A person can be prosecuted for wire fraud when there is reliable evidence of a scheme to defraud another by using electronic communications such as wire, radio or television. The defendant must be part of a fraudulent scheme and have a specific intent to commit the fraud. In some cases, it could be enough if the defendant fails to disclose material facts to mislead the plaintiff – i.e., the culprit deceives his or her victim. The defendant may be guilty for wire fraud if he or she shows a reckless indifference through his actions.

For example, the defendant may use wire, radio, or television communication to commit the fraudulent scheme be emailing false or misleading bank statements to clients or investors. Historically, these types of violations include telemarketing fraud or internet scams (e.g., phishing). There have been cases where the culprits hack into the plaintiff’s computer and install keyloggers to track their electronic transactions. Then, they extract personal information that would allow them to log into their bank accounts. Or, they can hack into the escrow company’s network to intercept financial information (e.g., bank account number) that allows them to send false wire instructions. So, thereafter, the hackers provide the false wire instructions to the victim who believes he or she is sending the funds to the correct financial institution.

There have been other instances where the defendant’s action constitutes mail or security fraud. Mail fraud is committed when the defendant uses the mail to commit the fraudulent scheme. Security fraud is committed when the defendant engages in a fraudulent scheme for the sale or purchase of securities which is a violation of state and federal laws. Internet fraud is also referred to as “cybercrime” and may include actions that fall under the definition of hacking or phishing schemes to extract private or confidential information. So, in a nutshell, the culprit uses the internet to lure the victim into believing a false fact. Then, once the victim relinquishes access or discloses the private or confidential information, the culprit uses that information to commit a crime such as identity theft. Also, in other cases, the defendant may be prosecuted for real estate fraud when he or she gains unlawful access to the escrow or title company’s network infrastructure. These types of real estate fraudulent schemes are relatively sophisticated and require the rights tools and resources. The stolen funds are usually sent to another bank account that could be located in another state or country. Obviously, the victims will feel helpless when they face these situations and will reach out to government agencies for assistance. In most cases, the victims should also seek assistance from a private law firm that specializes in these matters.

The United States Department of Commerce has issued a declaration regarding global cross-border privacy rules. These privacy rules are designed to promote data flows with privacy protections. The participants (which include Canada, Japan, Republic of Korea, Philippines, Singapore, Chinese Taipei, and United States of America) have declared that: (1) the establishment of a Global CBPR Forum to promote interoperability and help bridge different regulatory approaches to data protection and privacy; (2) The objectives of the Global CBPR Forum are to: (a) establish an international certification system based on the APEC Cross Border Privacy Rules and Privacy Recognition for Processors Systems; (b) support the free flow of data and effective data protection and privacy through promotion of the Global CBPR and PRP Systems; (c) provide a forum for information exchange and cooperation on matters related to the Global CBPR and PRP Systems; (d) periodically review data protection and privacy standards of members to ensure Global CBPR and PRP program requirements align with best practices; and (e) promote interoperability with other data protection and privacy frameworks.

The Global CBPR Forum is expected to promote expansion and uptake of the Global CBPR and PRP Systems globally to facilitate data protection and free flow of data. It is expected to disseminate best practices for data protection and privacy and interoperability. In addition, it is expected to pursue interoperability with other data protection and privacy frameworks.

The Global CBPR Forum is supposed to facilitate trade and international data flows. It is created to promote global cooperation and to promote protection of data privacy. The forum plans to establish an international certification system based on the existing APEC Cross-Border Privacy Rules and Privacy Recognition for Processors Systems. Cooperation is intended to be based on the principle of mutual benefit and a commitment to open dialogue and consensus-building, with equal respect for the views of all members. It is supposed to be based on consultation and exchange of views among representatives of members, drawing upon research, analysis and policy ideas contributed by members. It is also intended to be based on the active multi-stakeholder participation in appropriate activities.

A business organization has legal responsibilities when it comes to data access, control, and management. The government has recently issued an opinion regarding disclosure requirements for the so-called “inferred data” which comprise of internally generated inferences within the context of a consumer’s right of access request. California Civil Code Section 1798.140(v)(1)(K) defines “inferred data” as inferences drawn from a consumer’s personal information to create a profile which reflects the consumer’s preferences, characteristics, psychological trends, predispositions, behaviors, attitudes, intelligence, abilities and aptitudes.

Under California Civil Code Section 1798.110(a)(1), consumers have the right to know the specific pieces of personal information a business organization has collected about them. The California Consumer Privacy Act (“CCPA”) did not address inferred data in its provisions and only implied that businesses should disclose personal data they collected from consumers. However, the Attorney General’s Office issued Opinion No. 20-303 to address whether business organizations that are subject to the CCPA should include inferred data when a consumer submits a Data Subject Access Request (“DSAR”). In short, with limited exceptions (e.g., trade secret protection), the answer was affirmative.

The question is whether inferred data elements fall under trade secret protection rules. In his opinion, the state Attorney General stated that the CCPA only mandates a business to share the product of its internal algorithms even though the algorithms themselves are protected trade secrets. In fact, internal algorithms fall under the classic definition of trade secrets because they’re not publicly accessible to competitors, they confer a competitive advantage, their secrecy is maintained from external disclosure. See California Civil Code § 3426.1(d)(2) for more information about trade secrets. In fact, trade secrets include customer lists, processes, and software or commercial methods. It is conceivable, and probably foreseeable that, a business may withhold inferences because they’re protected trade secrets but it has the burden of proof. So, in short, a business has two options when it comes to disclosing inferred data. First, it can fulfill the DSAR according to the most recent opinion and face the risk of exposing its internal algorithm. Second, it can withhold the data inferences and face the risk of receiving a non-compliance notice from the state Attorney General’s office.

Big data rules and regulations should be enhanced and updated by state and federal legislators simply because big data analytics across all industry sectors is important to improve efficiency. In general, big data analytics is used to predict consumer behaviors so they can be targeted by commercial organizations. This information can be gathered when, for example, the consumer visits an e-commerce website and purchases items. Also, information can be obtained when a consumer applies for a loan through a mortgage lender or financial institution.

Information security is important because in most cases the consumer is not aware that his or her information has been shared, transferred, or sold to another company. Again, the information is used to predict a consumer’s future behavior. The third-party that has access to the consumer’s information can use it to predict that person’s financial capabilities.

First, confidentiality of the information, whether it’s at rest, transit, or use, is crucial. Financial institutions have been targeted by hackers for misconfiguring and mismanaging network vulnerabilities over the years. The failure of using preventive measures such as data encryption plays a key role in this discrepancy. It is challenging to protect large amounts of information that’s in use because it depends on shared computing environments – i.e., wide-area-network that can go across cities or countries. Also, big data is processed on a continuous level that requires a tremendous amount of resources.

The term “big data” is generally used for the collection and analysis of a large amount of electronic data by using special and complex algorithms. The process is to analyze the correlation between large data sets which would not make sense independently. Now, another reason for its expansion is because the cost of storing data has decreased so it has become an easier process.

The problem with big data is that there isn’t a uniform set of rules or regulations that would govern the collection of electronic information. Obviously, the owners of the data sets are usually the consumers who somehow relinquish access to their information. So, privacy and security are major concerns. It’s important to realize that even if metadata (i.e., data about the data) is removed from the information, it can also reveal the user’s identity by looking at the relationship between the pieces of information. Also, it’s important to obtain consent from the users when collecting that information.

The potential privacy concerns have been addressed by using a mechanism called “differential privacy” which is when the data collector makes a promise to the data owner that he or she won’t be affected by giving access to the particular information. It is a type of mathematical guarantee of privacy to the interested party – e.g., the consumer. This type of mechanism has been used by large technology companies and government agencies. Nonetheless, with every new technology or mechanism that has been used by the private or public sector, there have been instances of state or federal litigation. For example, the State of Alabama filed a lawsuit in district court against the United States Census Bureau regarding this new mechanism’s viability. In fact, several years ago, the Obama Administration addressed this issue to minimize the privacy risks. Yet, there are many unanswered questions that should be addressed by lawmakers. For example, what are the potential harms and risks? Is there any kind of uniform law? And if not, should there be state and federal laws focusing on big data? What level of transparency should be required? What type of technological parameters should be implemented? Should we follow other countries’ rules and regulations? In response, the federal government granted an opportunity to the public to disclose their concerns. The government released a Department of Justice 2014 Report as a result of another lawsuit wherein the president was warned about the dangers of law enforcement agency’s predictive analytics. This report was in relation to the general public’s historical data and how a defendant’s actions may impact criminal history.

Cyberstalking takes place when the culprit uses information and communication technologies to initiate the violations. These actions may include harassment, annoyance, attacks, or threats against the victims. The culprits can start the attacks by emails, instant messages, calling, texting, or other communication methods. There have been cases where the culprit has installed a GPS tracking device on the victim’s vehicle or personal belongings. Also, there have been cases where the victim’s computer was hacked with malware so the culprit monitored electronic devices.

We have been able to trace “stalkerware” which is a type of spyware on the victim’s electronic devices. The stalkerware was used to collect and transfer information regarding the victim’s activities. These types of spyware can be used to remotely turn on or off cameras and microphones on the victim’s electronic devices.

Cyberharassment takes place when information and communication technologies are used to intentionally humiliate, annoy, attack, threaten, or abuse the victim for no legitimate purpose. There have been cases where the victim was being targeted by a group of known or unknown individuals on the internet. These so-called “internet trolls” work together to engage in highly offensive and inflammatory comments against their victims. Their systematic actions are designed to provoke the victim to the point where they suffer from severe emotional distress. These actions can be initiated on any website but have become prevalent on Reddit.

In general, there are four categories of identity theft. First, “financial identity theft” takes place when the adverse party uses the victim’s identity to gain access to funds, goods, or services. The adverse party may use the victim’s information to open a bank account, get a debit or credit card, seek a mortgage loan, or purchase a car by obtaining a loan under the victim’s name. Second, “criminal identity theft” takes place when the adverse party acts as the victim to engage in criminal activity. Third, “identity cloning” takes place when the adverse party assumes the victim’s identity in his/her daily life. So, in other words, the adverse party will gain access to the victim’s driver’s license, birth certificate, passport, or other identifying information. Fourth, “business or commercial identity theft” takes place when the adverse party uses another commercial organization’s name to procure credit, money, goods, or services.

Identity theft usually takes place when the adverse party gains access to some type of personal information such as credit card information, social security card, or bank account number. This information can be obtained through clandestine methods such as bribing someone who works at the human resources department. This information can also be obtained by stealing mail such as preapproved credit card forms. The personal information can be obtained by gaining unauthorized access to the victim’s electronic devices – i.e., hacking. Finally, the personal information may be obtained through gaining unauthorized access to a state or federal government agency’s database.

The government prosecutes identity theft and fraud pursuant to state or federal laws. For example, Congress passed the Identity Theft and Assumption Deterrence Act which prohibits “knowingly transferring or using, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.” See 18 U.S.C. § 1028(a)(7). This offense carries a maximum term of 15 years’ imprisonment, a fine, and criminal forfeiture of any personal property used or intended to be used to commit the offense.

It’s important to implement practical corporate cybersecurity measures especially in today’s volatile climate. The number of reported cyber threats are increasing as we progress and it will most likely continue on the same trajectory. All businesses and commercial enterprises are a target especially if they have access or control over valuable information such as trade secrets and intellectual properties.

The common tools or methods of infiltrating the corporation’s cybersecurity infrastructure is by using some form of malicious software (i.e., malware) that’s designed to penetrate the network and cause havoc. Malware includes viruses and ransomware. The hackers can also use other methods to infiltrate the system such as “phishing” which is usually done by sending an email to encourage the recipient to click on the link. Now, once the recipient clicks on the link or opens the attachment, the malicious software is released into the network.

It’s important to have a dedicated team of information technology experts who can evaluate the network and improve the cybersecurity measures. They can use all sorts of tools and techniques (e.g., penetration testing) to evaluate the strengths and weaknesses of the network infrastructure. It is crucial to have a “cybersecurity planning tool” to assist the company with building a robust cybersecurity strategy. There are various governmental tools and resources that the company can use to achieve this goal.

Non-fungible tokens (“NFTs”) are unique digital items that have been a focus of the United States Securities and Exchange Commission (“SEC”) which is the federal government agency that enforces security regulations to protect investors. NFTs are made out of computer code and recorded on a blockchain ledger that can prove authenticity and ownership of the unique item. As such, they are not interchangeable and can be used to verify ownership of the unique item (e.g., real estate, antique car, painting).

There is argument to be made that they should be considered as commodities pursuant to the Commodity Exchange Act (“CEA”) which yields a catch-all provision for all other goods and articles. The SEC has recently focused on celebrity advertisings on the internet in an effort to encourage the purchase of stocks and other investments. It’s important to note that the advertiser must disclose the nature, source, and compensation received by the advertisement.

The most prominent case that’s applicable in the determination of whether an NFT is a security or an asset is SEC v. W.J. Howey Co., 328 U.S. 293 (1946) which set out the following test: (1) there is an investment of money or some other consideration; (2) in a common enterprise; (3) with a reasonable expectation of profits; and (4) to be derived from someone else’s efforts.

A non-fungible token (“NFT”) is a non-exchangeable unit of data that is stored on a blockchain and is transferrable to another party. In short, blockchain is a type of a digital ledger. NFTs can be related to photos, videos, or audio files. NFTs are not the same as cryptocurrencies because they are uniquely identifiable. In addition, the legal rights granted by NFTs are speculative as they cannot restrict the sharing and copying of digital files and do not convey their copyrights.

The question of whether NFTs are securities or assets revolves on several issues. One issue is whether the item has been “fractionalized” to permit the sharing of its ownership with other parties. It’s important to realize that fractionalization does not make the asset into a security since it depends on its purpose. For example, if an individual decides to fractionalize a personal property to allow shared ownership, the personal property does not automatically convert to a security. As such, the NFT may not constitute a “security” just because it has increased in value. But, if the fractionalization’s purpose is to assign shares to trade in a secondary market, and to provide liquidity, then it would fall under securities laws. Therefore, the test is whether a purchaser has a reasonable expectation of profits that is derived from someone else’s efforts. See Securities and Exchange Commission v. W. J. Howey Co., 328 U.S. 293 (1946) wherein the United States Supreme Court confirmed that an “investment contract” means a contract, transaction, or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party, it being immaterial whether the shares in the enterprise are evidenced by formal certificates or by nominal interests in the physical assets employed in the enterprise.

The Securities Act of 1933 (which is codified under 15 U.S.C. §§ 77a, et seq.) defines “security” as any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security” or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.