Today’s keynote speaker at ISPCON was Elliot Noss of Tucows.  His keynote addressed how Internet Infrastructure companies can compete with the likes of Google and Go daddy.  His answer:  more customization and real personalization.  He used McDonalds to represent Google and Go daddy, and Starbucks as an example of customization and personalization.  In his presentation Rackspace is the Starbucks of the Internet world.  In his opinion Rackspace succeeds not because it is the cheapest, but because it provides a much more stable experience than most infrastructure providers.  Examples of this include robust mail service with large storage space.

As a frequent conference attendee, I hear this keynote often.  In other conferences the keynote has been entitled, alternately, “How to compete with 1and1 and Microsoft,” “Withstanding the entry of the giants,” and so on, and so forth.  Depending on the audience, the theme always seems to be “specialization and customization”

I wonder, honestly, how specialized and customized companies can get and still make money.  Early on in my practice, one of my clients had the idea of creating different brands for different segments of the hosting market.  The CEO called this the “supermarket” strategy:  he wanted to own the most shelf space in the hosting market.  Consequently the company had over 10 brands, each with a different message, back end, support needs, etc.  Needless to say, this level of specialization became uneconomical over the long term, and we ended up folding all the brands into two major brands.

Similarly, another client sought to compete in various segments of the market.  So he targeted lawyers, doctors and chambers of commerce.  This specialization required an enormous amount of sales time, and very expensive marketing (getting a lawyer’s attention isn’t cheap).  This marketing effort worked, but the customer market was so specialized, and the product not scalable to other markets, it was eventually folded into a standard “unlimited bandwidth, storage, 10 GB e-mail” plan, with resulting churn.

What Elliot talked about, that strikes me as true, based on those of my clients who are successful, is that successful Internet businesses are high touch, and that people will pay to have their problems go away.  Examples of this, and hosting companies that are taking business from 1 and 1, etc., include those that focus on customer support, implementing complex outsourced solutions like exchange, and hold the hand of overburdened IT departments. 

In each of these examples the customization and specialization is applicable across the entire product line, and is not feature based.  So instead of creating an e-mail solution that meets the unique needs of lawyers, they have support that teaches the lawyers how to create the e-mail product they need. 

I see an analogy in my own business:  clients pay me to make problems go away.  They’re not interested in the most recent regulatory pronouncement about green marketing from the Federal Trade Commission, they just want to be able to market their new “green” data center.  Similarly, the nuanced thread that has run through all these keynotes, whatever their title, has been that customers will pay you to make problems go away.  Seems to me that’s a great way to succeed. 

I recently closed on a real estate purchase.  If there was one area of life that screams for the web, it has to be this one.  I’m not talking about sites like Realtor.com (yawn), Trulia, Zillow, or hotpads, these are all OK for armchair looking, I’m talking about the process itself:  the process is so *intensely* paper based, I’m quite convinced that half the Amazon rain forest was consumed in my transaction alone.

Let’s start with the offer process.  I offer X.  My Realtor prepares a 37 page offer.  I sign here, initial there, and he faxes it to the seller.  Naturally the seller counters.  His Realtor prepares a 40 page counter.  You can see how this goes on and on.  Of course through all this faxing, the initial copy becomes unclear, necessitating a completely new contract.  I’ve finalized $10 million dollar offers by e-mail.  Why I can’t even make an offer on a piece of property that way boggles my mind.

Next is the lending process.  I started on Lending Tree.  You fill out a 10,000 screen on-line questionnaire and then what?  You start getting e-mails.  To get actual information from these lenders, you are immediately *faxed* 10 pages of paper that must be physically signed, and faxed back, with a copy in the mail.  So I’m already up to a potential 40 pages of paper, just to get a squishy maybe, maybe not, commitment of an interest rate.  Why can’t this be done on-line?  Beats me.  Must be the lawyers.

I ended up not using a Lending Tree lender, and chose Carteret Mortgage instead.  Now here was a company who at least understood my pain.  A simple on-line form, leading to a quick loan qualification letter.  Really the only thing I had to sign were two simple forms stating that the information I’d provided them on-line was correct.

Once you choose a lender, then the fun really begins.  Because I’m self employed, I’m a five headed hydra to most lenders.  Can I give you a screen shot of my on-line banking balance?  Oh no, we need your bank statement.  Well now most banks don’t even give you paper statements any more, and none of my choices for savings even produce statements – that’s why they can pay a higher interest rate.  Does it matter that these very same banks write mortgages?  Nope.  Find some way to get it on paper.  The coup de grace was when my accountant was required to fax in a letter stating that he had prepared my 2005 and 2006 tax returns.  It didn’t matter that he had signed my tax returns, and that I had sworn to the IRS that he had done so.  Apparently banks are a higher authority than even the IRS.  This is simply a small snapshot of the amount of paper that had to be generated simply to get the loan.  Needless to say there is a well worn path from my front door to my mortgage broker’s front door.

So finally the day of closing comes.  Can this be done at least by fax with signed pages in the mail?  Oh no.  It must be done in person (plus $45 in dubious “courier” fees).  Why is this?  I have no EARTHLY idea!  I’ve been practicing law for 17 years, and have closed over 20 transactions of up to $200 million.  How many of these have been in person?  Zero. 

So what can we all learn from this experience, which almost all of us have had?  First is that many of us in the Internet industry live in a bubble.  Some of my pain would have been lessened if I owned a scanner.  I don’t.  Why?  I don’t really need one.  My clients don’t want more paper (or pseudo paper), their customers don’t want paper, the only people who do?  Lawyers.  Indeed, I believe that there is a special place in hell for lawyers who FedEx me DMCA complaints in 10 pound boxes.    

Second, let’s get off our addiction to the paper format.  How about a New Year’s resolution to decrease our use of the .pdf format 50%.  The receiving party either has to print the file out, or make their comments by e-mail, which generally have to be printed out to be understood.  I remain unconvinced that sending everything in .pdf form leads to fewer changes/comments.  A “living” document like Word or some other changeable format, typically leads to better deals anyway.  .pdf files also have to be printed out, signed and faxed.  Just as legally binding are services like Echo Sign that provide evidence of signature and an unchanged contract.

Finally, let’s all stop being so risk averse.  Why do I get DMCA complaints in 10 pound boxes?  So that someone can argue that I had actual knowledge of the facts set out on the documents in the box.  Both case law and the Federal Rules offer ways to demonstrate that knowledge without further harming the environment with paper and the jet fuel needed to get it to my doorstep by 7 am.  It may take some additional thinking, but in the end, it should all make our lives simpler, and more efficient.

What won’t change?  My engagement letters.  My malpractice insurer requires them to be on paper and physically signed.  Sigh.

 

Wednesday January 25^th’s Domainfest keynote was presented by John Battelle CEO of Federated Media.  John chronicled his business career in traditional media, and how it led to his current position.  While his career is basically a timeline of the booms and busts of Web 1.0 to Web 2.0 (a term I loathe) his major point was that the web, what users expect, and what you can do, has changed.  This point has been driven home to me again and again at the conference, and honestly, why I was encouraged to attend.

Many of the speakers, presenters and the live domain auction itself, focused on topics like increasing  pay per click revenues by doing things like adding pictures.  That this gambit is short term at best was illustrated when John showed a screenshot of the site be.com.  It’s difficult, if not impossible, to come up with a reason why you’d want to navigate to this site – there really is nothing on the landing page that is in any way related to the two top uses of the word “be” (at least according to Google), as the stock ticker symbol for BearingPoint or the country Belgium (or for that matter, one of my fraternity brothers band “be”).  Rather, there are the standard links that every site seeking to capture “type in” traffic includes:  Dating, Cars, Electronics, etc. etc.  Now while I’m sure that the owner of be.com makes a decent living, and Hitfarm, the company that provides the landing pages is in fact optimizing the landing page to reflect traffic patterns, I can’t help but think that something’s missing.  The “parked pages” concept seems to be a concept that does not reflect current use of the Internet, or those uses that are right around the corner.

I wonder how difficult it would be for domain owners to utilize new technologies to truly optimize their sites.  While I fully understand the power of Big IP, I wonder how difficult it would be to create a series of template sites that capitalize on the current use of the domain name?   If you can’t figure that out, how about a wiki?  People who come to the domain could tell you what they came there for.  What about some “Office 2.0” tools you get for free that enhance the value of the page to the users?  Features like this might increase the value of the domain itself, but also remove some of the legal issues surrounding domaining, that make life difficult for domainers.

Sticking with what works is a decent business philosophy, but keeping your eyes open, and creating a nimble organization is, I’d say, a crucial component to success.

Lest you think I’m picking on domainers, let me make one thing clear:  I think it’s worse in the hosting world.  For crying out loud, how much bandwidth, disk space, and free domains can the industry give out before hosting is totally free?  For hosts, business is moving in the same direction as domains.  The cost of including new tools has significantly declined, and your ability to include them with minimal engineering has increased.  Look, for example, at Hostway.  Hostway’s business has expanded from shared, and now includes domain parking services.  It’s really only a matter of time before the services provided to parked pages is expanded to include creating sites of more apparent value.

I think, sometimes, we need to venture out of our comfort zones to see what else might be out there. 

I frequently debate the utility of new technologies with third parties and my clients.  Those of you who’ve seen Isabel Wang and my Punch and Judy presentations know that we both have pretty strong views of the place that cutting edge technology plays in business.  While some of my thoughts on the incorporation of new technology into business are based on liability and contract concerns associated for “not ready for prime time” technology, they’re also based on a healthy dose of skepticism about the utility of all this stuff.  As a lawyer, I tend to need less connectivity rather than more – it’s tough to read an 80 page contract with IM chirping away and friends telling me all day long what they’re doing.  However a number of things have occurred this past year that have made me think about the relationship between lawyers and new technology.

The first was a post on Isabel’s blog in which she evangelizes the business utility of facebook and twitter.  My thought about twitter has been “you’ve got to be kidding me?  What are you doing?  I’ve had more insightful conversations with a carrot!  Besides, I can just see someone in tech support posting:  ‘patching X customer’s server.’”  The second is a debate on FlyerTalk in which members of the Continental board mused about the potential legal issues associated with flight crews buying pizza for stranded passengers.  Many people took the position that if a passenger got sick from eating the pizza, Continental would be sued.  Finally, I’ve spent some time this week figuring out how to IM with my clients during contract negotiations since so many of them have walled off IM devices.  The most frequent reason I hear for doing this is that someone read somewhere that there were liability issues associated with giving employees unfettered access to IM.

It’s that issue, fear, that I think drives most lawyers to recommend to their clients to kill or significantly rein in technology.  Let’s look at my last anecdote – that IM may lead to accidental disclosure of confidential information.  I’ve heard many attorneys spout this rationale for advising their clients to wall off IM.  But how true is it?  I’ve used IM for over 7 years to communicate with my clients, often with several different conversations going at once, and maybe one or two with friends chirping away as well.  Not once have I told client X what client Y was doing, or one of my friends that the other hated his guts.

Fear that causes lawyers to avoid, or kill, new uses of technology.  First, we’re trained (and like it or not, paid) to spot all the possible problems that issues may present our clients.  In the case of new technology, that may result in one of two outcomes:  the number of problem issues spotted by the attorney becomes so overwhelming, that the client simply abandons the technology fearing that any potential upside will be overtaken by liability issues; second, the lawyer fails to identify ways that the client may mitigate any liability, or work around it.  This second reason seems to stall or kill many projects.

So how does a host, who would like to use many different and potentially untested products deal with this?  The first is to recognize that there is no such thing as a litigation proof strategy or product.  People sue for many reasons, and occasionally for no reason.  You need to be comfortable with the fact that, particularly with new technology, your lawyer isn’t going to be able to assure you that there is no, or even little, risk with a new product.  Second, it’s going to be impossible for your lawyer to quantify every element of risk.  This is particularly true with uses of new technology:  there’s simply nothing to benchmark your risk against.  Also, pressed to the wall, your lawyer is likely to become very conservative.

Finally, you may need to press your lawyer to identify solutions.  Don’t simply engage your lawyer to issue spot for you, engage him as a full member of your team.  If your lawyer sees the full picture, it’s more likely that he’ll be able to identify solutions to the issues he’s raised.  You may also need to encourage him to find new solutions.  Many lawyers are used to being simply asked to issue spot, not help with solving the issues.  However, most lawyers will leap at the opportunity to help make things work – it’s simply more fun. 

Is Awareness a lawyer’s dream?  This afternoon, I met with David Carter a founder and the CTO of Awareness.  Awareness provides social media tools to businesses.  These tools allow corporations to create blogs, wikis and use other networking tools that have been found to facilitate business communication and community.  From a lawyer’s perspective, Awareness “gets it.”

One of the criticisms leveled at lawyers is that if our clients did what we recommended, employees would still be writing memos on notebook paper and sending them down to the steno pool for transcription.  In some ways that criticism is warranted when a client wants to incorporate technology that doesn’t facilitate compliance with the law.  While a particular item of technology, like a blog, might move your business forward, the real world, like liability for a defamatory post, often intervenes.  Awareness’ products seem embrace technology, and the productivity promised by it, while allowing compliance related efforts to take place in the background.

Awareness’ products incorporate permissioning, versioning and filtering out of the box.  These tools are crucial for businesses who seek to utilize office 2.0 tools, but who also understand the theory of litigation prevention (as opposed to litigation attraction).   Permissioning  is a great way for larger companies to embrace these technologies without sacrificing controls put in place to deal with real world issues.  For example, while free and open communication is a great thing, I think even the most diehard technology evangelist would agree that human resources’ wiki shouldn’t be open.  So business faces a choice:  deny HR a wiki, create a totally separate system for HR, or abandon wikis altogether.  A set of permission based wikis may solve this problem.

Versioning is another great tool.  Companies often need to know when and where a document, blog or wiki was updated.  This might help in understanding why a particular contract provision was worded the way it was or where a trouble ticket got mishandled.  The latter is a nice way to pre-empt litigation.  Imagine if you were using a wiki to problem solve a server crash that caused other problems.  By referring to prior versions of your wiki, you could effectively communicate with your customer about how things went wrong, and why.  This type of communication is often the single best way of keeping that customer from calling their lawyer, and increasing your legal costs as a result.

I also really like this version of filtering.  Filtering has VERY negative connotations.  When people, including myself, think of filtering, we tend to think of very heavy handed, and honestly, very lawyer driven, filtering systems that end up forcing people to communicate using vague and tortured language.  However properly implemented, filtering can be an effective business communication tool.  For example, you might want to create an internal corporate blog.  To make the blog effective you put few or no restrictions on what can be discussed.  You could use filtering to leverage your internal blog.  By setting up rules, certain content from your internal blog could be posted to your public blog.  Not only does this save you time and money, it makes your external blog more authentic, and might result in more market acceptance.

So, overall, my conversation with Mr. Carter was pretty exciting.  It’s interesting to see technology embraced and adapted in ways that acknowledge real world issues and the way corporate environments need to be structured to deal with business today.

 

The office2.0 conference began yesterday with a cocktail party.  At the party, I met a doctor from CNMRI who is using technology in two interesting ways.  He’s using Twitter so his staff can figure out what tasks each of them are engaged in throughout the day – this allows them to focus more on patients, and less on locating each other.  The second is a project to build a web based statewide health information network in the State of Delaware.  This will let doctors and patients share medical records across the web.

As interesting as these new applications of technology are, they rang two alarms for me:  privacy and HIPAA.  As I’ve noted in both my columns and on this blog, I believe that privacy is likely to emerge as a regulatory and litigation issue in the next year.  The use of Twitter in a medical capacity has significant privacy implications.  While I was unable to access Twitter to review its contract, I would assume that it has provisions similar to the contracts of most internet infrastructure providers which basically say that the provider has no liability for anything and does not guarantee the security of its network.  So where does that leave the doctor when Twitter accidentally discloses that one of the doctor’s patients is in exam room 3 being treated for a STD, and the doctor is sued when the patient’s wife finds out?  Twitter may have some liability depending on what its privacy policy says.  As I often point out, privacy policies are contracts between companies, their customers, and often third parties.  As a result, they should be reviewed with the same level of scrutiny.

HIPAA is also a big issue.  I inquired whether the doctor had sent Twitter a Business Associate Agreements (BAA) and how these agreements would function in the context of a networked medical records system in which each doctor had their own ISP and likely host who was connected to other hosts and bandwidth providers. 

BAAs are main legal issue for web hosts and other internet infrastructure providers under HIPAA.  BAA’s impose additional contractual obligations on third parties based on a health care provider’s obligations under HIPAA.  In essence you are contractually obligated to follow the terms of the BAA.  HIPAA itself does not contain a form BAA.  As a result, businesses are free to create their own BAAs as long as they conform to the bare minimum required by the statute.  As might be expected, some businesses have been using BAAs to back door contractual provisions that they were unsuccessful at getting in their initial negotiation.  The most common provisions I see are privacy warranties and SLA carve outs, neither of which are required by HIPAA.  Hosts and other internet infrastructure providers need to pay close attention to BAAs they receive to make sure that they are only contractually obligating themselves to things they can actually do.

Many people have seen Isabel and I debate the pros and cons of SaaS and Web 2.0 technology.  While by and large I talk about potential liability issues stemming from the sale and use of this technology, there is a certain curmudgeonly aspect to my side of the debate:  I’m simply not a convert.  In spite of all the fabulousness that this technology promises, I still remain skeptical.  In my mind, Web 2.0 in particular, conjures up the ghosts of 2001.  In thinking about this, I wonder are Shopster, and twitter the next riot-e?  Admittedly, I’m not a business guru, but the only business application I can think of for twitter is for police departments to use it to keep an eye on individuals wearing monitoring anklets.    I can see the “mash up” now:  the LAPD sells twitter feeds of celebrity monitoring anklets to the National Enquirer so that they can buy some new patrol cars.

However, in the spirit of open-mindedness, I’ve decided to go to the Office 2.0 conference to see if the time is right for this new technology.  The Office 2.0 conference is “aimed at discovering the future of online productivity & collaboration.”  For me, this seems to be the best shot SaaS and Web 2.0 technologies have at true acceptance and profitability.  Rather than be an armchair CEO, I’m going to approach my participation in the conference in the same way I approach my debates with Isabel:  how have the companies that market these new technologies addressed real world legal issues?  I plan on blogging from the event to see which companies, and speakers, discuss the following issues:

Is there a contract that customers can rely on (as opposed to "beta" products)?

What kind of support does the company provide?

Are intellectual property rights allocated appropriately?

Have privacy and data distribution issues been addressed? 

In subsequent entries I'll discuss why I think each of these points is a valid legal issue.  Next week I'll blog from the conference itself.  We'll see if Isabel is right.  Let the wagering begin. 

 

For those of you who missed Isabel and my seminar at ISPCON or our presentation at the SW Soft Summit, Isabel has alerted me to another matter that will allow me to do some additional fear mongering. Amazon.com allows users to tag content on the company's website. In an article on the tags, Nicholas Carr noticed that some entries for DVD's contained tags with key words including "young girl" and "nymphette." Mr. Carr discovered that most of these tags had not been placed there by users, but rather had been imported by amazon from imdb the Internet Movie Database.

Amazon likely created a simple program to import the tags, maybe with, maybe without, imdb's consent. While amazon's likely intent was to simply enhance its site, and facilitate user communities, this matter highlights legal issues that can arise from new business ideas. Nothing is ever as simple as it seems. Companies need to determine how new business ideas will work in the real world, and possible risks they present. For example, while amazon may not have liability for the tags its users post, it likely is liable for the tags it creates, regardless of the fact that these tags come from imdb, and regardless of whether they were created by imdb's users. Given the history of litigation on the net, and law enforcement activity, it is not a stretch to imagine an enforcement action against amazon based on the fact that amazon has facilitated child exploitation communities on its website.

As I like to point out in my talks on this topic, you need to go beyond the standard question to your lawyers: "is this legal?" A lawyer would likely say "well do you have a license agreement with imdb? Does your distribution agreement allow you to post user comments? etc." Involving your lawyer in the entire process will likely surface issues you may not have realized were there, and which, honestly may carry a higher litigation risk for you than simply violating a distribution agreement. Besides, if you've engaged a lawyer who is interested in your business, they're likely to find this type of involvement more interesting and professionally fulfilling than simply reviewing a license agreement.

This session presented by Charlie Cary of XO and Stephen Crawford of Jamcracker was an interesting follow up to my ISPCON session on SaaS legal issues. One of the things that the speakers focused on was "sticking to your knitting" and creating a seamless customer experience. I think these concepts are crucial to help you understand the legal issues involved in selling SaaS. It's very important to only sell those SaaS that you can actually service and support. What this means is that you are not completely outsourcing all of your legal, compliance and support matters. The second issue is also important. For SaaS services because your customers are outsourcing a crucial making sure that your services are seamless is very important. Customers are unlikely to accept responsibility shifting from you to your vendors to their vendors. As a result, creating a seamless customer experience, or as seamless as possible, will do a lot to minimize potential liability.

New York Attorney General Andrew Cuomo recently announced a settlement with Travelocity, Priceline and Cingular related to ads that they had distributed through adware company "Direct Revenue." Cuomo alleged that the companies knew, or had reason to know, that Direct Revenue was distributing their ads using adware that was secretly installed on users computers and was difficult for the users to remove. Cuomo alleged that Direct Revenue's business practices were unfair and deceptive under New York Law, and that the third parties had an obligation to look into those practices prior to distributing their advertising through Direct Revenue.

The most interesting part of the settlement is the fact that in the settlement agreement, the companies agreed to an "adware policy" and to implement a due diligence process to vet on-line advertising partners. The adware policy must, at a minimum:

-disclose information about its adware providers to its users; -brand all ads with its logo; -disclose the fact that an ad contains adware, and receive affirmative consent to any download, all on the first visible screen of the ad; -install a removal utility, visible to the consumer, in the consumers "add/remove programs" in the operating system; and -require all adware partners to agree to the adware policy.

The due diligence process requires these companies to, once per quarter:

-ask their adware vendors to disclose the programs they use to distribute the adware; -download the software themselves from three different websites, not disclosed by the adware provider; -verify that each download complies with the adware policy; and -cease using any adware program if the program violates the adware policy or fails to satisfy the due diligence process.

Holding third parties responsible for the trade practices of their partners is an important development. In previous third party liability cases, there has been a direct connection between the trade practice and the money made. In this case, none of the parties stood to profit directly from the activities of their partners. Rather, the Attorney General believed that the advertisers had an obligation to look into the activities of their advertising partner. In this case the obligation stemmed from the fact that "adware" is a controversial topic to begin with.

I believe this signals a change in approach to unfair and deceptive trade practices. Hosts would be well advised to spend more time looking into the business practices of their partners, particularly in the area of advertising, and distribution, where cutting edge business practices are under scrutiny.