In a panel discussion on May 4, 2010, Google announced to the imminent launch of Google Editions, its system for selling digital books.  As reported by the Wall Street Journal, Chris Palma, Google's manager for strategic-partner development, explained that Google Editions will be reader independent so that the books will read on a variety of devices. More importantly, it will allow book retailers to sell through Google Editions on their own websites, "giving partners the bulk of the revenue" according to the Journal article.

The potential for retailers or vertically integrated publisher-retailers to sell directly without the intervention of Amazon or Apple will make Google's entry into the digital book market very significant for the consumer. University bookstores can reconceptualize the course pack with a digital download package keyed to each course section number. A student needs only plug in the course and instructor (or the section number) and the required and recommended texts will be available for the student. Simple, easy and branded for the college experience.

I have previously written extensively about the issues faced by Google this past year in its strategic planning. (See -

Posted by Jon M. Garon at 09:13 AM | Permalink | Comments (0) | TrackBacks (0)

Jon M. Garon, Wiki Authorship, Social Media and the Curatorial Audience, 1 Harv. J. Sports & Ent. Law 95 (2010).

Wikis have become an important source of information and a go-to destination on the Internet. The shared authorship and social editing represent an increasingly influential model for content creation and dissemination, which will continue growing in prominence for education, training, newsgathering and entertainment.

Posted by Jon M. Garon at 10:17 AM | Permalink | Comments (0) | TrackBacks (0)

In a recent post, I discussed the rather anemic FTC report on voluntary parental ratings and suggested that better standards are needed. The FTC has provided a much more pointed report on the concerns for virtual worlds, particularly regarding sexually explicit content in these worlds. The FTC Virtual World report includes the startling finding that "some virtual worlds designed for teens and adults allow – or even encourage – younger children to get around the worlds’ minimum age requirements."

Part of the difference between the two reports stems from the difference between sex and violence - sex can be obscene and is much more the focus of regulation. Violence is somehow more permissible in U.S. content. But sexually explicit material seems to pose a more obvious danger to children, particularly the youngest children. And sexual content comes from peer-to-peer interactions as much as from the creators of content, a more insidious form of abuse for the participant.

The findings, then are not surprising. The companies involved in virtual worlds are less responsive than their motion picture, video game and music counterparts. The voluntary efforts are less effective and more actively undermined by the companies in the field. This is certainly not true of every company and those who do well should be recognized. Parents should know more about their children's online activities and respond to those companies that intentionally cheat.

Ten-year-olds are told by their peers how to get past the controls on Facebook. (I know - it is amazing what the children in the back of the car will say, when the driver just listens without participating.) But the same behavioral advertising tools that allow vendors to know exactly when to send the birthday card seem never to be used to say "are you really three years older than you were when you signed up for the birthday club?"

The tools are available. A parent-centered behaviorial advertising model should be available to protect our children - even from themselves.

Does this sound like a First Amendment advocate has lost his focus now that his children are of that age? Not really. I'm not calling for virtual world police. But I am calling on the advertisers and publishers to give me tools to make my job easier and create presumptions of protection rather than presumptions of predatory conduct.

The default rules need to be designed to protect families; family profiles should enable computers to know who uses machines, so that when an under-age child logs on, the check against the family profile posted by me to my computer stops my child from lying about his age or at least sends me an e-mail asking if this is correct. The FTC also suggests that better language screening tools be employed for these sites and provides more suggestions.

Finally and perhaps most importantly, the 13-year-old line should not become the line of majority. Most of these sites should be adult-only sites. College students do not hang out with high school and junior high school students at dances or at the mall; neither should they do so online. Make sites more age specific. This may not necessarily 'clean up' high school virtual worlds, but it will at least separate out the activities among the peer groups.

More from the FTC:

“It is far too easy for children and young teens to access explicit content in some of these virtual worlds,” said FTC Chairman Jon Leibowitz. “The time is ripe for these companies to grow up and implement better practices to protect kids.”

The FTC surveyed 27 online virtual worlds – including those specifically intended for young children, worlds that appealed to teens, and worlds intended only for adults. The FTC found at least one instance of either sexually or violently explicit content in 19 of the 27 worlds. The FTC observed a heavy amount of explicit content in five of the virtual worlds studied, a moderate amount in four worlds, and only a low amount in the remaining 10 worlds in which explicit content was found.

Of the 14 virtual worlds in the FTC’s study that were, by design, open to children under age 13, seven contained no explicit content, six contained a low amount of such content, and one contained a moderate amount. Almost all of the explicit content found in the child-oriented virtual worlds appeared in the form of text posted in chat rooms, on message boards, or in discussion forums.

The Commission observed a greater amount of explicit content in worlds that were geared towards teens or adults. Twelve of the 13 virtual worlds in this category contained explicit content, with a heavy amount observed in five worlds, a moderate amount in three worlds, and a low amount in four worlds. Half the explicit content found in the teen- and adult-oriented virtual worlds was text-based, while the other half appeared as graphics, occasionally with accompanying audio.

Posted by Jon M. Garon at 08:49 AM | Permalink | Comments (0) | TrackBacks (0)

Only days after Amazon changed its refund policy in an attempt to settle a class action suit over Kindle eReader covers that had a habit of cracking the screens on the computers, Amazon finds itself in murky legal water after using its embedded software to delete books from consumer's Kindles that had been improperly sold to those customers.

As first reported by the New York Times, Drew Herdener, explained by e-mail that the company which uploaded the books to the Kindle Store had not acquired the rights to sell the books in the Kindle format.  “When we were notified of this by the rights holder, we removed the illegal copies from our systems and from customers’ devices, and refunded customers,” he said.

Oops.

Of course Amazon was obligated to immediately stop selling the bootleg copies of the books. It could even face copyright violations for the sales of those books. Worse still, it might have been obligated to inform the purchasers that they  had unintentionally purchased illegal copies and were responsible to destroy the illegal copies or face their own copyright liability. At that point, of course, Amazon would also be expected to refund the cost of those books and perhaps offer a coupon to those customers as a goodwill gesture.

But Amazon skipped the step where it informed its customers of the customer's obligation not to keep bootleg books. Instead, Amazon used its software to delete the books directly from the Kindle. As the New York Times correctly pointed out, the Terms of Service do not give Amazon the rights to exercise the self-help it just chose to use.

Use of Digital Content. Upon your payment of the applicable fees set by Amazon, Amazon grants you the non-exclusive right to keep a permanent copy of the applicable Digital Content and to view, use, and display such Digital Content an unlimited number of times, solely on the Device or as authorized by Amazon as part of the Service and solely for your personal, non-commercial use. Digital Content will be deemed licensed to you by Amazon under this Agreement unless otherwise expressly provided by Amazon.

Amazon's license does not include either self-help or revocation. If the Kindle is a networked computing device of the type protected by federal law, then the tampering with the content stored on that device could potentially be considered a federal crime. More likely, however, the interference with the devices done in a manner beyond the terms of service agreement will be considered a violation of the Federal Trade Commission Act.

Section 5(a) of the FTC Act, which provides that "unfair or deceptive acts or practices in or affecting commerce...are...declared unlawful." It is a broad, general catch-all. It was the statute that forced Sony to stop putting hidden encryption software on its music CDs, and will serve well in this case. Section 5(b) allows for administrative processes. Expect the FTC to respond to consumer complaints with an administrative process and an agreement by Amazon not to use its software tether in this manner ever again. Amazon will also pay a fine and the adminstrative costs of the investigation.

Whether this will satisfy the lawyers lining up to bring the class action lawsuit in this case remains to be seen. But I doubt it.

Given that the books deleted include George Orwell's Nineteen Eighty-Four, the lesson of a corporation being able to delete (or at least technologically - to alter) the text of a purchased book should not be lost on anyone. (A second irony is that a website has Orwell's complete works online.) This is more than a mere gaff. Amazon needs to be found liable for this mistake by a court or administrative process that makes it clear that companies cannot retain this right in their terms of service agreements.

So perhaps we should be thankful for the blunder Amazon has made. Deleting copies of Nineteen Eighty-Four should serve to provide another reminder of the liberties we take for granted and the technologies that have the potential to put those liberties at risk.

Posted by Jon M. Garon at 10:55 PM | Permalink | Comments (0) | TrackBacks (0)

Fortune Magazine covered the recent announcement that iTunes has crossed the 5 billion song download mark. "It took Apple (AAPL) nearly three years to sell its first billion songs (Feb 23, 2006), ten months to sell its second billion (Jan. 6, 2007), seven months to sell its third (July 31, 2007) five and a half to sell its fourth (Jan. 15, 2008), and five months to sell its fifth (June 19, 2008)." Moreover, the report states that 50,000 movies are purchased or rented daily. The apps store has been an even bigger hit, propelling sales of iPhones and the iPod Touch.

But Apple claims the iTunes store operates at just break even (though other reports suggest 10% to 30% margins, according to Fortune), including the movies and apps store.

Worse for the musician, the artists royalties for the less expensive digital albums reduce the price on which the artist's income is based.

So the artists need to take advantage of iTunes, Napster, and other online services while controlling more of their own marketing and revenue.  The elements for this new model are just appearing on the horizon.

First, there are the sell-thru services, CD Baby, Tunecore and ReverbNation. Each provides artists the ability to move their music directly through the major digital outlets. The pricing models all provide a greater return to artists than the artists would receive working with traditional record companies. But access to the audience is not nearly enough. Artists need the promotion and marketing services provided by record companies to the top of their roster.

The answer to the promotion may come from new tools in the semantic web. Google provides simple, word-based alerts, but those don't have predictive power. Instead, services from The Echo Nest, a music recommendation platform built to read the music and the music press like a musician. In addition Band Metrics builds a media analysis - social networks, blog, YouTube, and the related music press. Both these services fall into the vaguely defined (but critically important) semantic web.

The semantic model utilizes algorithms to "read" the web, including non-indexed information, develop predictive models and track interests. It is a powerful tool to develop behaviorial advertising and allow companies to know what you want to buy around the same time you do.

So it should come as no surprise that the next piece of the new music model is advertising-embedded music.

ReverbNation has jumped into these waters with its "Sponsored Songs" program, "a new online music distribution program that will give music fans access to unlimited free song downloads from 1,000 artists. Through this innovative pilot program, a passive advertisement is embedded alongside the album cover art that is seen by music fans when they play the song on their computer, portable device or phone. The advertising in Sponsored Songs travels with the fans wherever they enjoy their music - following them onto the subway, going with them to the gym, and showing up at the party - giving the advertiser frequent and regular brand exposure, and the fan free music."

Windows is the first advertiser to participate in this program. The 'free' music is at www.MySpace.com/Windows.

The advertiser-based song support makes good business sense for advertisers. Songs are a low-cost distribution tool for the advertising - far lower than television or motion picture product placement. The movement of music in peer-to-peer systems, social networks and on YouTube makes the advertising inherently viral and trackable. And the pricing can already be modeled on a per-copy basis. Music fans may not like the advertising-based music, but for now, at least, the ad-based music is just one option.

A robust music industry free of the traditional record labels needs some powerful marketing tools. The semantic web tools available to artists or independent labels will allow them to target the interested audience directly. Since the semantic web provides such a powerful tool for advertising, it is inevitable that as the semantic web tools improve, the advertisers will become increasingly interested in music as its delivery device.

So the new shape of the music industry is shaping up. Let's just be sure that the artists continue to be paid.

Posted by Jon M. Garon at 10:34 AM | Permalink | Comments (0) | TrackBacks (0)

Earlier this month, California asked the United States Supreme Court to hear a case concerning the constitutionality of its statutory prohibition to the sale or rental of violent games to minors.  At the district and federal court level, the case law has been uniformly against the position taken by Governor Schwarzenegger. In each case, the courts have found that video games are entitled to First Amendment protection and that the exceptions to the free speech rights of the video game producers (and their users) simply do not extend the concept of obscenity to obscenely violent games.

Of course, it was not all that long ago that the First Amendment was even applied to mere entertainment. (See,  Playing in the Virtual Arena: Avatars, Publicity and Identity Reconceptualized through Virtual Worlds and Computer Games, http://ssrn.com/abstract=1334950.) But as video games have become more realistic, the distinctions between games and other traditionally protected forms of speech - novels, music, photography and film - have dropped away, providing video games the same level of protection as other forms of entertainment.

To enable the cities, counties and states to regulate the video games, clever politicians drafted statutes that closely mirror obscenity laws in crafting anti-violent game laws. California's summary is typical:

California Civil Code sections 1746-1746.5 prohibit the sale of violent video games to minors under 18 where a reasonable person would find that the violent content appeals to a deviant or morbid interest of minors, is patently offensive to prevailing community standards as to what is suitable for minors, and causes the game as a whole to lack serious literary, artistic, political, or scientific value for minors.

As explained in California's brief before the Supreme Court, "[t]he respondent industry groups challenged this prohibition on its face as violating the Free Speech Clause of the First Amendment. The court of appeals affirmed the district court’s judgment permanently enjoining enforcement of the prohibition."

Similar statutes have been struck down in every case. Instead, the industry relies on voluntary labeling. As an alternative, voluntary labeling is little more than a political figleaf.  Voluntary labeling restrictions do little to discourage the purchase or rental of these games. Increasingly, the point of purchase for these products is through a computer download which gives parents little opportunity to review the content or discuss the appropriateness with their children.

So this returns us to the core question: should there be a legal standard for obscenely violent content, either for adults or for children? In my earlier article, Playing in the Virtual Arena, I made the following comment:

“[The Appellate Courts refuse] to label graphic content “obscene” to minors, finding that historically only sexual content can be deemed obscene. In doing so, the [courts reject] the attempt to make a new category of unprotected speech for violent content that is sold to minors, despite the lawful regulation of non-obscene sexually explicit content sold to minors and commercial advertising directed at minors. …

 

“While it is axiomatic that obscene materials (which have no constitutional protection for any reader) can be banned for children, the Supreme Court recognizes the state’s interest in protecting children from harmful speech that is beyond regulation for adults. While a modern court may demand a more substantial standard than that of Ginsberg, the interest in protecting minors from harmful content has not been repudiated.”

The simply phrased question presented to the Supreme Court is asking that this question be revisited. When California asks "Does the First Amendment bar a state from restricting the sale of violent video games to minors?" it is asking whether violence can ever be treated the same as obscenity.

As a frequent world traveler, I see media from across the globe. Many countries are much more comfortable with nudity and sex than we in the United States. Those same nations are shocked at the level of violence in our media.

I hope that the Supreme Court looks carefully at the question. I am distrustful of any government regulation of content and believe in a very expansive First Amendment. But the notion that violent content, no matter how repugnant is protected speech, while judicial panels can draw distinctions regarding levels of pornography simply makes no rational sense.

The question should be brought to the attention of the public. Certiorari should be granted and the debate engaged.

Posted by Jon M. Garon at 03:23 PM | Permalink | Comments (0) | TrackBacks (0)

The New York Times reports that the bitter lawsuit brought by Woody Allen against American Apparel and Dov Charney has ended on the courtroom steps with a $5 million settlement in Mr. Allen's favor. The settlement was half the initial amount sought by Mr. Allen.


According to the Times, statements by the two men showed the bitter personal nature of the dispute:

“Threats and press leaks by American Apparel designed to smear me did not work and a scheme to call a long list of witnesses who had absolutely nothing to do with the case was also disallowed by the court,” commented Mr. Allen. “I suspect this dose of legal reality led to their 11th-hour settlement.”

Mr. Charney, was unrepentant, explaining that "his insurance company had forced him to settle."

“I’m not sorry for expressing myself,” he said. “I wish him the best with his career, and I am looking forward to his next film.”

The arguments by Mr. Charney ignores both federal and state law, which generally prohibits the false and misleading inference of endorsement and the use of a person's identity for the commercial sale of products.

New York's privacy statute is the oldest statute of its kind in the U.S.:

    § 50.  Right  of privacy. A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the  name,  portrait or  picture  of  any  living  person  without  having first obtained the written consent of such person, or if a minor of his or  her  parent  or guardian, is guilty of a misdemeanor. 
 
    § 51.  Action  for injunction and for damages. Any person whose name, portrait, picture or voice is used within  this  state  for  advertising purposes  or for the purposes of trade without the written consent first obtained as above provided may  maintain  an  equitable  action  in  the supreme  court  of this state against the person, firm or corporation so using his name, portrait, picture or voice, to prevent and restrain the use  thereof;  and  may  also  sue  and recover damages for any injuries sustained by reason  of  such  use  and  if  the  defendant  shall  have knowingly  used  such  person's name, portrait, picture or voice in such manner as is forbidden or declared to be unlawful by  section  fifty  of this  article, the jury, in its discretion, may award exemplary damages.

Of course, even commercial content is protected by Free Speech. A true parody advertisement would be protected speech, even if it were used in connection with the sale of goods or services, but it is rare for a a product campaign to be true parody.

Particularly given Mr. Allen's history stopping such parody ads by other companies, the choice by American Apparel was odd and the decision to settle made sense - for the insurance company if no one else.

The contours of publicity rights are among the least defined in U.S. intellectual property law, but using a celebrity on a billboard to hock clothes is not. It comes with a $5 million price tag.

 

Posted by Jon M. Garon at 11:43 AM | Permalink | Comments (0) | TrackBacks (0)

Europe is headed for an internal culture clash as French politicians endorse an industry-backed proposal to battle online piracy by barring people who repeatedly download illegal content. Known as three-strikes laws, the proposed policies would allow an ISP to remove customers who have repeatedly ignored notices to stop illegal downloading.

The French proposal is more circumspect than some similar proposals in the U.S., though it is often described as more far reaching. As a law, the system has some procedural safeguards in place to provide for a hearing prior to the enforcement of the provision. At the same time, if enacted the rule will be positive law rather than merely a policy of a particular Internet provider. Potentially, this gives its adoption a much more powerful impact.

Even as France is moving in this direction, the European Parliament is moving to ban such laws. In fact, the EU went a significant step further, adding language stating that "internet access is a fundamental right such as the freedom of expression and the freedom to access information."

Despite my deep concerns over Internet piracy and its real impact on jobs in the U.S. and development of new artistic works in the U.S. and abroad, the Internet has simply become too integrated into the public's access to news, governmental services, and social interactions to adopt this policy approach.

Increasingly, government documents, public records, and other essentials are available only on the Internet. The Internet is an essential tool used by most educational institutions. Arguably those cut off from their ISP can rely on public libraries for their access, but those cut-off without water and electricity can also be directed to public shelters.

The question is not whether shutting off the ISP is appropriate, but whether it should be done without some significant oversight. To the extent that the French proposal requires an administrative hearing, such a system might work. To be viable, such a hearing must put the burden on the ISP to demonstrate that the person abusing the ISP is guilty of the misconduct and allow for the accused misuser of the ISP to enter evidence in his or her defense.

In the modern information age, the ISP has taken on the role of a public utility, and like electric companies, water suppliers and gas companies, the utility should have a heavy burden before it cuts users off. Also, the ban must be limited in time. The British proposal, for example, caps the ban at one year. Three  months would probably be sufficient for a first time offender unless the specifics were egregious.

The present proposals in the U.S. call for ISPs to control and regulate their users. This allows for none of the critical safeguards. The time-frame in which ISPs could have privately operated a three-strikes policy in the U.S. has probably passed. While Internet access has not been declared a fundamental right in the U.S., most of the public treats the Internet like a utility and any attempt to take self help will likely result in some form of utilities regulation.

The debate on this issue may continue for quite a while, but as the implications of a three-strikes policy gain attention, the popularity of this solution will likely erode.

Posted by Jon M. Garon at 11:30 PM | Permalink | Comments (0) | TrackBacks (0)

Just as the Red Flag Rules were about to go into effect, The Federal Trade Commission announced another delay, stating that the agency would delay enforcement until August 1, 2009.

As noted by the FTC, however, "announcement does not affect other federal agencies’ enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight."

The FTC explained its action as follows:

“Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further,” FTC Chairman Jon Leibowitz said.

Time will tell.

Posted by Jon M. Garon at 09:13 AM | Permalink | Comments (0) | TrackBacks (0)

In 2003, Congress passed the Fair and Accurate Credit Transactions (FACT). Pursuant to the Act, the FTC issued regulations known as the "Red Flag" rules to govern the banks, credit unions, or others that holds "consumer transaction accounts." It also covers creditors (which includes telecommunication companies as well as mortgage brokers, car dealers and many others). After many delays, these rules officially come into effect May 1, 2009.

The point of these rules is to combat identity theft. Any covered creditors must establish a written identity theft prevention program to prevent identity theft in their practices. According to the FTC, the rules fall into five categories:

• alerts, notifications, or warnings from a consumer reporting agency;
• suspicious documents;
• suspicious personally identifying information, such as a suspicious address;
• unusual use of – or suspicious activity relating to – a covered account; and
• notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.

These rules will originally scheduled to go into effect in November 2008, but had been delayed to give covered entities more time to put their programs in place. Theoretically, these programs should all be operating, but consumers are likely to see an increase in identity checks as companies begin to implement these programs with greater vigor beginning in May.

The FTC website "Fighting Fraud with the Red Flag Rules," though not the catchiest title, provides considerable help and guidance. I anticipate that given the FTC's role, these rules will quickly become best practices for all institutions holding identity data and that from there, the failure to meet those best practice could become an unfair trade practice if the situation were sufficiently egregious. In other words, the Red Flag Rules have the potential to be the national identity protection statute that has been missing for so long.

Even if it does not evolve directly into such a statute, state and even municipal lawmakers may look to these rules for guidance on additional legislation. This helps explain why companies were trying so hard to slow their adoption. But the time has finally come. Now we will see whether these regulations have any practical impact on the growing pandemic of identity theft.

Posted by Jon M. Garon at 06:55 AM | Permalink | Comments (0) | TrackBacks (0)

The Wall Street Journal reported on the accidental deletion of rankings for gay-themed books, ostensibly because of an internal cataloging mistake. As reported by the Journal, Amazon explained only briefly: "'This is an embarrassing and ham-fisted cataloging error for a company that prides itself on offering complete selection,' wrote Drew Herdener, Amazon's director of communications, in an email."

Reading between the lines, Amazon seems to have inadvertently relabeled all gay-themed works as adult material, a category for which it does not provide rankings. The same error is reported to have affected many health books as well.

The error highlights important phenomena regarding online content distribution. First is the importance rankings, and by extension, the entire editorial side of online distribution. The tracking of rankings does not reflect merely the vanity of the authors. Instead, the data provide significant sales information that authors and publishers can use to shape marketing strategies. The transparent nature of the rankings provides information on every book rather than merely one's own books. This gives every author tools that were once held by only the largest publishers.

Second, authors and publishers raise these concerns because of the assumption that readers rely on the rankings to make their choices. Shopping for books, movies or music is a highly subjective process. The cover artwork, packaging notes and reviews all have some influence on the decision to select one item over another. But into this mix comes the pressure to be "current" within our chosen genre. All things being equal, a buyer wants to select the item that everyone else in their interest group is also reading, watching or listening to. (There is another group that wants to be opinion shapers, selecting the newest works, but even here the publication data and rankings shape the selection. Rediscovering back catalog works is a much harder way to influence opinions.)

The reality of the importance of rankings tends to undermine the "Long-Tail Hypothesis" that the Internet will result in greater longer term life spans for creative works. The Internet is great at generating market segmentation, so that one's relevant rankings can be focused on lesbian autobiography, Samaritan religious theory, or quantum astrophysics without the category being lumped into a broad, general topic and lost. But newest and most popular will still apply within each category. While a consumer can theoretically find anything, the editorial tools will not send consumers into the digital stacks.

This leads to the last and most important insight from the controversy. The cataloging is an editorial process, subject to decision-making by the retailer. Amazon has elected not to provide ranking information to its adult selections. Why? Is it afraid of promoting Lady Chatterly's Lover (or its hard-core equivalent)? Walmart is known for controlling the stock in its physical stores and banning albums depending on the content or artwork on the cover of some popular bands. In the same way, the New York Times best seller list is an editorial process which excludes works like the Bible and Complete Works of Shakespeare out of the results. It does not necessarily reflect sales tracking data.

There has been the impression that Internet retailers like Amazon, Netflix, iTunes and others are less involved with editorial and economic selectivity than their physically constrained counterparts. But this is not the case.

So when reading the rankings in the future, we should be careful to remember that the rankings and categories, the popularity and even the availability have all been influenced by real people.

The ham-fisted editorial mistake may ultimately be remembered the most for its brief lifting of the curtain. We have been given a glimpse of the wizard and his hot air balloon.

Posted by Jon M. Garon at 01:39 AM | Permalink | Comments (3) | TrackBacks (0)

 Data mining, deep searching, and other clever names are being developed for the process of looking into the "deep web" - the other 90% of the content stored and retrievable on the Internet. Of course, much of that information should not be retrievable by everyone.

So for those of us not ready to 'get over it' and concede that our information is an open book, EPIC has shot the first salvo at the largest of targets:

EPIC Petitions FTC to Investigate Google, Cloud Computing Services

EPIC has formally asked the Federal Trade Commission to open an investigation into Google's Cloud Computing Services -- including Gmail, Google Docs, and Picasa -- to determine "the adequacy of the privacy and security safeguards." The petition follows the recent report of a breach of Google Docs. EPIC cited the growing dependence of American consumers, businesses, and federal agencies on cloud computing services, and urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines.(Mar. 17)

 

Google does many good things, but it is still an advertising company dedicated to finding out about consumer behavior and tailoring expensive advertising towards its users. Advertiser scrutiny is increasingly important, and I expect this action will grow in the coming months.

Stay tuned.

Posted by Jon M. Garon at 11:53 AM | Permalink | Comments (0) | TrackBacks (0)

What Privacy Now Means to Me

In Fall 2008, I traveled with my family through mainland China and Hong Kong. It was a wonderful trip, providing us with insight into a culture very different from those we have lived with in California, New Hampshire and Minnesota. Not only did we learn about “Asia” but we learned the many differences between China and Hong Kong, Beijing and Shanghai, rural and urban, North and South, and Han and minorities – to name just a few.

In another column, I’ll talk a bit more about my talks at various universities. (These were: University of International Business and Economics in Beijing; East China University of Political Science and Law, Shanghai; Beijing Normal University – Hong Kong Baptist University – United International College; and the University of Hong Kong.)

Perhaps the most striking experience of the entire trip occurred the first day. As we met our guide in Tiananmen Square (天安门广场), dozens of tourists and locals began taking photographs of our nine-year-old son.

Most people asked politely if they could take a picture, while others sneaked their shots without acknowledging their interest.

As the trip continued, shopkeepers and passersby regularly pet my son’s curly hair, asked for pictures or just beamed at us. Others marveled that we traveled with two sons – few individuals in Mainland China dare to violate the one-child policy or enjoy the luxury of siblings.

While I’m sure my son is not nearly as well photographed as Yao Ming of the Houston Rockets, his picture has become quite prominent throughout photo albums and on Baidu (百度 )China’s premiere search engine.

Most importantly, my son enjoyed the attention. We never required him to pose. We also did not give out our names. The lack of physical privacy was balanced by a sense of anonymity so that the photographs were never a cause for any concern. The people taking the photographs were almost always polite and respectful of our privacy. The invitation to pose with them created a new sense of community and belonging that added to our experience.

Talking with some parents about the trip, we have been asked if we were concerned that the attention would encourage predatory behavior. Of course this is a fear that every parent has, but it is a not a statistically significant fear, according to a recent study by The Berkman Center. But like other statistically insignificant fears – airline accidents, for example – the relatively low incidence rate must also be compared to the horrific consequences caused by any incident. As a result, attorneys general from across the country have forced MySpace, Facebook and other sites into “voluntary” efforts to expunge registered sex offenders from their membership rolls.

Since returning to the U.S., I have been assisting companies (and individuals with websites) to update their privacy policies and data practices. Social networks such as MySpace, Facebook and Linked-In have learned the same lessons that we learned on our travels. To provide a reasonable privacy policy, the individuals identified must be comfortable with how their pictures and information are to be shared. At times, this means that anonymity is sufficient to allow posting of pictures. More often, however, it means creating a level of restriction that provides confidence that the material posted is available only for its intended audience.

As a practical matter, website operators must recognize that privacy protection is a matter of trust for the online community created by that site. Failure to maintain that trust will result in a loss of support well before any legal consequences start.

So here are a few of the necessary steps that website owners should consider when posting photographs of individuals or private information about those people. The five key principles recommended by the U.S. Federal Trade Commission are:

1. Take stock. Know what personal information you have in your files and on your computers.

2. Scale down. Keep only what you need for your business (or your website).

3. Lock it. Protect the information that you keep.

4. Pitch it. Properly dispose of what you no longer need.

5. Plan ahead. Create a plan to respond to security incidents.

The FTC guidelines are applicable to every business and every personal website.

Taking Stock: Website owners must know what private information they have accumulated. This means knowing when they have received names, birth dates, addresses, social security numbers, credit card numbers, passwords and other sensitive data.

--     In 45 states, the accidental release of private data (through error or third-party theft) requires a mandatory report regarding the theft of that information to the state’s attorney general and the individuals affected.

--    Efforts are underway to prohibit the use of social security numbers for other forms of identification.

Scale Down and Pitch it: General information and trend data are becoming increasingly valuable as an asset to understand consumer behavior. But the underlying individual information is less valuable to companies who own that information. Particularly if the information held includes data regarding minors, health care, financial services, or other protected information, the obligations to maintain the integrity and security can only be eliminated if the information is properly expunged from the company’s files.

Lock it: Thieves are attracted to vulnerable targets. The information that is publicly available without any authentification should be information for which the entire world should have access. If a site includes personal photographs, dates of birth, social security numbers, passwords, credit card information, unpublished addresses or telephone numbers, or any other form of protected personal information, then the website must be structured so that each page can be viewed only by authorized users.

--   If there are no efforts to restrict a website, then very few of the legal protections for data are available in the event of misuse of that data.

--  Depending on the manner in which the data was gathered, the failure to provide reasonable restrictions may result in liability for the host website.

Plan ahead: The importance of trust in the online community should serve as a sufficient inducement to be forthcoming when security breaches occur. Since there is mandatory reporting regarding the theft or loss of private information, the website operator must know what has been stored, who may have been impacted by any data loss, and how to minimize the risks.

We chose to let my son have his picture taken while we traveled through China. We usually said yes, but occasionally demurred. We also choose where to post our family photographs, where to conduct online business, and who we trust.

So long as the companies and individuals who host the websites we frequent meet the FTC guidelines for protecting my family, I hope we all continue to promote these sites and encourage their use. But to protect all of us, we must be sure to remain selective. The obligation to protect privacy is not restricted to the large social networking sites. Every picture posted creates a choice regarding privacy for those in the photograph.

We learned about many differences in China. The invitations to pose for pictures and become part of a shared experience made for a wonderful journey. In the same way, the role of a website is to invite its users into that shared experience and respect the boundaries the users wish to establish. Without too much effort, every company or personal website can make their privacy practices a tool to build community and trust. Planning ahead, taking stock of the information, and keeping it safe are the simple steps to build a better virtual world.

Posted by Jon M. Garon at 10:11 PM | Permalink | Comments (0) | TrackBacks (0)