II

From PLI’s Course Handbook

Eighth Annual Internet Law Institute: How Corporate America is Harnessing the Internet

#2855

Order this title at a 40% discount or learn more

CONDUCTING INNOVATIVE
ADVERTISING WITHOUT
VIOLATING THE LAW

Linda A. Goldstein
Manatt, Phelps & Phillips, LLP

CONDUCTING INNOVATIVE ADVERTISING WITHOUT VIOLATING THE LAW

Linda A. Goldstein

Partner

Manatt, Phelps & Phillips, LLP

I. Introduction

Internet usage continues to grow at exponential rates with marketers and consumers embracing the new media in increasing numbers. Although initial concerns over the security of online transactions once hindered the growth of e-commerce, technological solutions have paved the way for the Internet to emerge as a major entertainment medium and vehicle for commercial transactions. By 2005, e-commerce is expected to approach a trillion dollars. Businesses are overwhelmingly embracing the efficiency and the convenience of the Internet. Business to business transactions on the Internet account for approximately 80% of e-commerce activity. Efforts by both regulators and e-tailers are increasing consumer confidence in online transactions.

Unfortunately, the law has not kept pace with the rapid growth and expansion of the Internet, causing the gap between existing laws and the demands of the new media to widen even further. It is obvious to businesses, consumers, legislators and regulators that the Internet is a permanent forum for business, communication, and entertainment. As the Internet continues to grow and expand, the once highly praised self-regulatory approach to governing the Internet may be phased out. While many of the novel issues first identified in the early years of the Internet are being addressed by the courts and legislation, conformity remains an issue. As the focus of the Internet develops and expands, issues continue to emerge, the collection and use of personally identifiable information, the proliferation of unsolicited commercial e-mail advertising, and the legal operation of sweepstakes and contests in light of privacy and unsolicited commercial e-mail concerns. Also, of increasing concern is respecting when technologies have gone too far in soliciting consumer attention and obtaining consumer data from third party web sites – for example through the use of pop-up advertisements and screen scrapers and other content aggregation tools.

This outline is intended to assist counsel in providing the innovative, creative and cutting edge advice demanded by Internet marketers today, by highlighting key issues, legal developments and proposed legislation impacting online advertising, particularly in the areas of unsolicited commercial email marketing, children’s advertising, sweepstakes and contest, pop-up advertising, screen scraping and content aggregation, and the Hot Button issues for the FTC and State Attorney Generals.

II. Regulation of Unsolicited Commercial E-mail

Spamming is the practice of sending unsolicited or “junk” e-mail for commercial purposes over the Internet. As it provides the sender with the opportunity to reach a wide audience quickly and at virtually no cost, it has become more and more prevalent. According to Jupiter Research, American consumers received more than 140 million spam e-mail messages in 2001, about 46 percent of all e-mail messages sent that year, and this number is estimated to grow to 645 billion messages by 2007. For this reason, spam has been a hot topic for years and on federal and state lawmakers’ minds.

The FTC will challenge spam if it contains representations that may be unsubstantiated or deceptive or that may violate any of the rules or guides the FTC is empowered to enforce. FTC maintains an e-mail account (uce@ftc.gov) (“Spam Mailbox”) where consumers can forward unsolicited commercial e-mail that they believe may be fraudulent or deceptive. Currently, it receives an average of 40,000 pieces of spam every day and has received over 10 million pieces of spam since 1998.

A. Recent Legislation

The CAN-SPAM Act of 2003[1] went into effect on January 1, 2004 and regulates sending and advertising in commercial e-mail messages. Unlike some of the earlier state spam laws, all of which have been pre-empted by the Act, the CAN-SPAM Act regulates all commercial e-mail messages, except for transactional or relationship e-mail messages.

The Act requires the clear and conspicuous inclusion of (1) a functioning return e-mail address or other Internet-based mechanism (which must work for at least 30 days after sending the message) for recipients to submit opt-out requests (which must be honored within ten business days), (2) the sender’s valid physical postal address and (3) identification that the message is an advertisement or solicitation (unless the recipient has opted-in to receive the message). Sexually-oriented commercial e-mail messages must also include a warning and require an additional step to view the material after opening the message.

The Act prohibits the use of (1) false or misleading header information, (2) misleading subject lines, (3) e-mail address harvesting, dictionary attacks, relaying messages through computers without permission, and automated creation of multiple e-mail accounts, and (4) a variety of techniques used by hardcore spammers to conceal their identity.

Although primary enforcement of the Act is assigned to the FTC, the Act can also be enforced by other federal government agencies, state attorneys general, and Internet service providers. There is no private right of action. Penalties range from fines of up to $6 million and up to 5 years imprisonment.

This past Spring, the FTC sought comments on several issues left open in the CAN SPAM Act. Among these are the definition of “transactional or relationship” messages, the time period allowed to honor opt-out requests, the types of violations that should be considered aggravated violations, and the status of a viral marketing or a refer-a-friend email programs.

Four of the major ISP’s recently filed lawsuits against a number of major spammers, alleging, among other things, violations of the CAN SPAM Act. These are the first actions to be filed by ISP’s under the new law and will provide a good barometer as to the laws effectiveness in allowing ISP’s to take action to stop spammers.

III. While the CAN SPAM Act generally pre-empts state laws, the Act does not pre-empt state laws intended to deal with fraud. The state of Maryland is the first state to pass legislation post enactment of the CAN SPAM ACT based on the “fraud” exemption to pre-emption. The Maryland statute addresses e-mails that are deceptive as to their origin or subject matter and e-mails sent from falsely registered e-mail accounts with false identifiable information. The law also criminalizes the unauthorized transmission of e-mail ads from a protected computer and the automated practice of obtaining e-mail addresses by promising users that their e-mail addresses will not be transferred to other parties for marketing purposes.

The penalties are severe and violators can be charged with a misdemeanor, punishable by imprisonment not exceeding five years or a fine of no more than $10,000 or both. Violations in furtherance of a felon or perpetrated by a prior felony can result in imprisonment of up to ten years or a fine not exceeding $25,000 or both.

IV. Pop-Up Advertisements

Internet users often download free software or online applications, such as a music sharing web site or personal home page site, and unknowingly download adware at the same time. Many free online applications include notice of this adware download in their terms and conditions, which the user accepts as a condition to use of the software. However, most users, if not all, do not read the clauses in the terms and conditions and do not see the download occur. Thus, the user unintentionally gives a company permission to place an adware piece on his or her hard drive, a marketing application that tracks the user’s online behavior to deliver user-specific pop-up advertisements.

The adware monitors and gathers the user’s surfing activities and search terms and transmits this data to a remote server. Most adware pieces contain a directory of search terms, URLs, and keyword algorithms, organized by advertising category, which signals the server to send advertisements to users whose online activities match a category. For example, when a user visits www.cocacola.com, the adware application may detect this activity and scan its directory in search of a matching category, such as “beverages.” The marketer’s server then selects an advertiser who falls under this category, which could be a pop-up ad from Pepsi, and delivers it to the user’s desktop directly on top of the competitor’s site. The consumer may then be induced to leave Coke’s site and view Pepsi’s advertisement, even though it initially chose to visit Coke’s site. Or perhaps, the consumer gets frustrated at the Coke site for sending it a pop-up ad, not knowing the source of the intrusion. This tactic of targeted pop-up advertisements has been called “guerilla marketing” and users and web site owners are almost powerless to stop it.

In an effort to combat these unwanted pop-up advertisements, many web site operators have resorted to litigation. Indeed, pop up advertising delivered by third parties has been the subject of several lawsuits filed in the past year.

● U-Haul International, Inc. v. WhenU.com, Inc., 279 F.Supp.2d 723 (E.D. Va. 2003). WhenU.com, Inc. (“WhenU”) delivers and installs adware called, “SaveNow,” on the hard drives of users who download free screensaver programs and accept the screensaver license agreement. The SaveNow adware scans the user’s online activity searching for terms to match its clients’ products or services. Once a match is found, the adware delivers a pop-up ad to the user’s computer screen on top of the viewing site. U-Haul filed a complaint against WhenU alleging that WhenU’s pop-up advertising infringes U-Haul’s trademark and copyrights and amounts to unfair competition. The court awarded summary judgment to WhenU on the trademark related claims because U-Haul was unable to demonstrate how the pop-up ads “used” U-Haul’s trademarks in commerce. The court found no use occurred because: (i) WhenU’s window is separate and distinct from the window in which the U-Haul site appears; (ii) the appearance of the trademarks on screen at the same time is a result of a Windows environment; (iii) WhenU’s incorporation of U-Haul’s URL in the SaveNow Program is not a trademark use because this use is purely functional and in no way advertises U-Haul’s web address or any other U-Haul trademark; and (iv) the SaveNow program is installed by the user and does not interact with U-Haul’s web site. Without a sufficient showing of any “use,” the court did not reach the issue of a likelihood of confusion regarding an affiliation between U-Haul and the pop-up ads served on its site. WhenU was further awarded summary judgment on the copyright claim because WhenU did not actually copy any of U-Haul copyrighted works. In particular, the Court found that the pop-up ad in no way alters the underlying web site and can easily be removed by the user. The Court reasoned that the Windows environment permits users to open up multiple applications and windows at the same and that WhenU’s ad was merely another window on the user’s desktop. Although the Court sympathized with users having to endure pop-up ads while Internet surfing, the user invited and consented to the adware placement on his or her hard drive.

● 1-800 Contacts, Inc. v. WhenU.com, Inc. and Vision Direct, Inc., 309 F. Supp.2d 467 (S.D.N.Y. 2003). 1-800 Contacts (“Contacts”) sells replacement contact lenses through its web site. Contacts also filed a complaint against WhenU for its pop-up ads delivered via its SaveNow program. Similar to the U-Haul case, the Contacts court did not find copyright infringement, otherwise all Internet activity would be deemed copyright infringement since the computer environment allows users to cover, obscure and change the appearance of all browser windows. Unlike the U-Haul case, however, the Court found that Defendants did “use” Contacts’ trademark when it specifically delivered Vision Direct’s pop-up ad to the user who accessed Plaintiff’s web site, clearly capitalizing on Contacts’ good will and reputation. Further, the Court held that the placement of Contacts’ name on WhenU’s directory constituted “trademark use” because this list of terms triggered the delivery of a competitor’s pop-up ad. The Court found that Contact established a likelihood of initial interest confusion – which occurs when the consumer, seeking one party’s product, is lured away to competitor’s product because of competitor’s similar mark, even though the consumer is not actually confused about the source of the products at the time of purchase. The Court further found a likelihood of actual consumer confusion based on: the distinctiveness of Contact’s mark, the high degree of proximity between the competitors’ goods, survey evidence suggesting actual confusion and WhenU’s bad faith in using Contact’s mark in its adware directory.

● WashingtonPost.Newsweek Interactive Co., v. Gator Corp, 2003 WL 31356645 at*1 (E.D. Va. July 2002). The Court granted a preliminary injunction to 16 publication leaders against Gator without discussion. Gator’s adware, called “OfferCompanion” also tracked user activity, like the SaveNow program, and triggered pop-up ads based on the sites users frequently visited. However, Gator’s practices seem more egregious than WhenU’s adware. The Plaintiffs alleged that while the user visited the purchase page of a web site, a pop-up ad could appear that offered the same product at a lower price from a competitor. Furthermore, Gator’s ads were designed to appear a part of the web site and conceal the site’s originally placed advertisements. In fear of another lawsuit from the Interactive Advertising Bureau, an online advertising group based in New York, Gator agreed to stop selling such banner overlays.

V. Screen-Scraping, Content Aggregation and
Cybertrespass

Screen scraping is a term that is broadly used to encompass various technologies, such as robots, spiders or crawlers, which aggregate or index content from third party web sites. Screen scraping or content aggregation is becoming increasingly commonplace in the financial services industry, as account aggregator service providers – armed with consumer permission and passwords – use screen scraping technology to enable these consumers and their financial advisors to view and make transactions against accounts at multiple institutions from a single Web page.

To date, however, the majority of screen scraping disputes have related to instances where the content aggregator was not acting on behalf of a particular consumer, but rather was accessing web site data without authorization and for its own commercial purpose. For example, a commercial site aggregating current airfares or hotel prices from a variety of third party providers. This type of content aggregation impacts upon the revenue streams of the underlying provider web sites as its diverts traffic from their sites – thereby undermining the effectiveness of (and revenue generated from) advertising on these sites). Aggregation also creates consumer protection issues as the terms and conditions of use for the underlying provider web site may be bypassed when consumers access information through the aggregator.

A number of cases have been filed since 1999 which relate to the practices of screen scrapers and other content aggregators and which typically involve the web site operators’ efforts to block the screen scraping activity. These cases have primarily involved either a trespass theory or a claim that the scraping violated the particular web site’s terms of use (which typically indicate that the site may be used for personal use only and not for commercial purposes).

· Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004). Register.com is a registrar for the issuance of domain names on the web and also sells web-related services to entities that maintain web sites. Verio is a provider of web site design and hosting services. Verio devised an automated scraping tool to take daily updates of the WHOIS information posted on the Register.com site relating to newly registered domain names. Register.com brought an action in August 2000 seeking a temporary restraining order and preliminary injunction claiming that Verio was, inter alia, accessing Register.com’s computer’s without authorization in violation of the Computer Fraud and Abuse Act and trespassing on Register.com’s chattels in a manner likely to harm Register.com’s computer systems by use of the scraping software program. A preliminary injunction was issued in December 2000 and affirmed in January 2004. With respect to the trespass to chattels claim, the Second Circuit noted that Verio likely committed a trespass by using a search robot to access Register.com’s computer systems without authorization and consuming the computer systems’ capacity. By virtue of this use, and the likely use by others if Verio were not enjoined, Verio could interfere with Register’s use of its own systems and pose risks to the integrity of Register.com’s systems due to potential congestion and overload problems.

· Ticketmaster Corp. v. Tickets.com, Inc., 2003 WL 21406289 (C.D. Cal. Mar. 7, 2003). From 1998 through 2001, Tickets.com employed a “spider” program to review the internal pages of the Ticketmaster web site and extract the factual information (event, date, ticket prices and url) from the site. This information was then rearranged and displayed on the Tickets.com site. (Tickets.com was also engaged in deep linking of the Ticketmaster site during this period). Ticketmaster brought an action against Tickets.com which ultimately involved contract, copyright and trespass to chattel claims. In March 2003, the district court determined that there were triable issues of fact on Ticketmaster’s contract claims, but granted summary judgment to Tickets.com on the copyright and trespass to chattels claims. With respect to the trespass to chattels claim, the court determined that the mere invasion or use of a portion of a web site is insufficient to establish trespass, there must be some evidence that the use of the site has been adversely affected in some way by the spider or other scraping technology. As Ticketmaster did not demonstrate any damage to its computers or web site from the Tickets.com spider, summary judgment was granted to Tickets.com on the trespass to chattels claim. The court also granted Tickets.com summary judgment on the copyright infringement claim, determining that the temporary downloading of content from the Ticketmaster web site in order to extract unprotected, publicly available event information was a fair use. In contrast, the court found that there was a triable issue of fact regarding whether Tickets.com was aware of the terms of use posted on the Ticketmaster web site, which prohibited the use of the site for commercial purposes.

· American Airlines, Inc. v. Farechase, Inc., Cause No. 067-194022-02 (Tex. Dist. Ct., Tarrant Cty. 2003). American Airlines featured various discounted fares on its web site, www.aa.com. FareChase developed and marketed “web automation” software that enabled it to visit the aa.com web site and extract fares. This information was then compiled and re-sold to travel distributors who could not otherwise offer these rates to consumers. The FareChase software violated the terms and conditions of use of the aa.com web site, which prohibited users from accessing, copying and using information from the site for commercial purposes. American repeatedly notified FareChase that it must cease and desist the unauthorized accessing and scraping of aa.com but FareChase refused. American filed an action in the Texas district court site and obtained a temporary injunction against FareChase accessing, using or scraping the aa.com site for any commercial purpose without the express consent of American. The injunction was granted, in part, on the grounds that FareChase’s conduct intermeddled with and interfered with American’s personal property and, thus, constituted a trespass. The Court further determined that FareChase’s conduct resulted in a loss of American’s computer system capacity, a diminution of customer goodwill and the opportunities for gaining or increasing customer goodwill.

· EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1^st Cir. 2001). EF Cultural Travel was a tour company. A number of its former employees formed a competitor entity, Explorica. Explorica developed and used a screen scraping tool to compile EF Cultural’s tour prices. Explorica then undercut these prices in the marketplace. EF Cultural obtained an injunction against Explorica under the Computer Fraud and Abuse Act. On appeal, the court noted that EF Cultural’s web site did not expressly prohibit use of a "screen scraper" program to extract pricing data. However, the Court noted that the screen scrape tool had been developed with information covered by a confidentiality agreement signed by a former EF Cultural employee and, thus, that the scraping was without authorization and was prohibited. Thus, the injunction was upheld.

· Oyster Software, Inc. v. Forms Processing, Inc., No. C-00-0724 JCS, 2001 WL 1736382 (N.D. Cal. 2001). Defendant Form Processing used robot software to obtain and copy Oyster’s metatags in a manner that would cause search engines to show a description of Oyster’s products and services but then divert the searcher to Form Processing’s web site. The court denied a motion to dismiss Oyster’s trespass to chattels claim despite the fact that there was no evidence that Form Processing’s actions were causing harm to Oyster’s computer systems.

· eBay, Inc. v. Bidder’s Edge, Inc., 100 F.Supp.2d 1058 (N.D. Cal. 2000). This case involved a suit by eBay against an auction aggregator site which allowed users to search multiple auction sites simultaneously. At the time the suit was brought, Bidder’s Edge’s software robots accounted for approximately 1.5% of the total requests received by eBay. eBay brought suit alleging copyright, Lanham Act and state law claims, including a trespass cause of action. The district court issued a preliminary injunction against Bidder’s Edge based upon a theory of trespass against chattels under California state law. In so doing, the court recognized that eBay had a property interest in its server capacity and that Bidder’s Edge unauthorized use of this server capacity damaged eBay. The court also recognized that eBay was at risk of suffering harm to its reputation as a result of Bidder’s Edge’s activities, in that Bidder’s Edge might be displaying inaccurate or out dated auction information.

· First Union Corp. v. Secure Commerce Services, Inc., Case No. 3:99cv519P (2000). Secure Commerce, d/b/a Paytrust, operated an online bill payment service. First Union Bank brought an action alleging that Paytrust illegally accessed the First Union site and misappropriated confidential information in collecting customer information with the PIN numbers that that First Union customers had provided to Paytrust to allow it to automatically pay their bills. First Union sought relief under the Computer Fraud and Abuse Act, computer trespass under North Carolina law, trespass to chattels, misappropriation, trademark and copyright infringement and unfair competition. The case ultimately settled with Paytrust apparently agreeing to abide by certain undisclosed conditions on its access to customer information.

VI. Online Sweepstakes

On-line promotions are subject to all of the same laws and regulations that apply to promotions conducted through traditional media. Accordingly, the promotion must be structured in a manner consistent with federal and state general lottery laws and specific state prize and gift statutes. On-line promotions do, however, raise a number of additional unique issues which a promoter or sponsor must be sensitive to.

A. Consideration

1. Unique Consideration Issues

a. Does Internet Access Constitute Consideration?

· The issue of whether Internet access (to a free Web site) constitutes consideration still remains somewhat unsettled, although the vast majority of on-line promotions being conducted today are being conducted without an off-line entry method, without regulatory objection.

· While the majority of companies today are conducting on line promotions without a free alternate method of entry, companies are also increasingly integrating internet usage into what are essentially off line promotions therefore raising new challenges as to the role of internet access in sweepstakes promotions. To the extent that a promotion that is being offered through off line distribution channels such as at retail, or on pack also requires internet access to fully participate, an argument can be made that, the requirement to access the internet in order to participate is a material condition of entry. Therefore, separate and apart from any potential consideration issues, it is imperative the internet access requirement be clearly and conspicuously disclosed to consumers at the outset of the offer. Failure to disclose the internet access requirement could be deemed a material omission in violation of federal and state laws.

· While internet usage has become increasingly integrated into offline sweepstakes offers, marketers should still beware of relying on the internet access as an alternate method of entry. In order to be viable in eliminating the element of consideration from a sweepstakes promotion, the alternate method of entry, must be universally available to all persons who have the opportunity to participate for free. While internet access is currently widely available, it is still not universally available. Accordingly, internet access cannot be the sole method of “free” entry for a promotion in which consumers otherwise pay to enter.

b. Use of Proprietary Software

· In determining whether an on-line sweepstakes has an element of consideration present, one must consider whether the consumer must purchase any proprietary software in order to fully participate in the sweepstakes. If software is required and cannot be downloaded for free, then consideration is inherent in the promotion.

c. Disclosure of Proprietary Information

· Many on-line sweepstakes and contests are designed specifically to gather database information. To the extent that the consumer is required to disclose proprietary information in order to participate in the sweepstakes, a consideration issue may be raised, particularly in those states where non-monetary consideration may be found to exist.

d. Navigating the Sponsor’s Web site

· Sweepstakes that require the user to spend substantial time and effort on the Sponsor’s Web site may give rise to consideration issues.

e. Loyalty Program Points

· Many online promotions seek to integrate a sweepstakes with a loyalty program. To the extent that users are forced to “cash in” loyalty program points to enter a sweepstakes, consideration may be found to be present.

f. Consent to Accept Future E-mails

· In an effort to build e-mail databases, some sponsors of promotions require consumers to agree to accept future spam as a condition of entry. While no cases have been brought challenging such a practice, as privacy concerns continue to occupy regulatory attention, this may invite regulatory scrutiny.

g. Viral Marketing

· The requirement that persons furnish names and e-mail addresses of others to earn entries in a sweepstakes has not yet been challenged but could raise some concerns under traditional “commercial benefit” theories, as well as, raise spam and privacy concerns.

2. Alternate Method of Entry

· If an on-line sweepstakes sponsor elects to use an alternate method of entry to eliminate the consideration issue and risk, particular care must be taken to insure that it meets two fundamental requirements:

· Have equal dignity with the on-line method of entry.

· Be clearly and conspicuously advertised to the consumer.

a. Equal Dignity

· The equal dignity requirement poses some unique issues and challenges in the on-line context:

· Online entrants cannot be afforded any advantages over those who enter by the free alternate method.

· Entry deadlines must be parallel; online deadlines should be the same as postmark or phone in deadlines.

· Speed of response may not be considered a factor in determining winners.

· Number of entries must be equally limited for online and offline entrants (e.g. limit one entry per person).

· Online and mail entries must be fully integrated. No separate prize pools are permitted.

· As noted above the alternate method of entry must be universally available. For this reason, internet access cannot function as a viable alternate method of entry.

b. Clear and Conspicuous Disclosure

· The existence of the alternate method of entry and instructions on how to enter must be clearly and conspicuously disclosed.

· For promotions advertised only on-line, but offer an alternate method of entry, there is no requirement that such alternate method of entry be disclosed off-line.

· The statement “No purchase necessary” may not be sufficient. Specific reference should be made to the fact that no online entry or online subscription is necessary.

B. Skill Contests

In a bona fide skill contest, consideration can generally be required, with the exception of a handful of states. With each individual contest, the language of the state statutes must be carefully reviewed to determine which ones could apply to each online contest. Some statutes refer expressly to a payment to the sponsor; other statutes are triggered only when certain representations are made and appear to be targeted to direct mail, still others restrict consideration in skill contests unless certain disclosures are made.

If consideration is going to remain present in the promotion, the sponsor must be certain that the promotion will qualify as a bona fide skill contest.

· Questions cannot be too hard or too easy.

· Ties must be broken on the basis of skill.

· Judging criteria must be objective and clearly disclosed.

· Judges must be qualified to apply the judging criteria.

· All entrants must be competing on the same playing field.

· Skill must determine and control the final result.

In determining whether a game is one of skill or chance, most states follow a “dominant element theory.”

In order to determine that skill truly predominates over chance, the following must apply: 1) Participants must have a distinct possibility of exercising skill and must have sufficient data upon which to calculate an informed judgment; 2) Participants must have the opportunity to exercise skill and the general class of participants must possess the skill; 3) Skill or the competitor’s efforts must sufficiently govern the result; 4) The standard of skill must be known to the participants and this standard must govern the result.

Exercise Caution: Beware of speed as an element of skill in an online promotion, and carefully review game and specifications to determine if the game is compatible with all platforms/software.

C. Games for Games’ Sake

The Internet has become fertile ground for the conduct of games conducted purely for entertainment value and/or profit to the sponsor. To the extent that such games do not involve the promotion of an underlying product or service and permit entry for a fee (even if not required), consideration must be given to certain states which have suggested that such games may implicate the gambling statutes, e.g., West Virginia, South Carolina, Texas.

D. Worldwide Legal Exposure

· Since use of the Internet equates to worldwide exposure, care must be taken to comply with the laws of any jurisdiction where the promotion can be accessed.

· The astute promoter will be certain to either comply with the local laws or void those countries and not allow entries from them. This requires particular attention to screening and clear and concise rules available to all participants.

· If the intent is to limit participation to U.S. residents, this limitation should be prominently disclosed at the point of entry. Disclosure of geographic limitations within the official rules may not be sufficient.

· If marketing considerations require that the promotion be open to residents outside the United States, the promotion should at least be cleared in those countries in which the sponsor has local presence or assets. A more conservative and common approach is to clear in all countries.

E. Privacy

· Since completion of an entry form necessarily requires disclosure of personally identifiable information, a link to the Web site’s privacy policy should be disclosed at the point of entry.

· If the promotion is targeted to children under 13, if children under 13 can enter, or if the promotion is on a Web site targeted to children then compliance with COPPA and the FTC rules promulgated thereunder is required. The Children’s Advertising Review Unite (“CARU”) of the Better Business Bureau has been extremely aggressive in enforcing compliance with COPPA and CARU guidelines in the context of online sweepstakes. CARU has also been more stringent in its interpretation of COPPA than the FTC Rules seem to require.

· If entrants’ names and personal information are being solicited for marketing purposes, the prudent approach, in light of the 1998 FTC settlement with GeoCities for misrepresenting the purposes for which it was collecting personally identifiable information, would be to disclose such use in the official game rules.

· Make sure your privacy policy allows for use of personal information gathered in the sweepstakes in the manner intended by the marketer. If any use will be made of the data gathered in the sweepstakes that is not permitted under the privacy policy, special conditions should be set forth in the official rules of the promotion allowing for such usage.

F. Beware of Hackers and Flamers

· Limit the number of entries per person, household or e-mail address.

· Prohibit use of automated devices.

· Reserve the right to disqualify any entrant who violates the rules.

· Back up limitation with a provision disqualifying subsequent entries.

G. Virus Protection

· Reserve the right to modify, suspend or terminate the game in the event that it becomes infected by a computer virus or is otherwise technically impaired. You may reserve the right to terminate or suspend the game in its entirety or only the Internet portion.

· Note: The new Florida regulatory agency that is overseeing the registration of sweepstakes whose total prize package is valued at more than $5,000 requires that the Official Rules contain language which offers an alternate means of awarding prizes if a game is terminated.

H. Other Special Official Rules Provisions

There are a number of other unique situations posed by online promotions that should be handled by special provisions in the official game rules:

1. Time Restriction for Online Entries

· The deadline for online entries must specify not only the date of the deadline, but also the time of the deadline and the time zone for the deadline, e.g., 11:59:00 p.m. EST.

· Remember that the deadline for online entries must be parallel with the postmark date for any mail entries.

2. Clear How-to-Play Instructions

· Technical personnel must work closely with those drafting the How to Play instructions to be sure that any special technical requirements are adequately set forth in the rules. For example, if a grid must be completed in a certain way, or if an entrant must use exactly the same name each time he or she plays to be sure a score is properly aggregated, this must be set forth in the rules.

3. Special E-Mail Entry Provision

· A provision should be added indicating that in the event of a dispute regarding who submitted an online entry, the entry will be deemed submitted by the holder of the e-mail account (authorized account holder).

4. Disclaimer of Liability for System Malfunction

· Given the complexities inherent in an online promotion, unpredictable and uncontrollable problems can arise from bugs or failure in the server, hardware or software, transmission, online failure or loss, delayed or corrupted data transmitted by participants. Sponsors should disclaim liability for all such problems.

5. Disclaimer for Liability to Participants’ Systems

· A disclaimer of liability should also be added for any damage to a user’s system occasioned by participating in the promotion or downloading any information necessary to participate in the promotion.

6. Acceptance of Official Rules

· In some instances, particularly where the game is fairly complex, it may be advisable to require entrants to indicate their acceptance of the official rules, such as by clicking on an “I Accept” button.

7. Use of Cookies

· If the player’s browser must be programmed to accept cookies for effective game play, this must be disclosed.

8. Patents

· Operators of online games must be aware of and sensitive to the growing number of business method patents being issued in the online games context. A number of patents relating to various instant win technology formats for online games have been issued. Marketers of online instant win games should consult with patent counsel to ensure that their game methodology does not violate the third party rights of others.

VII. The Future Direction of FTC and State Attorney
General Enforcement

A. Regulatory Hot Buttons

1. Weight Loss Claims

a. Weight loss claims remain a top enforcement priority for the FTC. The FTC has brought numerous enforcement actions against marketers of various weight loss products and devices on the basis of allegedly deceptive weight loss claims.

b. This past fall, the FTC conducted a workshop in which a panel of experts were asked to opine on whether certain weight loss claims could be supported by any scientific evidence. As a result of that workshop, the FTC has published 7 weight loss claims which it considers presumptively false. The FTC has asked the media to cooperate by pre-screening weight loss ads and rejecting ads that contain these seven claims. The following is a list of the suspect claims:

(i) Cause weight lose of two pounds or more a week for a month or more without dieting or exercise;

(ii) Cause substantial weight loss no matter what or how much the consumer eats;

(iii) Cause permanent weight loss (even when the consumer stops using the product);

(iv) Block the absorption of fat or calories to enable consumers to lose substantial weight;

(v) Safely enable consumers to lose more than three pounds per week for more than four weeks;

(vi) Cause substantial weight loss for all users; and

(vii) Cause substantial weight loss by wearing it on the body or rubbing it into the skin.

2. Dietary Supplements

a. The Commission has brought numerous enforcement actions against marketers of dietary supplements based on allegedly misleading safety and efficacy claims.

b. If any health benefit claims are made for a dietary supplement, they must be supported by competent and reliable scientific evidence in the form of clinical studies on the actual product itself.

c. The FTC is also becoming increasingly concerned with express safety claims for dietary supplements. In order to make express safety claims for the product, the marketer must have conducted reasonable and reliable safety testing on the product.

3. Testimonials and Endorsements

a. False or deceptive endorsements or testimonials violate Section 5 of the FTC Act and the FTC Guides Concerning the Use of Endorsements and Testimonials in Advertising, 16 C.F.R. §255. Under the Testimonial Guidelines, endorsements may not contain any representations which would be deceptive or could not be substantiated if made directly by the advertiser, 16 C.F.R. §255.1(a). An advertisement using consumer testimonials will generally be interpreted to mean that the endorser’s experience is typical of what consumers can expect to achieve. If such is not the case, the advertiser must disclose the limited applicability of the endorser’s experience. Most marketers do this through the use of typicality disclaimers.

b. The FTC is currently reviewing the Testimonial and Endorsement Guidelines to determine if the typicality disclaimers currently being utilized are effective.

4. Advanced Consent Marketing

a. The FTC, State Attorneys General and Class Action Bar have been heavily focused on various forms of negative option/advanced consent marketing techniques. These include arrangements whereby the consumer agrees in advance to review and be charged for goods or services in the future unless the consumer cancels. Common forms of Advanced Consent Marketing include:

(i) Free Trial Offers

(ii) Continuity Programs

(iii) Automatic renewal

(iv) Pre-notification negative option

(a) Pre-notification negative option programs are programs in which the consumer receives advance notice of a selection and has a period of time, typically ten (10) days, to reject the selection. These programs are subject to the FTC Pre-Notification Negative Option Rule (CITE).

(v) The other types of programs are not specifically regulated, but have been the subject of numerous challenges, class actions and consent orders. The key regulatory concerns are:

(a) Disclosure of all material terms and conditions at the outset of the offer

(b) Disclosure of all costs

(d) Disclosure of method of cancellation

(e) Obtaining consumer’s informed consent

(f) Providing easily accessible method of cancellation

5. Gift Certificates/Gift Cards

a. Gift cards/certificates are being increasingly regulated by the States. Currently, the following states have laws specifically regulating the issuance of gift cards: California, Connecticut, Hawaii, Maine, Massachusetts, New Jersey, New Hampshire, New York, and Rhode Island. Some states prohibit the expiration of gift cards; others require cash redemption.

b. The proliferation of state laws regulating gift cards has led to an increase in class action litigations against retailers based on their issuance of gift cards. Just last month, class action lawsuits were filed against eight major retailers.

(i) Redemption of gift cards for cash;

(ii) Replacing lost or stolen gift cards

(iii) Complying with state laws on expiration/dormancy fees.

6. Marketing to Children

a. The regulation of advertising to children in the United States is shifting from a system almost entirely monitored through self-regulation to one that is the subject of increased government scrutiny and control. A major force behind this movement is the largely increasing popularity of the Internet and the ability to provide advertisers with almost unlimited access to children. Recognizing the permanence and pervasiveness of the Internet, the government continues to respond with the enactment of federal legislation to prevent the exploitation of children by commercial entities in the online arena.

7. CARU Guidelines

a. In addition to complying with the general requirements under Section 5 of the FTC Act that advertising must not be unfair or deceptive, Web sites directed to children or portions of general audience Web sites directed to children are subject to the rules and guidelines of the Children’s Advertising Review Unit (“CARU”). CARU, which is a division of the Council of Better Business Bureaus, primarily acts as a review unit to evaluate advertising to children under 12 years of age that does not comply with CARU’s well-established self-regulatory principles and guidelines. The CARU principles, which apply to all forms of advertising, including the Internet, are as follows:

(i) Advertisers should always take into account the level of knowledge, sophistication and maturity of the audience to which their message is primarily directed.

(ii) Advertisers should exercise care not to exploit unfairly the imaginative quality of children. Unreasonable expectations of product quality or performance should not be simulated either directly or indirectly by advertising.

(iii) Advertisers should communicate information in a truthful and accurate manner and in language understandable to young children with full recognition that the child may learn practices from advertising which can affect his or her health and well being.

(iv) Advertisers are urged to capitalize on the potential of advertising to influence behavior by developing advertising that, wherever possible, addresses itself to positive and beneficial social behavior.

(v) Care should be taken to incorporate minority and other groups in advertisements in order to present positive and pro-social roles and role models wherever possible. Social stereotyping and appeals to prejudice should be avoided.

(vi) Advertisers should contribute to this parent-child relationship in a constructive manner.

b. In addition, advertising for sweepstakes and promotions directed towards children are specifically addressed by CARU guidelines. CARU’s overriding concern is that the advertising should not create an unrealistic or inflated expectation of winning. Therefore, CARU requires that: (1) the prizes be clearly depicted; (2) the number of each prize to be awarded be clearly disclosed; (3) the prizes be appropriate to a child audience; (4) the alternate method of entry be disclosed; and (5) online contests do not require children to provide more information the necessary to participate in violation of the CARU Guidelines and the Children’s Online Privacy Protection Act. Although CARU once advocated the use of a phrase such as “Many will enter, few will win” to inform children that not every entrant will win, CARU no longer believes that this type of phrase is sufficient. With or without such a phrase, CARU now requires a clear depiction of the types and number of prizes.

c. CARU has also promulgated guidelines for Interactive Electronic Media which are intended to be read within the broader context of the general guidelines discussed above. These guidelines seek to protect children from inappropriate online marketing practices as follows:

d. Web sites targeted at children should not knowingly maintain links to pages of other sites that do not comply with CARU Guidelines.

e. In all communications from online advertisers to children, the advertiser should remind and encourage parents to monitor their children’s use of the Internet.

f. Age screening mechanisms presented in a neutral manner should be implemented on all sites where there is a reasonable expectation that a significant number of children will visit.

g. Web sites transacting sales with children should either utilize available technology to provide the person responsible for the costs of the transaction with the means to control the transaction or enable the person responsible to cancel the order and receive full credit.

h. Data collection should comply with COPPA and the principles established by CARU under its safe harbor status.

8. COPPA

a. Online advertisers and marketers are also subject to the requirements of the Children’s Online Privacy Protection Act of 1998 (“COPPA”). In reaction to an FTC Report to Congress finding that many sites collected personally identifiable information directly from children, yet did not provide for some form of parental control over the collection of information from their children, Congress COPPA. This Act was adopted as part of the Omnibus Spending Bill approved by Congress and signed by the President in October 1998. Specifically, COPPA requires any operator of a Web site or online service directed or targeted to children that collects, or has actual knowledge that it is collecting, personal information (e.g., name, physical and e-mail address, telephone number, social security number) from children under 13, to provide notice on the Web site of what information is collected, how the operator uses such information, and the operator’s disclosure practices for such information. COPPA also requires operators to obtain verifiable parental consent before collecting information from children under 13.

b. In accordance with Section 6502 of COPPA, the FTC issued the final rule regarding the online collection of personal information from children under 13 (the “Rule”), codified at 16 CFR 312. The effective date for compliance with the Rule was April 21, 2000.

c. The Rule requires the creation of a children’s information practices policy for each Web site (or portion thereof) that is targeted to children under 13 or that knowingly collects personal information from children under 13. Personal information means individually identifiable information such as first and last name, home address, e-mail address and social security number. The Rule requires that a clearly labeled link to the notice of the site’s children’s information practices policy be clearly and prominently placed (a) on the home page and (b) on every page where personal information is sought or collected from a child. If the Web site is a general audience Web site with a separate children’s area, the site must post the link on the home page of the children’s area.

d. The notice containing the Web site’s children’s information practices must contain specified information. The contact information for all of the Web site operators collecting or maintaining personal information must be included in the notice. The type of personal information that will be collected, the manner in which it will be collected, and how such information will be used must also be disclosed. The notice must state whether and for what purposes the personal information will be disclosed to third parties. In addition, it must be disclosed that parents are able to review the personal information collected from their children and prohibit further use or collection of such by the site and/or third parties. The notice must also state the procedures to follow. Finally, the notice must expressly inform parents that operators cannot condition a child’s participation in an activity on the provision of more personal information than is reasonably necessary for the activity.

e. Whenever a Web site operator attempts to collect personal information from a child under 13 for purposes other than responding specifically to a request from the child or protecting the child’s safety online, the operator must obtain verifiable parental consent prior to the collection of the information. The Web site operator must send a notice directly to parents that contains all the information included in the notice of the information practices found on the Web site itself. In addition, the notice must state that the site wishes to collect personal information from the child, that the parent’s consent is required for the collection of the child’s personal information and how the parent can provide such consent. In obtaining such consent, the operator must make reasonable efforts in light of the available technology. Acceptable methods of obtaining prior verifiable consent include the following expressly-listed mechanisms: a signed consent form from the parent returned via mail or facsimile; a toll-free number where parents can call to give their consent to trained personnel; requiring a parent to use a credit card number in connection with a transaction; a digital certificate that uses public key technology; or the provision of an e-mail message with a PIN or password obtained by one of the aforementioned methods.

f. If there are material changes in the information collection practices, the operator must send a new notice requesting consent to the parents who have previously provided verifiable consent. Any parent of a child who has provided information to the site may request the operator to provide a description of the types of information collected and the opportunity to prohibit the operator’s further use or collection of the child’s personal information. If a parent refuses to permit further use or collection of a child’s information, an operator may terminate the child’s access to the services provided by the site. In addition, if requested, the parent must be given the opportunity to review the personal information collected from their child. In providing such information, the operator must ensure that the person requesting such review is the child’s parent.

g. The Rule provides exceptions to obtaining verifiable parental consent prior to any collection, use and/or disclosure of a child’s personal information. A Web site operator may collect from a child under 13 the name or online contact information of the child or parent to be used solely for the purposes of contacting the parent to obtain verifiable consent or providing notice of material changes in the Web site’s information collection practices. The contact information collected under this exception must be deleted from the operator’s records if the parent’s consent is not obtained within a reasonable time from the information being collected. A Web site operator is also permitted to collect online contact information from a child who is under 13 without prior verifiable parental consent in order to respond to a one-time request from the child, but only if the information collected is not used to re-contact the child and is deleted from the operator’s records.

h. If a Web site operator collects online contact information from a child who is under 13, without prior verifiable parental consent, in order to respond to a specific request from the child more than once, the Rule requires the operator make reasonable efforts to ensure that the parent receives notice immediately after the first response containing all the information required in the Web site’s information collection practices notice. In addition, the notice must state that the operator has collected information from the child, has contacted the child once and needs to contact the child again to respond to the child’s request. The notice must also provide the parent with the opportunity to request that the operator cease using and delete the information. The information collected in this manner cannot be used for any purpose other than to send the parental notice and to respond to the child’s request. If the parent fails to respond to the notice, the information may be used for the purpose stated in the notice.

i. The Rule also allows a site operator to collect a child’s name and online contact information to the extent reasonably necessary to protect the child’s safety on the site or online service. The information collected can only be used for the purpose of protecting the child’s safety, cannot be used to re-contact the child or for any other purpose, and cannot be disclosed on the Web site or online service. The site operator is also required to send the child’s parent a notice containing all the information required in the Web site’s information collection practices notice. The notice must also state that once operator has collected the child’s name and e-mail address (or other contact information) to protect the safety of the child, that the parent can refuse to allow the use of the information and require the deletion of such, and that the operator may use the information for the child’s safety even if the parent does not respond to the notice.

j. The final exception to obtaining prior parental verifiable consent occurs when it is reasonably necessary for the operator to collect a child’s name and online contact information to protect the security of the site, take precautions against liability, or to respond to law enforcement agencies or public safety.

k. In addition, the Rule sets up a procedure whereby an operator’s compliance with approved self-regulatory guidelines established by the online or marketing industry will be equivalent to compliance with the Rule. The Rule provides a safe harbor from government action for improper trade practices for industry groups and other site operators wishing to create self-regulatory programs governing participants’ compliance. Under this safe harbor, sites participating in FTC-approved self-regulatory programs in compliance with FTC-approved self-regulatory guidelines would generally be deemed in compliance with the Rule. Such sites would, in certain circumstances, be subject exclusively to review and disciplinary procedures provided under the guidelines of such programs rather than formal FTC action. The Rule sets forth the process by which industry groups and others could obtain FTC approval of their self-regulatory guidelines.

l. In January 2001, the Children’s Advertising Review Board of the Better Business Bureau (CARU) was approved by the FTC as the first “safe harbor” program under COPPA. CARU implemented Safe Harbor Compliance Requirements, some of which go beyond that required by COPPA. The Entertainment Software Rating Board (ESRB) and TRUSTe were approved as COPPA safe harbor programs in April 2001 and May 2001, respectively.

9. Enforcement of COPPA

a. Since the inception of COPPA, the FTC and CARU have been extremely active in educating the public about COPPA and policing the Internet for compliance.

b. In February 2003, the FTC entered into consent decrees with Mrs. Fields Cookies and Hershey Food Corporation for violating COPPA by collecting personal information from children under 13 without obtaining the proper prior parental consent. The FTC alleged that portions of the Mrs. Fields Web site collected personal information from more than 84,000 children in connection with birthday clubs and coupons without obtaining prior parental consent. As a result, Mrs. Fields Cookies was required to pay $100,000 in civil penalties. The FTC brought an action against Hershey Food Corporation for utilizing inadequate methods of verifiable on its W3eb sites directed toward children Hershey was required to pay $85,000 in civil penalties.

c. In April 22, 2002, the FTC entered into a Consent Decrees with The Ohio Art Company for violations of COPPA on its site www.etchasketch.com. The site collected personally identifiable information from children registering in the Birthday Club with an online form which merely instructed children to “get your parent or guardian’s permission first.” Personally identifiable information was collected personally identifiable information from more than 2500 kids. The FTC alleged that the site failed to obtain verifiable parental consent, provided an inadequate privacy notice, failed to provide parents with notice and a reasonable means to review personally identifiable information and conditioned participation in an activity on providing more information than was necessary to participate in such activity. The Ohio Art Company was required to pay a civil penalty in the amount of $35,000. The site is required to maintain a link to the FTC kidzprivacy area within the site’s privacy policy, within the direct notice sent to parents and at each location on its Web site where personally identifiable information is collected. In addition to reporting requirements, the site was required to delete all personally identifiable information collected from children through etchascketch.com since April 21, 2000.

d. In February, 2002, the FTC entered into a Consent Decrees with American Popcorn Company for violations of COPPA on its site, www.jollytime.com. The site had a Kids Club section with games etc where personally identifiable information was collected. It also conditioned participation in prize offers on providing more information than necessary. Online form merely instructed children to “check with their parents first.” Collected personally identifiable information from approximately 500 kids. The FTC alleged that the site failed to obtain verifiable parental consent, provided an inadequate privacy notice, failed to provide parents with notice and a reasonable means to review personally identifiable information and conditioned participation in an activity o n providing more information than was necessary to participate in such activity. In addition, the FTC brought an action under Section 5 of the FTC Act for the Misrepresentations in the privacy policy. American Popcorn Company was required to pay a civil penalty in the amount of $10,000. The site is required to maintain a link to the FTC kidzprivacy area within the site’s privacy policy, within the direct notice sent to parents and at each location on its Web site where personally identifiable information is collected. In addition, to reporting requirements, the site was required to delete all personally identifiable information collected from children through etchascketch.com since April 21, 2000.

e. In October 2001, the FTC filed another civil penalty action against the operators of www.lisafrank.com after the Web site operators failed to make changes requested by CARU. The FTC alleged, among other claims, that the site collected personal information from children under 13 before getting verifiable parental consent, did not provide notice to parents about its privacy practices, did not inform parents that it wanted to collect personal information about their children and parental consent was required, and did not include required notices in its privacy policy. In addition to COPPA violations, the FTC also alleged the Web site operators violated the FTC Act’s prohibition of deceptive practices by falsely stating in the privacy policy that parental consent was required prior to collecting information from children under 13. As part of the settlement agreement, the Web site operators are permanently enjoined from future violations of COPPA and must pay a civil penalty of $30,000. See U.S. v. Lisa Frank, Inc. (E.D. Va. 2001).

f. CARU has been extremely aggressive in scrutinizing online advertising and sweepstakes directed towards children. The following are some examples of actions taken by CARU against advertisers not complying with the CARU Guidelines or their online initiatives:

g. In December 2003, CARU raised concerns with P&G’s disclosure of the prize structure in their online Sunny Delight sweepstakes. After working with CARU, P&G modified its Web site so visitors would automatically see a detailed description of the individual prizes, as opposed to requiring persons to click on a hyperlink to a prize disclosure page.

h. Wrigley agreed to revise its juicyfruit.com site in September 2002 in response to CARU’s concerns with the non-neutral age screening mechanism and lack of session cookies to prevent children from hitting the back button to falsify their age after being rejected for being under 13.

80303954.1