How about Estonian law with your morning cuppa’

DailyTimes screengrab

It’s like the Hotel California, you can subscribe any time you like but you can never leave.

It’s not often you start the morning with an international legal dispute, and that before one’s morning coffee. This morning, from the kitchen, I was treated with the dulcet tones of my wife arguing with the London Times about cancellation of her online subscription. It turns out they only accept cancellations from the US via passenger pigeon on odd Tuesdays which have a full moon, and then only when written in the blood of a recently slain unicorn. Ok, not really, but as we haven’t actually figured out how one successfully cancels a subscription, that may in fact be the cancellation policy. Pro tip – don’t subscribe to the London Times.

Anyway, the interesting thing about that kerfuffle is the degree to which the average consumer worldwide is entering into contracts with companies in other countries, ostensibly under the laws of those countries. As consumers, however, those individuals remain protected under the consumer protection and other laws of their respective countries (or, in the case of the US, an odd patchwork of federal, state, and local laws). As a result, even as simple transaction as a newspaper subscription or Facebook registration can give rise to significant legal cases with an international impact.

Many of those cases involve privacy and the EU-US privacy shield. Europe isn’t alone in its concern for the privacy of citizens, however, with a new decision extending the protections of Canadian Privacy to data disseminated outside of Canada (hat tip to Daniel Solove). While the US doesn’t really care as much (or perhaps at all) about privacy, there are laws like the Speech Act which attempt to protect US residents (in this case writers) from the effects of foreign laws which are against US public policy (in this instance, the right to free speech).

There are a host of other issues which arise from these contracts, however. Do companies like the Daily Times understand and follow US legal requirements like the Fair Debt Collection Practices Act or, in the case of selling (and upselling), the Telephone Consumer Protection Act? Even if they do, how does one collect a relatively small debt in a foreign country in an efficient and cost-effective way? In the other direction, Europe has extended its controversial “right to forget” worldwide, creating a compliance nightmare for Google and other big US tech companies, and an unresolved conflict for others without as much skin in the game in Europe.

The Internet makes international business possible from your kitchen table. What that means for public policy and protection for the consumer remains largely unresolved.

A cold wind on privacy

AMadison screenshot

Not just your moment; yours, Verizon’s, Amazon’s …

Standing outside in the chill of what passes for “spring” these days, with a cold breeze numbing the end of my uncovered ears (it’s SPRING for God’s sake), I listened to my fellow soccer parents discussing the merits of the Senate’s recent vote to rescind the FCC’s as-yet unimplemented rules on privacy for ISPs. Overall, I think most of the parents were pretty ok with the loss of some privacy in exchange for the perceived benefits of data sharing. Most of that had to do with the cool things technology can do when provided with access to data, like make sure your latté is ready before you actually arrive at Starbucks in the morning.

Listening, I was trying to think of why I’m not on board with that logic (other than the fact that I’m not a huge latté fan). Aside from the many concerning ways in which ISPs can and have used data, the bigger problem would seem to be that there’s no real guarantee that the data will remain with the ISP or their marketing partners.

First of all, big companies of all stripes are pretty terrible at keeping data secure. That means that, in addition to that cool relocation feature which allows you to pre-order a late on the drive to that early-morning soccer tournament, you may be letting hackers from the Ukraine into details about your life which may (or may not) allow them to hack into your bank accounts or determine the content of that highly sensitive e-mail you received.

Secondly, as lawyers well know, data of all types is discoverable in litigation, so those “innocent” late night visits to Ashley Madison may not be as private as you think they are. While much of that data is already available and discoverable from your e-mail provider or home computer, giving ISPs an incentive to keep and distribute that data certainly won’t improve matters any. Increasing the amount of data available also means more data available to the government, and while it’s nice to believe that only matters if you’ve done something wrong, that’s not always true. In Europe, the public and the courts have been fighting against mandatory data retention rules, even as the US arguably incentivizes the private collection of data.

For or against, there’s not much you can do to protect yourself against data collection – most Americans have limited choice in ISPs, and some have no choice at all. Short of running everything through a VPN, or simply not using the internet, it looks as though consumers have to get used to the idea that their traffic will be collected and shared by ISPs, the government, and pretty much everyone else who has access to it.

ESTA changes of status, or maybe you’re not going to Disneyland after all

ESTA Homepage screenshot

While most of the attention on the immigration front has been on the “travel ban” (or maybe not a ban, depending on who you’re listening to), there also appears to have been an increase in scrutiny throughout the immigration system. While reports of detention or increased inspection upon entry have increased, we are also hearing (mostly anecdotally) of increases in last-minute ESTA changes of status. Those changes – from approved to not approved – can wreak havoc on travelers to or through the US, and can result in significant costs due to rebooked or cancelled business travel or vacations.

For those who don’t know, ESTA, short for “Electronic System for Travel Authorization,” is a sort of pre-registration for travelers to the US who are not required to apply for a visa. These so-called “visa waiver” travelers apply for travel authorization online before traveling and generally receive a (relatively) prompt approval (as little as 4 seconds according to this blog). That authorization is good for two years. Unless, of course, it’s not.

Some unfortunate souls, either days before or even minutes before boarding their flight to the United States, find out that their ESTA status has changed, and that they will not be permitted to board a flight which stops in the US. That change can take place for almost any reason imaginable, or for essentially no reason at all, and likely reflects some sort of flag on the record which would indicate either that there may be a security issue or that the traveler is likely to remain in the US for longer than permitted. The options for appealing are very limited and often too slow to prevent costly interruptions in travel.

While there’s no way to prevent a last-minute change of status, travelers at an increased risk of additional scrutiny should consider applying for a B-visa for business or just to visit at their home consulate to help prevent any unwanted surprises. Generally, non-US citizens who meet any of the following criteria should seriously consider obtaining a visa before travel to or even through the US.

  • Individuals who have traveled to any of the countries which we’ve banned in the recent past, including Syria, Iran, Libya, Somalia, Sudan and Yemen (although I’d include Iraq for good measure)
  • Individuals with extensive travel throughout the Middle East in general, or who have resided for a period of time in the Middle East, particularly in countries which are less friendly to the United States
  • Individuals who have traveled very frequently to the United States, particularly for stays in excess of a few weeks.
  • Individuals who have been arrested, particularly for felonies or drug offenses

Other travelers should check their ESTA status before making reservation and again before leaving for the airport. Finally, while I’m not a huge proponent of travel insurance, travelers to the US, particularly those who meet the above criteria, might consider obtaining insurance which covers cancellations due to revocation of authorization to travel. Of course, as the new ban works its way through the courts things can and probably will change.

DMCA – After the counternotice


Sometimes throwing down the gauntlet does more harm than good

Once the counter notice is sent things get tricky – many customers think that, having sent the counter notice, the materials can be returned to the website immediately, but that’s not true. The materials must remain offline for ten days after receipt of a valid counter notice, whether they are infringing or not. This provision is definitely favorable to copyright holders, and annoying to those who have to work around the removal for that ten day period. That waiting period can be particularly impactful when the content is timely, since that ten day window can be just enough to ensure that the content is irrelevant by the time it can be returned to the website. Not surprisingly, we see a lot of questionable DMCA notices during tight political races.

Even more important to remember, if you’re the one sending the counter notice, is that you are essentially throwing down the gauntlet and daring the other party to sue you, since that’s the only way to prevent the return of the materials to the website. Before sending that counter notice, you might want to consider long and hard whether (1) the other party is likely to sue and (2) whether you can afford to defend yourself (and deal with months or even years of legal aggravation) just so that you can use that photo of a kitten cuddling with a hamster on your blog. All kidding aside, lawsuits are painful and expensive, and potential damages for copyright cases can be astronomical, so sometimes it’s better to fold even if you are in the right.

Having received the valid counter notice, the hosting provider will forward it back to the sender of the original notice, which starts the clock ticking on the ten day waiting period. At that point the copyright holder has to either sue or accept that the materials will be put back online. While the law tends to be on the side of a valid copyright holder, the same caveats as above apply – lawsuits are an expensive and messy way to resolve a dispute, and collecting on a large judgment from a blogger with an audience of his mother and three of his best acquaintances may be more trouble than it’s worth. Just today I received a withdrawal of a counter notice against a very large company, which strongly suggests that, rather than sue a small website operator, the company reached out and came to an amicable resolution of the copyright dispute.

That being said, sometimes a lawsuit is the only way to ensure the continued removal of the material. Once the lawsuit is filed, the provider of the notice must provide proof of the lawsuit to the web host, who will forward it to the customer. At that point the web host’s job is done, at least until the lawsuit is complete months or years down the line.

Hey, I’ve lost my company’s domain name!

Whois screengrab

I love me some VT 220 (ok, faux VT 220, but close enough)

The registration system for domain names isn’t really set up for corporate ownership, since the “owner” of a domain name is typically the person who is listed as registrant rather than the corporation. The down side of this system is something we see all the time, particularly with small companies – a domain name is registered by a well-meaning, tech-savvy employee (all too often in his or her personal account) and, when that employee moves on, the company is stuck without control over critical domain names and related accounts. If the employee is fired, it’s even worse, since the now-disgruntled employee may well have control over the company’s entire online presence for an indeterminate period of time.

While there’s no silver bullet here, there are a few best practices which make it easier to regain control over a domain under the control of a wayward (or simply unreachable) ex-employee. Those are:

  • Make sure the company name and address is listed as the Registrant, along with the name of an officer who is most likely to remain with the company. The tech savvy employee can be listed as administrator, to facilitate management of the domain without jeopardizing ownership.
  • Corporate web assets should be held in an account which is in the company’s name and paid for with a company credit card, and should be kept separate from other business or personal websites and domains.
  • Have an agreement in place making it clear that, upon termination of employment for any reason the domain name registrant and admin are to be changed to an officer of the company’s choosing. Ideally, this should be in a standalone agreement so you can provide it to the registrar without divulging hiring or salary information.
  • Make sure renewal notices and the like go to a generic e-mail address, ideally one which is monitored by more than one person, so that termination or resignation of an employee doesn’t result in a lapsed registration (although there are downsides to this as well).
  • Make sure someone other than the admin knows the password to the account (but be judicious, you also don’t want the password becoming generally known). For particularly active accounts, you may want to request a regular update confirming the password and listing all domain names along with expirations dates for the corporate account.
  • Make sure all domains are registrar locked against transfer and deletion

The above isn’t foolproof, since a knowledgeable or well-placed employee can manage to retain control no matter what the circumstances, and given that registrars differ in how they handle requests relating to domain name ownership. Also, be aware that some of the above suggestions may have downsides as well, so consider what’s best for your organization when determine who has access to accounts and how.

Of snow and “Acts of God”

IMG 4108

Once again, into the breach …

As we prepare for what weather forecasters are swearing will be a foot or foot-and-a-half of snow (I’ll believe it when I’m shoveling it off of my driveway), it got me thinking about snow and force majeure clauses in contracts. Yes, unfortunately, instead of sledding or snowball fights, that’s where the lawyer’s mind goes. Oh for the days of Calvin-esque excitement at the prospect of a heavy snowfall.

But I digress …

Force majeure clauses are those long paragraphs in contracts which refer to all sorts of horrible things which could happen, but likely won’t. For example, one picked at random from my files includes “acts of God, actions by any government authority (whether valid or invalid), fires, floods, windstorms, explosions, riots, natural disasters, wars, sabotage, acts of terrorism, or court injunction or order.” The term, adopted from the French for “superior force,” is meant to cover external events or circumstances which prevent timely performance of a party’s contractual obligations. The key issues are typically whether it the event prevents performance and whether the party in question has any control over the event or circumstances which caused the impossibility.

As with so many other areas of contract law, US lawyers have added language to these clauses which would seem to deviate from the original idea of an obstacle which simply could not have been foreseen or prevented. As one blogger noted, the drafting of these clauses has become “a kind of arms race, with drafters throwing in ever more scenarios [which] evoke someone’s fevered vision of the apocalypse. I half expect to see, one of these days, ‘the Rapture’ added as an element.” Frankly, I’m sure the Rapture has been added to one of these clauses before, although I don’t recall having seen it.

At any rate, that brings us back to snow. The coming snowstorm, as predicted, would probably qualify as a force majeure in this area, since it’s well beyond the norm (whatever that means for weather these days) and could well close many roads for 24 to 48 hours. Of course, whether that actually prevents timely performance or not depends on what you do for a living. As a lawyer, I can generally complete my work from my kitchen table if need be, so it would take more than just a snowstorm to prevent performance of my obligations unless the internet goes down. Construction workers, road workers, or others whose work depends on travel may well have an argument that force majeure resulted in a delay for which they should be excused. Where possible, parties to a contract should try to mitigate the effects of the force majeure wherever possible (as our milk delivery people are doing today by delivering our milk a day early, thanks, by the way). Fortunately for the local construction industry, the mild winter means many contractors are ahead of schedule, so a day or two of interruption might not matter as much. In that case, they may be fretting for bonuses lost because they can no longer finish as early as they might have, but that’s a topic for another post.

If it snows tomorrow, I plan to settle in in front of the fireplace with a hot coffee or tea and perform my obligations as best I can. Of course, that’s reckoning without the interference of a force majeure beyond anyone’s control, namely, my children, who will likely be home from school.

Blocking the ad blockers

IMG 5435

Munich (but not the appellate court)

Advertisers don’t much like adblockers, and publishers in particular see them as a drain on revenue necessary for the production of content.

One of the most popular ad-blocking plugins is the not-so-cleverly-named Adblock, by the more cleverly named German company Eyeo GmbH, based in Cologne. According to a recent report by German IT news portal heise online, a recent attempt by three German media outfits to take Adblock offline has met with skepticism by Munich’s appellate court. The plaintiffs (which include my “other” hometown newspaper, the Süddeutsche Zeitung, threw everything they could at Eyeo, from copyright infringement to antitrust, but the court doesn’t seem to have bought into it. At issue, among other things, is the “whitelisting” process which allows Eyeo to make money on blocked ads.

This decision may vindicate Eyeo’s partial loss against Axel Springer, and follows a win in Hamburg against Spiegel Online. Either way, it looks as though efforts to block the adblocker will make their way to Germany’s Supreme Court in Karlsruhe sometime next year. Having failed in the courts before, however, German media isn’t putting all of their eggs in one basket. In addition to technical measures, the industry group for German newspapers is also pursuing the legislative route to see off Adblock.

Efforts to block Eyeo in France also seem to have faded, and in the US there has been little in the way of legal action against ad blocking software, probably due to different antitrust and competition laws. Thus far Eyeo has won more of these battles than it has lost, so adblocking will remain a thorn in advertisers’ sides for some time to come.

DMCA – The counternotice

In this brief series on the DMCA notice and takedown procedures you’ve learned how to draft a (proper) notice and get it to the designated agent. Upon receipt of the notice by the designated agent, he web host will now review the materials and, if the notice is correct, ensure that the materials are removed from the website. It’s important to remember – the host is not checking to see if the copyright is infringed, it’s merely checking to see that all of the required statements are in the notice. If the notice is proper, in order to retain immunity the materials have to come down, even if they ultimately don’t infringe on anyone’s copyright. While that may seem unfair to customers who aren’t infringing on copyrights, it’s Congress’s compromise to ensure a (relatively) simple process.
The web host will forward the notice to the website owner, at which point the website owner can (and should) remove the allegedly infringing materials, since otherwise the host will have to do so. If the website owner wants to put the materials back online, the next step is to send a counter notice to the DMCA designated agent.

The elements of the counter notice are as follows:

(A) A physical or electronic signature of the subscriber.

As with the takedown notice, this is pretty much anything you intend to have serve as a signature.

(B) Identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access to it was disabled.

This element will be a repeat of the third element of the original notice, listing the links which lead to the allegedly infringing materials in their original location before they were removed.

(C) A statement under penalty of perjury that the subscriber has a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled.

As with the notice, this is language which simply has to be in the counter notice, so this will typically read something like “I have a good faith belief that the material was removed …” and then the rest of the paragraph.

(D) The subscriber’s name, address, and telephone number, and a statement that the subscriber consents to the jurisdiction of Federal District Court for the judicial district in which the address is located, or if the subscriber’s address is outside of the United States, for any judicial district in which the service provider may be found, and that the subscriber will accept service of process from the person who provided notification under subsection (c)(1)(C) or an agent of such person.

This one is a bit of a mouthful, but it’s actually pretty simple. First, the counter notice must contain contact information for the person providing the counter notice. Interestingly, whereas the notice provisions don’t necessary require any particular contact information, as long as the information is “reasonably sufficient,” the counter notice provisions specifically require the “name, address, and telephone number” of the person providing the counter notice.

The second part is another repeat of the language in the statute, although it’s a little more tricky. For counter notices filed from an address in the US, you might see something like “I hereby consent to the jurisdiction of the Federal District Court for the judicial district for the above address, and I agree to accept service of process from the person who provided notification under subsection (c)(1)(C) or an agent of such person.” It’s not pretty, and it would read better if you replaced the generic language with the actual judicial district (e.g., Eastern District of Pennsylvania), but most non-lawyers won’t want to to figure out the specific district in which they reside. Also, if the wrong district is named, the host might deem the notice improper and ignore it.

While US residents are consenting to be sued in their own home jurisdiction, non-US-residents consent to any location in which the web host (rather than the person who provided the notice) can be sued. That statement might read something like “I hereby consent to the jurisdiction of Federal District Court for any judicial district in which the service provider may be found, and I agree to accept service of process from the person who provided notification under subsection (c)(1)(C) or an agent of such person.” Again, you could put the actual service provider name and judicial district in the counter notice, but many service providers will be amenable to service in multiple jurisdictions, so it’s probably best to leave the generic language in there.

It’s very important to note that merely sending the notice does not result in the return of the allegedly infringing materials to the website – we’ll discuss this in detail in the next post, but the materials must remain offline for a period of time before they can be returned (if at all).

A Shot Across the Bow for H-1B Workers

In a move sure to upset many in the tech industry, the Trump administration has temporarily suspended the expedited processing of H-1B visas for a period of six months. H-1B visas are often used to bring in programmers and other technical personnel from overseas, and have been both heavily oversubscribed and heavily criticized in recent years.
It’s a little difficult to determine how much of an impact the delay in processing (from 15 days to three to six months) will have right now. On one hand, many of the applications received in April 2017 can’t begin work until the new government fiscal year begins on October 1, 2017 anyway. On the other, businesses who depend on H-1B workers skills will be reluctant to pin their business’s plans on a worker whose status won’t be known until well into the summer months. One thing is certain – US tech companies who are dependent on H-1B should start considering alternatives, since this is not likely to be the last attempt by Trump and the Republican Congress to limit the use (and abuse) of H-1B visas.

DMCA – A few things to remember


In the last post, I told you how to prepare a DMCA Takedown notice, but I also mentioned a few caveats. Some of those are:

  • As I’ve said before, make sure you have all of the elements of the notice. It’s really not that hard.
  • In a similar vein, don’t lard up the notice with a ton of extraneous language. Lawyers in particular love to do this, but typically it just makes things more complicated for anyone who has to read it and slows the process. Often, the longest letters also leave out critical elements, which means they are actually less effective than a straightforward, simple notice. No one needs the back story – if the item is infringing we don’t need to know that the website belongs to your Uncle Max, who snuck the photo from your grandmother’s basement.
  • The DMCA is a pretty easy way to take down content which is copied, but that also makes it tempting to use for items which you want removed but for which you do not actually have the copyright (e.g., that unflattering photo of you which was actually taken by someone else, or that photo in your grandmother’s basement which you probably didn’t take). You can be held liable for false or inaccurate DMCA notices, so keep that in mind.
  • The DMCA is not for trademark complaints, although some service providers ask for a trademark notice which incorporates some of the elements of the DMCA. Don’t be surprised if a DMCA notice for a trademark matter doesn’t result in an immediate takedown (or any takedown at all).
  • While DMCA notices are most often sent to web hosting companies (and Google), anyone who has third-party content on their website, from comments to contributions, can and should register a DMCA agent. Before sending a cease and desist to a website, consider whether the content is actually the website owners and, if not, check to see if they have a DMCA agent
  • Unfortunately, people intent on copying online materials will often change providers as soon as the first notices are received, so before sending that angry followup to the host make sure the materials are still hosted with them

Unfortunately, as many frustrated writers and photographers have found, combating copyright infringement online resembles a game of whack-a-mole, so you may have to prioritize your copyright battles accordingly.
Next, we’ll find out what happens after your notice arrives at the web host.