Internet Law

President’s Executive Order on Cybersecurity

Published on: May 8, 2017 | by Law Offices of Salar Atrizadeh

President Donald Trump has signed an executive order on cybersecurity as a response to the WannaCry ransomware attack. This executive order is entitled as “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The executive order contains three main sections and a fourth category that includes some definitions of terms that are contained in the order.

The first section of the executive order is regarding Cybersecurity of Federal Networks. This section states that the United States Information Technology (IT) should have the data secured responsibly by the United States Government. The President said that he will also be holding the heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises. One of the findings included in this first section is that the executive branch has been too accepting of IT in that it is antiquated and difficult to defend. To manage these risks, the first section includes a risk management section, which includes ideas of how to reduce future cybersecurity risk. For example, the head of each agency must provide a risk report to the Secretary of Homeland Security and Director of Office of Management and Budget.

The second section of the executive order is regarding Cybersecurity of Critical Infrastructure. This section states that support must be provided to the critical infrastructure that faces the greatest risk. It also describes how the Secretary of Commerce and Secretary of Homeland Security will both go through an open process to try and improve how resilient the internet is, so they can reduce threats of automated attacks.

Who Is Responsible for the WannaCry Attack?

Published on: May 1, 2017 | by Law Offices of Salar Atrizadeh

On May 12, 2017, what is believed to be the largest ransomware attack in history occurred on the internet.

A global search is heating up trying to locate those who are responsible for the attack.

While this search is occurring, there is also a question of how much blame for the attack should be placed on Microsoft. This is because the WannaCry attack took advantage of a weakness that was already existing in the Microsoft operating systems.

Copyright Preemption Laws

Published on: April 24, 2017 | by Law Offices of Salar Atrizadeh

For example, you have a lawsuit against another party for infringing on your personal rights of privacy. The other party takes a photograph they had taken of you, and then licenses it to other individuals without your consent. Those individuals use it as a basis for a character in another work, making a large amount of profit. Naturally, this wouldn’t sound fair to the subject of the lawsuit. Yet, making matters worse is, given a current case, it’s suggested that the action would effectively have no remedy. This is due to the doctrine of preemption. So, what is the preemption doctrine? How does it apply to an individual in a case? How might preemption be avoided by the careful litigant?

Copyright Preemption

Before going into the relevant case, copyright preemption is a doctrine in copyright law, with Section 301 dictating that in cases where a personal right and copyrights may clash, the Copyright Act will take precedence, and other rights will be preempted by the copyright. Included in a “copyright” are rights against reproduction, as well as a right to control distribution, derivative works, and publication of works, in addition to others. This would also mean that preemption would cover far more than what is protected by copyright. This has the effect of removing the basis for a lawsuit as the plaintiff may not have a right in the copyrighted work.

Mavrix Photographers, LLC v. LiveJournal, Inc.

Published on: April 17, 2017 | by Law Offices of Salar Atrizadeh

In theory, a moderator is a sound idea for any individual running a website that allows user interaction. Presumably, moderators can filter out comments and content that is disreputable, disrespectful, and patently offensive. The moderator can keep discourse civil and help foster insightful positions. Perhaps the website can even rely on volunteer moderators who are bound by the website’s rules and regulations. However, the moderator’s very existence risks making a website’s owner subject to liability for copyright infringement. These questions were recently addressed in a case involving LiveJournal. What is this case about? Why could a volunteer moderator trigger legal liability? Are there any guidelines to determine risks?

Mavrix Photographers, LLC v. LiveJournal, Inc.

This case is one arising out of the United States Court of Appeals, For The Ninth Circuit, regarding the potential liability of LiveJournal over an alleged infringement of twenty different photographs. LiveJournal is a social media website, which sets up various forums for different communities. The communities can post and comment on a theme and are allowed to create their own rules in addition to LiveJournal’s rules and regulations. The photographs were then published to a sub-forum on the website, focusing on celebrity news. The photographs were watermarked, and subject to copyright by the photographer. However, one issue was how LiveJournal used its moderators.

Facebook v. Power Ventures: Unlawful Access To Computer Networks

Published on: March 27, 2017 | by Law Offices of Salar Atrizadeh

After this month’s discussion on the statutes that prohibit the unauthorized access of email accounts and digital assets, one might wonder how these statutes may apply in a case. However, in the lengthy saga of Facebook v. Power Ventures, the Ninth Circuit issued a determination giving a bright line example of what would not be permissible under the law. So, how did Power Ventures violate these unlawful access laws? How did they attempt to move around the laws? What was Facebook’s argument, that has thus-far prevailed in the courts?

Case History

This case focuses on Power’s use of Facebook through the actions of other users. Power, a type of social media aggregator, would allow users to “link” Facebook, Twitter, and other social media accounts to permit control from a single website. From there, Power would “scrape” data under the permission of the Facebook users. However, this was against Facebook’s terms and conditions. Power would also invite users to invite others in spam-like messages, as well as deploying bots. This ultimately resulted in an IP-based ban against Power. Yet, Power evaded those bans and defied a cease and desist letter, prompting Facebook to sue based on CAN-SPAM, Penal Code 502, and CFAA.

Fiduciary’s Access Rights To Decedent’s Digital Assets

Published on: March 20, 2017 | by Law Offices of Salar Atrizadeh

What happens to a person’s digital assets when he or she passes away? They still have email, social media, and bank accounts. This could be an uncomfortable topic. However, any unauthorized access to a person’s online account that is password protected will constitute a violation of state or federal law. For example, checking on a deceased relative’s emails or wrapping up any lingering business is forbidden as it can violate Section 2511 (unlawful interception) or Section 2701 (unlawful access). Yet, California, in hopes to give an acceptable bit of leeway to the federal law has passed a new statute. So, what is this statute? How might it allow you to take care of the lingering communications of decedents? What can a person do?

Revised Uniform Fiduciary Access To Digital Assets Act

The Act allows an individual to use either an online tool to give access to online data or digital assets, including, but not limited to, electronic communications. In the absence of a tool, a trustee, personal representative, or other fiduciary, could be named via a will or other instrument. While this doesn’t impair the terms-of-use, it does allow a custodian (a/k/a “service provider”) to grant the fiduciary either full access to an account, sufficient access to complete the necessary task, or access to physical copies of digital assets. Naturally, a service provider can charge for this task and does not need to disclose deleted assets.

Unauthorized Wiretapping Laws

Published on: March 13, 2017 | by Law Offices of Salar Atrizadeh

In addition to California’s precautions against unauthorized email access, there are additional Federal measures to protect privacy. Compared to state measures, this gives another way for an individual to seek legal remedies in a federal court. This is broken up into three different statutes, as part of the Electronic Communications Privacy Act, first regarding wiretapping, unlawful access, and pen registers. Yet, to a business only the first two have real consequence, with the final one applying in a narrower scope. So, what is the difference between anti-wiretapping and unlawful access laws? Why might someone choose to sue under the wiretapping statute, but not unlawful access? Can either provision provide an individual the ability to recover for lost or misappropriated sensitive information from electronic mail?

Federal Laws

Federal wiretapping laws are outlined in 18 U.S.C. 2511, which focuses on prohibiting the intentional interceptions of electronic communication unless it is for valid government purposes. Yet, while it is called a wiretapping statute, it’s far more expansive. An unlawful interception would result in a fine and, at most, five years of imprisonment. However, the civil remedies for a violation come from Section 2520, which allows equitable relief (e.g., injunction), punitive damages, and attorney’s fees. The computation of damages is limited to the greater between the actual damages or statutory damages of $100/day for each day of violation or $10,000.

Unauthorized Access To Email

Published on: March 6, 2017 | by Law Offices of Salar Atrizadeh

This article discusses the remedies for unauthorized access to email in the State of California. Now, email is an essential part of our lives and has been granted extensive protections in the state and federal spheres. Beyond that, it can occur in a variety of ways such as: (i) leaving an unlocked device on your desk; (ii) lending someone your email password; (iii) getting hacked by someone; or (iv) simply failing to properly update security on your device. Yet, what laws are in place to punish those who would unlawfully access an email account? What are the consequences? How might this help business owners protect their confidential information and intellectual properties?

California Laws

In California, there are statutes for computer crimes, which would prohibit individuals from unlawfully accessing another person’s email accounts. For example, Penal Code 502 prohibits access without permission of computers, networks, internet websites, electronic mail, and similar things. Although, it should be noted that Penal Code 502 lists other criminal acts, such as knowing misuse of domain names, introductions of contaminants, and deletion of data.

Who Are Script Kiddies?

Published on: February 27, 2017 | by Law Offices of Salar Atrizadeh

There are few things that you consider when forming a cybersecurity framework. Naturally, chief among them are the perpetrators such as hackers who engage in mysterious online threats by constantly adapting to new technology. These hackers might seem indomitable, clever, and always working to break down security. Yet, this is not necessarily the case. What if the nature of the threat was different? What if anyone could become a top-level hacker without sufficient knowledge of computer programming? How might a business address this issue and anticipate a different threat?

What is the nature of the threat?

On the issue of hackers, while there are certainly those who have the skills to access systems, but they are not the only threat. There are three kinds of hackers: First: “white-hat” hackers, who will hack to expose security flaws for a company. Second, “black-hat” hackers who hack to cause harm or gain profit. Third, “script kiddies” who are an offshoot of black-hat hackers. These script kiddies tend not to have the technical skills of a black-hat hacker. Instead, they rely on pre-existing tools that black-hat hackers disseminate. This allows a script kiddie to engage in a more advanced attack and cause harm. One particularly notorious instance occurred on February 7, 2000, where a 15-year old launched a massive DDoS attack using a slightly modified tool that was downloaded online.

Ransomware: Does A Tort Claim Apply?

Published on: February 20, 2017 | by Law Offices of Salar Atrizadeh

In our last blog post, we mentioned eBay, Inc. v. Bidder’s Edge, Inc. While the case wasn’t related directly to ransomware, it creates an important precedent for tort liability. Specifically, it supports the idea that common law torts can be carried out and applied in the digital world. So, what does eBay give us as a legal theory? How might it get applied to ransomware in a hypothetical case? What is the likelihood of succeeding on such a case?

Case Analysis: eBay, Inc. v. Bidder’s Edge, Inc.

In this case, eBay sued Bidder’s Edge for the use of a type of program known as a “spider” or “bot.” These programs would automatically go to eBay, search for information, and repost it on Bidder’s Edge. The purpose of this was to allow others to get better ideas of what to bid on items by searching multiple auction sites. While there were negotiations to allow Bidder’s Edge to access eBay, however, the negotiations broke down, and ultimately prompted the lawsuit.