Articles Posted in Technology

Predictive policing has been used to calculate and forecast future crimes. Yes, although it sounds quite futuristic, but it has been used by various private and public organizations. The City of Santa Cruz, California was one of the first state governments that tried to implement this technology in an effort to stop crime. Predictive policing works by using machine-learning algorithms to calculate the possibility of future crimes. It uses mathematics and data analytics to evaluate information and make systematic predictions. It can also use artificial intelligence technology to reach the results. However, after some time, its public officials stopped their efforts to prevent racial inequality. Predictive policing raises several legal issues that will be addressed in this article.

First, there could be a problem with negligent police activity. We know that, once access is granted to a database of private or confidential information, it is highly probable that someone will abuse it. In other words, an agent may use that information in the wrong way. The technology has not proven to be effective in the sense that crime can be predicted. So, the police officers may engage in activities that would constitute harassment instead of protecting the public. C.C.P. § 527.6 defines harassment as “unlawful violence, a credible threat of violence, or a knowing and willful course of conduct directed at a specific person that seriously alarms, annoys, or harasses the person, and that serves no legitimate purpose. The course of conduct must be that which would cause a reasonable person to suffer substantial emotional distress, and must actually cause substantial emotional distress to the petitioner.” So far, predictive policing’s technology has not been able to specify who, when, where, what, how, or why future crimes can take place. It has not been able to tell the specific location of the future crime. So, for these reasons, it could be abused that could lead to negligent policing activities.

Second, there could be a problem when the private or confidential information is used to violate someone’s privacy. Invasion of privacy is a cause of action where the plaintiff sues the defendant for violating his or her privacy rights. The elements for public disclosure of private facts are as follows: (1) defendant publicized a matter regarding the private life of the plaintiff; (2) the publicized matter would be highly offensive to a reasonable person; and (3) it is not of legitimate concern to the public. In addition, invasion of privacy may occur if there is an intrusion upon someone’s seclusion. The prima facie elements for this cause of action are: (1) defendant intruded into plaintiff’s private affairs, seclusion, or solitude; and (2) the intrusion was objectionable to a reasonable person.

Cybersecurity risk management requires proper due diligence on the company’s cybersecurity program. This is an important aspect because the company’s executives owe a fiduciary duty towards their shareholders and customers. In other words, a company’s manager or director should take every reasonable measure to ensure the safety and security of the company’s intellectual properties, trade secrets, and other sensitive or confidential information. As such, a claim or cause of action for breach of fiduciary duty can seriously hinder business operations and should be avoided by any means necessary.

We recommend properly assessing internal and external threats such as disgruntled employees or third-party contractors who were given access to the computer network system. It’s certainly possible for a disgruntled employee to insert a flash drive which yields malware into the network server to cause a malfunction. Therefore, it is important to have the right security measures implemented on the computer network system. For example, our cybersecurity lawyers recommend installing an Intrusion Detection System (“IDS”) to detect unauthorized access to sensitive or confidential files. It is important to review and understand the laws related to workplace monitoring because it could trigger workplace privacy right violations. There are state and federal laws that would impact the legal rights and responsibilities of employers and employees so it’s important to understand them. In fact, companies that fall under the definition of “critical infrastructure” organizations pursuant to Executive Order 13636 should consider implementing insider threat programs as a precautionary measure.

It’s recommended to have an enterprise risk assessment program that involves cybersecurity experts and lawyers. These computer and legal experts should join forces to establish a program that addresses the key issues – e.g., data privacy, data protection, insider threats, breach notification protocols. It’s important to have a plan before the so-called “cyber incident” so the key players will know their responsibilities. This way, when an incident takes place, there will be a preexisting protocol for everyone. Moreover, having access to a cybersecurity attorney is crucial to the company’s legal and ethical responsibilities. Our law firm advises its clients regarding the relevant state, federal, and international rules and regulations as we have the necessary background and expertise in internet, technology, and cybersecurity laws.

Smart devices are being sold to consumers and businesses on a regular basis. They include smart phones, smart cars, smart televisions, smart thermostats, smart doorbells, smart bulbs, smart locks, smart watches, smart speakers, smart refrigerators, and other electronic devices. These smart devices can be recording you or collecting personal data without your knowledge or consent.

Privacy in the internet and technology age has become a major concern. This is primarily due to the existence and availability of smart devices which are even referred to as “smart spies” because they can record and transfer personal information to the hackers who use technical flaws to install spyware. This is why it’s important to review the security settings of the smart device on a regular basis. For example, smart televisions are connected to the internet, and if they are hacked into, they can easily be used for nefarious purposes. Smart speakers and digital assistants are listening to voices and that is why they can be a threat source for their users. They are constantly collecting information with or without the user’s knowledge or consent. There may be a way to delete the recently-recorded information by telling the smart device to delete the last conversation but consumers should read the user’s manual to learn about the options.

Smart doorbells, which are part of a home’s security surveillance system, have cameras and are connected to the internet. Therefore, they can be hacked into and used to record activities. For example, Ring has been questioned for sharing video recordings with police departments and third-party service providers such as Facebook and Google without the user’s knowledge or consent. It is important to view the “authorized client devices” feature to understand which device is accessing the account.

Internet fraud and scams have exponentially increased in recent years. There are several reasons for this development which include the expansion of technology and usage of electronic devices in our daily lives.

The fraudsters find different ways to retrieve sensitive or confidential information in order to commit their crimes. For example, they may extract the information by dumpster diving next to corporations and financial institutions. There have been cases where sensitive information of a corporation’s employees was extracted without authorization. They may also engage in “shoulder surfing” which is another way to surreptitiously extract confidential information from the unsuspecting victim. These activities usually take place close to a bank’s ATM in order to steal the victim’s debit card PIN. They can also use what is referred to as a “skimming device” as a way to obtain sensitive information from debit or credit cards. These devices can be placed on ATMs to procure the confidential information without suspicion. The fraudsters can also obtain sensitive or confidential information by breaking and entering into the victim’s property. This way, they can look into the victim’s house or vehicle for valuable items or confidential documents.

There is a long list of internet fraud methods such as auction scams, rental scams, dating scams, lottery scams, and charity scams. The criminals are finding new ways to trick their victims into relinquishing valuable information – e.g., address, telephone, date-of-birth, social security number, debit or credit card number. Social engineering is another method to obtain information which is usually done by gaining the victim’s trust. It has become one of the main methods for extracting valuable information from unsuspecting victims. The internet allows culprits to anonymously communicate with their victims which is the major issue in lawsuits simply because it takes time and effort to launch an investigation. Our law firm is able to unmask the anonymous culprit’s identity by using the proper tools and techniques. We have access to a network of experts and investigators who can help our clients. We have also established relationships with local, state, and federal law enforcement agencies.

The parties are generally entitled to discovery of relevant and admissible evidence during litigation. This process includes the discovery of electronically-stored information (“ESI”) which can be stored at internal and external locations such as the local area network and cloud.  It has become more prevalent for companies to transfer their electronic files to the cloud to reduce costs. It is now more practical to upload and transfer data to a third-party’s servers. However, there are certain risks associated with this process. First, you will be relinquishing control over the electronic information. Second, you will not have control over the third-party’s information security protocols. In other words, even if the electronic information is originally encrypted, it may lose its encryption status if uploaded or transferred to the third-party’s servers.

It is important for attorneys to have a general understanding of the client’s network infrastructure. So, it is always recommended to interview the client’s information technology staff. This way, legal counsel can be better prepared to ask and answer discovery-related questions. Moreover, the relevant discovery rules are outlined in the Federal Rules of Civil Procedure 26, 33, 34, 37, and 45, and Federal Rule of Evidence 502.

Court Mandated Guidelines

Sextortion is a type of online blackmail. It’s one kind of sexual exploitation that takes place on the internet when an anonymous individual threatens to distribute the victim’s explicit videos or pictures if he or she does not comply with the demands which can include transferring funds through digital currencies. The culprit may use a webcam to extract private information and make threats to harm the victim if the victim fails or refuses to comply with the demands.

The culprit usually follows his victims on websites and chatrooms to gain their trust. The culprit may send a message to the victim that has malware in an effort to hack into the victim’s electronic devices. The victim can make the mistake of clicking on the link which releases the virus on to the computer. The infected computer is now compromised and can be used for nefarious purposes.

The courts have been dealing with sextortion since it is a new problem in the technology age. The law prohibits the non-consensual dissemination of intimate pictures or videos but the litigants or their lawyers have been using laws related to harassment, extortion, bribery, or child pornography. For example, 18 U.S.C. § 2251 prohibits sexual exploitation of children. The following federal statutes could be relevant to these activities: 18 U.S.C. § 2252, 18 U.S.C. § 2422, and 18 U.S.C. § 875.

There are state and federal privacy laws that are applicable to consumers and commercial organizations. There has been much activity with the collection and distribution of private or confidential information in recent years. Personal information can be collected through several methods such as voluntary disclosures, cookies, website bugs, tracking software, malware (e.g., worms, trojans, spyware), and phishing. For example, tracking software can be used to collect information but there must be proper disclosure. Nonetheless, criminals do not follow the rules or guidelines and it is a known fact they have access to the tools and techniques to extract customer information without obtaining authorization.

Personal information is certainly valuable to its owner. It is also valuable to a bad actor who is seeking to misuse the personal information without authorization. The bad actors who obtain personal information in a secretive manner are planning to gain a profit. They may engage in identity theft or online impersonation by using the wrongfully obtained personal information. Identity theft has caused a significant amount of monetary damages to the victims. There are state and federal laws that prohibit identity theft in every jurisdiction. The National Conference of State Legislatures provides a comprehensive list of these laws. In California, the following state laws prohibit identity theft and provide remedies:

  1. California Penal Code § 368: It prohibits identity theft against elders and disabled persons;

The Eliminating Abuse and Rampant Neglect of Interactive Technology (“EARN IT”) Act is a proposed bill that is designed to permit government agencies scan online messages and prevent child sexual exploitations. It is meant to force websites remove child abuse images from their platforms. The advocates argue it is necessary to allow the government evaluate online communications for potential violations. They argue that websites should be held accountable for user violations. This law seems to be against encryption which is used to obscure content from the unintended recipient. Encryption technology has been used to protect online privacy by scrambling messages through special algorithms. It can only be deciphered by the intended recipient who has access to the private key. Encryption can be used to securely communicate on the internet but it can also be used for nefarious reasons. That said, the EARN IT Act does not use the term “encryption” in its provisions. The supporting legislators have claimed the proposed statute is not designed to outlaw encryption. Also, it would require websites to adhere to certain best practices that will be implemented by the Attorney General’s Office by selecting a group of law enforcement agents who would impose them.

The EARN IT Act could reduce the protections granted under Section 230 of the Communications Decency Act (“CDA”) which provides a certain level of immunity for online service providers. Now, the immunity is not absolute but it is not very far from it. It protects online service providers (a/k/a “interactive computer service providers”) from user violations. For example, if the user engages in conduct that constitutes invasion of privacy of another person, the website would be shielded from legal liability. So, the victim could not file a lawsuit against the website for the user’s violations. However, the following three exceptions apply: (1) federal criminal activity and obscene material; (2) intellectual property violations; and (3) sex trafficking. In fact, 47 U.S.C. § 230(e)(1) prohibits obscene material and sexual exploitation of children. Moreover, 47 U.S.C. § 223 prohibits the transmission of lewd, lascivious, filthy, or indecent messages to a person under the age of eighteen. The CDA prohibits online service providers from sexual exploitation of minors, sex trafficking, or promotion of prostitution in jurisdictions where it is illegal. In other words, interactive computer service providers cannot facilitate these activities on their platforms. In Reno v. ACLU, the Supreme Court evaluated the CDA and its relevant provisions. It found that the CDA criminalized protected speech – e.g., sexually explicit speech – and unprotected obscenity.

The EARN IT Act has been compared to the Fight Online Sex Trafficking Act (“FOSTA”) and Stop Enabling Sex Trafficking Act (“SESTA”) which were passed to fight against online sex trafficking by making websites criminally liable for user content. These federal statutes caused several websites, including, but not limited to, Craigslist and Backpage to remove pages or be completely shut down. So naturally, critics have argued that they promoted online speech censorship and prevented people who engaged in consensual sex work. Yet, if the proposed bill passes legislation, it could open the floodgates for lawsuits against technology companies.

Online marketing and advertising can be a complicated process since the internet has opened new channels that did not previously exist before the technology age’s expansion. Now, with the advent of sophisticated technologies, business owners, startups, and entrepreneurs have more options when it comes to online marketing and advertising.

They can use email, telephone, or other online marketing and advertising tools to reach their customers. They can also use banners, pop-ups, metatags, mass emails, mass text messages, or linking and co-branding plans. The internet has no boundaries so you should realize that even though your company is located in one state, yet your online marketing and advertising campaign may implicate state, federal, or international laws. This can be true when your company is targeting customers in other states or nations. So, your contacts with that jurisdiction whether by having offices, employees, or customers there can play an important role in determining which court has authority to resolve disputes.

There are several state and federal laws that can be relevant to internet advertising. For example, the Lanham Act, FTC Act, or California Business and Professions Code regulate internet marketing and advertising. The Trademark Act – which is also known as the “Lanham Act” – regulates trademarks, service marks, trade names, and trade dress issues. This federal statute deals with infringements and outlines the remedies. It also creates a private right of action pursuant to 15 U.S.C. Section 1125(a)(1) against the infringing parties. A private right of action (or “implied cause of action”) is the legal right granted to a private party to file a lawsuit.

Electronic discovery is complicated because it’s a multifaceted procedure. The parties must review the computer network that yields the electronically stored information. They must identify the relevant electronically stored information (“ESI”) and understand the network infrastructure. The collection process is the next step wherein the parties must be able to locate, identify, and collect the relevant information. They may be required to hire forensic data professionals who can use special tools for the discovery process. These forensic data professionals should have access to electronic data discovery software. They should be able to procure mirror images of the electronic files which may yield metadata for a proper evaluation. They should also know how to handle metadata and privileged information (e.g., intellectual properties, trade secrets) to avoid complications. However, in most cases the discovery process becomes complicated due to a lack of cooperation between the parties. Therefore, it may be necessary to invoke the right to onsite inspection.

Onsite inspection of the adverse party’s computers is supported by the state and federal rules. For example, Rule 34(a) of the Federal Rules of Civil Procedure grants the right to engage in the onsite inspection of the adverse party’s computers. In California, Code of Civil Procedure Section 2031.010 grants the right to conduct onsite inspections in certain situations. In general, the requesting party should prove the adverse party has destroyed evidence, has altered documents, or has failed in its discovery obligations.

The courts have raised the concept of proportionality in their analyses. They’ve held that the cost and effort of electronic discovery should be justified by the litigation’s nature, amount in controversy, and relevancy of the requested electronic files. The courts have assessed whether the benefits of examination outweigh the privacy interests of the adverse party. If so, then the requesting party is granted the right to electronic discovery. Yet, there is a high probability that they will run into problems such as data alteration, deletion or fabrication.