Articles Posted in Internet Law

The experts describe “metaverse” as an alternate digital real-time existence offering a persistent, live, synchronous, and interoperable experience. It is where the real world meets the virtual world. Well, it sounds like science fiction but it’s going to be reality soon. The question is what are the legal issues and what remedies are available now.

Intellectual Property Issues

First, can copyright licenses protect the use of a work? The copyright laws should protect the original works as described in the applicable statutes such as the Copyright Act. In general, it protects original works of authorship, including, literary, dramatic, musical, and artistic works, such as poetry, novels, movies, songs, computer software, and architecture.

The term “metaverse” is a combination of “meta” and “universe.” This new concept allows users to interact with each other in virtual worlds and buy and sell names, goods/services, properties, and avatars. They can also organize, host, and attend events in virtual worlds.

The consumers will be using blockchain technologies and digital currencies. Blockchain is a database that includes network computers that share information across the internet. For example, Bitcoin uses blockchain technology to update its ledgers. So, several of these newer platforms are powered by blockchain technologies that use digital currencies and non-fungible tokens (“NFTs”) which allow a new type of decentralized digital asset to be designed, owned, and monetized. The NFT is a virtual asset that promotes the metaverse. It’s an intangible digital product that links ownership to unique physical or digital items (e.g., artistic work, real estate, music videos). In other words, each NFT cannot be replaced with another one because it’s unique and irreplaceable. So, for example, if you own an NFT, it will be recorded on blockchain and you can use it for electronic transactions. In fact, with NFTs, artifacts can be tokenized to create ownership digital certificates for electronic transactions.

What are the potential legal issues?

The internet is a combination of computer networks and electronic devices (e.g., smartphones, laptops) that can communicate with each other on various platforms. The internet has allowed people to immerse themselves in a world where they can create profiles on social media websites and freely interact with each other. It is certainly an intriguing phenomenon and an interesting part of today’s technological advancements. However, at this stage, technology companies are working on a different project called the “metaverse” which would combine the internet with augmented and virtual realities where the users can interact with each other as avatars.

What is metaverse?

It is made up of the prefix “meta” which means above or beyond and the stem “verse” which is a back-formation from “universe.” It’s generally used to describe the concept of a future iteration of the internet, made up of persistent, shared, three-dimensional virtual spaces linked into a perceived virtual universe.  It may not only refer to virtual worlds, but the internet as a whole, including the entire spectrum of augmented and virtual realities. It refers to an immersive digital environment where people interact as avatars. Its concept encompasses an extensive online world transcending individual tech platforms, where people exist in immersive and shared virtual spaces

Our law firm has received thousands of calls from actual or potential clients who were concerned about false, disparaging, or defamatory comments that were made about them on the internet. These comments were made by known or unknown individuals on websites, blogs, or forums such as Twitter, Facebook, Yelp, Reddit, or Instagram. The callers were obviously disconcerted and wanted to know the available legal remedies.

The federal Communications Decency Act (“CDA”) that is codified under 47 U.S.C. Section 230 has a direct effect on online defamatory comments that are made on social media platforms. This federal statute states that Congress finds the following:

(1) The rapidly developing array of Internet and other interactive computer services available to individual Americans represent an extraordinary advance in the availability of educational and informational resources to our citizens.

There are a series of online scams that have been taking place in the recent years. The culprits are becoming more sophisticated as they’re coming up with new schemes. The law enforcement agencies have been trying to keep up with the new schemes. However, given their limited resources, it is a challenging task. Nonetheless, our law firm has been representing clients in state and federal courts who have been victims of online scams.

Online auction scams have become prevalent on the internet. For example, the scammer gets involved in the online auction and purchases the item by overpaying for it via an international money order. Then, the seller who is eager to sell the item to the buyer in good faith, sends the item along with the overpayment. So, at the end, the seller loses the item and the funds.

Online rental and real estate scams involve the same type of practice where the scammer poses as the interested renter or buyer and sends the funds towards the seller or landlord. Then, the scammer reneges on the deal and requests a refund. The seller or landlord returns the funds but later realizes the initial check was counterfeit.

Doxing has become a major problem on the internet since it usually violates the victim’s privacy rights. It is a form of unwarranted harassment and stalking on the web as the culprit shares the victim’s personal information with the general public and encourages them to target the victim. Hence, the victim could feel exposed on the internet and be left without legal protection.

The doxing party reveals personal information about a person or legal entity on the web in a typical case. The doxing party is usually savvy in extracting personal information from third-party websites or in hacking electronic devices. This personal or private information is illegally obtained in violation of the victim’s privacy in an effort to annoy or harass him or her for no legitimate purpose. In other words, it is an act that constitutes “harassment” under the applicable statutes such as California Code of Civil Procedure section 527.6.

There have been many doxing incidents in the past years. For example, there was doxing of abortion providers wherein their personal information was exposed to the general public. The court held this violation was considered an incitement to violence and not subject to free speech rights. Hacktivists called the “Anonymous Group” have been responsible for exposing information of law enforcement agents as an effort to retaliate against investigations. They have also released information about the Ku Klux Klan in reference to the shooting of Michael Brown. In addition, there have been misidentification incidents in connection with the Boston Marathon bombing on Reddit where Sunil Tripathi was mistakenly identified as a suspect.

We’ve already described the definition of doxing in the prior article. We will turn to the various doxing methods and relevant laws. Doxing works by tracking someone’s information by accessing the internet or other databases. Big data has allowed individuals to extract personal information which was impossible to find in the past. Nowadays, the doxing party can track usernames, run a WHOIS search on a domain or website, engage in phishing activities, look into social media profiles, go through state/federal government records, tracking an Internet Protocol (“IP”) address, or conduct a reverse phone number lookup. The doxing party can also engage into what is referred to as “packet sniffing” which can be prevented by using a virtual private network.

The doxing party (i.e., culprit) can release the victim’s sensitive or personal information on the internet and instruct others to harass or intimidate the victim. There have been instances of such transgressions in recent years. For example, a popular adult dating website was hacked and the users’ private information was released into the web. Obviously, this incident was embarrassing for the adult dating website and its members. There have been other incidents where the victim had engaged in questionable conduct and was targeted on the internet.

Is doxing illegal?

The question is what is doxing and what are the laws? Doxing, which is short for dropping documents, takes place when the malicious actor gathers personally identifiable information and publicly discloses it to annoy, harass, intimidate, or stalk the victim for no legitimate purpose. The malicious actors engage in these types of activities to publicly humiliate or target their victims. For example, they may intentionally identify law enforcement personnel or show off their hacking abilities.

How does doxing work?

The malicious actors utilize different techniques for their doxing activities. They can hack, social engineer, or steal personal and confidential information. They can gain access to the victim’s email account and extract private information from the victim’s account. They can break into web-based accounts such as social media, cloud storage, or bank records. They can also use the same email address and password to gain access to other accounts. There have been incidents where the malicious actors used the victim’s Department of Homeland Security username and password to gain access to its network.

Augmented and virtual realities are cutting-edge technologies that are changing the world. Now, with that comes a significant amount of legal issues such as cybersecurity, privacy and regulations at the state, federal, and international levels.

Augmented reality (“AR”) technology is currently being used by several companies such as Nintendo, IKEA, Instagram and Snapchat. Virtual reality (“VR”) technology has been used by companies such as Oculus Rift, PlayStation, and HTC Vive.

The courts have been grappling with online or offline violations for many years. Now, with the advent with these technologies, they will be facing new issues related to online or e-commerce transactions. The question is how will the courts deal with street crimes in the virtual world? What if a known or unknown individual engages in “indecent exposure” or “virtual groping” against another person? What if the culprit commits a tort (e.g., negligence, invasion of privacy, intentional infliction of emotional distress) against the victim in the AR/VR world? What if the victim’s privacy is invaded by spreading his or her intimate pictures or videos towards unauthorized parties?

Our law firm’s attorneys have been able to manage unexpected data breaches since they take place on a regular basis. Our legal team and group of technology experts have implemented specific protocols to mitigate the damages. One of the most important factors is assessing your company’s security weaknesses which may include proper training of all personnel including full/part-time employees and independent contractors. Training is a key factor and should be conducted in a methodical manner. The information technology department should implement the procedures for setting up personnel training sessions.

The first step is to setup a framework for proper incident responses. Then, incident notification procedures should be published for all personnel and should be part of the hiring process. The company should be able to validate the data breach by examining the information. All sensitive and confidential documents (e.g., trade secrets) should be protected and preserved on a regular basis. The incident response team should immediately investigate and monitor the breach. The company should mitigate the damages by securing electronic devices and the stored information. Also, the company should ensure the existing encryption software is functional, and if not, it should be replaced with another type of encryption software. The data owners should be formally notified since their information has been affected by the data breach. In most cases, law enforcement officials should be notified about the data breach. Finally, the company should assess and improve its data breach and incident response plans to avoid similar problems in the future.

Any organization that collects, stores, or manages sensitive or confidential information is susceptible to cyberattacks. Therefore, it must setup and manage a proper incident response plan. It must be able to engage in preventive and reactive measures such as proper data retention policies. The chain of custody in preserving information is a key factor. So, the data must be located, identified, and protected to avoid unnecessary complications. Data protection and preservation are key components from a legal perspective. The organization should have access to legal counsel to prepare for potential legal actions. The legal team should work closely with the Incident Response Team (“IRT”) to protect confidential client information such as medical or financial records. This way, the attorney-client privilege can be properly established by them.