JOLT Digest

By Charlie Stiernberg

What Changed in Google’s Privacy Policy

Google recently announced changes to its privacy policy and terms of service, prompting concerns by a bipartisan group of congressmen over the future safety of customer data. Reuters reports that Pablo Chavez, Google’s director of public policy, responded directly to the lawmakers’ questions in a letter, stating that “the updated privacy policy does not allow us to collect any new or additional types of information about users.” The Electronic Frontier Foundation (“EFF”) applauded Google’s efforts to notify its customers of the changes, but criticized the company for not adequately explaining what it meant until after the congressional inquiry. According to EFF, the major substantive changes include (1) combining all of Google’s separate product policies into one, (2) removing the separation between customer data sets stored in each of those products, and (3) using the information obtained from one product in another. The new privacy policy goes into effect on March 1, 2012.

Intel Purchases $120M in Patents from RealNetworks

Intel agreed to pay RealNetworks $120 million for 190 patents and 170 patent applications covering RealNetworks’s streaming video codec technology. The Wall Street Journal reports that this is the latest in a set of large patent purchases by major technology companies, which peaked in June with the Nortel Networks patent auction. Competition in the smartphone and tablet markets has become more intense and patents more important as companies, including Intel, expand their businesses into the mobile sector. According to ZDNet, Intel called some of the patents “foundational,” indicating its belief that that some are important to the company’s efforts in the mobile media space. In addition to the sales agreement, Intel acquired the video codec’s development team, and the two companies signed a memorandum of understanding to develop next-generation video software and related products.

New Mobile Device Privacy Act Proposed

Rep. Edward Markey released draft legislation this week that would require mobile phone carriers to reveal if they are employing tracking software such as Carrier IQ. Wired reports that under the Mobile Device Privacy Act, consumers would have to give their consent before data—including web usage, call history, and text messages—can be sent to third parties. According to Ars Technica, the controversy started when a developer publicized the widespread use of Carrier IQ software on smartphones a few months ago. Rep. Markey said such software should only be used with the consumer’s “express consent,” and emphasized that the legislation is just a “discussion draft” right now. Sprint and Apple both recently announced they are dropping Carrier IQ, but T-Mobile and AT&T still use it. Verizon does not.

Twitter Reveals 4,400+ DMCA Takedown Notices Last Year

Twitter partnered with Chilling Effects, a project sponsored by the Electronic Frontier Foundation and the Berkman Center for Internet & Society, to publish all Digital Millennium Copyright Act (“DMCA”) takedown notices it has received since November 2010. Ars Technica reports that the site lists 4,410 takedown notices in that time frame. While Twitter regularly deletes tweets to gain safe harbor under the DMCA, the company stated that it wants to “be transparent with users.” The Huffington Post breaks down the requests by sender, showing that Magnolia Pictures, a New York film distributor owned by Mark Cuban, was responsible for a third of them. Web Sheriff, a third-party that automates takedown notices for its customers, sent at least half of all the requests in the list.

Written by Susanna Lichter
Edited by Laura Fishwick
Editorial Policy

“CyberPatrol, ” “SniperSpy,” and “IamBigbrother” are the names of keyloggers that might be installed on your office computer. These easy to use and inexpensive hardware or software devices record keystrokes and allow a monitor to access email, and other password-protected accounts of an unsuspecting typist. Employers are using keyloggers more often in the workplace to oversee employees without their knowledge. Managers argue that computer surveillance is important to ensure productivity, but alternative tools like website blockers, remote desktop access and time audits allow employers to determine whether an employee deviated from her task without risking the same breach of trust or employee humiliation associated with keyloggers.

Although keyloggers facilitate a major invasion of privacy, they are legal in many jurisdictions. There is currently no federal law that has been interpreted to prohibit their surreptitious use. The Electronic Communications Privacy Act (ECPA), which includes the Federal Wiretap Act (FWA) and the Stored Communication Act (SCA), could potentially prevent keystroke theft, but thus far the protections it offers have not been extended to keyloggers. However, there is evidence that this may soon change. Several recent cases have suggested a broader interpretation of the ECPA than what has previously been held. Additionally, in the absence of a consensus about federal law prohibiting keyloggers, some courts have interpreted state statutes to protect the public from having their strokes stolen. The conflict of interpretations between jurisdictions leaves people in many states vulnerable to invasive employer spying. It also creates a lack of clarity for employers and employees regarding what is considered lawful conduct. The surreptitious use of keyloggers should be subjected to wider regulation by state or federal law. In a few cases courts have diverged from precedent and adopted this position.  (more…)

New Information about Carrier IQ Software Sparks Concerns that Wireless Carriers Have Violated Federal Anti-Wiretapping Laws

By Abby Lauer – Edited by Michael Hoven

Last month, a security researcher from Connecticut published information about a software program installed on some mobile smartphones that may be surreptitiously collecting data about how the phones are used. The software, called Carrier IQ and manufactured by a company of the same name, has been described as hard to detect, hard to remove, and programmed to run by default without the user’s knowledge. The scandal escalated last week when Senator Al Franken sent a letter to Carrier IQ asking for details about the software and the company’s business practices. Privacy analysts are concerned that the software violates the Federal Wiretap Act, as amended by the Electronic Communications Privacy Act, which forbids the intercepting of “wire, oral or electronic communication” and authorizes penalties of $100 per day for each violation. 18 U.S.C. §§ 2511, 2520. Other commentators have suggested that Carrier IQ may also violate the Computer Fraud and Abuse Act. 18 U.S.C. § 1030. So far, at least eight class action lawsuits have been filed against Carrier IQ and various device makers and wireless carriers.

Computerworld provides a general overview of the Carrier IQ software and the recent scandal. For a more detailed analysis of the legal issues, see Forbes, paidContent.org, and Talking Points Memo. (more…)

Ninth Circuit Holds that Apple did not Engage in Copyright Misuse
By Laura Fishwick – Edited by Michael Hoven

Apple Inc. v. Psystar Corp., No. 10-15113 (9th Cir. Sept. 28, 2011)
Slip Opinion

The Ninth Circuit affirmed the Northern District of California’s holding that Psystar infringed Apple’s federal copyrights, and vacated and remanded the district court’s grant of Apple’s motion to seal summary judgment papers. The district court had rejected Psystar’s defense of copyright misuse, in which Psystar had argued that Apple’s Software Licensing Agreement (“SLA”) requiring users to run Mac OS X only on Apple computers “impermissibly extend[ed] the reach of Apple’s copyright.”

The Ninth Circuit held that Apple did not engage in copyright misuse by restricting the use of its software to Apple computers because this restriction did not prevent other companies from developing competing products. The court upheld the district court’s grant of an injunction on the grounds that it did not abuse discretion, even though Psystar did not contest the ruling that the enjoined use of Apple’s software did in fact constitute infringement. Finally, the court vacated and remanded the district court’s sealing orders, finding that the district court did not adequately provide reasons underlying its decision given that there is a presumption in favor of access.

The Wall Street Journal provides an overview of the case and notes that Psystar has shut down its operations. Internet Cases criticizes the decision for reaffirming Apple’s long-standing policies of distributing software and hardware as a “closed ecosystem,” which limits third parties from creating valuable technologies in this space.  (more…)

Federal Circuit Invalidates Software Patent As Mere Mental Process
By Albert Wang – Edited by Chinh Vo

CyberSource Corporation v. Retail Decisions, Inc., No. 2009-1358 (Fed. Cir. August 16, 2011)
Slip Opinion

The Federal Circuit affirmed the United States District Court for the Northern District of California’s grant of summary judgment, agreeing that plaintiff CyberSource’s patents were invalid for ineligible subject matter under 35 U.S.C. § 101.

Writing for a unanimous panel, Judge Dyk held that CyberSource’s method of verifying credit card transactions by matching up Internet addresses represented an abstract process, doable entirely within the human mind and thus not amenable to patent. The court also invalidated CyberSource’s patent for the actual program in its computer readable medium, characterizing the patent claim as a mere enshrining of an unpatentable method in object code.

Patently-O provides an overview of the case. TechDirt characterizes the decision as part of a broader trend, derived from Bilski, against “bogus” software patents. Ars Technica also takes a favorable view of the result, but characterizes the Federal Circuit’s human-capability test as an artificial distinction. (more…)