FTC Beat
Apr 20
2016

Judge Flunks Case Against LabMD, FTC Appeals

Picture2

In March 2015, I wrote about the ongoing dispute between the FTC and LabMD, an Atlanta-based cancer screening laboratory, and looked at whether the FTC has the authority to take enforcement action over data-security practices alleged to be insufficient and therefore “unfair” under section 5(n) of the Federal Trade Commission Act (“FTCA”). On November 13, 2015, an administrative law judge ruled that the FTC had failed to prove its case.

In 2013, the FTC filed an administrative complaint against LabMD, alleging it had failed to secure personal, patient-sensitive information on its computer networks. The FTC alleged that LabMD lacked a comprehensive information-security program, and had therefore failed to (i) implement measures to prevent or detect unauthorized access to the company’s computer networks, (ii) restrict employee access to patient data, and (iii) test for common security risks.

The FTC linked this absence of protocol to two security breaches. First, an insurance aging report containing personal information about thousands of LabMD customers was leaked from the billing manager’s computer onto peer-to-peer file-sharing platform LimeWire, where it was available for download for at least eleven months. Second, Sacramento police reportedly discovered hard copies of LabMD records in the hands of unauthorized individuals. They were charged with identity theft in an unrelated case of fraudulent billing and pleaded no contest.

Incriminating as it all might seem, Administrative Law Judge D. Michael Chappell dismissed the FTC’s complaint entirely, citing a failure to show that LabMD’s practices had caused substantial consumer injury in either incident.

Section 5(n) of the FTCA requires the FTC to show that LabMD’s acts or practices caused, or were likely to cause, substantial injury to consumers. The ALJ held that “substantial injury” means financial harm or unwarranted risks to health and safety. It does not cover embarrassment, stigma, or emotional suffering. As for “likely to cause,” the ALJ held that the FTC was required to prove “probable” harm, not simply “possible” or speculative harm. The ALJ noted that the statute authorizes the FTC’s regulation of future harm (assuming all statutory criteria are met), but that unfairness liability, in practice, applies only to cases involving actual harm.

In the case of the insurance aging report, the evidence showed that the file had been downloaded just once—by a company named Tiversa, which did so to pitch its own data-security services to LabMD. As for the hard copy records, their discovery could not be traced to LabMD’s data-security measures, said the ALJ. Indeed, the FTC had not shown that the hard copy records were ever on LabMD’s computer network.

The FTC had not proved—either with respect to the insurance aging report or the hard copy documents—that LabMD’s alleged security practices caused or were likely to cause consumer harm.

The FTC has appealed the ALJ’s decision to a panel of FTC Commissioners who will render the agency’s final decision on the matter. The FTC’s attorneys argue that the ALJ took too narrow a view of harm, and a substantial injury occurs when any act or practice poses a significant risk of concrete harm. According to the FTC’s complaint counsel, LabMD’s data-security measures posed a significant risk of concrete harm to consumers when the billing manager’s files were accessible via LimeWire, and that risk amounts to an actual, substantial consumer injury covered by section 5(n) of the FTCA.

The Commissioners heard oral arguments in early March and will probably issue a decision in the next several months. On March 20th, LabMD filed a related suit in district court seeking declaratory and injunctive relief against the Commission for its “unconstitutional abuse of government power and ultra vires actions.”

Ifrah Law is a leading white-collar criminal defense firm that focuses on data privacy, and healthcare.

Apr 05
2016

Wells Fargo Learns That Recording Calls In California Can Be Costly

iStock_000050698192_Small

In the past few years, many organizations such as Capital One, Bass Pro Outdoor, and the Cosmopolitan Hotel have faced class actions alleging violations of California’s call recording law.  This week, California’s Attorney General demonstrated that her office, working with state prosecutors, will also vigorously enforce the law under the state’s criminal statutes.  Attorney General Harris announced an $8.5 million dollar settlement with Wells Fargo Bank, N.A. over the alleged failure to provide call recording announcements to California consumers.

The complaint alleged violations of Sections 632 and 632.7 of California’s Penal Code, including the purported failure of Wells Fargo’s employees to “timely and adequately disclose the recording of communications with members of the public.”  These laws form part of California’s Invasion of Privacy Act. Section 632 makes it illegal to eavesdrop (monitor) or record a “confidential communication” without the consent of all parties. The statute defines a “confidential communication” as including “any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto.“ The law specifically excludes communications in circumstances “in which the parties to the communication may reasonably expect that the communication may be overheard or recorded. “ Section 632.7 bars the recording of cell phone conversations, without the consent of all parties.

Wells Fargo Bank settled the case, agreeing in a stipulated judgment to the $8.5 million settlement and certain compliance requirements.  Specifically, Wells Fargo must make a “clear, conspicuous, and accurate disclosure” to any consumer in California of the fact that Wells Fargo is recording the call.  The settlement requires that this disclosure occur “immediately at the beginning” of the call, but allows Wells Fargo to precede the disclosure with an introductory greeting identifying the customer service representative and the entity on whose behalf the call is made (presumably, a Wells Fargo-affiliated entity). Wells Fargo also committed to a compliance program for one year and periodic internal testing of its employees’ and agents’ compliance with the call disclosure requirement.  The bank agreed to appoint an officer or supervisor with specific oversight responsibility for compliance with the settlement obligations.  Within a year following the stipulated judgment, Wells Fargo must provide the Attorney General with a report summarizing the testing.

Interestingly, the Attorney General previously pursued a similar action against home improvement platform Houzz Inc. for allegedly failing to notify all parties of its recording of incoming and outgoing telephone calls.  In that case, Houzz agreed to appoint a Chief Privacy Officer to oversee Houzz’s compliance, a first for a California Department of Justice settlement.

As we have advised before, all organizations recording calls – whether inbound or outbound – should immediately disclose to called parties that the call is being recorded.  The disclosure should occur at the outset of the call.  One type of introduction could be, “This is Michelle, calling on behalf of XYZ Company. This call is being recorded and/or monitored.”  Some companies may wish to announce the option of a non-recorded line, available via a key press. It is also important to time the recording to begin after the announcement, to avoid potential liability based on even a few seconds of a recorded call before an announcement is given.

A few important reminders are worth repeating:

  • The announcement requirement applies to inbound and outbound calls, including requested return calls.
  • Recording announcements apply to all types of calls – not just sales calls.
  • Maintain proof of the announcement.
  • Implement a short, written call recording policy.
  • Train customer service representatives to understand the call recording policies.
  • Periodically “test” call recording procedures.
  • Promptly investigate any call recording complaints and take appropriate corrective action.
  • Have customer service representatives sign an acknowledgment that they understand they are being monitored and/or recorded.

The recording of customer service and other calls is an important component to prevent fraud, fulfill legal requirements and augment customer service, among other reasons. Companies can implement call recording effectively, but must comply with announcement requirements and should take proactive measures, such as training and testing, to protect against civil and criminal liability and to safeguard consumer goodwill.

Ifrah Law is a leading white-collar criminal defense firm that focuses on .

Mar 31
2016

Arbitration Under Fire: Brace Your Company for Less Contract Freedom and More Class Actions

Close-up Of Judge Reading Contract Paper At Desk In Courthouse

Since the Federal Arbitration Act (FAA) of 1925, the United States has had a policy preference for arbitration, even when an arbitration provision includes language barring class action litigation.  We saw this most recently in December 2015 when the Supreme Court reversed a decision by a California Court of Appeal to invalidate a class-arbitration waiver within a service agreement between DirecTV and its customers.[1]  But not everyone thinks arbitration is so great a thing.  Encouraged by consumer groups and trial lawyers, federal regulators are pushing for limits on arbitration provisions in consumer contracts.

At its core, the debate is about whether companies may compel consumers to arbitrate rather than litigate disputes and – perhaps more significantly – bar consumers from class action remedies as part of the arbitration requirement.  Critics of mandatory arbitration say that it restricts consumer redress and is tantamount to a deceptive trade practice because the arbitration provisions are usually contained in the “fine print” of a contract.  The new rules being proposed reportedly are designed to eliminate mandatory arbitration provisions and facilitate class action litigation.

Despite the criticisms of consumer groups, arbitration often is cheaper and more effective for both individual consumers and companies.  By interfering with Americans’ freedom of contract to prevent the use of mandatory arbitration, the government could severely damage U.S. business interests by exposing them to a marked increase in expensive class action litigation.  In turn, that would result in more limited choices and increased costs for consumers.

The government’s efforts to eliminate mandatory arbitration provisions in consumer-related contracts have been highlighted in several recent agency actions.  In its list of near-term goals, the Bureau of Consumer Financial Protections (CFPB) said that new rules to govern arbitration in consumer contracts would be a priority in 2016. The Department of Education announced that it, too, was reviewing mandatory arbitration provisions in college enrollment contracts.  And despite multiple appellate decisions to the contrary, the National Labor Relations Board (NLRB) again concluded that class action waivers in arbitration agreements infringe on an individual’s rights under Section 7 of the National Labor Relations Act.

All of this has happened in the space of three months, indicating a clear effort by the government to diminish businesses’ ability to require arbitration that shields them from often frivolous and costly class action litigation.  The acts of some Congressmen have made this agenda even more transparent.  In February 2016, Senator Patrick Leahy introduced a bill that would modify the scope of the FAA and curtail the use of mandatory arbitration.  The bill is unlikely to pass in the current Republican Congress, but Congress previously empowered federal agencies to curtail the use of mandatory arbitration provisions on a significant, but more limited, basis.

The CFPB’s current actions were authorized by the 2010 Dodd-Frank Act[2], which barred the use of arbitration clauses in certain mortgage contacts[3] and gave the SEC power to ban or restrict the use of arbitration in other disputes. Deepak Gupta, then the CFPB’s senior counsel for enforcement strategy, stated that prohibiting or restricting mandatory arbitration would be “the single most transformative thing the bureau can do” for consumers.[4]  In March 2015, the CFPB released a 728-page study of arbitration in consumer contracts, which was criticized by some academics and trade groups for misstating the impact of mandatory arbitration provisions on consumers.  Since then, members of Congress have engaged in deeply partisan squabbling over the need for additional rulemaking on consumer arbitration or to limit class action litigation in other ways.

Despite the criticism and opposition, CFPB director Richard Cordray reiterated the agency’s plans to release new rules aimed at banks and other financial firms. Earlier comments by the agency confirm that the new rules will be designed to prevent arbitration clauses from restricting class action remedies.  We think such changes would quickly spread to encompass telephone, Internet, and other commonplace consumer agreements.

American companies should be concerned with how executive agencies, e.g., the CFPB, the Department of Education, and the NLRB, will carry out their plans to introduce regulations that restrict the use of arbitration clauses in a broad range of consumer contracts.  We will not be surprised to see some companies restrict their consumer offerings or increase prices to account for these new rules.  If you work in American business, we urge you to take notice of these changes and review how to protect your company from undue litigation in future contracts. Among other options, you should analyze the inclusion of non-mandatory arbitration provisions, the separation of class-action waivers from arbitration provisions, and the option of raising prices to contend with increased litigation.

[1] DIRECTV, Inc. v. Imburgia, 136 S.Ct. 463 (2015).

[2] Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010). The Dodd-Frank Act was passed without a single Republican vote in the Senate.

[3] Id. § 1414.

[4] Carter Dougherty, CFPB Finds Arbitration Harms Consumers, Presaging New Rules, BLOOMBERG BUS., March 10, 2015, available at http://www.bloomberg.com/news/articles/2015-03-10/cfpb-finds-arbitration-harms-consumers-in-study-presaging-rules.

Ifrah Law is a leading white-collar criminal defense firm that focuses on a variety of practice areas. View all.

related practices at ifrah law:
View all
posted in:
Uncategorized
Mar 21
2016

To Refer, Or Not To Refer? OIG’s Outdated Health Care Referral Restrictions

Man having video chat with female doctor on digital tablet at home

The Office of the Inspector General, which enforces Health and Human Services, has long been averse to referral services that don’t meet certain criteria.  To get protection against a possible enforcement action, the referral service can’t exclude anyone from participating in the service, and payments for referrals have to be reasonable and cannot be tied to the volume or value of the referrals that are made.  All this complexity doesn’t simply keep referral services from earning a legitimate living; it denies patients access to superior healthcare options.

In a time when patients gravitate toward online resources, the OIG’s restrictions on medical referrals appear horribly out of date. Generally, when people want to find a pharmacy, lab, or doctor, they ask a friend or family member. In many circumstances, though—such as moving to a new city and not knowing anyone—people are likely to go online. Here they will find numerous referral services that can steer them to many reputable providers, who are often happy to pay for the hookup. This type of commercialized referral happens all the time in privatized industries—but because the government pays for healthcare (in the case of Medicare and Medicaid), it gets to set the rules for that space. Many of these rules are legitimately designed to protect against fraud and misuse of public funds, but that shouldn’t make them impervious to revision.

Thankfully, this has not escaped the notice of referral services and even the OIG, which has issued some enlightened opinions on the matter; case in point, No. 11-18. In 2011, a web-based provider of billing, electronic record, and patient messaging services asked if it could offer a coordination service whereby physicians could pay a transmission fee for connecting to other providers in order to share patient information, provider numbers, and clinical data. In response, the OIG determined that this service would not be afforded protection under the safe harbor, but it would not necessitate enforcement action either. In this instance, and many others in today’s marketplace, the referral service isn’t a health care provider that bills the government, but a third party provider of software and services.  What would be the harm of facilitating the transmission of information between referring providers so that a patient can receive care?  Here the OIG acknowledged that the fee structure was fair market value, that it would be assessed whether or not a patient followed through, and that it was unlikely to influence a provider’s decision to refer to any particular person or entity.

When the referral services safe harbor was drafted it made some sense for the OIG to suspect that an online referral service could charge a fee to steer patients to a particular provider, thereby exploiting federally reimbursed services and products.  However, in most cases, online referral services are there simply to expand access to care, allow patients to have more choices, and help them find options that best suit their needs.  In any other industry it makes perfect business sense for a referral service to charge its users a fee in order to recoup the cost of implementation (if any) and achieve a profit. It’s high time the OIG gives medical referral services the air they need to do the same. Modifying the safe harbor could take a lot of time and effort, but the OIG can take it upon itself to revise its interpretation of the safe harbor’s requirements without having to turn a blind eye to the law.

Ifrah Law is a leading white-collar criminal defense firm that focuses on online fraud and abuse, and healthcare.

Mar 16
2016

Good Lord, & Taylor! Of Course You Need to Disclose Native Ads

Picture1

On March 15, 2016, national retailer Lord & Taylor agreed to settle FTC charges that it “deceived consumers by paying for native advertisements.” The settlement is the first of its kind following the December 2015 guidance memorandum, Native Advertising: A Guide for Businesses, issued by the FTC. Under the terms of the settlement, Lord & Taylor is prohibited from “misrepresenting that paid ads are from an independent source, and is required to ensure that its influencers clearly disclose when they have been compensated in exchange for their endorsements”.

On the day the settlement was announced, the FTC also published a copy of the underlying complaint. The complaint alleges that Lord & Taylor developed plans to promote a clothing line for women which included a comprehensive social media campaign of blog posts, photos, native-advertising editorials in online fashion magazines, and a team of “influencers” recruited for their fashion sense and audience on social media. The FTC alleged that Lord & Taylor edited, pre-approved, and paid for a favorable Instagram post that was uploaded to the account of a fashion magazine called Nylon. The regulatory agency further alleged that Lord & Taylor reviewed, pre-approved, and paid for a favorable article in Nylon. In both cases, however, Lord & Taylor failed to disclose its commercial arrangement with Nylon. Similarly, the FTC alleged that Lord & Taylor gifted a dress from the clothing line to fifty “influencers” who were paid between $1,000 and $4,000 to post favorable photos and comments about the dress on social media. Again, Lord & Taylor did not disclose or require influencers to disclose that they had been paid for their posts. Based on Lord & Taylor’s alleged misrepresentations and failure to disclose, the FTC accused Lord & Taylor of engaging in unfair or deceptive acts or practices in violation of the Federal Trade Commission Act.

What is Native Advertising?

Native advertising, also known as sponsored content, is designed to fit in with original online content in a seamless, non-intrusive manner.  It allows advertisers to directly reach online consumers, without severely interrupting the original content on the publishing website, video game, or mobile app.  In the past few years, this advertising has reached all corners of the internet.

FTC Concerns With Native Advertising

As native advertising has grown, so have the FTC’s concerns about the possibility of deceiving consumers.  Therefore, at the close of 2015, the FTC released the guidance memorandum, Native Advertising: A Guide for Businesses, which provides details and illustrative examples for businesses that use native advertising as part of their online marketing campaigns.

Native advertising creates a particular challenge for advertisers.  Advertisers want to design an advertisement that appears native to the original content, but must do so without potentially confusing the consumer, who may mistake the advertisement for non-advertising content.

To assist advertisers in complying with these rules, the FTC issued its December 2015 guidance memorandum with examples and tips to ensure advertisers remain compliant.  Most of the memorandum focuses on seventeen examples of advertising, including on news sites, in videos, through content recommendation widgets, and in video games.  These examples illustrate how and why consumers might be confused by certain native advertising tactics.  Most of the examples show how a native advertisement might bear too much similarity to the original content, which means the consumer might not understand that what they are viewing is, in fact paid-for, sponsored content.

Complying With FTC Native Advertising Requirements

The take-away from the Lord & Taylor settlement is that advertisers should avoid placing paid ads that appear to be independent editorial content. Put simply, advertisers must choose between control and disclosure. In other words, advertisers who want to make use of native advertising and “influencers” on social media must either relinquish influence or control over the advertising content or disclose the nature of the marketing arrangement. Bottom Line: Paid advertising must be identifiable as advertising.

The FTC’s December 2015 memorandum provides a variety of tips on how to appropriately disclose native advertising.  The disclosures should be three things: (1) placed near the advertising; (2) prominent; and (3) clear.  By ensuring that native advertising follows these disclosure guidelines, companies will avoid misleading consumers into thinking their native advertisement is non-sponsored, publisher content.

Finally, the memorandum specifically notes who is affected by these disclosure rules.  The enforcement is not limited to just the sponsoring advertiser.  Advertising agencies and operators of affiliate advertising networks are also obligated to adhere to the FTC’s disclosure requirements.

Put simply, if a reasonable consumer might see your native advertising and believe it to be non-advertising content, the FTC will likely take issue with your native advertising tactics. This is exactly what we saw in the Lord & Taylor settlement.

Ifrah Law is a leading white-collar criminal defense firm that focuses on internet advertising.

Mar 10
2016

Latest German Sausage? Privacy-Wurst by Facebook

iStock_000036218268_Medium

Despite not being explicitly mentioned in the Constitution, the Supreme Court has firmly held that a right to privacy for all Americans is found in several amendments to the Constitution, with almost 100 years of case law providing precedent for many personal privacy rights that have become a cornerstone of American culture. However, in this new digital age of rapid technology change, with real-time access to information and the global exchange of information at the push of a button, new privacy protection questions arise almost daily. The extent to which an individual’s private information shared online is subject to privacy protection varies depending on which side of the pond you stand.

European nations generally take a more restrictive approach than the U.S. as to how companies can use personal data.  EU nations often go head-to-head with U.S. digital companies over differing interpretations of privacy rights.  Both Google and Microsoft have faced multiple investigations outside the United States.

Facebook seems to be a particularly popular target. As the world’s largest social network with 1.6 billion monthly users, Facebook earns its revenues from advertising aimed at users, after gathering information from the users’ social connections and activities in their posts.  Late last month, a German court fined Facebook 100,000 Euros for failing to follow an order issued by a German court four years ago that required the social media site to revise a clause in its terms regarding any intellectual property content posted by users on or in connection with Facebook.  The German court had found that the clause in the terms violated consumer rights. While Facebook modified the wording slightly for German users, the German court found that the revised wording still maintains the same underlying message as the original wording.  Europe’s highest court also recently successfully challenged Facebook as to the way that data was transferred between the European Union and the United States.  And just yesterday, a German court ruled that domestic websites could not transfer user data to Facebook via its “like” button without the specific consent of the user.

In a novel link between privacy protection and antitrust, the German competition authority known as the Federal Cartel Office (BKA) opened an investigation on March 2 into whether Facebook abused its dominant position in social networking in order to collect its users’ digital information, including placing unfair constraints on the users, who were forced to sign complicated terms and conditions in order to use the network.  The investigation seeks to discover whether Facebook users were properly informed about how their personal data would be obtained through the site, including the type of data collected, as well as the extent of the data collected.

One might ask why the BKA would get involved with this novel approach to linking privacy protection to antitrust law. First, under antitrust law, the maximum fines are much greater than those under privacy law.  For a company tech giant like Facebook, the fines imposed by data protection authorities can seem negligible, even for the most egregious cases, while antitrust fines pose a much more significant deterrent.  Second, Facebook has claimed that it falls only within the jurisdiction of the data protection authority in Ireland, where its international headquarters are situated. By bringing the investigation under the auspice of the antitrust authority, this argument is avoided. The President of the BKA, Andreas Mundt, remarked that, “[d]ominant companies are subject to special obligations,” and he went on to say that such obligations include adequate terms of service, as far as they are relevant to the market.  He also noted the importance of user data where Internet services are financed by advertising.  The BKA noted, “. . . if there is a connection between infringement and market dominance, it could constitute an abusive practice under competition law.”

While some question the BKA’s position as ambitious and vague, others fear that this case could open the door to other investigations and cases using data protection violations to claim antitrust violations.  Whether the BKA is successful or not, this should be a forewarning to other big U.S. technology companies: it is probably not enough to rely on U.S. privacy rules when playing in a global arena.

Mar 01
2016

CFPB No-Action Letters Are No Help

CFPB

In the age of handheld banking apps, private funds transfer systems, and digital currencies, ensuring that new products are fair to consumers and compliant with existing – and sometime archaic – regulations are difficult tasks. The Bureau of Consumer Financial Protection (“CFPB”) recently finalized a new policy for providing “no-action letters” (“NALs”) to companies seeking to introduce new consumer finance products and technologies. Although the CFPB’s stated goal was to ensure transparent and efficient markets that “facilitate access and innovation,” it has failed to hit that target. The CFPB’s new policy is a step in the right direction, but the benefits of the new policy are limited and applicants will run commercial and legal risks in seeking the limited shelter offered by the agency.

Not only will NALs offer limited protection, they will be available only in exceptional circumstances where there is both regulatory confusion and a new product. The CFPB said that it is devoting only limited resources to this program and expects to issue only two or three NALs per year. The restrictive nature of this policy will minimize the value of the agency’s much-needed guidance. The limited scope of the new policy stands in contrast to the SEC’s no-action policy, where NALs are important tools for market participants and their counsel in conducting business. Although NALs are rare in the bank regulatory context, the SEC has recognized that many issuers and securities law practitioners closely monitor such letters, and often view them as “the most comprehensive secondary source on the application of [the federal securities] laws.” (1)

There is considerably less guidance as to CFPB regulations and a more robust no-action policy would provide much needed clarity for market participants and innovators. Under the new policy, market participants considering bringing a new product to market may request a “no action letter” (“NAL”) from the agency. The request for a NAL must contain 15 categories of information, including: a description of the new product (including how it functions); the product’s timetable, an explanation of its substantial benefit to consumers; a “candid explanation” of the potential consumer risks posed by the product; an explanation of the source(s) of the regulatory uncertainty to be addressed by the NAL; and a promise to share data about the product’s impact on consumers. Examples of products that might qualify for a NAL include the early intervention credit counseling program proposed by Barclays PLC and Clarifi (a consumer credit counseling service), which was an early CFPB Project Catalyst research pilot.

The benefit from any NAL issued by the CFPB will be limited. The proposed relief offered is a statement that the CFPB “staff has no present intention to recommend initiation of an enforcement or supervisory action against the requester in respect to the particular aspects of its product…” This amounts to “we won’t take action – unless we do.” While the CFPB is unlikely to take enforcement action with respect to a new product shortly after issuing a no-action letter, the proposed letters are in no way binding and offer little more protection than the existing process of informal consultation. This weakness may be ameliorated over time as courts have an opportunity to weigh in on the impact of CFPB no-action letters and the agency develops a track record for its handling of these issues.

Submitting a request for a NAL could create commercial or regulatory risk for an applicant. From a cost standpoint, preparation of such an application will be a significant undertaking, especially for smaller companies. Because the process is only available for products that are close to market ready, potential applicants will have invested significant sums to prepare their new product. A company in this position may not want to run the risk that the CFPB denies the NAL request, which might delay or prevent it from bringing the new product to market altogether. The publication of the NAL might also give competitors a chance to duplicate or improve on the innovation before or shortly after it reaches the market.

The process also entails legal risks. The NAL application process requires the company’s lawyers to explain why they think the legality of the proposal is “substantially uncertain” but nonetheless should be resolved in the company’s favor. If the CFPB determined that the product is not in compliance with any pertinent law or regulation, the application effectively will be converted to an admission of wrongdoing that would bar the product from the market. (2)

Because the CFPB will publish each NAL that it issues, the non-binding letters also may highlight potential compliance issues to other regulators (and potential consumer litigants), none of which will be bound by the NAL.

By creating such a restrictive process, the CFPB has offered innovators little opportunity to save costs if their product is deemed non-compliant, and no real protection if it is. In many instances, it is questionable that the new no-action policy offers substantially more comfort to a market participant than they could already obtain through informal discussions with the agency. But because there is little existing guidance on CFPB regulations, the new process is welcome, even if limited. The new policy will be particularly useful for companies introducing products at the edge of current law. Deciding whether to seek a NAL will require careful consultation with a company’s lawyers to navigate the potential legal and business risks.

(1) Expedited Publication of Interpretative, No-Action and Certain Exemption Letters, Securities Act Release No. 6764, [1987-1988 Transfer Binder] Fed. Sec. L. Rep. (CCH) 84,228, at 89,053, 89,054 (Apr. 7, 1988). 10 Thomas P. Lemke, The SEC No-Action

(2) The CFPB limited its new policy to new services and technologies. It would make little sense to seek guidance for existing products where the application itself could be seen to be an admission of wrongdoing.

Ifrah Law is a leading white-collar criminal defense firm that focuses on a variety of practice areas. View all.

related practices at ifrah law:
View all
posted in:
Uncategorized
Jan 15
2016

Halting Business And Seizing A Domain Without A Moment’s Notice

LGCES2010                  Photo credit: Wikipedia Commons- Uploaded by NativeForeigner

Every year, the Consumer Electronics Show in Las Vegas proves to be one of the more interesting conventions to attend. 2016 did not disappoint: companies showed off cool innovations in displays, robotics, and integrated smart technology across the consumer products platform.

Adding to the excitement at this year’s CES was the dramatic appearance of uniformed officers. We don’t mean the sultry high-heeled look-alikes you’d more likely expect at a Vegas show. These were U.S. Marshals and they were the real McCoys (although we are unsure of their actual names or heritage). The marshals were there to execute a court order and seize product from one of the convention’s participants, Changzhou First International Trade Company.

The China-based company had a booth at CES to promote its Surfing Electric Scooter, a one-wheeled hoverboard. The scooter might be considered a dream machine for many an adolescent skater. The only problem is that it is remarkably similar to Future Motion Inc.’s patented Onewheel (at only about a third the price).

Future Motion was granted a patent on Onewheel’s self-stabilizing technology only recently (within the last month), but it did not waste any time to defend its rights in U.S. District Court. Future Motion requested the federal court grant it a temporary restraining order to, among other things, seize Changzhou First International’s scooter from CES.

Two of the more interesting aspects of the district court’s actions in this matter are (1) the speed at which the judge granted the requested relief and (2) the extent of the relief that the judge granted. The court issued a TRO on the same day that Future Motion filed the request. The following day, the marshals were in the Vegas convention hall seizing scooters and generating a lot of attention.

But the court didn’t limit its TRO to seizing product locally. It granted Future Motion’s request to halt manufacture and sales. The court also ordered web hosts and domain name registrars to “take any and all action necessary to remove the infringing products from websites having content controlled by Defendant, or alternatively to disable access to the website.” Halting sales and manufacture and seizing the company domain name is a pretty impressive order to execute on an expedited basis, and based exclusively on arguments presented by plaintiffs. It’s further impressive considering that the scooter is Changzhou First International’s only advertised product on its website. Closing down this channel is effectively closing down the company’s operations. Is Future Motion’s patented technology really the heart of Changzhou First International’s scooter? A cursory review might suggest yes, but it’s a complex question that should be decided after a proper hearing. Granting a TRO to make a point at the CES convention is one thing, shuttering a business is another.

It doesn’t appear that the part of the order requiring domain name seizure has been executed yet. As of January 14, 2016, Changzhou First International’s website is still active, full of images of its Surfing Electric Scooter. Moreover, the product appears to continue to be sold on Alibaba. This may be because parties have ten days from notice to comply, which isn’t yet up. It may also be based upon some subsequent stipulation by the parties: it is possible that Future Motion does not want to be on the hook financially should the court ultimately find against it (as the order in the case acknowledges, Future Motion would be responsible for damages, i.e. economic loss, for any wrongful seizure).

We shall see in the coming weeks what’s to become of the Surfing Electric Scooter. The next hearing (for preliminary injunction) is scheduled for mid-February. At that hearing, Changzhou First International will have the opportunity to present its arguments demonstrating why its scooter does not infringe on Future Motion’s patents. Although, who would be surprised if a U.S. district court found that a Chinese product infringed on someone else’s intellectual property?

Ifrah Law is a leading white-collar criminal defense firm that focuses on e-commerce.

Dec 28
2015

Amazon Pursued Fake Reviews In 2015, What Will It Pursue In 2016?

iStock_000042320828_Small

In 2015, Amazon filed suit against over 1,000 unnamed individuals for allegedly offering to sell fake online reviews (positive or negative) on Fiverr.com (“Fiverr”). The unnamed defendants offer to provide 5-star reviews and some defendants even encourage sellers to provide their own text to use in the review. In order to avoid detection, defendants offer to submit reviews from multiple IP addresses, utilize multiple Amazon accounts, and to complete a Verified Review (which means the reviewed has purchased the product, even though they don’t always require the actual product to be shipped for review). In short, the allegations are that these reviews for sale violate Amazon’s Customer Review Guidelines (which prohibit paid reviews), Fiverr’s own Terms of Service (which requires compliance with third party guidelines), and deceptively provides false reviews to consumers (which violates consumer protection laws).

Interestingly, Amazon did not name Fiverr as a party to the complaint. Instead, Amazon went after the individual sellers and indeed explicitly stated in the complaint that “Amazon will amend this complaint to allege their true names and capacities when ascertained.”

In contrast to Amazon’s approach, the Metallica Plaintiffs in a previously filed case against Napster, sued Napster directly and not the individual users (and eventually obtained their desired result).  Indeed, Amazon has not always omitted operators from its case captions. Last April, Amazon filed a similar lawsuit against a number of companies that operated websites to promote the sale of Amazon reviews. That lawsuit contained very similar allegations to this recent suit against individuals and alleged selling positive reviews, offering a Verified Review, a slow posting of reviews to avoid detection by Amazon, etc. Similar as well to the Napster case, the first Amazon lawsuit also yielded a successful result because the websites targeted in that case were all closed down.

So why is Amazon now going after the individual sellers? And why did Amazon omit Fiverr in this lawsuit?

One possible explanation is that Amazon, like Napster, first attempted to take down the providers (i.e. the website owners) that enabled the fraudulent review process. While that was successful, Amazon likely realized that it was insufficient because the individual reviewers would easily migrate to sites like Fiverr to continue their activities. So, Amazon was forced to file suit against the individual users.

At the same time, Amazon did not include Fiverr as a named defendant because it is more likely to get Fiverr’s cooperation in providing the identities of the unnamed defendants, and, because Fiverr is a legitimate global online marketplace offering tasks and services- in sharp contrast to the defendants in the prior Amazon lawsuit that operated sites and companies for the sole purpose of providing fraudulent Amazon reviews (and further antagonized Amazon by utilizing the Amazon logo on their sites). Additionally, as noted in the current Amazon complaint, Fiverr itself prohibits paid reviews and has tried to prevent them- again in sharp contrast to the companies in the first Amazon lawsuit, whose entire business was selling Amazon reviews.

Or it may be that Amazon has embarked on a process to stop paid reviews and these are the first steps in that ongoing process. As noted in this complaint against the Fiverr sellers, the lawsuit is “the next step in a long-term effort to ensure these providers of fraudulent reviews do not offer their illicit services through other channels.” Thus, Amazon may have simply first pursued the enablers (i.e. the company websites dedicated to fraudulent reviews) and then it pursued the individual reviewers on Fiverr.

The extent to which Amazon will continue to pursue questionable reviews remains to be seen. In 2015, Amazon limited its lawsuits regarding fraudulent reviewers to paid reviewers. In 2016, we may see an assault on the groups of independent people who exchange positive reviews on Amazon (i.e. each party agrees to submit a positive review of the other’s product). This type of arrangement also violates Amazon terms and poses similar concerns to the reliance of consumers on Amazon reviews. Amazon may also question whether this prohibited practice merits attention.

Ifrah Law is a leading white-collar criminal defense firm that focuses on e-commerce, and internet advertising.

Dec 23
2015

Will The Floodgates Open As Consumer Backlash To Spam Unleashes?

Anti spam filter vector concept in flat style

Every e-mail user receives them, some days in numbers hitting the triple digit mark – those targeted, often annoying and unsolicited e-mails that clog our inboxes, originating from any of a multitude of establishments, including retailers, service establishments, and even our own social media.  Regulation over unwanted e-mails has been limited mostly to the federal Can Spam Act of 2003, which doesn’t prohibit the deluge of e-mails, but rather protects against misleading and deceptive ones and requires the sender to comply with certain requirements, including offering a clear opt-out. A private consumer has limited retribution to enforce the Act, however, and must rely on the FTC, as well as other government entities and Internet service providers, to bring suit to stop the unwanted e-mails. It seems that consumers in recent years are ever more fed up and frustrated with “spam” messages and desire change.  However, as evidenced by a recent class action lawsuit by certain LinkedIn members against the social media giant, consumers may utilize other legal maneuvers to get relief from new marketing tactics employing spam.

LinkedIn is often referred to as the “Facebook of the Professional World.”  With over 300 million+ users, LinkedIn has become the world’s largest professional network since it launched in 2003.  One feature of the network allows a member to import his or her e-mail contacts list and send invitations to connect with others on LinkedIn.  A user is prompted by LinkedIn to click an “Add Connections” link, which then allows LinkedIn to import the list from external e-mail accounts.  LinkedIn uses this feature to grow its number of members.

According to the class action lawsuit filed against LinkedIn, if a connection invitation was not accepted within a certain period of time, up to two “reminder’ spam e-mail messages would be sent to the prospects, without the LinkedIn member’s consent to do so. In Perkins v. LinkedIn Corp., the federal district court in the Northern District of California determined that the motion to dismiss filed by LinkedIn would be granted in part and denied in part, thereby allowing the suit to move forward.  In its partial denial of the motion to dismiss, the court reasoned that although the members consented to importing their contacts and sending the invitation to connect, they did not consent to sending the reminder messages on their behalf.  In her Order, Judge Lucy Koh explains,

“Nothing in LinkedIn’s disclosures alerts users to the possibility that their contacts will receive not just one invitation, but three. In fact, by stating a mere three screens before the disclosure regarding the first invitation that ‘We will not . . . email anyone without your permission,’ LinkedIn may have actively led users astray.”

(Order Granting in Part and Denying in Part Defendant’s Motion to Dismiss with Leave to Amend *30).  The plaintiffs also contended that LinkedIn members did not consent to the use of their names and likenesses in the reminder e-mails and were embarrassed and felt that the unwanted e-mails sent to personal contacts affected their professional reputations.

Following the court’s Order, the parties agreed to settle the suit.  The settlement requires the social media giant to pay at least $13 million, as well as  $2.25 million in legal fees, to LinkedIn members who had accounts between Sept. 17, 2011 and Oct. 31, 2014 and sent e-mails through the Add Connections feature. Although LinkedIn did not admit any wrongdoing in the settlement, it agreed to revise its disclosures and clarify that the reminder e-mails would be sent as part of the “Add Connections” service. LinkedIn also indicated its intent to provide an option to cancel the connection invitation, and thereby the reminders, by the end of the calendar year.

Interestingly, with perhaps the fear of a lawsuit on the horizon, Mark Zuckerberg preemptively announced at a recent town hall meeting held in Delhi, India, that Facebook will be reducing the number of invitations it sends to outside contacts of players of the game Candy Crush Saga. Facebook often sends the invitations to contacts who have never used a game and never played games on Facebook, suggesting that they join their friends in a Candy Crush Saga game.  Zuckerberg noted that reducing the number of invitations received was the most upvoted question in an online thread, and he has promised to reduce the number of these unwanted requests.  After the recent LinkedIn settlement, we advise Mr. Zuckerberg to take action swiftly or we may see other unhappy consumers following suit. . . .  with their own suit!

These developments should offer welcomed relief for consumers and our busy delete buttons. However, this may be the tip of the iceberg with regard to the use of the courts and unwanted e-mails. Is the broad Can-Spam Act sufficient to deter spammers? Does the Can-Spam Act do enough to filter out unwanted e-mails? New scenarios have arisen since the enactment of the Act in 2003 and consumers seem to desire more regulation to deter the deluge of e-mails. If swift action isn’t taken by Congress and other regulators, it seems that consumers may take to the courts to set precedent in this ever-changing arena.

Ifrah Law is a leading white-collar criminal defense firm that focuses on internet advertising.

Connect with Us Share

About Ifrah Law

FTC Beat is authored by the Ifrah Law Firm, a Washington DC-based law firm specializing in the defense of government investigations and litigation. Our client base spans many regulated industries, particularly e-business, e-commerce, government contracts, gaming and healthcare.

Ifrah Law focuses on federal criminal defense, government contract defense and procurement, health care, and financial services litigation and fraud defense. Further, the firm's E-Commerce attorneys and internet marketing attorneys are leaders in internet advertising, data privacy, online fraud and abuse law, iGaming law.

The commentary and cases included in this blog are contributed by founding partner Jeff Ifrah, partners Michelle Cohen and George Calhoun, counsels Jacqueline Snider, Jeff Hamlin and Drew Barnholtz, and associates Rachel Hirsch, Nicole Kardell, Steven Eichorn, David Yellin, and Jessica Feil. These posts are edited by Jeff Ifrah. We look forward to hearing your thoughts and comments!

Visit the Ifrah Law Firm website

Popular Posts