Developments Of Note

Gov. Arnold Schwarzenegger signed the California Consumer Protection Against Computer Spyware Act, SB 1436, into law on Sept. 28. The legislation prohibits anyone other than an authorized user of a computer owned by a person in California from installing software that has certain kinds of “spyware” functionality. The legislation proscribes the intentional or knowing installation and use of software to, among other things: 1) take control of a computer, by, for example, transmitting or relaying commercial e-mail, engaging in a denial of service attack, or opening multiple, sequential pop-up advertisements; 2) modify Internet-access control settings and browser bookmarks; 3) collect “personally identifiable information” through intentionally deceptive means such as, among other things, key-stroke logging; 4) prevent the disabling or blocking of such software; 5) intentionally misrepresent that the software will be uninstalled or disabled; or 6) disable antispyware or antivirus software by intentionally deceptive means. The enrolled bill is available at www.leginfo.ca.gov/pub/bill/sen/sb_1401-1450/sb_1436_bill_20040826_enrolled.pdf.

The Federal Communications Commission (FCC) issued an order limiting the display of Internet Web site addresses during children's programming. FCC Report and Order No. 04-221 (Sept. 9, 2004). The order states that for programs directed to children ages 12 and under, the display of Internet Web site addresses during program material is permitted only if the Web site offers a substantial amount of bona fide program-related or other noncommercial content, is not primarily intended for commercial purposes, and the page that viewers are first directed to on the site is not used at all for commercial purposes nor does it include links to any other page with commercial material. The FCC also expressed concern about, but hasn't yet prohibited, the use of direct, interactive links in children's programming, and instituted a further rulemaking proceeding to gather comment on that subject. The FCC press release is available at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-251972A1.pdf.

Ruling on a matter of first impression, the U.S. Department of Transportation (DOT) concluded that an airline privacy policy did not unambiguously preclude the sharing of customer data with a government agency, and even if it did, such a limitation would be unenforceable as being against public policy. The Electronic Privacy Information Center v. Northwest Airlines, Inc., Docket No. OST-2004-16939-10 (U.S. Dept. of Transportation Sept. 10, 2004). The airline's posted privacy policy stated that the company would not sell customer information, and that it would provide that information to “partners” for promotional use only if customers opted to receive promotional information. The DOT ruled that the airline did not commit an unfair or deceptive practice within the meaning of 49 U.S.C. Section 41712 when it supplied the customer information at the government's request. The agency found, among other things: that the airline did not violate the express terms of its policy when it shared but did not sell the customer data; that failing to share the information with government agencies would contradict the airline's regulatory obligations; and that the sharing of data did not and was not likely to result in significant or substantial harm to the airline customers. The ruling is available at www.epic.org/privacy/airtravel/nasa/dot_order.pdf.

CA Gov. Signs Antispyware Bill

Gov. Arnold Schwarzenegger signed the California Consumer Protection Against Computer Spyware Act, SB 1436, into law on Sept. 28. The legislation prohibits anyone other than an authorized user of a computer owned by a person in California from installing software that has certain kinds of “spyware” functionality. The legislation proscribes the intentional or knowing installation and use of software to, among other things: 1) take control of a computer, by, for example, transmitting or relaying commercial e-mail, engaging in a denial of service attack, or opening multiple, sequential pop-up advertisements; 2) modify Internet-access control settings and browser bookmarks; 3) collect “personally identifiable information” through intentionally deceptive means such as, among other things, key-stroke logging; 4) prevent the disabling or blocking of such software; 5) intentionally misrepresent that the software will be uninstalled or disabled; or 6) disable antispyware or antivirus software by intentionally deceptive means. The enrolled bill is available at www.leginfo.ca.gov/pub/bill/sen/sb_1401-1450/sb_1436_bill_20040826_enrolled.pdf.

The Federal Communications Commission (FCC) issued an order limiting the display of Internet Web site addresses during children's programming. FCC Report and Order No. 04-221 (Sept. 9, 2004). The order states that for programs directed to children ages 12 and under, the display of Internet Web site addresses during program material is permitted only if the Web site offers a substantial amount of bona fide program-related or other noncommercial content, is not primarily intended for commercial purposes, and the page that viewers are first directed to on the site is not used at all for commercial purposes nor does it include links to any other page with commercial material. The FCC also expressed concern about, but hasn't yet prohibited, the use of direct, interactive links in children's programming, and instituted a further rulemaking proceeding to gather comment on that subject. The FCC press release is available at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-251972A1.pdf.

Ruling on a matter of first impression, the U.S. Department of Transportation (DOT) concluded that an airline privacy policy did not unambiguously preclude the sharing of customer data with a government agency, and even if it did, such a limitation would be unenforceable as being against public policy. The Electronic Privacy Information Center v. Northwest Airlines, Inc., Docket No. OST-2004-16939-10 (U.S. Dept. of Transportation Sept. 10, 2004). The airline's posted privacy policy stated that the company would not sell customer information, and that it would provide that information to “partners” for promotional use only if customers opted to receive promotional information. The DOT ruled that the airline did not commit an unfair or deceptive practice within the meaning of 49 U.S.C. Section 41712 when it supplied the customer information at the government's request. The agency found, among other things: that the airline did not violate the express terms of its policy when it shared but did not sell the customer data; that failing to share the information with government agencies would contradict the airline's regulatory obligations; and that the sharing of data did not and was not likely to result in significant or substantial harm to the airline customers. The ruling is available at www.epic.org/privacy/airtravel/nasa/dot_order.pdf.