internet. They especially support this type of advertising if it means that they won’t have to pay to visit what are now their favorite free ad-supported websites.
According to a new Zogby survey commissioned by the Digital Advertising Alliance, more than 57 percent of respondents said they wouldn’t pay to visit any free, ad-supported site they currently use if those sites converted to a pay model. Fewer than 5 percent of the respondents said they would be willing to pay in order to continue to access the free, ad-funded websites they currently visit. Internet users clearly appreciate that advertising powers the Internet. Advertising levels the market place and information playing fields by providing all consumers with continued access to free content that they currently enjoy.
The poll also shows that Internet users are overwhelmingly supportive of interest-based advertising when they learn about the protections and choices available to them. The more users learn about their choices, the more comfortable they become with interest-based advertising.
The Association of National Advertisers has long believed that consumers should have the ability to make their own choices in controlling their Internet experience. The only way web users can truly control the ads they see is to be empowered to take action to make these determinations themselves. Fortunately, consumers have that ability. The Digital Advertising Alliance, an alliance of advertising interests, maintains a robust program that allows consumers to dictate whether or not they receive interest-based advertisements. Users have the freedom to choose quickly and easily whether or not they would like to receive interest-based ads.
Users can click on the Advertising Option Icon on the corner of a banner ad for more information on the ads they see and choose to opt-out. Not only are users given a choice, but they have the opportunity to learn why they are receiving these ads. Since its inception in 2010, more than 25 million consumers have visited the DAA coalition’s websites – AboutAds.info and YourAdChoices.com – and only two million of them have taken action to choose to opt out of receiving interest-based advertising.
In fact, today’s survey found that if an ad has the “advertising option” icon, users will feel more comfortable about these ads. The survey revealed that 73 percent of polled consumers said they’d feel more comfortable with interest-based ads if they knew they had access to the protection that the DAA currently provides with the opt-out and more information links, limitations on data collection, and third party enforcement. By providing users with information on interest-based advertising, companies and brands are only enhancing their advertising power. These findings demonstrate that businesses that participate in the self-regulatory effort engender greater trust from their consumers.
The Internet has brought an unprecedented wealth of free and valuable content, directly supported by revenue generated by serving relevant ads. For the consumer, it’s a service. It is another way for consumers to receive information that is relevant to their specific needs. Consumers are guaranteed ads that are more likely to interest them rather than being inundated with ads in which they have no interest. As the survey found, users are committed to advertising-supported content. By a ratio of five-to-one, users said their favorite Internet sites were supported by advertising (50 percent) rather than subscription fees (10 percent).
Posted: Oct 28, 2013 4:00pm ET
On Wednesday, House Judiciary Committee Chairman Bob Goodlatte (R-VA) introduced a long-awaited bipartisan bill, the Innovation Act, to combat the growing threat from patent assertion entities (PAEs), often called patent trolls. This bill requires heightened pleading standards for patent suits, including descriptions of which patents are actually infringed, as well as how they are infringed. Transparency is another key element, with the requirement that plaintiffs disclose any party which has a financial interest in the patent at issue, as well as an allowance for defendants to join these other parties in the litigation. There is a cost-shifting mechanism in the Innovation Act that can allow a court to require that the loser pays for the winning side’s litigation fees. In cases where there is litigation between a troll and a manufacturer, cases against end users are stayed until the resolution of the case against the manufacturer. The Innovation Act also expands the Patent and Trademark Office’s post-grant review authority of business method patents, which are frequently the subject of patent suits involving trolls.
Despite the divisions in Congress over a wide range of issues, efforts to limit patent trolling are an area with real momentum on both sides of the aisle. Republican and Democratic co-sponsors of the Innovation Act include, among others, Anna Eshoo (D-CA), Zoe Lofgren (D-CA), Jason Chaffetz (R-UT), and Spencer Bachus (R-AL). Additionally, Senate Judiciary Committee Chairman Patrick Leahy (D-VT) expressed his support for Chairman Goodlatte’s bill and stated that he is continuing to work on patent reform legislation with Senator Mike Lee (R-UT) and others.
Bad news for trolls might also come soon from the country’s highest court. Last month, the Supreme Court granted certiorari in two cases regarding the award of attorney’s fees in so-called “exceptional” patent infringement claims where it is determined that the claims were 1) brought in bad faith and 2) objectively baseless. In Highmark, Inc. v. Allcare Management Systems, Inc., the Court will evaluate whether or not a trial court’s finding that a case was exceptional (resulting in a subsequent grant of attorney’s fees) is entitled to deference at the appellate level. And in Octane Fitness v. Icon Health and Fitness, the Court will examine whether the test for “exceptional” cases used by the U.S. Court of Appeals for the Federal Circuit (which hears appeals of patent cases and creates patent case law) is too strict and, therefore, actually incentivizes trolling lawsuits. Reversals in either of these cases could potentially raise the stakes significantly for trolls in filing claims.
These newer developments all come in the wake of an investigation into patent trolling activities by the FTC, as well as actions against accused trolls by several state attorneys general. While the ultimate fate of the legislation and outcome of the Supreme Court cases remains unclear, patent trolling may soon become a much more risky game to play. We are hopeful that our members will keep us informed of any developments in this area that affect them.
Posted: Sep 24, 2013 12:15pm ET
Yesterday, I wrote about the proposal by the Internet Corporation for Assigned Names and Numbers (ICANN) (which manages domain names (DNS) on the Internet) to expand dramatically the number of those names. Rather than the 22 names we all know (e.g., “.com” “.gov”), ICANN now intends to add more than a thousand new names – but so far, without sufficient care about the potential harms to consumers, businesses and Internet users. These concerns about an overly rapid Top Level Domain rollout are very widespread. Governmental entities – and even ICANN’s own subgroups – have identified serious potential harms.
Here is what some of our leading companies and industries are saying:
- A coalition of electric cooperatives in New Mexico: “[ we are ] concerned about the potential for the gTLD expansion to disrupt and compromise the security of not only their computer networks and communications systems, but also the infrastructure and facilities – such as power lines, switches, substations and transformers – used to transmit and distribute electricity throughout their service regions. …The Electric Cooperatives are concerned that this expansion of Internet addresses could compromise network security… The Electric Cooperatives believe that it is not solely their four cooperatives that face this threat, but all of the electric utility industry and, indeed, potentially the entire energy sector throughout the United States.”
The electric cooperatives went on to state, “the Electric Cooperatives urge ICANN to delay the roll-out and implementation of the new gTLDs, so as to provide sufficient time to study the potential adverse impacts of new gTLDs on the safety and reliability of electric transmission and distribution grids.”
- General Electric: “The correlation between frequency and risk for any particular gTLD cannot be determined without additional contextual information. ICANN should endeavor to develop a more sophisticated risk model, and commission further studies on this subject…We strongly urge ICANN to exercise due caution in this area, and to not delegate any gTLD for which there is any question regarding risk until that risk is fully understood.”
- Microsoft, Verisign, and Yahoo: “These issues must be addressed to preserve the stability, security and resiliency of the DNS. Allowing known risks to remain unresolved would be irresponsible and inconsistent with ICANN’s core mission. It is crucial that ICANN’s leadership recognizes and works with the appropriate technical bodies to ensure these issues and risks are defined, evaluated, and addressed comprehensively. This is of particular concern to operators of Internet infrastructure whose networks and customers will be negatively impacted. The cost to business of transferring known risks to unknowing end users is substantial and must be avoided. As described by the SSAC [the Security and Stability Committee of ICANN] and verified by the recent Interisle study, the delegation of new strings that are already widely in use as internal identifiers in enterprise, government, and other private networks into the root of this multi-billion user ecosystem will present substantial security risks. If and when delegations occur, these naming collisions will cause breakage in existing networks, negatively impacting enterprises, governments, and end users who are unaware of the source of the problem.”
Microsoft, Verisign, and Yahoo! then emphasized, “Unexpected name collisions caused by new gTLDs being delegated into the root could have devastating consequences…Any such negative impacts may have serious consequences for those who rely on the DNS, and this should raise significant liability concerns.”
- The United States Telecom Association (US Telecom), a major organization representing Verizon, AT&T, as well as other telecommunications entities, noted, “…it is feasible that public safety agencies may have internal local name spaces with the potential for collisions with new gTLDs. Similarly, there are several new proposed gTLDs that could potentially collide with internal local name spaces containing highly sensitive personal conditions, including .HIV. Of course, this does not take into account the various gTLDs with seemingly innocuous names (e.g. .FLS) that in a global environment that uses multiple languages, could very well resolve to internal local name spaces containing critical sensitive information."
US Telecom then stated, “Given the uncertainty surrounding the potential for domain name collisions, combined with the uncertainty over the potential impact of such collisions, it is imperative for ICANN to conduct additional study on this issue. USTelecom strongly urges ICANN to conduct a follow-up study to more fully understand the full spectrum of risks to private networks, equipment and devices posed by all new gTLDs and to develop appropriate mitigation measures as necessary.”
- The Online Trust Alliance (a global organization addressing the end-to-end trust issues and challenges faced by consumers, online merchants and online financial services companies): “A single domain collision has the potential to bring down the entire IT organization of an enterprise… ICANN should undertake further study on this potentially serious and expensive remediation issue.”
- The Chertoff Group (a global security advisory firm headed by former Secretary of Homeland Security Michael Chertoff, and whose team includes former CIA Director Michael Hayden): “…we believe it is prudent to conduct additional analysis on the security and liability risks associated with these new gTLDs, particularly with regard to key resources and critical infrastructure.”
- The American Insurance Association: “…the current 21-day comment period provides insufficient time to research this issue. We … respectfully request that ICANN grant an extension of time” [to conduct research].
- The United States Council for International Business: “we feel the ICG study does not provide sufficient analysis of risks to internal namespace posed by a broad range of new gTLDs.”
So, let’s see: electricity providers; national security experts; telecommunications providers; insurers; Internet users; large manufacturers; national advertisers; and groups representing business generally—these are just some of the entities that stress that we’re not ready for a major deployment of new gTLDs, and that the rush to roll them out will expose consumers, businesses and users of the Internet to major risk of harm. The concern about ICANN’s plans is growing and very serious. ANA believes ICANN needs to step back, collect more information, and assess the potential implications before delegating new strings into the root. If not, the very stability and security of the Internet will be jeopardized.
Posted: Sep 23, 2013 3:45pm ET
The Internet Corporation for Assigned Names and Numbers (ICANN) manages domain names (DNS) on the Internet, and it is planning a dramatic expansion of those names. Rather than the 22 names we all know (e.g., “.com” “.gov”), ICANN now intends to add potentially more than a thousand new names. Unfortunately, as the Association of National Advertisers has been warning for some time, ICANN appears to be rushing to deploy those names without taking the necessary steps to ensure the stability and security of the Internet. The potential harms to consumers, businesses and Internet users could be very serious, increasing the dangers of fraud, deception, phishing, cybersquatting and other cyber harms. Yet ICANN plows ahead on its determined – and potentially very dangerous – schedule.
Various governmental entities have stated real concerns about the DNS expansion. Officials at the Federal Trade Commission (FTC) have said that, “the potential for consumer fraud is great, and that the planned deployment was a “potential disaster.” Commissioner Julie Brill stated at ANA’s Advertising Law & Public Policy Conference, “I remain concerned, as I have been since ICANN first announced its plans, that the expansion could create opportunities for scammers to defraud consumers online, shrink law enforcement’s ability to catch scam artists, and divert the resources of legitimate businesses into litigating and protecting their own good names.” The Chairman of the US Senate Committee that oversees Internet issues, Jay Rockefeller, wrote to ICANN urging that a limited round of domain name deployment be done at first, so as to permit a one-year review period as to its effectiveness. In July, the US Senate Appropriations Subcommittee with jurisdiction over Internet issues called on the Department of Commerce to assess whether ICANN will have in place the necessary security elements to protect stakeholders during the DNS deployment.
Posted: Sep 5, 2013 9:15am ET
In July, I wrote about the growing number of legislative proposals that have been put forward in Congress to battle patent assertion entities, more commonly referred to as “patent trolls.” So-called patent trolls get their names by operating much like a troll from folklore. They produce nothing, buy up broad patents, and then hide and wait until the time is right to strike unsuspecting businesses with threats of highly damaging and expensive litigation. Trolls from folklore often meet their end in sunlight. For patent trolls, legislative and regulatory sunlight appears to be the only appropriate remedy. As we await expected major anti-patent troll legislation from Chairman Goodlatte and Chairman Leahy of the House and Senate Judiciary Committees respectively, momentum has begun to build against patent trolling in other areas.
On August 30th, the Government Accountability Office (GAO) released a report on patent infringement litigation. This report found that between 2010 and 2011, the number of patent infringement lawsuits increased by roughly 33 percent. GAO further found that between 2007 and 2011, the number of defendants in patent litigation increased by 129 percent. The GAO determined that up to twenty percent of those suits were brought by patent trolls. This percentage, however, likely did not capture the true magnitude of the problem, as it is important to note that companies often settle with trolls well before a trial or even the filing of a complaint. Most importantly, this report notes that much of the problem in this arena is sparked by the grant of overly broad patents, especially for business method patents relating to software. A number of the pending legislative proposals would help to remedy this problem. This report will certainly provide momentum to efforts already underway.
State Attorneys General also have begun to indicate a willingness to step in to stop patent trolls. On August 20th, Minnesota Attorney General Lori Swanson announced a settlement with a patent troll known to some as the “scanner troll.” This entity claimed to own a patent on scanning office documents to e-mail and targeted a number of businesses with demand letters threatening litigation if it was not paid $1,000 or more for each employee using the technology. Some of these letters even contained a draft complaint in an effort to increase the threat. Under the terms of the settlement, the company may not send further demand letters without the prior permission of the Attorney General’s office and may not grant its patent rights to any other entity unwilling to comply with these terms. Vermont Attorney General Bill Sorrell also filed a lawsuit against this same patent troll in May alleging unfair business practices under Vermont’s Consumer Protect Act.
The FTC has also indicated its willingness to step into the game. Chairwoman Edith Ramirez has stated that she believes the FTC should use its Section 6(b) investigative subpoena authority to determine whether or not patent trolls may be committing unfair business practices.
The abuse of the patent system by so-called trolls is harmful to innovation and economic growth. The American Intellectual Property Law Association found that patent litigation can cost as much as $650,000 for smaller claims, and as much as $5 million for larger claims. When costs of settlement to avoid litigation were factored in, the White House Report stated that as much as $29 billion was paid by companies to patent trolls in 2011. While recent actions by Attorneys General indicate a growing willingness to fight back against abusive practices, the GAO Report demonstrates that broader reform is needed to help provide the sunlight necessary to put a stop to the “trolling industry.” ANA is continuing to work hard as a part of several coalitions to ensure that such reform happens as soon as possible.
Posted: Aug 28, 2013 2:30pm ET
Name Collision is a major concern for global brands and consumers as ICANN prepares to roll out more than 1,000 new web site suffixes or top level domains (such as .hotel, .buy, .bank, .sucks, and .gripe). Name collision occurs when new top level domains (TLDs) are identical to internal company domains, which can lead to major conflicts that could raise significant security and stability issues for the Internet.
ICANN’s preparations for this deployment have been woefully inadequate. ANA, which represents the interests of major global advertisers, has long expressed concerns about ICANN’s persistent rush to deploy these domains before it has adopted sufficient protections for consumers and brandholders. To date, those protections have been anything but sufficient.
ICANN itself has recently raised red flags that it may not fully know the true ramifications of a roll-out of new TLDs by stating that as many as 20% of all of the proposed TLDs present a large potential risk for name collision. A recent 3rd party report commissioned by ICANN admits that the chance of clashes is significantly larger than ICANN initially suggested.
What is more concerning is that the third-party report readily admits that the data only counted the number (and not the types) of potential name clashes, which means ICANN has virtually no data to determine whether delegating new TLDs could interrupt important public safety communications, government web traffic, e-commerce applications, internal corporate communications or just casual web traffic.
Yesterday, ANA sent a letter to ICANN strongly expressing its concerns, stating that “ICANN must know what underlying services could potentially ‘break’ on the Internet to begin to gauge risk” before rolling out any new TLDs. ANA’s member companies are working to determine if clash issues are present within their networks. However, ANA has hundreds of members that must generate new data to determine the potential service failures on their respective network. These issues are highly technical, complex, and they will take more time than ICANN has allowed for a thorough assessment.
It is extremely disappointing that ICANN is forcing companies to rush to conduct this analysis when ICANN has been aware of clash issues since 2009.
ICANN’s failure to determine adequately the extent of the problem means that many companies are only now learning about these clash issues on the eve of the planned new TLD deployment.
ANA calls on ICANN to fulfill its mission to maintain Internet security and stability in the public interest and postpone the rollout until the full extent of name collisions can be determined.
Posted: Aug 9, 2013 1:30pm ET
Today, we sent a letter to ICANN President & CEO Fadi Chehadé asking for an extension of the public comment period for proposals to mitigate name collision risks. In our letter, we argue that the current due date for comments, August 27th, is wholly insufficient given the amount of time needed by stakeholders to run a full technical analysis of possible risks, as well as the fact that many companies are currently short-staffed due to summer vacations. We call for the comment period to be extended to November 1, 2013 and for the reply comments to be due on November 22, 2013.
Companies who are in agreement with these views should strongly consider sending requests for an extension of the comment period as well.
On a related note, Verisign has responded to the letter it received from NTIA on August 2, 2013. This exchange of letters provides interesting background on the security issues which prompted ICANN’s recent release of a third-party report on name collision risks in new Top Level Domains earlier this week.