Twitter Defamation Case Gets Tossed - But Concerns Remain

Posted on January 26, 2010 by N. Kane Bennett

In a previous post, I linked to a story about a tenant who was sued for libel after posting an allegedly disparaging comment on Twitter about her apartment. The Twitter lawsuit was a hot topic on the internet for some time.   Many commentators believed it was only a matter of time before Twitter resulted in a damage award for libel.  Not so in this case.   A Chicago judge has tossed out the lawsuit.  Reports indicate that the Judge made a specific finding that the "tweet was nonactionable as a matter of law."   

In this case,  the tenant made a Twitter post that her apartment was moldy.  Before bringing the suit, the landlord might have considered how many people actually read the Tweet.  My guess is probably a few hundred at best.  After the lawsuit was filed, millions read about it.  At the time of the lawsuit, the landlord company issued a statement saying "we're a sue first, ask questions later kind of organization."   That is not a wise strategy in general, but in particular when it comes to an Internet defamation case.   Anything involving a lawsuit and social networking has a good chance of being picked up in the media and in various places on the Internet. 

The Chicago court's ruling that the statement on Twitter failed to meet the standard for defamation seems correct if you consider Connecticut's defamation standard, which is similar.  The takeaway here is that not every negative statement qualifies as a defamatory statement.  This does not mean a post on Twitter cannot constitute defamation.  In fact, Twitter postings remain fair game for defamation suits, and we are likely to see more of these claims. 

 

  

Tags: , , , , ,

Firestorm Over Whether Bysiewicz Legally Qualified To Be Connecticut Attorney General

Posted on January 14, 2010 by N. Kane Bennett

As many of us know, the Connecticut Attorney General, Richard Blumenthal, is stepping down and running for Chris Dodd's U.S. Senate seat. Several candidates have stepped forward indicating that they are going to run for Attorney General.   The Connecticut Attorney General has a significant impact on businesses in this state.  For one thing, the Attorney General often brings lawsuits to protect businesses and consumers related to unfair trade practices.  For example, within the last few days,  Attorney General Blumenthal filed a lawsuit on behalf of over 400,000 Connecticut residents related to the Health Net data breach.  The old saying in legal circles is that the Attorney General runs the largest law firm in the state. 

Secretary of State Susan Bysiewicz is one of the candidates running for Attorney General.  Ryan McKeen, at A Connecticut Law Blog, has a very interesting post today about whether Susan Bysiewicz has the legal resume to meet the statutory qualifications to be elected Attorney General based on needing 10 years in "active" law practice.  The media has jumped on his blog post and there are several reports on it already in the news.     The Bysiewicz campaign has responded and claims that she is qualified despite only six years of practice in the state based on her years of "supervising" attorneys at the Secretary of State's office.   Now that the issue has been joined, everyone is waiting for Ryan to respond, including me. 

Tags: , , , ,

Class Action Lawsuit Filed In Connectiut Against AT&T Over Internet Access Tax

Posted on January 14, 2010 by N. Kane Bennett

On January 11, 2010, a class action lawsuit (download here) was filed against AT&T alleging that it improperly charged sales tax to access the Internet in violation of Connecticut law and the Internet Tax Freedom Act.

The case was brought on behalf of David Rock who subscribed with AT&T for a "wireless data plan that permits access to the Internet by radio device."  The plan permits Internet access remotely by computer or smartphone, such as an iPhone or BlackBerry.

The complaint alleges improper charges from AT&T for state and local sales taxes on internet access on monthly bills.  The complaint is based in part on Connecticut General Statutes 12-407(a)(26)(A) which excludes Internet access from the state's sales tax on telecommunications.  The Internet Tax Freedom Act also prohibits taxes on Internet access.  The complaint alleges thousands of potential members for the class in Connecticut.  The complaint alleges breach of contract and violation of Connecticut's Unfair Trade Practices Act.

Nate Anderson of ars technica reported on several identical lawsuits filed in Georgia, Indiana, and Alabama over the last month.  Mr. Anderson reported that the same lawyers where behind the multiple filings.  In a Hartford Courtant article today by Matthew Sturdevant, the attorney for Mr. Rock,Michael Koskoff, noted that perhaps a dozen similar suits will be filed in various states.

Mr. Anderson made a humorous comment that all the complaints in the Georgia, Indiana, and Alabama cases have the same typo or misuse of the word  "I-Phone" rather than iPhone.  The complaint in the Connecticut case has the same misuse of "I-Phone."  So, either there is some cooperation nationwide on the plaintiff side on the content of the complaints or perhaps none of the lawyers involved own iPhones.   

In any event, these cases will be interesting to track as all of the lawyers involved on the consumer side have significant experience in class action lawsuits, including against telecom providers.  I also agree with Mr. Anderson that the actual definitions of "sales tax" and "Internet access" might seem simple enough, but can actually be quite complicated.  I expect AT&T will make use of those complications. 

 

Tags: , , , , , , , ,

Don't Get Rocked like RockYou - - Protect Your Customers' Personal Information

Posted on January 5, 2010 by N. Kane Bennett

A recently filed class action lawsuit (download complaint) against RockYou highlights the very real threats to businesses related to hackers stealing customer data also known as personally identifiable information (PII).

According to the complaint filed in federal court in San Francisco, RockYou is a publisher and developer of popular online applications and services for use with social networking sites such as Facebook and MySpace.  RockYou allegedly exposed 32 million of its users to identity theft by failing to encrypt or otherwise protect email account information and passwords.  The suit alleges violations of California Civil Code, breach of contract, and negligence.

 Jason Remillard of Web Host Industry Review provided a detailed post on the lawsuit noting that RockYou may face more difficulties than expected because RockYou is a "launchpad type of service, that hold credentials for other services (myspace, facebook, etc)..."  As such,  RockYou may face liability for data exposures across other platforms. 

Mr. Remillard notes that he has been warning site owners about the risks of holding PII information of consumers.  I agree with Mr. Remillard that avoiding storage of such personal data  in the first place is often the best way to prevent liability exposure for both loss of data and a security breach.  If a business must store PII in its systems then a data loss and security plan must be in place to protect the data.  In prior posts, I offer some suggestions and tips for Connecticut business owners that have sensitive data or store PII of its customers.

Dave Kravets of Wired.com offers some more details about RockYou's alleged security failures that apparently resulted from the same common vulnerability exploited by hackers in the cases of Hannaford Brothers, 7-Eleven and Heartland Payment System.  The vulnerability results from RockYou's SQL database,which relates to the actual storage method and management of millions of email accounts and passwords.  The complaint against RockYou alleges that the prior well publicized flaws in SQL should have been addressed with readily available protection measures.

Brennon Slattery of PCworld wrote about the security breach and compared RockYou's security system to storing passwords and emails on sticky notes.  He noted that RockYou stored the information in plain text words.  In other words, once the hacker got inside RockYou's system, the passwords and email accounts were easy to read like sticky notes because there was no encryption of the text. 

RockYou has issued a statement explaining the breach and intends to defend the lawsuit. RockYou also has implemented new steps to avoid future breaches including implementation of encryption for all passwords.  Encryption is the method used to make the passwords unreadable once the hacker gains access to the system. 

The RockYou case is another example of the increasing number of data loss and security lawsuits and should serve as a reminder to any business that stores PII to implement a data loss and security plan. 

 

Tags: , , , , , , , , , , ,