Susuk Lim

Pennsylvania–As social networking sites like Facebook and MySpace rise in prominence and become integrated into the daily lives of more and more people, serious questions of confidentiality arise.  Much has been made of the loose lips syndrome afflicting social network users, and in many cases, courts have been unwilling to protect inculpatory posts from discovery.  In the latest case to tackle these issues, McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (Pa. Ct. of Common Pleas), a Pennsylvania court not only concluded that information posted on one’s profile lacked protection, but that login credentials to the profiles themselves are not confidential.

McMillen is, at its core, a personal injury case.  Plaintiff, a stock car racer, was apparently injured during the cooldown lap of a race held on property owned by Defendant.  After the injury, Plaintiff posted information about his recreational activities on Facebook, including his attendance of the Daytona 500 and a fishing trip.  During the course of Plaintiff’s suit, Defendant requested full discovery of Plaintiff’s social networking profiles, including usernames and passwords required to fully access them.  Plaintiff objected.

The court proceeded from a presumption, under Pennsylvania law, of discovery’s generally broad scope and the limited application of evidentiary privilege.  Given the social nature of sites like Facebook and Myspace, wherein users intentionally share information in an effort to connect with new and existing friends (and, as the court noted, those friends were free to disseminate any potentially confidential information to other parties), the court first reasoned that “[w]hen a user communicates through Facebook or MySpace … he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.” It concluded that there was no element of confidentiality that protected Plaintiff’s Facebook and MySpace accounts from discovery.

The court reached the same conclusion upon applying Wigmore’s four-part test for new evidentiary privilege.  Under Wigmore’s test, the party seeking creation of the privilege has the burden of satisfying all of the conditions; (1) that the communications must originate in confidentiality, (2) that the element of confidentiality must be essential to the maintenance of relation between the parties, (3) that relation is one that is sedulously fostered by the community, and (4) the injury arising from disclosure is greater than the benefit derived from the correct disposal of litigation.  Here, upon considering MySpace and Facebook’s use policies, the court concluded that confidentiality was neither expected nor essential to maintain the relationships between social network users.  It posited that “[t]he relationships to be fostered through those media are basic friendships, not attorney-client, physician-patient, or psychologist-patient types of relationships, and while one may expect that his or her friend will hold certain information in confidence, the maintenance of one’s friendships typically does not depend on confidentiality.”

In handling social networks as monoliths with a singular purpose to share information, the court evinced a lack of appreciation of social networking’s modern complexities.  First, the scope of discovery here was not limited to inculpatory posts – it requested, and the court granted, read and write access to the account itself. It treated Plaintiff’s username and password combination no differently than the information contained within the account, even though the basis for protecting confidentiality should have been completely different.

Second, both Facebook and MySpace have integrated, e-mail-like private messaging capability.  By painting “social networking” in broad strokes, the court effectively sweeps capabilities intended to provide a measure of confidentiality into the “unprivileged” bucket.

Third, social networking sites – especially Facebook – have responded to widespread criticism from its own users to improve control of the confidentiality of posts and features at a granular level.  Users may now lock down practically every aspect of their profile from public, semi-private, or even fully private dissemination, and may also control the sharing of information between the first generation.  The court practically ignores a user’s clear intent to preserve confidentiality if they create these posts after mindfully setting these privacy options – and the broad wording of the decision sweeps practically every social networking user, however mindful of his or her privacy, into the same unprotected classification.

Finally, since the granted discovery request in this case includes everything in Plaintiff’s social networking profile, Defendant will be given every bit of a very large portfolio of information.  Unlike the court’s view, social networking profiles have become very complex and hold more than just posts.  In being granted such a broad request, Defendant will be assailed with pictures of puppies, a long history of Farmville scores, Youtube videos, and other similarly disparate and irrelevant nuggets of information – and not just from Plaintiff himself.  Rather than limit the discovery to the portion of Plaintiff’s profile relevant to the litigation, the court chose to ignore the relevance analysis altogether, possibly from not understanding the scope and implications of its actions.

McMillen provides us with two main takeaways.  First and most obviously, nothing posted in a social networking site is safe from discovery – not even posts made by third parties.  As in McMillen, a court may look to the underlying purpose of social networking itself and conclude that it is simply not important enough to protect anything on a social networking site against what it views as the “correct” dispatch of litigation.  Simply state, be mindful of what you post, because it could very well be used against you.

Second, McMillen demonstrates the importance of clear advocacy, especially when involved in litigation the court is unlikely to fully understand. The McMillen court will unfortunately not be the last in not fully understanding emerging technology before passing judgment on its legal status.  Given the complex nature and perhaps previously unimaginable scope of something like social networking, it is understandable – after all, courts were never meant to be independent experts on the subject matter of every case they are assigned.

While the court may not be responsible for independent research, the advocate surely is.  Had the court fully appreciated the complexity of social networking as an entity, it may not have decided as broadly against evidentiary privilege as it did.  Instead, it appears that Plaintiff pursued a broad, unsubstantiated argument – namely, the creation of a “social network site privilege” in the absence of case law either for or against it – and the court responded with a broad denial.

Parker A. Howell

While mobile payments – exchanges of money using cell phones – may not be commonplace in the United States yet, the technology has arrived.  One need look no further than Starbucks’ recent rollout of an iPhone application that displays a barcode that can be scanned as payment, or to banks that allow clients to upload pictures of checks for electronic processing.

However, various outstanding business, legal, and technological issues must be resolved before consumers ditch their cash and credit cards for their Blackberrys, according to panelists at today’s conference on mobile payments, hosted at the University of Washington School of Law.

The basic question is one for businesspeople, not necessarily lawyers: There must be a “value proposition” for these services in a credit-card dominated market, as put by Adam Levitin, associate professor at the Georgetown University Law Center.

“If all it is is just another set of pipes, it doesn’t really change anything,” Levitin said.  “It may need some little tweaks here and there in the law to make sure that … there’s proper statutory coverage. … If that’s all it does, I don’t think we’re going to see widespread mobile taking off really in a big way because our current system is working pretty well.”

The most “readily apparent” business model is “the possibility of integration with nonpayment services,” such as advertising and coupons, Levitin said.  For example, a customer at a store might receive a text message offering a discount if the person pays using a phone; this would allow merchants earlier influence over payment modes (remember that credit card companies charge those pesky percentage fees).

Speaking of fees, Levitin points out that more players – telecomm companies, hardware manufacturers, software providers – means more revenue may be needed to split among those parties to support mobile payments.  And will incumbent banks be willing to give up a piece of their business?

Mobile payments also raise concerns for consumer advocates, such as Georgia State University College of Law Professor Mark Budnitz.

“There’s a lot of gaps in the law,” he said.

Telecommunications companies are not regulated like banks, he said. (In developing countries, this could be a good thing, according to researcher and conference keynote speaker Ignacio Mas.)  The more consumers bypass banks by having charges tacked directly onto their phone bills, the less likely someone will clearly be on the hook if something goes wrong.  For example, if a consumer wants to complain that a telemarketer tacked on a charge without authorization, who eats the loss?  The wireless provider? If there is a problem with a handset, the UCC applies.  But the law is more complicated for software, he said.

Budnitz also questions whether phone-based payment systems would be secure in the case of loss or theft.  Thus, he suggests that laws should clearly allocate the loss to companies that provide mobile payment services, offering them incentives to provide security.

These worries merely underscore one of the biggest unknowns in this emerging area: what form will mobile payments take?  They may use Near-Field Communication (NFC), the next big thing slated to roll out soon in the UK.  They may involve on-screen bar codes, like Starbucks’ system.  Or, they could be more like PayPal, only accessed via a mobile phone.  Payments could be tied to existing bank accounts or credit cards, or exist independently.

The rationale for promoting mobile payments in the developing world is quite compelling, as Mas aptly described.  But Americans (and Europeans) already have a bevy of payment choices, ranging from cash taken from the local ATM to the airline-rewards credit card.  As the business case for domestic mobile payments becomes more apparent (or not), the law will need to evolve to fill in the gaps Budnitz and others describe.  To learn more about how companies are looking to advance this technology, and the regulatory response, check out the presentation slides from today’s conference (they are slated to be posted in coming days).

Parker A. Howell

Smartphone users in New York City now can purchase their morning Starbucks lattes with mobile devices under a program the Seattle-based coffee chain recently rolled out.  Whether the lure of this cashless service in the gift- and credit-card saturated U.S. market wins over consumers remains to be seen.

But for poor people in developing countries, real-time mobile payments may be a financial lifeline where access to banks is rare.  That is the message researcher Ignacio Mas gave practicing lawyers and scholars Friday afternoon during a conference on mobile banking at the University of Washington School of Law.

Mas, deputy director of the Bill and Melinda Gates Foundation’s program for Financial Services for the Poor, sees mobile payments as a means to foster saving among people without easy access to banks.  In these systems, retailers accept electronic payments via mobile applications provided by financial services institutions; transactions happen in real-time and are drawn against retailers’ accounts.

As other presenters at the day-long conference made clear, the challenges facing developing countries differ from those in the U.S. market, where numerous technological and regulatory questions remain.

Yet in the developing world, fostering adoption of these systems simply is a matter of economics, Mas said.  Individuals must see the service as a “compelling value proposition” offering benefits, such as an easy ability to send money long distances and to develop a financial history.

“What people want is immediacy,” he said. “If there’s no savings point between where I live and work, forget it.”

Mobile phones make sense as a platform because of their ubiquity, Mas said.  In many regions, phones vastly outnumber bank accounts.

Merchants, who would receive a cut of transaction fees, must be incentivized to carry more cash in their facilities and make frequent trips to banks.

Financial institutions will develop credit programs for mobile platforms, Mas said.  His program focuses on savings instead of credit – although he noted both are future propositions.

“It’s bridges to cash.  That for me is what financial services is,” he said. “Build these bridges and I have no doubt that financial services providers will contribute.”

Kenyans have widely adopted one such system, M-PESA, which has 13 million users and accounts for 70 percent of e-payments in Kenya.

“This is not just theory,” Mas said. “This is happening.”

For regulatory purposes, Mas argues, micropayment-service providers should not be treated like banks.  Rather, he recommends posters making disclosures at merchant shops.

“It’s very important to get this into regulatory thinking because there’s no one-size fits all solution,” Mas said.

Mas also stressed the need to sign up users at merchant locations, rather than forcing customers to sign up for new accounts at banks – what Mas called “like original sin.”

While “errors will be made” and “people will send money to the wrong account number,” Mas said, he argues against automatic reversals of payments, saying they would undermine consumer trust.  (Contrast this with recent European e-money regulations, which require automatic reversal and require banks to prove a user actually made a transaction, according to Thaer Sabri of the Electronic Money Association in Surbiton, UK.)

Mas’ talk may have domestic implications as well.  UW Law Professor Jane Winn said commentators have discussed innovative banking models flowing into developed countries rather than those countries exporting their banking models; those new models could be a real threat to banks, she said.

“Ignacio’s presentation was the best example I’ve seen of that,” Winn said.

[Interestingly, the conference was funded as the result of a settlement against a large bank caught selling information improperly, according to conference organizers.]

Tomorrow the University of Washington School of Law will host an international conference on how cellular phones can boost access to banking in developing countries and increase revenue for domestic mobile-phone operators. More than two-thirds of the world’s population has a cell phone, creating tremendous new opportunities for innovation in the way consumers buy and sell goods and services around the world.

The University of Washington School of Law conference, “Mobile Payments: Global Markets, Empowered Consumers and New Rules,” will also explore how to protect consumers and generate competition in the cutting-edge market for mobile payments. More than 100 participants are expected to join a dozen expert from the around the world at William H. Gates Hall in Seattle for the one-day mobile payments conference.

The event’s keynote speaker, Ignacio Mas, is the Deputy Director of Financial Services for the Poor program at the Bill and Melinda Gates Foundation in Seattle. Mas is an internationally renowned expert on cell-phone banking and mobile payments. The conference chairs are Anita Ramasastry, D. Wayne & Anne Gittinger Professor of Law and Chris Jay Hoofnagle, Senior Fellow, Samuelson Law, Technology & Public Policy Clinic, UC Berkeley Law.

During the conference, participants will tackle key issues emerging in cell phone banking and payments markets including:

• What Will it Take to Make Mobile Payments Mainstream in North America?
• A User Centric Model for Mobile Payments
• Mobile Payments in Other Markets – Emerging Regulatory Frameworks

Distinguished panelists and moderators addressing these topics will include: Professor Adam Levitin, Georgetown University Law Center, Washington, D.C.;  Professor Benjamin Geva, Osgoode Hall Law School York University, Toronto; Carol Coye Benson, Founding Partner, Glenbrook Partners, Menlo Park; Thomas Brown, Partner, O’Melveny & Myers LLP, San Francisco; Professor Jane K. Winn, University of Washington Law School, Seattle; Professor Mark Budnitz, Georgia State University College of Law, Atlanta; Gail Hillebrand, Financial Services Campaign Manager and a Senior Attorney, West Coast Office of Consumers Union, San Francisco; Chris Hoofnagle, Director, Information Privacy Programs, University of California Berkeley School of Law, Berkeley; Professor Bill Maurer, Director, Institute for Money, Technology and Financial Inclusion, University of California, Irvine; Maria Stephens, U.S. Agency for International Development, Washington, D.C.; Andrew Bennett, International Trade Administration, U.S. Department of Commerce; and Professor Joel Ngugi, University of Washington Law School, Seattle.

Cell phone banking and mobile payments have tremendous potential to revolutionize markets in developing countries. In Kenya, for example, fewer than 4 million people have bank accounts, yet Safaricom’s M-PESA mobile banking service attracted one million users in the first 10 months of operation. By July 2008 there were 3.6 million M-PESA subscribers moving approximately 21 billion Kenyan shillings ($USD 288 million) through the Kenyan economy.

Kenya does not have comprehensive national payment system legislation to regulate branchless banking. The Central Bank of Kenya set very minimal requirements for fear that excessive early regulation would choke innovation. Under Kenyan law, M-PESA is not regulated as a bank because the money is “in transit.” In South Africa, by contrast, any business accepting deposits qualifies as a bank subject to banking regulations. Ignacio Mas has explored these issues in his research on branchless banking in developing countries.

The UW conference was made possible by cy pres funds in litigation led by Reed R. Kathrein, Managing Partner of the Hagens Berman Sobol Shapiro LLP Berkeley office. For more information on the international conference visit the University of Washington School of Law Web site.

Amber L. Leaders

In the history of time, or the Internet, one word has become the word to end all words.  It has reached the climax.  Hit the high note.  Gone the distance.  What is that giant of the Google search?  Sex.  That’s right, Sex.  It should come as no surprise to anyone that in the world of domain names, that simple three letter word is the world’s most expensive.  In a recent California bankruptcy case, Escom LLC named a winning bidder in its Sex.com sweepstakes.  Clover Holdings Ltd will be the new lucky owner of this valuable site, coming in with cool $13 million bid.   It’s a staggering sum.  To come close to matching it would take a treacherous  combination of porn(.com) and vodka(.com) or a tamer, but still entertaining, combo of slots(.com), toys(.com) and candy(.com) to be in the ballpark of the “sex” sale.

Such is the growth of the internet that simple and common words carry such high price tags.  Folks out to reach a wide audience and be tops in the search window will shell out exorbitant amounts for those precious little words.  Popular words like “internet,”  “computer” and “insure” have all sold for sums in the millions.  It’s an interesting commentary on what we value and what sells in today’s web world.  Our top selling websites are almost universally descriptions of our common  vices.   Over the past year some of the top sellers include: dating.com ($1.7 million), poker.org ($1 million), guns.com ($800,000),  IPO.com ($500,000) and  kredit.com ($270,000).  But the top 100 include some surprises as well: disco.com ($255,000), wicker.com ($230,000), pig.com ($125,000), dirt.com ($100,000) and the always popular schmuck.com ($65,000).

Taking a deeper look at popular domain name auction sites likes Sedo.com and Snapnames.com reveals our more intriguing, but less obvious, “vices.”

• In a close one in the war on drugs, stopdrugs.com ($5000) beats out marijuanaparty.com ($3900).
• Looking for some direction in the grim legal market (I know I am)?  Maybe consider a career in PI(personal injury)!  Asbestoslawyer.com ($12,500) and cigaretteslawyer.com ($10,000) easily beat out the less lucrative, but hopefully more fulfilling, other PI(public interest) sites lawandjusticenetwork.com ($3000), humanjustice.com ($588) and fightpoverty.org ($70, really? For shame.)
• In a fine showing for a pacifists everywhere, peaceforall.com, peaceloving.com and forpeace.org all come in over $3000  while militants.com, nopeace.com and killthem.com don’t even break the $500 mark.
• In sad news for the well-educated everywhere, schoolisforfools.com ($1588) edges businessgraduate.com ($1395), law-degree.com ($449) and engineeringgraduate.com ($788).  Though doctors still end up on top (medicaldegree.com $68,000).
• Pugs.com comes in a whopping $10,099, but in a triumph of big over little GreatDanes.com trumps the little pug at $18,500.

All in all, it’s an interesting landscape in the domain names buying and selling game.  A landscape that reflects, to some degree, our greatest pursuits.  A landscape that is only going to grow more expensive as the web reaches further and further corners of the globe.  A landscape that honors the obvious and the obscure.  A landscape where the fool is king, where sex sells and where justice comes cheap.

But if that landscape sounds appealing and you have some dollars in your pocket, then keep in mind a couple important points.  First, what do you actually get when you buy a domain name?  Legal scholars debate whether buyers of domain names receive property or a service agreement or something in between.  For example, in Network Solutions, Inc. v. Umbro International, Inc., et al., the Supreme Court of Virgina recognized that domain names are unique and unlike trademark, but did not directly address whether domain names could be considered as  intangible property. In contrast, some tax experts argue domain names do constitute property.

The distinction is important for buyers in the case of litigation over the domain.  If the domain is property, property law applies; if the domain is a service agreement, contract law applies.  The other important point is that different domains carry different levels of restrictions. Domain names are generally owned by the person who registered the name with the registrar. But it is somewhat unclear whether this means the person ordered the domain name through the registrar, the person who paid consideration for the domain name, or the person whose contact information appears in the registry. One reading of the ICANN Registrar Accreditation Agreement Section 3.3 suggests the owner of a domain name is the party whose name and address is published as the Registered Name Holder.

Top-level domains such as .com and are unrestricted and open to all.  Generally speaking, there are no geographic or other registration restrictions these domains. Other top-level domains, such as .gov or  certain country-specific handles, can carry heavy restrictions and may limit who is allowed to register the domain. The country-specific domains are based on standardized abbreviations set by the International Standards Organization (ISO). The central governing body for top-level domains, the Internet Corporation for Assigned Names and Numbers (ICANN), has its principal offices in the United States, but the organization is international in scope.

Although the registration of generic top-level domain names is automated, many of the registries for country-specific domain names are not automated and may require detailed paperwork and compliance. Given all this complexity, prior to spending your pennies on a fancy new domain name, researching and understanding these issues is recommended.