Published on:

In general, harassing phone calls are distinguished from unwanted phone calls based on obscene or threatening language used to intimidate or scare the recipient. A phone call must hold malicious intentions in order to be classified as harassment punishable under California state laws.

What makes telephone calls a crime in California?

Under California Penal Code 653m, certain elements of a telephone call can lead to liability for criminal activity. The first element is the act of making a telephone call or electronic communication. This can be done via telephone, smartphone, computer, pager, or recorder, among other communication devices. This means that forms of electronic harassment could include text messages, phone calls, emails, faxes, picture messages, video messages, or voice recordings. A defendant can be accused of violating Penal Code 653m even if he/she was not the one to initiate the call. A violation may exist if he/she requested the electronic communication. The next element is the use of obscene language that is meant to threaten or injure the recipient, his/her family and/or property. This includes repeated calls or communication attempts, regardless of the content. The last element is the intent to harass or annoy a victim. There is no violation if the communication is made with the intention of legitimate business purposes, even though certain business calls might seem as nuisance.

What are the penalties for violation of Penal Code 653m?

Since harassing phone calls or communications are considered misdemeanors in California, a defendant is subject to certain penalties under state law. The maximum penalty is a fine of up to $1,000, up to six months in county jail, or both. The defendant might also be sentenced to misdemeanor probation, which incurs a sentence to receive and participate in a form of counseling. Often times, violation of Penal Code 653m occurs along with the violation of a restraining order, under California Penal Code 273.6, or can be classified under California Penal Code 646.9, which is stalking or cyberstalking. If a harassing phone call contains a collection of these offenses, the defendant will be charged for more than one offense with added convictions.

What are legal defenses against a violation of Penal Code 653m?

There are several legal defenses that can be brought against Penal Code 653m charges. The first is that the defendant did not have the intention of harassment. This would mean that defendant might have acted under mental incapacitation or business purposes without the intent to harass. The second defense is that the language or conduct cannot be classified as obscene.  Because of issues around violation of constitutional freedom of speech, obscene language has to be narrowed down to graphic or profane words. Other defenses could include pleading legal insanity of a defendant suffering from an emotional disorder/mental disability, or claiming that prosecution has fabricated harassment claims.

Though telephone companies offer privacy settings, unlawful call complaint centers, and blocking capabilities, it is difficult to tell when a communication is considered just an annoyance or a legitimate form of harassment.

At our law firm, we help inform clients regarding the laws and regulations that apply to telephone call harassment. You may contact us in order to setup an initial consultation.

Published on:

In general, computer crime is a term that covers a variety of crimes involving internet or computer use that may be prosecuted under state or federal laws. Because of the rise in computer crimes, California state laws include provisions that prohibit such crimes. In addition, other states have passed computer crime statutes in order to address this problem.

What is a computer crime?

An individual who accesses a computer, computer system or computer network and alters, destroys, or disrupts any of its parts is considered a perpetrator of computer crime. The charge is selected based upon the intention of unlawful access. Hacking is the breaking into a computer, computer system, or computer network with the purpose of modifying the existing settings under malicious intentions. Unlawful or unauthorized access means that there is trespassing, storing, retrieving, changing, or intercepting computer resources without consent. Viruses, or other contaminants, include, computer code that modify, damage, or destruct electronic information without the owner’s permission. This often disrupts the operations of a computer, computer system, or network. As such, Congress enacted the Computer Fraud and Abuse Act in order to regulate computer fraud and to expand laws against it.

Who handles internet crimes?

The Internet Crime Complaint Center (IC3) was formed as an intermediary between the Federal Bureau of Investigation (FBI), National White Collar Crime Center (NW3C), and Bureau of Justice Assistance (BJA).  In practical terms, IC3 intends to act as a unit that receives, develops, and refers criminal computer crime complaints to appropriate local, state, federal, or international law enforcement agencies. Once the complaint reaches the hands of the law enforcement agency, appropriate administrative, criminal, or civil action can be taken to resolve the complications. Further, the California Comprehensive Computer Data Access and Fraud Act was created to make cybercrime punishable in California. One of its main components is the ban on hacking.

What are the charges for computer crime?

California Penal Code § 502, expands the protection of individuals, businesses, and governmental agencies from tampering, interference, damages, and unauthorized access to lawfully created computer data and computer systems. As discussed above, hacking is classified as knowingly accessing and taking data from another computer, computer system, or computer network. Therefore, hacking may be prosecuted as a misdemeanor or a felony. In California, a computer crime is considered a misdemeanor for the first violation if it does not result in injury and the value of the used services does not exceed $950. A misdemeanor is punishable by a fine up to $5,000 and up to one year in county jail. If the value of the computer service used exceeds $950, the crime is charged as a felony with a fine up to $10,000 and up to 3 years in county jail.

At our law firm, we help inform clients regarding the laws and regulations that apply to cybercrime. You may contact us in order to setup an initial consultation.

Published on:

On June 1, 2015, the Supreme Court of the United States ruled in favor of Anthony Elonis in Elonis v. United States, regarding free speech limitations as implemented via social media platforms. This ruling was the first time the Supreme Court raised implications of free speech related to social media.

Under what circumstances was Elonis indicted?

Anthony Elonis was convicted on four separate counts for postings on social media, specifically Facebook. The federal statute he was convicted under, 18 U.S.C. § 875(c), states as follows: “Whoever transmits…any communication containing…any threat to injure the person of another, shall be fined under this title or imprisoned not more than five years, or both.” Elonis sparked concern after posting graphic threats involving the rape and murder of his ex-wife, detonation of bombs in the presence of law enforcement, and shooting up an elementary school, all under an alias. Elonis did not dispute that the statements were posted, but declared that they were merely expressions of his frustration. He claimed that the trial court incorrectly instructed the jury on the standard of a “true threat” in which the expressions were interpreted as more serious under the context.

What does this case mean in the context of the First Amendment?

Elonis argued that a negligence standard, which regulates free speech, is contrary to the First Amendment. Although, the First Amendment protects freedom of speech, it does not include “true threats.” The government claimed that if a reasonable individual could regard his statements as threats, then they were unprotected by the First Amendment. This was justified by the rationale of law in most federal circuits that fear is intrinsically harmful. Further, society has an interest in protecting individuals from fear, which could be induced by frightening or threatening language, even if such language is unintentional. This objective standard goes further to say that as long as the statements are transmitted within interstate commerce, the statute must not have the “…intention to inflict bodily injury or take the life of an individual.” Statements made on the web, may be read by, or communicated to, an array of people that the speaker does not necessarily know to be present. This means that law enforcement personnel could monitor the communications and could become the recipients. Hence, online posts may lead to prosecution if the communication is interpreted as a threat, regardless of the target’s awareness of the post.

Why was this case heard by the Supreme Court?

Many activist groups saw the Third Circuit’s objective standard of “true threats” as a risk towards free speech itself. However, the high court was concerned that the subjective standard would encourage speakers to threaten others without bounds. The subjective standard makes it so that only a jury can consider a writer’s motive with no guaranteed acquittal. It is possible that the subjective standard would have prevented Elonis from being convicted for threat to an FBI agent, but declaration of such threats by an objective standard would likely violate the First Amendment. For this reason, the Supreme Court said that it was not enough to convict Elonis based only on the idea that a reasonable person would interpret his communications as a “threat.” However, the legal standard of conviction is still unclear, raising questions about what constitutes a subjective intent to threaten. With the rise in social media expressions, this case raises questions about individual online safety, both as a contributor or a reader of posts.

At our law firm, we assist clients with issues related to online speech and constitutional parameters. You may contact us to speak to an attorney about how your social media use is affected by this decision.

Published on:

On June 4, 2015, four million current and former federal employees were informed that China-based hackers were suspected of gaining access to and compromising their personally identifiable information (PII) via a breach of government computer networks. The scope of the attack has allowed it to be described as one of the largest governmental data thefts.

What actions have been taken since the attack?

Directly after the attack, the administration decided to expand the National Security Agency’s internet traffic surveillance, especially in regards to international hackers.  The FBI is currently investigating the attack by looking into the threats posed to the public and private sectors. The Office of Personnel Management (OPM) reported that federal employees will be appropriately notified and given access to credit reports, credit monitoring, identity theft insurance, and recovery services. The OPM is responsible for collecting and processing security clearance forms, which were accessed in the breach. It is possible that the hackers have access to the personal and professional references of the victims. Because of the breadth of the data held by the OPM, the agency is telling individuals to monitor and report unusual activities.

Why have the culprits not been prosecuted?

American officials claim that the hackers have links to the Chinese government, which complicates prosecution and leads to limited solutions. Officials speculate that the attack on federal employee records is part of a larger scheme to gain access to healthcare records and contractor information. Because cyberattacks conducted from other countries are even harder to track, there has been controversy over the speculated blame.  A spokesman for the Chinese Embassy has dubbed the accusations irresponsible and has expressed that China’s laws prohibit cybercrimes. On April 1, 2015, President Obama, via an executive order, responded to another unidentified attack on computer networks with a sanctions program against foreign individuals.  Since then, there has been focus on new surveillance measures and building a stronger security infrastructure.

How does this affect the American public?

Concern for the cyberattacks is especially heightened because of the targeting of governmental data. The U.S. government is thought to possess state-of-the-art technologies for protection against cybersecurity attacks. With all of the expenditure towards cybersecurity, and the recent breaches, the average American is bound to feel a lack of trust.  In May 2011, the White House commissioned the International Strategy for Cyberspace report, stating that the United States has the right to “self defense that may be triggered by certain aggressive acts in cyberspace that is consistent with the United Nations Charter.” However, cyberspace remains a new arena and it is challenging to prosecute international cyberattackers. Although, current and former federal employees were the targets of the attack, the information obtained could lead access to other people’s information. The OPM will notify the victims, but it is difficult to trace them if the information leads to individuals who are not federal employees. As such, it may result in the rise of civil lawsuits related to cybersecurity and identity theft.

At our law firm, we assist clients in legal issues related to cybersecurity breaches and data protection. You may contact us in order to set up an initial consultation.

Published on:

On May 26, 2015, the Internal Revenue Service (“IRS”) announced that criminals illegally accessed data to retrieve the past tax returns of approximately 100,000 individuals through the IRS website. The criminals managed to use social security numbers, birth dates, street addresses, and “out of wallet” data (e.g., person’s first car, high school mascot.)

How was the personal information accessed?

During the months of February to May, attackers attempted to get access to tax information over 200,000 times through the IRS “Get Transcript” online application, which allows for viewing information from previous returns. The criminals managed to go through many steps of an authentication process to view these previous returns, exploiting data from breaches in the past. Recent breaches of companies like Target, Home Depot, JP Morgan Chase, Sony, and Anthem have allowed for personal information to be easily accessible to hackers. In addition, it is possible for identity thieves to get basic answers to security questions from individuals’ social media accounts and search databases. The IRS proceeded to send $50 million in refunds before detecting the criminal activity.

What makes the breach so dangerous?

In general, security and protection are crucial since every company counts on the IRS to protect its confidential information. The issue of privacy has been dealt with by state and federal courts. However, the guidelines are not uniform on every level. The recent breach has been traced to criminals from inside and outside of the country, attacking both private actors and business owners. So, jurisdictional issues will arise since the crimes were committed in a different nation. In addition, both courts and victims face the inevitable fact that the leaked data could be used for many years. So, the victims must protect themselves against current and future risks.

What efforts are being made to protect against breaches?

The breach may cause the White House to make efforts to increase the IRS’s budget. The budget has been cut 18% since 2010 to adjust for inflation. Many representatives think it is important for Congress to work with the IRS to ensure that taxpayers are offered free credit monitoring. In the past, keeping data breaches secret from consumers was a corporate strategy. Today, state regulators have begun to demand disclosure, which is why all but three states now have disclosure laws. There is new legislation pending in Congress, which includes HR 1770  a/k/a the Data Security and Breach Notification Act of 2015.  This legislation addresses consumer notification, but at the same time might weaken state-level laws. It brings into question what data privacy practices should be in place to prevent the breaches in the first place, and the appropriate penalties for breaches. With crossroads of commerce, access between nations, and difficulty of prioritizing data-protection concerns, consumers and businesses alike are at risk when it comes to protecting their confidential information.

At our law firm, we assist clients in legal issues related to cyber security, cyber attacks, and data breaches. You may contact us in order to setup an initial consultation.

Published on:

As of March 25, 2015, the Securities and Exchange Commission (“SEC”) adopted new rules to update and expand Regulation A. Regulation A+ will allow companies to gain access to funds through crowdfunding. These new rules are mandated by Title IV of the Jumpstart Our Business Startups (JOBS) Act.

What will the new rules do?

The update and expansion of Regulation A to Regulation A+ will allow smaller companies to sell up to $50 million of securities in a 12-month period.  These exemptions, however, are subject to eligibility, disclosure, and reporting requirements. The new rules have created a more effective way to raise capital while attracting and protecting investors. Non-accredited investors will be allowed to annually invest up to ten percent of their income or net worth, depending on which amount is greater. Before the new rules came out, only accredited investors were able to invest in startups through equity crowdfunding. The final rules are referred to as Regulation A+ and are provided in two tiers of offerings based on amount of security offerings over a 12-month period. Both are subject to the same basic requirements and eligibility limits, but differ in registration and qualification offerings.

What are the main differences between the Tier 1 and Tier 2?

Under Title IV of the JOBS Act, the offerings are as follows: Tier 1 consists of security offerings of up to $20 million over a 12-month period, with no more than $6 million of these offers coming from selling security holders that are affiliates of the issuer. Tier 2 consists of securities up to $50 million in a 12-month period, with no more than $15 million of these offers coming from selling security holders that are affiliates of the issuer. Up until $20 million of offerings, the issuer can choose to proceed under Tier 1 or Tier 2. These include, but are not limited to, review by SEC’s staff, permits, and eligibility limits. The companies that conduct their offerings under Tier 2 are subject to additional requirements. These requirements are to provide audited financial statements, file annual, semi-annual, and current event reports, and the placement of limitations on the amount of securities that non-accredited investors can purchase under this tier. In addition, within 5 years of the adoption of Regulation A+, there must be a report submitted to the SEC regarding impact of both Tiers on capital formation and investor protection.

How does the offering process work?

Issuers are required to file an offering statement on Form 1-A with the SEC using the EDGAR System. Form 1-A consists of Part I—Notification, Part II—Offering Circular, and Part III—Exhibits. Issuers can submit offering statements to be reviewed by the staff of the Division of Corporation Finance before filing any documents. This non-public submission must take place no later than 21 days before the qualification. In addition, both Tier 1 and Tier 2 issuers are required to file balance sheets and other financial statements from recent fiscal years. These statements must be in accordance with the Generally Accepted Accounting Procedures (GAAP).

At our law firm, we assist clients in legal issues related to crowdfunding, Regulation A+, and Tier I and Tier II offerings.  You may contact us in order to setup an initial consultation.

Published on:

The modern day business model is shifting towards cloud computing and Software-as-a-Service (“SaaS”) agreements. This new trend allows customers to treat licensing costs as expenses that can be paid over time. SaaS also provides a solution to bug fixes, glitches, and the updating of licenses simultaneously. With the shift to cloud computing, developers are no longer required to provide a platform on which their own application runs.  However, confusion exists about the differences between software licensing and SaaS agreements.

What is the difference between software licensing and SaaS?

A software-licensing model involves the software company to offer a software program in the form of an electronic download or CD-Rom. This software then must be downloaded, installed, run, and operated on hardware before being used by one or more users. This software may be installed on hardware.  It often offers services like training, maintenance, and technical support. On the contrary, in the SaaS model, the company does not make a physical product. It only makes the product accessible through “the cloud” which acts as a hosting platform. One or more users can still access the product, but it must be done through cloud computing services.  As such, external services are not provided because they are expected to be included as part of the hosting platform’s service and support experience. As a result, SaaS acts as a service subscription model and not a physical product.

What are some of the legal concerns associated with SaaS?

Since there is a different distribution of responsibility between the parties involved in the switch from software licensing to SaaS, precautions should be taken to protect the rights of the interested parties. Licensees in particular need to confirm there are warranties in place that ensure the protection of their confidential data. Warranties should be explicit about data breaches, disaster recovery, and termination services in the case that the licensee wants to switch to a different service provider. The licensee should understand that SaaS does not imply an opportunity for custom content development, as this is dependent on the chosen SaaS product.  Users must ensure that the right to development and integration can be conducted with a third-party application via the licensor’s programming interfaces.

Should the switch to SaaS be made?

Despite the security threats that come with the management of sensitive data and modern interface of SaaS, the subscription model is often crafted to make the process easier for the customer. With the use of some traditional licensing language, the users are the ones who ultimately choose to accept the terms of use.  However, before users switch to SaaS, they should consider certain factors.  Research and evaluation should be conducted about training and support options, including, but not limited to, compatibility, security, and liability.  Additionally, inquiries should be made about Service Level Agreement (SLA) negotiations.  Before a business invests in a SaaS system, it must be aware of the return on investment (a/k/a “ROI”) and risk of transferring its information on a third-party’s server. However, with the proper education, maintenance, and security, SaaS can serve as a viable option.

At our law firm, we assist clients with legal issues related to software licensing, cloud computing, and related regulations. You may contact us in order to setup an initial consultation.

Published on:

Since October of 2013, the Internet Corporation for Assigned Names and Numbers (ICANN) has made a transition towards the expansion of top-level names. This action has sparked concern in Internet stakeholders in regards to security concerns. ICANN was previously responsible for managing 22 domain names, including, “.com,” “.gov,” and others. With plans to rapidly rollout more names, government entities, businesses, consumers, and internet users have recognized a number of the associated security concerns. Today, there are 322 new top-level domains (TLDs) that have been granted by ICANN.

What are the resulting security threats?

Phishers and scammers have grown in number since the growth of TLDs, hijacking domains shortly after registration. There have also been instances of malware and phishing pages registered under specific and popular TLDs, transferring risks to users. The lack of preparation and security that exists in the Internet ecosystem is a perfect environment for criminals to display malicious activity. Domain name collisions are occurring due to TLDs colliding with old and unresolved names that have been embedded in the global root. The result of such collisions is server delay, outages, and data theft that leave consumer information exposed. Malware and cybersquatting have also been exhibited in the top 35 most trafficked new TLD sites. TLDs continue to cause confusion and lack of security, with 36 being permitted to have singular and plural versions [e.g., .car(s), .work(s)], and 44 possessing close alternatives, such as .finance/.financial and .engineer(ing).

How are consumers affected by the threats?

The government, businesses, brands, and consumers are all affected by TLDs through various outlets of threats. Since White House’s domain is whitehouse.gov, there is no control over what kind of site is run from whitehouse.com. Unregistered and trademark brands alike also lie outside of the realm of protection by the ICANN Trademark Clearinghouse. With new TLDs, there have been threats via click-through fraud within pay-per-click advertising platforms like Google’s AdWords. On second level domain registrations, consumers have increasingly fallen victim to identity theft. This occurs because ICANN does not fully review their domain name applications, resulting in consumers perceiving closely-related names of banks or credit cards as the real company. Consumer confidence has deteriorated through occurrences of charity fraud during natural disasters, spam emails that appear to be sent from legitimate banks, and product counterfeiting through foreign-registered websites.

Have any resolutions been negotiated to address the security issues?

Today, all registrars of ICANN must follow the Uniform Domain Name Dispute Resolution Policy. Disputes that come from malicious registrations of domain names will be addressed by administrative proceedings in an expedited manner. These proceedings involve filing a complaint with an approved dispute resolution service provider.

However, the volume of new TLDs that ICANN offers without proper administration cannot be overshadowed by a resolution policy that fails to address the totality of issues. The Internet has been left prone to exploitation with initiatives that have not been implemented. The industry must continue to watch over ICANN and hold it accountable. Consumers can only be aware of the emails and links they click on to a limited extent, just as companies can only go so far as to implement a brand monitoring process to defend themselves against new TLDs and the dangers they pose.

At our law firm, we assist clients in legal issues related to internet, technology, and domain name disputes. You may contact us in order to setup an initial consultation.

Published on:

Many startups, entrepreneurs, and business owners will consider registering a corporation instead of remaining a partnership or a limited liability company. To become incorporated, an incorporator must file the company’s articles of incorporation with the state of choice, which provides information including the company’s official name. However, the status of being a corporation under California is not guaranteed to last indefinitely unless all the requirements are met. The lack of compliance may lead to the corporation being suspended or forfeited.

What is a suspended corporation?

A suspended or forfeited corporation does not stop being an association, but it loses all the rights and privileges of a corporation and cannot legally act as a corporation while suspended. The Secretary of State’s office or the Franchise Tax Board, which have the authority to suspend a corporation, use this power to sanction a company. Suspension occurs when the company fails to file its tax return under Revenue & Taxation Code § 23301, fails to pay taxes, or fails to file its “Statement by Domestic Nonprofit Corporation” or “Statement by Common Interest Association.”   The inconveniences of filing these documents or paying taxes are greatly outweighed by the consequences of not filing or paying what is required.

What are the repercussions for becoming a suspended corporation?

The repercussions of a corporation being suspended are significant. When a corporation is suspended, it loses its privileges and status. This includes the company losing its ability to enforce any of its contracts or getting an extension to file tax returns. The most substantial repercussions are that the suspended corporation can no longer file a lawsuit or defend itself against a lawsuit and it cannot be represented by its insurance company in any form of litigation. Additionally, it can lose its name should another company file under the same with the Secretary of State while the corporation is suspended, which means that the company would have to change its name in order to become incorporated again. These repercussions can cause the company to no longer continue business and the directors to become vulnerable because they are no longer protected by the corporation’s limited liability protection.

How do you revive the corporation?

In order for the company to revive its status as a corporation it has to file documents it failed to file and/or pay pending taxes or penalties.  An application then needs to be filed for a Certificate of Revivor with the Franchise Tax Board.  The Secretary of State has to re-approve the corporation’s name in case a new corporation took its name during the suspension. The name approval must happen before the Franchise Tax Board issues the Certificate of Revivor. Only then can the company try to salvage voided contracts and defend itself against pending litigation.

At our law firm, we assist clients in legal issues related to business and corporations. You may contact us in order to setup an initial consultation.

Published on:

In the past few months, more domestic and foreign regulations of digital currencies are being proposed. However, New York is at the forefront of establishing new Bitcoin regulations, and California not far behind. By the end of May, it is likely that the updated BitLicense bill regulatory framework will be released and used as an example for other states.

What are the New York and California Proposed Regulations?

Benjamin Lawsky, New York’s first Superintendent of Financial Services, announced the parameters of the bill this year. The BitLicense bill will stipulate that businesses will need a license if they handle (i.e., store, transfer) Bitcoin for customers, cover or issue digital currency, exchange Bitcoin for other currency, or buy and sell digital currency to or from a customer. Merchants that only accept digital currency for purchases will not need a license. Any licensed company will have to maintain a certain amount of capital, which will be assessed using an assortment of factors. State officials say that feedback is still welcome and that the bill is a work in progress. The goal in the end, however, is that the new regulations would protect consumers who use digital currency by establishing rules and guidelines.

In California, Assemblyman Matt Dababneh, who is chairman of the Banking and Finance Committee, drafted AB-1326 in order to regulate digital currency. This law would require licensing for companies handling digital currency along with similar capital maintenance requirements. Also, included in the bill is the allowance of regular inspections to ensure businesses are being conducted lawfully, and proper accounting mechanisms for the digital currency. The businesses not in compliance will be subject to civil penalties. The bill will not likely affect companies that are already licensed to do business in California, which is better for California companies.

How can these regulations hurt startups?

In general, there is an increase in cost when companies using Bitcoin need licenses. This has caused concern of an overlap between federal and state regulations of digital currency that may lead to the failure of startups. There is also a concern that too much regulation and risk will dissuade new ventures and hurt growth of companies already established in the digital currency industry. The companies that are already established have a method of doing business, but the new regulations may dictate more stringent ways for businesses. If the New York bill is passed, companies will only have 45 days to secure a license, which if delayed can cause business interruptions. However, some see this concern as premature since it is unlikely to be large-scale and immediate implementation of new regulations in all 50 states.

At our law firm, we assist clients in legal issues related to internet, technology, and digital currencies. You may contact us in order to setup an initial consultation.