Wednesday, May 8, 2013

Internet Tax Gets One Step Closer To Reality

This is a follow up post for new updates on Internet Sales Tax collection. 

As noted by USA Today - - the Senate has passed the Marketplace Fairness Act and it now awaits a vote in the house, which if passed will then go to President Obama for signature into law. 

The high level details suggest there is minimal to no impact to small shops. However, if you do over 1 million in sales each year, you will have to start collecting sales tax, as applicable to each customer in the various states they reside. 

The amount of infrastructure and development necessary may be difficult to justify for smaller vendors that rely on thin margins to survive. 

More information and an analysis of the law will be completed if passed and signed into law In the coming weeks.  

Wednesday, April 17, 2013

IRS May Want to Peak at Your E-mail

In a recent CNET article, it was noted that the IRS believes that during a tax investigation, it should have warrantless access to your e-mails. The IRS appears to think that there is generally no privacy right with respect to e-mail. Despite a 2010 Federal Case ruling in U.S. v. Warshak that requires warrants to access e-mails, the IRS still appears to hold its position.

In addition to case law, legislation is currently being discussed in Congress to specifically require warrants to access e-mails. Accordingly, the general consensus is the same and the IRS should take note...

Friday, April 12, 2013

CISPA Passes House Committee Vote

Cybersecurity bills and laws are on the rise. As noted in a recent article from, Congress is on the move to try to enact some legislation that impacts the Internet and your privacy.

CISPA - the Cyber Intelligence Sharing and Protection Act - is not new. It was introduced last year and never cleared the Senate and was threatened to be vetoed by the White House if it did. Privacy advocates fought hard against it.

In this new version, there have been several amendments to try to appease companies and privacy advocates. For instance, one amendment extends liability protection from legal action to any company that complies with the law to share threat data with the government. Another amendment requires the government to strip any data of personally identifiable information. This would help to alleviate some privacy concerns and goes a step forward from the last version which initially required companies to strip that information before providing such data to the government.

Although privacy advocates have not fully supported this bill as of yet, it appears as though a few more tweaks may get them on board, or at least a chance of a vote in Congress that could lead to approval at the White House.

Wednesday, March 20, 2013

27 Year Old Law Regulating Electronic Communications Needs Updating

The Electronic Communications Privacy Act (ECPA) (18 U.S.C. §§ 2510–2522) was drafted in 1986, well before the iPhone and widespread usage of e-mail. So, it's encouraging that Congress has finally started to discuss updates to the ECPA to modernize its usage.

One hot topic that needs updating is the ability for government investigators to access your e-mail messages. According to the ECPA, as it currently reads, email messages in the gmail, yahoo mail, hotmail, and/or other third party e-mail service you use could be turned over by your service provider in response to a subpoena.

The threshold to obtain a subpoena does not typically involve a judge. Accordingly, it is relatively easy to obtain. However, in an effort to protect users, e-mail service providers have started to push back on responding to subpoenas that are seeking their users' e-mail messages.  As a result, lawmakers are now discussing with Google, the Justice Department, and others about this procedure.

The key issue is the different procedure required for physical documents in your office and/or electronic documents on the hard drive of your computer versus your e-mail messages. The documents require a search warrant, not just a subpoena. In accordance with the 4th Amendment, "no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Accordingly, search warrants have a much higher threshold than a subpoena, which does not require probable cause.

With privacy advocates in favor of the more stringent requirements and Congress focusing in on the issue, we may see changes and updates this year to finally come in line with the 21st century.

Tuesday, March 12, 2013

Direct to Consumer Online Sales Limitation in India

If you are an online enterprise in the United States that sells goods directly to consumers and are looking for a new market, you may need to skip India for the time being. Based on current regulations, as noted in a recent article on ZDnet, any foreign company and/or local Indian company with foreign investment that advertises goods for sale cannot sell directly to the consumer. Instead, the foreign company will need to direct users to local Indian establishments and/or other online sites that are operated by an Indian entity (without foreign investment) that sells such goods.

Although and possibly other organizations are working with the Indian government to change those laws, it may be a long while before there is any movement. With good reason to protect local businesses and their competitive edge, it would not make sense to allow foreign companies to sell goods directly to consumers online.

The lack of any physical presence for an online retailer results in low overhead and lower costs to be overly competitive and possibly detrimental to smaller local businesses. However, given the size of most online retailers going global, it is typical that they build large distribution centers and create many jobs overseas. So, if there are required offsets to account for the possible detriment, there may be some leverage that could make everyone happy.

Thursday, March 7, 2013

Cell Phone Unlocking

If your cell phone contract just expired and you are now month to month and 'free' to switch to another provider, it may be as easy as a phone call to your current provider to request your phone to be unlocked. If you are not out of contract but want to switch providers OR are travelling internationally and intend to use the phone on a different carrier network for a period of time, beware of possible copyright infringement liability if you try to unlock the phone yourself.

As a result of inaction by the Library of Congress to extend an exemption, as of January 26, 2013, unlocking a phone on your own is illegal. However, on March 4, 2013, the White House issued a statement that they have taken note of this inconvenience and is asking Congress to take action for the benefit of cell phone users nationwide. The FCC may also issue some regulatory action to preserve the prior exemption until new laws are in place.

Although cell phone providers indicate it should not be difficult for a user to contact them and ask for an unlock, as most consumers know, the wait times for customer support and/or endless transfers from one representative to another is time consuming. Furthermore, not all physical store locations are convenient, nor are the available when travelling internationally. The convenience factor is huge and should not impose any hardship on the cell phone provider, except for the chance to talk to you to change your mind - if you are leaving their service.

Wednesday, February 27, 2013

Copyright Alert System - Six Strikes System

If you are notorious for downloading movies, music, games, books . . . your ISP may be contacting you soon. As this is not as threatening as receiving a cease and desist letter, or even a lawsuit, from a major studio or publisher, this may be a good thing.

In an effort to decrease litigation and increase education, certain ISPs look to give users several chances to understand and correct any possible illegal behavior, before possibly being sued.

As noted in the Verge article, once a copyright owner identifies an IP Address of a user that is hosting content without permission, they will alert the ISP. It will then be up to the ISP to determine how to proceed with alerting the user, at the IP Address provided, to educate them on the possible inappropriate behavior and/or impair their services for a period of time.

If the ISP is contacted about a specific IP Address six times, thus the 'six strike system,' the ISP may forgo further alerts and may warn the user that a content owner may pursue legal action and that the ISP may be forced to reveal the user's contact information.

To the extent a user does reach the 'six strike' mark, the content owner will be in a much better position to suggest to the court that the user was well aware of their activity and failed to correct their behavior. Accordingly, if it gets to that stage, the user may have a tougher time to defend themselves by saying 'they didn't know what was going on.'

Overall, the education angle should help reduce any inappropriate behavior and hopefully save a lot of legal fees.

Friday, February 22, 2013

Nevada Online Poker Bill

As an update to the prior post, Nevada has just passed an online poker bill. The limitation to just poker helps to ensure land based casinos are not competing entirely with online casinos. Also, with foreign countries having years of experience with online poker, Nevada has had time to study the fraud and identity theft protection, age verification and geolocation technologies utilized to help with regulations.

Monday, February 18, 2013

Gambling Online in the U.S.

Currently, it may not be practical to develop a website based solely in the U.S. to take bets from users in foreign countries, nor base a website overseas and take bets from all U.S. patrons. However, in the past year, certain states, such as Delaware and Nevada, have moved forward with their own online gambling proposals for users within their own state.

As this provides opportunity for Zynga and other online gambling websites based within those states, to keep gambling within those borders, there is a new opportunity for individuals to gamble legally from within their own homes - in those particular states. Also, it permits new tax revenue for the states that implement the rules and regulations needed to permit such gambling.

Federal law does not permit cross border transactions for gambling within the U.S. at this time, however, certain states have taken a 2011 ruling from the Justice Department in to move forward with online gambling within its own border. Accordingly, it may be a while before we see anyone making a legal wager from a bungalow in Hawaii.

For now, the opportunities are near for the launch of the first legal gambling website online and it may not be a surprise that 2013 turns out to be the year. For some users in Delaware or Nevada, as well as state budgets and possibly several other states following close behind, they may be hitting the jackpot soon!

Thursday, February 7, 2013

Online Merchants May Collect Personal Information for Credit Card Transactions

When going through the check out line with your online shopping cart full of downloadable products, you may find yourself revealing more than just the numbers and information on the face of your credit card.

In Apple, Inc. v. Superior Court, Case No. S199384 (Cal. Feb. 4, 2013), Apple successfully argued that it was necessary to obtain the address and phone number for any user using a credit card to purchase a downloadable product from iTunes.

Although this case does not address purchases of physical goods / non-downloadable products, it has a large impact on a user's daily interaction with online merchants.

Privacy advocates may argue that there is no difference between a brick and mortar business and an online business and that both businesses should be subject to the same restrictions on collecting personally identifiable information ("PII"). Specifically, under the Song-Beverly Credit Card Act of 1971, Cal. Civ. Code § 1747.08, brick and mortar businesses may not collect PII during a credit card transaction (e.g. Zip Codes - see Pineda v. Williams-. Sonoma Stores, Inc., 51 Cal. 4th 524 (2011)).

Accordingly, given this discrepancy, the court, and possibly the public, may call upon state lawmakers to fix the loophole and uphold the privacy rights of individuals in online stores, as well as offline, without exceptions.

Tuesday, January 29, 2013

App Privacy on Mobile Smart Phones

At what point do you realize that you have become a global company? Most likely when you start to get complaints, inquiries, and/or investigations from international users and/or governments.

In WhatsApp's case, as noted at, Canadian and Dutch authorities are investigating this Santa Clara based company's privacy practices, as it relates to the use of their app on smart phones.

Specifically, the authorities are questioning WhatsApp's ability to extract all contact information from a client's phone, regardless of whether the contact is a user of the WhatsApp product or not.

WhatsApp appears to have taken steps towards a manual addition of contacts, rather than an automated full extraction of all contacts on a phone, as well as enhancing its encryption of data stored by its app.

There does not appear any final 'findings', however, the authorities continue their investigation.

In general, to the extent you do have any data related to a user or non-user of your product, you should make sure you follow your privacy policy with respect to how you collect, store and maintain such information.

Tuesday, January 22, 2013

Mobile App Privacy

The Application Privacy, Protection, and Security Act of 2013 (APPS Act) is one of several possible bills and strategies the government may review this year to address the collection, use, storage, and sharing of end user data.

Much like SOPA last year, this legislation, if formally proposed, may be met with a lot of attention.

The overall goal is to give end users control over their data and information. End users have a right to know what information is being collected about them and how it will be used so that they can decide whether or not to provide any data and / or to use a website they are using.

While most website owners may be in agreement with providing end users with this information, their opposition is focused on how to deliver the message. The regulations may place unreasonable burdens on website owners, especially small business owners, if there are technical implementations that are needed at a large expense.

Stay tuned to this legislation throughout the year to see how far it progresses and if you will need to take any steps for compliance.

Thursday, January 17, 2013

Children's Online Privacy Protection - COPPA

If you operate a website and have cookies enabled and/or collect information via forms or other methods, you may want to take steps ensure you do not collect any information on children under the age of 13.

Laws, such as the Children's Online Privacy Protection Act (COPPA) have been in place for several years to limit the collection of data from children. The FTC took some time since 2010 to review possible updates to the law.

A list of updates can be found here. Among the updates, you will see:

*Personal information now includes photos, videos and geolocation information (e.g. IP Addresses)
*Website owners are required to ensure third parties that use their website also comply with COPPA
*Website owners must adopt procedures for data retention and deletion

COPPA's main target is operators of websites or online services that are either directed to children under 13 or have actual knowledge that they are collecting personal information from children under 13. To the extent you fit this description, you must give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information you collect from children

Unless you ask your end user whether or not their are under the age of 13, this may be difficult in some cases. However, in order to take advantage of 'safe harbor' rules, it is in your best interest to look into age verification methods if you intend to use the data you collect.

Thursday, January 10, 2013

Internet Sales Tax - Online Retailers

It's the start of a new year - 2013!

You may have an amazing idea to build a new product. Once that product is built, you may want to start selling it online and shipping it everywhere in the United States, and even the rest of the world.

You can set up your shopping cart and integrate paypal and be ready to start taking orders soon, but you need to add and collect a state tax on any product you are selling?

Many of you have heard that Amazon has slowly started to collect sales tax, state by state. As Amazon continues to comply with new rules and regulations being implemented, it would be a good idea for you to start talking to your accountant to see if there are any taxes for which you should be aware.

If you are just starting out, most likely you have not hit a certain minimum threshhold for sales to even be looked at by a state taxing authority. But for others that may be selling millions of dollars of merchandise each year, you should definitely put 'sales tax review' on your to do list.

A recent article in businessweek talks about this hot topic: "It’s Retailer vs. Retailer in Internet Sales Tax Push"

Good luck with your new online venture, but make sure to talk to your accountant and attorney for additional  items to consider as you continue to grow!