Articles Posted in Internet Law

Deepfake rules and regulations have been developing in the recent times. The term “deepfake” comes from two separate words – deep learning and fake – which uses artificial intelligence technology to create fake pictures or videos. The creator can utilize special software programs to create the picture or video by face swapping. This has become a problem because it can violate the victim’s privacy rights and public image.

We can detect the false image by conducting a reverse-image search. So, in other words, if the fake image was made by using another image on the web, the original version should be found. The fake image may be also detected by close evaluation. So, for example, the person in the fake video may not blink or yield normal facial expressions. It may also be detected through magnification or physiological analysis.

The victim’s legal rights can be violated by the deepfake creator or publisher. In most cases, it raises an issue regarding privacy rights. In California, false light is a legal cause of action that can be used by the plaintiff against the defendant who improperly represented the plaintiff who was embarrassed or offended by those actions. The plaintiff may argue that any reasonable person in the same or similar circumstances would be embarrassed or offended. The plaintiff may bring a cause of action for defamation against the creator and argue that the false factual statement – i.e., picture or video – was not privileged and had a tendency to damage his or her reputation in the community. The plaintiff may also file a legal action for misappropriation or right of publicity of the picture or video was utilized to promote a promote or service. Now, if the plaintiff suffers from emotional distress (e.g., depression, anxiety, insomnia), then he or she may also bring a cause of action for intentional or negligent infliction of emotional stress. See https://www.justia.com/trials-litigation/docs/caci/1600/1600 for more information.

Artificial intelligence technologies have been used to enhance deepfake campaigns. Deepfake is defined as synthetic media where a real person’s image is replaced with someone else’s likeness. It can be used to create an artificial video of another person and make it look real. It has been used to create celebrity porn videos, revenge porn, or fake news. It uses deep learning artificial intelligence software to create a fake picture or video. So, in essence, it can threaten valid and truthful information by publishing false or inaccurate information.

The technology that permits the creation of deepfake is “deep neural networks” which is one kind of artificial intelligence algorithm that finds large data set patterns. The neural-network structure that is generally used is the “autoencoder” which comprises of an encoder and decoder. The encoder compresses the image to a smaller size and the decoder decompresses the image back to the original size. A similar technology is the VFX which has been used by movie studios for visual effects. However, at the present time, a similar and less expensive technology is available.

There can be problems with deepfake technologies. For example, it’s been used to create fake images or videos of well-known individuals. This, in and of itself, can create legal issues such as defamation, false light, and civil harassment. Defamation is a false factual statement that is not privileged and tends to harm someone’s reputation. Defamation can occur against individuals and corporations and can have a lasting negative effect. False light is similar to defamation but it usually concerns invasion of privacy. So, for example, it can happen when a person is falsely portrayed as something he or she is not due to inaccurate impressions. The Restatement Second of Torts, Section 652, defines it as follows:

Digital currency security and privacy laws are changing with time. We have mentioned transparency issues in previous articles. The fact that Bitcoin’s blockchain transactions are public and generally accessible can be beneficial when it comes to government investigations. Yet, it may not be the most secure platform for cryptocurrency transactions especially for legitimate businesses. So, in short, we should realize that government surveillance and subsequent investigation may be part of the deal.

The Bitcoin blockchain automatically records all transactions to show when, where, or how the digital currency was bought or sold. It does not show the true name of the associated individuals but that information can be obtained from digital currency exchanges (e.g., Coinbase), third-party wallet providers, or third-party intermediaries. In fact, state or federal anti-money-laundering laws require them to store customer records for identification purposes. So, for example, if a government agency wanted to identify the customer, it could issue a warrant without obtaining a court order. Then, the third-party recipient – i.e., a digital currency exchange like Coinbase, Abra, or Uphold – would be obligated to respond within a certain deadline. Now, if the government agency has no probable cause to issue the subpoena or warrant, then there may be a problem. There are two notable cases on this point. First, is United States v. Gratkowski, No. 19-50492 (5th Cir. 2020), where the district court held that the government was allowed to subpoena Bitcoin records from a digital currency exchange without a warrant. Second, is Harper v. Rettig, et al., where the plaintiff sued the Internal Revenue Service (“IRS”) for violating his Fourth Amendment right against unreasonable searches and seizures when it issued an informal demand letter to the digital currency exchange to obtain his financial records. Plaintiff argued that he was unlawfully subject to the government’s investigation since there was no evidence to prove he had committed a violation. Plaintiff also argued that his rights were violated under the Fifth Amendment’s Due Process Clause since the government agency seized his private financial records without prior notice. The government argued the “Third-Party Doctrine” was applicable, and as such, it should be allowed to access any kind of information that was shared with the digital currency exchanges. The Third-Party Doctrine holds that there is no reasonable expectation of privacy when an individual shares information with another party – e.g., Internet Service Provider, Digital Currency Exchange. These cases clearly show that there will certainly be an ongoing clash regarding cryptocurrency security and privacy regulations. On one hand, the government agencies will be overseeing the transactions to ensure legal compliance. On the other hand, consumers will protect their rights pursuant to the applicable state, federal, or international laws.

The government has, and will probably, continue to investigate websites for criminal activities. The government can use special tools or techniques – e.g., forensic software – to evaluate and obtain suspicious addresses from the blockchain. The next step is to send subpoenas towards third-party digital currency exchanges to trace cryptocurrency payments back to the user. The government agents can obtain more information from the digital currency exchange and determine whether they should obtain a search warrant. If so, then they can legally search the suspect’s home or other properties for more incriminating evidence. We have mentioned the Third-Party Doctrine carves out an exception to the Fourth Amendment’s principle against unreasonable searches and seizures. The courts have held that a user who submits information to a third-party digital currency exchange may not protect his privacy by using the Fourth Amendment. However, some litigants have argued that digital currency transactions are similar to cellphone location records which are protected by the Fourth Amendment under Carpenter v. United States (2018) 138 S. Ct. 2206. The district courts have rejected that comparison because cellphone location records are automatically gathered as a result of communications between the individual’s cellphone and communication service provider’s cell towers. However, the digital currency financial records are gathered as a result of the user’s voluntary transactions.

Bitcoin has become a popular digital currency in the past several years. Its price has fluctuated tremendously in the past five years. And now, everyone is rushing into buying it by using various applications such as Coinbase. As always, the bad actors (i.e., hackers) are on the prowl to exploit weaknesses. These weaknesses include the lack of preventive measures such as encryption and backups to secure the wallets. Therefore, once the wallet has been hacked, there isn’t much the victim can do to regain the digital currencies.

It is important to remember that Bitcoin transactions are transparent. In other words, all Bitcoin transactions are public, traceable, and stored on the blockchain network. Bitcoin addresses are the only indicators that show where they are stored and transmitted. Our research indicates that you should be able to protect your privacy if you use a new Bitcoin address every time you receive payment. Technology experts recommend that it may be prudent to use several wallets for different objectives – i.e., you can have a software and hardware wallet that can be used for a different reason. This way, there would not be a direct link between the cryptocurrency transactions.

Technology experts recommend not posting a Bitcoin address on a public domain such as a social media platform. The whole point is to avoid publishing information regarding your digital currency transactions since it could let third parties identify your Bitcoin address. It must be noted that Bitcoin’s network is a so-called “peer-to-peer” network that can be used by the general public. Also, in this kind of network, the user’s Internet Protocol (“IP”) address can be logged without your knowledge or consent. Therefore, it’s important to use some kind of masking software (e.g., ToR) or other technology to hide your computer’s IP address. ToR, which is also called “The Onion Router” provides a way for its users to mask their identities. It was originally designed for the military but it has been used by civilians for several years.

Digital currencies have become prevalent around the globe in recent times. There are various enterprises that are involved in the mining process which is now more difficult especially because it needs more computing power. Bitcoin’s price volatility is a major issue which has scared away investors. However, more importantly, are the security and privacy issues.

Digital currencies are usually stored in software or hardware wallets. These wallets allow the owners to store their digital currencies. There are studies that indicate hardware wallets are not as secure since hackers can use malware to intercept communications between the wallet and computer.

Hackers are always after valuable digital currencies. They are constantly trying to figure out a way to steal Bitcoin, or other kinds of cryptocurrencies, in a clandestine manner. For example, in 2014, Mt. Gox was hacked by an anonymous group and 850,000 Bitcoins were extracted without being found. There are other exchanges such as Coinbase, Binance, Kraken, or Gemini which can be targeted by the so-called “bad actors.” The hackers will use the necessary tools and techniques to shut down the major exchanges. These tools or techniques can be DDoS attacks which can cripple the computer network system. These types of attacks have been used to bring down the networks of private and public organizations.

Predictive policing has been used to calculate and forecast future crimes. Yes, although it sounds quite futuristic, but it has been used by various private and public organizations. The City of Santa Cruz, California was one of the first state governments that tried to implement this technology in an effort to stop crime. Predictive policing works by using machine-learning algorithms to calculate the possibility of future crimes. It uses mathematics and data analytics to evaluate information and make systematic predictions. It can also use artificial intelligence technology to reach the results. However, after some time, its public officials stopped their efforts to prevent racial inequality. Predictive policing raises several legal issues that will be addressed in this article.

First, there could be a problem with negligent police activity. We know that, once access is granted to a database of private or confidential information, it is highly probable that someone will abuse it. In other words, an agent may use that information in the wrong way. The technology has not proven to be effective in the sense that crime can be predicted. So, the police officers may engage in activities that would constitute harassment instead of protecting the public. C.C.P. § 527.6 defines harassment as “unlawful violence, a credible threat of violence, or a knowing and willful course of conduct directed at a specific person that seriously alarms, annoys, or harasses the person, and that serves no legitimate purpose. The course of conduct must be that which would cause a reasonable person to suffer substantial emotional distress, and must actually cause substantial emotional distress to the petitioner.” So far, predictive policing’s technology has not been able to specify who, when, where, what, how, or why future crimes can take place. It has not been able to tell the specific location of the future crime. So, for these reasons, it could be abused that could lead to negligent policing activities.

Second, there could be a problem when the private or confidential information is used to violate someone’s privacy. Invasion of privacy is a cause of action where the plaintiff sues the defendant for violating his or her privacy rights. The elements for public disclosure of private facts are as follows: (1) defendant publicized a matter regarding the private life of the plaintiff; (2) the publicized matter would be highly offensive to a reasonable person; and (3) it is not of legitimate concern to the public. In addition, invasion of privacy may occur if there is an intrusion upon someone’s seclusion. The prima facie elements for this cause of action are: (1) defendant intruded into plaintiff’s private affairs, seclusion, or solitude; and (2) the intrusion was objectionable to a reasonable person.

Cybersecurity risk management has become a more challenging endeavor recently. It was never an easy task for commercial enterprises, but now that we’re facing a global pandemic and economic recession, there are additional challenges. At this point, most of our personal information is being transmitted and stored on the internet. Third-party cloud service providers have become a useful variable in the equation but they can also become a liability if there is a cybersecurity incident. Therefore, cybersecurity risk management has become more difficult especially since commercial enterprises share personal or confidential information with third parties.

The fact that our personal information is no longer in our possession or control makes cybersecurity risk management more challenging. Now, if, our personal information was stored in one location, and as such, was in one company’s possession, life would have been easier. However, multiple vendors, and third-party service providers gain access to our confidential information. So, the level of liability rises to a different stage since there is additional potential responsibilities that must be managed. In addition, some companies have allowed their employees to work from home and this business model makes it more difficult to manage cybersecurity risks. In other words, remote employees can become the proverbial “weakest link” which can be quite dangerous for the commercial enterprise.

A problem in the cybersecurity risk management formula is that change is never ending. The constant change in technology and law makes it more difficult for companies and their information technology managers to keep up. Our law firm’s cybersecurity lawyers generally recommend working with computer technology experts on a regular basis. This way, they can develop the necessary policies on their networks. They should identify the risks by understanding the cybersecurity rules and regulations. An information technology manager should implement internal and external policies to secure the network which usually holds confidential information. For example, the network should have a secure software or hardware firewall, encryption algorithm, and multi-factor authentication system. The information technology manager should develop and implement regular training sessions for employees.

Cybersecurity risk management is a key component in avoiding cybersecurity incidents. Our law firm assists clients with breach response plans pursuant to the rules and regulations. An Incident Response Plan (“IRP”) should be carefully created to address cybersecurity incidents. There are strategic challenges with implementing an effective IRP within the organization but there could also be legal challenges. Hence, we encourage clients to implement a cybersecurity framework that can effectively prevent breaches. This can be done by working with qualified legal and computer experts.

We encourage clients to coordinate communications with their employees and representatives. The company’s partners and affiliates should also be aware of the breach notification and prevention protocols. This is especially important if the company has various locations and satellite offices. The company must act quickly when it finds out about a breach so that it can follow the rules and regulations. In fact, the European Union’s General Data Protection Regulation (a/k/a “GDPR”) mandates breach notification to the proper authorities within three days. In addition, in California, the law imposes a 72-hour breach notification obligation under the California Consumer Privacy Act (“CCPA”) which became effective on January 1, 2020.

We encourage clients to develop different types of response plans for various cybersecurity incidents. There are different types of breach that can take place on the computer network. In general, the bad actors compromise the computer network to steal personal information. However, availability attacks have also increased which in essence deny access to the system. For example, installing ransomware on the computers or launching a Distributed Denial of Service (“DDoS”) attack on the computer network can accomplish this task. There could be serious legal consequences if the company cannot properly protect its network which yields private and confidential information – e.g., intellectual property, trade secrets. There are various state, federal, and international laws in this context. For example, the Philippines Data Privacy Act defines a “security incident” as an event or occurrence that affects or tends to affect data protection or may compromise availability, integrity, or confidentiality.

Smart devices are being sold to consumers and businesses on a regular basis. They include smart phones, smart cars, smart televisions, smart thermostats, smart doorbells, smart bulbs, smart locks, smart watches, smart speakers, smart refrigerators, and other electronic devices. These smart devices can be recording you or collecting personal data without your knowledge or consent.

Privacy in the internet and technology age has become a major concern. This is primarily due to the existence and availability of smart devices which are even referred to as “smart spies” because they can record and transfer personal information to the hackers who use technical flaws to install spyware. This is why it’s important to review the security settings of the smart device on a regular basis. For example, smart televisions are connected to the internet, and if they are hacked into, they can easily be used for nefarious purposes. Smart speakers and digital assistants are listening to voices and that is why they can be a threat source for their users. They are constantly collecting information with or without the user’s knowledge or consent. There may be a way to delete the recently-recorded information by telling the smart device to delete the last conversation but consumers should read the user’s manual to learn about the options.

Smart doorbells, which are part of a home’s security surveillance system, have cameras and are connected to the internet. Therefore, they can be hacked into and used to record activities. For example, Ring has been questioned for sharing video recordings with police departments and third-party service providers such as Facebook and Google without the user’s knowledge or consent. It is important to view the “authorized client devices” feature to understand which device is accessing the account.

Internet dispute resolution has evolved and become more prevalent in recent years. The internet has offered many advantages when it comes to electronic commercial transactions and communications. It has enabled e-commerce websites to gain access to domestic and foreign customers. Naturally, there could be disputes between the e-commerce websites and their customers, or alternatively, between the customers themselves. These disputes are usually related to contractual rights and responsibilities which can be resolved through alternative dispute resolution – e.g., arbitration, mediation.

Geographic location of the parties can create an impediment for dispute resolution purposes. This is especially true because in most circumstances the parties hire a third-party neutral to review their files and issue a final decision. Internet dispute resolution provides an option to have the parties reach a practical solution even though they may be in different jurisdictions. The parties and their neutral judge can be in geographically different locations and need not meet in person to reach a final decision. This, in and of itself, provides a huge advantage from a logistical point. It also brings down the cost of traveling since they can use videoconferencing technologies.

Technology tools and techniques have provided a relatively stable platform for internet dispute resolution procedures. The software and hardware technologies that are available today allow the neutral judge (e.g., arbitrator, mediator), and interested parties, to effectively participate in the dispute resolution procedure. They can securely send and receive files which may include sensitive or confidential information such as financial information. These technologies are using encryption for security reasons. This way, the parties can have trust and confidence in the process and effectively use it.