E-Commerce Law Week, Issue 530

FTC Delays Enforcement of ID-Theft "Red Flags Rule" by Six Months

The Federal Trade Commission announced last week that it will suspend its enforcement of a final rule concerning identity theft "red flags" until May 1, 2009.  As we previously reported, the rule is required by the Fair and Accurate Credit Transactions Act of 2003, which directed the FTC and five other financial industry regulators (the Federal Deposit Insurance Corporation, the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the National Credit Union Administration) to work together to draw up guidelines "that identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft" -- known in the rule as "red flags."  Citing "confusion and uncertainty within major industries under the FTC’s jurisdiction about the applicability of the rule," the FTC concluded that delaying enforcement would "allow these entities to take the appropriate care and consideration in developing and implementing their programs" and "give the Commission time to conduct additional education and outreach regarding the rule."  The FTC stressed that its announcement would not affect other agencies’ enforcement of the original November 1, 2008, deadline for compliance with the rule.

Court Orders Seizure of Gambling-Related Internet Domain Names

A recent ruling in the Bluegrass State could have big implications for Internet gambling operations worldwide.  Earlier this month, a state court in Kentucky upheld an order authorizing the seizure of 141 gambling-related Internet domain names, concluding that they were "gambling device[s]" that had been used in violation of state gaming law and were therefore subject to forfeiture.  The court ruled that the domain names were "property" that could be seized ex parte, without a criminal conviction or prior notice to the domain names' owners.  However, the court also held that, upon petition by a domain name owner, the seizure order would be rescinded with respect to any websites shown to be informational only (i.e., providing no gambling services) or inaccessible in the Commonwealth of Kentucky.

Council of Europe Releases Privacy Guidelines for ISPs

The Council of Europe, in co-operation with the European Internet Service Providers Association, released a set of "human rights guidelines for Internet service providers" earlier this month.  These guidelines urge ISPs to "establish appropriate procedures and use available technologies to protect the privacy of users and secrecy of content and traffic data," to refrain from actively monitoring the content of communications, and to provide information about users to a third party only where required by law.  The guidelines do not directly address the conundrum facing companies that must do business in countries like China, where compliance with the law may mean providing a repressive government with information about political dissidents or allowing the government to engage in widespread monitoring of communications.  But the guidelines do provide some useful principles that can help ISPs navigate these treacherous waters, such as urging greater transparency -- for example, informing users of when the ISP may have to make information available to law enforcement -- and requiring "specific orders" from competent authorities before an ISP turns over information.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.