Earlier this year, Socially Aware noted a peculiar decision out of the Ninth Circuit Court of Appeals holding that an actress owns a copyright interest in her five-second performance in a film and thus could demand the removal of all copies of the film posted to YouTube.

The actress, Cindy Lee Garcia, claims that she had been duped into appearing in the anti-Islamic film, called The Innocence of Muslims.

After the film went viral, Garcia received death threats for her involvement in the project.  While everyone generally sympathizes with her predicament, the Ninth Circuit’s decision creates serious issues for both the entertainment community and online distributors of user-generated content, two industries that seldom share common cause.

Shortly after the three-judge panel of the Ninth Circuit issued its decision, Google sought en banc review by the Ninth Circuit. In “friends of the court” briefs, a broad spectrum of interested parties such as Facebook, Netflix, Pinterest, Twitter, Yahoo!, National Public Radio, the Los Angeles Times, the Washington Post, and the documentary filmmaker Morgan Spurlock of “Super Size Me” fame joined with Google.

Now, eight months after Google first sought en banc review, the Ninth Circuit has agreed to rehear the case. In a procedure unique to the Ninth Circuit, the case will be heard by 11 of its 29 active judges, rather than the full court. The hearing is currently scheduled to take place during the week of December 15, 2014 in Pasadena, California. A decision will likely be issued sometime in early 2015.

  • Big and bigger. Facebook and Twitter are the leading social media networks and, according to a recent Forbes article, they have some interesting similarities and key differences.  Facebook is clearly the larger and more successful platform, with over 1.3 billion monthly active users and $2.9 billion in quarterly revenue, compared to Twitter’s 271 million monthly active users and $312 million in quarterly revenue. Both rely heavily on mobile users, with 86 percent of Twitter’s traffic coming via mobile devices while 68 percent of Facebook’s traffic is through such devices. And, every minute, there are roughly 350,000 tweets and 382,000 Facebook “likes.” Not bad for a 10-year old (Facebook) and an 8-year old (Twitter).
  • New media, meet old media. Can success on the ultra-popular social network YouTube translate into success in, of all things, printed books? The book publishing industry is betting that it can, and has searched the world of pop-culture personas on YouTube for people who might be able to convert their millions of online followers into book readers. Take Michelle Phan, whose YouTube channel with makeup and beauty advice has attracted more than seven million subscribers. Her new book, “Make Up,” is set for publication this month, and is generating a big buzz. One industry executive dubs the video stars-turned-authors phenomena a “book-publishing tsunami.”
  • Glass pain. We’re all aware that alcohol, drugs, smoking and gambling can become dangerous addictions. Will we soon be adding wearable computers to this list? According to The Guardian, scientists have recently diagnosed and treated a man “believed to be the first patient with internet addiction disorder brought on by overuse of Google Glass.” The patient reportedly removed his Glass only to shower and sleep, and, while sleeping, viewed his dreams as if he were still wearing the device. Although being treated for Glass addiction and alcohol addiction at the same time, the patient informed his doctors that his withdrawal from Glass was more difficult than his withdrawal from alcohol.

 

  • Upward mobility. These days, Facebook videos, taken as a whole, are receiving a total of one billion views a day, and at least 65% of those views are occurring on mobile devices, Facebook VP of global marketing solutions Carolyn Everson noted at a recent Advertising Week panel discussion. Indeed, over the past two years, there’s been an astonishing 532% increase in watching videos via mobile devices, including tablets. That means that advertisers now have the key challenge of creating digital video content that invites engagement by consumers across platforms and devices. People are carving out moments during their everyday activities to consume media via mobile, and advertisers will want to take this into account in planning their campaigns.
  • Blue platform, red platform. Is your choice of social media platform a clue to your politics? A current survey suggests that it might be.  For example, according to the survey, Pinterest fans are older and wealthier than users of other major platforms; hence, they tend to be more conservative than the average Internet user. On the other hand, Twitter aficionados are more interested in politics than most people—and also more liberal. Facebook is the most politically neutral, on average, perhaps because it is so large that pretty much every group is well represented. It will be interesting to see if these findings, released by Quantcast, have an impact on online advertising strategies.
  • Troublesome tweets? In the upcoming high-profile retrial on sentencing issues of Jodi Arias, the Arizona woman who was convicted in 2013 of murdering her lover in 2008, the defense has moved to dismiss on several grounds the prosecution’s intent to seek the death penalty. The defense alleges, among other things, that a police detective’s wife improperly tweeted sealed trial information and uploaded “insulting videos” to YouTube. The trial is set to start on October 20.

The latest issue of our Socially Aware newsletter is now available here.

Welcome to a special privacy issue of Socially Aware, focusing on recent privacy law developments relating to social media and the Internet. In this issue, we analyze a controversial European ruling that strengthens the right to be forgotten; we examine a recent California Attorney General report regarding best practices for compliance with the updated California Online Privacy Protection Act; we summarize the FTC’s recent settlement with Snapchat and its broader implications for mobile app developers; we report on a case filed by a French consumer association accusing three major social networking sites of using confusing and unlawful online privacy policies and terms of use; and we highlight the growing popularity of anonymous social apps and the security risks that they pose.

All this–plus a collection of thought-provoking statistics about online privacy…

  • In the top news story of the day, the U.S. Supreme Court ruled against Aereo in a closely watched copyright dispute with broadcasters; the Court found that Aereo engages in unauthorized public performances in violation of U.S. copyright law. Will cloud storage models survive this decision? What remains, if anything, of the Second Circuit’s landmark Cablevision ruling? Stay tuned for an upcoming blog post on this subject .
  • If 140 characters seems too long, an Israeli entrepreneur has launched Yo, a social network that simply permits users to communicate the word “Yo” to others. It is not a joke, and he has received investment offers from venture capitalists and hopes to launch soon.
  • Facebook says the use of video by its users has doubled in the past six months and that it will now deliver more video to people who have demonstrated interest in viewing that type of content and will downplay video for users who have not shown an interest in it.
  • A Utah family law attorney wants to use his personal YouTube channel to broadcast divorce court proceedings. Court administrators and judges, however, are skeptical and have questioned his motivations for wanting to do so.

An aspiring actress moves to California and finds her life threatened. While standard fare for pulp fiction, the case of Garcia v. Google involves a twist on this well-worn plot line that not even the most imaginative Hollywood scriptwriter could invent.

Cindy Lee Garcia answered a casting call for a low-budget amateur movie with the working title Desert Warrior. The film’s writer and producer told her that it would be a “historical Arabian Desert adventure film.” Ms. Garcia received $500 for her performance in the film. It turns out the actress was misled by the producer, Mark Basseley Youssef (aka Nakoula Basseley Nakoula, aka Sam Bacile), a Coptic Christian from Egypt, who was reportedly working in conjunction with an American non-profit, Media for Christ. The filmmakers had no intention of making an adventure film; rather, the end product – titled Innocence of Muslims – is an anti-Islamic account of the Prophet Mohammed that many Muslims find highly offensive and blasphemous.

In July 2012, Mr. Youssef posted a 14-minute trailer of the film to YouTube, which is owned and operated by Google. Ms. Garcia appears for about five seconds in the trailer. The film overdubs her voice with lines she never actually spoke. In September 2012, an Egyptian cleric issued a fatwa against all involved in the film, calling on Muslims to “kill the director, the producer, and the actors and everyone who helped and promoted the film.” Ms. Garcia claims that she began to receive death threats and was forced to take precautionary measures at great expense to protect herself from retribution.

Sending takedown notices under the Digital Millennium Copyright Act, Ms. Garcia demanded that Google remove all copies of the trailer from YouTube. Google declined to do so. In September 2012, Ms. Garcia sued Google, later also naming YouTube, asserting claims for copyright infringement. In October 2012, Ms. Garcia moved for a preliminary injunction, seeking to have Google take down all copies of the movie trailer from YouTube. Continue Reading Google Ordered to Remove All Copies of Anti-Islamic Film From YouTube After Actress With Bit Part Threatened by Outraged Muslims; Decision Puzzles Copyright Attorneys

In February 2013, we reported on legislative momentum in the Japanese Diet to bring Japan’s sixty-year-old election laws into the brave new world of Web 2.0. On April 19, 2013, that reform effort came to fruition, when a bill permitting the use of the Internet during election campaign periods passed both Houses of the legislature—just in time for the upcoming Upper House poll in July.

The debate revolved around Article 142 of the Public Offices Election Law (POEL), which imposes strict regulations on campaign activities during the two- to three-week “official campaign period” leading up to each national, prefectural and municipal election (also known informally as the “blackout” period). Specifically, Article 142 prohibits the dissemination of “documents and drawings” for electioneering purposes during the blackout period (with limited exceptions), a restriction that until now has been consistently interpreted to prohibit Internet-based electioneering activities altogether. Indeed, Article 142 has been understood to prohibit even the general public from participating in online election-related activities, activities synonymous with many popular grassroots campaign efforts in the United States and elsewhere.

These somewhat antiquated restrictions are now largely part of the past. The amended Article 142 permits candidates for political office, political parties and members of the general public (both Japanese and non-Japanese) to utilize a range of online tools for electioneering activities during the official campaign period, ushering in a new era of net senkyo (the buzzword for Internet-enabled campaigning). The potential benefits for candidates and political parties include inexpensive, twenty-four hour access to constituents, and the freedom to depart from the narrow range of permissible activities that define the current mode of electioneering in Japan: train station stump speeches, pamphlet distribution and showering passersby with megaphoned sound bites from officially sanctioned campaign vans. Another purpose of the legislation was, reportedly, to energize Japan’s infamously “apathetic” youth vote.

Essentially, the amended law divides the universe of online tools into websites and similar services (including blogs and social networking services (SNS)), on the one hand, and electronic mail, on the other. At least with respect to websites and similar services, the old restrictions have largely been dissolved: candidates, political parties and members of the general public are now permitted to update their websites, blogs and social network profiles with election-related activities during the official campaign period, and to engage in direct advocacy and solicitation of votes over the Web.

The specific inclusion of SNS among the types of services for which restrictions have been largely relaxed is crucial, given that SNS carry the greatest potential for political innovation under the net senkyo regime. SNS, of course, have been a major force in American politics for a number of years, and Japanese politicians have themselves flocked to services such as Facebook, YouTube and Twitter for conducting non-campaign-related activities outside the blackout period. However, the prospect of engaging in real-time and (theoretically) two-way communications with candidates for political office during the crucial period when voters are most attuned to the issues could represent a breakthrough for Japanese democracy, as Professor Matthew Wilson forcefully argued in 2011.

The relaxation of the POEL’s restrictions on online electioneering has already impacted Internet technologies based in Japan. Naver, developers of the Japanese homegrown messaging app “Line”—which has surpassed 150 million users worldwide and 45 million users in Japan alone—announced in May 2013 that ten political parties opened official Line accounts in the wake of the POEL amendment. The political parties reportedly hope to use Line to facilitate direct communications with supporters and solicit comments and feedback in real time, in addition to broadcasting news and information to followers using a more traditional one-to-many model.

On the other hand, the Diet has maintained much tighter regulation of the general public’s use of electronic mail (as opposed to websites, SNS and similar services). Although the POEL now permits parties and candidates to use electronic mail for electioneering purposes, lawmakers decided to preserve existing restrictions on voters’ use of campaign-related electronic mail, or to at least postpone resolution of the issue to a later date, in an apparent response to fears of “negative campaigning,” defamation, spoofing, identity theft and spam. As a result, the general public is still prohibited from sending electronic mails for election-related purposes during the blackout period—including from mobile phone-associated electronic mail accounts, which are widely used in Japan.

This creates an interesting tension: although a member of the general public may be free to use Facebook to express support for his or her favorite candidate, sending an electronic mail message containing the same content would continue to be off limits under the POEL. As many have observed, this leads to counterintuitive results, whereby someone who forwards to his or her friends a candidate’s official campaign electronic mail blast may potentially be liable for a fine (up to JPY500,000) or imprisonment (up to two years) and face disenfranchisement, while someone who simply copies and pastes the same information into a Facebook message would probably not run afoul of the POEL.

There is some skepticism amidst the excitement around net senkyo. According to a survey conducted jointly by the Sankei Shimbun and Fuji News Network, 56.8% of respondents said that they would not use online campaign information to inform their voting choices, while only 39.3% said that they would. (On the other hand, among voters in their twenties, the number of respondents expressing affirmative interest jumped to 62.7%. This bodes well for the effort to remobilize Japan’s youth vote, which reportedly was one of the original drivers of POEL reform.)

Further, anxiety over the twin threats of narisumashi, or identity theft, and defamation has not abated, and both Internet service providers and law enforcement authorities are already preparing for potential hiccups in the upcoming election cycle. Given the prevalence of Internet-enabled negative campaigning in other countries (for example, in Korea during 2012), it may be reasonable to worry about the downsides of the net senkyo revolution. However, as Professor Wilson has pointed out, the threat of fraud and other bad acts is omnipresent even outside any “official campaign period,” and both traditional law, such as the law of defamation, and technology itself—e.g., direct verification of accounts on Facebook and Twitter—can help mitigate these risks. SNS and similar technologies may even empower politicians to respond to false assertions more quickly and effectively.

Even though the amended Article 142 has become law in Japan, there is no way to predict the extent of its impact on Japanese political culture. But the surging popularity of SNS platforms and other mobile and online communications platforms makes it clear that net senkyo will impact the way Japanese citizens interact with political actors and political information in a lasting way.

With the explosive growth of social media, consumers increasingly expect to be able to interact online with the companies from which they buy goods and services. As a result, financial institutions have begun to explore the use of social media, both to strengthen relationships with existing customers and to attract new ones. Financial institutions, however, have proceeded with extreme caution in using social media, in large part due to uncertainty as to the application of financial laws and regulations to social media and, to the extent they are applicable, how a financial institution can comply.

In response to industry requests for guidance on the use of social media, on January 23, 2013, the Federal Financial Institutions Examination Council (FFIEC) requested public comment on proposed guidance (“Proposed Guidance”) for financial institutions relating to the use of social media. The Proposed Guidance is intended to help financial institutions understand potential risks associated with the use of social media and to communicate the expectations of the agencies that make up the FFIEC for how financial institutions should manage these risks. The Proposed Guidance, however, largely does not address how a financial institution may comply with any particular requirement when using social media.

The following provides an overview of the Proposed Guidance, which may be found here. Comments on the Proposed Guidance must be submitted to the FFIEC by March 25, 2013.

Background on the FFIEC

The FFIEC is a formal interagency body that is authorized to prescribe uniform principles, standards and report forms for the examination of financial institutions by the federal banking agencies, the National Credit Union Administration (NCUA) and the Bureau of Consumer Financial Protection (CFPB) (collectively, the “Agencies”). Historically, banks were the main type of financial institutions to be the focus of FFIEC supervisory guidance; however, the Dodd-Frank Act expanded the membership of the FFIEC to include not only the federal banking agencies and the NCUA, but also the CFPB. As a result, FFIEC guidance now extends to any person supervised by the CFPB, including many types of non-bank financial institutions, such as mortgage brokers, payday lenders, consumer reporting agencies and debt collectors.

The Proposed Guidance

The Proposed Guidance is intended to help financial institutions understand potential risks associated with their use of social media, including compliance, reputation and operational risks, and to communicate the Agencies’ expectations for how financial institutions should manage these risks. Although the Proposed Guidance clarifies that, if finalized, it would not impose additional obligations on financial institutions, the Agencies each intend to issue any final guidance as supervisory guidance to the institutions that they supervise. As a result, financial institutions subject to the Agencies’ supervisory authority will be expected to use the guidance in their efforts to ensure that their risk management practices adequately address the risks associated with their use of social media, including those outlined in the finalized guidance.

“Social Media” Defined

The Proposed Guidance casts a wide net in defining “social media” as any “form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” From the Agencies’ perspective, it is social media’s interactive nature that distinguishes it from other online media. The Proposed Guidance includes the following non-exhaustive examples of media that the Agencies believe to fall within the definition:

  • micro-blogging sites (e.g., Facebook and Twitter);
  • forums, blogs, customer review websites and bulletin boards (e.g., Yelp);
  • photo and video sites (e.g., Flickr and YouTube);
  • professional networking sites (e.g., LinkedIn);
  • virtual worlds (e.g., Second Life); and
  • social games (e.g., FarmVille).

Risk Management Programs

A cornerstone of the Proposed Guidance is the expectation that a financial institution will maintain a risk management program through which it identifies, measures, monitors and controls risks related to its use of social media. The Proposed Guidance provides that a financial institution’s risk management program should include the following seven components:

  • A governance structure with clear roles and responsibilities whereby the institution’s board or senior management directs how the use of social media contributes to the institution’s strategic goals and that establishes controls and ongoing risk assessments.
  • Policies and procedures regarding the use and monitoring of social media and compliance with applicable consumer protection laws.
  • An employee training program regarding the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities.
  • An oversight process for monitoring information posted to proprietary social media sites administered by, or on behalf of, the financial institution.
  • A due diligence process for selecting and managing third-party service provider relationships in connection with social media.
  • Audit and compliance functions to ensure ongoing compliance with internal policies and applicable law.
  • Parameters for reporting to the institution’s board or senior management that will enable periodic evaluations of the social media program.

As in other areas of financial law and regulation, the expectation would be that the size and complexity of a financial institution’s risk management program would be commensurate with the breadth of the institution’s involvement in social media. For example, a financial institution that relies heavily on social media should have a more detailed program than a financial institution that uses social media only in a limited manner. Nonetheless, the Proposed Guidance indicates that a financial institution that does not use social media should still be prepared to address the potential for negative comments or complaints related to the institution that may arise within social media and also to provide guidance for employee use of social media.

Risk Areas Generally

The majority of the Proposed Guidance focuses on identifying potential risks related to a financial institution’s use of social media, including risk of harm to consumers. In particular, the Proposed Guidance identifies potential risks within three broad categories: (1) compliance and legal risk; (2) reputational risk; and (3) operational risk. While the Proposed Guidance catalogs the many risks presented by the use of social media, the focus is on the risks associated with compliance with consumer protection requirements. Nonetheless, the lengthy identification of risk areas would put financial institutions on notice of the broad scope of their responsibilities with respect to the use of social media.

Compliance and Legal Risk Areas

Compliance and legal risk relates to the risks associated with the failure to comply with laws, rules, regulations, prescribed practices, internal policies and procedures, and ethical standards and the related exposure to enforcement actions and/or private rights of action. The Proposed Guidance cautions that these risks are “particularly pertinent” for an emerging medium like social media where a financial institution’s policies and procedures may not have kept pace with changes in the marketplace.

Although a financial institution would be expected to ensure that it periodically evaluates and controls its use of social media to ensure compliance with all applicable legal obligations, the Proposed Guidance identifies examples of more than 15 federal laws where a financial institution may be exposed to compliance and legal risk. These examples are broken down into five general categories: (1) privacy; (2) deposit and lending products; (3) payment systems; (4) anti-money laundering; and (5) community reinvestment. Of note, none of these includes any exception regarding the use of social media. As a result, the Proposed Guidance cautions that, to the extent a financial institution uses social media to engage in covered activity (e.g., advertising a credit product), it would be required to comply with any applicable legal requirement that may relate to that covered activity.

We highlight below certain compliance risks identified in the Proposed Guidance that may be relevant to many financial institutions:

Privacy

  • A financial institution using social media should clearly disclose its privacy policies where required by the Gramm-Leach-Bliley Act.
  • A financial institution maintaining its own social media site should ensure that it maintains and follows policies restricting access to the site to users 13 or older in a manner consistent with the Children’s Online Privacy Protection Act.
  • A financial institution should consider whether any unsolicited communication sent to consumers via social media complies with the limitations of the CAN-SPAM Act and the Telephone Consumer Protection Act.

Deposit and Lending Products

  • A lender should ensure that its use of social media does not violate the Equal Credit Opportunity Act prohibition on making statements in advertising that would discourage, on a prohibited basis, a reasonable person from applying for credit.
  • A lender that advertises credit products in any form of social media communication should ensure that it does so in a manner that complies with Regulation Z’s advertising requirements.
  • A debt collector must comply with Fair Debt Collection Practices Act limitations when conducting covered activities through social media, including, for example, being cognizant that that any social media communication does not disclose the existence of a debt or harass or embarrass consumers about their debts (e.g., a debt collector writing about a debt on a Facebook wall).

Payment Systems

  • A financial institution using social media to facilitate an electronic fund transfer for a consumer should consider whether it is required by Regulation E to, for example, provide any required disclosures to the consumer.

Anti-Money Laundering

  • Financial institutions should be aware of emerging areas of Bank Secrecy Act and anti-money laundering risk in connection with social media, including, for example, the fact that virtual world Internet games and digital currencies present a high risk for money laundering and terrorist financing and should be monitored accordingly.

Community Reinvestment

  • A depository institution subject to the Community Reinvestment Act should ensure that its policies and procedures for its own social media properties address the appropriate monitoring of public comments.

Reputational Risk Areas

For purposes of the Proposed Guidance, reputational risk relates to the risks arising from negative public opinion. A financial institution engaged in social media activities would be expected to be sensitive to and properly manage the reputational risks that may arise from its social media activities. The Proposed Guidance provides a number of considerations for financial institutions related to reputational risk in the context of social media use, including that a financial institution should:

  • have appropriate policies in place to monitor and address in a timely manner the fraudulent use of its brand, such as through phishing or spoofing attacks;
  • have procedures to address risks associated with members of the public posting confidential or sensitive information (e.g., an account number) on the institution’s social media page or site;
  • weigh the risks and the benefits of using a third party to conduct social media activities, including, for example, the ability of a financial institution to control content on a site owned or administered by a third party; and
  • consider the feasibility of monitoring question and complaint forums on social media sites to ensure that customer inquiries, complaints or comments are addressed in a timely and appropriate manner.

Operational Risk Areas

For purposes of the Proposed Guidance, operational risk relates to the risk of loss resulting from inadequate or failed processes, people or systems. These include the risks posed by a financial institution’s use of information technology, including social media. In light of the vulnerability of social media platforms, the Proposed Guidance indicates that a financial institution should ensure that its internal controls designed to protect its information technology systems and to safeguard customer information from malicious software adequately address social media usage. And, in a related point, a financial institution’s incident response program should extend to security incidents involving social media.

 *          *          *          *

If the FFIEC finalizes the Proposed Guidance, financial institutions should expect that the Agencies will independently issue the finalized guidance as supervisory guidance to the institutions that they supervise. In such a case, financial institutions will be expected to use the guidance as part of their efforts to address the risks associated with the use of social media and to ensure that their risk management programs provide effective oversight and controls related to the use of social media. Until final guidance is in place, it is important for financial institutions to be cognizant of and consider the extent of their usage of social media and the risks associated with that use and whether existing controls address the types of risks identified in the Proposed Guidance. Finally, financial institutions may also wish to consider whether they will provide comments to the FFIEC on the Proposed Guidance, including, for example, identifying any technological or other impediments to compliance with otherwise applicable law when using social media.