Internet Law

E-commerce Transactions

Published on: September 28, 2015 | by Law Offices of Salar Atrizadeh

The phrase “e-commerce transactions” invokes thoughts of a complicated and technical phenomenon. In fact, many people partake in e-commerce transactions every day.

What is an e-commerce transaction?

An electronic commerce (a/k/a “e-commerce”) transaction involves a commercial transaction that takes place over the Internet. So, any trading of products or services over any electronic network, including, but not limited to, the Internet, is considered a part of e-commerce. The e-commerce transactions covered by the term include, business-to-business, business-to-consumer, consumer-to-consumer, and consumer-to-business. There are three categories of e-commerce transactions. There are agreements with: (1) Shrinkwrap terms—when a tangible product is delivered to a physical address usually in shrinkwrap or clear packaging; (2) Clickwrap terms—in which a digital product is delivered over a network (e.g., e-book); and (3) Browsewrap terms—when terms are agreed to in order for a consumer to access and use a website. However, e-commerce does not always involve actual money. The transaction can involve e-cash, digital currencies (e.g., Bitcoin), or services.

Internet of Things and Security

Published on: September 21, 2015 | by Law Offices of Salar Atrizadeh

The Internet of Things (“IoT”) is the network of electronic devices that communicate with each other via the Internet without human intervention. It has caused concerns regarding security since vast amounts of unsecure electronic devices are being used to send and receive information. Furthermore, the data breaches that lead to the loss of privacy have become more common as the Internet is used to connect electronic devices via private and public networks.

What is the proper security level for electronic devices?

Electronic devices that connect to each other over the Internet were created to transfer information, but were not originally designed with proper security features. What is the proper security level when electronic devices are interconnected? In order to avoid unauthorized access, security precautions should be implemented within the electronic devices and computer networks. For example, firewalls, encryptions, intrusion detection systems, and multi-factor authentications should be implemented as preventive and reactive measures. The electronic devices—which are accessed via the Internet—should be segmented into their own network and include network access restrictions. Also, consumers should change the default passwords on smart devices and implement strong passwords.

What is Quantum Computing?

Published on: September 14, 2015 | by Law Offices of Salar Atrizadeh

A quantum computer is a highly-advanced computer system that works exponentially faster than today’s conventional computers. Quantum computing is the practice of studying quantum computers and their potential. This practice is growing and has caused the rapid decrease in the size of computers at the same time as these systems are rapidly increasing in their capability. However, quantum computers are still being developed and have not yet become accessible.

What is a quantum computer?

A quantum computer is an advanced computer system. Quantum computing studies theoretical computation systems which use quantum-mechanical phenomena (e.g., superposition, entanglement) to perform data operations. While the average computer’s memory is made up of bits, a quantum computer’s memory is made up of qubits. A regular computer saves information in binary form using zeroes and ones, which are called bits. These strings of numbers, which are comprised of 0s and 1s, create codes that instruct the computer on how to proceed. However, a qubit in a quantum computer is a particle (e.g., atom, electron, photon) which is manipulated to store information. It is a two-state quantum-mechanical system, such as the polarization of a single photon, which can be vertical and horizontal polarization. So, the particle is manipulated in its quantum properties, like its spin or polarization, and can have multiple properties. Because of the flexibility and variation of qubits, more information can be stored on a quantum computer. Most importantly, information can be processed at an exponentially faster rate. For example, a problem that would take a conventional computer several minutes to solve due it its complexity, could be solved in less than a second by a quantum computer. This is because today’s conventional computers must go through each problem one step at a time, where a quantum computer has the ability to solve multiple problems instantaneously.

Class Action and the Song-Beverly Credit Card Act

Published on: September 7, 2015 | by Law Offices of Salar Atrizadeh

Class certification can be a complicated issue that does not just rely on fulfilling the usual requirements. For example, in Gass v Best Buy Co., Inc., an issue of fact had to be determined in order to confirm the class action certification.

What was the court’s decision in Gass v. Best Buy Co., Inc.?

Gass v. Best Buy Co., Inc. was a class action that failed due to the way plaintiffs’ claim was brought. In this case, multiple parties brought separate lawsuits against Best Buy claiming that its practices were against the Song-Beverly Credit Card Act. The claimants then merged their claims. The “class” claimed to be representing “[a]ll persons from whom Defendant requested and recorded personal identification information in conjunction with a credit card transaction… and a subclass of those who were asked for their information relating to the pre-enrollment . . . in Defendant’s Reward Zone program in conjunction with a credit card transaction.” The Song-Beverly Credit Card Act says that companies may not request or require, as a condition to accepting the credit card, the cardholder to provide personal identification information. The practices in question were: (1) when employees asked customers for additional information if they agreed to be in the Rewards program; (2) when customers were asked for their phone number if they forgot their member cards; and (3) if a card failed to swipe on a charge over $100, the customer would be asked for a zip code in order to look up his/her information. First, the court determined that these requests for identification were not illegal. Second, since the requests for information were not a violation, the court ruled that plaintiffs could not be certified as a class. This was because the definition of those affected was overbroad and included customers who may not have suffered any violation. The court ruled that, if the plaintiffs wished to pursue a specific violation, each could proceed individually.

Internet of Things and Privacy

Published on: September 3, 2015 | by Law Offices of Salar Atrizadeh

The Internet of Things (a/k/a “IoT”) functions through smart devices that communicate with each other and collect data without human interaction. These devices include smart cars, smart homes, smart hospitals, smart highways, or smart factories. However, the lack of security protecting information is creating privacy concerns as data is collected by companies and shared with third parties (e.g., marketing firms, governmental agencies). Also, the smart device can be accessed without authorization (i.e., hacked) by third parties and its information can be used for various illegal purposes.

What is the Internet of Things and what private information does it hold?

According to the Organization for Economic Cooperation and Development (“OECD”), one of the Fair Information Practice Principles is the collection limitation of personal data. Stated otherwise, data should be collected with the owner’s consent, through fair and lawful means, and should be limited. The OECD has issued its guidelines that are considered as minimum standards for the protection of privacy and individual liberties. From a practical standpoint, these principles (and relevant guidelines) should be uniformly enforced in the United States and other countries.

Internet Fraud and Class Action Lawsuits

Published on: August 31, 2015 | by Law Offices of Salar Atrizadeh

The term “fraud” invokes the same general meaning whether applied to acts on the Internet or in more traditional forms. The difference with Internet fraud is that it occurs on the web and the number of people who may fall victim to the same violation. This situation lends itself to class action lawsuits due to large numbers of consumers alleging the same harm against the same defendant.

What is Internet fraud?

The term “Internet fraud” includes a wide range of actions. In general, “fraud” is defined in Black’s Law Dictionary as “[a] knowing misrepresentation or knowing concealment of a material fact made to induce another to act to his or her detriment.” Therefore, incidents such as emails promising money or misrepresentations in website’s terms of use are considered fraud. Under California law, a plaintiff must show that: (1) a misrepresentation occurred; (2) defendant knew the information was false; (3) defendant had the intent to induce reliance; (4) plaintiff relied on the false information; and (5) reliance was the cause of damages to plaintiff.

What Is A Class Action Lawsuit?

Published on: August 24, 2015 | by Law Offices of Salar Atrizadeh

Although, most people may think they understand what a class action is, however, the reality is more complex. A group of people cannot just bring a class action without following specific procedures. Notwithstanding the procedural impediments, however, in recent times, more class actions have been filed as the Internet is used as a primary source of communications, research, and transactions.

What is a class action lawsuit?

A class action is brought by a large group, usually under the name of one of the claimants or plaintiffs. In fact, Rule 23 of the Federal Rules of Civil Procedure clarifies when and how a class action can be brought to federal court. First, the class must be so numerous that joinder of all members is impracticable. In the past, classes have been certified with as few as 35 members, but normally there are large number of individuals in the class. Second, there must be questions of law or fact common to the class. One or more persons who are members of the class may sue or be sued as representatives of everyone in the class if their claims or defenses are typical of the claims or defenses of the class, and if they will fairly and adequately protect the interests of the class. These four basic requirements are often referred to as numerosity, commonality, typicality, and adequacy of representation.

Cloud Computing and International Laws

Published on: August 17, 2015 | by Law Offices of Salar Atrizadeh

Cloud computing is subject to certain complexities due to the interplay of international organizations, international users, and Cloud Computing Service Providers (collectively “CCSPs”). In essence, the owners, operators, and users of CCSPs may be subject to both national and international laws. Furthermore, as recent events have indicated, they may face risks when it comes to data privacy and security.

What does international law mean for cloud computing?

The authority that each state has in regards to jurisdiction is a grey area. For example, the Permanent Court of International Justice considers states as having no restriction on exercising jurisdiction on other states. This is the case, unless there is a prohibition under international law. For the most part, international law is considered private law, which revolves around contractual provisions. On the contrary, organizations like the European Union, which regulate cloud computing, operate under public law. For this reason, cloud computing falls under both public and private laws. Because of this, it is difficult to coin cloud computing as a public structure for the purpose of protecting against CCSPs. Additionally, the Restatement of Foreign Relations Law, Section 403, affects jurisdictional issues. This section provides that “a state may not exercise jurisdiction to prescribe law with respect to a person or activity having connections with another state when the exercise of such jurisdiction is unreasonable.”

Cloud Computing and Security

Published on: August 10, 2015 | by Law Offices of Salar Atrizadeh

Security issues related to cloud computing must be dealt with carefully because of the legal uncertainties that surround its regulation. At this time, the European Union and the United States deal differently with cloud computing and its security.

What methods are used to deal with cloud computing security issues?

Security issues can be dealt with by breaking them down, which is how the United States approaches them. The European Union, on the other hand, prefers to directly control cloud-computing issues. In the case of the European Union, all states must be in agreement about regulations in order for them to become rules. However, when specifically evaluating the United States, the Stored Communications Act (“SCA”) proves to be an issue. Because the SCA is a subpart of the Electronic Communications Privacy Act (“ECPA”), certain transactions within cloud computing fall separately under the statutes. This is significant because only certain classifications of stored data are protected by the SCA. Thus, different data transmission processes have varying levels of protection. Because the ECPA was drafted in 1986, it is outdated, and brings concerns about data security. Additionally, security concerns exist when it comes to the power of the federal government in regards to data, especially in the hands of the Department of Justice or National Security Agency.

Cloud Computing and Privacy

Published on: August 3, 2015 | by Law Offices of Salar Atrizadeh

Cloud computing is a service that is offered by service providers and allows for large amounts of information to be stored in virtual servers. These organizations are referred to as Cloud Computing Service Providers (collectively “CCSPs”) and operate within the “cloud.” They are able to operate on a global scale, which makes their activities subject to international laws and places their users at the risk of loss of privacy.

What steps have been taken to protect user data?

In general, users of cloud computing relinquish their data, which may include confidential information, in order to store large amounts of information. Thus, CCSPs must be careful to protect privacy according to industry standards. The failure to establish proper safeguards may result in legal action by private individuals or governmental agencies (e.g., Federal Trade Commission). However, due to the security risk that users face by storing their data, governments have taken active roles in protecting against information loss. For example, the European Commission has instituted a Data Protection Directive. The purpose of this directive is to to give citizens control over of their personal data and to simplify the regulatory environment for business.