Articles Posted in Technology

There are state and federal privacy laws that are applicable to consumers and commercial organizations. There has been much activity with the collection and distribution of private or confidential information in recent years. Personal information can be collected through several methods such as voluntary disclosures, cookies, website bugs, tracking software, malware (e.g., worms, trojans, spyware), and phishing. For example, tracking software can be used to collect information but there must be proper disclosure. Nonetheless, criminals do not follow the rules or guidelines and it is a known fact they have access to the tools and techniques to extract customer information without obtaining authorization.

Personal information is certainly valuable to its owner. It is also valuable to a bad actor who is seeking to misuse the personal information without authorization. The bad actors who obtain personal information in a secretive manner are planning to gain a profit. They may engage in identity theft or online impersonation by using the wrongfully obtained personal information. Identity theft has caused a significant amount of monetary damages to the victims. There are state and federal laws that prohibit identity theft in every jurisdiction. The National Conference of State Legislatures provides a comprehensive list of these laws. In California, the following state laws prohibit identity theft and provide remedies:

  1. California Penal Code § 368: It prohibits identity theft against elders and disabled persons;

The Eliminating Abuse and Rampant Neglect of Interactive Technology (“EARN IT”) Act is a proposed bill that is designed to permit government agencies scan online messages and prevent child sexual exploitations. It is meant to force websites remove child abuse images from their platforms. The advocates argue it is necessary to allow the government evaluate online communications for potential violations. They argue that websites should be held accountable for user violations. This law seems to be against encryption which is used to obscure content from the unintended recipient. Encryption technology has been used to protect online privacy by scrambling messages through special algorithms. It can only be deciphered by the intended recipient who has access to the private key. Encryption can be used to securely communicate on the internet but it can also be used for nefarious reasons. That said, the EARN IT Act does not use the term “encryption” in its provisions. The supporting legislators have claimed the proposed statute is not designed to outlaw encryption. Also, it would require websites to adhere to certain best practices that will be implemented by the Attorney General’s Office by selecting a group of law enforcement agents who would impose them.

The EARN IT Act could reduce the protections granted under Section 230 of the Communications Decency Act (“CDA”) which provides a certain level of immunity for online service providers. Now, the immunity is not absolute but it is not very far from it. It protects online service providers (a/k/a “interactive computer service providers”) from user violations. For example, if the user engages in conduct that constitutes invasion of privacy of another person, the website would be shielded from legal liability. So, the victim could not file a lawsuit against the website for the user’s violations. However, the following three exceptions apply: (1) federal criminal activity and obscene material; (2) intellectual property violations; and (3) sex trafficking. In fact, 47 U.S.C. § 230(e)(1) prohibits obscene material and sexual exploitation of children. Moreover, 47 U.S.C. § 223 prohibits the transmission of lewd, lascivious, filthy, or indecent messages to a person under the age of eighteen. The CDA prohibits online service providers from sexual exploitation of minors, sex trafficking, or promotion of prostitution in jurisdictions where it is illegal. In other words, interactive computer service providers cannot facilitate these activities on their platforms. In Reno v. ACLU, the Supreme Court evaluated the CDA and its relevant provisions. It found that the CDA criminalized protected speech – e.g., sexually explicit speech – and unprotected obscenity.

The EARN IT Act has been compared to the Fight Online Sex Trafficking Act (“FOSTA”) and Stop Enabling Sex Trafficking Act (“SESTA”) which were passed to fight against online sex trafficking by making websites criminally liable for user content. These federal statutes caused several websites, including, but not limited to, Craigslist and Backpage to remove pages or be completely shut down. So naturally, critics have argued that they promoted online speech censorship and prevented people who engaged in consensual sex work. Yet, if the proposed bill passes legislation, it could open the floodgates for lawsuits against technology companies.

Online marketing and advertising can be a complicated process since the internet has opened new channels that did not previously exist before the technology age’s expansion. Now, with the advent of sophisticated technologies, business owners, startups, and entrepreneurs have more options when it comes to online marketing and advertising.

They can use email, telephone, or other online marketing and advertising tools to reach their customers. They can also use banners, pop-ups, metatags, mass emails, mass text messages, or linking and co-branding plans. The internet has no boundaries so you should realize that even though your company is located in one state, yet your online marketing and advertising campaign may implicate state, federal, or international laws. This can be true when your company is targeting customers in other states or nations. So, your contacts with that jurisdiction whether by having offices, employees, or customers there can play an important role in determining which court has authority to resolve disputes.

There are several state and federal laws that can be relevant to internet advertising. For example, the Lanham Act, FTC Act, or California Business and Professions Code regulate internet marketing and advertising. The Trademark Act – which is also known as the “Lanham Act” – regulates trademarks, service marks, trade names, and trade dress issues. This federal statute deals with infringements and outlines the remedies. It also creates a private right of action pursuant to 15 U.S.C. Section 1125(a)(1) against the infringing parties. A private right of action (or “implied cause of action”) is the legal right granted to a private party to file a lawsuit.

Electronic discovery is complicated because it’s a multifaceted procedure. The parties must review the computer network that yields the electronically stored information. They must identify the relevant electronically stored information (“ESI”) and understand the network infrastructure. The collection process is the next step wherein the parties must be able to locate, identify, and collect the relevant information. They may be required to hire forensic data professionals who can use special tools for the discovery process. These forensic data professionals should have access to electronic data discovery software. They should be able to procure mirror images of the electronic files which may yield metadata for a proper evaluation. They should also know how to handle metadata and privileged information (e.g., intellectual properties, trade secrets) to avoid complications. However, in most cases the discovery process becomes complicated due to a lack of cooperation between the parties. Therefore, it may be necessary to invoke the right to onsite inspection.

Onsite inspection of the adverse party’s computers is supported by the state and federal rules. For example, Rule 34(a) of the Federal Rules of Civil Procedure grants the right to engage in the onsite inspection of the adverse party’s computers. In California, Code of Civil Procedure Section 2031.010 grants the right to conduct onsite inspections in certain situations. In general, the requesting party should prove the adverse party has destroyed evidence, has altered documents, or has failed in its discovery obligations.

The courts have raised the concept of proportionality in their analyses. They’ve held that the cost and effort of electronic discovery should be justified by the litigation’s nature, amount in controversy, and relevancy of the requested electronic files. The courts have assessed whether the benefits of examination outweigh the privacy interests of the adverse party. If so, then the requesting party is granted the right to electronic discovery. Yet, there is a high probability that they will run into problems such as data alteration, deletion or fabrication.

Quantum computing technology will certainly have an effect on state, federal, and international laws. A quantum computer is a much more capable electronic device and has the ability to process data faster.  In general, computers can manage, control, and process information by using individual bits that store information as binary 0 and 1 states. The so-called “bits” are electrical or optical pulses that come in the form of 0s and 1s. Now, quantum computers leverage quantum mechanics to process information by depending on quantum bits – i.e., qubits. The so-called “qubits” are subatomic particles like electrons or photons that are isolated in a controlled quantum state.

What is a quantum computer?

A quantum computer is a complicated electronic device that has several components such as a Qubit Signal Amplifier, Input Microwave Lines, Superconducting Coaxial Lines, Cryogenic Isolators, Quantum Amplifiers, Cryoperm Shield, and Mixing Chamber. It is a sophisticated system that works through “quantum superposition” and “quantum entanglement” for enhanced computing processes.

The management of electronic records in litigation is important. In general, there should be a data retention policy for all business entities especially if they are part of a highly-regulated industry such as health care, energy, securities, and banking. There are state and federal laws that regulate the management of electronic records. For example, HIPAA, Sarbanes Oxley Act, and GLBA are the relevant and applicable federal statutes. These laws require the responsible officers to maintain records for a certain period and enforce penalties for intentional document alteration or destruction.

The litigants have the right to engage in discovery and demand the production of electronic records such as emails, letters, pictures, reports, and spreadsheets. The recipient of the discovery documents usually has a limited time to respond but if it fails to produce the requested electronic records, the court may issue sanctions. The courts have the authority to penalize the parties for overwriting emails in bad faith even though they were supposed to retain them for a certain time. So, in other words, the courts may issue monetary sanctions for not following the rules.

What is a data retention policy?

This article has been prepared to discuss the legality of online gambling and the relevant rules and regulations. These laws affect individuals, businesses, startups, and entrepreneurs as they’ve recently expressed their interests in this topic. Therefore, we will discuss the relevant state and federal laws.

It’s important to note that in Murphy v. NCAA, the Supreme Court struck down the Professional and Amateur Sports Protection Act (“PASPA”) and granted the states the right to regulate sports gambling within their own jurisdictions. In general, placing an online wager is legal but it should not be placed on a website that is located in the United States. In other words, the gambling website and its owner must not reside or do business within the United States and its territories. So, for this reason, individuals may run into contradictory state laws which will be referenced here.

What are the state laws?

Cryptojacking (or “malicious cryptomining”) happens when the culprits hijack a third party’s network bandwidth without authorization to use for their cryptocurrency mining efforts. The malicious software conceals itself on the electronic communication device and utilizes its resources. Obviously, the culprits engage in such clandestine activities to gain profit or else they would spend their time and energy on other matters.

Cryptocurrencies are digital funds stored on electronic wallets (also known as “virtual wallets”) that are encrypted and exist on electronic communication devices. They are considered a new kind of digital assets. Coins are cryptocurrency units which are entered into a database for recording the transactions. The digital transaction takes place online between the virtual wallet owners and recorded on a public ledger. Then, special computers transform the digital transaction into a complicated mathematical puzzle, and thereafter miners independently solve and confirm the digital transaction. The reward for solving the mathematical puzzle is to receive a new cryptocoin. So, as time has progressed, the mining efforts have increased and caused a significant amount of money to be spent on the process. There are miners who have created “computer farms” and dedicated a vast amount of specialized hardware and software programs.

Unfortunately, in most cases, when you fall victim to cryptojacking it will go unnoticed. You may realize your electronic communication devices are slowing down or using too much bandwidth even though it’s not necessary. There are reports indicating the culprits have been detected on mobile devices, cloud servers, and critical datacenters. Now, some companies have been able to defend against cryptojacking by upgrading browsers and malware scanners. However, as always, the culprits will try to circumvent these defense mechanisms. For example, there is a report from an international cybersecurity firm confirming a cryptojacking campaign against a specific brand of routers. This attack exploited a flaw in the network routers and infected them. So, in short, the culprits used the flaw to promote their cryptojacking scheme.

There has been an increase in privacy violations that have led to class action lawsuits. For example, Facebook was forced to pay $550 million to settle a class action lawsuit for privacy violations. In that case, it was ordered to pay the plaintiffs due to an alleged systematic violation of an Illinois consumer privacy law. The settlement agreement included a provision that required Facebook to procure express consent for face analysis and auto-tagging its users. There have been other lawsuits filed against technology companies, such as, Shutterfly, Snapchat, and Google for similar violations.

The California Consumer Privacy Act (“CCPA”) gives consumers the right to request information from a business about its data collection and retention practices. The consumers have the right to know if the business is using their data to make inferences from their behavior, attitude, psychology, intelligence, or abilities. This statute grants consumers the right to request a data deletion. It gives the consumers an “opt-out option” from selling their data to third parties. However, the statute is not retroactive which means that it does not apply to violations that took place before implementing the law.

A putative class action lawsuit was filed against Hanna Andersson, LLC and Salesforce.com for their alleged failure to maintain reasonable safeguards that led to a data breach. The complaint alleges that a group of hackers infiltrated the defendants’ websites with malware allowing them to extract personal information. Under Civil Code § 1798.150, a consumer is permitted to file a lawsuit if he or she can prove the business failed to implement reasonable safeguards to protect personal information. Then, if the plaintiff overcomes the applicable burden of proof, then he or she may be entitled to a minimum of $100 or maximum of $750 per consumer per incident, or actual damages, whichever is greater, as well as injunctive relief. However, there is a provision which requires giving the business an opportunity to cure the violation. In other words, the consumer must initially inform the business of the violation and grant at least 30 days to cure the violation. The business must provide a written statement that confirms the violation has been cured and no other violation will take place. Yet, the statute does not yield a safe harbor clause for the business against consumers who are seeking actual damages.

Electronic discovery (“eDiscovery”) rules and regulations must be understood when dealing with digital or electronic evidence. It is the concept of locating, identifying, collecting, and producing electronically stored information (“ESI”) as part of a response to production of documents in a pending legal action. Electronically stored information may include electronic messages, files, presentations, databases, voicemails, audio/video files, or websites.

Federal Rule of Civil Procedure 34 defines “electronically stored information” as writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations that are stored in any medium from which information can be obtained directly or after translation by the responding party into a reasonably usable form.

Federal Rules of Evidence 902(13) and 902(14) provide for the self-authentication of electronic evidence. So now, electronic evidence may be authenticated by certification instead of testimony. FRE 902(13) applies to electronic evidence like computer files, social media posts, and smart device information. FRE 902(14) applies to data copied from an electronic device, storage medium, or file.