Companies that run websites must comply with laws and rules requiring the maintenance of personal privacy. While federal requirements such as those applicable to financial privacy and children’s privacy gain significant attention, website and app developers also should pay careful attention to state privacy requirements. State regulators are monitoring websites and apps for compliance with their privacy mandates.
Given the open nature of the Internet, companies and Web developers, as a practical matter, need to comply with the strictest state privacy requirements — since they can assume that their sites will be accessed from all the states.
So the recent letters sent by California Attorney General Kamala Harris to 100 companies and mobile app developers (including Delta, United Continental and Open Table), asking them to bring their privacy policies in line with California state law, are highly relevant to anyone whose Web site is going to be accessed in California.
In these letters, Harris gave companies and developers 30 days to come up with a plan to comply with the California privacy law, or tell her why it does not apply to a particular app. After the 30 days are up, Harris will apparently sue the firms or developers that aren’t complying, with a potential fine of up to $2,500 each time the app is downloaded.
“Protecting the privacy of online consumers is a serious law enforcement matter,” Harris said in a statement. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”
We must emphasize that anyone who makes apps and websites available to consumers must comply with state as well as federal requirements. The California actions will only be the beginning.
Each October, the World Intellectual Property Organization (WIPO), a United Nations agency, hosts at its Geneva, Switzerland, headquarters about 50 participants from around the world for a two-day conclave to discuss recent developments and issues surrounding domain name trademark disputes. This conference brings together, in one place (as an added bonus, scenically overlooking Lake Geneva and the French Alps) representatives of domain name registrars and registries, and lawyers from every corner of the globe to discuss the Uniform Dispute Resolution Policy (UDRP), which governs disputes between domain name registrants and trademark owners in most generic top-level domains (gTLDs).
With ICANN’s roll-out of new gTLDs imminent, the UDRP is likely about to experience increased use and importance, as cybersquatters will doubtless target brand owners whenever and wherever possible in the new gTLDs.
The UDRP is not without its faults — but, in general, it provides brand owners with a fast, relatively inexpensive and effective means to shut down domain names that are registered to take advantage of the goodwill attached to their trademarks. At this year’s conference, as with those in years past, the most hotly contested issues involve domain names that resolve to “criticism” websites. It is with these issues that legal and cultural differences on the borderless Internet intersect and conflict. Many (but certainly not all) representatives from the United States see these issues through the lens of freedom of speech, while participants from elsewhere have no such point of reference. These cases come in two basic flavors.
First, there are the “trademark sucks” sorts of cases (the ubiquitous “suck sites”), and second, there is the more harmful “trademark.com” cases, which then resolve to a site critical of the trademark owner.
Suck site cases are less harmful because there is less risk of initial interest confusion – the likelihood that an Internet user would type the name into his or her browser thinking that the site belonged to the trademark owner. But in this era of the Internet in which search engines drive a great deal of traffic, such sites can cause great harm. However, a small consensus seems to lean toward finding that such domain names are not infringing.
The more hotly contested issue continues to be the trademark.com (including typos, hyphenations and other close variants of the trademark) cases. First Amendment considerations make it very difficult for a trademark owner to retrieve these domain names, when used for noncommercial purposes, in U.S. courts; in other parts of the world, this is not the case. But one UDRP panelist from the United States pointed out that the UDRP process is not a governmental act, and therefore he believes (correctly, I think) that the UDRP should pay no heed to these considerations. At bottom, U.S. trademark owners facing such situations should consider pursuing UDRP cases, understanding that even if they prevail, if the case ultimately lands in court, the likelihood of a successful outcome is diminished.
Other topics discussed included the new proposals for Rights Protection Mechanisms (RPMs) associated with the new gTLDs. While many of these RPMs remain in the discussion stages, they promise to bring to the fore new opportunities for trademark owners to protect their trademarks against cybersquatters who begin infringing in the new gTLD space. A good summary of all of the RPMs can be found here. The most interesting among these is the proposed Uniform Rapid Suspension System, which may bring about a means to temporarily suspend a name (that is, redirect the domain name to a web page revealing the suspension) in an expedited fashion. The devil will be in the details, as the costs and specifics of the proposed program are still up in the air. ICANN, WIPO and the other stakeholders are working on the details, and if implemented, this has the potential to provide trademark owners with another tool to combat those who damage their brands.
WIPO’s conferences are always first class and informative, and the opportunity to hear from and confer with talented, knowledgeable (and opinionated) domain name lawyers from around the world is always a pleasure and a privilege. I was able to meet and work with people from all over the world –from a representative of the Tanzanian registry, to brand managers from Sweden, to IP lawyers from China and Taiwan. And from it, we all are better able to serve our clients who do business on the Internet, which knows no national boundaries.
On October 18, 2012, the Federal Trade Commission hosted a robocall summit to address the current state of the law and to reinforce the FTC’s commitment to enforcing those laws. Additionally, FTC Bureau of Consumer Protection Director David Vladeck announced a formal challenge to end illegal robocalling in the United States by offering a $50,000 prize to whoever can design a program to screen out illegal robocalls by January 17, 2013.
“Robocalls” are automated phone calls made to consumers that use a computerized autodialer to place the call and a computer to deliver a prerecorded message. If the recording is a sales message (not a call from the consumer’s healthcare provider or a charity), and the consumer has not given written permission to get calls from the calling company, the call is illegal. If the recording is purely informational and does not deliver a sales message, and is made to a landline telephone, the robocall is likely legal under federal law. Examples of permissible robocalls include those delivering messages about school closings, weather alerts, and emergency notifications.
Private organizations and companies are permitted to place robocalls under federal law as long as they do not contain a sales message — for example, automatic calls reminding consumers of upcoming appointments are generally permissible, as are political calls. Robocalls made to cell phone numbers without the consumer’s consent are always prohibited, because the consumer may have to pay to receive the call. Additionally, states may implement more restrictive practices than federal law permits. The FTC has prepared a business alert that explains what is legal and what is illegal in this area.
As technology has developed, illegal robocallers have kept pace by developing new ways to thwart the system. Increasingly, robocallers have employed caller ID spoofing to make it appear that the number is coming from a different source, either by using a phony number or name. This can mislead customers as to the source of the call, and it also makes it more difficult to trace the call to its source in order to pursue enforcement action against the caller.
Recognizing that the most effective tool against illegal computerized robocalling is more advanced technology, Vladeck announced a $50,000 award to anyone (with some restrictions) who can develop a solution to reduce the number of illegal robocalls by automatically blocking illegal calls, while letting permissible robocalls through to consumers. Vladeck said at the summit, “We think this will be an effective approach in the case of robocalls because the winner of our challenge will become a national hero.”
We applaud the FTC’s effort to fix this problem and its emphasis on a solution that would still permit the many legal robocalls placed by legitimate businesses for permissible purposes. Those businesses should be sure to protect themselves from unnecessary enforcement action by carefully following the FTC guidelines on robocalling. This will serve both to protect the business from unnecessary legal trouble, and to prevent negative customer experiences.
Earlier this month, the Federal Trade Commission released its revised Green Guidelines, providing parameters for advertising and marketing claims of supposedly eco-friendly products. The publication completes a two-year revision process that the FTC undertook, involving the updating of guidelines last visited in 1998. The Commission touted the new guidelines as helping marketers “avoid making misleading environmental claims” and leveling the playing field for “honest business people.”
The revised guidelines address 14 categories of claims, including general environmental claims, carbon offsets, certifications and seals of approval, and claims of recyclability and renewability. Under the guidelines, marketers and advertisers are cautioned to avoid general claims that products are green or eco-friendly: “Marketers should qualify general claims with specific environmental benefits. Qualifications for any claim should be clear, prominent, and specific.”
Marketers are further cautioned to disclose material connections to any certifying organization. And when it comes to claims of compostability, degradability, recyclability and other claims about product and packaging content, the FTC advises that marketers be able to substantiate such claims and avoid deceiving consumers by replacing one environmental red flag with another. For instance, the guidelines note that “[i]t would be deceptive to claim that a product is “free-of” a substance if it is free of one substance but includes another that poses a similar environmental risk.”
The FTC’s revisions appear to take on a holistic approach to environmental claims. A company cannot willy-nilly claim that its product or packaging is recyclable if it is only recyclable in limited locations, and it cannot claim it is “green” and made with recycled content “if the environmental costs of using recycled content outweigh the environmental benefits of using it.” The guidelines require the marketer to limit and qualify green claims based on a thorough review of the production, distribution, and disposal stream for the product and its packaging.
In many ways, this new guidance seems fair – it should help ferret out the unscrupulous marketer who wants to charge a premium, or carve a market niche, based on dubious environmental claims.
But how much benefit will the new guidelines bring? The guidelines, in and of themselves, do not truly bring more enforcement power to the FTC. With or without Green Guidelines, old or new, the FTC can bring enforcement actions against marketers for false and deceptive claims – like several enforcement actions from 2009 forward that the FTC highlights on its website. With or without the guidelines, the truly unscrupulous marketer remains subject to FTC oversight and liability.
Our concern is that the guidelines may discourage some well-intentioned market entrants. An entrepreneur may have a good green idea but opt not to pursue it because of heightened advertising and labeling standards. For instance, the FTC guidelines caution companies about the need to provide “competent and reliable scientific evidence” for several categories of environmental claims. That could necessitate big R&D bucks to the exclusion of Mom & Pop.
More importantly, the guidelines could provide more ammunition for big companies to pursue claims against small competitors and effectively shut out upstarts. NAD, the advertising industry’s self-regulatory body, apparently plans on using the guidelines. There have been a host of cases by companies like Clorox and Procter & Gamble taking to task smaller companies marketing eco-friendly alternatives. In the end, while the revised Green Guidelines may be a good faith effort by the FTC to level the playing field and may have some positive impact, it will be important to monitor its unintended consequences.
POM Wonderful LLC recently received a setback in its longstanding dispute with the Federal Trade Commission. On Sept. 30, 2012, U.S. District Judge Richard Roberts in the District of Columbia dismissed the juice maker’s declaratory judgment action against the FTC. The judge’s ruling, though, does not put an end to the POM-FTC battle, which is still on appeal in a related administrative proceeding.
POM filed suit in federal district court in September 2010, in anticipation of an impending FTC administrative action. The company challenged what it perceived as agency overreaching, in violation of its First and Fifth Amendment rights, and in violation of the Administrative Procedure Act. The basis of POM’s complaint was the FTC’s use of consent orders with two other companies (Nestle U.S.A. and Iovate Health Systems, Inc.) to establish new and more stringent advertising standards for medical and health claims.
When the FTC waved these consent orders in front of POM (in an apparent attempt to pressure the company into agreeing to tougher standards like Nestle and Iovate), POM responded by thumbing its nose and filing suit in federal court. POM contended that the FTC failed to adhere to the requirements of administrative law that, in order to modify advertising standards, the agency must go through a notice-and-rulemaking process. The FTC subsequently filed its administrative action against the company for alleged failures to adhere to the more stringent standards.
In large part because of the significant overlap of issues between POM’s action in U.S. district court and the FTC’s administrative action, Judge Roberts dismissed the district court case. The judge noted that judicial efficiency militated towards having the dispute play out in the administrative case only: “While the administrative proceeding is not identical to POM’s current action, that forum is ‘perfectly capable’ of determining whether the proposed order exceeds the bounds of the FTC Act, violates the First and Fifth Amendments, and seeks to abrogate the FDA’s power,” he wrote. Other factors in the judge’s holding were (1) that granting declaratory relief would have required the resolution of an anticipatory defense and (2) that POM’s district court action appeared to be filed in part to secure tactical leverage.
As we wrote earlier this year, the administrative law judge already ruled on the parties’ dispute in May. POM touted that ruling largely as a victory because the judge rejected the enhanced advertising standards at issue. However, the FTC and POM appealed the decision before the full commission (POM appealed because the judge still found POM liable under separate standards). Oral arguments in the appeal were held in August, and the outcome of the appeal is still pending.
We find it interesting – and somewhat encouraging for advertisers who are concerned about agency overreaching – that neither the district court action nor the administrative proceeding have rejected on the merits POM’s challenge to the FTC’s use of settlement agreements to effect enhanced standards. Any company that has come under the regulatory microscope can appreciate the tremendous pressure companies face to cooperate with an agency just to get out of hot water – at almost any cost. POM’s bold stance may eventually have the result of reminding regulators to follow the rules set forth for them by the principles of administrative law.
The Federal Trade Commission recently announced a settlement with Jason Pharmaceuticals regarding its use of consumer testimonials and health benefits claims. Any company that relies on testimonials in its advertising, even a company that like Jason Pharmaceuticals, sells products that often have beneficial health results, must become aware of this settlement.
Jason Pharmaceuticals sells Medifast brand low-calorie meal substitutes. In 1992, the FTC settled a case with Jason for allegedly deceptive weight-loss claims. The settlement order barred Jason from making unsupported claims to consumers about losing weight or keeping weight off. According to the FTC, since at least November 2009, Jason ran ads that featured weight loss claims about low-calorie meal substitutes.
The ads run by Jason Pharmaceuticals prominently featured the use of consumer testimonials. One advertisement stated that:
“When you lose up to 2 to 5 lbs a week with Medifast, you’ll feel terrific. And so will your doctor.
THE PROGRAM THE DOCTORS RECOMMEND.
Jeff & Maureen lost a combined 169 lbs.!”
According to the FTC, the only disclaimer displayed in most Medifast advertisements containing consumer endorsements was a small, inconspicuous “Results will vary.” The FTC alleged that this disclaimer violated the 1992 order because was insufficient to change consumers’ net impressions that users of these products could expect to achieve the results represented in the advertisements.
As part of the settlement, Jason Pharmaceuticals will have to pay a civil penalty of $3.7 million to settle charges that it violated the previous order by making unsupported claims about its weight loss products.
Under the settlement, Jason is prohibited from misrepresenting that consumers who use any low-calorie meal replacement program can expect to achieve the same results that an endorser does or can lose a particular amount of weight or maintain that weight loss.
In addition, representations in the company’s ads cannot mislead consumers and must be backed up with competent and reliable scientific evidence that includes at least one clinical study. The company is also barred from making any other representations about the health benefits, safety, or side effects of any meal replacement program, unless it’s backed up by scientific research.
The settlement also has a compliance and recordkeeping requirement that for 20 years after the entry of judgment, Jason Pharmaceuticals needs to keep extensive records relating to any marketing or substantiation of any advertising claim.
The FTC continues to push the limits in pursuing enforcement actions. This, for example, is a very aggressive prosecution. People do lose weight using products such as Medifast, and in some instances people have lost significant weight. These ads may have been in violation of the prior settlement, but the FTC decision to pursue this action shows just how far they are willing to go in pursuing enforcement actions.
Because of the FTC’s aggressiveness in cases such as this one, companies that invoke claims of health benefits to consumers need to be sure that these claims are backed by reliable scientific evidence. Companies should also be aware that merely making a flat statement that “results may vary” will likely not help them avoid liability.
As part of the Federal Trade Commission’s ongoing efforts to shut down scams that target financially vulnerable consumers, a U.S. district judge has issued a $478 million judgment at the request of the FTC against the marketers of three get-rich-quick systems that the agency says are used for deceiving consumers. The order is the largest litigated judgment ever obtained by the FTC.
The judgment was awarded against companies and individuals who marketed the schemes, titled “John Beck’s Free & Clear Real Estate System,” “John Alexander’s Real Estate Riches in 14 Days,” and “Jeff Paul’s Shortcuts to Internet Millions.”
Nearly a million consumers paid $39.95 for one of these “get-rich-quick” systems, and some consumers purchased personal coaching services, which cost up to $14,995. According to the FTC complaint filed in June 2009, one system was marketed to consumers with the promise that consumers could “quickly and easily earn substantial amounts of money by purchasing homes at tax sales in their area ‘free and clear’ for just ‘pennies on the dollar’ and then turning around and selling these homes for full market value or renting them out for profit.”
The FTC said that nearly all the consumers that bought the systems lost money.
The FTC’s suit alleged violations of the Federal Trade Commission Act, based on the defendants’ representations in connection with the advertising, marketing, promoting and sale of the systems. The FTC also alleged that the defendants’ violated the Telemarketing Sales Rule through their marketing to consumers.
Two of the individual defendants, Douglas Gravnik and Gary Hewitt, were held jointly and severally liable for the monetary part of the judgment. The judge also imposed a lifetime ban from infomercial products and telemarketing against Gravnik and Hewitt. Gravnik and Hewitt indicated that they are likely to appeal the order to the extent it imposes a lifetime ban. A third individual, John Beck, is responsible for $113.5 million of the judgment.
In its case, the FTC filed 30 consumer declarations detailing consumers’ experiences with the defendants’ products. The defendants objected to many of these declarations on various grounds, including hearsay, relevance, and the best evidence rule among other objections, but these objections were all overruled.
The defendants also objected to the use of a survey by the FTC that showed that less than 0.2 percent of consumers who purchased the defendants’ system made any profits and only 1.9 percent of consumers who purchased coaching material made any revenue. The defendants moved to exclude all evidence relating to the survey on the ground that the pre-notification letter “poisoned the well in such a way as to invalidate whatever survey finding the FTC obtained” and argued that the manner in which the survey was conducted rendered the results unreliable. The court found that the survey was performed under accepted principles used by experts in the field and was admissible.
The court granted summary judgment for the FTC , finding that the defendants made material misrepresentations that were either false or unsubstantiated. The court pointed out that the materials provided by the defendants to consumers taught consumers how to purchase tax liens and certificates, but these purchasers do not obtain title to the property and thus were not “purchasing” the homes as the advertising materials stated.
The court also granted summary judgment on the Telemarketing Sales Rule allegations. The basis of the defendants’ argument was that the violations were isolated and should not be the basis for liability. The court found that there was no dispute that the defendants’ telemarketers repeatedly initiated calls to consumers who asked the defendants not to contact them. The FTC also produced “overwhelming” evidence that the defendants lacked a meaningful compliance program or any written procedures in place to comply with the regulations.
Jeffrey Klurfeld, director of the FTC’s Western Region, stated in a press release that “This huge judgment serves notice to anyone thinking of using phony get-rich-quick schemes to defraud consumers. The FTC will come after you if you violate the law.”
In this case, the FTC had already completed its surveys when it went to court. Trial judges will often be very impressed with FTC surveys and will grant judgment to the agency in nearly every case. Therefore, it is critical that a company that is being targeted by the FTC obtain counsel at the earliest possible stage, before the agency files anything in court. Counsel should be ready to vigorously defend the client’s marketing practices with techniques such as the use of countersurveys and customer testimonials and expert testimony, before the FTC files in court.
All mobile app developers need to know that the federal government is stepping up its regulation of data privacy and truth-in-advertising for mobile apps. The Federal Trade Commission is now actively monitoring mobile applications’ compliance with data privacy and truth-in-advertising regulations, and the House Committee on Energy and Commerce is considering a new mobile device privacy bill.
This month, the FTC published Marketing Your Mobile App: Get It Right From the Start, a short guide that provides guidance to mobile app developers concerning deceptive claims and privacy requirements. More broadly, the FTC’s focus on mobile app developers sends a message that all such developers or distributors will be subject to investigation, irrespective of how small their company is. As far as the FTC is concerned, “once you start distributing your app, you have become an advertiser,” and you will be regulated as such. The guide stresses the importance of clear and conspicuous communication to users and instructs app developers to consider the legitimacy of their statements “from the perspective of average users, not just software engineers and app experts.” It goes on to caution against burying important information behind “dense blocks of legal mumbo jumbo” and “vague hyperlinks.”
This guide can be seen as part of the FTC’s current initiative to address concerns regarding the unique ability of mobile apps to access a user’s personal information (i.e., automatically capturing their precise geospatial location, phone number, contact lists, call logs, and other unique identifiers, stored on mobile devices). In February, the agency issued a report looking specifically at apps offered for children. The report, Mobile Apps for Kids: Current Privacy Disclosures are Disappointing, warned app stores, developers, and third-party service providers to be more transparent about the issues raised by such data collection, such as sharing with third parties, connections to social media, and targeted advertising.
Additionally, the FTC has already taken action to establish that data privacy and truth-in-advertising laws apply to mobile apps. Last August, an app developer was ordered to pay $50,000 to settle FTC charges that it violated the Children’s Online Privacy Protection Act (COPPA) by failing to require parental notice and consent before collecting and disclosing children’s personal information. The following month, the agency settled its first actions addressing health claims in the mobile application marketplace. The complaints were against AcneApp and Acne Pwner, both of which claimed to treat acne through lights emitted from the user’s smartphone. The cases ended in settlements for monetary damages and injunctive relief barring the companies from making health-related claims without the backing of “competent and reliable scientific evidence.”
In the new FTC Guide, the FTC recommends that developers:
• Tell the truth about what the app can do – both in marketing materials and within the app itself.
• Disclose key information clearly and conspicuously.
• Err on the side of caution, and implement meaningful privacy-protection policies from the start.
• Only collect the information that developers really want, and require affirmative consent before collecting sensitive information.
• Offer user -friendly choices. For example, use default settings that collect a limited amount of user information, and allow users to adjust settings for increased sharing and functionality.
• Protect kids’ privacy by requiring parental consent before their information is collected and shared.
• Incorporate security measures to protect user data, especially when collecting medical and financial information.
On September 12, a new bill – the Mobile Device Privacy Act – was referred to the House Committee on Energy and Commerce. The bill, introduced by Reps. Ed Markey (D -Mass.) and Diana DeGette (D –Colo.), requires merchants, mobile service providers, and manufacturers to disclose information about mobile tracking software to consumers and to obtain users’ express consent before the software is activated. Specifically, customers must be told that the software is installed, what type of data it is collecting, the identity of all persons to whom the data will be transmitted, how the data will be used, and how the user can limit collection and sharing. Disclosures must be clear and conspicuous, and consumers must be able to prohibit further collection and sharing at any time.
If passed, this law will also require all recipients of user information to establish and implement information security policies and procedures for data collection, retention, system monitoring, and destruction. Finally, the bill requires that companies file all agreements relating to the transmission of user information with the FTC and the Federal Communications Commission. In the bill’s current form, penalties will range from $1,000 to $3,000 per violation (i.e., per user affected). Hence, a single policy error could expose large vendors to liability well into the billions of dollars, and a similar misstep could put a startup out of business.
All mobile app developers – including large players and new entrants – should review their compliance with this new FTC guidance and their overall truth-in-advertising and data privacy policies. The FTC has made it clear that it will take enforcement actions against industry participants large and small. In particular, we believe those making health claims, targeting children, and transmitting user information to third parties will continue to face significant FTC scrutiny. In general, the more personal information that an app collects from individuals, the greater the need for significant privacy projections and disclosures.
The FTC recently sued satellite television service operator DISH Network in federal district court in Illinois for violations of the Telemarketing and Consumer Fraud and Abuse Act. The agency claims DISH violated “company-specific do-not-call rules” – in other words, the FTC claims that DISH called consumers who had previously asked DISH not to call them again. DISH disputes the FTC’s claims.
Under the FTC (and FCC’s) telemarketing rules, there are two do-not-call regimes. First is the national do-not-call registry. With certain exceptions, telemarketers and sellers may not telemarket to residential phone lines and wireless numbers unless they have first “scrubbed” their calling lists against the federal do-not-call registry. The exceptions include calling customers with whom an organization has an “existing business relationship” or who have given prior consent for the calls. However, even those customers to whom telemarketing calls might be permitted because of an existing business relationship or other reasons can always ask a telemarketer not to call again and to put the consumer on the company-specific do-not-call list. This company-specific request must be implemented promptly and maintained for five years.
This part of the federal telemarketing rules thus puts the power in the hands of the consumer who can decide if he or she wishes to receive telephone solicitations from a particular company. It does not matter if the consumer continues to do business with a particular seller – once the consumer asks not to be called again, telemarketing must cease.
The FTC’s complaint against DISH contends that, since September 2007, DISH had initiated – either on its own or through outside telemarketers working on its behalf –millions of outbound telephone calls to phone numbers of people who previously indicated that they did not want to receive telemarketing calls from DISH. The complaint seeks civil penalties and a permanent injunction to stop DISH from future violations of the telemarketing rules.
Indeed, the penalties could be steep. For violations before February 9, 2009, the specified penalties are $11,000 per violation. Those penalties were increased to $16,000 for each violation of the FTC’s Telemarketing Sales Rule occurring after that date. DISH is already litigating against the Department of Justice in another case for allegedly calling consumers on the national do-not-call registry or purportedly causing its dealers to make calls to those consumers. It was information developed in that litigation that led to this latest complaint, according to the FTC’s public statements.
Of course, various defenses are available to DISH and others facing similar lawsuits or enforcement actions. These defenses include the possibility that a number called was a business (rather than residential) telephone number; or that the company-specific do-not-call request had not been made to DISH in the first place. Written consent to receive telemarketing calls provided after a company-specific do-not-call request would also allow such calls prospectively (at least until the consent were revoked subsequently).
Companies engaging in telemarketing – either on their own or through outside telemarketing firms, affiliated dealers, or other third parties – should take note that the FTC is continuing to enforce its do-not-call rules. FTC Chairman Jon Leibowitz stated that the agency will continue to enforce the do-not-call rules “to protect consumers’ right to be left alone in the privacy of their own homes.”
While the FTC (and the FCC) have focused on compliance with the federal registry requirements, this latest case against DISH demonstrates that the agency will also initiate enforcement action against those it contends to be violating the “company-specific” do-not-call requirements. Companies using telemarketing should review their written and operational policies to ensure compliance with both the federal and company-specific do-not-call requirements. Customer service representatives, in particular, should receiving periodic training that when a consumer says, “No more calls,” no really does mean, “No more, Mr. Telemarketer, you’re done.”
In the past couple of years, a wide variety of computer viruses and other malware have allegedly been used by one nation against another. This secretive form of warfare even briefly plastered names like Stuxnet, Duqu, Flame, and Gauss across the front pages. In partial response to the threat posed to U.S. interests by hostile foreign countries and/or individuals, different cybersecurity bills are percolating through the halls of Congress, including the SECURE IT Act of 2012, the Cybersecurity Act of 2012, and others.
No one can dispute the very real danger posed by cybersecurity threats and the potentially disastrous results if they are unleashed upon a country or upon an industrial or financial system. In a recent Wall Street Journal op-ed, President Obama wrote that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” The president also stated that “foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day.”
President Obama then pushed for the passage of the Cybersecurity Act of 2012, which would require the sharing of information between the private and public sector, develop cybersecurity standards, and other protections. In support of that bill, President Obama wrote that “Congress must pass comprehensive cybersecurity legislation” and that “We all know what needs to happen.”
However, in early August the U.S. Senate rejected cybersecurity legislation, with Republican members concerned that the bill would impose burdensome obligations on businesses.
The president has indicated that he is considering imposing the same cybersecurity measures by executive order.
“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed,” Presidential press secretary Jay Carney said.
This possibility does concern us.
Although computer malware poses a real and credible danger to U.S. interests, we also need to discuss how cybersecurity is going to be achieved. The use of an executive order to bypass the legislative process is of questionable constitutionality because it may violate the separation of powers mandated by the Constitution.
A step that creates such an extensive public-private partnership and involves the government so much in private decisions to provide security at least deserves approval after full discussion by a majority of both houses of Congress. We hardly think that the threat has risen to the level of “war” that would permit the president to engage in unilateral emergency actions to protect national security.
As the tech editor of the Daily Caller wrote recently: “The failed cyber security bill, which could be revived by Sen. Majority Leader Harry Reid when the Senate comes back from recess in September, would have given federal agencies in charge of regulating critical infrastructure industries like power companies and utilities the ability to mandate cybersecurity recommendations … An executive order would be another action from the Obama administration to extend executive branch authority over a largely free and open Internet.”