Security on the Go:Rules of the Road for Mobile Apps

in the Security IndustryAICC: 6 June 2013 Eric J. Pritchard

One Liberty Place, 46th Floor

1650 Market Street

Philadelphia, Pennsylvania

(215) 496-7241

EPritchard@Kleinbard.com

The following information is not intended as, or to be understood as legal advice.

Consult an attorney for legal advice with respect to subject matters of this presentation.

Disclaimer

2011 – U.S. smartphone sales surpass PC sales for 1st time

2013 – 320 million mobile subscribers in U.S.

110 million use smartphones

55% use mobile device to access the Internet

2014 – Mobile web usage predicted to overtake PC usage

Trends likely to continue

Growth of Mobile Activity

Software program for targeted task on mobile device

Provide new platform for delivering services and information

Key to Apps:

leverage mobile devices – camera, voice capabilities, telephone transmissions, GPS, Bluetooth technology, to provide uniquely, mobile functionality.

Mobile technology essential for companies where digital communications critical to business Slow adoption limits security providers, essential for industry to monetize apps

Mobile Applications “Apps”

Companies should use Apps.

Companies should address legal issues prior to and during development of App to protect rights and minimize risk

Areas of concern for security industry

◦End User Privacy◦Location Based Services◦ Intellectual Property Rights◦Advertising and Promotions◦Risk Allocation

My Message Today:

Privacy possibly single most important legal consideration for app development.

Sources of Law

FTC FCC State Attorney Generals State Legislatures White House Class Action Lawyers

.

End User Privacy

Types of information:

◦Personal◦Personally Identifiable ◦Location Based◦Financial◦Healthcare Information

End User Privacy

Include clear privacy policy that accurately and completely discloses information protocol, including:◦ Collection, Usage & Storage

Take into account state and federal laws, industry standards and best practices

◦ Not only mobile laws but also state Burglar and Fire Alarm laws

Are you insured for this type of breach?

◦ CGL, E&O and D&O will not help◦ There is cyber liability and cyber risk◦ Consult an insurance professional!

Privacy Keys

Guidelines for LBS Providers

Mandatory Disclosure◦ How users’ location information is used and shared with third

parties ◦ How user may terminate the LBS and the implications of termination

Mandatory Consents◦ Consent for provider to use or disclose location information prior to

using LBS app

Security Measures◦ Employ reasonable administrative, physical and/or technological

safeguards to protect LBS information

LBS information should be retained only as long as necessary

Location Based Services “LBS”

Apps are original works and may give rise to Intellectual Property (“IP”) Rights in course of development Examples of IP Rights include:

◦ Content - The original software code, textual/graphic, database elements, GUI, images and artwork may be protected through COPYRIGHT

◦ App developer may treat source code as TRADE SECRET ◦ App name and terms developed with the app may qualify for

TRADEMARK protection

◦ Process or method embodied in app may be PATENTABLE.

“IP” Rights

Define and secure ownership through contracts including work for hire and invention assignment provisions

Execute non-disclosures & restricted use agreements before disclosing confidential information

Address 3rd party IP issues◦ Apps may incorporate 3rd party IP◦ Is a license required to use the IP?

DON’T assume existing licensing agreement provides right to use! Geographically defined rights Rights limited by distribution platform

◦ Potential risk of infringement

“IP” Rights Continued

Legal issues may arise as a result of: ◦ 3rd party ads on app, advertising or promoting the app, the app

itself especially if it promotes your brand

Apps present same legal issues as websites, e-mail and other on-line communications◦ Commercial text messages regulated by Telephone Consumer

Protection Act (“TCPA”) and FCC rules◦ Law provides private right of action and high statutory

penalties Recent settlement by ADT is evidence of this

App may constitute advertising◦ Descriptions and public statements about App◦ Content and advertising must comply with applicable federal

and state laws

Advertising and Promotions

Is small print enforceable in an app? Drive subscribers to website?

Is risk allocation covered by other agreements?

Is the risk allocation enforceable?

Risk Allocation