e-Commerce Docket Sheet

The Federal Financial Institutions Examination Council (FFIEC) recently issued a guidance stating that the use of single-factor authentication of customers as the only control mechanism in online banking transactions is “inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.” Authentication in an Internet Banking Environment, (FFIEC Oct. 12, 2005). This guidance addresses the need for risk-based assessment, customer awareness, and financial institutions' implementation of appropriate risk mitigation strategies, including security measures to reliably authenticate customers who are accessing their financial institutions' Internet-based services. The guidance discusses a number of online authentication technologies, and suggests that banks not rely on single-factor authentication but rather use “multifactor authentication methods” that are stronger than any single-factor method. The guidance is available at www.ffiec.gov/pdf/authentication_guidance.pdf.

Gov. Arnold Schwarzenegger signed into law a bill requiring violent video games to be labeled as specified and prohibiting the sale or rental of those violent video games, as defined, to minors. AB 1179, ch. 638 (Oct. 7, 2005). The law, which was scheduled to take effect on Jan. 1, also provides that a person who violates the act shall be liable in an amount up to $1000 for each violation. A lawsuit challenging the act was filed by video-game trade groups claiming that the act is an unconstitutional content-based regulation of speech. Video Software Dealers Association v. Schwarzenegger, No. 5:05-cv-04188 (N.D. Cal. complaint filed Oct. 17, 2005). The motion for preliminary relief filed by the plaintiffs is available at www.brownraysman.com/tlu/VideoSoftwareVSchwarzeneggerMotionOct2005.pdf. The text of the legislation is available at www.leginfo.ca.gov/pub/bill/asm/ab_11511200/ab_1179_bill_20051007_chaptered.html.

When an alleged trademark infringer raises the defense of nominative fair use, a finding of likelihood of consumer confusion resulting from the alleged infringing use must precede consideration of the nominative fair-use defense. Century 21 Real Estate Corp. v. Lendingtree, Inc., No. 03-4700, 2005 U.S. App. LEXIS 21942 (3d Cir. Oct. 11, 2005). Noting that the case was one of first impression in the Third Circuit, the court adopted a modified nominative fair-use test, based on the Ninth Circuit test enunciated in New Kids on the Block v. News America Pub., Inc., 971 F.2d 302 (9th Cir. 1992). In addition to setting forth a modified test for determining likelihood of consumer confusion, the court ruled that a defendant claiming the nominative fair-use defense must show: “(1) that the use of plaintiff's mark is necessary to describe both the plaintiff's product or service and the defendant's product or service; (2) that the defendant uses only so much of the plaintiff's mark as is necessary to describe plaintiff's product; and (3) that the defendant's conduct or language reflect the true and accurate relationship between plaintiff and defendant's products or services.”

The Anti-Spyware Coalition, a group of public-interest organizations, software and technology companies, and other interested parties, has issued a report defining “spyware and potentially unwanted technologies” as part of an ongoing effort to combat the “spyware problem.” The glossary accompanying the report includes definitions of “spyware,” “adware,” “botnets,” “advertising display software,” and similar terms. The report also includes a set of suggested guidelines for a dispute-resolution process that defines steps to be taken by vendors of anti-spyware solutions when they receive complaints from software publishers that their products have been improperly identified as “spyware.” The report is available at www.antispywarecoalition.org/documents/20051027definitions.pdf.

The founder and former executive of Intermix Media, a company that recently settled New York state consumer-law charges related to the distribution of spyware and adware, agreed to pay $750,000 in penalties to settle similar charges related to the same activities. In re Greenspan (N.Y. Atty Gen. Internet Bureau, Oct. 20, 2005) (assurance of discontinuance). According to the New York Attorney General, the executive was responsible for the company's distribution of free programs to consumers that were bundled with adware that was installed without the consumers' affirmative and informed consent. In addition, the adware programs, which served pop-up ads, installed toolbars and automatically redirected users to the company's search engine, were installed in a manner that made them difficult to uninstall. The Attorney General's press release is available at www.oag.state.ny.us/press/2005/oct/oct20a_05.html.

Information that a bank submitted to the Federal Reserve Board concerning its relationship with certain commercial clients was not exempt from public disclosure under the Freedom of Information Act (FOIA) where it was shown that the same information could be obtained through searches of public-company filings available in online databases. Inner City v. Board of Governors, No. 04 civ. 8339, 2005 U.S. Dist. LEXIS 23376 (S.D.N.Y. Oct. 11, 2005). Following a rehearing, the court reiterated a ruling issued in July in which it rejected the argument that the requested information was difficult to locate because it required cross-referencing the public filings of the bank and its commercial clients, and therefore it should be considered confidential and exempt from FOIA requests. The court noted that although the Securities and Exchange Commission (SEC) does not provide a database that permits searches cross-referencing public filings across more than one company, such searches can be performed on commercially available online databases such as LEXIS-NEXIS, or by downloading the documents from the SEC Web site.

Federal Banking Regulators Recommend
Multi-Factor Customer Authentication
In Online Banking