E-Commerce Law Week, Issue 435

The Long Arm of the (FTC's) Law Gets A Little Longer

After more than a year of prodding by the Federal Trade Commission, early on December 9, the U.S. Congress gave final approval to the Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers beyond Borders (U.S. SAFE WEB) Act of 2006.  In addition to several measures intended to encourage information sharing and cooperation with foreign law enforcement, the Act extends the FTC's authority to regulate "unfair or deceptive acts or practices" under the FTC Act to include acts or practices involving foreign commerce that:  "(1) cause or are likely to cause reasonably foreseeable injury within the United States; or (2) involve material conduct occurring within the United States."  The U.S.SAFE WEB Act thus expands beyond U.S. borders the FTC's already broad authority to regulate "unfair or deceptive ... practices."  Part of Congress's intent is to help the FTC get a better handle on "spammers" and "scammers" that operate abroad but target U.S. residents.  But foreign-based companies may be justifiably concerned that the FTC might use its new powers to pursue enforcement actions against them if they suffer a data breach involving personal information of US residents.

Congress Bans Phone-Records Pretexting

Before adjourning earlier this month, Congress also approved legislation barring the use of false pretenses -- or "pretexting" -- to obtain phone records.  The bill, which was passed by unanimous consent in the Senate after clearing the House 409-0 in April, criminalizes "knowingly and intentionally" making "false or fraudulent statements" for the purpose of "obtain[ing], or attempt[ing] to obtain, confidential phone records information of a covered entity," where a covered entity is a "telecommunications carrier" or a provider of an "IP-enabled voice service."  Although the bill does not create liability for phone companies that are misled into disclosing confidential information, it does prohibit phone companies from "knowingly and intentionally ... sell[ing] or transfer[ing]" such information "without prior authorization from the customer."

Another Court Applies Heightened Standard Before Ordering ISP to Identify Subscriber

Another court has found that plaintiffs must meet a heightened standard when seeking the identity of an Internet service provider's subscriber -- and this after stating that the subscriber had a "minimal expectation of privacy" because of the tortious conduct in which she had allegedly engaged.  In General Board of Global Ministers of the United Methodist Church v. Cablevision Lightpath, Inc., a federal court in New York ruled that since the Church had made "a concrete showing of prima facie claim of actionable harm" and satisfied four other requirements, an ISP must disclose the identity of one of its subscribers. The court's ruling bolsters what appears to be a growing consensus by courts to require plaintiffs to meet a heightened standard in order to learn the identity of anonymous Internet users.

Publication Note

Due to the upcoming holidays, E-Commerce Law Week will not be published on December 28.  We will resume publication on Thursday, January 4.  We wish you all a joyous and healthy holiday season, and a very Happy New Year!

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.