Privacy/Security

Innovators Need Closure On The Apple v. Samsung Case

By Tim Sparapani

The dispute between Samsung and Apple over allegations that Samsung stole Apple’s mobile phone design is like a piece of gum that you’ve been chewing for way too long. It’s time to spit it out.

There’s an enormous amount at stake for innovators in this fight over mobile phone sales, and as I’ve written many times before, this case truly matters. How, or if, damages are ever calculated for Samsung’s infringement of Apple’s rounded-corner phone design will set precedent that will influence Silicon Valley for years to come.

There’s also a real risk that if the outcome establishes the wrong formulation for calculating patent design damages, it will create a new type of design patent troll —essentially law firms that will sue companies to attempt to extort settlements from them based on allegations that they have infringing product designs.

As a reminder, here’s how we got to the point where a federal court has been told to determine anew potential damages for alleged design patent infringement. Last year, the U.S. Supreme Court decisively reset the rules of design patent cases to prevent them from spinning out of control. The court rejected Apple’s position that it was entitled to the full cost of each iPhone that wasn’t purchased because a consumer had instead opted for the infringing Samsung phone.

If the court had ruled in favor of Apple’s position, Samsung would potentially have been on the hook for an estimated $1 billion. But the court decided (to Silicon Valley’s delight) that this “total profits” damages theory was erroneous because software-powered hardware is routinely filled with hundreds if not thousands of other patented inventions that give those products their value.

While the Supreme Court wisely struck down this total profits standard, it left the job half done by tossing the case back to a lower federal court to determine the appropriate damages. That’s why the upcoming decision from the Federal District Court for the Northern District of California will establish precedent around what portion of a product is attributable to its design as opposed to its functionality.

Drawing that line is easy with something like a shovel, which is a relatively simple tool. It’s much harder to do with a complicated piece of technology like a drone, an autonomous vehicle or a smartphone. The court will need to craft a smart rule that divvies up the pie so future judges and juries can determine damages when these cases invariably come up again.

Full disclosure here: As I’ve written before, I’m an unequivocal Apple fan boy. Since the U.S. Supreme Court’s ruling, my family has bought two more iPhones, and I’m writing this piece on my new Mac. I love the design, durability and functionality of Apple’s products. Simply put, though, the risk to innovators is too high if Apple is allowed to recoup the lion’s share of its alleged losses because a lower court elevates the concept of design over product functionality.

The court’s determination will go beyond the question of how much Samsung has to pay Apple. It will lay the groundwork for rules about how we properly compensate the designers who produce iconic, paradigm-shifting product designs, particularly when those designs are only a portion of the usefulness of the product they are part of. The decision will tell us a lot about where the value lies in any new piece of technology. That’s going to be an important factor in ensuring all innovators in Silicon Valley, including coders and designers, prosper.

The longer this case drags on, the more these questions go unanswered and the more difficult it is for people who might be working on ground-breaking products to move forward.

This piece was originally published in Forbes.

Why the FTC must regain its power as the top cop in online privacy

By Tim Sparapani

There are a few things that are constant in this world: death, taxes, and the fact that every new administration rethinks regulations.

That can be a big problem, especially when it comes to consumer privacy rights. The rules that govern how companies collect, use and share consumers’ data shouldn’t ebb and flow like the tides. They should be cemented in place to give companies and consumers desperately needed assurance that the landscape won’t keep changing.

For years, privacy advocates like me have pushed for protections on consumer data collected on and offline. We urged that the U.S. Federal Trade Commission (FTC) be given additional resources to focus specifically on the misuse of consumer data collected offline and merged with online data.

Unfortunately, the FTC’s wings were clipped when another federal agency, the Federal Communications Commission, expanded its previously narrow privacy authority. While that might sound like something privacy advocates would applaud, it’s a move that’s only muddied the waters and, arguably, reduced protections for consumers’ online privacy.

The U.S. Federal Communications Commission’s (FCC) self-approved expansion of authority actually displaced the FTC entirely. FTC staff had consistently policed online privacy with an impressive level of authority and competency.

That not only left consumers’ privacy in limbo, it pushed innovators and startups into a chaotic, unpredictable regulatory landscape for all online products and services that make use of consumer data.

The confusion that resulted from this was compounded by the election. Before the FCC could even hire privacy experts or prepare policy pronouncements, a new commission was ready to walk through the door. That’s why it is long past time for Congress to impose some order on the privacy landscape. One easy thing Congress can do is return the FTC to its place as the top privacy cop on the internet beat.

Keep Reading

This piece was originally published in The Hill 

CALinnovates Welcomes Call For Fresh Look at Online Consumer Privacy Rules

By Tim Sparapani

Innovators and startups welcome the news that policymakers are taking a fresh look at how to protect consumers’ privacy online.  While the headlines may try to spin this as just another partisan food fight, in truth it’s an incredibly important opportunity to restore balance and clarity to consumer privacy rules in the online ecosystem.

As we’ve said from the start, the privacy rules adopted late last year by the Wheeler FCC were clearly flawed and the ongoing jurisdictional tussle over privacy needs to be resolved for the benefit of consumers and companies alike. The Wheeler rules created an inconsistent, confusing patchwork, in which consumers’ private information on the internet would be protected differently depending on which servers and routers their data happened to be crossing. Yes, the exact same data would arbitrarily enjoy different levels of protection. 94% of consumers believe that all companies collecting their information online should face the same set of rules – and they’re right. The Wheeler rules break from the bipartisan FTC privacy framework that has seen the internet thrive and grow in other ways, introducing new friction and erecting confusing and unjustified new obstacles to even the most mundane uses of data any consumer would see as non-sensitive.  This kind of regulation is bad for consumers, bad for entrepreneurs, and bad for innovation.

In addition, a little known consequence of the Wheeler rules was that they jeopardized the United States’ privacy agreement with the European Union. The Privacy Shield is predicated in part on the United States having a single, lead consumer privacy agency, and the dilution of the FTC’s authority puts this agreement at risk.

We’re glad that policymakers at the FCC and in Congress will have an opportunity to review the rules again and, hopefully, correct these flaws.  A return to the FTC’s role as the lead privacy enforcer would allow innovators to do what they do best: innovate. In addition, a consistent set of rules would do well to assuage consumer advocates’ concern that gaps in enforcement would delay critical privacy actions when companies are ignoring or outright abusing their data responsibilities to their customers.

CALinnovates Statement Regarding the FCC’s Revamped Privacy Proposal

October 7, 2016

“This version, like the first, falls woefully short in its noble goal to safeguard consumer data and increase transparency for the public. Subjecting the exact same data to different and arbitrary rules depending upon a company’s primary offering in today’s era of vertical integration does not increase consumer privacy. It is also blind to the realities of the marketplace. We need 21st Century privacy rules to govern a 21st Century data market.” said Tim Sparapani, CALinnovates’ senior policy counsel.

“Chairman Wheeler has indicated that some favored companies will be allowed to practice permissionless innovation outside the FCC’s jurisdiction while other disfavored entities must operate under the microscope despite the fact that the data is one in the same. Businesses of all types today are data companies first and foremost, whether they make software or deliver internet access – or both. And innovation can and should spring from all types of companies, ISPs included.”

“Today, Verizon owns Yahoo, AOL and Huffington Post, and the line between ISPs and edge providers has been increasingly blurred. Consumers will be no better off under this scheme than the previous one, but they may be worse off than they are today.”

“This is a referendum on innovation and an affront to consumers who expect more and demand better. No matter how Chairman Wheeler tries to spin it, his latest iteration of the FCC’s privacy proposal is nothing more than lipstick on a pig,” said Mike Montgomery, executive director of CALinnovates.

“CALinnovates encourages Chairman Wheeler to return to the drawing board to rewrite the rules one more time. Better yet, the FCC should seek further public input as well as guidance from Congress and the FTC, which has the longstanding privacy expertise the FCC lacks.”

CALinnovates is a non-partisan coalition of tech companies, founders, funders and non-profits determined to make the new economy a reality.

Just Tell Me What I Need to Know! The FTC Delves Into Disclosures to Consumers

By Tim Sparapani

“Bad UI leads to bad UX” is one of the most common sayings in Silicon Valley. Translated, this means that bad user interface (UI) – the look, feel and relative usability of an app or website’s design – will inevitably create a bad user experience (UX).  Silicon Valley spends considerable resources trying to build more intuitive, instinctive designs, especially when trying to get consumers’ attention and permission for using their data to offer them products and services.  This challenge is at the heart of an upcoming Federal Trade Commission conference this week focusing on the effectiveness of online disclosures to consumers.

Companies have long had to balance completeness and usefulness in disclosures — take our constantly evolving nutrition labels, for example.   In the digital age, while tech companies have made important strides in communicating with consumers,  striking the right balance is still a challenge just as it is with describing the most important details about your favorite cereal.

Despite decades of work in trying to figure out best disclosure practices by all kinds of companies, it’s amazing how much we have to learn about design for disclosing critical information to consumers. The challenge is most stark online:  tech companies must figure out how to get their  consumers’ attention, tell them what they need to know, and obtain their permission when needed, while not creating the dreaded “notice fatigue” where consumers ignore disclosures or, worse, abandon the website or app out of annoyance.

That’s why the upcoming FTC workshop to explore consumer disclosures is both so interesting and so important. The FTC, state attorneys general, and consumers themselves, rightfully expect that companies should communicate clearly what consumers should or must know about a company’s products or services.  Today, the FTC will gather experts from various disciplines to explore consumer messaging cognition and challenges for disclosures, permissions and warnings all with the goal of advancing UI.

How to communicate something you really need someone to know is a vexing problem in life.  Perhaps, if you are married, you are really good at sharing important news and wisdom with your spouse.  You probably do not try to use the same words to share the same bit of wisdom with your children or someone who is from an older generation.  Words and phrases, much less idioms or technical language, often mean different things to people with different experiences.  Those consumers for whom English is not their first language may understand words in translation differently than those who are native speakers.

Read the full article here.

The Dark Web Is Still A Huge, Difficult Problem

By: Tim Sparapani

If you want to buy someone’s private data, it’s disturbingly easy to do. It’s all there for sale on the dark web, a completely anonymous twin of the web most of us use daily.

The dark web (or deep web, if you prefer) is “dark” because the sites on it cannot be indexed by a web crawling browser, such as Google. That makes it hard for ordinary people, and law enforcement, to find specific websites. This anonymity has the advantage of creating a zone of free speech where individuals can communicate, think and explore ideas without government interference.

But it also creates a haven for illicit activity, including the buying and selling of drugs, child pornography and individuals’ private information such as social security numbers, health records and passwords.

People who don’t closely follow privacy issues probably associate the dark web with Silk Road, the infamous illegal drug marketplace that did millions in business before the FBI managed to shut the site down in 2013.

But the death of Silk Road didn’t put an end to the dark web. This shady technological playground is still going strong, and many sites that thrive on the dark web are a daily threat to privacy and the economy.

Over the past three months, the website LeakedSource has uncovered huge caches of account data being sold on the dark web from eight websites including Twitter, MySpace and LinkedIn. In some cases, those accounts came from privacy breaches at the web companies. In other cases, data thieves were able to steal information directly from users.

The way the account information was stolen matters less than the fact that so much of it is for sale. Need a Netflix password? They’re available for pennies on the dark web. You can also get stolen passwords for Hulu, HBO Go and Spotify.

The dark web has also become a haven for child pornography. According to an article on Wired, over 80% of dark web searches are related to pedophilia.

Read the full article here.

Stuck in Wet Concrete: The Supreme Court Tells the Ninth Circuit to Rethink What Harms Our Privacy

By: Tim Sparapani

The US Supreme Court has just made the law of privacy in the US about as settled as wet cement. Now, neither consumers nor companies handling consumer data know where things stand.

This all came about when a data broker – a company that gathers data about individuals, typically without their knowledge or consent, and then resells that data – created a file of wholly inaccurate information about an individual for resale. Upon learning about the data broker, Spokeo’s, actions the individual sued Spokeo citing a violation of his rights under the Fair Credit Reporting Act. That federal statute creates a right to sue for violations. The trial court, nevertheless, dismissed the case but the US Court of Appeals for the Ninth Circuit allowed it to proceed. The Supreme Court overturned that decision and sent the case back for additional consideration because the Ninth Circuit had not determined whether the plaintiff’s alleged injury was sufficiently real, tangible, or, what it deemed “concrete” enough to meet Constitutional standards for sustaining a lawsuit.

The result of effectively a non-decision by the US Supreme Court coupled with it providing the barest of guidance has created tremendous privacy law controversy. Now a debate is raging in Washington and in the offices of General Counsels of corporations and plaintiffs attorneys nationwide about what it takes to satisfy this vague standard. Pitched battles are being waged to influence the interpretation of that non-decision and influence what happens next because so much is at stake in a time when our economy is driven by identifying and unlocking value from consumers’ data.

How do we know when a company’s actions using a consumer’s data – especially erroneous data – harmed that consumer’s privacy? The whole debate will turn now on the definition of the term “concrete.” It’s a word that’s hard to lock down. Dictionaries provide only slightly more help than the thin guidance provided by the US Supreme Court. “Concrete”, an adjective meaning, “based on sure facts or existing things rather than guesses or theories.” Cambridge English Dictionary. “Specific particular. Real, tangible.” Merriam Webster’s Dictionary.

This non-decision has corporate America celebrating because fewer privacy cases will be successful. Influential privacy and consumer advocates, in contrast, argue that giving the lower court a do over, in effect, changes nothing. The truth lies somewhere in between, of course.

This is, no doubt, a blow for plaintiffs trying to bring lawsuits. By forcing people who want to sue to describe a tangible injury – and perhaps barring ephemeral or hard to explain or quantify privacy harms, even when Congress created a statutory right to sue – the barrier is now higher to successfully sue to vindicate privacy invasions. While that’s not the end of all suits regarding privacy as some have erroneously claimed, it does mean that some privacy cases that would have gone forward in the past will not make the cut. That surely means that some not-well-articulated but nonetheless important privacy harms will go unaddressed in the courts.

Read the full article here.

Page 1 of 3123