Developments of Note

Staff at the Federal Trade Commission (FTC) Division of Advertising Practices rejected allegations by privacy activists that the “Toy Store” section of the Amazon.com Web site, including the associated toysrus.com, babiesrus.com and imaginarium.com Web sites, violates the Children's Online Privacy Protection Act (COPPA). In a letter to the Electronic Privacy Information Center dated November 24, the division's associate director advised that its staff had reviewed the sites and concluded that while the sites market toys, and employ child models, bright colors and child-like fonts, the “overall character” of the sites indicated that they were not directed at children under 13. The letter noted that: the purpose of the Web sites is to sell merchandise to adults; the vocabulary and language used on the sites were directed to adults; and the sites did not host any activities attractive to children, such as games, puzzles, contests, coloring pages, homework help or e-mail newsletters. The letter is available at www.epic.org/privacy/amazon/ftc_amazon.pdf.

The Federal Trade Commission (FTC) settled charges that an online store breached promises concerning the security of customer data by failing to store the data in encrypted form – despite an express promise to do so ' and failed to secure the Web site against an easily preventable “hack.” In re Petco Animal Supplies, Inc., File No. 032 3221 (Nov. 17, 2004). Petco's privacy policy included statements such as “At Petco.com, protecting your information is our number one priority, and your personal information is strictly shielded from unauthorized use.” The FTC alleged that despite the promises concerning security, the Web site was vulnerable to a common security flaw that could be addressed by “reasonable and appropriate security measures,” and that security flaws enabled a hacker to access customer credit-card numbers stored without encryption. Under the settlement, the store agreed, among other things, to adopt a comprehensive information security program that includes specified features, designate appropriate employees to coordinate and be accountable for the program, and obtain periodic independent security audits. The FTC press release, with links to relevant documents, is available at www.ftc.gov/opa/2004/11/petco.htm.

Pennsylvania Gov. Edward G. Rendell signed into law a telecommunications bill containing provisions that limit the right of local governments to offer telecom services, including Internet access, for a fee. The provisions were added to the legislation in response to, among other municipal projects, widely publicized plans by Philadelphia to offer wireless Internet access to the public. The bill gives incumbent telecommunications providers a “right of first refusal” with respect to municipal offerings of telecommunications services. According to Rendell's signing statement, incumbent provider Verizon, which favored adopting the limitations, agreed to waive the right of first refusal afforded it under the legislation for the planned offering by Philadelphia.