Archive for the 'Internet Law' Category

13
Dec
16

VISA Cracking Down on Shell Billing Companies with New Restrictions

There was a time not so long ago when adult website operators created “billing companies” in favorable jurisdictions, whose sole purpose was to bill customers for services provided by the operator, and remit the settled funds to the operator.  The customer was typically indifferent to the identity and location of the billing company, so long as the payment went through and the products or services were delivered.  However, credit card associations have become increasingly insistent that Merchants have a physical location, and be organized where business is actually conducted.  Concerns with consumer protection, fraud, and money laundering have now resulted in tighter restrictions on the identification and location of Merchants’ operating companies.

In August, 2016, VISA issued a “Clarification” of its Core Rules regarding the location of Merchant Outlets.  Effective in October, 2016, any Merchant Outlet involved in Electronic Commerce is required to have a Permanent Establishment through which transactions are completed.  If only digital goods are sold, the Merchant must use the country where the principles of the company actually work.  The Merchant must also hold a valid business license, maintain a local address, and pay applicable sales taxes.  The Merchant’s address for cardholder correspondence must be clearly displayed on the checkout screen, along with various shipping and refund / cancellation policies.

Presumably, these rules prohibit website operators from simply incorporating a billing company in a jurisdiction like the United States, if the principles work in other locations.  Moreover, “shell” corporations with no business license or physical address would be prohibited from serving as a Merchant’s operating company.

More recently, based on information from multiple sources inside the payment processing industry, VISA EU intends to implement new rules that are scheduled to take effect on January 31, 2017.  These rules carry potentially heavy burdens for affected Merchants and Sub-merchants, as they will require companies to show a presence in their country of incorporation and to also retain at least some of their processing funds there rather than settle all those funds to another jurisdiction.

Non-compliance with these restrictions can be crippling.  A first violation carries a €50,000 fine, albeit suspended until the end date of the cure period.  A second violation within 12 months of the first is €100,000, with a monthly increase thereafter of €150,000 above the prior month’s accumulated penalties (e.g., at month 3; €300,000 and so forth).

The new rules can be summarized as follows:

  1. The Merchant’s country of incorporation must be within the Acquirer’s Territory;
  2. A majority of the Merchant’s directors must be in the Acquirer’s Territory;
  3. The Merchant must have a valid address in its country of incorporation, within the Acquirer’s Territory; the incorporation agent’s addresses cannot be used;
  4. The Merchant must pay corporate tax, sales tax or VAT as required by its country of incorporation (within the Acquirer’s Territory);
  5. The Merchant must have a bank account to be used for settlement purposes in a country within the Acquirer’s Territory;
  6. The domain name must be owned by the Merchant or a parent, sister or subsidiary of Merchant;
  7. The Merchant must disclose its location before the customer completes the card transaction, either on the checkout screen or on a screen in the checkout sequence;
  8. The Terms and Conditions must clearly state that the services are provided to the customer by the Merchant, and by no one else, and that all inquiries or complaints be directed to the Merchant; and
  9. Merchants that are not compliant by January 31, 2017 can be subject to fines (see above for the fine schedule).

The increased scrutiny of cross-border transactions, along with the new VISA restrictions, may require substantial business restructuring by some website operators.  Given the relatively brief window before these rules take effect, affected operators should consult with their business, accounting, and legal professionals promptly to begin compliance planning.

08
Jul
16

Stolen Moments – Addressing Webcam Show Piracy

Many webcam performers have experienced a new trend in online piracy – the illegal recording and publication of live webcam performances.  The “business model” is disturbingly simple:  sign up to purchase or view a live webcam performance on any number of webcam networks, use current screen capture technology to record the performance, then distribute the performances on numerous pirate websites hosted in some remote jurisdiction.  Throw in a remote proxy server for good measure, and start generating traffic to a website populated with stolen performances.  Offer a tease of the content for free, and encourage the user to download the entire performance from a file locker for a price.

The webcam performer is victimized because his or her content is stolen, but the webcam network is also impacted because users can watch recorded “private” performances of their favorite cam stars without paying the typical fee for live viewing.  The stage name of the performer and the brand name of the network’s website are often included in the URL’s generated by the pirate sites, thus resulting in potential trademark infringement against both parties.

So what can be done about this new brand of piracy?  The first step is to sort out who owns what. The webcam network’s Model Agreement will typically state which party retains the copyright to the performances.  Most often those rights will remain with the performer, who will provide some sort of license to the network permitting publication. That means the performer is the party that possesses the legal right to take action for copyright infringement.  Performers who retain copyrights to their performances typically cannot rely on the webcam networks to enforce those rights.  In some circumstances, the performer can authorize the network to take certain steps to enforce his or her copyrights, but not without additional agreements or assignments.  Only the proper party should attempt to take legal action against a pirate camshow site.

The most common initial response to this type of copyright infringement is transmission of a notification of infringement under the Digital Millennium Copyright Act (i.e., a “DMCA notice.”)  Importantly, a DMCA notice is only legally effective when sent to a third-party providing services to the infringer.  DMCA notices should not be sent to infringing parties, directly. The intent behind a DMCA notice is to force the online service provider (such as a host or tube site) to stop providing services to the party committing the copyright violation.  In the business model described above, the DMCA notice would properly be directed to the file locker providing the file storage and download service, not to the infringing site itself.

When pursuing the infringing party directly, the proper legal vehicle is a Cease and Desist demand (“C&D demand.”)  A C&D demand is designed to put the infringer on notice that they’ve been caught, and to demand that the infringing content be removed from circulation.  Typically, a C&D demand reserves the right to sue for damages, or seek other remedies, even if the material is promptly taken down.

Both DMCA notices and C&D demands are relatively inexpensive, and can often be effective.  While the pirate camshow sites frequently hide in jurisdictions with lax copyright enforcement policies, the operators often choose to respond to formal legal notices (sent by proper parties) rather than risk a potential lawsuit.  From their perspective, there’s plenty of other content to be stolen, so discretion is the better part of valor when faced with a valid infringement notice.

Naturally, some pirate camshow sites will refuse to respond to legal notices, and call the copyright holder’s bluff. While this can be frustrating, claimants should make sure they have evaluated all possible service providers for purposes of DMCA notices, including hosts, domain privacy service providers, file lockers, tube sites, proxy service providers, content delivery networks, etc.  Only parties who can control the infringing content are required to process DMCA notices. But loss of essential services can result in quick compliance.  Equally important is thorough investigation into all relevant contact points and addresses. A legal notice sent to the correct physical address frequently gets an infringer’s attention.

For some copyright or trademark holders, the filing of a lawsuit for intellectual property theft will be the final solution.  While litigation is expensive and uncertain, permitting rampant theft of copyrighted performances is likewise unacceptable.

As the popularity of live camshows increases, so does the interest in pirating this content. Intellectual property holders are encouraged to consider their available options when addressing the newest flavor of online piracy.

11
May
16

Website Reporting Obligations under Federal Law

Introduction

Adult website operators are typically familiar with the obligations imposed by Title 18 U.S.C. § 2257 (“Section 2257”) which mandates the compilation and maintenance of certain records relating to the production of sexually explicit content.  Less well known, but equally if not more important, are the reporting obligations imposed on certain website operators under 18 U.S.C. § 2258A.  This federal statute requires “electronic communication service providers” such as hosts, forums, dating sites, tube sites, and advertising networks, to report any apparent violations of child exploitation laws, to the CyberTipline; http://www.missingkids.org/cybertipline/, operated by the National Center for Missing and Exploited Children (“NCMEC”).  The following is a summary of those reporting obligations.

 

What Violations Must Be Reported?

Qualifying service providers must report “apparent” violations of federal laws relating to child exploitation or child pornography.  No specific definition of what constitutes an apparent violation is included in the statute.  However, as discussed below, there are benefits to erring on the side of submitting a report in questionable cases.

 

When Must the Report Be Made?

The report to the CyberTipline must be made as soon as reasonably possible after the website operator obtains actual knowledge of any facts or circumstances that a violation of the relevant laws has occurred in connection with the operation of the site or online service.  While no specific time frame is included in the law, the statute contemplates prompt reporting of suspected violations.

 

What Must the Report Contain?

There are 2 types of reports that can be submitted: a public report, or a secure, private report by a registered service provider.  The registration process requires that certain information about the service provider be voluntarily submitted. The secure report permits uploading of images, and provides a receipt confirming the submission.  Service providers are encouraged by NCMEC to register and submit secure reports by submitting an email to its coordinator at espteam@ncmec.org.

The report must include certain categories of information:

  • Identifying information about the individual responsible for posting or transmitting the images, such as IP address, or email address (including any self-reported information submitted by the user).
  • Historical information about when and how the user posted the illegal content.
  • A description of how the violation was discovered by, or reported to, the service provider.
  • Geographic location information relating to the responsible user such as billing address, IP address, or zip code.
  • The suspected images themselves. Note, all “associated images” must be preserved by the service provider as well.
  • The complete communication relating to the suspected images, including any data, digital file, or other information relating to the transmission of information.

 

What Other Obligations Apply?

In addition to reporting suspected violations, the service provider must preserve the  NCMEC report for a period of 90 days, plus an additional 90 days if requested by NCMEC.  The full contents of the NCMEC report must be preserved, along with any other images that are “comingled” or “interspersed” with the suspected images.  Read broadly, this could include all images that appear on a given web page, or which are uploaded by a particular user into the user’s folder or directory.  The website operator must also take steps to keep the preserved material in a secure location, and limit access to the material by its agents or employees.  Finally, operators must permanently destroy any reported images upon the request of law enforcement.

Importantly, the statute does not impose an obligation to monitor any user or the content of any user.  Moreover, there is no obligation to affirmatively seek out potential violations of the applicable laws.  In other words, service providers are not required to become child exploitation investigators.

 

Why Should the Report be Filed?

Affected website operators might ask themselves why they should get involved in submitting reports to law enforcement, relating to their users’ activities.  The most obvious answer is because the law requires such involvement.  Failure to report suspected violations is a criminal offense which can result in the imposition of substantial fines.  Moreover, federal law provides a form of immunity from civil or criminal prosecution for the service provider, in connection with the submission of any reports to the CyberTipline.  See, 18 U.S.C. §2258B(a).  However, this legal protection can be lost if the service provider engages in any intentional misconduct, or if it acts (or fails to act) with actual malice, or reckless disregard for injury to others. §2258B(b).

Conclusion

Certain popular online business models trigger compliance obligations with a wide variety of federal statutes and regulations.  Among them are the statutes imposing reporting obligations to the CyberTipline.  Affected website operators are encouraged to educate themselves regarding the details of these requirements, to avoid inadvertent violations and to foster a cooperative relationship with agencies investigating instances of child exploitation.

29
Dec
15

Close Up the Internet and Repeal the First Amendment

You know elections are upon us when politicians start talking about wanting to “close up” the Internet, or censor Twitter and Facebook.  Throw in a couple terrorist attacks and you have the perfect storm for loss of cherished First Amendment rights.

Donald Trump’s suggestion that America should consider “closing up the Internet in some way to fight Islamic State terrorists in cyberspace” illustrates the danger lurking around the corner for any disfavored speech.  In the early days of the Internet, the U.S. government took the lead in attempting to censor ‘indecent’ online communications, by passing the “Communications Decency Act (“CDA”).” Deemed the “Great Internet Sex Panic of 1995,” politicians in that time saw adult websites as a threat to the foundations of society, so they attempted to “close up” that part of the Internet.  What remains of the CDA is now often cited as a protection of free speech (i.e., “Section 230”), but the bulk of the legislation, which prohibited indecent Internet content, was struck down by a unanimous Supreme Court in 1997.  The Court could spot that blatant censorship attempt a mile away.

Now the Senate is considering legislation that would force social media companies to monitor posts, and report any “terrorist activity” to the government.  Sen. Diane Feinstein did some investigating and found that while sites like Facebook, YouTube, and Twitter take down content in response to valid abuse reports, they do not proactively monitor their networks, or report suspected violations to the government. “I think they should,” she said at a recent Judiciary Committee hearing.  Of course, the entire legal premise on which most online service providers operate is that they are not required to monitor the content of third party posts, or scour their networks for references to potentially unlawful activity.  Imposing that kind of burden could easily bring Internet traffic to a screeching halt, given the manpower, expense, and legal risks associated with operating an online service under those conditions.

However, the government has been busy laying the groundwork for imposing the burden of monitoring and censoring online speech in numerous ways; beginning with the startling life sentence handed down against the operator of SilkRoad.com, the passage of the SAVE Act, the criminal prosecution of escort advertising networks, and the intimidation of credit card processors associated with Backpage.com (later found to be unconstitutional). Each of these actions represents an attempt to hold an online service provider responsible for third party posts or advertisements.

Some of those calling for the proverbial heads of social network operators for permitting uncensored use of their networks rely on a provision of the USA Patriot Act, which prohibits anyone from providing “material support” to a terrorist organization.  If this action is prohibited, how can Twitter get away with providing a network for distribution of jihadist propaganda? Or so the argument goes. Despite Supreme Court Justices expressing some “grave concerns” with the constitutionality of that prohibition under the First Amendment, the law was upheld in 2010.  Thus began the gradual chipping away at what used to be a clear prohibition on criminalizing political speech.

Others who are upset with an open marketplace of ideas cite to legal obligations imposed on Internet service providers to remove and report child pornography, or take down reportedly infringing material under the DMCA, as evidence the government already has the tools it needs to create a valid, online censorship regime. Each of these instances can be distinguished from the wholesale prohibition of online communications envisioned by those desperate to find a quick fix for the complicated threat of terrorism facing today’s world populace.  Child pornography falls into one of the rare, historically unprotected categories of speech, given its unique, horrific nature – and the fact that it records the criminal act of child abuse.  DMCA takedowns do not involve censoring speech by the government, but the civil enforcement of intellectual property rights by copyright holders.  The targeted material may still be protected by the First Amendment, but owned by someone with superior rights to control its distribution. Mixing all these potential ‘options’ into a big, convoluted soup encourages the talking heads and politicians to conclude that there “must be a way” to close up the Internet, and keep us safe.

Renowned enemy of the First Amendment, Eric Posner, uses the threat posed by ISIS to promote “new thinking about the limits on freedom of speech.”  His latest attack on one of civilization’s most sacred values proposes a law that would criminalize access to websites that glorify or provide encouragement for ISIS.  Aside from the fact that true jihadists would likely use encrypted communications to evade detection, and investigators would lose the ability to monitor and track threatening communications, censorship never works and often backfires.  Typically such laws call more attention to the censored speech or inadvertently silence opposition views as well. History proves that the cure for bad speech is more speech, not censorship.  While recent calls to clamp down on free speech rights have been effectively mocked by civil libertarians, the proposals are becoming too frequent for comfort. Should one of these proposals gain traction, be prepared for a demand to block some type of erotic speech that a legislator decides is too extreme for his or her tastes. That’s exactly what happened when Iraq started blocking terrorist’s speech earlier this year – the ban on pornography soon followed.

In any other time, the author would conclude this article with a calming observation that the First Amendment protects offensive and even hateful speech, and that would be the end of it. The calls for censorship would eventually be quelled by cooler heads that were well-grounded in constitutional restraint on governmental power.  But we live in a time when Yale University students are perfectly willing to sign a petition to repeal their First Amendment rights (including the right to petition). We also exist in a world of trigger warnings, safe spaces, and abundant micro-aggressions, where university professors call for some “muscle” to kick journalists out of public protests.

The First Amendment was once held sacred – particularly when it came to online communications.  The Internet was everyone’s soap box, where the speaker didn’t need big media money to get a message out. The courts acted quickly to strike down laws that conflicted with free expression rights. However, in a time when 34% of poll respondents say the First Amendment goes too far, and the same percentage have no idea what rights the First Amendment protects, the bedrock principles that have formed the basic protections for online speech are on shaky ground.  Let’s hope they survive another election cycle.

31
Mar
15

Stealing Website Terms & Policies – Not the Best Idea

The Internet has become a notorious breeding ground for poaching others’ intellectual property. While all forms of IP infringement are discouraged, one in particular can create a massive headache for Internet businesses: misappropriation of another website’s Terms, Conditions, Policies & Disclaimers; and/or more broadly, legal web documents. While many may be enticed to simply swipe another’s Terms to avoid the legal costs of having an attorney draft brand new web documents, it’s simply not worth the risk.

Initially, there is the very obvious problem that another website’s Terms likely will not apply to your business. At the broadest level, different websites operate different business models and each set of Terms is ideally drafted for only one website running a specific business model. Similarly, even if the website operations are similar, there is always the possibility that Terms lifted from another website are outdated or flawed. The site that posted the stolen terms may, itself, have lifted them from another inapplicable site, or may be relying on Terms that were drafted before important legal development occurred.  A few years is like an eon for Internet Law, and much happens in a short period of time.  Cases decided in the last year have had profound impacts on how Terms directed at consumers should be drafted and implemented.

Even if parts of the lifted Terms are up to date and relevant to your business model, certain very specific clauses could be inapplicable, causing problems in relationships with your users. For example, billing provisions, dispute resolution options, and choice of law clauses are all areas which require specific and careful review before posting within legal web documents. Using another state’s (or nation’s) laws, or consenting to be sued in another remote jurisdiction, can have disastrous consequences for your business in the event of a dispute. Even claims brought by non-users can be impacted by these venue and choice of law provisions.

There is also a danger with broadly copying and pasting another website’s legal policies when it includes the name and contact information of the original company. Often this information is buried in the “fine print” or in a copyright disclosure, and easy to miss. Aside from being a clear indication of a copyright violation, this type of wholesale copying can invalidate the entire agreement because it is formed with a completely different entity than the actual website operator. Court’s will not overlook this type of plagiarizing.

A specific issue that our firm routinely sees with legal policy theft is inadvertent copying of a DMCA notice & takedown policy, identifying someone else’s designated DMCA agent.  Posting someone else’s DMCA policy can result in a complete loss of DMCA safe harbor, and the fraudulent suggestion that someone is acting as your DMCA agent, when they are not.  This is a large problem for “while label” programs, wherein the “white labels” erroneously presume they have permission to utilize the sponsor’s Terms or web documents, but usually, that’s not the case. More importantly, even in situations where the sponsor explicitly gives permission for the use of their Terms, use of the DMCA agent listed in the sponsor’s Terms is typically not part of the deal. Absent a specific agreement by the designated DMCA agent to act on your behalf, it is not likely that DMCA notices directed to your site will be processed in accordance with federal law.  DMCA agents must file a designation with the U.S. Copyright Office listing all sites subject to the designation.  Your posting of a copied DMCA policy will not suffice to trigger safe harbor protections, or give any notice to the DMCA agent that your site should be included in a designation. This form of copyright theft has severe consequences to any online service provider, even if the copyright holder never discovers the infringement.

As noted above, being sued for copyright infringement is a significant risk of stealing another website’s Terms. Merely changing a few words here and there will not prevent the stolen Terms from being considered a derivative work, and thus still owned by the original author. Statutory damages in a copyright infringement action can be anywhere from $750 to $30,000 per work, and up to $150,000 per work for willful infringement. Each stolen document would likely be considered a separate work. Attorneys fees will often be awarded in addition to damages. Risk of litigation isn’t the only consideration, however: the public perception that comes with using a competitor’s legal work can negatively and significantly impact credibility, both with consumers and in the industry, generally.

Developing your own set of website Terms and other legal web documents is important beyond the reasons listed above. A well-drafted set of web documents creates clearly established policies for both users of the site and third parties; the latter through documents outlining Subpoena Compliance and the site’s DMCA Notice and Takedown Policy. Legal protections like Section 230 protection, DMCA safe harbor, and sometimes Section 2257 exemptions, will be impacted by proper legal terms.  Quality web documents can help outline potentially unlawful uses of the site, protect intellectual property, allocate liability, and provide important disclaimers. Finally, as noted, paying careful attention to important provisions such as choice of law, dispute resolution, and any applicable arbitration and/or mediation requirements is critical for protecting your online operation.

While an experienced Internet attorney will require compensation for drafting important legal terms, often the process of discussing these documents will lead to important modifications in internal operating procedures, as the legal consequences are evaluated.

07
May
13

Dangerous Intersections

Could a webcam model also be a paid escort and an active member of a “hookup” dating site?  Naturally, the answer is “yes,” but at what costs?  Blurring the lines between these adult-themed user categories creates an uncharted hybrid of legal exposure, for both, the individual model/escort and those operating the associated websites.  However, more and more frequently, we’re seeing this sort of crossover in the live webcam, escort, and casual dating industries.  Historically, escort sites have legally operated on the basis that their advertisers do not engage in sexual activity for hire, but simply offer paid companionship services.  Live webcam operators routinely engage in sexual activity on cam, but are typically prohibited from any “real world” meetings with users, so as to avoid concerns with prostitution and solicitation.  Finally, adult dating sites have avoided prostitution-related issues based on the fact that they merely serve as a forum for social interaction, and should any sexual activity occur between users, it is not in exchange for money or anything of value. However, when the same individual acts as a webcam performer, an escort, and a hookup site user, these important legal distinctions and assumptions can start to break down.

Importantly, no law prohibits an escort from having a normal, romantic dating life, complete with sexual activity.  Similarly, live webcam models are not legally prohibited from offering companionship escort services, or submitting profiles to casual dating sites in search ofan occasional tryst.  The legal danger arises in the not-so-rare scenario, linking all of these activities together in some way. For example, escorts who provide sexually explicit performances via webcam must be careful to separate any discussion of escort activities or reference to online escort profiles, to avoid sending the wrong message to users.  Without clearly distinguishing between the webcam and escorting activities, the government will likely argue that any explicit webcam activity is indicative of the services the model might provide when acting as a paid escort.  Whether such argument would be successful in a court of law is another matter, but the risk exists.  Escorts should be similarly cautious when linking to any dating site profiles that reference sexual activity, so as to avoid conveying any misconception regarding the limited, non-sexual nature of the activities that the escort is willing to engage in during a paid session.

While compelling legal arguments can be made in support of the legality of live webcam sites, escort sites, and hookup sites, those legal arguments can be negatively impacted by linking such activities together in some manner. In a perfect world, escorts would never engage in sexual activity, webcam models would never meet users offline, and adult dating site participants would never be compensated for anything having to do with erotic interaction.  Unfortunately, however, reality is messy.  Escorts and webcam models do have social lives, and are entitled to engage in healthy sex lives, just like anyone else.  But as the escort, webcam, and adult dating business models become more popular and profitable, site operators will be forced to make difficult but important decisions regarding the extent to which any co-mingling of activity will be permitted or referenced on the site.

In the immortal words of The Offspring: “You gotta keep ‘em separated.”  But with many operators permitting posting of user generated content with limited or no pre-publication review, along with real-time social network feeds, the ability of a site operator to control the intersection of these three areas of online adult entertainment can be challenging.  That said, pre-publication review of user posts/profiles creates its own set of complications, and may negatively impact the legal protections afforded to online service providers under federal statutes like Section 230, the DMCA, and Section 2257.  Thus, actively attempting to control linkage of these various activities could impact the site operator’s legal defenses to claims arising from the publication of this third-party content. Coherent operating policies should be adopted in connection with the publication of any such material, taking into consideration all of the factors.  However, given the serious legal consequences attached to the promotion of sexual activity for hire in the United States, site operators, escorts, and performers should be forewarned regarding these dangerous intersections.