Articles Posted in Internet Law

Published on:

In the accelerating information frenzy of the modern world, the specter of hacking has become more threatening as technology progresses.  For example, information is more accessible and vulnerable especially when it is valuable. Public and private institutions rely heavily on electronic communications and storage, which raises the stakes of a transgression.  Currently, there are legal barricades and consequences for accessing or exploiting another individual’s digital information without permission, but most are defensive, and some are largely ineffective.  The need for hacking countermeasures has been introduced and debated, but not satisfied.  International cooperation has largely helped, but is ultimately undergirded by political motive rather than principle.  To a degree, the law remains irresolute as to how to best combat online hacking and similar misconduct.

The federal government has exacted large punishments for hacking computer systems without authorization.  It defines “hacking” as accessing a computer without authorization or exceeding one’s authorization access, obtaining information that the United States government determines to be classified for reasons relating to national defense or foreign relations, or willfully communicating or attempting to communicate the information to any foreign nation, or willfully retaining the information and failing to deliver it to the officer or employee of the United States entitled to receive it.  It can be punished as a misdemeanor or a felony depending on the circumstances, resulting in a up to one year in prison and a $100,000 fine or up to ten years and $250,000, respectively.

So, hacking private companies or individuals can yield similar consequences.  Private companies are no strangers to cyberattacks.  In recent years, though, the scope of offense has broadened from companies contracted with the government or armed forces, to victims as diverse as movie studios and financial institutions.  As it stands, businesses have limited avenues to justice.  They may monitor, take defensive action, and fix whatever damage they incur on their own.  A Congressional bill recently drafted aims to allow businesses to “hack back” legally.  This can mean anything from simply tracing an attack, to identifying the attacker, to actually damaging the attacker’s devices.  However, the bill in its current form is discouragingly vague, and a company’s misstep could risk violating the same laws that were meant to protect it.  So, companies may be unwilling to take that risk.  Another criticism of the bill is that it does little to protect innocent third parties from retaliation where their systems might simply have been hijacked in a hacker’s scheme.  This concern is exacerbated by vagueness in the bill’s language allowing retaliation against “persistent unauthorized intrusion.”

Published on:

On April 10, 2018, Mark Zuckerberg, founder and chief executive of Facebook, took a chair beneath an array of Senators to answer for the uneasiness his company’s behavior had been giving the public.  The testimony comprised a broad variety of concerns – from user privacy to election meddling, to misinformation and an alleged bias in combatting it. The latter concern has fascinating legal implications we will discuss today.

More pointedly speaking, allegations that the large social media companies’ community guidelines have been enforced selectively have sparked a public controversy.  The accounts of some particularly controversial speakers, for better or worse, have been shut down, and others report that the volume of exposure their content gets has suddenly dwindled.  Pundits, for the most part on the right wing, have strongly condemned the companies, and ensuing arguments tend to hit all the philosophical tenets of the classical debate over free speech.

The First Amendment does not ensure anyone’s place on a private platform; it only restricts the government from discriminating with regard to speech, including, but not limited to, hate speech.  For the most part, it is left to market pressures to correct any perceived bias or wrongdoing on the part of the social media companies.  There are other areas of the law, however, that social media companies have some potential to run afoul of.  Critics and commentators have brought up both antitrust law and publishing law issues.  Although, there is debate over the likelihood that companies like Facebook infract upon either, yet the potential does exist.

Published on:

Do you monitor what personal information companies access and store when you visit a website?  Do you wish you had more ability to know what companies do with such data?  In 2018, user data privacy rights have become a major topic for discussion. Starting with Europe’s enactment of the General Data Privacy Regulation earlier in the year, and California’s passing of the Consumer Privacy Act, we have seen many changes in the online legal world.  The trend continues, with internet giants now lobbying for a federal regulatory scheme, which would ease the number of laws they have to comply with if each state follows California and enacts its own user privacy legislation.  In this blog, we will provide an overview of the recent changes.

After California passed a law this year, which grants consumers greater data privacy rights, there has been much backlash from technology giants.  Facebook, Google, Microsoft, and IBM are currently lobbying officials in Washington for a federal privacy law that would overrule California’s legislation.  These technology giants are hoping for such legislation to be passed through Congress, as the lobbyists would influence how the law is written, giving them discretion over their ability to use personal data and information.  Because federal law on such a matter would supersede state law, California’s user privacy law may become naught.

According to Ernesto Falcon of Electronic Frontier Foundation, a user rights group, the strategy of Facebook, Google, and Microsoft here is “to neuter California[‘s law] for something much weaker on the federal level.  The companies are afraid of California because it sets the bar for other states.”  As user data and information is such a key part of the business model of the social media companies – who use such information to sell advertisements – they want as much freedom as possible to collect and exploit such data.

Published on:

In this article, we plan to discuss the Fifth Amendment implications of requirements to digitally identify oneself, for example by facial or thumbprint recognition.

The spread of data-encryption services has made the retrieval of information more difficult for law enforcement officials.  Over half the attempts the FBI made to unlock devices in 2017, for example, were thwarted by encryption.  As such investigatory bodies would have it, the government could simply compel a suspect to hand over the password.  Their biggest obstacle, however, remains to be the Fifth Amendment.

Fifth Amendment jurisprudence has come to bear on this issue in the past decade, yet remains somewhat unsettled.  Back in 1975, Fisher v. United States set a foundation for the issue.  The case involved the IRS attempting to compel the defendants to give up certain documents, which they refused on the grounds that they would be incriminating themselves, and were protected by the Fifth Amendment.  The Supreme Court ruled that the Fifth Amendment’s words: “[n]o person … shall be compelled in any criminal case to be a witness against himself” only protect a suspect from having to communicate incriminating testimonialevidence, and that the production of that case’s physical evidence wouldn’t compel the person to “restate, repeat or affirm the truth of it.”  The Court later fleshed out the term testimonial in a case regarding the subpoena of bank records and said that it’s “[t]he contents of an individual’s mind [that] fall squarely within the protection of the Fifth Amendment.”  Generally, the courts don’t protect people from having to produce physical evidence, which is not considered “testimony” or the “contents of an individual’s mind.”

Published on:

Do the courts have the ability to subpoena user identity information from Instagram?  Can a person file a lawsuit against the operators of an Instagram page for defamation? An advertising executive was fired after being posted about on an Instagram account, Diet Madison Avenue. The account is known for outing sexual harassment and discrimination in the advertising industry.  The fired executive, Ralph Watson, is now suing Diet Madison Avenue, and the people who ran it for defamation.  The lawsuit names “Doe Defendants”for the people who ran the page and currently remain anonymous.

Watson claims that Diet Madison Avenue made false allegations  about him that cost his job.  Several other agencies have fired men whose names appeared on the Instagram account. Since being fired, Watson claims that he is unable to find work.  “Trial by social media” has been used to describe the incidents.  Watson claims that he has never sexually harassed anyone, but says that his career and reputation have been ruined overnight. Watson hopes that the trial will bring the operators of the account into court, where they must present the evidence and defend their claims.

The operators of the account have said that the allegations were independently researched and confirmed before any names were posted on the account.  The specific post in question called Watson an “unrepentant serial predator” who “targeted and groomed women,” among other things.  Watson also filed a wrongful termination lawsuit against the advertising firm he worked for by alleging defamation, wrongful termination, and breach of contract.

Published on:

Is a warrant required for law enforcement to access a suspect’s location information generated by the suspect’s cell phone?  Would obtaining such data violate a person’s Fourth Amendment rights?  In this blog, we will be discussing whether a warrant is required for law enforcement to access a user’s location information from cell phone service providers.  As geolocation information is almost continually updated when users interact with apps and send and receive messages, such location information is almost always available.  But also, as constantly available are Fourth Amendment rights, namely the right to be free from unreasonable searches and seizures.

In Carpenter v. United States, the Supreme Court analyzed this Fourth Amendment issue.  In order to obtain a search warrant, police typically must submit a warrant application to an independent judge or magistrate.  In the application, the police must outline facts leading the judicial officer to believe there is probable cause that the suspect is engaging in criminal behavior.  This showing of likely criminal behavior is known as “probable cause” and is required for police to conduct a search of a place or person.

There is an applicable federal law.  Section 2703(d) of the Stored Communications Act, which protects privacy information and the stored content of electronics, allows an exemption to the typical warrant required for a search.  Orders made under 2703(d) can compel the production of certain stored communications or non-content information if “specific and articulable facts show that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.” This is closer to what is known as the “reasonable suspicion” standard than “probable cause.”  Reasonable suspicion comes into play when police pull over a vehicle, for example, or conduct a stop and frisk of a suspicious person who they believe may be concealing a weapon.  Reasonable suspicion is a much lower bar to meet than probable cause.

Published on:

For this week’s blog post, we will be discussing a recently decided copyright law case, in which a foreign broadcaster was held liable for violating the Copyright Act when they allowed United States users to access copyrighted material through a video-on-demand website.  The specific case is Spanski Enterprises, Inc. v. Telewizja Polska, which was decided on appeal by the United States District Court for the District of Columbia.

In this case, Spanski, who is a foreign broadcaster, uploaded copyrighted television episodes to its website, and then projected the episodes onto computer screens in the United States for visitors to view.  The court held that in doing this, Spanski was in violation of the Copyright Act.

Taking a step back, we will briefly discuss what makes a work copyrightable.  In order for a work of authorship to be copyrightable, the work must: (1) be fixed in a tangible medium of expression; (2) be original and not a derivative work; and (3) display some level of creativity (i.e., typically just slightly more than a trivial amount).

Published on:

For this week’s blog post, we will be continuing with a discussion of another recently decided Supreme Court case.  Specifically, we will cover United States v. Microsoft Corporation, and talk about the ramification’s the Court’s decision has on the world of internet technology.

This case involves user data privacy rights and the ability of US based technology companies to refuse to comply with federal warrants when user data is stored overseas.  The case had to do with the extraterritorial (outside of the United States) application of the Stored Communications Act (SCA), and whether warrants issued under SCA could be effective with regard to new internet technology such as cloud storage and data centers.

In 2013, FBI agents obtained a warrant requiring Microsoft to disclose emails and information related to a customer’s account who was believed to be involved in drug trafficking.  Microsoft attempted to quash the warrant, claiming that all of the customer’s emails and information were stored in Microsoft data centers in Dublin, Ireland.  The court held Microsoft in civil contempt for refusing to give agents the emails, but this decision was reversed by the Second Circuit.  The Second Circuit held that requiring Microsoft to give federal agents emails that were stored overseas would be outside the realm of permissible extraterritorial application of the Stored Communications Act (18 U.S.C. 2703).

Published on:

For this month’s blog posts, we will be discussing some of the most recent Supreme Court cases that have been decided this year.  Specifically, we will address cases that are likely to have an impact on internet, e-commerce, technology, business, and cybersecurity laws.  We will start with a discussion of Murphy vs. NCAA.

Murphy vs. NCAA was decided on May 14, 2018, and generally was the Supreme Court ruling in favor of states’ ability to legalize sports betting.  The Supreme Court overturned the Professional and Amateur Sports Protection Act (PASPA), which previously prohibited all but a few states from legalizing sports gambling.  In Murphy, the Supreme Court held that PASPA violated states’ rights to make their own decisions regarding the legality of sports gambling.  The Court explained that Congress cannot commandeer states to enact or enforce a federal regulatory program, which was essentially what PASPA (as a federal act) was doing towards the states.

Many states, such as New Jersey, are thrilled with this decision.  They view it as an opportunity to generate revenue, prevent black market gambling, and help their economy.  The Court’s decision in Murphy empowers states with the ability to legalize and regulate an estimated $150 billion sports betting industry that was previously illegal.  New York, Connecticut, West Virginia, and New Jersey are among the 20 or so states already introducing legalizing legislation.

Published on:

Cyberbullying in schools is one of the most troubling activities currently plaguing our educational system.  When children are bullied, they can’t focus, they don’t feel that they fit in, and they often lose interest in school.  This creates absenteeism, depression, and even suicide among school-age children and teenagers in our society.

According to the California Attorney General: “Anyone who sends any online communication to deliberately frighten, embarrass, harass, or otherwise target another is a cyber bully.”  California Penal Code section 652.3 is slightly more specific, and states that every person who, with the intent to place another person in reasonable fear for their safety of the safety of their immediate family, by means of an electronic communication device, for the purpose of harassing, is guilty of a misdemeanor punishable by up to one year in a county jail, by a fine of not more than one thousand dollars ($1,000), or both.  Penal Code § 652.3 also makes it a crime to electronically distribute or make available personal identifying information, including a digital image of another person, or an electronic message of a harassing nature about another person, which would be likely to incite or produce unlawful action.

California law defines harassment as: A knowing and willful course of conduct that a reasonable person would consider as seriously alarming, seriously annoying, seriously tormenting, or seriously terrorizing and that serves no legitimate purpose (Penal Code § 652.3).  Electronic act as related to cyberbullying means: The transmission of a communication, including a message, text, sound, or image, or a post on a social network, by means of an electronic device.  This means that any post through Facebook, Twitter, Instagram, Snapchat, or email qualifies as an electronic act, and thus subjects the sender to potential liability for cyberbullying.