The Short Names

The world’s third-largest computer company will start selling its first mobile phone next month through China Mobile, the country’s biggest wireless carrier. The phone, called the Dell Mini 3, runs Google’s Android and has no keyboard and a touch screen. It will also not have wi-fi to comply with government regulations.

Dell also said it will be available in Brazil later this year, but did not mention when it would launch a phone in the U.S. with AT&T (NYSE: T). In China, the Mini 3 will be part of China Mobile’s forthcoming OPhone line, which will compete against the iPhone being sold exclusively by China Unicom. Dell’s relationship with China Mobile first kicked off through selling subsidized netbooks with cellular data plans. Michael Tatelman, VP of sales and marketing for Dell’s global consumer business, told AP that Dell wants carriers to have some control over the phone, which is why it choose the flexible Android platform. As Michael Dell said previously, Tatelman confirmed the company still hasn’t ruled out making phones running Microsoft’s Windows Mobile.

In what appears to be a significant and somewhat groundbreaking decision, a federal court in Illinois ruled that a couple whose online access to their credit line was compromised could hold the bank liable for failing to adequately safeguard the account.  (Shames-Yeakel v. Citizens Financial Bank / Case No. 07-C 5387) (first blogged by the Digital Media Lawyer Blog here and picked by Wired’s threat level here).  Wired links to the ruling here: [pdf].

Background:  the facts are *somewhat* straightforward.  The plaintiffs were customers of Citizens Financial Bank.  In 2007, someone gained unauthorized access to plaintiffs’ credit line, obtained an advance of $26,500, transferred the amount to the plaintiffs’ account, then to a bank in Hawaii, and finally to an Austrian bank.  By the time the dust settled, and plaintiffs reported the situation to the bank, the miscreants were long gone, and the Austrian bank refused to refund the money.  Citizens (plaintiffs’ bank) was unable to retrieve plaintiffs’ funds and told plaintiffs it intended to hold plaintiffs liable.  Citizens sent plaintiffs statements when monthly payments became due, and when plaintiffs disputed and failed to pay, Citizens sent the matter to collections.  Plaintiffs brought suit (I think) seeking to hold the bank liable for the loss, and alleging violations of other rules, including the Fair Credit Reporting Act, Truth in Lending Act, and the Electronic Funds Transfer Act. 

What happened?  the bank moved for summary judgment.  The court denied the bank’s motion, holding that the bank could be liable in negligence for failing to adequately secure the plaintiffs’ account.  As the Digital Media Lawyer blog notes:

The aspect of the case that may have the largest precedential impact was its decision on the plaintiffs’ negligence cause of action.  A major basis for the negligence claim was the theory that financial institutions have a common law duty to protect their members’ or customers’ confidential information against identity theft.  While the court did not find controlling state law precedent on point…it noted that Indiana courts have held that a bank has a duty not to disclose information concerning one of its customers unless it is to someone who has a legitimate public interest.  The court then stated:  “[i]f this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers’ online accounts.

There were several other claims, some of which survived and some of which didn’t, and many factual disputes (was the account used primarily for personal or business purposes) , but the key portion of the ruling is on plaintiffs’ negligence claims.

****

The take aways? 

Out of Pocket Loss:  I guess the first one is that data breach claims may succeed where there is actual out of pocket loss.  This is pretty consistent with what the courts rejecting data breach class actions say, but to date, the claims (from a consumer standpoint) have not been presented in the context of actual money stolen. 

What Security Standards Should Have Been Used:  The court’s discussion of what standards the bank should have used is interesting.  Citizens just used a standard user name + password means of identifying the users, and the court was receptive (at least at the summary judgment stage) that the bank should have used more (e.g., an identifying question in addition to name and password, computer identification, tokens, etc.). 

How Was the Account Compromised:  The court didn’t discuss this much, but I was definitely curious as to how the plaintiffs’ password was compromised.  Maybe they were careless with it, or gave it to someone?  Maybe they used open wifi?  There wasn’t any actual evidence that the hacking occurred on the bank side.

What About the Terms of Use:  The bank pointed to exculpatory language in the terms of use, but this did not undermine plaintiffs’ claims.  The court didn’t go into detail on this point, but one way of looking at it is that contract language doesn’t always limit claims based on negligence.  There’s always some wiggle room as to whether a claim sounds in negligence, and some resulting uncertainty as to whether contract language sufficiently insulates against these claims.  Some duties cannot be disclaimed by contract.

State vs. Federal Law:  The court’s decision here is based on state law.  To the extent this represents any sort of a trend, companies operating across state lines will lobby for some sort of federal legislation governing this, at least as to particular industries, such as financial institutions?

Should Other Types of Online Providers Be Worried:  The court’s decision is based on recognition that “fiduciary institutions have a common law duty to protect their members’ or customers’ confidential information.”  What types of institutions does  this cover, in the internet era?  How about Facebook, for example?  Does it have a common law duty to protect its members’ confidential information?  Probably not, but I’m guessing this is something that will come up in the future for them.

Last week, China Unicom announced that it had secured a distribution deal with Apple (NSDQ: AAPL) regarding its iconic handset, but that has not deterred the country’s largest carrier, China Mobile, from seeking a deal of their own.

ComputerWorld reports today that talks between Apple and China Mobile are still ongoing, according to a China Mobile spokeswoman. An Apple spokeswoman confirmed that its three-year distribution deal with China Unicom is not exclusive, but did not say whether they are considering additional partners.

Although China Unicom isn’t the largest provider in China, it was the obvious choice for Apple because the carrier is rolling out a 3G network that’s compatible with the technology currently being used in the iPhone. That differs from China Mobile, which uses a homegrown version of 3G called TD-SCDMA. Whether Apple would be willing to support such an obscure technology—even for the chance at reaching one of the world’s largest userbase—is unknown, especially since its been hesitant to even support CDMA.

Clearly, the technology was one hold-up in discussions between Apple and China Mobile, but also plans by the carrier to create its own App Store may have posed a conflict with the iTunes App Store.

Related

• China Unicom Signs Three-Year iPhone Deal

Nokia (NYSE: NOK) used the opening day of its two-day Nokia World gathering in Stuttgart to announce a widget that lets mobile Facebook users add location data and maps to their status updates. It’s a lifecasting plugin for the existing beta Ovi Maps app and uses handsets’ built-in GPS.

But it is a pretty modest step, given Nokia’s previous grand LBS announcements like Point & Find, which hasn’t yet been delivered to the mass market. Nokia’s previously heralded SoLo (social location) idea, which would combine the phonebook with location data, is again due to be discussed.

In his keynote, CEO Olli-Pekka Kallasvuo addressed onlookers’ criticisms that Nokia has been too trigger-happy with its announcements: “The critics have been right,” he said, promising all services previewed at this Nokia World will be available to try within 48 hours.

This year, Nokia finds itself with falling market share, a worsening image in the US and behind Apple’s curve on smartphone UI innovation – but it still has the opportunity to deliver location-based services to the masses.

“We know we still have a lot of work to do,” Kallasvuo said, “but we have a solid plan in place … our ambition is nothing less than to create the biggest delivery platform for services for mobile …

“Piece by piece, we are building a new Nokia. Is it an up-hill climb? Of course it is, and we still have a way to go – but we at Nokia relish the role and challenge of the underdog.”

Although the latest flagship consumer handset, the N97, has received poor reviews, Kallasvuo said it was selling at a faster rate than its popular N95 predecessor. Future Nokia devices will come in three categories, he said: “Phones, smartphones and mobile computers.”

Nokia World is giving the handset maker a chance to further discuss the Booklet 3G netbook (full specs, €575 price), N900 smartphone and Nokia Money announcements already made in the last two weeks.

But it also announced two new touchscreen music phones, the X3 and X6, which will be a Comes With Music device, and an N97 mini, a slimmed-down version. Release.

Nokia Messaging is getting an upgrade to facilitate status updates to social services.

After waiting nearly eight months since their original announcement, Microsoft (NSDQ: MSFT) will release phones based on its latest version of Windows Mobile on Oct. 6. Release.

Microsoft has designed Windows Mobile 6.5 to be geared towards both business users and consumers in an attempt to break from their reputation of being a workhorse-only. Practically, that means the phone’s touchscreen can now be used with a finger and not a stylus and it will have better internet browsing and access to an app store, called Windows Marketplace for Mobile store. It also comes with Microsoft’s My Phone, which lets users back up critical information, like contacts and photos, to the computer (a feature once limited to users who had access to Microsoft’s Exchange services). However, it’s not until Microsoft releases Windows Mobile 7 next year that it will be deemed more comparable to the iPhone or Google’s Android.

Microsoft listed a slew of partners that will embrace the new OS in North America, Europe, Latin America and Asia Pacific. In North America, it named carriers such as AT&T (NYSE: T), Bell Mobility, Sprint (NYSE: S), Telus and Verizon Wireless (NYSE: VZ), and handset makers including HP, HTC, LG (SEO: 066570), Samsung and Toshiba.

Related

• Report: Microsoft Will Make Windows Mobile Cheaper To Compete With Open Source
• Microsoft Says App Marketplace Opens July 27 For Submissions; Support Coming For Earlier OS Versions
• Microsoft Subsidiary Tellme Will Play A Big Role In Windows Phones Coming This Fall
• CIOs to Ballmer: Windows Mobile Is A Hard Sell Even For Enterprise Customers
• @ MWC: Microsoft Unveils Windows Mobile 6.5; App Marketplace; Back-Up Services And More