NBA ref sues AP reporter for libelous tweet

On April 28, 2011, in Defamation, Social Networking, United States, by Jorge Espinosa

It was only a matter of time before we started to see libel suits involving tweets.  Tweeting, which involves 140 character messages exchanged on a distributed network run by Twitter, Inc., has become a ubiquitous from of communications for many.  Once a message is twitted, others who receive it can propagate the message by “re-tweetting.”

News organizations have become frequent users of Twitter as part of their strategy to connect with the readers and to build interest in their news reports.   This has led to an interesting lawsuit for an associated press reporter.

In  Spooner v. The Associated Press et al. (U.S. Dist. Ct-Minneapolis-Court File No.0:11-cv-00642-JRT -JJK), NBA Referee Bill Spooner alleges that during a Jan. 24 game between the Timberwolves and the Houston Rockets, he called a foul on a Minnesota player.   Minnesota coach Kurt Rambis disagreed with the call and engaged in a verbal exchange with Spooner.  Spooner allegedly promised to review the call at the half, but Rambis  “asked him how he would get the points back.” According to Spooner, he did not respond to this question.   According to the complaint, however, associated press reporter Jon Krawczynski tweeted to his readers that  Spooner “ told Rambis he’d ‘get it back’ after a bad call. Then he made an even worse call on Rockets. That’s NBA officiating folks.” Spooner alleges that the tweet is defamatory and accuses him of game-fixing. He has demanded that the tweet be deleted and retracted and seeks “more than $75,000″ in damages.

Although it is not a direct issue in this suit, an interesting question is raised by the facts as to the liability which might be faced by those to “re-tweet” the original tweet.  A look on Twitter shows that Krawczynski’s tweet has been re-tweeted 29 times.  Each re-tweet is a republication of the libelous statement and could subject the re-tweeters for liability.  That, however, is a lawsuit for another day.  If you don’t want that other suit to be about you, be careful what you re-tweet.


Tagged with:  

Royal employee gripes on Facebook – Off with his head!

On April 25, 2011, in Social Networking, United Kingdom, by Jorge Espinosa

While beheading is not a likely punishment in this modern era, a member of the royal guard is nevertheless feeling the heat from comments he made on a social networking site.  Guardsman Cameron Reilly, a young 18 year old who joined the Scots Guards last year, has been excluded from the royal wedding ceremonies due to criticisms that he posted on Facebook.  Mr. Reilly’s ire was particularly directed at the blushing bride Kate Middleton.  Amongst the less flattering statements were a barrage of obscenities and that assessment that she was “stuck up.”

One of the problems facing employers, and in this case the British Army, is that it is not always obvious or predictable what triggers improper on-line conduct.  What caused this ire in the guardsman?  According to his post “Ms. Middleton Her and William drove past me on Friday and all I got was a sh_ty wave while she looked the opposite way from me, stupid, stuck-up cow. Am I not good enough for them! Posh b_tch. Who really gives a f_ck about her?”  Presumaby Mr. Reilly expected more personal attention.

Reilly had previously published questionable statements on Facebook  but had apparently not been disciplined.   While at a Jewish protest he posted “[h]ave got on e of the Jews in my sights now lmao. “  Lmao stands for laugh by f_ck_ng _ss off.  In another comment he described the city of London as a “Paki holding cell.”  Paki is a derrogatory term for British citizens of Pakistani origin or derivation.

We do not know if the British Army has instituted a social networking policy but, as we have previously commented on this blog, it is critical that employees know their online liability.  Not only just the employee understand what constitutes a networking site but also what they can do in commenting about work or their clients and what the consequences are for violating the policy.   Finally, having the policy is not enough — it must be strictly enforced.  This little incident will certainly bring to the forefront how military organizations deal with this growing problem.


President Obama calls for trusted online identification systems

On April 17, 2011, in Internet, Privacy, United States, by Jorge Espinosa

On Friday the Obama administration released the second draft version of the National Strategy for Trusted Identities in Cyberspace (“NSTIC”).  The trusted ID plan is part of the Obama administrations Cyberspace Policy Review, released in May 2009.  This new draft focuses the effort to create an online identification system on the private sector with the government serving in a coordinating capacity.

The press release emphasizes the importance of the Internet to commerce but also its “online fraud and identity theft, that harm consumers and cost billions of dollars each year.”  By making online transactions trustworthy “we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation.”

Key elements of the trusted identification systems suggested by the strategy include the ability to opt into the system, different types of credential for different categories of access and preservation of an anonymous option.  The strategy promises benefits such as faster transaction processing, age restriction for content, easier smartphone transactions and enhance public safety.

Much criticism of the strategy has come from privacy advocates.  This latest draft emphasizes that identification systems will be optional and will not abolish anonymity.  At the announcement of the latest draft Commerce Secretary Gary Locke dismissed such worries as conspiracy theories.


Users finds no virtue in Myspace privacy

On April 16, 2011, in Litigation, Social Networking, United States, by Jorge Espinosa

Two Myspace users, Linda Virtue and Lily Castro, filed suit against Myspace in the Eastern District of New York, Virtue v. Myspace, Inc (Case No. 11-cv-1800), alleging violation of federal privacy law. The 13 count, 33 page complaint alleges breach of the Stored Data Communications Act, breach of contract, invasion of privacy and various other common law counts. The suit bases its claim on the Myspace practice of sending advertisers the user’s unique ID numbers when they click on ads. The unique ID’s can be tied to user’s personal profiles including their name, age and browsing history. The plaintiffs claim that Myspace does this after falsely assuring its users that they can restrict information disclosure.

Myspace, a social networking service operated by News Corp., was a predecessor to Facebook which has seen rapidly declining membership in recent years.


New privacy bill introduced in Congress

On April 14, 2011, in Congress, Privacy, United States, by Jorge Espinosa

Your company may soon face more regulations in how it gathers and maintains customer data online.  On Tuesday April 11, 2011, Sens. John Kerry (D) of Massachusetts and John McCain (R) of Arizona introduced a new bill titled the Commercial Privacy Bill of Rights Act of 2011.  If passed the bill would impose new responsibilities on companies to disclose what data is collected from online visitors to their sites and would entitle users to opt out.

The bill seems to be explicitly directed at re-advertisers.  It explicitly states that it will target companies that take information solely for the purpose of advertising, and will be more lenient towards companies that have “existing relationships with customers.” “The bill does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing,” McCain said in the joint statement with Kerry. “It is this practice that American consumers reject as an unreasonable invasion of privacy.”

An additional factor that is likely to be the object of scrutiny as the bill advances through congress is a requirement that data that is collected by adequately secured once it has been gathered.  The FTC would be empowered to publish rules setting forth security requirements.  This portion of the bill responds to growing consumer concerns at unauthorized personal information leaks in the news.



The Social Network settlement upheld on appeal

On April 12, 2011, in Litigation, Social Networking, United States, by Jorge Espinosa

The story of “The Social Network” jumps off the silver screen and back into the news.  On Monday April 11, 2011, a three-judge panel of the Ninth Circuit Court of Appeals ruled that the 2008 settlement deal between Mark Zuckerberg, founder of Facebook, and Olympic rowing twins Cameron and Tyler Winklevoss is valid and enforceable.

The appeal arises from a long series of events retold in the aboved named movie.  The Winklevoss twins hired Zuckerberg to help them develop a social networking site named ConnectU.  When Zuckerberg came out with Facebook the Winklevoss twins sued claiming that Zukerberg stole their idea.  In 2008, the parties agreed to a settlement whereby Facebook acquired all of the ConnectU stock in exchange for $20 million in cash and $45 million in Facebook stock, which was valued at $35.90 a share.

The Winklevosses and the third ConnectU co-founder, Divya Narendra, soon developed buyer’s remorse over the settlement and brought suit to challenge the settlement.  The challenge centered on two issues.  First, that the two page settlement agreement was not an enforceable because it is missing various terms usually and customarily found in such agreements.  Second, that Zuckerberg concealed valuation and other information necessary to properly assess the value of the settlement in violation of the Securities and Exchange Act of 1934.

After the District Court refused to throw out the settlement, Winklevosses and Narenda appealed.  On Monday the 9th Circuit Court of Appeals affirmed the lower court ruling.

In his opinion Chief Judge Alex Kozinski stated “[a]t some point, litigation must come to an end.  That point has now been reached.”  The Appellants, however, disagree and have already announced that they will file a petition for a rehearing en banc by the full 9th Circuit panel.

Does anyone else see a sequel in the making?



The Senate considers updating Internet privacy law

On April 10, 2011, in Cloud Computing, Congress, Privacy, United States, by Jorge Espinosa

On Wednesday April 6, 2011, the Senate Judiciary Committee met to discuss overhauling the Electronic Communications Privacy Act of 1986 (“ECPA”).  This law governs privacy related to data collection and electronic communications but is lacking in any provisions regarding new technologies and practices such as mobile phones, mobile hotspots, social networking and cloud computing.

At least one party opposed to changing the law is the Department of Justice. (“DOJ”)  James A. Baker, associate deputy attorney general for the DOJ, told the committee that “the government’s ability to access, review, analyze, and act promptly upon the communications of criminals that we acquire lawfully, as well as data pertaining to such communications, is vital to our mission to protect the public from terrorists, spies, organized criminals, kidnappers, and other malicious actors.”

Mr. Baker tried to persuade the panel that great government access to our private and corporate information actually provides for a more private environment.  “By authorizing law enforcement officers to obtain evidence from communications providers, ECPA enables the government to investigate and prosecute hackers, identity thieves, and other online criminals. Pursuant to ECPA, the government obtains evidence critical to prosecuting these privacy-related crimes.”

What solution does the DOJ offer?  Well, for the moment none, however, Cameron F. Kerry, general counsel for the U.S. Department of Commerce, told the committee that the departments of Commerce and the DOJ “have been working together to develop a specific set of legislative proposals.”  No suggested tie frame for these proposals was stated.

Senator Patrick Leahy, chairman of the committee, opening remarks at the hearing suggest that the committee might be deferential to the DOJ and DOC on these topics.



Money, money, money….

On April 10, 2011, in Cloud Computing, Investment, Technology, United States, by Jorge Espinosa

The money flowing into cloud computing seems to grow from year to year. This week alone several significant announcements portend substantial growth.

  • Dell, Inc., well known manufacturer and reseller of ms-dos based computers and laptops, announced that it plans to invest over $1 billion on cloud computing initiatives during the next fiscal year.  The bulk of the investment will be centered on building data centers that will provide customers with computer infrastructure services (IAAS).  Dell announced 12 new such data centers this coming year with more to follow.  The data centers will be built worldwide.  Dell will brand some of their new data centers as vStart.  vStart data centers are planned to allow customers simple virtualized system environments.  According ton Dell, up to 200 virtual machines for a single customer.  These environments will be created in cooperation with VMWare.
  • Microsoft Corporation and Toyota Media Service Co. are working together to tie your car to the Internet. The initial goal is to provide power-savings tools for hybrid cars such as tracking the best time of day to charge the car, avoiding peak hours and higher electricity costs. The remote control system might also be extended to the home allowing the user to turn on air conditioning automatically or control energy systems at home remotely. The system is expected to be controllable via smartphones.  A presenter for Toyota predicted that consumers will soon learn to demand Internet connectivity for their cards.
  • On April 6 IBM announced two new products: Smartcloud and Workload Deployer.  Smartcloud is an IBM managed online cloud infrastructure for enterprises to host environments on the Internet.  One option under Smartcloud are IBM SAP Managed Application Services which will allow cloud based SAP solutions for customers.  Workload Deployer is an appliance for developing private corporate clouds.
  • Forbes interviewed David Eiswert, manager of T.Rowe Price’s Global Technology Fund, who was quoted as staying “Intel is virtually doubling their capital expenditure this year. And they’re not doing that because PCs are flying off the shelves.”



Glossary of Terms

On April 8, 2011, in Uncategorized, by Jorge Espinosa

Below you will find a glossary of Internet and cloud related terms.  This glossary is a work in progress and will be kept accessible in the menu on the upper bar of this blog.  The glossary will be updated regularly to include new terms as they develop.

Cloud Computing

The process of providing on-line services, including software, storage and infrastructure services, so that the user is separated and insulated from the burden of procuring, managing and maintaining the underlying technical infrastructure.  The National Institute of Standards and Technology definition may be found here.

Computer Virus

A program that can copy itself in order to propagate in a computer or from computer to computer over a network.  Viruses can be benign or malicious and can be used to propagate other forms of malware such as adware or spyware.

Enterprise Cloud – a private cloud operated by a company for its own internal use.

European Commission Model Clauses

A set of model clauses published by the European Commission to assist in drafting agreements in compliance with Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

HAAS – Hardware as a service often used to mean IAAS.


Infrastructure as a service.  The delivery of  networked services including the storage, software and other services as a full functional infrastructure for the user.


Short for Internetwork.  The name given to a network of networks all interconnected using standard Internet Protocol Suite (TCP/IP).  Often people confuse the Internet with the world wide web.  However, the world wide web and its hypertext linked documents is only one of various technologies that operate on the Internet (Usenet, Archie, Gopher, FTP).

ISO/IEC 27001

is an internatonally accepted Information Security Management System (ISMS) standard.  The standard, which was published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), provides certifiable guidelines for assessing information system security.

Open Source Software

Open source software (as an alternative to commercial software), is software whose source code is published and made available to the public, enabling anyone to copy, modify and improve the software.

Open Virtualization Format

DSP0243 Open Virtualization Format (OVF) V1.1.0.  Designated as ANSI INCITS 469 2010, this specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.


Platform as a service.  An operating system platform and services which are provided over the Internet.  Similar to IAAS but includes the ability to host and develop applications on the platform.

Private Cloud

Enterprise specific cloud service accessible only by users with specific access permissions.

Public Cloud – public access cloud service accessible by the public at large.  (e.g. Gmail)


Software as a service.  Software provided over the Internet where the software resides on the remote server.

SAS 70

Statement on Auditing Standards (SAS) No. 70.  A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).

Trusted Cloud

A non-standardized marketing term used by various vendors to suggest segregated services which provide a higher level of trust or security than other cloud services.



In-House Counsel’s Checklist for Cloud Based Service Contracts

On April 7, 2011, in Cloud Computing, Internet, Jurisdiction, by Jorge Espinosa

In negotiating a cloud based services contract a company is going to have to consider may unique and individualized needs.  Many of these needs will depend on the corporations industry and its likely use of the cloud service to the transfer or storage of privileged, regulated or restricted information.  While no single list can possibly cover all points the following should provide good starting checklist for most companies.

1.       Does the cloud provider own all storage and transfer sites for static and dynamic data which will be put on the service?

2.       If not, who are the subcontractors?

3.       Will the subcontractors be bound to the terms of your contract?

4.       Will you have a direct right of action against the subcontractors?

5.       If work is subsequently transferred to subcontractors will you be notified in advance to allow you to re-evaluate service?  Will identity of intended subcontractors be disclosed in advance?

6.       Where are the storage servers located–where will your data reside?

7.       If in a foreign state or country, are you comfortable with the foreign law?  You may want to restrict the cloud provider to only using local sites or a specific site.

8.       Do you need and will the cloud service provide customization?  Remember that customization may keep you from benefiting from regular cite upgrades.

9.       Do you need up time guarantees?  Get a representation as  to their prior year’s downtime record.

10.   Lock down the provider’s maintenance schedule and its impact on the service.

11.   Lock down security guaranties.  Are they providing encryption?  Who has access to the servers?  Other legal security and segregation requirements (e.g., HIPAA, European Union, Gramm-Leach-Bliley, and state information privacy laws such as those in Massachusetts).

12.   If your company has environmental guidelines, does the provider comply?  One online provider, for example, uses only wind power for their servers.

13.   Will the provider agree to certain deletion standards if the contract is terminated?

14.   Will the provider agree to procure SAS 70 Type II audits or are they ISO 27001 certified for security?

15.   Will they notify you in the event of a breach of security?  How and how quickly?  What level of detail?  This may be necessary for certain regulated information.  (e.g. HIPAA, HITECH)

16.   Will they notify you in the event of insolvency?  Advanced notice of termination?

17.   Will they provide you with different format options to recover or transfer your data upon termination of the relationship?

18.   What happens to your data in the event of a dispute with the provider?  You don’t want to be held hostage.

19.   Are damages caps acceptable for the type of data stored?  Are intentional or grossly negligent acts exempted?

20.   What privacy standards and laws apply?

21.   What jurisdiction for a dispute?