St. Ledger-Roty & Olson LLP
Telecommunications . Internet . Media . Privacy . Data Security
1250 Connecticut Avenue NW Suite 200 Washington DC 202.454.9401 202.261.3508
News and Information

Karen Neuman Participates in Panel on Mobile Advertising

joined industry experts at the Electronic Retailing Association Great Ideas Summit in New Orleans February 1-3 to discuss the benefits of adding the mobile channel to traditional media ad campaigns. Karen’s remarks focused on recent legal and regulatory developments that direct response retailers should be aware of as they formulate their mobile campaigns, including recent proceedings at the Federal Trade Commission and Federal Communications Commission, and a recent federal appeals court case involving SMS advertising. In addition to outlining some of the privacy issues being addressed by the FTC and the federal court case, she described the relevance of the FCC open Internet rulemaking to businesses that reach customers on their mobile devices. An in-depth article about these developments along with some practical tips for mobile retailers will appear in the March issue of the ERA’s Retailer Magazine.


Judith St. Ledger-Roty's article in FierceMobileContent: "How content providers should address users' privacy concerns"

"Privacy as a concept is generally understood. What is less clear is the applicability in the wireless context of various FCC and FTC pronouncements addressing the use of user specific information that falls within the privacy umbrella (including the use of information that might identify a particular person) by non-carrier entities providing content or advertising services. (These terms are sometimes used interchangeably here.) It appears that the regulations that expressly apply in this context are few to non-existent at the federal level and apply only occasionally at the state level."

Read more:


FTC Launches Round Table Series on Exploring Privacy

On Dec. 7, 2009, the Federal Trade Commission (FTC) convened the first of three Roundtable meetings to explore privacy issues raised by the online collection, retention, and use of consumer data. The second Roundtable will be held January 28, 2010 in Berkeley, California, and will specifically address privacy issues in social networking, cloud computing and mobile communications. The entire record will remain open for comments until March 17, 2010.

The Roundtables are not formal rulemaking proceedings but suggest that the FTC may be running out of patience with the current self-regulatory approach it has lived with thus far. The Roundtables can thus be viewed as a first step to an eventual regulatory framework that better balances commercial interests in collecting and using consumer data and the consumer interest in individual privacy – interests that may not be mutually exclusive.

Summary of December 7 Roundtable. The discussion focused generally on the benefits and risks of consumer data collection in the contexts of behavioral and contextual advertising with some attention paid to the role of data brokers in marketing that information. FTC Chairman Jon Libowitz set the tone for the day when he cautioned that industry self-regulation and the current “notice and consent” approach may need to be replaced with a more “holistic” approach -- one that clearly took shape during the final session, “Exploring Existing Regulatory Frameworks”.

During this session there seemed to be consensus among consumer advocates and industry representatives that the current approach to protecting privacy disproportionately places the burden on consumers who generally lack familiarity with technology or a meaningful understanding of privacy policies. The FTC moderator suggested that one fix would be to update the agency’s existing Fair Information Practices (FIPs) and require industry compliance. Panelists pointed to the Department of Homeland Security FIPs as an appropriate model because it better reflects trends in technology and data collection and use1. Consumer representatives appeared to concur, advocating for an approach that, at a minimum, requires meaningful compliance with existing FIPs and more “penetrable” privacy policies, access to collected data and correction rights.

A related approach suggested by an industry representative was a “use and obligations”2 framework under which industry data use rather than collection is the primary driver of industry privacy obligations to which the FIPs are then applied. Privacy protection obligations carry throughout the use of the information, including use by third parties, and require company formulation of appropriate data management plans at the outset of the use.

All of the panelists were clearly reluctant to entirely do away with industry self-regulation on grounds that it promotes innovation and better keeps pace with technological advances than traditional regulation. Government’s role was framed as providing guideposts for industry that would serve as a floor for privacy protection. Panelists also encouraged a more robust use of the FTC’s subpoena power for truly bad actors as authorized under the Federal Credit Reporting Act.

Other key themes that emerged throughout the day included:

  • Consumers generally expect the greatest security for the most sensitive information (e.g., health and financial data) with a risk-based assessment for less sensitive classes of data and also expect government intervention if data collection and use practices go too far. Information brokers suggested defining sensitive data as that which would create a risk of identity theft and treating it differently from data that does not pose similar risks.
  • Consumers generally do not understand how companies use their information and are therefore unable to make informed choices about available options for protecting privacy, including “opt-in” and “opt-out” frameworks, or tools such as those offered by Google and Yahoo that let users set privacy “preferences”.
  • Consumers are generally most interested in information sharing practices and secondary uses of their data. Learning about these practices should not require multiple clicks or site registration.
  • The FTC should maintain a list of data collection entities and their practices with appropriate contact information that is easily accessible to consumers.

It is worth noting that the Roundtables are occurring as the Federal Communications Commission is examining similar issues.3 The concurrent inquiries suggest the possibility of a regulatory scheme that could involve multiple agencies, adding a new layer of complexity for some businesses.

Conclusion. It is unlikely that the Roundtables will result in immediate regulation. A more plausible scenario is that the Roundtables will lead to a revision of the FTC’s FIPs and the classification of sensitive data that may require heightened degrees of protection. In addition, we expect that the record may form the basis for an FTC report to Congress seeking greater rulemaking authority, which may then result in formal rulemaking proceedings to codify some of the approaches emerging from the Roundtables.

We are available to discuss your current privacy protection practices with you and to update those practices based on anticipated actions by the FTC and other policymakers. Please contact at or Judith St. Ledger-Roty at .

show more/less print this article Print all articles


FCC Launches Broadband Internet Openness Rulemaking

On Oct. 22, 2009 the Federal Communications Commission (FCC) voted, over two partial dissents, to initiate a proceeding to consider draft rules that would require Broadband Internet Service Providers to provide Internet access for unaffiliated applications, services, content and devices on a nondiscriminatory basis and subject to “reasonable” and “transparent” network management practices. There appeared to be consensus among all the Commissioners for comments that go well beyond the rhetoric that has characterized the public discourse on this issue to date. But by asserting that the proposed rules are limited to addressing Internet access, as opposed to expressing intent to regulate the Internet itself, the agency may unintentionally have thrown down the gauntlet and invited some of the rhetoric it is hoping to avoid.

The ensuing Notice of Proposed Rulemaking (NPRM) seeks responses to a number of questions intended to help formulate “the best means of preserving a free and open Internet” and comment on two pages of proposed rules to achieve this objective. The proposed rules would codify the principles contained in the FCC’s 2005 Internet Policy Statement1 and add two transparency and nondiscrimination requirements. Initial comments are due Jan 14, 2010 and reply comments are due March 5, 2010.

The rules would apply to all non-wireline platforms for broadband Internet access, including providers of mobile wireless, unlicensed wireless, licensed fixed wireless, and satellite broadband. At the same time, the NPRM seeks information about how the rules should apply to these platforms. Recognizing that they operate with different market structure, consumer usage patterns, regulatory history and technologies the FCC is asking how these platforms should be treated under the new rules and what enforcement mechanism should be employed to ensure compliance.

The FCC seems particularly interested in how application of the “device attachment” rule to mobile wireless networks could harm or otherwise affect those networks. The agency is also interested in appropriate time frames for phasing in application of the rules, or alternatives, to mobile wireless broadband providers. Similarly, the NPRM recognizes that the unique technical characteristics of mobile devices, including how the functionality of a particular device may be tied to spectrum limitations and how limited spectrum availability and the resulting potential strain on network capacity from bandwidth intense services like streaming video, might require a different definition of “reasonable” for purposes network management practices for mobile devices that are typically sold by the same network operator.

The FCC similarly noted that the unique characteristics of mobile devices might require a different framework for application of the “access to applications” rule.

Anticipating a challenge to its authority to undertake this particular rulemaking, the NPRM reflects a concerted effort to inoculate final rules against an adverse outcome on appeal. The NPRM first provides an overview of the history of the public Internet then recounts the FCC’s role in setting the stage for the Internet’s evolution. It goes on to discuss the FCC’s subsequent exercise of authority while addressing various issues in markedly different types of proceedings that had the effect of promoting and preserving the Internet, including the medium’s qualities of openness and nondiscriminatory access – all of which is portrayed as culminating in the Internet Policy Statement.

Within this framework, the narrative conveys a sense of inevitability about the FCC’s jurisdiction to act in this instance, portraying the current rulemaking as a logical next step in the FCC’s ongoing effort to preserve the open Internet. Notwithstanding this approach, the jurisdiction question may be resolved if the DC Circuit decides the appeal of an FCC enforcement action against Comcast2 (in which the agency found that Comcast’s network management practices violated the Internet Policy Statement) before the conclusion of this proceeding. A finding in favor of the FCC could strengthen the agencies assertion of jurisdiction to regulate in this area. A ruling in favor of Comcast could do just the opposite, unless the Court both concludes that the FCC has requisite jurisdiction but exercised it improperly.

The NPRM also lays out the marketplace and technological forces that could shape the Internet of the future -- namely the mobile Internet -- including the rapid growth of and demand for high bandwidth use applications and content, particularly video, and the evolving tools that are available to network operators to manage increased demand for capacity. These tools include sophisticated routers that enable network operators to distinguish among different classes of traffic, deep packet inspection, cacheing services, and algorithms that can be used for scheduling transmission of certain classes of traffic, to name a few.

All of this background tees up the thrust of the NPRM, which is a request for specific comment on the proposed rules.

As mentioned, the first four rules codify the existing Internet principles and would prohibit broadband ISPs, subject to “reasonable network management practices”3, from:

  • Preventing their users from sending or receiving lawful content of the user’s choice over the Internet;
  • preventing their users from running lawful applications or using lawful services of the user’s choice;
  • preventing their users from connecting to and using on its network the user’s choice of lawful devices that do not harm the network; and
  • depriving any of their users of their entitlement to competition among network providers, application providers, service providers and content providers

Two new rules would impose transparency and nondiscrimination obligations, and would require broadband ISPs to:

  • treat lawful content, applications and services in a nondiscriminatory manner; and
  • disclose such information concerning network management and other practices as is reasonably required for users and content, application and service providers to enjoy the protections “specified in this rulemaking.”

Broadband ISPs would be permitted to address harmful or unwanted traffic such as spam, and prevent the transfer of unlawful content, including child pornography and the unlawful transfer of content, including a transfer that would infringe on works protected by copyright. Questions about what constitutes spam and works protected by copyright might raise concerns about whether ISPs want to be in a position to make these kinds of determinations without specific guidance. The rules would not interfere with an ISP’s obligation to deliver emergency communications or to address law enforcement, public safety, or national or homeland security needs.

The NPRM also reveals the FCC’s interest in whether “managed” or “specialized” services should be subject to different treatment, including how to define these services and what if any rules should apply to them. Examples of managed or specialized services include voice, subscription video, enterprise and business services, telemedicine, smart grid and e-learning – all of which may be delivered over the same Internet access facilities but have not been considered to be traditional Internet services or products.

In addition, the FCC seeks comment on whether the proposed rules would apply to Internet-based applications providers like Google -- whose services (for example “Google Voice”) may or may not be classified as telecommunications services -- and the implications of how those services are classified for purposes of FCC’s jurisdiction and regulatory treatment.

An interesting issue that could surface involves whether the scope of this proceeding should be expanded to include entities that arguably play a “gate keeping” role on the Internet or in the mobile ecosystem. For example, applications developers have expressed growing concern about how “app stores” decide what applications are approved for “shelving” and sale in those stores and whether those decisions effectively decide the success or failure of any given application instead of ceding that power to the market . This argument is very similar to those made in previous debates about the risks to the Internet posed by the comparable powers of the ISPs. Similar concerns have also been raised about the role search engines play in listing search results. An obvious obstacle to addressing these concerns in this proceeding is its explicit focus on the activities of “broadband access providers” and neither app stores nor search engines fall within the definition of broadband access provider in the proposed rule. But it is an intriguing question and one that may strike a chord with other agencies, such as DOJ or even the FTC – both of which have made clear their interest in closely scrutinizing the activities of technology companies and possible competition risks posed by those activities.

Since this proceeding was initiated, technology has continued to evolve quickly and there is some risk of obsolescence to the final rules as published – despite the FCC’s stated goal that any rules will be sufficiently dynamic for unforeseen technological innovation. The outcome of this rulemaking has potentially significant implications for broadband ISPs, and wireless mobile broadband network operators in particular, as well as a wide array of business and other interests that increasingly, if not exclusively, depend on the Internet to sell or provide services, products and information. These interests include applications and device manufacturers – in addition to the smart grid, electronic health care and e-learning sectors that are explicitly mentioned in the NPRM; subscription and user generated video, music, news and other content producers and distributors, consumer electronics manufacturers, online advertisers , publishers and retailers, financial and educational institutions, and even the hospitality and travel sectors.

This proceeding should be of equal interest to end user; its outcome could set the stage for congestion management practices that have only been the subject of discussion thus far, including offering tiered service or charging for priority transmission of packets. The challenge for regulators will be to 1) understand of the nature and extent of the network operators’ need to manage and prioritize network traffic and the tools for doing so, and 2) balance this interest with the interests of entities that currently use -- or are planning for future uses of -- the Internet to deliver content, products and services, as well as the end users who will use existing and new applications to access those products or services.

Accordingly, those at the “core” of the network, including broadband ISPs as well as innovators at the “edge” of the network have a strong stake in taking advantage of this opportunity to educate the FCC and shape the contemplated rules through comments at the very least.

This is a proceeding that is technically complex and one that poses novel policy and legal questions. We are available to provide you with various forms of assistance, including providing strategic guidance about how to move forward with contemplated business objectives based on our judgment of the likely regulatory environment your business will be operating in, helping to prepare comments, arrange meetings with key FCC officials, and monitor related developments in Congress or the courts.

Please contact us if you would like additional information.

Judith St. Ledger-Roty :

Karen L. Neuman:

Jeffrey H. Olson:

show more/less print this article Print all articles


Karen L. Neuman Discusses Legal Issues Involving Mobile Media

, a partner in St. Ledger-Roty Neuman & Olson, was a speaker at a Media Future Now program “Privacy, Mobile and Social Media" on October 19, 2009 in Washington, DC. She explained that many of the legal issues seen in telephony, cable and the Internet have surfaced in mobile communications, including the nature of program distribution agreements between carriers and content producers, data security, universal service, and even liability issues arising from employee use of mobile devices in the workplace.

Focusing on some specific legal issues in the mobile media ecosystem, Karen noted that the unprecedented deployment of new technologies, applications and devices has created new opportunities to commercialize personal information about individuals who access services and products on their mobile devices -- outpacing efforts of policymakers to protect privacy and individual data while preserving innovation in the mobile space. Privacy is of particular concern in the mobile context due to the availability of location based applications and advertising.

Explaining that multiple state and federal authorities have grappled with these issues, Karen recommended that any entity contemplating a mobile advertising campaign be aware of the many laws, principles and best practices that could apply to mobile marketing activities including commercial text messaging, mobile sweepstakes and telemarketing.

Using a case on remand in the Northern District of California, Karen demonstrated the impact of the current uncertain legal environment that many behind-the-scenes players in the mobile advertising sector operate in, and how compliance with industry best practices could be a prudent approach to minimizing the potential for litigation. This seems to have been particularly so in California case, which involved an unsolicited text messaging campaign to a cell phone subscriber who signed up for a free ringtone for her son. The case addresses some issues that may be familiar by now to the online advertising sector, including the nature of the consent given and the relationships of the commercial entities involved in the transaction. Also addressed was the classification of the ringtone as voice or data and the medium specific nature of the equipment used to send the text for purposes of the pertinent legal analysis.

Karen concluded her remarks by emphasizing that some common themes have emerged in the currently splintered regulatory environment, including clear preferences for transparency and choice that goes well beyond today’s privacy policies and terms of use agreements. She also described some novel approaches, including Google’s ad preference program, which enables individuals to control the amount and type of advertising delivered to them. Another approach involves providing something of value to the consumer, such as a coupon or rebate, in exchange for commercial use of personal information.

Karen L. Neuman’s bio

Mobile Media & Privacy

show more/less print this article Print all articles



On October 5, 2009, the Federal Trade Commission (FTC) adopted revised guides concerning the use of endorsements and testimonials in advertising and requiring disclosure of “material connections” (payments or free products or services) between advertisers and endorsers. The guides, last updated in 1980, are not binding agency rules. Instead, they are administrative interpretations of applicable law intended to help advertisers comply with prohibitions against deceptive practices under Section 5 Federal Trade Commission Act. Accordingly, they represent a significant policy statement that will affect advertisers that rely on endorsements or testimonials by consumers, experts, organizations and celebrities and now apply to new media including blogs and social networks. The revised guides go into effect December 1, 2009.

Advertisements that depict a consumer characterizing results from using a particular product or service as “typical” when that is not the case will now be required to clearly disclose the results that consumers can generally expect. In contrast to the 1980 guides, where advertisers were permitted to describe extraordinary results in a testimonial as long as they included the disclaimer “results not typical,” the revised guides eliminate this safe harbor.

Bloggers. The revised guides now apply to bloggers and other “word of mouth marketers” who use social media to discuss, review or evaluate products or services. The guides illustrate what constitutes an endorsement when the endorsement is conveyed by a blogger and specifies the applicable disclosure. A blog post by a blogger who receives cash or in-kind payment to review or evaluate something they’ve read on a website, or a product or service they’ve received, must disclose the material connections with the website or seller of the product or service. An example of the former would be a website that helps bloggers find advertisers willing to sponsor specific reviews or other content; an example of the latter would be a manufacturer of a product or service that gives the blogger a free product and asks the blogger to write about it. The critical question is the “net” consumer impression.

One example given by the agency to illustrate the principle involves a college student who has earned a reputation as a video game expert and maintains a personal blog where he posts entries about his gaming experiences. Readers seek his opinions about video game hardware and software. A video game system manufacturer provides the student with a free copy of the system and asks him to write about it on his blog. Because the blogger’s review is disseminated “via a form of consumer-generated media” in which his “relationship to the manufacturer is not inherently obvious” and “readers are unlikely to know that he has received a product free of charge in exchange for a review of a product” and given the value of the system, these factors could “materially affect the credibility attached to the endorsement”. The Agency’s intent is to ensure that consumers are informed about bloggers whose posts are the result of a commercial transaction where consumers would otherwise be unaware of such a relationship. Under these circumstances, the blogger “should clearly and conspicuously disclose” receipt of the gaming system free of charge.

Moreover, the manufacturer has obligations under the revised guides: it should advise the blogger at the time it provides the gaming system that this connection should be disclosed and the manufacturer should have procedures in place to monitor the blogger’s postings for compliance.

The revised guides exempt product or service reviews in traditional media from the disclosure requirements applicable bloggers. The rational appears to be that a newspaper or even an Internet news website with independent editorial functionality typically assigns an employee to review a product or service for publication by the newspaper or news site. These reviews are not treated as sponsored endorsements under the guides, unless the reviewer receives a direct benefit from the manufacturer of the product or service.

Celebrity Endorsements. The revised guides impose a duty on celebrities to disclose their relationships with advertisers when endorsing products or services in non-traditional advertising settings such as talk-shows or through social media outlets. Celebrity endorsements through traditional advertising are exempt from the revised guides on the theory that consumers understand that celebrities may be paid to appear in traditional advertising. On the other hand, consumers may not expect celebrities to be compensated for expressing their views about a specific product or service when appearing on a talk show. Both advertisers and celebrity endorsers may be liable for false or unsubstantiated claims made in an endorsement – or for failure to disclose material connections between the advertiser and endorsers.

Endorsement by Research Organization. The revised guides characterize endorsements by a research organization as viewed as representing the judgment of a group whose collective experience exceeds that of any individual member, and whose judgments are generally free of the sort of subjective factors which vary from individual to individual. If an organization is represented as being expert then in conjunction with a proper exercise of its expertise in evaluating a product its endorsement must be supported by an expert evaluation by an expert or experts recognized as such by the organization, or by compliance with standards previously adopted by the organization and aimed at measuring the performance of the product in general and not with the particular attributes of the advertised product in mind. A company that refers in an advertisement to the findings of a research organization that conducted research sponsored by the company must disclose the connection between the advertiser and the research organization.

The revised guides adopt significant changes that will affect advertisers in general, and bloggers and social media particular. If you are an advertiser relying on testimonials or endorsements covered by the revised guides, or are a blogger or social media critic or other user unfamiliar with the reach of the FTC to your medium it important that you become familiar with and understand the revised guides and their application to your activities. We are available to assist you with this undertaking as well as provide compliance and other pertinent advice.

Please contact Karen L. Neuman at or Judith St. Ledger-Roty at .

show more/less print this article Print all articles


FCC Seeks Comment on Barriers to Broadband Deployment and Adoption on Tribal Lands.

On September 23, 2009 the FCC released a public notice seeking comment about barriers to broadband deployment and adoption on Tribal lands1 and how those barriers can be minimized or eliminated. As with other recent agency actions2, this inquiry is intended to solicit targeted information for inclusion in the National Broad Plan3 report due to Congress February 17, 2010. The report is mandated by the American Recovery and Reinvestment Act of 2009,4 which establishes as a goal that every American has access to broadband services.

A significant hurdle to achieving this goal and the FCC’s underlying request for information about broadband deployment in Native American communities is the relative lack of recent data on penetration rates in those communities. According to the FCC, the most recently available census data suggests the extent of the problem -- that broadband deployment on Tribal lands is at most 30 percent5; data submitted jointly by the National Congress of American Indians and Native Public Media places that number even lower, at 5%6.

The Commission noted a number of beneficial uses to broadband in Tribal communities. Some of these uses include broadband solutions for better health resources, greater community connectedness, improved educational opportunities, more efficient public safety measures, and greater energy efficiency. But the agency also identified a number of hurdles to realizing these benefits, including difficult terrain, low population densities, and correlating higher deployment costs, the combination of which discourages network operators, like the telephone companies before them, from serving these areas. Other potential hurdles mentioned by the FCC include difficulties obtaining required government licenses or permits or access to government assets, as well as restrictions in the use of government funding that hinder the pursuit of broader broadband goals.7 Many similar issues have surfaced in connection with examining broadband deployment in other under- or un-served areas, including rural communities and low-income urban areas.8 In those instances, however, one notable hurdle is absent and that is the jurisdictional challenges posed by Tribal sovereignty or applicable treaties.

With this in mind, the Commission is requesting specific information in the following areas: 1) quantitative deployment and adoption data, 2) tools and resources available for promoting broadband deployment in Native American communities “consistent with the realities of the telecommunications marketplace on Tribal lands” and the “fiduciary trust relationship between the federal government and the Tribes, ” including whether there are lessons to be learned from the build-out of telephone lines that can be applied to broadband deployment, and whether there are examples of coordination or cooperation among tribal, state and local governments in the build-out of telecommunication infrastructure that could serve as models for broadband deployment; 3) deployment and mapping, including whether there are any jurisdictional or other reasons why states do not include Tribal lands in broadband mapping and the extent to tribal census tract data could assist with broadband mapping efforts; 4) digital literacy/education, including whether existing facilities already serve or could serve as training locations , such as computing centers, schools or libraries or “chapter houses,” and the percent of Tribal community centers, schools and households that are passed today by fixed, mobile telephony or cable services; 5) affordability, including what public and private entities can do to promote broadband adoption, including discounting computers or the cost of monthly service to specified tribal consumers, or reducing the cost of broadband connectivity and service through such programs as Lifeline/Link Up programs; and 6) the role of Broadband Service Providers in bringing broadband services to Tribal lands, including such factors as the practical utility of pilot programs and the impact of Tribal sovereignty and jurisdictional issues on the ability of carriers to obtain rights of way over Tribal lands and entry.

This proceeding presents unique opportunities to influence the FCC’s thinking about how to address pertinent market, jurisdictional, regulatory and legal issues. Tribal authorities, mobile wireless broadband providers, spectrum licensees or other holders of interests in spectrum, backhaul facilities providers, and network management applications and device manufacturers that can be used for broadband deployment could be affected by this proceeding. Large network operators that serve adjacent areas could also be affected by the outcome of this proceeding.

Comments are due November 9, 2009. Reply comments are due December 9, 2009.

We are available to analyze the Public Notice, help arrange meetings with appropriate officials as necessary assist with preparing comments for filing with the FCC and monitor related proceedings at the agency.

For further information please contact Karen Neuman at or Jeff Olson at .

show more/less print this article Print all articles


FCC Issues Public Notice Seeking Comment on Use of Broadband for Smart Grid Technology

On September 4 the Federal Communications Commission issued a public notice seeking comment on the use of broadband for implementing smart grid technologies. These technologies generally consist of applications and devices to monitor and manage energy consumption by utilities and energy consumers. This inquiry is part of the agency’s broader initiative to obtain information to include in its National Broadband Plan report, due to Congress February 17, 2010.

That the Commission sees itself playing an instrumental role in promoting deployment of innovative technologies over communications networks to implement key features of the Obama Administration’s energy agenda is evidenced by this inquiry, its request for information about the smart grid in the Broadband and Wireless Innovation Notices of Inquiry1 and the agency’s recent smart grid workshops. These proceedings present unique opportunities for start up businesses and established companies alike to influence at the outset the FCC’s thinking about how to address pertinent market, regulatory and legal issues.

The American Recovery and Reinvestment Act of 2009 embodies the recognition that revamping the nation’s utility grid to accommodate the energy needs of the 21st century is likely to increase demand for electricity. At the same time, however, digitizing some aspects of electricity transmission and delivery could help manage demand while utilizing emerging applications and technologies to reduce energy consumption.

The FCC is soliciting comments about barriers to entry and growth – as well as opportunities – for companies bringing smart grid technology to the wireless ecosystem. In particular, the FCC is asking for information about highly technical aspects of the smart grid, including the type of bandwidth and speed required for smart grid technologies, and how home networks will fit into the energy grid. The FCC also is also seeking information about the suitability of existing communications technologies and availability of existing networks for smart grid deployment and data transmission. The Agency, mirroring parallel assessments by utilities and meter device manufacturers about the use of spectrum for transmission of real time pricing and consumption data is particularly interested in whether smart grid wireless networks can perform better over licensed wireless spectrum, which is dedicated, or unlicensed spectrum, which is shared. The goal is to promote the efficient use of energy on both the supply and demand sides to help utilities and consumers reduce energy consumption through demand response by utilities and providing consumers access to their consumption information via in-home displays or web portals on wireless mobile devices.

Companies that produce wireless networking management tools, software or hardware manufacturers that enable two-way dialog between utilities, retailers and consumers, and other application or device manufacturers that can be utilized for smart grid purposes could be affected by the outcome of this proceeding. Spectrum licensees or users of shard spectrum could also be affected by the outcome of this proceeding.

We are available to interpret and analyze the Public Notice, help arrange meetings with appropriate officials as necessary and assist with preparing comments for filing with the FCC.

For further information contact Karen Neuman at or Judith St. Ledger-Roty at .

show more/less print this article Print all articles



In late August the Federal Communications Commission (“FCC”) initiated two related wireless inquiries which ultimately could result in dramatic changes in the way that wireless services and equipment are used, and the way in which they are, or are not, regulated. In these two inquiries1 the FCC asks hundreds of questions about the extent to which wireless services are provided competitively, the way in which spectrum is utilized, whether it can be better utilized, the degree of innovation that this market has fostered, and what needs to happen to speed innovation to industries like the financial, health and energy industries.

Purposes of Notices. The FCC recognizes that the wireless market has changed dramatically, from a voice only platform, to a voice and data platform, one that will facilitate ever expanding broadband services and applications in both the communications marketplace, and in “edge” markets such as health care and energy, and that a review of the broader market is necessary. These inquiries will likely be used to inform the Agency’s thinking in its annual Report to Congress on the competitive conditions in the wireless industry, as it now broadly defines it. The data may also be used as the basis for rulemaking proceedings in which the Commission can propose, or seek to eliminate, rules.

Competition and Consumer Benefits. As part of its inquiry, the FCC asks a range of questions about both network providers and the consumers they serve. From a competition perspective, the FCC is not looking at just the total number of broadband wireless licensees in a given market segment, but also “how [it] should assess the ways in which spectrum holdings affect market structure, conduct and performance”. Of particular interest to the FCC is whether “consumers and end users are able to access the internet and other applications over their wireless network provider’s system.” This assessment also includes the device market for both traditional handsets, and smart phones, netbooks and modems/aircards as well as other devices which are connected by the customer or end- user to access the services or applications they desire. In order to judge the level of competition in specific wireless submarkets, the FCC asks what the different market segments are, and the degree to which specific pricing plans affect consumer choice. It also want to know whether consumers are constrained from switching carriers, and if so, why.

The FCC recognizes that there are already proceedings underway which address competitive conduct in the wireless market and that it may make decisions in those proceeding based on those records. Among the proceedings the FCC may be referencing include a Skype Communications S.A.R.L. (Skype) petition to the FCC. Skype, a VOIP, asks the FCC to declare that the FCC’s decision in its seminal Carterphone decision, which allowed consumers to connect their choice of customer premises equipment to the landline network, applies equally to wireless networks.

Also pending is the Rural Cellular Association (“RCA”) petition alleging that some data enabled smart phones, are not available to rural users. RCA claims that the iPhone ™ manufactured by Apple is exclusively available to customers of AT&T, making it unavailable in at least large portion of 15 states. ( In an August 21st letter to the FCC’s Wireless Bureau, AT&T indicated that it offers the largest subsidy AT&T has ever provided to subscribers who purchase the iPhone 3G.™ ).

Spectrum Utilization and Innovation. Both NOIs ask exhaustive sets of questions about spectrum utilization. For example, the FCC asks how the current wireless carriers utilize the spectrum that they have, if some spectrum is lying fallow, and if so why. It wants to know whether there are things it could do to improve utilization, including allowing more use of white space, encouraging more spectrum sharing, and whether such use should be licensed or unlicensed. It wants to know whether there is a relationship between investment in the wireless ecosystem, and spectrum utilization, and if so, how to measure it. The FCC also inquires if there is more it can do to encourage efficient shared use, subleasing, partitioning, and use of white space generally.

The FCC recognizes that one of its key challenges in bringing innovation to the market is the availability of sufficient spectrum, especially since most of the spectrum in the U.S. has already been put into use. With this in mind, it asks whether there are specific radio bands which could be “repurposed” and how such repurposing can be accomplished. It also asks whether in such circumstances clearing existing users off the band is required, or if there are additional innovative uses which would allow both applications to co-exist.

Referencing the FCC’s creation of the ability to transfer certain spectrum rights, including leasing of spectrum in the secondary markets, the FCC wants to know the extent to which the market for secondary use is working and if there are rule changes that would increase the amount of available spectrum for prospective users. It also seeks to understand the degree to which determining what constitutes “harmful interference” imposes unreasonable delays and whether it should rely on different means of dispute resolution that might yield quicker decisions where interference occurs. The FCC notes that the “association of particular services and applications with particular spectrum may become less relevant” and asks if the FCC should use a new spectrum access model that permits for increases in spectrum use.

The FCC asks new stakeholders such as the energy and health care providers to help it undertake its analysis by providing information and data within their purview, including how wireless is being used in their industries for innovative purposes, and if there is anything the FCC can do to facilitate innovation. It encourages participation by entities in edge markets by indicating that its rules allow for those confidential submissions, which can be withheld from public inspection.

The answers to these questions may show the wireless ecosystem and each of its subsets to be vigorously competitive and operating consistent with the public interest. However, these proceedings may also reveal that dominance in the spectrum arena allows carriers to dominate the broader market for wireless services. Answers to these questions, and the FCC’s response thereto, may well determine how this marketplace continues to develop in this country, perhaps not just in wireless but in other goods and services as well.

We are available to interpret and analyze the NOI with your needs in mind.

Please contact Judith St. Ledger-Roty at , Karen Neuman at , or Jeff Olson at for further information.

show more/less print this article Print all articles


FTC Health Data Breach Notification Final Rule

August 21, 2009

The Federal Trade Commission (FTC) released its final Health Data Breach Notification Rule on August 17, 2009.1 The rule was mandated by the American Recovery and Reinvestment Act of 2009 and is intended to respond to the growing potential for data breaches of personal health care information as this data is increasing stored not in the offices of health care providers but in large databases maintained by third parties, including private, web-based data storage facilities commonly referred to as “clouds”. The rule requires non- HIPPAA-covered web-based vendors of personal health records and third party service providers or related entities to notify individuals in the event of a breach involving their unsecured health information – that is personally identifiable health information that is not protected through the use of technology such as encryption.2 This alert highlights key provisions of the Rule and its potential impact on covered entities.

Key Terms and Covered Entities.

  • Personal health record vendors: Non-HIPPA covered web-based entities that offer or maintain an individual’s personal health record.
  • Personal health record (PHR): an electronic record of identifiable health information about an individual.
  • Related entity: offers products or services through a PHR vendor’s website such as an application that helps manage medication. A related entity is also one that offers certain PHR products or services through HIPAA-covered entities’ websites. An example of a PHR related entity would be one that provides online applications for connecting devices such as insulin and blood pressure monitors for transmittal to the record or tracks the results.3
  • Third party service provider: an entity that provides services to a PHR vendor in connection with the offering or maintenance of a PHR or to a PHR related entity in connection with a product or service offered by that entity, such as providing billing or data storage to a PHR vendor or related entity.

Notification Requirement Triggers.

The rule’s notification provisions are triggered when an individual’s unsecured PHR data maintained by a PHR vendor or related entity is discovered to have been acquired by a third party without the consent of the individual. A breach is deemed discovered at the point when any employee, officer or other agent of the PHR vendor knows or should reasonably have known that a breach occurred. Notice must be given to affected individuals without unreasonable delay and in any event no more than 60 days after discovery of the breach. Breaches involving 500 or more people require FTC notification

In addition, third party service providers must notify the PHR vendor or related entity for breaches arising from its products or services. Third party service providers must notify a senior official of the PHR vendor or related entity. In order for this notice to be effective its receipt must be acknowledged, after which the PHR vendor must notify affected individuals and the FTC, unless the vendor and the related entity or service provider have otherwise contracted.

Notification Time, Method and Content.

The time, method and content of notification of a breach are prescribed in the rule and may include notice to specified media outlets, posting on a vendor’s website, and even by e-mail. Breaches affecting 500 people or more require FTC within 10 business days of discovery and notice to the public through the media. The agency has a form posted on its website for submitting breach notices to the FTC. When breaches involve less than 500 people vendors may maintain a log of breaches occurring during the calendar year and submit the log to the agency at years’ end.

Business Consequences.

The rule could entail significant compliance costs. The FTC anticipates that the rule covers approximately 900 entities, including 200 PHR vendors, 500 related entities and some 200 third party service providers. It is also estimated that each of these entities will experience 11 breaches per year that may trigger the rule’s notification requirements.

The potential costs to covered entities could include significant compliance costs estimated by the FTC to exceed $1 million annually. These costs include: 1) determining what information was breached, 2) identifying affected individuals, 3) preparing the breach notices and 4) reporting the breach to the FTC. Other costs include those associated with notifying affected individuals and responding to their inquiries through various means, including a toll-free number set up by the responsible entity.

These costs could potentially deter innovation, particularly by small companies that develop applications, products and services for remote monitoring, storage, access and use of personal health data by patients, family and care providers, physicians and insurance companies. In addition, violators would be treated as having engaged in unfair or deceptive acts or practices in violation of the FTC Act4and could be subject to criminal or civil penalties. The rule could also affect contractual relationships created by a PHR’s terms of service agreement and users of the PHR product. For example, the rule could create uncertainties about contractual obligations or impose obligations that exceed existing ones.


The rule applies to breaches that occur after September 18, 2009 although the FTC has indicated that for the first 180 days it will exercise discretion enforcing it, after which all covered entities are expected to be in full compliance. It can be found at 16 CFR Part 318.

We are available to assist you in evaluating your current data security and breach detection procedures and to provide guidance about bringing those procedures into compliance with the new rule.

Please contact Karen Neuman at or Judith St. Ledger-Roty at to obtain additional information.

show more/less print this article Print all articles


FTC Delays Enforcement of "Red Flags" Rule Until November 1, 2009

July 2009

The Federal Trade Commission is delaying enforcement of its “Red Flags” Rule1 (issued on November 9, 2007) until November 1, 2009. The rule requires businesses and organizations that act as "creditors" within the meaning of the Fair and Accurate Credits Transactions Act to establish policies and procedures for detecting signs of potential identity theft, or “red flags” and responding accordingly, including notifying affected individuals.

The term "creditor" is defined broadly to include "any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of any original creditor who participates in the decision to extend, renew, or continue credit."2

Accordingly, the rule applies to entities as diverse as newspapers, lawyers, medical professionals, retailers that offer financing or process credit applications as well as “mom and pop” retailers that routinely bill in arrears for goods and services. Many entities that do not consider themselves creditors may be surprised to discover that they are covered under the rule. Companies should assess their business practices -- including their billing practices -- carefully to determine whether they are covered by the broad "creditor" definition.

Following numerous requests seeking exemption from the rule, the FTC initially delayed enforcement until May 1, 2009 as it sought to clarify which entities would be covered.

More recently, the American Bar Association filed suit in U.S. District Court for the District of Columbia to block enforcement of the rule, arguing in part that billing a client is not an extension of credit that turns every lawyer and law firm into a creditor. The ABA also contends that in applying the rule to lawyers the FTC failed to articulate a rational connection between the practice of law and identify theft.

Despite the FTC’s decision to delay enforcement of this rule and the federal court proceedings, businesses that provide services to their customers for which those customers are later billed should assess their current programs for detecting and responding to potential identity theft. While it is possible that very few businesses may obtain exemption from the rule, the majority of businesses that bill in arrears will be required to comply with its provisions.

We are ready to assist with assessing your business and billing practices to ascertain if you are a covered entity under the rule, evaluate your identify theft detection program for compliance with the rule, and provide guidance as needed to bring it into compliance.

For additional questions about FTC enforcement of the Red Flags rule please contact Karen Neuman at or Judith St. Ledger-Roty at or call Karen or Judith at 202.454.9401.

show more/less print this article Print all articles



Applications representing all 50 states, 5 territories and the District of Columbia sought broadband stimulus funds from the National Telecommunications Information Agency (NTIA) and Rural Utility service (RUS) in response to the July 1 2009 Notice of Funds Availability (NOFA) for broadband stimulus money available under the American Recovery and Reinvestment Act. Private and public entities with defined projects that proposed promoting multiuse functions, utilizing multi-sector, non-discriminatory, open networks that could be implemented on a “hurry up” basis were thought to be better positioned to qualify for and receive stimulus dollars under the NOFA’s rules. The type of partnership the rules seemed to encourage included collaborations between institutions of higher learning and other eligible entities that proposed integrating general end-user services through a variety of local stakeholder networks to provide opportunities for such services as distance learning, job training and telemedicine. Conversely, applicants that simply proposed a single use private network, such as one that interconnects schools to libraries, were unlikely to be approved.

This first NOFA appeared designed primarily to support projects in communities in the least served areas of rural America, with only limited opportunities for funding metropolitan areas with low-bandwidth service and low penetration (forty percent or less of households). Funds were available to support last mile and middle mile broadband infrastructure projects to “unserved” and “underserved.” Those terms were defined in the NOFA, as provided below. Funds were also available for public computer centers and broadband sustainability projects.

Given the short time frame for submitting applications in response to this NOFA (July 14-August14), the most competitive applications were those where rigorous market analysis, business planning and engineering were already well underway. Many potential applicants that were not very far along in the process decided to consider the risks and benefits of applying for funding in the subsequent rounds. We are available to undertake this analysis for entities considering seeking funding in the second or third rounds.

Summary of Key Provisions in First NOFA.

State and local governments, Native American tribes, nonprofit foundations, corporations and associations and private sector entities were eligible to apply. This approach was intended to encourage partnerships to expand to the greatest extent broadband capabilities and uses.

The agencies intended to award approximately $4 billion in this initial round of funding, for which applications were to be submitted between July 14 and August 14. NTIA intended to release 1.6 billion dollars in grants and RUS appropriate $2.4 billion for “last mile” and “middle mile” projects. NTIA grant recipients must provide a minimum of 20% in matching funds. Priority was to be given to projects that give end users a choice of providers: serve the highest proportion of rural residents that lack access to broadband service: were projects of current or former RUS borrowers; and were fully funded and ready to start once funding is received. The majority of the $2.4 billion released by RUS were in loan/grant combinations. 320 million dollars was held in reserve. Following an elaborate review process, described below, both agencies are slated to begin making awards on a rolling basis around November 7. Applications were required to include a legal opinion as to your ability to apply for funding. Five percent of the grant could be used to cover costs associated with preparing the application.


The NOFA defines the following key terms:

Broadband: a “terrestrial wireless or wireline connection that can deliver speeds of at least 768kb/s downstream and 200 kb/s upstream”. These speeds appear slow by today’s standards, reflecting a desire to make the process as least restrictive as possible, preserving the ability of a broad range of technologies and applicants to qualify. That said, preference will be given to higher-speed projects.

Unserved: one or more contiguous “census tracts” in which at least 90% of households lack broadband connectivity.

Underserved for last mile projects: areas where 50% of households or more lack broadband, where fewer than 40% of households subscribe to broadband, or where no service provider advertises broadband transmission speeds of at least 3 Mb/s. At least one of these factors must be met, although there is a presumption that more than one factor is present.

Underserved for middle mile projects: where “one interconnection point terminates in a proposed funded service area that qualifies as unserved or underserved for last mile projects.” Service areas are composed of one or more contiguous census blocks that meets the criteria for broadband service and advertised speeds.

The challenges posed by the granular census block designation was intended to 1) identify eligible areas without a definitive or authoritative source for this information, which is largely in the possession of incumbent broadband providers and, therefore, 2) surviving challenges by existing broadband providers who are able to .

The grant set asides for middle mile projects were intended to promote the extension of service in the last mile to a home by ensuring that the connection extends back to the local ISP through the network and then out to the Internet.

Non-discrimination and Interconnection Obligations: All applicants were required to adhere to the FCC’s Internet Policy Statement, and disclose proposed interconnection, nondiscrimination. Network management practices were also required to be disclosed in the applications. We expect these requirements to be included in subsequent NOFAs.

In addition to a commitment to an open, non-discriminatory network, applicants were evaluated on the proposed openness of the proposed network. Preference was given to applications that exceeded the minimum requirements for interconnection and nondiscrimination.

Evaluation/Award Process.

The first NOFA established an elaborate, two-step application process. The goal of the first step was to create a pool of viable applications for consideration. The goal of step two was to fully vet the submissions that made the cut in step one and identify the most highly qualified projects for final review and selection. The scoring systems for RUS and NTIA proposals differed and it was necessary for applicants to be familiar with each. Nevertheless, in each instance applicants were required to submit a system design and project timeline, certified by a professional engineer for any project seeking funds over $1 million. States were granted considerable influence over who would receive awards under the BTOP program by being able to provide a priority list and recommended projects, along with an explanation of whey selected proposals meet the greatest needs of that particular state.

There were a number of questions raised by the NOFA which the agencies tried to address on their websites, and in information meetings with potential applicants. Concerns remain about the programs’ scoring criteria, eligibility requirements, and even whether projects proposed in the future that differ from those that appeared to be competitive in the first round will be funded in the subsequent rounds. It is therefore anticipated that the rules will revised for the second and third rounds of funding, currently slated to commence in fall 2009, and may be broadened to support funding for urban and other projects. It is possible that one or both agencies will revise the rules in the first NOFA rules through rulemaking proceedings but so far there has been no announcement.

We remain available to interpret, analyze and clarify the forthcoming NOFAs, provide strategic guidance to help you prepare your application, and provide other legal or strategic review and support. We are also available to help prepare comments for filing and, in any event, arrange meetings with appropriate officials as necessary.

Please contact Karen L. Neuman at or Jeff Olson at to discuss how we can provide assistance with the application process for future funding rounds and related projects.

show more/less print this article Print all articles



On April 22, 2009, the Federal Trade Commission issued its long awaited report entitled “Beyond Voice: Mapping the Mobile Marketplace."1 The report summarizes a number of “Town Hall” sessions convened over a two day period to give regulators an opportunity for in-depth examination of topics relating to mobile or “M”-commerce and address specific consumer protection issues. The report also presents key staff findings and recommendations.

The Town Hall sessions examined the contours of the Domestic mobile marketplace, including: 1) factors affecting adoption of mobile applications; 2) commercial uses of mobile messaging and consumer protection issues raised by premium rate and unsolicited text messages; 3) the distinction between personal computers and mobile devices, and how the move from the former to the latter is creating both powerful tools and risks for consumers; 4) location-based technologies and services, and pertinent statutory, self-regulation and best practices for protecting related privacy concerns, as well as the challenge of providing meaningful notice and consent; 5) the current and future status of mobile advertising and marketing and related privacy concerns; 6) self-regulatory and legal constraints on mobile advertising targeting children; 7) best practices for evaluating complaints, dispute resolution and adequacy of disclosures about the cost of mobile services; and 8) security threats. Other topics addressed in the sessions included understanding the mobile ecosystem, and applications shaping modern mobile technology, as well as mechanisms for managing mobile devices, including accessibility controls and the ability of consumers to block or limit certain functions.

The Agency flagged three areas that might be ripe for regulation. They involve:

Disclosures about the cost of mobile service. The report notes that industry best practices often lack transparency and are poorly understood by consumers. The staff recommended improved education within the industry about these practices along with frequent monitoring for compliance purposes and to update knowledge of best practices.

Unwanted or harmful mobile text messages. The FTC will continue working with law enforcement to monitor unwanted mobile text messages, malware and spyware. The FTC admonished that multiple players in the mobile ecosystem, including carriers, manufacturers, software providers as well as users bear responsibility for the security of personal information in their handsets.

Privacy challenges related to children’s use of smart phones for Internet access. The report identifies several areas of concern involving the use of mobile devices by children, including functionality for limiting their ability to make purchases, the use of mobile devices for cyber-bullying, and ways to limit classroom disruption by mobile devices. The FTC also announced that it will expedite the regulatory review of the Children’s Online Privacy Protection Rule2 to ascertain whether it should modified to address rapid changes in the mobile marketplace. This review was originally slated for 2015, but will now commence in 2010 with opportunity for extensive public comment.

As with the agency’s behavioral advertising proceeding,3 this report sends a strong signal that the FTC will closely monitor consumer protection, including security, privacy, and the business practices of carriers, applications and device manufacturers, and other entities operating in the mobile marketplace. It is very likely that the ubiquity of mobile computing and communications in all aspects of social, economic, individual and political life will result in increased demand for legislation and/or regulation. Accordingly, mobile service providers, device and applications manufacturers, and content providers should continuously monitor industry best practices in the areas that are the topic of this report to ensure that their privacy policies are in compliance with industry best practices, applicable FTC principles, and even potentially applicable regulations promulgated by other agencies.4

We are available to assist you in reviewing your privacy policies and data security programs for compliance with the principles set forth in this report as well as applicable industry best practices. We are also available to monitor further developments at the FTC that could affect companies offering mobile services, applications and devices as well as related proceedings at the FCC, and to provide counsel companies about appropriate future compliance measures.

For additional information please contact Karen Neuman at or Judith St. Ledger-Roty at .

show more/less print this article Print all articles