Report: NSA Had "Compliance Problems" Protecting Digital Databases

According to an NBC News report, there are documents from 2009 and 2011 that allege that the NSA had "compliance problems" with their digital databases.  This information was declassified today due to the growing calls for transparency about the type of information that the U.S. government is collecting about users of electronic devices.

When I first wrote about the NSA's collection of electronic information in early June, I didn't want to speculate on where these allegations would lead.  I have long suspected that the United States and other countries were collecting and analyzing vast amounts of digital information; however, until this information became public knowledge it sounded as though this was something that came out of George Orwell's book Nineteen Eighty-Four.

Should the U.S. be collecting and analyzing electronic data?  Of course.  However, are the government programs involved adhering to the law?  The declassification of documents related to these matters may help shed some light on these issues.

I am concerned by the internal government documents that allege there are "compliance problems"  with these programs.  "Compliance problems" may indicate that there are some legal issues regarding how the program is administered.  If there are "compliance problems", an investigation may be needed to determine if any laws were/are being broken.

UPDATE:
According to The Guardian, an NSA tool called XKeyscore "allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals".  According to former NSA contract employee Edward Snowden,  he "could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".  If these allegations are true, they are very troubling and may demonstrate the need for an independent commission to review the NSA's digital data collection programs. 

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.    

New Jersey Supreme Court: Police Need A Search Warrant To Track Cell Phones

New Jersey's Supreme Court has taken the Fourth Amendment and applied it to the Digital Age.  In a win for personal privacy, the police are now required to obtain a search warrant before receiving from cellphone service provides user tracking information.

This decision bolsters the position that we still have an expectation of privacy in the Digital Age.  Last year, Bob Sullivan of NBC News wrote about an in-depth investigation of how law enforcement officials were obtaining cell phone tracking information without a warrant all over the country.  This story was eye-opening and discussed some very troubling practices.

New Jersey's decision appears to be inspired by the Supreme Court's U.S. v. Jones case from last year.  In a 9-0 decision, the court basically ruled that we still have an expectation of privacy from the government digitally tracking us without a warrant.   

While law enforcement officials need to be able to utilize modern tools to track criminals, they still need to adhere to the principles our founding fathers put in place more than 200 years ago.  While more of our information is being put into electronic form, it is imperative that the laws to protect our personal privacy keep up with technology.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.   

O'Bannon Lawsuit against NCAA Adds Current Student-Athletes

The image and likeness rights to current and former student-athletes are valuable assets.  For years, the basic deal has been that a school offers a prospective student a one year renewable (by the school) scholarship to students and in return a student becomes a student-athlete, receives an education, and hopefully a valuable degree that may be utilized to obtain gainful employment. As part of the deal, a school and/or conference, and/or the NCAA may monetize the name and likeness of their student-athletes in perpetuity. 

Is this a fair deal?  This is a question that is currently being litigated by what is known as the O'Bannon lawsuit.  According to a press release by the law firm representing the O'Bannon class representatives, there is "a conspiracy by the NCAA and its business partners, such as videogame manufacturer EA and licensing agent CLC, to license and sell the names, images, and likeness of current and former student-athletes without compensation to those student-athletes, under the guise of amateurism."

The former student-athlete class representatives Ed O’Bannon, Oscar Robertson, William Russell, Harry Flournoy, Alex Gilbert, Sam Jacobson, Thad Jaracz, David Lattin, Patrick Maynor, Tyrone Prothro, Damien Rhodes, Eric Riley, Bob Tallent, Danny Wimprine, Ray Ellis, and Tate George have now been joined by current student-athletes, Jake Fischer, Jake Smith,Darius Robinson, Moses Alipate, Chase Garnham, and Victor Keise.

If the court certifies the lawsuit as a class action, the case has the potential to change the financial structure of college athletics.  If the lawsuit moves forward, the court may have to determine if the current financial structure of college sports is equitable to all parties.  If this occurs, it is possible that the court may determine that a redistribution of college athletic revenues may be in order.  

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.    

Google's Privacy Policy Violates EU Law According To UK, German, And Italian Data Protection Authorities

On July 4th, 2013, European data protection authorities continued to take a stand to protect the digital privacy and personal safety of its citizens.  Regulators in the United Kingdom, Germany, and Italy each announced that they are in the process of taking legal action against Google because its March 1, 2012 privacy policy change violates European data protection laws.  According to The Guardian, multiple European data protection authorities have notified Google that it must revise its privacy policy or it will face sanctions.

 

These new announcements follow the June 20, 2013 statement by France and Spain's data protection authorities that ordered Google to comply with European data privacy laws or face sanctions for non-compliance.  The CNIL's October 16, 2012, common findings regarding Google's March 1, 2012 privacy policy change stated "Google provides insufficient information to its users on its personal data processing operations," and Google "should therefore modify its practices when combining data across services for these purposes".    

In response to allegations by data protection authorities that its privacy policy violates European law, Google stated, "[o]ur privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we'll continue to do so going forward."  If regulators in at least five European countries have determined that Google's privacy policy is not in compliance with European data protection laws why does Google continue to claim that its privacy policy respects European law? 

Is Google practicing a technique known as "The Big Lie" when it continues to state that its privacy policy respects European data protection laws?  According to Merriam-Webster's online dictionary, a "big lie" is defined as "a deliberate gross distortion of the truth used especially as a propaganda tactic."  Is Google's consistent position that its privacy policy does not violate European data protection laws despite the findings of non-compliance by multiple European regulators part of a strategy to deny non-compliance so it can continue to utilize the data that it is collecting from users until regulators impose fines and/or take other measures that would require compliance? 

Delay, hinder, and deny appears to be Google's modus operandi when confronted with a privacy investigation. Google has been fined multiple times by regulators around the world for its data collection practices.  For example, the FCC fined Google $25,000 in 2012 because during its Street View project in the United States it collected data from U.S. citizens such as personal emails and texts and then refused to fully cooperate with the FCC's investigation.  According to an FCC's Notice of Apparent Liability Forfeiture report, "Google deliberately impeded and delayed the Bureau’s investigation by failing to respond to requests for material information and to provide certifications and verifications of  its responses".... and "Google apparently willfully and repeatedly violated Commission orders to produce certain information and documents that  the Commission required for its investigation." 

The personal privacy of Europeans was also violated by Google's Street View project.  Earlier this year, Google was fined  $189,230 by German data protection authorities because of its Street View project's data collection practices and it was also fined $142,000 by French data protection authorities in 2011 for similar issues.  Does this indicate a troubling pattern where Google violates the personal privacy of Internet users for corporate financial gain because the potential fines are less than the worth of the data it is obtaining and monetizing?  Since regulators across the world have fined Google multiple times for violating data protection/privacy laws and these penalties have not pushed Google to reform its behavior, an update to these laws that include much harsher penalties may be needed.   

The European Union's continued march towards requiring Google to change its privacy policy and become more transparent about how it is utilizing user data not only will better protect the digital privacy and safety of consumers, but it will also protect students who utilize Google's official school offerings, along with businesses and governments and their employees who are Google Enterprise customers. 

Google's Apps For Business Enterprise Privacy Center clearly links to Google's standard privacy policy which allows it to merge data from paid professional services with free consumer services.  For example, while a Gmail user is logged in as a Google Apps professional user, he is covered by the Google Apps Agreement.  However, if a Gmail user performs a Google Search, while still logged into his professional Google Apps account, the Gmail user is then bound to a different set of terms which appear to provide Google the right to all the data uploaded. 

Google's Privacy Policy states, "[w]e may combine personal information from one service with information, including personal information, from other Google services."  This appears to mean that Google is combining data from all of its services (both consumer and professional) while a user is logged into a business account. The YouTube videos being watched, ads being clicked on, search terms utilized, business emails sent/received, etc... are all being mined and the results combined to build a profile which is used “to offer [Google users] tailored content – like giving you more relevant search results and ads.” 

 

Should content gleaned from business or official government accounts also be intermixed with data from personal consumer accounts?  Why isn't there a clear notice such as a large pop up screen or some other type of conspicuous warning when a user moves from one Google service to another that their data may be combined?  Should Google or any company be able to use private business data for purposes such as providing “more relevant search results and ads?”  

Allowing any company, whether Google or a competitor to collect and combine large amounts of information about a person may create unintended and unforeseen legal consequences for Google's users and society.  What will happen when a government agency and/or lawyers request access to all of the data that Google is collecting about someone? These practices appear to not only put the personal privacy and safety of Google's users at risk but they also raise significant legal issues about the intermingling of personal and/or corporate or government data.

The time is now for Google to change its privacy policy not just for users in the European countries that are moving forward with enforcement actions but for all users throughout the world.  Since Google's official corporate code of conduct includes the phrases, "don't be evil," "doing the right thing," and "following the law",  I would like to see Google prove they practice what they preach by changing its privacy policy to not only better protect the personal privacy and safety of all of its users but to also follow European data protection laws.  

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.     

U.S. Rep. Duncan Introduces The FACE Act To Protect Children Online

U.S. Congressman John J. Duncan, Jr. (R-Tenn.) introduced legislation yesterday to help protect the  personal privacy of children and teens.  The legislation is called, "The Forbidding Advertisement Through Child Exploitation (FACE) Act.

According to a press release by Rep. Duncan's office, the Act would ban social media sites from using the faces of underage users for advertisements or commercial purposes.  Protecting our children in the Social Media Age is paramount and it is imperative that the digital business community work with state and federal regulators and lawmakers to better protect our children.

While it is too soon to speculate on the chances the legislation has to become law, it is important that our legislators and regulators work closely with the digital industry to better protect the personal privacy and digital safety of our children.
  
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.     

Saudi Arabia Imprisons 7 For Facebook Protest Posts

According to NBC News, Saudi Arabia has sentenced seven people to jail for posting on Facebook messages encouraging anti-government protests.  The prison sentences ranged from five to ten years. The men involved were not charged with participating in the actual protests but with "inciting "protests, illegal gathering, and breaking allegiance with the king".

This is not the first time that a country has sent people to jail for protesting online.  Last year, Oman sentenced two people to jail for their alleged anti-government Facebook posts.  One of those sent to prison was accused of posting a poem on Facebook which allegedly criticized the ruler of Oman, Sultan Qaboos.

While social media may be utilized to express personal opinions for the entire world to see, it is imperative to be mindful of not only the law but also the political environment to ensure that the content uploaded does not lead to a prison sentence.

 Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.    

George Zimmerman Prosecution Asks For Instagram Photo Inquiry

According to CBS News, prosecutors in the George Zimmerman trial have asked the court to open an inquiry into a photo that the daughter of defense attorney Don West posted on Instagram.  The Instagram photo shows West and his daughter holding up ice cream cones with the caption, "We beat stupidity celebration cones." along with the hashtags "#zimmerman, #defense, and #dadkilledit".

While the timing of the photo may have been in poor taste, it does not appear that there is a need to investigate the issues surrounding its posting.  Kids say and do things they regret regularly so this post should be a non-issue since it does not appear to affect the integrity of the court proceeding.  Is the prosecution making a bigger deal out of this matter because it believes the case is not going their way?

The prosecution's actions have made the story go viral which I believe was the exact opposite of their intent.  The bottom line is that the prosecution should focus on what is going on inside the court room and not what the teenage daughter of a defense attorney posts online.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.    

EU Data Protection Authorities Lead The Fight To Protect Digital Privacy

The CNIL, France's independent administrative authority that ensures that data protection law is adhered to by companies doing business in France recently ordered Google to comply with the French Data Protection Act within three months or face sanctions for non-compliance. According to Reuters, the CNIL stated that Google has broken French law and that it has until the end of the three months to change its privacy policies or it may be fined up to 150,000 euros.  Reuters also reported that Spain's Data Protection Agency (AEPD) may fine Google between 40,000 and 300,000 euros for each of its five violations of the Spanish Data Protection Law.

The allegations that Google has violated data protection laws throughout Europe is extremely serious and unfortunately not surprising.  Google's January 24, 2012, announcement that as of March 1, 2012, it would change its web sites' privacy policies to enable it to combine all of the information that it collects about its users to enhance its data mining capabilities created so many questions about its legality that before it even went into effect, France's data protection authority, the CNIL, notified Google on February 27, 2012 that it would lead a coordinated European investigation into the matter. 

In October 2012, the European Union Data Protection Agency issued a report alleging that Google's new privacy policies failed to comply with its data protection laws.  This report was endorsed by privacy regulators in 27 EU member states along with Australia, Mexico, New Zealand and Canada.  Since this report was issued, the EU has provided Google the opportunity to either prove that its privacy policy change complies with EU data protection laws, revert to its old privacy policies, or propose another solution that would adhere to EU data protection laws. 

Unfortunately for Google's users, it has continued to claim that its March 1, 2012 privacy policy change does not violate EU data protection laws even though regulators across the continent have concluded otherwise.  Since Google announced that it would change its privacy policies, Internet users have begun to demand that legislators along with regulators better protect personal digital privacy.

Privacy legislation, regulation, and enforcement is on the rise.  For example, since May 2012, at least 36 states along with Congress have either introduced and/or enacted privacy laws that generally ban employers and/or schools from being able to require access to their employees' and/or students' personal digital data stored in the cloud.  Late last year, U.S. Senator David Rockefeller opened an investigation into the practices of nine data brokers which may have led the FTC to study this issue.  The recent NSA digital surveillance disclosures have proven that Internet users deeply care how their personal information is being utilized by the companies that are entrusted with their digital thoughts, correspondence, and information. 

With access comes responsibility.  Google has demonstrated time and time again that it and/or its employees may abuse its position as a gatekeeper of personal information.  For example, several years ago, PC Magazine reported that a Google engineer was fired for accessing the Gmail and Google Voice accounts of minors and taunting children with the personal information he found.  Last year, Google paid a record $22.5 million civil penalty to settle FTC charges that it misrepresented to users of Apple's Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement with the FTC.  Several months ago, Google was fined 145,000 euros in Germany for what Hamburg data regulator Johannes Caspar stated was "one of the biggest data protection rules violations known" when it collected the personal e-mails, passwords, and photos of Internet users during its Google Street View project.

Why isn't breaching data protection laws not considered as serious or troubling as breaking anti-trust laws?  Violating the privacy of a digital user, whether a minor child or an adult, creates significant personal safety issues.  For example, if an employee of a company that accumulates vast amounts of personal data about its account holders utilizes his position to harass and/or blackmail its users there are tremendous personal privacy, safety, and legal issues that need to be properly addressed. 

While anti-trust violations may be detrimental to individuals, businesses, and society; in general, the greatest harm that may occur is that someone may pay more for a good or service than they otherwise would have and/or potential competition may be stifled.  Therefore, since privacy violations may create greater personal safety and security issues and may do more harm to members of society than anti-trust violations, why isn't the punishment for privacy violations at least equal if not greater than the punishment for anti-trust violations?  Why are anti-trust violations generally punished much more harshly than privacy violations?     

Will EU regulators investigate whether Google's privacy policies affect how it presents its Internet search results?  What if Google's data mining capabilities that appear to have been greatly increased because of its privacy policy changes is a major factor in its alleged monopolistic behavior in the European Internet search market?  Have the potential interconnection of these issues been thoroughly investigated by European regulators? 

Data protection authorities across Europe appear ready, willing, and able to take action against Google in three months.  If Google hardens its position and continues to refuse to acknowledge that its privacy policy change puts the personal privacy of its users at risk and violates EU data protection laws, this stance may lead to not only sanctions against Google, but also to increased scrutiny of the privacy policies of other U.S. based companies.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.    

$2 Million Lawsuit After a School Uses Student's Facebook Photo Without Permission

Public secondary and post-secondary schools around the country may be creating tremendous legal liability issues for taxpayers because of their lack of understanding regarding social media and the law. According to The Daily Mail, a college freshman at the University of Georgia is suing her former Georgia school district for $2 million dollars after it utilized a photograph that she posted on her personal Facebook account without her permission in a district seminar about the Internet.

The Director of Technology at the Fayette County Schools allegedly used a personal photo of a former student to discuss the issues inherent with social media.  It appears that before the seminar the former student's photo was not newsworthy or publicized other than being on Facebook.  Some questions that need to be answered may include:  How did the school district obtain the photograph?; Did the school district know who was in the photograph?;  Why didn't the school district obtain permission before utilizing the photograph?  

This litigation demonstrates the tremendous legal liability issues that secondary and post-secondary schools may encounter regarding the use of personal student photographs that appear on social media platforms.  There are a handful of consulting firms that are approaching schools that claim they can properly advise schools on how to "educate" and "monitor" students online. 

Unfortunately, many of these services utilize methods to "educate" and/or "track" students online that states around the country are banning.  In addition, some of these services are abusing their access to students' personal digital content.  For example, according to Time Magazine, a company called UDiligence was caught last year displaying the personal photographs of the students that it was monitoring to sell its services.

The bottom line is that secondary and post-secondary schools must better understand the legal ramifications of social and digital media content and platforms before they are sued.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.    

Google Pledges To Eradicate Child Porn From Web

It was announced recently that Google is creating a global database to try to stop the proliferation of child pornography online.  According to The Telegraph, Google's "engineers are working on new technology which will, for the first time, allow Internet search engines and other web firms to swap information about images of children being raped and abused."

Google has been heavily criticized for not doing enough to stop child pornography from being easily available on its web sites.  According to The Guardian, last week UK Prime Minister David Cameron demanded Google do more to stop the spread of child porn online.  It was reported that  Google was one of the companies that was summoned to a summit to discuss these issues with Cameron's Culture Secretary Maria Miller and Tory MP Claire Perry.  

I wrote about Google's alleged inaction on this matter last week because this is a serious problem that Google should devote more resources towards resolving.  While I believe that Google's announcement that it is working on a new initiative to stop the spread of online images that show children being raped and abused is a step in the right direction, why did it take so much international pressure and negative media before Google decided to act?

Even though there is still plenty of debate regarding a company's legal duty to police the content uploaded or searchable on its web sites, Google may have a moral responsibility to protect our children.  It is imperative that Google does everything in its power to stop the spread of child pornography on its platforms.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC.  All rights reserved.     

IOC Releases the Sochi Olympics Social Media, Blogging, and Internet Guidelines For Participants

The IOC has just released its Social Media, Blogging, and Internet Guidelines for Participants and Other Accredited Persons at the Sochi 2014 Olympic Games.  The Guidelines apply to all accredited persons, including all athletes, coaches, officials, and personnel of National Olympic Committees and International Federations and members of media accredited to the Olympic Games.  The guidelines apply January 30th through February 26th.

Under the Guidelines, "video or audio content taken from within Olympic venues (including from within the Olympic Villages or the Olympic Park) must only be for personal use and must not be uploaded or shared on any website, blog, social media page, public photo- or video-sharing sites or mobile application." With the increased usage of cloud based services to save personal photos and videos, does this mean that participants may not utilize applications such as iCloud or Dropbox to save their videos or photos?

Olympians may not post about their sponsors during the games unless they have received prior approval from the IOC or their National Olympic Committee. In 2011, I predicted that the London Social Media Guidelines would cause some problems for Participants. Unfortunately, my prediction was correct.  During the 2012 London Games, the Guidelines caused a major backlash with some of the Olympians.  Therefore, it is imperative for Participants to understand the Guidelines so they can maximize their digital presence before, during, and after the Olympics so they are not penalized for non-compliance.       

Copyright 2013 by the Law Office of Bradley S. Shear, LLC.  All rights reserved.    

Real Madrid Facebook Fans Are Being Targeted By Phishers

According to multiple media organizations, malware is spreading all over sports branded Facebook pages.  Fans Against Kounterfeit Enterprises has uncovered a Trojan Horse that is spreading across NFL branded pages on Facebook.  The New York Times has stated that this malware may drain Facebook users' bank accounts.

These malware attacks are not just targeting U.S. sports properties.  According to Symantec, phishers are now going after Real Madrid's branded Facebook page.  This demonstrates that there may be a coordinated attack against sports fans who visit the social media pages of major sports and entertainment properties.

The bottom line is that Facebook along with sports and entertainment properties must be very vigilant in policing their digital properties.  Sports social media enthusiasts who visit Facebook and interact with sports branded pages must be very cautious so their computers are not infected and bank accounts drained.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC.  All rights reserved.    

Oregon Bans Schools From Engaging Social Media Monitoring Firms To Track Students and Coaches

Oregon has officially joined Delaware, California, New Jersey, Michigan, Arkansas, Utah, and New Mexico in protecting their schools, school employees, students, and taxpayers from the costs and legal liability issues associated with social media monitoring students and employees.  Under Oregon SB 344:

"A public or private educational institution may not: (a) Require, request, suggest or cause a student or prospective student to disclose or to provide access through the student's or prospective student's user name or password to a personal social media account. (b) Compel a student or prospective student, as a condition of participation in curricular or extracurricular activities or of acceptance, to add a coach, teacher, administrator or other employee or volunteer of the educational institution to the student's or prospective student's list of contacts associated with a social media website. (c) Take, or threaten to take, any action to discharge, discipline, prohibit from participation in curricular or extracurricular activities or otherwise penalize a student or potential student for refusal to disclose the information or take actions specified in paragraphs (a) and (b) of this subsection."

The enactment of SB 344 will greatly benefit schools, school employees, students, and taxpayers because collectively public and private educational institutions in Oregon may save millions of dollars in potential compliance costs and tens or hundreds of  millions of dollars in potential costs associated with social media related lawsuits.  SB 344 along with similar laws around the country have banned schools from being able to utilize the social media monitoring services of UDiligence, Varsity Monitor, Fieldhouse Media, and Jump Forward to track the personal social media accounts of students and school employees.

It appears that the only way for the above mentioned social media monitoring services to properly track students or school employees is if a student or employee either downloads an application onto his personal digital account(s), or provides a username(s) and/or password(s) to his personal account(s), or if a student authenticates his social media account(s).  These services may claim that all they need to properly work is a student's name or alias to search for a public social media account.  However, performing an Internet search and guessing that an account belongs to a particular student just because it is on the Internet may put you in the same position as one of the people portrayed in this hilarious State Farm Commercial.  According to CNN, as of last August, Facebook may have at least 83 million fake accounts and according to PRWeek, Twitter may have as many as 20 million fake accounts.

At least 36 states have introduced social media privacy legislation along with Congress.  It may only be a matter time before every state bans schools from utilizing the social media monitoring services of the above mentioned companies.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved. 

Social Media Monitoring Companies May Be Creating Millions Of Dollars in Legal Liability for NCAA Athletic Departments

State legislatures around the country are banning public and private schools from being able to utilize social media monitoring companies to track the personal digital accounts of their athletic department personnel and student-athletes.  At least 11 states  (Arkansas, California, Colorado, Delaware, Illinois, Maryland, Michigan, New Jersey, New Mexico, Utah, and Washington), have enacted laws that ban schools from being able to verify the social media user names and/or passwords of their coaches and/or student-athletes.  Several other states have passed legislation that is waiting final approval by their state's governor.

At least 36 states along with Congress have introduced bills to protect schools and students from companies that are selling legal liability time bombs to NCAA schools.  Some of these companies may claim they are a "leader" in social media monitoring services and/or in "educating" student-athletes. Common sense and due diligence prove otherwise.

Varsity Monitor, UDiligence, JumpForward, and Fieldhouse Media each sell social media monitoring services that schools in at least 11 states may not utilize to track the personal digital accounts of either their coaches and/or their student-athletes because of new laws.  Schools deploying the social media monitoring services of these companies may be fined hundreds of thousands of dollars, and/or be sued for violating their student's first and/or fourth amendment rights, and/or lose millions of dollars in federal funding.

According to Deadspin, Varsity Monitor may have some troubling ethical and legal problems to address.  According to Time Magazine, UDiligence was monetizing the personal photographs of the student-athletes it was monitoring to advertise their services.  JumpForward has advertised that they utilize the usernames and passwords of student-athletes for their social media monitoring service.

The most troubling service may be Fieldhouse Media because it appears to be trying to differentiate itself as having less invasive tactics than the other companies.  NCAA athletic departments should not be fooled.  It appears that in order for Fieldhouse Media's social media monitoring service to properly work  student-athletes need to verify their social media username(s).  Arkansas, California, Delaware, Michigan, New Jersey, and New Mexico have already generally banned schools from being able to ask a student to verify this information.

Fieldhouse Media's Kevin DeShazo's business practices appear to raise serious ethical questions.  For example, last year Mr. DeShazo created a press release announcing his social media monitoring service that quoted me without my cooperation.  Did Mr. DeShazo ask for my permission to be quoted in a press release designed to sell his social media monitoring services? No. Why is Mr. DeShazo trying to associate my reputation with a practice that I along with lawyers and risk professionals from around the country believe may pose tremendous legal and financial risks to not only NCAA athletic departments, but also athletic directors and their employees?  

If you perform due diligence on Mr. DeShazo you may find some issues that warrant further explanation.  For example, according to his publicly available LinkedIn Profile from last year it states that before he started his social media monitoring firm he had no verifiable social media or NCAA compliance/advisory experience.  Interestingly, according to his recent publicly available LinkedIn Profile it now claims that prior to starting his social media monitoring company he was working for a social media marketing firm. If Mr. DeShazo was actually working for a social media marketing company before he started his social media consulting firm why wasn't it listed previously? Also, why do some of Mr. DeShazo's listed company creation and/or employment dates not match with filings with the Oklahoma Secretary of State?

In 2001, George O'Leary, Notre Dame's head football coach resigned five days after being hired because of "inaccuracies" in his published biography.  In other words, Mr. O'Leary was caught intentionally misleading NCAA athletic departments about his background.  After George O'Leary, Jayson Blair was caught creating a web of lies and was terminated from the New York Times, and then James Frey, the author of "A Million Little Pieces" was caught lying to Oprah.   

Anyone that approaches schools to sell services to track personal social media accounts is selling a legal liability time bomb.  If a school hires a social media monitoring firm to track the personal digital content of their students or employees and it misses an indication that there may be a crime committed it may cost the school more than $100 million dollars.  For proof, just review the Penn State emails regarding the Jerry Sandusky matter.  Does a school want to be on the hook for tens or hundreds of millions of dollars in legal liability because it was utilizing a social media monitoring service to track personal digital accounts?  

Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.

Is Google Enabling Illegal Ads That May Harm Children?

Advertisements for counterfeit merchandise, illegal drugs, pornography, etc... have been on the Internet for years.  Unfortunately, it appears some companies that have the ability to remove ads and/or links from their web sites to illegal products and/or services may not be putting forth their best effort to do so.  Refusing to properly address these issues may lead to major legal and financial consequences.

Recently, Mississippi Attorney General Jim Hood publicly asked Google to "address issues on its web site that are allowing users to obtain illegal and counterfeit goods, including dangerous drugs without a prescription."  According to Mr. Hood, " “[o]n every check we have made, Google’s search engine gave us easy access to illegal goods including websites which offer dangerous drugs without a prescription, counterfeit goods of every description, and infringing copies of movies, music, software and games,”. Mr. Hood further stated, “[t]his behavior means that Google is putting consumers at risk and facilitating wrongdoing, all while profiting handsomely from illegal behavior.”

Google's response to Mr. Hood's allegations that it is not doing enough to stop the proliferation of ads for counterfeit goods has been called insufficient and inadequate. According to the Associated Press, Mr. Hood has stated that Google's previous response was also "evasive" and "overly technical" and that its "lack of meaningful action is unacceptable."   

The allegations against Google are extremely serious and very troubling.  This is not the first time it has been alleged that Google is profiting from illegal behavior.  In 2006, a lawsuit was filed and later withdrawn alleging that Google profited from child pornography. In 2009, Rosetta Stone sued Google and eventually reached a confidential settlement regarding allegations that Google illegally sold Rosetta Stone trademarks to third-party advertisers that linked to sites selling counterfeit software. 

Google has a proven track record of turning a blind eye to illegal ads on its platform.  In August 2011, Google agreed to "forfeit $500 million for allowing online Canadian pharmacies to place advertisements through its AdWords program targeting consumers in the United States, resulting in the unlawful importation of controlled and non-controlled prescription drugs into the United States."  According to the Wall Street Journal, Google's chief executive knew about the illicit conduct that led to the record forfeiture.  The U.S. Attorney for Rhode Island stated, "[w]e simply know from the documents we reviewed and witnesses we interviewed that Larry Page knew what was going on". 

Google's alleged behavior of putting advertising profits ahead of its concern for users was also recently criticized in the United Kingdom.  According to The Guardian, "thousands upon thousands of people are paying wholly unnecessary fees to access basic services provided by the government". This appears to be occurring because Google is not doing enough to police its AdWords system.  It took The Guardian's researchers, "milliseconds....to find a site in breach of Google's rules."  While Google did remove one of the sites that The Guardian reported was fleecing UK consumers, "the search engine continues to promote copycat sites, happily taking the revenue that they generate".  The problem of illegal content being easily accessible on Google's web sites is so serious that Prime Minister David Cameron recently called out Google for not doing enough to protect our children.  

Facebook recently announced that it blocks users in the Netherlands from seeing ads for online gambling to comply with the Dutch Betting and Gaming Act.  Last month, LinkedIn updated its terms of service to ban the advertising of sexual services on its platform.  For more than ten years, Google has been removing content from its French and German indexes that may conflict with local laws.  If Facebook and LinkedIn are able to implement programs that block ads for services or products that are illegal in some parts of the world why hasn't Google done more to protect its users?  Is it because 95% of its revenues comes from advertising? 

According to the Pew Internet Project report, 93% of all U.S. teens between the ages of 12-17 go online.  In addition, 47% of parents are “very concerned” about their child’s exposure to inappropriate content through the Internet or cell phones.  This month, the Digital Citizens Alliance released A Report on How Google and YouTube Stand to Benefit When Bad Actors Exploit the Internet that appears to demonstrate that Google is not doing enough to protect our children.  The report provides multiple recent examples where YouTube is exhibiting ads for illegal goods and/or services next to videos that appear to be targeted to children and/or teens.  

While some regulators appear to be weighing whether television advertising regulations should be applied to online video platforms, it is apparent that more safeguards are needed to protect children from illegal ads that appear on YouTube and other web sites.  Google's less than stellar record in monitoring its ecosystem for illegal ads may push regulators and/or lawmakers to over-regulate the Internet and stifle innovation. 

Unless Google acts expeditiously to better police its digital properties, it would not surprise me if a coalition of state attorney generals commences legal action to protect our children from the significant number of illegal ads that appear on Google's web sites.  To avoid a costly and drawn out legal quagmire that may not only affect its advertising business, but the entire digital advertising economy, it may be in Google's best interest to fully cooperate with the NAAG and take meaningful action that protects users from ads for illegal products and/or services.

Copyright 2013 by the Law Office of Bradley S. Shear, LLC.  All rights reserved.