E-Commerce Law Week, Issue 364

FCC Deregulates DSL But Introduces CALEA
On August 5, the Federal Communications Commission ("FCC") issued two important broadband rulings, together with a policy statement setting out the Internet openness and "net neutrality" principles that the Commissioners believed should govern the Internet.  First, the FCC deregulated DSL by classifying wireline, telephone-based broadband services as "information services."  In other words, DSL services are no longer subject to traditional common carrier regulation, but instead will now be under the same regulatory framework as cable modem services.  This means that telephone companies will no longer be required to separate and offer DSL services as a standalone service.  For some ISPs, this will mean that they will not be able to offer a bundle of their ISP services combined with DSL purchased from the phone company.  Separately, the FCC ruled that the Communications Assistance for Law Enforcement Act applies to "facilities-based" broadband Internet access providers and "interconnected" Voice-over-Internet-Protocol ("VoIP") services.  In its press release, the FCC defines "interconnected VoIP providers" as entities that offer services "permitting users to receive calls from, and place calls to, the public switched telephone network."  Finally, the FCC issued a policy statement setting out four broad openness and "net neutrality" principles that it believes should govern the Internet.  While the policy statement is not currently enforceable, at least one Commissioner indicated that the principles are likely to guide and form the basis of future regulatory and enforcement activity on the part of the FCC.

Washington Anti-Spam Law Survives CAN-SPAM Preemption
State legislators must be dancing the cancan after a federal court ruled that the CAN-SPAM Act does not preempt Washington State's anti-spam statute, leaving the door open to additional such measures that are undoubtedly popular with consumers (and voters).  In Gordon v. Impulse Marketing Group, Inc., the US District Court for the Eastern District of Washington denied the defendant’s motion to dismiss on the grounds that, among other things, the plaintiff’s claims under Washington’s anti-spam statute were preempted by federal law.  The court ruled that since the state law prohibited “falsity and deception” in the subject line of an email, it was not preempted by the federal CAN-SPAM Act, which specifically exempts from its preemption provision state laws that "prohibit[] falsity or deception in any portion of a commercial electronic mail message."

Keeping Spyware Out in the Cold:  More Security Guidance from the FDIC
As concerns and attention regarding Internet security threats have mushroomed this year, public and private standards and guidance for addressing those threats have begun to proliferate.  The latest guidance on Internet security comes from the Federal Deposit Insurance Corporation (FDIC), which on July 22 published Guidance to Financial Institutions on Mitigating Risks From Spyware ("Guidance").  The Guidance states the obvious -- that spyware is a threat because it can allow attackers to intercept customer IDs and passwords, damage an institution's reputation if customer accounts are compromised, and allow fraudsters to access bank resources without authorization -- and recommends that financial institutions (1) emphasize efforts to educate customers about the dangers of spyware; (2) analyze firewall logs to determine whether a large number of customers are connecting to an Internet banking website from the same Internet address; and (3) expand employee training to target employees who download programs or visit inappropriate websites on their work computers.

Although guidance such as this does not have force of law, the practices outlined represent measures that the FDIC believes are "reasonable" practices that banks should follow.  If banks fail to implement or adhere to these practices, therefore, it is entirely possible that they not only will face regulatory action but also the risk of litigation on a common law negligence theory where such practices are not followed. 

G'Day Mate. Do You Know What You're Linking?
When Paul Hogan played Crocodile Dundee, the dangers he faced were pretty apparent.  When Australians post hyperlinks on the Internet, the dangers are a bit more indirect -- but not non-existent.  A recent decision by the Federal Court of Australia suggests that website owners and Internet service providers (ISPs) should be wary of using hyperlinks to materials that they know may be infringing or illegal.  In Universal Music Australia v. Cooper, the court ruled that both a website operator and an ISP had “authorized” copyright infringement by linking to third-party sites where users could download infringing copies of sound recordings.  The July 14 decision is the first time an Australian court has imputed liability against a website for linking to infringing content, or found that an ISP hosting a website to be liable for infringement.

London Attacks Trigger Commission Action on Data Retention Issues
In a controversial move which has been criticized as a knee jerk reaction to the recent terrorist bombings in London, the European Commission has rushed through a draft directive on data retention.  Tthe Commission has been promising for some time to step into the data retention arena, which has so far been dominated by the EU Council (whose members authored the initial data retention proposals) and the European Parliament (which opposes widespread data retention as contrary to principles of data protection).  If the Commission's initiative leads to broad adoption of data retention rules (which are already in force in a number of EU member states), costs for ISPs and other companies could be considerable.

European Commission Tells Austria and Germany To Behave
Reports are that the European Commission is concerned that Germany and Austria are not fully in compliance with Art. 28 of the EU Data Protection Directive, which requires that a country's data supervisor -- the individual (or individuals) responsible for monitoring the country's implementation of the Directive -- be completely independent.  Data supervisors have a number of powers under the Data Protection Directive, including investigative powers, enforcement powers and advisory powers.  In the cases of Austria and Germany, the Commission has apparently received complaints that the data supervisors, who are civil servants, may be taking orders from others at higher levels of the government.  The initial Commission communications to Austria and Germany raising these concerns are the first step in a three-step process.  Next, Austria and Germany will have until early September to respond to the Commission's concern.  After receiving those responses, the Commission will decide whether to proceed with formal enforcement proceedings at the European Court of Justice.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.