Here’s the full abstract of the new article:

Social marketing is among the newest advertising trends now emerging on the internet. Using online social networks such as Facebook or MySpace, marketers could send personalized promotional messages featuring an ordinary customer to that customer’s friends. Because they reveal a customer’s browsing and buying patterns, and because they feature implied endorsements, the messages raise significant concerns about disclosure of personal matters, information quality, and individuals’ ability to control the commercial exploitation of their identity. Yet social marketing falls through the cracks between several different legal paradigms that might allow its regulation—spanning from privacy to trademark and unfair competition to consumer protection to the appropriation tort and rights of publicity.

This Article examines potential concerns with social marketing and the various legal responses available. It demonstrates that none of the existing legal paradigms, which all evolved in response to particular problems, addresses the unique new challenges posed by social marketing. Even though policymakers ultimately may choose not to regulate social marketing at all, that decision cannot be made intelligently without first contemplating possible problems and solutions. The Article concludes by suggesting a legal response that draws from existing law and requires only small changes. In doing so, it provides an example for adapting existing law to new technology, and it argues that law should play a more active role in establishing best practices for emerging online trends.

@JessB123 You should just come anyway. Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it’s ok.

Assuming the apartment was not, in fact, “moldy,” I think the law may well be on Horizon’s side here. Bonnen’s Twitter stream was public, and a false statement that harms a business can be judged “defamation per se,” meaning that the plaintiff does not need to prove the details of damages. It’s another lesson that social media make many of our previously private conversations public, with potentially serious consequences. (Twitter, of course, is protected from the suit under Section 230.)

But as I’ve said before, just because you can sue doesn’t mean you should. In at least three ways this represents an epic fail for Horizon:

1. Bonnen was an infrequent Twitter user with few followers, variously reported as 15, 20, and 22. While this may technically have been a public statement, in reality very few people probably saw it — until now.

2. Libel lawsuits like this often make companies look like bullies. (Recall the “McLibel” case for an extreme example.) And because this case involves the currently white-hot topic of Twitter, the news is spreading extra-fast.

3. Company executive Jeffrey Michael made things even worse by admitting to the Chicago Sun-Times that the company had made no effort to contact Bonnen before filing suit, but explaining — you can’t make this stuff up — “We’re a sue first, ask questions later kind of an organization”. Wow. Is that the attitude you look for in a landlord? That statement from the company in a major newspaper must be ten times worse publicity than a passing tweet.

Talk about making a mountain out of a mold-hill. (Tweet tweet!)

UPDATE: Horizon sent out a press release late yesterday that considerably thickens the plot. Apparently, Bonnen had already sued Horizon over a leak in her apartment, and Horizon found the tweet when doing its “due diligence.” I don’t know why Horizon brought its suit as a separate action instead of a counterclaim. But it makes their over-reaction a little more understandable. (In context, it may also make it easier for Bonnen to argue that the tweet is mere opinion or exaggeration and not actionably false.) Oh, and the release claims that the “sue first” quote was, of course, “tongue in cheek” and “taken out of context.” It still sounds obnoxious, but now it turns out they didn’t sue first. All of which, I think, just proves my original point about how unwise this all was if the company wanted to preserve its reputation.

[T]he most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. [snip] This freedom is at risk in the cloud, where the vendor of a platform has much more control over whether and how to let others write new software.

If you think about info/law very much, none of this is quite new. And as I have said before about Zittrain’s work, I think he is too pessimistic about the certainty of lockdown (after all, we were worried about the walled gardens of AOL and Compuserve too, and look what happened).

But the danger is real and must be addressed, presumably in large part by the audience who reads the Times op-ed page. JZ is such an excellent communicator and synthesizer, and he conveys the seriousness and complexity of the problem very nicely to a key audience in a format where it is difficult to do that. Go read the whole op-ed right now.

[UPDATE: Adam Thierer does not care for this op-ed at all, and has some interesting responses.]

As news coverage (see here and here) emphasizes, the Commissioner’s main concerns are the extent to which third-party applications within the Facebook platform slurp up personal information irrelevant to their functions. The report also identifies some ways in which Facebook’s disclosures of its practices are insufficiently clear and criticizes certain data retention practices (particularly after deactivation of accounts). The Commissioner suggested changes Facebook could make to comply with the law; after 30 days if Facebook has not taken adequate corrective action the Commissioner may initiate a lawsuit in Canadian court.

I highlighted the Ottawa clinic’s complaint in my article about social marketing (which, of course, went to the printer just a few days too early to add mention of the report!). So I was especially interested in the report’s analysis of Facebook’s advertising practices. In my view, the Commissioner gets it partly, but not entirely, right, stating:

A Social Ad uses the individual’s actions, thumbnail photo and name to promote a certain product or service. The ad then becomes part of the News Feed and intertwines itself in the regular interactions of the user and his or her friends. In effect, the Social Ad takes on the appearance of an endorsement of the product by the user. For this reason, users would not reasonably expect their information to be used in such a manner and they should, as is the current situation, be able to opt out of such an active use of their personal information.

It seems to me, and I argue in the article, that a social marketing endorsement like the one described here should require an opt in — not only for privacy and reputation reasons, but also for information quality (to ensure it is a true endorsement). In practice, though, since the effective demise of Facebook’s Beacon program, these sorts of social ads only occur when you take actions within Facebook, and in those situations it seems to me reasonable to assume implicit opt-in — after all, why do you “become a fan” of something in Facebook if not to “share” with your friends? The report does go on to criticize the clarity of disclosure about the use of information for social marketing and the difficulty of locating the opt-out. The Commissioner proposed more frequent reminders, but Facebook objected, and the report concludes that if Facebook makes its policies clearer and more accessible that will be good enough.

Overall, a great example of the careful (and collaborative) work a robust privacy regulator can do if given the necessary legal muscle and adequate resources. Now let’s see how Facebook responds next month…

I don’t want to be harsh about Kaus – Section 230 is a little obscure – but I think any blogger, and especially one who’s a lawyer, should have some familiarity with it. (Citizen Media Law Project has a great summary of its effects, for example.) Kaus goes on to list five observations, which merit a bit of comment:

1. “lawyers for big journalistic outfits (like the Washington Post, which owns Slate) won’t require blogs to be edited.” Yep. Even some editing may pass 230 muster – see Batzel v. Smith.
2. “Most bloggers themselves are probably poor enough to be judgment-proof.” Also true, at least until Bill, Tim, and I land that lucrative Nike contract.
3. “unverified undernews would now have a prominent, semi-official, de facto-sanctioned home.” Yep – see AutoAdmit.
4. “Are they really going to apply this to organizations that pay freelance bloggers for their submissions?” The FTC doesn’t think so. Bill and I have been trying to figure this out.
5. “What about repeating these protected-by Sec. 230-but-unverified blog allegations in the core MSM?” Ah, the joys of cyberexceptionalism! A blogger posts something saying, “Sarah Palin resigns due to threats from wildlife sick of being shot at from helicopters.” The Boston Globe’s Web site republishes it – they’re immune under 230. The Boston Globe publishes exactly the same content in its print edition – no immunity. (They’ve got to depend on NYT v. Sullivan rather than the 230 shield.) So, the MSM has to be careful about how it deals with Web rumors, at least if they’re going to circulate them offline.

Kaus then confidently predicts Congress will amend the statute (”"But I find it difficult to believe that the broad web-site-protecting reading of Section 230 will hold up… When Congress sees how that phrase has been interpreted, it may (as they say) revisit the issue”). Um, no. It’s been around since 1996, and I know of no serious effort to amend it since. Scholars keep putting up alternatives, but Congress seems quite happy with Section 230, even when it gets interpreted in ways that prevent children who are sexually assaulted from recovering against the on-line sites where they met their assailants. If Congress isn’t going to help the kids, it’s not going to be too worried about Palin’s press image…

There’s been significant fear and loathing of this proposal. At a recent legal meetup in NYC, I suggested that there may be a barrier – Section 230 of the CDA – to the FTC’s enforcement of this move (if it is adopted). Several participants thought I was a nutjob for making this argument, so I thought I’d set it forth and see what you think.

Section 230(c)(1) of the Communications Decency Act (47 U.S.C. 230(c)(1)) forbids treating a “provider or user of an interactive computer service… as the publisher or speaker of any information provided by another information content provider.” There are statutory exceptions for intellectual property law (but compare Doe v. Friendfinder with Perfect10 v. CCBill on this), the Electronic Communications Privacy Act, criminal law, and compatible state laws. The 230 shield has been interpreted quite broadly, though Roommates.com and Barnes v. Yahoo! suggest some chinks in its protection. (As always, I recommend highly Ken Myers’s Wikimmunity article on this topic.)

I’d argue 230 cabins the FTC’s Section 5 authority. Imagine a blogger who gets free passes from DreamWorks to “Transformers: Revenge of the Fallen” and, against the weight of all common sense, writes a paean to the movie, without mentioning the free tix. She’s now run afoul of the FTC guidelines: there’s no reason for the blogger’s audience to think that she got in for free, and the connection seems material to the review. What if the FTC goes after DreamWorks? In effect, the FTC’s argument is that DreamWorks is the speaker here: it helped generate the post by giving the blogger free entry to the film. (This stance is made more powerful by the fact that Transformers 2 appears to suck.) But that’s exactly what Section 230 forbids: the FTC treats DreamWorks as responsible for the blogger’s content. It seems this should work in the other direction as well – trying to hold the blogger liable for failure to disclose treats her as linked with DreamWorks and speaking on the company’s behalf. (This posture seems a closer case, though, since it imposes liability directly on the speaker / author, although what makes the blogger liable is connection to another Internet content provider.)

The obvious FTC rejoiner is an agency theory: the compensation arrangement makes the blogger a DreamWorks agent for this post. But that interpretation would render 230 a dead letter; we could readily concoct consideration-based arguments for most 230 cases that cut the other way. On this theory, Dontdatehimgirl.com would be liable for encouraging users to post stories about cads – in exchange for a public airing of their complaints, the site gets desirable content. Doe v. Friendfinder wouldn’t have to rely on a flimsy right of publicity claim: Ms. Doe could simply go after Friendfinder for the quid pro quo of attractive content in exchange for use of the service.

The employee as commenter / poster angle poses the problem neatly. If a DreamWorks publicity representative writes a blog comment, at the direction of the company’s CEO, trashing Ice Age: Dawn of the Dinosaurs as “a Blue Sky Studios plot to brainwash our children,” it is uncontroversial to hold DreamWorks liable for her speech. Firms can only act through their employees. But if she writes the same comment from home, with no studio input, based on her belief that animated squirrels are the devil’s minions, we’d be reluctant to hold DreamWorks liable. So, perhaps agency must enter the 230 analysis through the determination of who the “Internet content provider” is. I think it makes sense to separate employee blogging along these lines, but it does convert Section 230 from a relatively clear rule to more of a standard.

I don’t necessarily like the outcome here. Bloggers have been quite resistant to disclosure mandates (and even strong norms, at times) and are shocked, shocked to think that anyone could buy their support! Having the FTC push back, even if only in extreme cases, could be quite helpful. And it’s not just bloggers who are affected by this analysis – it would likely hold for Internet writing and endorsements more generally. Finally, the FTC is certain to dislike this suggestion that its Section 5 power wanes on the Internet (even though experts like Eric Goldman argue that other agencies, such as the SEC, are similarly constrained). But presumably this is what Congress wanted, and at minimum the Commission needs a cogent analysis of why its proposals escape the 230 driftnet.

Great cases, like hard cases, make bad law. For great cases are called great, not by reason of their real importance in shaping the law of the future, but because of some accident of immediate overwhelming interest which appeals to the feelings and distorts the judgment. These immediate interests exercise a kind of hydraulic pressure which makes what previously was clear seem doubtful, and before which even well settled principles of law will bend. Northern Securities Co. v. United States, 193 U.S. 197 (1904) (Holmes, J., dissenting).

Among the newest is the recent lawsuit filed by St. Louis Cardinals manager Tony LaRussa against Twitter. A user who claimed to be LaRussa opened a Twitter account in his name and said some nasty things, including mocking references to the deaths of two Cardinals pitchers. Twitter denied initial reports that the suit had been settled in a somewhat bellicose blog post (remember, lawyers: it isn’t a settlement until the other guy’s client signs off). Twitter then removed the case (that is, transferred it) from state to federal court, where it currently remains active on the docket of the Northern District of California. (The best news coverage is here and here.) The phony LaRussa account was terminated long ago; impersonation violates Twitter’s terms of service.

LaRussa’s actual grievances sound like they should give rise to defamation or false light, or perhaps the appropriation tort. But these would all be blocked, quite routinely, by section 230. Of course, LaRussa could go after the individual impostor, assuming that person could be found. Instead, his lawyers framed much of his complaint in terms of trademark infringement. Why? It’s no coincidence that section 230(d) carves out IP (along with criminal law) from the special immunity, stating, “Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property.”

But to prevail on the trademark infringement claim, LaRussa has to prove that the phony account was likely to confuse consumers into thinking he endorsed Twitter, thus harming him. That is why his complaint emphasizes:

The Site states in large lettering, ‘Tony LaRussa is using Twitter,’ and encourages users to ‘Join today to start receiving Tony LaRussa’s updates.” It also contains a picture of Plaintiff with his name printed next to ít. Beneath the picture, the Site contains written entries that are impliedly written by Plaintiff himself when in fact they are not.

In this particular case, proving confusion and harm will be very difficult, since (1) the account only had four followers; (2) it included a notation in the user’s profile section, “Bio Parodies are fun for everyone;” (3) it’s not clear a statement (even a false one) that LaRussa used the service can fairly be called an endorsement of the service (though the “endorsement” concept can be slippery, as I have written elsewhere). Trademark dilution does not require confusion or monetary harm, but LaRussa pleaded under federal dilution law, which allows only injunctive relief — now moot since the profile is gone — and completely exempts “noncommercial use” of a trademark.

More generally, however, this case highlights the possibility of a loophole for celebrities who can recast privacy-like claims under trademark law (and possibly also rights of publicity, if those are interpreted as intellectual property under the language of section 230(d)). Where would that leave us? Well, it shows (again) that the apparently bright lines of section 230 sometimes aren’t. But it might also create what I’d consider a pernicious double standard: celebrities maligned by anonymous online impostors could plead around section 230 by claiming trademark or publicity rights in their name, while many ordinary people victimized by defamation or cyber-bullying would have their claims blocked. Other law, defamation in particular, expects celebrities to have thicker skin and tolerates more insensitive speech about them. If LaRussa pulled off this suicide squeeze, that sensible dichotomy might get turned on its head.

[UPDATE: I plumb forgot to mention another crucial angle: Twitter now wants to sell verified accounts to celebrities (as in, “This is the real Tony LaRussa tweeting.”) Those wouldn’t fetch a very high price if the fake accounts from which the celebs are trying to distinguish themselves are unlawful and Twitter is liable for them.)