[authors: Kaiser Wahab and Lauren Mack]
Below is a top ten pocket guide for the top 10 laws any operation (social, e-commerce, IP/UGC driven, etc.) needs to be familiar with now and for the foreseeable future. Having this at the ready won’t necessarily make you smarter, but it will certainly make you more prepared (and should you want to delve further into any one of them, there is much, much more info on the net).
1) Anti-Counterfeiting Trade Agreement (ACTA)
ACTA is a proposed agreement to create international standards for intellectual property (IP) enforcement. It was negotiated largely in secret, and requires participating countries to comply with civil and criminal IP enforcement standards and remedies, quickly and effectively enforce IP laws online, provide protection against the circumvention of technological measures, create specialized bodies to enforce IP rights, give IP enforcement power to border authorities, and cooperate with the other countries in the fight against IP infringement. Many of the provisions regarding the Internet resemble the American DMCA, but they do not require signing countries to adopt American limitations on liability such as fair use or the complete immunity from monetary damages for service providers available under the DMCA.
2) Anticybersquatting Consumer Protection Act (ACPA)
ACPA is a federal law that created a cause of action against cybersquatters. Cybersquatters are people that register a domain name that contains or is confusingly similar to another’s trademark with the sole purpose of selling it to trademark owner. Fair uses, including gripe sites, would not be subject to ACPA because liability is based on the bad faith intent to profit. For in rem actions, a successful trademark holder may either have the domain name cancelled or transferred to the mark holder. If there is personal jurisdiction, the mark holder may also be able to obtain damages.
3) Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM)
The CAN-SPAM Act is a federal law that regulates unsolicited commercial email. It requires senders of commercial emails meant as advertising or promotion to not send false or misleading information, not use deceptive subject headings, disclose that the email is an ad, use an accurate return email address, include an opt-out option that is honored promptly, and provide a physical address.
4) Communications Assistance for Law Enforcement Act (CALEA)
CALEA is a federal law that requires telecommunications carriers to choose their equipment and design their services to allow the government to easily conduct electronic surveillance in real time without the user knowing that the communication is being wiretapped. All providers of digital telephone service, broadband Internet access, and VoIP services must comply with CALEA.
5) Communications Decency Act (CDA)
The CDA is a federal law that includes one of the most powerful shields from liability for Internet intermediaries. §230 of the CDA provides immunity from liability for any provider or user of an interactive computer service that publishes information provided by others. To use §230 as a shield from liability, the provider of the interactive computer service may edit or delete the information provided by a user, but cannot provide information or be considered a contributor in any way. This section has so far provided complete immunity from defamation, negligent misrepresentation, emotional distress, and other claims to a broad range of interactive computer services, but it also often leaves the harmed party without a remedy. It does not apply to federal criminal law, intellectual property law, or electronic communications privacy law.
6) Combating Online Infringement and Counterfeits Act (COICA)
COICA is a bill that has been proposed in the Senate that would allow the Attorney General to bring an in rem action against any domain name that is found to be “dedicated to infringing activities,” which includes linking to infringing content. The Attorney General would then be able to compel the registry or registrar to block the domain name, online advertisers to cease placing ads on that domain name, and financial transaction providers to stop processing transactions associated with that domain name. Critics of the bill warn that the bill is worded too broadly and that the use of domain name system filtering to block infringing sites will end up blocking innocent websites and be easily circumvented.
7) Children’s Online Privacy Protection Act (COPPA)
COPPA is a federal law enforced by the FTC that bars commercial websites or online services directed at children under thirteen, or that have actual knowledge that children under thirteen are providing information online, from collecting personal information from someone under thirteen years old without verified parental consent. Verified parental consent can be obtained through many ways, including by verifying a credit card number, receiving an email with a digital signature, or accepting a phone call from the parent. If a website does have a process for obtaining parental consent, there must be a privacy notice detailing what information is being collected, how it is being used, whether it is being disclosed to third parties, and other relevant information listed in the Act.
8 ) Digital Millennium Copyright Act (DMCA)
The DMCA is a federal copyright law that creates a “safe harbor” for online service providers from behind held monetarily liable for their users’ copyright infringement. To have the protection of the safe harbor provision, the service provider cannot have actual knowledge of infringement, cannot receive a direct economic benefit when it has the right ability to control the activity, and must quickly remove or disable access to infringing material once it has actual knowledge or notice of the infringing content. The service provider must have a system in place to process take down notices as detailed in the section, and the courts have added that it may not induce its users to commit copyright infringement or hold itself out as a service meant to be used for copyright infringement.
9) Electronic Communications Privacy Act (ECPA)
ECPA is a federal privacy law that includes the Wiretap Act and the Stored Communications Act. The Wiretap Act extends the privacy protections given to telephone calls to electronic communications by making it illegal for anyone, including the government, to intentionally intercept the contents of an electronic communication using a device without a warrant or consent from one of the parties. Service providers that must in order to provide the service are exempted.
The Stored Communications Act (SCA) makes it illegal to intentionally access stored communications and for the provider of an electronic communication service to disclose that information without consent, disclosure being necessary to the service, or an emergency that the provider believes in good faith could be avoided by disclosure to the government. Under the SCA, the government must have a search warrant to access unopened emails that have been stored for 180 days or less, but access to communications older than 180 days only requires a subpoena or prior notice (which may be delayed) and a court order based on “specific and articulable facts,” which is a lower standard than the probable cause needed for a search warrant. Whether accessing opened emails that have been stored for 180 days or less requires a search warrant is uncertain.
10) Uniform Dispute Resolution Policy (UDRP)
The UDRP is a process created by the Internet Corporation for Assigned Names and Numbers (ICANN) to resolve disputes over global top-level domain names. It is a lot like ACPA in that plaintiffs must show that the domain name is the same or confusingly similar to the mark, that the defendant has no rights or legitimate interests in the name, and that the domain name is being used in bad faith. UDRP proceedings are generally preferred by plaintiffs because they are cheaper, faster, and pro-plaintiff, but the only remedies available are cancellation or transfer of the domain name.