Government

Augmented and Virtual Reality Laws – Part III

Published on: July 19, 2021 | by Law Offices of Salar Atrizadeh

We have explored the nature and capabilities of augmented and virtual reality (“AR/VR”) technologies in previous articles. We have discussed how these technologies can collect, store, and share personal or confidential information with third parties. The user information that’s collected may be stored and shared for financial gain in most situations. The third-party service providers (e.g., Google, Microsoft, Facebook, Instagram, Twitter) that have access to these technologies may conduct data analysis to learn more about their users through behavioral marketing. The AR/VR technology manufacturers may implement some type of user surveillance for profit. However, it should be noted that these practices should be conducted with the user’s knowledge and authorization.

Now, with that being said, the users should be protected by the state, federal, and international legislators and policymakers. The legislators and policymakers should consider implementing the proper safeguards within their laws that would protect the consumers. We have mentioned the main issues in previous articles which, include, but may not be limited to, data privacy and cybersecurity. Data privacy is a key component to any kind software and hardware technology. There have been multiple cases where the manufacturer failed to implement user protection safeguards. The Federal Trade Commission (“FTC”) has prosecuted legal actions against manufacturers and other commercial organizations. For example, In the Matter of Zoom Video Communications, Inc., Zoom was required to implement a robust information security program to settle allegations that it had engaged in a series of deceptive and unfair practices that undermined user security. In addition, in another case, LifeLock was forced to pay $100 million to settle contempt charges that it violated the terms of a federal court order that required it to secure consumers’ personal information and prohibited it from deceptive advertising. The FTC has been charged with the task of prosecuting consumer fraud. Please refer to https://www.ftc.gov/enforcement/cases-proceedings/terms/249 for more information.

Regulatory uncertainty plays an important role in the future of AR/VR technology since many of the existing laws do not address each and every issue. Although the existing laws provide certain guidance to the device and application manufacturers, however, there are certain and cognizable loopholes that should be addressed by state, federal, and international legislators. So, for example, there should be clarity on the scope of tracking software that has been implemented in the technology. Also, on a side note, there should be a way to fully disclose the technology’s capabilities and to obtain user consent – i.e., the device and application manufacturers should provide an opt-out option to avoid unfair, deceptive, or misleading advertising. It’s important to note that the FTC Act (codified under 15 U.S.C. §§ 41-48), under Section 5, grants the federal agency the right to file legal actions. The term “unfair or deceptive acts or practices” includes such acts or practices involving foreign commerce that: (i) cause or are likely to cause reasonably foreseeable injury within the United States; or (ii) involve material conduct occurring within the United States. So, in essence, the federal agency promotes transparency and disclosure in order to properly inform and protect consumers.

Augmented and Virtual Reality Laws – Part II

Published on: July 12, 2021 | by Law Offices of Salar Atrizadeh

The technology that we are using on a daily basis provides certain and cognizable advantages and disadvantages. The advantages are great and have allowed the public to have access to a wide range of options. The disadvantages, include, but are not limited to, security and privacy discrepancies. Technology operates to enhance a business model, idea, or operation. This is usually done by collecting and selling information for profit. These types of data collection and marketing activities have been heavily regulated by state and federal agencies in recent years. However, with every new technology, there will be new challenges.

Augmented and virtual reality technologies are no different from other types of technologies in that they are fully capable of being abused when they fall into the wrong hands. Augmented and virtual reality software or hardware applications are designed to enhance user experiences by storing and sharing information across the network. This information may include personal or confidential information that would not otherwise be accessible by third parties. Nonetheless, the designers or manufacturers of these applications make it much easier to gain access and share information with third parties – e.g., marketing or advertising agencies – which pay an incentive for gaining access to them.

The state and federal legislators should pay close attention to these technologies and their operation mechanisms so they can update existing laws and implement new laws that would properly address consumer-related issues. Now, if the AR/VR technologies are collecting health or medical information, the Health Information Portability and Accountability Act (“HIPAA”) comes into play. Also, if the AR/VR technologies are collecting a minor’s information, then the Children’s Online Privacy Protection Act (“COPPA”) would be applicable.

Quantum Computing Laws – Part III

Published on: May 17, 2021 | by Law Offices of Salar Atrizadeh

The Fourth Industrial Revolution is another name for the quantum technology movement. Quantum computers are in the process of being developed at this time and it will continue to impact the legal system and our daily lives. It will also impact data privacy and national security on various levels.

Conventional computers have obvious limitations which can be surpassed by quantum computers. First, conventional computers use binary bits (i.e., 0s and 1s) to operate which presents a significant limitation. Second, as a result of the aforesaid limitation, they cannot operate as quickly and efficiently. Therefore, the simple fact that quantum computers operate by using superposition and entanglement, allows them to yield a lot more power than conventional computers. So, in other words, their computing power has an extremely higher capability which can have a positive effect on medical research, business analyses, artificial intelligence, virtual reality, and other technologies. However, there is a potential problem with quantum computers with error correction issues which can be fixed according to the experts. So, in summary, the final objective is to build a fully error-corrected quantum computer which can manage all disruptions.

The cybersecurity infrastructures in the private and public sectors can be affected by this emerging technology. The private sector which owns, manages, or operates a vast amount of sensitive data at local and remote locations (e.g., cloud servers) can be directly impacted. The public sector will also be affected for the same reasons. There are various types of intellectual properties (e.g., patents, trademarks, copyrights) that have been stored on private and public organization’s network servers. These valuable documents, include, but may not limited to, trade secrets which should be properly protected from public access.

California Electronic Communications Privacy Act

Published on: April 26, 2021 | by Law Offices of Salar Atrizadeh

The California Electronic Communications Privacy Act (“CalECPA”) was enacted several years ago to require government agencies to obtain a valid search warrant prior to requesting electronic information from service providers. These statutory protections can be enforced by business entities and individuals and extend to communication service providers which collect and store electronic information, including, but not limited to, emails, digital documents, pictures, videos, geolocation data, and Internet Protocol addresses.

This statute yields additional privacy protections when compared to the federal Electronic Communications Privacy Act which was passed as Public Law 99-508, Statute 1848, and codified under three separate titles. Title I, is referred to as the “Wiretap Act” and prohibits the unlawful interception of electronic communications. Title II, is referred to as the “Stored Communications Act” and protects content that is stored by service providers. Title III, is referred to as the “Pen Register Act” and addresses pen registers and trap-and-trace devices. It mandates government agencies to obtain a valid court order that authorizes the installation and use of pen register and trap and trace devices.

The CalECPA requires a valid search warrant in order to compel the production of or access to sensitive information such as emails that are stored on a computer server for more than 180 days, detailed geolocation, and sensitive metadata that is related to the consumer’s electronic communications. The statute does not allow government agencies to: (1) compel the production of or access to electronic communication information from a service provider; (2) compel the production of or access to electronic device information from any person or entity other than the authorized possessor of the device; or (3) access electronic device information through physical interaction or electronic communication with the electronic device unless it is voluntarily disclosed by the intended recipient.

United States Government Surveillance Programs – Part III

Published on: February 15, 2021 | by Law Offices of Salar Atrizadeh

The National Security Agency (“NSA”) along with other government agencies (e.g., FBI, CIA) have expanded their surveillance programs after several terrorist attacks took place on domestic soil. It is a known fact that the federal government is systematically tracking domestic and international calls of its citizens. The surveillance program does not end there but also expands to text messages, internet browsing, and emails.

There is information that indicates the President’s Surveillance Program (“The Program”) was designed to assess, evaluate, gather, and analyze a tremendous amount of information with or without subpoenas or warrants. The Program is intended to disrupt actual or potential terrorist attacks that could be instigated by known or unknown criminals. The government has setup a massive collaboration effort with major telecommunication companies to gather information that would usually not be subject to surveillance. The telecommunication service providers have given access to the NSA to install surveillance equipment (e.g., “fiber-optic splitter”) which makes an exact copy of the data that’s passing through their systems and sends it to the government. Also, other special equipment such as the “Narus Semantic Traffic Analyzer” has been installed on the telecommunication systems to conduct deep packet inspections. These analyzers are capable of assessing and sifting through large data segments (e.g., 10 gigabits) and internet traffic.

These pervasive surveillance programs were authorized by President Bush after September 11, 2001. There is real time access to internet traffic and telephone records that was not previously available for previous surveillance programs. Also, the electronic information is being gathered in real time and stored on secure databases.

United States Government Surveillance Programs – Part II

Published on: February 8, 2021 | by Law Offices of Salar Atrizadeh

The governments of many countries have initiated surveillance programs to protect national security. These programs were allegedly designed and instigated to fight against terrorism and other criminal activities. For example, the British Government has setup a similar program to the United States government’s PRISM program which is called TEMPORA. The GCHQ, which stands for Government Communications Headquarters, is the British government’s spy agency that operates similar to the United States National Security Agency (“NSA”). There is information that confirms the GCHQ has placed data interceptors on fiber optic cables to analyze internet communications. There is also information that confirms approximately 10 gigabits of data per second (or 21 petabytes of data per day) is being reviewed per day by this spy agency. Its agents are charged with the task of storing all sorts of information – e.g., electronic information with correlating metadata – on computer servers for as long as thirty days. This spy agency uses a technique called Massive Volume Reduction (“MVR”) to conduct its analysis.

Government spy agencies share their intelligence with other nation’s agencies as part of a partnership program. In fact, several years ago, The Guardian publicized this massive information gathering after it was reported by Edward Snowden. It seems the GCHQ is operating under two principles: (1) Mastering the Internet; and (2) Global Telecoms Exploitation. These surveillance programs are meant to gather as much information as possible for evaluation and assessment. However, it seems these principles have not been opened up for public debate and are being carried out without warrants.

The government spy agencies are gathering phone records, email message content, social media communications, and other types of information in an effort to curtail criminal violations. Their targets may include the unsuspecting innocent and suspicious or guilty individuals. Therefore, there are two schools of thought here. First, the spy agencies should carry out their intelligence gathering to prevent another international tragedy such as 9/11. Second, the spy agencies should be subject to certain limitations and should be forced to obtain lawful warrants before conducting surveillance. On the other side, the government officials argue that this type of unprecedented wiretapping is necessary to properly safeguard the country from terrorists.

United States Government Surveillance Programs – Part I

Published on: February 1, 2021 | by Law Offices of Salar Atrizadeh

The United States government has implemented surveillance programs to promote national security. These programs are designed to gather and process electronic information that could arguably assist government agencies in their efforts to enhance national security. However, there is an argument being made that the federal government is using the resources of major communication service providers to obtain records of citizens without legal justification. In other words, the government is engaging in unlawful surveillance programs without probable cause.

What kind of programs have been implemented?

The National Security Agency (“NSA”) has been intercepting internet communications for several years without fully disclosing the nature and extent of its surveillance programs to the general public. It’s also collecting other types of communication records such as phone records and related electronic information. There is evidence that proves AT&T is cooperating with government surveillance programs. The evidence seems to indicate the telecommunication giant has installed fiberoptic splitters to copy and send information to the government. Experts have argued this kind of activity is beyond “wiretapping” since it’s surveilling the entire communication channels without a warrant. So, in essence, the government is engaging in the mass collection of telephone metadata of all domestic customers. The government officials have argued that this type of broad surveillance is justified under the USA Patriot Act which is meant to deter and punish terrorism and enhance law enforcement investigations for the following reasons:

Cybersecurity and Privacy Rules

Published on: December 7, 2020 | by Law Offices of Salar Atrizadeh

Cybersecurity and privacy rules have changed the private and public sectors’ landscapes. The state and federal rules are changing the ways private and public organizations are managing their operations. These rules are focusing on privacy, security and regulations in all jurisdictions but uniformity is an issue. Therefore, state and federal legislators should ensure uniformity to avoid regulatory and enforcement contradictions.

The State of California has enacted laws to promote cybersecurity within its jurisdiction. For example, Assembly Bill 89 (“AB 89”) was enacted to ensure information sharing should be conducted in a way that protects an individual’s privacy and civil liberties, confidential information, preserves business confidentiality, and enables public officials to detect, investigate, and prevent network security breaches. It has also enacted the California Consumer Privacy Act (“CCPA”) that allows individuals to file a legal action against businesses that fail to implement and maintain reasonable security measures to protect their personal information. Now, “reasonable security measures” may include using a firewall, encryption, and intrusion detection software on their computer networks.

The State of New York has enacted laws to promote cybersecurity within its jurisdiction. For example, it has passed the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) to protect consumers from exposure of private information from cybersecurity attacks. This statute is designed to increase data protection and data breach notification requirements for commercial enterprises. It is meant to hold business organizations responsible for gathering and storing consumer personal information which may include a name, address, telephone number, email address, date-of-birth, and social security number.

International E-Commerce Laws – Part II

Published on: August 10, 2020 | by Law Offices of Salar Atrizadeh

International e-commerce laws have been evolving since the inception of the information technology age. International e-commerce transactions which take place over the vast network of computers have become more streamlined with the advancement of technology. The following topics will be evaluated and addressed in these series of articles: Intellectual properties, taxes, and alternative dispute resolution.

Intellectual property rights can be protected by registering trademarks, copyrights or patents with governmental agencies. For example, the United States Patent and Trademark Office (“USPTO”) registers patents and trademarks. The United States Copyright Office registers copyrights. However, trade secrets cannot be registered with any government agencies. The trade secret owner is responsible to protect it by taking precautionary steps. International e-commerce and business law attorneys should recommend the following steps to their clients: (1) locate, identify, and mark the trade secrets; (2) restrict access to the trade secrets; (3) sign non-disclosure agreements with the trade secret holders; and (4) restrict access to the trade secrets. The Uniform Trade Secrets Act (“UTSA”) defines a trade secret as information that derives independent economic value because it is not generally known or readily ascertainable and is the subject of efforts to maintain secrecy. It includes formulas, patterns, compilations, programs, devices, methods, techniques, or processes that yield economic value – e.g., customer lists.

International e-commerce transactions will be taxed by the appropriate government agencies. In 2018, the United States Supreme Court addressed this issue in South Dakota v. Wayfair and acknowledged the states are losing revenue due to their incapability to collect sales tax from out-of-state retailers. Thus far, the Internet Tax Freedom Act (“ITFA”) and Streamlined Sales Tax Project have been implemented to prevent new taxes on e-commerce transactions and to simplify sales and use taxes.

International E-Commerce Laws – Part I

Published on: August 3, 2020 | by Law Offices of Salar Atrizadeh

International e-commerce laws pertain to online commercial transactions that takes place for the purchase or sale of goods and services. Electronic contracts are used for the purchase or sale of software through shrink-wrap, click-wrap, and browse-wrap agreements. In general, these electronic transactions have a correlation to taxes, duties, and custom laws. In addition, the topic of intellectual property must be addressed to protect confidential information such as trademarks, copyrights, patents, and trade secrets.

There are six principles that apply to electronic agreements. First, the users should have automatic access to the agreement’s terms. Second, the contractual terms should comply with the applicable laws in relation to form, content, notice, and disclosure. Third, the users should be given the opportunity to take some form of affirmative action to consummate the transaction. Fourth, users should be given the opportunity to reject the agreement. Fifth, the agreement process should provide the user to detect and correct errors. Sixth, users should be able to print the agreement and software developers should provide a method to preserve the electronic records.

It is important for e-businesses to comply with the guidelines. For example, e-businesses should use fair advertising and marketing strategies for the online transactions. They should provide correct and accessible information about their company and its goods and services. They should fully disclose information regarding the transaction’s terms and conditions. They should provide a secure method for online payments. They should protect the customer’s privacy during the e-commerce transactions.