Sunday, April 15, 2012

.XXX Owner Attempting to Add .SEX, .PORN, and .ADULT to its Portfolio

Although this in and of itself is not a huge news story, I thought it provided some interesting commentary on possible uses of new gTLDs and business strategies. ICM, the registrar of .XXX, has announced bids for .ADULT, .SEX, and .PORN gTLDs, and presumably filed applications. (PCMag article here and marketwatch article here).

It remains to be seen whether or not they are able to obtain these registrations, as obvious adult related gTLDs will likely be seen as a potential opportunity for several potential registrars. More interesting is perhaps ICM's proposed use. ICM has stated that they will offer package deals for registering websites across all four adult domains, including the opportunity for other rights holders to block registrations across each with one fee and filing.

The first question is whether or not this is wise. The .XXX registrations have yet to set the internet aflame as adoption remains slow. Anecdotal evidence suggests the most profitable use has been blocking registrations by non-adult rights holders. Perhaps ICM simply believes that by obtaining as many top level domains that a rights holder would want to block is the most profitable approach, and thus the 'package deal' is simply to avoid the wrath of rights holders.

This registration also highlights another problem inherent in the gTLD process. ICM, one registrar, will potentially own four competing domain names. What, therefore, will ICM's liability be to trademark holders if it offers infringing registrations across its own holdings? Will the current safe harbor provisions be enough if the same company registers to the Hefner media empire, and then gives to a start-up competitor and to a cyber squatter?

Furthermore, one begins to wonder why so many top level domain names are needed, unless it is decided that each one represents a separate market. Although there are grandfathered exceptions, generally a registration of a trademark on .com is enough to prohibit a non-rights holder from registering it on .biz. Therefore, will each new gTLD simply be pre-filled with the same famous names that already exist?

These also have the potential to fully test the dispute procedures. These adult oriented names are likely to be applied for by others. Will ICM's current status as .XXX registrar help or hinder their chances? They can surely prove that they have the technical ability to operate a top level domain, but will they have to worry about antitrust regulators with their power over the adult domain name market?

Only time will tell on this one. It seems somehow fitting that, as per usual, a momentous development in the history of the Internet will be worked out by porn companies.

Thursday, April 5, 2012

In the Matter of Facebook, Inc.

In the Matter of Facebook, Inc. 2011 WL 6092532

Mark Zuckerberg sweating through that interview, pre FTC privacy case.
Facebook's privacy practices have been in the public's collective consciousness with  regularity after it was discovered that personal information was being shared with advertisers and other third parties. Compounding this was Facebook's then Byzantine privacy settings, which in theory provided users with control, but in practice either were ignored or used incorrectly.

Eventually the FTC investigated Facebook, and the two entered into a consent order late in 2011.

First, the Facebook agreed to not misrepresent any information concerning privacy or security settings of users, including a) the collection of information, b) the extent to which a consumer could control that information, c) the extent that information was sold to third parties, d) the steps Facebook had taken to verify the security of third parties with access to the information, e) the extent to which the information was available after an account was deleted and f) the extent to which Facebook complied with various government issued privacy guidelines.

Facebook was ordered to clearly state in a separate user agreement the privacy and information collection settings, and obtain users express consent before collecting any private information. Like the Twitter case, Facebook also was required to designate an employee and set up a monitoring and auditing program to assess the new privacy controls and features. Facebook is also required to submit reports to the FTC discussing the implementation and success of such a program.

Yet perhaps the most interesting is that Facebook was given 60 days to implement systems that would ensure private information could not be accessed by any third parties within 30 days of a user deleted his or her account. Facebook, as well as other websites that accept user submitted content, have always warned that deleted information may remain on their servers for sometime. This has to do with the way the data is stored across multiple servers. Even Facebook was upfront about this when they first began introducing photo sharing. Even if the link on a Facebook page is deleted, users can still access photos by entering the direct address until Facebook's servers purge the information. It stands to reason that a third party could do the same.

Since Facebook agreed to this consent order, they must have a method for implementing this requirement. This is good news for users who decide to remove information. Ideally, it would instantly be inaccessible to a third party, but even within the 30 day time limit is an extra level of assurance. It should still be noted that this doesn't necessarily mean Facebook cannot access the information, but it is a step in the right direction.