Privacy Policies May Now Be Required
California's new Online Privacy Protection Act is effective starting this month. The Act requires all commercial Internet businesses doing business in California to conspicuously post privacy policies in one of the following three ways: (1) post the full privacy policy on the home page or on the first significant Web page after entering the site; (2) post an icon on those pages, containing the word “privacy” and that must contrast with the color on the Web page; or (3) post the privacy policy on another Web page that is linked to the home page or first significant page by hypertext. The Act requires that the privacy policy text or icon must be bigger than its surroundings. The Act also requires sites to disclose what personal identification information they collect, use, and share. Third parties and those who offer managing services are exempted from the Act.
The type of consumer information that is protected, as defined under Section 22577 of California’s Business and Professions Code, is as follows: (1) first and last name; (2) home or other physical address; (3) e-mail address; (4) telephone number; (5) social security number; (6) identifiers that allow a person to be contacted; and (7) any information used in combination with 1-6 above. Additionally, personally identifying information when combined with cookies, profiles and preference combined with 1-6 appear to be protected. An operator of a Web site will receive notice if their site is not in compliance, and will have 30 days to post a compliant Privacy Policy after it receives notice. Since most Web sites will do business at some point with users or members located in California, all sites should become compliant with this new law.
New Section 2257 Regulations
As noted in last month’s Update, a new set of regulations were introduced by Attorney General John Ashcroft, substantially amending and clarifying the records keeping obligations of content producers and distributors of adult-oriented materials. The proposed regulations, located here, are not final yet, but may take effect on or after August 24, 2004, when the period for public comment closes.
The most significant change is the requirement that all secondary producers (now including webmasters that do not themselves produce content) must obtain copies of age-verification records and I.D.’s required by Section 2257, and maintain them in accordance with the law, in the same manner as primary content producers. §75.1(2). Compliance with the new regulations also means that any performers residing in countries outside of the United States must now produce a passport as the only means of identification, assuming that the regulations are approved as proposed. International or foreign driver’s licenses or country I.D. cards will not be acceptable for foreign models. Additionally, the required age records must be maintained and cross indexed in such a way that they are alphabetically and numerically (whatever that means) retrievable.
The other significant change is the updated requirement for the location of the Disclosure pertaining to the Custodian of Records. Under the proposed regulations, the Disclosure must be contained on the Web site’s “home page” or “main URL.” §75.8(d). The Disclosure must be in typeface not smaller that 11 points and must be displayed in black type, on a white, untinted background. §75.6(e). Moreover, under the proposed regulations, the Disclosure must be displayed in the same typeface as the names of the performer, director, producer, or owner, whichever is largest, and shall be no smaller in size than the largest of the names of the performers, director, producer, or owner.
There are a couple of other miscellaneous changes worth mentioning. First, Section 2257 obligations now apparently apply to any content produced on or before November 1, 1990. Given that the universally recognized effective date for the law was June 30, 1995, webmasters will now need to determine which date to use, in consultation with their attorneys. Also, as alluded to above, those individuals required to keep records, must maintain those records for a period of seven (7) years, unless the producer goes out of business, in which case the retention period is five (5) years. §75.4. In regards to Section 2257 inspections, inspections can only occur between the hours of 8 a.m. and 6 p.m. – every day of the year, including weekends and holidays! §75.5(c)(1). Generally there can be no more than one inspection every four months of a particular individual’s records, unless there is reason to believe that continued violations are occurring. §75.5(d). Inspectors must produce valid credentials showing that they have the right to inspect the records, and they must explain the purpose of the inspection. §75.5(2). The Records Custodian may provide additional information to the inspectors bearing on any concerns identified during the inspections. §75.5(4). Finally, Section 2257 Records must be kept separate from all other business records. §75.2(e). Now, more than ever, is the time to make ensure that all website content complies with Section 2257, and begin preparing for the ultimate adoption of the new regulations.
Kentucky's Obscenity Law
Jeree Mills, owner of Dreamworld, an adult shop in Knox County, Kentucky, and employee Belinda Brown were arrested and charged with a misdemeanor for violating Kentucky state law against distributing obscene material. Leanna Philpot, manager of the store, stated that after the arrests, Dreamworld closed for just over three weeks, but reopened shortly after. The sheriff's office does not anticipate more arrests until the courts decide whether or not Dreamworld’s products are obscene under the law. Both entered a plea of not guilty.
Combating Spam
Time Warner Inc.'s America Online, Yahoo Inc., EarthLink Inc., Microsoft Corp., Comcast Corp., and BT Group Plc have developed a proposal with voluntary guidelines that would allow Internet providers to unplug users who allow their computers to forward unwanted spam emails. The proposal was developed due to the fact that spam accounts for approximately 83 percent of e-mail traffic, and costs large Internet providers billions of dollars each year because of the wasted
bandwidth, legal bills and additional customer service. The group’s main recommendations relate to stopping channels that allow spammers to cover their identity, like making sure the Internet company’s equipment is properly secured so messages cannot be routed through it by spammers. The plan also sets out that the amount of email user’s are allowed to send out should be limited, and that consumers should be held accountable if their computers are infiltrated by spammers.
Spam Prosecutions
Twenty-four year old Jason Smathers, an AOL software engineer in AOL’s Virginia office, was arrested for stealing AOL's entire subscriber list consisting of 92 million screen names and selling the list to Sean Dunaway, a spammer in Las Vegas. The list was used by Dunaway in promoting his online gambling site and he also resold the list to other spammers for a price of $52,000. The complaint also alleges that Smathers sold an updated list with 18 million screen names for $100,000 to Dunaway. A spammer who purchased the lists from Dunaway helped the Secret Service’s probe in order to be granted leniency in the alleged conspiracy. Smathers and Dunaway are charged with conspiracy, which has a five year maximum prison sentence.
In the first instance a spammer has been successfully prosecuted in Russia, a Russian university student was convicted of sending “spam” for hacking one of Russia’s largest mobile phone operators and using a program to send an obscene text message to approximately 15,000 cell-phones. He was ordered to pay a fine of 3,000-roubles (around $100) and given a one-year suspended sentence.
"Do Not E-Mail" List
Implementing a “do not e-mail list” was declared to be an ineffective solution to spam by the Federal Trade Commission. Timothy J. Muris, the chairman of the FTC, stated, "A national registry was a great solution to unwanted telemarketing calls. At this time it's not the solution to unwanted e-mail." In the CAN-SPAM Act, which passed last December, Congress ordered the FTC to report on the effectiveness of implementing a do not e-mail list. The FTC report proposed that the best way to stop spam was to create new technology, which verifies that e-mail messages are sent from the e-mail address it claims to be from. The FTC proposed creating a federal advisory committee to encourage adoption of a standard, if a standard does not emerge soon. Many Internet companies and e-mail marketers reject the idea of a do-not-e-mail list, since most spammers would ignore the list by using methods to avoid detection. The report stated that in Britain, a country that has banned unsolicited e-mail, the amount of spam has increased.
The FTC is also considering another approach of putting a bounty on spammers’ heads, which would give spammer hunters no less than 20 percent of the fines imposed against the spammer. The FTC is compiling and reviewing expert testimony on the bounty plan and will report back to Congress by September on whether the idea is viable. Stanford Law School professor Lawrence Lessig said, “If the vigilantes who are working so hard to keep lists of offending e-mail servers were to turn their energy to identifying and tracking down spammers, then this passion to rid the world of spam might actually begin to pay off -- both for the public and for the bounty hunters.”
But the bounty plan has received criticism. As Spokesman for the Direct Mail Association Louis Mastria eloquently stated, “If spammers are difficult for the FTC, the FBI, the state attorneys general and even ISPs to track down, it’s difficult to imagine that I can sit at home one day and say ‘I’m going to hunt me down a spammer.’” But this is not the end of the debate on how to end spam. Jana Monroe, with the FBI’s Cyber Division, testified last month before Congress that the bureau is “actively pursuing criminal and in some cases joint civil proceedings” against 50 spammers - including three groups that may constitute organized criminal enterprises – and is likely to act before the end of the year.”
Stay tuned for more legal issues surrounding the online sex and gaming industries...
Lawrence G. Walters, Esquire is a partner with the law firm of Weston, Garrou & DeWitt, with offices in Orlando, Los Angeles and San Diego. Mr. Walters represents clients involved in all aspects of adult media. The firm handles First Amendment cases nationwide, and has been involved in much of the significant Free Speech litigation before the United States Supreme Court over the last 40 years. All statements made in the above article are matters of opinion only, and should not be considered legal advice. Please consult your own attorney on specific legal matters. You can reach Lawrence Walters at Larry@LawrenceWalters.com, www.FirstAmendment.com or AOL Screen Name: "Webattorney."
