Shari Claire LewisHow New York Authorities Are Regulating the Internet
In her Internet Issues/Social Media column, Shari Claire Lewis writes: The image of the Internet as an unregulated Wild West, untouched by government action, is one that some find attractive. But it is not accurate, as illustrated by a number of important actions taken in recent weeks by the New York State Attorney General's office. These steps have significant practical ramifications for companies and individuals in New York that use the Internet as well as the businesses that provide Internet services to all of us.
February 15, 2019 at 02:50 PM
9 minute read
The image of the Internet as an unregulated Wild West, untouched by government action, is one that some find attractive. But it is not accurate, as illustrated by a number of important actions taken in recent weeks by the New York State Attorney General's office, including one it took in conjunction with representatives of dozens of other states.
As discussed below, these steps have significant practical ramifications for companies and individuals in New York that use the Internet (and who doesn't?) as well as the businesses that provide Internet services to all of us.
|Social Media Fraud
In late January, New York State Attorney General Letitia James announced a settlement with Devumi LLC and related companies owned by German Calas Jr. (collectively, Devumi) over the sale of fake followers, “likes,” views, and other forms of online endorsement and social media activity.
According to the Attorney General's office, Devumi sold the fakes to users of social media platforms from computer-operated accounts (“bot accounts”) and from accounts created when people pretended to be other people (“sock-puppet accounts”). The AG's office asserted that these accounts, found on social media platforms including Twitter, YouTube, LinkedIn, SoundCloud, and Pinterest, pretended to express genuine opinions of real people when they actually reflected false, paid-for activity aimed at deceiving online audiences and the public. The AG's office said that some activity Devumi sold came from fake accounts that copied real people's social media pictures and profiles without the knowledge or consent of the individuals whose identities had been copied.
The AG's office determined that Devumi also sold endorsements from social media influencers without disclosing that the influencers had been paid for their recommendations.
The AG's office asserted that these business practices deceived and attempted to affect the decision-making of social media audiences, including other platform users' decisions about what content merited their own attention, consumers' decisions about what to buy, advertisers' decisions about whom to sponsor, and the decisions by policymakers, voters, and journalists about which people and policies had public support. Devumi's practices, the AG's office contended, also deceived some of the company's own customers who mistakenly believed they were paying for authentic endorsements (although other Devumi customers apparently knew they were buying fake activity and endorsements) and deceived social media platforms with policies prohibiting fake activity.
The settlement prohibits Devumi from engaging in any of the same misconduct going forward—not a very powerful result given that Devumi is no longer in business. However, the settlement appears to be truly groundbreaking, as Attorney General James characterized it, as it seems to be the first finding by a law enforcement agency in the United States that selling fake social media engagement is illegal deception and that fake activity using stolen identities is illegal impersonation. As Attorney General James said in a statement, the settlement with Devumi sends a “clear message that anyone profiting off of deception and impersonation is breaking the law and will be held accountable.”
|Internet Speed
In December, the AG's office, under then-Attorney General Barbara D. Underwood, announced two notable settlements relating to Internet speeds.
First, the AG's office announced a $174.2 million settlement with Charter Communications, Inc., and Spectrum Management Holding Company (together, Charter) of a consumer fraud action previously filed by the AG's office that alleged that the state's largest ISP, which operated initially as Time Warner Cable and later under Charter's Spectrum brand name, denied customers the reliable and fast Internet service it had promised.
The complaint filed by the AG's office asserted, among other things, that Charter leased deficient modems and wireless routers to subscribers that did not deliver the Internet speeds subscribers had paid for, failed to maintain enough network capacity to reliably deliver promised download speeds to subscribers, and represented Internet speeds as equally available, whether connecting over a wired or WiFi connection, even though, in real-world use, Internet speeds routinely are slower via WiFi connection.
The settlement included direct restitution of $62.5 million for over 700,000 active subscribers (in an amount between $75 and $150 per subscriber) as well as streaming services and premium channels, with a reported retail value of over $100 million, at no charge for approximately 2.2 million active subscribers. The AG's office said that it believed that the $62.5 million in direct refunds to consumers represented the largest payout to consumers by an Internet service provider (ISP) in the United States.
The settlement also contained the following terms:
• Affirmative advertising obligations: Charter must describe Internet speeds as “wired,” disclose that wireless speeds may vary, and disclose the factors that might lead actual experience to vary, including based on the number of users and device limitations. This applies to all advertising and marketing of speeds, including television and other commercials, website and website communications, print ads, bill inserts, and emails.
• Substantiating Internet speeds: Charter must substantiate Internet speeds using an industry-accepted testing methodology, and discontinue any speed plan that cannot be substantiated.
• Advertising prohibitions: Charter may not make unsubstantiated claims about the speed required for particular Internet activities such as streaming, the reliability of the Internet service (such as no buffering or no slowdowns), or the availability of the promised speed over WiFi. Charter also may not describe Internet speeds as “consistent” without fully satisfying the Federal Communications Commission's consistent speed metric and must make commercially reasonable efforts to deliver access to all online content and services featured in its advertisements.
• Equipment reforms: Charter must provide subscribers with equipment capable of delivering the advertised speed under typical network conditions when they commence service, promptly offer to ship or install free replacements to all subscribers with inadequate equipment via at least three different contact methods, and implement rules to prevent subscribers from initiating or upgrading service without proper equipment for the chosen speed tiers.
• Sales and customer service training: Charter must train customer service representatives and other employees to inform subscribers about the factors that affect Internet speeds. Charter also must maintain a video on its website to educate subscribers about various factors limiting Internet speeds over WiFi.
Only days after announcing the agreement with Charter, the AG's office announced settlements with four major ISPs (Altice, Frontier, RCN, and Verizon) that effectively established industry-wide standards for marketing Internet speeds consistent with those in the Charter settlement.
In summary, the agreements require the ISPs to market Internet speeds as “wired,” to substantiate their speed claims with regular speed testing, and to warn consumers that “wireless speeds may vary.” The ISPs also must spell out the relative benefits of speeds and services accurately, ensure that there is sufficient network capacity to deliver advertised content from third party providers, such as Netflix, and undertake other reforms that, the AG's office said, were designed to improve Internet service and make marketing clearer and more accurate.
The agreements also included direct financial commitments by the ISPs to improve network infrastructure and compensate for the harm the AG's office found to certain consumers. For example, Frontier must spend no less than an additional $25 million to upgrade its network infrastructure upstate to relieve congestion and improve service.
|Data Breaches
Last, but certainly not least, it is important to highlight the data breach settlement reached recently by 43 states, including New York, and the District of Columbia with the Neiman Marcus Group LLC over the 2013 breach of customer payment card data at 77 Neiman Marcus retail stores in the United States. With the flow of data breaches that seem to occur on a regular basis, this settlement is unlikely to be the last data breach settlement that New York reaches this year.
The underlying facts are by now all too familiar: In January 2014, Neiman Marcus disclosed that payment card data collected at its retail stores had been compromised by an unknown third party. The states' investigation determined that approximately 370,000 payment cards—roughly 27,600 of which were associated with New York consumers—were compromised in the breach, which took place over the course of several months in 2013. At least 9,200 of the payment cards compromised in the breach were used fraudulently.
In addition to a $1.5 million monetary settlement to the settling jurisdictions (New York's share: $58,611.60), Neiman Marcus agreed to a number of provisions aimed at preventing similar breaches in the future, including:
• Complying with Payment Card Industry Data Security Standard (PCI DSS) requirements;
• Maintaining an appropriate system to collect and monitor its network activity, and ensuring logs are regularly reviewed and monitored;
• Maintaining working agreements with two separate and qualified payment card industry forensic investigators;
• Updating all software associated with maintaining and safeguarding personal information, and creating written plans for replacement or maintenance of software reaching its end-of-life or end-of-support date;
• Implementing appropriate steps to review industry-accepted payment security technologies relevant to the company's business; and
• Devaluing payment card information using technologies such as encryption and tokenization to obfuscate payment card data.
Under the settlement, Neiman Marcus is also required to retain a third-party professional to conduct an information security assessment and report, and to detail any corrective actions that the company may have taken or plans to take as a result of the third-party report.
|Conclusion
With more and more reasons for us to be online for work and pleasure, the Internet and its various components will continue to play a leading role in our lives. Regulators in New York have taken notice, and their involvement in the online world will almost certainly continue to grow.
Shari Claire Lewis, a partner in the Long Island office of Rivkin Radler, can be reached at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
AI Startup Founder Defrauded Investors of Millions, US Prosecutors Say
3 minute read
Legal Leaders See AI's Multitude of Uses as Both Blessing and Curse
'We Are Becoming Scapegoats': One Year Post-SEC Cybersecurity Disclosure Updates and Impacting Rulings
Global Tech Outage Affects NY Court System Statewide Early Friday
Trending Stories
- 15th Circuit Overturns OFAC’s Tornado Cash Sanctions
- 2The Forgotten Ballot: Expanding Voting Access for Incarcerated Populations
- 3Data Breaches, Increased Regulatory Risk and Florida’s New Digital Bill of Rights
- 447. If Clients Won’t Buy Your Knowledge, What Will They Buy?
- 5Law Firm Office Growth in Pennsylvania Lagged in 2024
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
