IMDb Sued for Age Disclosure

An unidentified actress has sued Amazon because IMDb, the motion picture industry database owned by Amazon, revealed the actress’s birth date, showing that she is over 40 years old.  The actress–“a Texas resident of Asian descent”–created the profile without her birth date in IMDb Pro, a service created for industry professionals.  According to the lawsuit she filed in federal court in Seattle IMDb used other personal information she provided “to uncover her date of birth” and add it to her profile, “revealing to the public that Plaintiff is many years older than she looks.” Amazon says it obtained the actress’s age from her agent.  The actress denies this assertion.

The article doesn’t specify the specific claim the lawsuit asserts.  The facts don’t support a claim for public disclosure of private facts–her age would likely be considered newsworthy. It appears her claim is that IMDb violated its terms of service by using her personal information for purposes she did not authorize, but the article doesn’t point to any specific TOS provision that addresses the site’s use of personal information.

Today’s Amazon Special: Flip-Flops has taken brief, Kerry-esque, we-were-for-it-until-we-were-against-it stands on recent controversies.

  • That’s What Pedophilia Means? A month ago received heat for selling The Pedophile’s Guide to Love and Pleasure: a Child-lover’s Code of Conduct, a self-published rulebook by the self-appointed Mr. Manners of pedophilia. defended its right to sell–and purchasers’ right to purchase–books on controversial topics.  “Amazon believes it is censorship not to sell certain books simply because we or others believe their message is objectionable.  Amazon does not support or promote hatred or criminal acts, however, we do support the right of every individual to make their own purchasing decisions.” should have added “we will continue to support this right for 24 hours or until we cave to customer pressure, whichever occurs first.”  One day later it pulled the book–figuratively, of course, and without comment–from its electronic shelves. I am mildly critical of its decision not to sell the book. The First Amendment protects the book’s content, repellent as it may be, but’s mission is selling stuff, not defending First Amendment rights.  On a continuum of American values is closer to Wal-Mart and Sears than Feisty Independent Urban Bookstore.  My values are not Wal-Martian (pronounced “mar-tee-an”, nor “marshan”) but I respect that Wal-Mart would have known it’s opposition to the Pedophile’s Guide from jump. should have known more of its customers would howl in protest than applaud its courage.  It should have known that however heady the experience of staunchly defending the Bill of Rights, defiance in the face of threatened boycotts is not in its corporate DNA.  Better to be honest and say “we sell so much stuff that inappropriate content sometimes gets through our filters. We respect the First Amendment but we respect our customers’ patronage more.  We screwed up and we’re pulling the book.  Be aware it is likely to happen again, because we sell so much stuff that we can’t monitor all of it.”
  • We’re Hosting That WikiLeaks? Hackers targeted WikiLeaks after its release of hundreds of thousands of classified U.S. diplomatic documents.  Last week WikiLeaks moved its server operations to which, in addition to selling lots of stuff, hosts other websites, offering them the same robust protection from DDoS attacks and other hacker misanthropy that it provides itself.  A few days later Connecticut Senator Joseph Lieberman called Amazon with pointed questions about hosting WikiLeaks on its cloud servers.  A day later, denying Lieberman’s criticism was the cause, terminated WikiLeaks’ hosting account.  Why?  Because WikiLeaks’ was violating’s Terms of Service by providing access to content–the diplomatic cables–that violated a third-party’s rights to the content. This was not a late-breaking development in the WikiLeaks story. It moved its hosting to because it wanted protection from DDoS attacks directed at WikiLeaks in retaliation for its release of the cables.  A cynic might believe that WikiLeaks played like a cheap harmonica, knowing its penchant for waffling would result in throwing WikiLeaks back into the cold, cruel world only days after offering shelter.*

*Which makes me wonder if WikiLeaks founder/face/czar Julian Assange has a Christ complex.  But that’s a topic for another post.

More Sales Tax News

Something I’ve been predicting in Internet law for at least five years is happening.  (Predict something long enough and you may eventually be correct.  A friend put all of his money into cash after predicting the market’s collapse.  In 1995.)   A March 18th WSJ article titled States Pressure E-Tailers to Collect Sales Tax reports on the number of states looking to collect taxes Internet sales.  The opportunity is there:  the article notes a University of Tennessee study estimating “that uncollected Internet sales taxes would cost state and local governments more than $11 billion a year by 2012.”   In addition to Colorado, noted in the prior post, and New York, which in 2008 amended its tax laws to target Amazon and similar retailers, North Carolina, Rhode Island, Maryland, and Connecticut have passed or are considering passing laws to capture taxes on sales to out-of-state retailers.  The article quotes Amazon, which objects to the complexity of piecemeal state-by-state legislation:  “We aren’t opposed to collecting sales tax within a constitutionally permissible system applied even-handedly.”  Amazon reportedly favors the Streamlined Sales Tax Project (see

Sales Tax News

Colorado recently amended its tax law to require Internet retailers to collect sales tax on sales to Colorado residents or give the state information about such sales so the state can collect use taxes from purchasers.  Amazon responded by canceling its relationships with all Colorado-based participants in its associates program:  “As a result of the new law we have decided to stop advertising through associates based in Colorado.”  Unlike other states that have changed its sales tax laws to target Internet sales, Colorado did not characterize a retailer’s relationships with affiliates as a nexus, the legal trigger for an out-of-state retailer to collect taxes on in-state sales..  Severing relationships with them does not change Amazon’s responsibility to collect and remit sales taxes or track and remit sales information, leading some to characterize it’s action as a “political maneuver:”  “‘This action to fire business associates as retaliation amounts to corporate bullying,’ said Alec Harris, an economist with the nonpartisan Colorado Fiscal Policy Institute in Denver. ‘Firing these guys is a huge political statement and a pretty rough one—but it doesn’t change [Amazon’s] legal obligation under this bill.'”  Amazon described the regulations as “burdensome,” unlike those enacted by other states, and “clearly intended to increase the compliance burden to a point where online retailers will be induced to ‘voluntarily’ collect Colorado sales tax—a course we won’t take.”  According to the linked Wall Street Journal article, Amazon’s Colorado affiliates earned about $37.5 million from Amazon-affiliated sales in 2007.

Music Industry Updates

The music industry generated some news while was hobbling.

The RIAA announced that it is dropping its campaign of mass lawsuits.  The RIAA has filed copyright infringement lawsuits against over 35,000 people in the past five years for allegedly pirating copyrighted songs, a fact most college students know well.   Most suits were settled for between $3,000-$5,000, a significant sum for many of those sued but I would be surprised if the RIAA netted much money for its members after the cost of filing and administering the lawsuits.  The suits may have deterred some individuals from pirating copyrighted music–e.g., a lawyer-turned-college-professor with financial assets and a professional reputation to protect–but did not put a dent in the amount of piracy.  The RIAA’s new strategy is to enlist the support of ISPs who agree to tighten the screws on users the RIAA identifies as distributors of copyright-protected files.  Cooperating ISPs will forward RIAA-generated cease-and-desist letters to their offending users.  If a targeted continues to make copyrighted songs available for downloading “they will get one or two more emails, perhaps accompanied by slower service from the provider. Finally, the ISP may cut off their access altogether.” (Sarah McBride and Ethan Smith, “Music Industry to Abandon Mass Suits,”  The Wall Street Journal, 19-Dec-08)  The RIAA is not dropping pending lawsuits and may continue to sue high-volume individual file-sharers.  The WSJ’s law blog speculates the RIAA’s problematic lawsuit against Jammie Thomas was central to its change of strategy.  That’s the case in which the jury awarded the RIAA over $220,000 in damages for Thomas’s piracy, and the trial judge decided a few months later than his instructions to the jury were wrong.  He had told the jury that making copyright-protected songs available in a shared folder constituted copyright infringement.  He reconsidered his instructions after other court rulings undermined the “making available” theory, holding that the RIAA must prove  copyright protected songs were actually copied to establish copyright infringement.

Involving ISPs in an enforcement role is potentially quite effective, if enough ISPs join the effort.  A former student articulated this very concept in 2002.  After graduation he developed monitoring software and a business plan to implement the concept and wooed the RIAA and ISPs to its merits, without success.  He was a half-decade ahead of his time. Alert readers will note that the RIAA’s ISP initiative targets distributors, not downloaders; it appears that free-riders–those who take without giving–will continue to fly under RIAA radar.

Yesterday Apple announced two significant changes in the iTunes st0re, multi-tier pricing and DRM-free music.  The record labels have wanted iTunes to drop the flat $.99/song price model in favor of pricing that reflects a song’s popularity.  Now iTunes will sell songs for $.69, $.99, or $1.29; in exchange the record labels agreed that songs sold on iTunes will be free of digital rights management limits on copying and use on multiple computers.  These changes bring  iTunes in line with the Amazon’s MP3 store.

More NY Sales Tax News

I’ve noted recently (here and here) that New York changed its law to require out-of-state Internet retailers that receive customer referrals from in-state business to collect and remit NY sales taxes on transactions with New York residents. The law went into effect on Sunday June 1 and the NY Times reports that Amazon, among other online sellers, began collecting the tax on that day while it continues to press its legal challenge to the new law., which severed its relationships with 3,400 NY affiliates in response to the law, on Monday filed its own challenge to the law in New York state court, seeking to enjoin the law pending resolution of the legal issues.

Amazon Challenges “Amazon Tax”

Amazon has filed a lawsuit in a New York state trial court challenging New York’s recent law requiring Internet retailers to collect and remit sales taxes on sales to New York residents. According to an article in today’s NY Times the New York law redefines the nexus–the in-state presence–required for an out-of-state retailer to be liable for collecting and remitting sales taxes by “includ[ing] any Web site based in the state that earns a referral fee for sending customers to an online retailer.” In other words those New York-based websites that link to Amazon’s goods create the 21st century equivalent to a sales force traveling the hinterlands to drum up sales. The Times article reports that Amazon is challenging the constitutionality of the law, presumably on due process and commerce clause grounds but also as a violation of the 14h Amendment’s equal protection clause. Its complaint alleges that the law is known as the “Amazon Tax” and” was carefully crafted to increase state tax revenues by forcing Amazon to collect sales and use taxes.”


Maybe Mark Zuckerberg’s youth–he’s 23–explains Facebook’s ham-fisted schemes to weave its users’ personal information into skeins of gold. I don’t believe his purposes are nefarious. As Facebook Beacon and Facebook Social Ads show, he does have a knack for letting dollar signs get ahead of his judgment. He is developing a skill for reversing field when what looked like a great idea around the boardroom table runs into the buzzsaw of user opinion.

First a recap. A few weeks ago Facebook announced Facebook Beacon, “a new way to socially distribute information on Facebook.”

The websites participating in Beacon can determine the most relevant and appropriate set of actions from their sites that users can distribute on Facebook. These actions can include posting an item for sale, completing a purchase, scoring a high score in an online game or viewing of video. When users who are logged into Facebook visit a participating site, they receive a prompt asking whether to they want to share those activities with their friends on Facebook. If they do, those friends can now view those actions through News Feed or Mini-Feed stories.

In other words, if a Facebook user lists items for sale on eBay or buys a movie ticket on Fandango, a pop-up asks whether the user wants to share this news–and on Facebook this is considered news–with their Facebook friends. The breathtaking narcissism of such newsy updates aside, Facebook Beacon takes a giant step towards a future when we will all be defined by the commercial value of our online data trail. Facebook stated “[i]n keeping with Facebook’s philosophy of user control, Facebook Beacon provides advanced privacy controls so Facebook users can decide whether to distribute specific actions from participating sites with their friends.” However, those “advanced privacy controls” are less assuring than promised. Yesterday a student and I read through Facebook’s user agreement and privacy policies to see whether one could elect not to participate in Facebook Beacon, other than by not using Facebook. Users can elect not to distribute to friends news of specific transactions, but to date there is no one-stop mechanism to opt-out entirely.

Facebook Social Ads are another part of the story. They “leverage the power of Facebook News Feed by serving relevant stories about friends engaging with your business.” Here’s how Facebook pitches them to businesses:

Reach the right people.

Instead of creating an advertisement and hoping that it reaches the right customers, you can create a Facebook Social Ad and target it precisely to the audience you choose. The ads can also be shown to users whose friends have recently engaged with your Facebook Page or engaged with your website through Facebook Beacon. Social Ads are more likely to influence users when they appear next to a story about a friend’s interaction with your business.

The concept is brilliant–every Facebook user can, through association with purchases, downloads, ratings, and other digital flotsam, become his or her own brand. Facebook “friends” (which should always be in quotes in this context) could follow my data trail and decide “my father is sort of like Professor Randall, so maybe he’d like a pound of Malabar Gold Espresso, No Country for Old Men (the book, not the movie–he’s old school, remember), and Lindsay Mac’s Small Revolution for his birthday.” Or, back in the real world, cool hunters will track young fashionistas to decrease the lag between cutting edge and The Gap. Clickstream data, just laying around waiting to be turned into skeins of gold.

Brilliant. Except for the backlash.

Facebook: What Would Google Do?: There is something astoundingly tone deaf about how Facebook has handled its recent advertising initiatives. Mr. Zuckerberg is right: there are lots of people who would find it cool to tell the world what movies they just rented and even what color socks they just bought. But they’ve got to know that others would find this intrusive. And they couldn’t have picked a worse way to implement the Beacon system first: automatically telling your friends everything you did on participating sites unless you found and pushed a button to cancel the disclosure. (This timeline shows how hard it was at first to figure out what was going on.)

Are Facebook’s Social Ads Illegal?: There is at least one problem with this idea: It may be illegal under a 100-year-old New York privacy law. The statute says that “any person whose name, portrait, picture, or voice is used within this state for advertising purposes or for the purposes of trade without the written consent first obtained” can sue for damages. Moreover, such a use is also a criminal misdemeanor.

MoveOn Launches Privacy Campaign Against Facebook Social Ads: Calling Facebook’s new Social Ads strategy an invasion of privacy, is asking Facebook members to sign a petition against the social network’s new ad plan.

Facebook’s “Fan-sumers:” Do Social Ads Violate Users’ Privacy?: [Law professor and privacy expert Daniel Solove] noted on his blog, “Facebook . . . assumes that if people rate products highly or write good things about a product then they consent to being used in an advertisement for it. Facebook doesn’t understand that privacy amounts to much more than keeping secrets — it involves controlling accessibility to personal data.”

Zuckerberg isn’t stupid, just surrounded by true believers who can’t view Facebook from outside the bubble. After ten thousand slaps upside the head Facebook has made Social Ads opt-in rather than opt-out. Under Pressure, Facebook Modifies Social Ads Program: “As of late Thursday, Facebook users must now proactively consent to alert friends whenever they take various actions, such as renting a DVD or purchasing a pair of sneakers . . . Now, as part of the changes enacted on Nov. 29, consumers who make such purchases will receive notices that Facebook intends to inform others about their actions—but only if they approve by clicking an “OK” button.” Problem handled, until the next wrong-footed product roll-out.

E-Commerce Top Ten

The Software Information and Industry Association (SIIA) announced the Ten Most Significant eCommerce Developments of the Past Decade. They are:

  1. Google (Sept. 1998)
  2. Broadband Penetration of US Internet Users Reaches 50% (June 2004)
  3. eBay Auctions (Launched Sept. 1997)
  4. (IPO May 1997)
  5. Google Ad Words (2000)
  6. Open Standards (HTML 4.0 released – 1997)
  7. Wi-Fi (802.11 launched – 1997)
  8. User-Generated Content (YouTube 2005)
  9. iTunes (2001)
  10. BlackBerry (1999)

I’ve used, utilized, or relied on all in the past month, so I can’t argue much with the list. (At first glance I omitted Blackberry from this statement until I remembered that Randy did Google searches on his Blackberry to settle disputes during the bike trip.) What I’d like to see at #11: standardized spelling for eCommerce e-Commerce E-Commerce.

Whose Data Is It, Anyway?

Bruce Schneier is the founder of Counterpane Security and writes extensively about all manner of security issues. Last night after posting Privacy Calls I read an article he wrote last month titled Facebook and Data Control, about September’s Facebook news feed controversy (mentioned on my blog post Losing Face(book)?). He makes the point that information privacy–the privacy of the “bits of ourselves we leave at every step“–is about “who you choose to disclose information to, how, and for what purpose.” “People are willing to share all types of information,” he says, “as long as they are in control.” Facebook’s mistake was rolling out its news feed feature, by which Facebook users receive “news” about their friends (“Amy Lee and Jason Smith are now friends” “Marty Fisher joined the group I Wish I Lived in Phoenix“) when they log on, with the default choice being that all changes to a user’s profile were fodder for news feeds. Users protested swiftly and Facebook changed the feature to allow users to choose the information they share. They can, for example, let their friends know automatically when they add a friend but opt out of sharing changes in relationship status.

Schneier points out that Facebook’s privacy policy allows it to change the policy whenever it wants. Facebook states that it collects certain “personal data [users] knowingly choose to disclose . . . and website use information collected by us as [users] interact with our web site.” Facebook Privacy Policy, The Information We Collect. The inherent issue in my Privacy Calls post, which Schneier states explicitly, is that we believe we own their personal information, our transactional data. Say I purchase Schneier’s book Beyond Fear from with my credit card and have it shipped by FedEx to my home. I initiated and executed the transaction and seemingly should have control its details, but I don’t.

Those details have little value by themselves. I could choose to execute the transaction in manner that leaves no data bits behind by purchasing the book for cash at a local bookseller. That takes more time and I don’t get the frequent flyer points. I opt for convenience and in exchange relinquish practical control over transactional details to others for whom they have value. They may not have value individually, but they acquire value when aggregated with other transactions by zip code or age or sex or income or education or tv-watching habits or other attributes. The digital processing of transactions, the sheer volume of information that can be collected from the tracks we leave on the Internet, the low cost of creating and maintaining databases, all make such personal data incredibly valuable–to those who collect it, sell it, and use it.

I’ll finish on the same note as the previous post, with Schneier’s words:  “if [Facebook users] think they have control over their data, they’re only deluding themselves.”