Posts Tagged ‘technology’

Nevada data encryption law

On October 1 a new law went into effect in Nevada requiring businesses to encrypt all “personal identifying information” (things like Social Security and drivers’ license numbers and credit card numbers) of customers in email and “electronic transmissions” more generally. The law has raised concern among, e.g., law offices and medical providers which often work with client documents containing such numbers; it will now be unlawful (say) to email such documents from a professional’s workplace to his or her home office absent encryption. Howard Marks at Information Week (Oct. 13):

Electronic transmission isn’t defined, so one interpretation would include the telephone — so if you forget the password to your online banking account, your bank will have to snail mail or fax you a new one. It does say “to a person outside of the secure system of the business,” so you don’t have to run out and encrypt all your disks like the vendor that brought this to my attention would like.

Don Sears at Baseline (Sept. 19) cites a Las Vegas lawyer on such problems with the law as “the lack of coordination with industry standards and the unclear nature of penalties both criminal and civil” and concludes “once again, the legal system and the IT industry are faced with potentially bigger compliance and liability issues than they probably intended.” At Davis Wright Tremaine’s Privacy and Security Law Blog (Feb. 27), Randy Gainer cites similar (but not identical) mandates moving forward in other states and also notes, “the overwhelming majority of reports of stolen and lost consumer data relate to stored data, not data in transit…. The limited, data-in-transit, encryption mandate in the Nevada statute will therefore do little to stem the tide of stolen and lost consumer data.” Marian Waldmann at Morrison & Foerster (Oct. 2007) notes California’s more sweeping but less specific mandate for businesses to implement and maintain “reasonable security procedures and practices”, and also points out that the determination of whether an out-of-state entity dealing with Nevada residents is “doing business” in the state, and therefore subject to legal mandates of this sort, has been described by the Nevada Supreme Court itself as “often a laborious, fact-intensive inquiry resolved on a case-by-case basis” in litigation. Other commentary: Sidley Austin, Lori MacVittie/DevCentral.

Annals of sweeping discovery: Dish Network vs. Coolsat

“In the war on piracy, consumer privacy is often the first casualty. But on Monday, a federal court imposed some limits on the collateral damage content owners can inflict, blocking a satellite TV provider’s effort to subpoena the names and personal information of thousands of people who purchased ‘free-to-air’ satellite receivers that can be hacked to decrypt signals meant for paid subscribers.” A brief from EFF had argued that “Echostar’s [parent company of Dish Network’s] subpoenas were ‘especially troubling in light of past litigation’ where another satellite TV provider, DirecTV, had similarly obtained customer information in the course of a civil suit against a device manufacturer. The company then sent out 170,000 letters pressuring customers to agree to a $3,500 ‘settlement’ or face litigation.” (Julian Sanchez, Ars Technica, Oct. 1). On the earlier DirecTV litigation campaign, see posts here, here, here, and (reader letter) here.

“RealDVDs, surreal law suits”

“Well, that didn’t take long. One day after RealNetworks releases its DVD copying software, lawsuits are filed. Who’s right, who’s wrong, and where do movie fans fit in?” And are movie industry lawyers going to replace RIAA’s as a target at the center of customers’ dartboards? (Robert X. Cringely, InfoWorld, Oct. 1). More: Cory Doctorow, BoingBoing on the peculiar press-anonymity of some of the lawyers (h/t commenter Orval).

September 30 roundup

Spore DRM

Electronic Arts/Maxis, which makes the new evolution simulation game Spore, gave it more aggressive digital rights management than many users wish it had, so it’s off to court with a lawsuit filed by class action firm KamberEdelson and named plaintiff Melissa Thomas. (Chris Faylor, “Spore DRM Prompts $5M Class Action Lawsuit”, ShackNews, Sept. 24; Courthouse News, Sept. 23).

A question about the AutoAdmit litigation

The WSJ Law Blog reports that the two Yale Law women suing AutoAdmit/XOXOHTH posters are “seeking to resolve their claims against these defendants” without amending the complaint to name their identities, obtained over the course of a variety of subpoenas.  Thus, the recent amended complaint named only a single AutoAdmit poster, Matthew C. Ryan, who had apparently refused to settle–perhaps because while Ryan’s comments were obnoxious, they were not legally actionable.

Someone correct me if I’m wrong, but isn’t it historically the case that someone who says “Pay me money or I will file a lawsuit and issue press releases that reveal private facts you find to be embarrassing” guilty of blackmail or extortion in other contexts?  What distinguishes this case–especially when the underlying allegations are so legally flimsy?

Compaq settles floppy glitch class action

Readers may recall the landmark case in which laptop maker Toshiba agreed to a notional $2 billion settlement (and a very crisp and real $147 million in plaintiff’s legal fees) to resolve charges that its laptops could under certain extreme conditions result in loss of user data, although no real-world customer appeared to have experienced the problem. Copycat lawsuits followed against other laptop makers, the supposed glitch being by no means unique to Toshiba, and at last report (May 11, 2001 and Aug. 14, 2004) Compaq had enjoyed much success in beating suits of this sort filed by Texas lawyers.

Apparently its luck didn’t hold up forever, though, because in May Judge Tom Lucas of the Cleveland County, Oklahoma District Court approved a nominal $640 million settlement of laptop glitch claims against Compaq and its parent, Hewlett-Packard, with $40 million in attorneys’ fees to various attorneys, including Reaud, Morgan & Quinn, the Beaumont, Texas firm of Wayne Reaud. (Tom Blakey, “Local court OKs $640M class settlement in computer lawsuit”, Norman Transcript, May 16)(settlement website).

According to a paper by Anthony Caso for the Washington Legal Foundation (PDF), the change in fortunes owed much to some successful forum-shopping. It seems plaintiffs in the first rounds had attempted to form a nationwide class action on the premise that the consumer law of Texas, Compaq’s home state, could properly be applied to the claims of customers in all 50 states. The Texas courts, however, wound up rejecting that premise.

…instead of taking no for an answer from the Texas Supreme Court – the final arbiter of Texas law, the class action attorneys convinced an Oklahoma court to rule that the case should be a nationwide class action, and that class action status could be premised on the idea that Texas consumer law applied to all of the claims. Ignoring the ruling of the Texas Supreme Court, the Oklahoma courts agreed with this argument and certified the case as a nationwide class action.

Unfortunately for all of us, the United States Supreme Court declined to review the case.

And the $40 million in fees? Reaud & co. would have nothing but the best talent in to bless the fees, per the Norman Transcript account:

Testimony at the April 29 hearing in Cleveland County District Court included that of Arthur R. Miller, a renowned legal scholar and commentator on civil litigation, copyright and privacy laws. Miller, a professor to the faculty of the New York University School of Law and the NYU School of Continuing and Professional Studies, estimated the coupon redemption rate would be as high as 30 percent — more than double the average redemption rate in settlement cases.

And if actual coupon redemptions come in far below a 30 percent rate — not that we’re necessarily ever going to find out — Prof. Miller’s reputation will suffer, right?

More: Beck & Herrmann call attention to an automotive class action case (Masquat v. DaimlerChrysler, alleging defect in rack and pinion steering systems) that also took advantage of Oklahoma’s willingness to apply manufacturer’s-home-state law to fuel nationwide class actions. They write that because of that distinctive handling of choice of law, “class action plaintiffs’ counsel now gravitate to Oklahoma as moths to light.”

BitTorrent throttling and cable bandwidth lawsuits

Class action lawyers have sued Comcast for throttling users of the bandwidth-intensive P2P application BitTorrent, and the Federal Communications Commission by a 3-2 vote has declared the cable provider’s practice unlawful. (UPI, Aug. 3; Janko Roettgers, “The FCC Rules Against Comcast. Now What?”, NewTeeVee.com, Aug. 1). But Insight Communications CEO Michael Willner defends the general need for some practice of this sort (Jul. 28; via Class Action Blawg):

[A reader/commenter who has filed a class action suit against Comcast suggests] building whatever capacity needed to give consumers all they use. I’d love to do that but it’s a self defeating process for any ISP with relatively high upload speeds to do so.

Here’s why. My company is accountable to the nearly half million broadband customers on our network. But when we provide relatively high upload speeds (1 meg and better), Internet users all over the world are directed by their P2P software to come to us before they go to slower providers. Within a few days, we simply are unable to handle the load leaving unmanaged consequences to take over, slowing everyone on our network no matter what they are doing. We could add more and more capacity, but the cycle simply starts all over again, bringing even more people to our network for uploads. We never get to the point where we would be able to build enough upload capacity to accommodate everyone from New Zealand to New Brunswick.

So we really only have two choices: We can limit all of our customers’ upload speeds making our network far less attractive to the downloader in New Zealand. That is the net effect of what DSL does. Or we can allocate a disproportionately large amount of upload capacity to our heavy upload users, but limit it fairly.

On some possible technical fixes, see Iljitsch van Beijnum, “IETF: find more peer-to-peer bandwidth, but use it sparingly”, Ars Technica, Aug. 3.