Articles Posted in E-commerce

Big data rules and regulations should be enhanced and updated by state and federal legislators simply because big data analytics across all industry sectors is important to improve efficiency. In general, big data analytics is used to predict consumer behaviors so they can be targeted by commercial organizations. This information can be gathered when, for example, the consumer visits an e-commerce website and purchases items. Also, information can be obtained when a consumer applies for a loan through a mortgage lender or financial institution.

Information security is important because in most cases the consumer is not aware that his or her information has been shared, transferred, or sold to another company. Again, the information is used to predict a consumer’s future behavior. The third-party that has access to the consumer’s information can use it to predict that person’s financial capabilities.

First, confidentiality of the information, whether it’s at rest, transit, or use, is crucial. Financial institutions have been targeted by hackers for misconfiguring and mismanaging network vulnerabilities over the years. The failure of using preventive measures such as data encryption plays a key role in this discrepancy. It is challenging to protect large amounts of information that’s in use because it depends on shared computing environments – i.e., wide-area-network that can go across cities or countries. Also, big data is processed on a continuous level that requires a tremendous amount of resources.

Non-fungible tokens (“NFTs”) are unique digital items that have been a focus of the United States Securities and Exchange Commission (“SEC”) which is the federal government agency that enforces security regulations to protect investors. NFTs are made out of computer code and recorded on a blockchain ledger that can prove authenticity and ownership of the unique item. As such, they are not interchangeable and can be used to verify ownership of the unique item (e.g., real estate, antique car, painting).

There is argument to be made that they should be considered as commodities pursuant to the Commodity Exchange Act (“CEA”) which yields a catch-all provision for all other goods and articles. The SEC has recently focused on celebrity advertisings on the internet in an effort to encourage the purchase of stocks and other investments. It’s important to note that the advertiser must disclose the nature, source, and compensation received by the advertisement.

The most prominent case that’s applicable in the determination of whether an NFT is a security or an asset is SEC v. W.J. Howey Co., 328 U.S. 293 (1946) which set out the following test: (1) there is an investment of money or some other consideration; (2) in a common enterprise; (3) with a reasonable expectation of profits; and (4) to be derived from someone else’s efforts.

A non-fungible token (“NFT”) is a non-exchangeable unit of data that is stored on a blockchain and is transferrable to another party. In short, blockchain is a type of a digital ledger. NFTs can be related to photos, videos, or audio files. NFTs are not the same as cryptocurrencies because they are uniquely identifiable. In addition, the legal rights granted by NFTs are speculative as they cannot restrict the sharing and copying of digital files and do not convey their copyrights.

The question of whether NFTs are securities or assets revolves on several issues. One issue is whether the item has been “fractionalized” to permit the sharing of its ownership with other parties. It’s important to realize that fractionalization does not make the asset into a security since it depends on its purpose. For example, if an individual decides to fractionalize a personal property to allow shared ownership, the personal property does not automatically convert to a security. As such, the NFT may not constitute a “security” just because it has increased in value. But, if the fractionalization’s purpose is to assign shares to trade in a secondary market, and to provide liquidity, then it would fall under securities laws. Therefore, the test is whether a purchaser has a reasonable expectation of profits that is derived from someone else’s efforts. See Securities and Exchange Commission v. W. J. Howey Co., 328 U.S. 293 (1946) wherein the United States Supreme Court confirmed that an “investment contract” means a contract, transaction, or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party, it being immaterial whether the shares in the enterprise are evidenced by formal certificates or by nominal interests in the physical assets employed in the enterprise.

The Securities Act of 1933 (which is codified under 15 U.S.C. §§ 77a, et seq.) defines “security” as any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security” or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.

Social media law comprises of several different components including free speech, privacy, online advertisement, and intellectual property rights. These issues come up regularly during the course of online transactions between parties. The courts have been inundated with social media litigation and have issued their rulings when faced with complicated problems.

The cases that arise on social media platforms involve state and federal laws such as the Digital Millennium Copyright Act and Communications Decency Act. In essence, these federal statutes were promulgated to protect copyrights and free speech rights.

According to the United States Copyright Office, the Digital Millennium Copyright Act (“DMCA”), which amended federal copyright laws, was passed to address important parts of the relationship between copyright and the internet. The three main updates were: (1) establishing protections for online service providers in certain situations if their users engage in copyright infringement, including by creating the notice-and-takedown system, which allows copyright owners to inform online service providers about infringing material so it can be taken down; (2) encouraging copyright owners to give greater access to their works in digital formats by providing them with legal protections against unauthorized access to their works (for example, hacking passwords or circumventing encryption); and (3) making it unlawful to provide false copyright management information (e.g., names of authors and copyright owners, titles of works) or to remove or alter that type of information in certain circumstances.

Social media litigation can be caused or initiated for various reasons related to privacy violations, online defamation, internet harassment, contractual disputes, and intellectual property violations.

Privacy violations take place when a company does not adhere to its terms of use or privacy policy. The terms of use and privacy policy on a website constitutes a legally-enforceable contract. The terms and conditions should be carefully read by visitors because the continued use of the website may constitute implied consent even if the website doesn’t require clicking on a “I Agree” box. Stated otherwise, if you visit a website, you can be bound by its terms and conditions.

Online defamation takes place when a false factual statement, that is not privileged, is published and damages the victim’s reputation in the community. The statement must be a fact and not an opinion. There are several defenses to defamation such as truth and absolute or qualified privilege. Truth is an absolute defense to defamation. According to Civil Code Section 47(a), a privileged publication or broadcast is one made: (1) in the proper discharge of an official duty; (2) in any legislative proceeding; (3) in any judicial proceeding; (4) in any other official proceeding authorized by law; or (5) in the initiation or course of any other proceeding authorized by law and reviewable by mandamus. The concept of “qualified privilege” applies to employers under the following conditions: Employers can make statements about their employees as long as the statement is not malicious and was made to third parties with a common interest in the subject matter. Malice can be proven by showing ill-will, hatred, or lack of reasonable grounds when the statement was made to a third party.

Social media litigation has become increasingly prevalent for obvious reasons. This is simply because multiple issues come up on social media websites and platforms. The objective of this article is to discuss them.

Business entrepreneurs, owners, and operators, who have an online presence on various social media websites, such as Facebook, Twitter, or Instagram must know the rules and regulations.

The first step any business owner should take to launch the operations is to ensure there are properly drafted contracts with all parties. The contracts should yield the proper provisions to help protect the parties in a fair and reasonable manner.

International service of process involves the formal service of legal documents on foreign litigants. In general, legal documents should be served on the interested parties once the lawsuit is filed with the clerk. The documents usually include a summons and complaint. In most cases, the plaintiff personally serves the defendant with the legal documents. In some cases, the plaintiff can serve the legal documents by substituted service.

Now, for international service of process, the parties should refer to international treaties which outline the delivery parameters of legal documents to foreign litigants. The United States is a signatory to the Hague Service Convention and Inter-American Convention on Letters Rogatory.

The Hague Service Convention allows service of process on parties who reside in countries which are also signatories to this international treaty. In 1969, it became formally effective in the United States. The United States government undertook a reciprocal treaty obligation toward those countries by joining the convention which have also adopted it, to serve in the United States documents issued by foreign judicial authorities. It applies only to foreign documents which are related to civil cases and does not apply to documents related to criminal proceedings. The President has designated the Department of Justice as a “central authority” for these proceedings. The Assistant Attorney General, under 28 C.F.R. 0.49, who is in charge of the Civil Division is able to direct and supervise the functions of the central authority. Moreover, under 28 U.S.C. 1781, the Department of State is authorized to receive requests for service of foreign judicial documents from foreign courts and to transfer them to the proper agency.

We have explored the nature and capabilities of augmented and virtual reality (“AR/VR”) technologies in previous articles. We have discussed how these technologies can collect, store, and share personal or confidential information with third parties. The user information that’s collected may be stored and shared for financial gain in most situations. The third-party service providers (e.g., Google, Microsoft, Facebook, Instagram, Twitter) that have access to these technologies may conduct data analysis to learn more about their users through behavioral marketing. The AR/VR technology manufacturers may implement some type of user surveillance for profit. However, it should be noted that these practices should be conducted with the user’s knowledge and authorization.

Now, with that being said, the users should be protected by the state, federal, and international legislators and policymakers. The legislators and policymakers should consider implementing the proper safeguards within their laws that would protect the consumers. We have mentioned the main issues in previous articles which, include, but may not be limited to, data privacy and cybersecurity. Data privacy is a key component to any kind software and hardware technology. There have been multiple cases where the manufacturer failed to implement user protection safeguards. The Federal Trade Commission (“FTC”) has prosecuted legal actions against manufacturers and other commercial organizations. For example, In the Matter of Zoom Video Communications, Inc., Zoom was required to implement a robust information security program to settle allegations that it had engaged in a series of deceptive and unfair practices that undermined user security. In addition, in another case, LifeLock was forced to pay $100 million to settle contempt charges that it violated the terms of a federal court order that required it to secure consumers’ personal information and prohibited it from deceptive advertising. The FTC has been charged with the task of prosecuting consumer fraud. Please refer to https://www.ftc.gov/enforcement/cases-proceedings/terms/249 for more information.

Regulatory uncertainty plays an important role in the future of AR/VR technology since many of the existing laws do not address each and every issue. Although the existing laws provide certain guidance to the device and application manufacturers, however, there are certain and cognizable loopholes that should be addressed by state, federal, and international legislators. So, for example, there should be clarity on the scope of tracking software that has been implemented in the technology. Also, on a side note, there should be a way to fully disclose the technology’s capabilities and to obtain user consent – i.e., the device and application manufacturers should provide an opt-out option to avoid unfair, deceptive, or misleading advertising. It’s important to note that the FTC Act (codified under 15 U.S.C. §§ 41-48), under Section 5, grants the federal agency the right to file legal actions. The term “unfair or deceptive acts or practices” includes such acts or practices involving foreign commerce that: (i) cause or are likely to cause reasonably foreseeable injury within the United States; or (ii) involve material conduct occurring within the United States. So, in essence, the federal agency promotes transparency and disclosure in order to properly inform and protect consumers.

Digital currency security and privacy laws are changing with time. We have mentioned transparency issues in previous articles. The fact that Bitcoin’s blockchain transactions are public and generally accessible can be beneficial when it comes to government investigations. Yet, it may not be the most secure platform for cryptocurrency transactions especially for legitimate businesses. So, in short, we should realize that government surveillance and subsequent investigation may be part of the deal.

The Bitcoin blockchain automatically records all transactions to show when, where, or how the digital currency was bought or sold. It does not show the true name of the associated individuals but that information can be obtained from digital currency exchanges (e.g., Coinbase), third-party wallet providers, or third-party intermediaries. In fact, state or federal anti-money-laundering laws require them to store customer records for identification purposes. So, for example, if a government agency wanted to identify the customer, it could issue a warrant without obtaining a court order. Then, the third-party recipient – i.e., a digital currency exchange like Coinbase, Abra, or Uphold – would be obligated to respond within a certain deadline. Now, if the government agency has no probable cause to issue the subpoena or warrant, then there may be a problem. There are two notable cases on this point. First, is United States v. Gratkowski, No. 19-50492 (5th Cir. 2020), where the district court held that the government was allowed to subpoena Bitcoin records from a digital currency exchange without a warrant. Second, is Harper v. Rettig, et al., where the plaintiff sued the Internal Revenue Service (“IRS”) for violating his Fourth Amendment right against unreasonable searches and seizures when it issued an informal demand letter to the digital currency exchange to obtain his financial records. Plaintiff argued that he was unlawfully subject to the government’s investigation since there was no evidence to prove he had committed a violation. Plaintiff also argued that his rights were violated under the Fifth Amendment’s Due Process Clause since the government agency seized his private financial records without prior notice. The government argued the “Third-Party Doctrine” was applicable, and as such, it should be allowed to access any kind of information that was shared with the digital currency exchanges. The Third-Party Doctrine holds that there is no reasonable expectation of privacy when an individual shares information with another party – e.g., Internet Service Provider, Digital Currency Exchange. These cases clearly show that there will certainly be an ongoing clash regarding cryptocurrency security and privacy regulations. On one hand, the government agencies will be overseeing the transactions to ensure legal compliance. On the other hand, consumers will protect their rights pursuant to the applicable state, federal, or international laws.

The government has, and will probably, continue to investigate websites for criminal activities. The government can use special tools or techniques – e.g., forensic software – to evaluate and obtain suspicious addresses from the blockchain. The next step is to send subpoenas towards third-party digital currency exchanges to trace cryptocurrency payments back to the user. The government agents can obtain more information from the digital currency exchange and determine whether they should obtain a search warrant. If so, then they can legally search the suspect’s home or other properties for more incriminating evidence. We have mentioned the Third-Party Doctrine carves out an exception to the Fourth Amendment’s principle against unreasonable searches and seizures. The courts have held that a user who submits information to a third-party digital currency exchange may not protect his privacy by using the Fourth Amendment. However, some litigants have argued that digital currency transactions are similar to cellphone location records which are protected by the Fourth Amendment under Carpenter v. United States (2018) 138 S. Ct. 2206. The district courts have rejected that comparison because cellphone location records are automatically gathered as a result of communications between the individual’s cellphone and communication service provider’s cell towers. However, the digital currency financial records are gathered as a result of the user’s voluntary transactions.

Bitcoin has become a popular digital currency in the past several years. Its price has fluctuated tremendously in the past five years. And now, everyone is rushing into buying it by using various applications such as Coinbase. As always, the bad actors (i.e., hackers) are on the prowl to exploit weaknesses. These weaknesses include the lack of preventive measures such as encryption and backups to secure the wallets. Therefore, once the wallet has been hacked, there isn’t much the victim can do to regain the digital currencies.

It is important to remember that Bitcoin transactions are transparent. In other words, all Bitcoin transactions are public, traceable, and stored on the blockchain network. Bitcoin addresses are the only indicators that show where they are stored and transmitted. Our research indicates that you should be able to protect your privacy if you use a new Bitcoin address every time you receive payment. Technology experts recommend that it may be prudent to use several wallets for different objectives – i.e., you can have a software and hardware wallet that can be used for a different reason. This way, there would not be a direct link between the cryptocurrency transactions.

Technology experts recommend not posting a Bitcoin address on a public domain such as a social media platform. The whole point is to avoid publishing information regarding your digital currency transactions since it could let third parties identify your Bitcoin address. It must be noted that Bitcoin’s network is a so-called “peer-to-peer” network that can be used by the general public. Also, in this kind of network, the user’s Internet Protocol (“IP”) address can be logged without your knowledge or consent. Therefore, it’s important to use some kind of masking software (e.g., ToR) or other technology to hide your computer’s IP address. ToR, which is also called “The Onion Router” provides a way for its users to mask their identities. It was originally designed for the military but it has been used by civilians for several years.