Articles Posted in Technology

The term “big data” is generally used for the collection and analysis of a large amount of electronic data by using special and complex algorithms. The process is to analyze the correlation between large data sets which would not make sense independently. Now, another reason for its expansion is because the cost of storing data has decreased so it has become an easier process.

The problem with big data is that there isn’t a uniform set of rules or regulations that would govern the collection of electronic information. Obviously, the owners of the data sets are usually the consumers who somehow relinquish access to their information. So, privacy and security are major concerns. It’s important to realize that even if metadata (i.e., data about the data) is removed from the information, it can also reveal the user’s identity by looking at the relationship between the pieces of information. Also, it’s important to obtain consent from the users when collecting that information.

The potential privacy concerns have been addressed by using a mechanism called “differential privacy” which is when the data collector makes a promise to the data owner that he or she won’t be affected by giving access to the particular information. It is a type of mathematical guarantee of privacy to the interested party – e.g., the consumer. This type of mechanism has been used by large technology companies and government agencies. Nonetheless, with every new technology or mechanism that has been used by the private or public sector, there have been instances of state or federal litigation. For example, the State of Alabama filed a lawsuit in district court against the United States Census Bureau regarding this new mechanism’s viability. In fact, several years ago, the Obama Administration addressed this issue to minimize the privacy risks. Yet, there are many unanswered questions that should be addressed by lawmakers. For example, what are the potential harms and risks? Is there any kind of uniform law? And if not, should there be state and federal laws focusing on big data? What level of transparency should be required? What type of technological parameters should be implemented? Should we follow other countries’ rules and regulations? In response, the federal government granted an opportunity to the public to disclose their concerns. The government released a Department of Justice 2014 Report as a result of another lawsuit wherein the president was warned about the dangers of law enforcement agency’s predictive analytics. This report was in relation to the general public’s historical data and how a defendant’s actions may impact criminal history.

It’s important to implement practical corporate cybersecurity measures especially in today’s volatile climate. The number of reported cyber threats are increasing as we progress and it will most likely continue on the same trajectory. All businesses and commercial enterprises are a target especially if they have access or control over valuable information such as trade secrets and intellectual properties.

The common tools or methods of infiltrating the corporation’s cybersecurity infrastructure is by using some form of malicious software (i.e., malware) that’s designed to penetrate the network and cause havoc. Malware includes viruses and ransomware. The hackers can also use other methods to infiltrate the system such as “phishing” which is usually done by sending an email to encourage the recipient to click on the link. Now, once the recipient clicks on the link or opens the attachment, the malicious software is released into the network.

It’s important to have a dedicated team of information technology experts who can evaluate the network and improve the cybersecurity measures. They can use all sorts of tools and techniques (e.g., penetration testing) to evaluate the strengths and weaknesses of the network infrastructure. It is crucial to have a “cybersecurity planning tool” to assist the company with building a robust cybersecurity strategy. There are various governmental tools and resources that the company can use to achieve this goal.

Non-fungible tokens (“NFTs”) are unique digital items that have been a focus of the United States Securities and Exchange Commission (“SEC”) which is the federal government agency that enforces security regulations to protect investors. NFTs are made out of computer code and recorded on a blockchain ledger that can prove authenticity and ownership of the unique item. As such, they are not interchangeable and can be used to verify ownership of the unique item (e.g., real estate, antique car, painting).

There is argument to be made that they should be considered as commodities pursuant to the Commodity Exchange Act (“CEA”) which yields a catch-all provision for all other goods and articles. The SEC has recently focused on celebrity advertisings on the internet in an effort to encourage the purchase of stocks and other investments. It’s important to note that the advertiser must disclose the nature, source, and compensation received by the advertisement.

The most prominent case that’s applicable in the determination of whether an NFT is a security or an asset is SEC v. W.J. Howey Co., 328 U.S. 293 (1946) which set out the following test: (1) there is an investment of money or some other consideration; (2) in a common enterprise; (3) with a reasonable expectation of profits; and (4) to be derived from someone else’s efforts.

A non-fungible token (“NFT”) is a non-exchangeable unit of data that is stored on a blockchain and is transferrable to another party. In short, blockchain is a type of a digital ledger. NFTs can be related to photos, videos, or audio files. NFTs are not the same as cryptocurrencies because they are uniquely identifiable. In addition, the legal rights granted by NFTs are speculative as they cannot restrict the sharing and copying of digital files and do not convey their copyrights.

The question of whether NFTs are securities or assets revolves on several issues. One issue is whether the item has been “fractionalized” to permit the sharing of its ownership with other parties. It’s important to realize that fractionalization does not make the asset into a security since it depends on its purpose. For example, if an individual decides to fractionalize a personal property to allow shared ownership, the personal property does not automatically convert to a security. As such, the NFT may not constitute a “security” just because it has increased in value. But, if the fractionalization’s purpose is to assign shares to trade in a secondary market, and to provide liquidity, then it would fall under securities laws. Therefore, the test is whether a purchaser has a reasonable expectation of profits that is derived from someone else’s efforts. See Securities and Exchange Commission v. W. J. Howey Co., 328 U.S. 293 (1946) wherein the United States Supreme Court confirmed that an “investment contract” means a contract, transaction, or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party, it being immaterial whether the shares in the enterprise are evidenced by formal certificates or by nominal interests in the physical assets employed in the enterprise.

The Securities Act of 1933 (which is codified under 15 U.S.C. §§ 77a, et seq.) defines “security” as any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security” or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.

Social media law comprises of several different components including free speech, privacy, online advertisement, and intellectual property rights. These issues come up regularly during the course of online transactions between parties. The courts have been inundated with social media litigation and have issued their rulings when faced with complicated problems.

The cases that arise on social media platforms involve state and federal laws such as the Digital Millennium Copyright Act and Communications Decency Act. In essence, these federal statutes were promulgated to protect copyrights and free speech rights.

According to the United States Copyright Office, the Digital Millennium Copyright Act (“DMCA”), which amended federal copyright laws, was passed to address important parts of the relationship between copyright and the internet. The three main updates were: (1) establishing protections for online service providers in certain situations if their users engage in copyright infringement, including by creating the notice-and-takedown system, which allows copyright owners to inform online service providers about infringing material so it can be taken down; (2) encouraging copyright owners to give greater access to their works in digital formats by providing them with legal protections against unauthorized access to their works (for example, hacking passwords or circumventing encryption); and (3) making it unlawful to provide false copyright management information (e.g., names of authors and copyright owners, titles of works) or to remove or alter that type of information in certain circumstances.

Social media litigation can be caused or initiated for various reasons related to privacy violations, online defamation, internet harassment, contractual disputes, and intellectual property violations.

Privacy violations take place when a company does not adhere to its terms of use or privacy policy. The terms of use and privacy policy on a website constitutes a legally-enforceable contract. The terms and conditions should be carefully read by visitors because the continued use of the website may constitute implied consent even if the website doesn’t require clicking on a “I Agree” box. Stated otherwise, if you visit a website, you can be bound by its terms and conditions.

Online defamation takes place when a false factual statement, that is not privileged, is published and damages the victim’s reputation in the community. The statement must be a fact and not an opinion. There are several defenses to defamation such as truth and absolute or qualified privilege. Truth is an absolute defense to defamation. According to Civil Code Section 47(a), a privileged publication or broadcast is one made: (1) in the proper discharge of an official duty; (2) in any legislative proceeding; (3) in any judicial proceeding; (4) in any other official proceeding authorized by law; or (5) in the initiation or course of any other proceeding authorized by law and reviewable by mandamus. The concept of “qualified privilege” applies to employers under the following conditions: Employers can make statements about their employees as long as the statement is not malicious and was made to third parties with a common interest in the subject matter. Malice can be proven by showing ill-will, hatred, or lack of reasonable grounds when the statement was made to a third party.

Social media litigation has become increasingly prevalent for obvious reasons. This is simply because multiple issues come up on social media websites and platforms. The objective of this article is to discuss them.

Business entrepreneurs, owners, and operators, who have an online presence on various social media websites, such as Facebook, Twitter, or Instagram must know the rules and regulations.

The first step any business owner should take to launch the operations is to ensure there are properly drafted contracts with all parties. The contracts should yield the proper provisions to help protect the parties in a fair and reasonable manner.

International service of process involves the formal service of legal documents on foreign litigants. In general, legal documents should be served on the interested parties once the lawsuit is filed with the clerk. The documents usually include a summons and complaint. In most cases, the plaintiff personally serves the defendant with the legal documents. In some cases, the plaintiff can serve the legal documents by substituted service.

Now, for international service of process, the parties should refer to international treaties which outline the delivery parameters of legal documents to foreign litigants. The United States is a signatory to the Hague Service Convention and Inter-American Convention on Letters Rogatory.

The Hague Service Convention allows service of process on parties who reside in countries which are also signatories to this international treaty. In 1969, it became formally effective in the United States. The United States government undertook a reciprocal treaty obligation toward those countries by joining the convention which have also adopted it, to serve in the United States documents issued by foreign judicial authorities. It applies only to foreign documents which are related to civil cases and does not apply to documents related to criminal proceedings. The President has designated the Department of Justice as a “central authority” for these proceedings. The Assistant Attorney General, under 28 C.F.R. 0.49, who is in charge of the Civil Division is able to direct and supervise the functions of the central authority. Moreover, under 28 U.S.C. 1781, the Department of State is authorized to receive requests for service of foreign judicial documents from foreign courts and to transfer them to the proper agency.

Electronic data has been growing in size and proportion for several decades. The sheer amount of electronic files (e.g., emails, pictures, videos) has consumed local and remote databases. The cloud storage facilities have been put together to hold this information for us. Cloud storage facilities have certain obligations towards their customers which include secure storage of electronic files by using industry-approved protocols. The rules for proper storage should not change based on the particular industry. In fact, the cloud storage facilities are supposed to use similar protection measures for all electronic files – e.g., encryption – to ensure safety.

Encryption is a tool or resource that allows the files to be scrambled and hidden from plain sight. The encrypted data is called “ciphertext” which can only be decrypted with the right key. There are two types of encryption. First, is symmetric encryption. Second, is asymmetric encryption. Symmetric encryption uses one key for encryption and decryption. Asymmetric encryption uses two different keys for encryption and decryption – i.e., the private and public key. The public key can be shared with the general public but the private key remains a secret and is only accessible by the right individual. There are various encryption technologies such as AES, Triple DES, RSA, and Blowfish.

Electronic data retention includes collecting, storing, and managing information. Private and public organizations should have the right rules and regulations that help define how electronic information should be located, identified, and stored. There are government regulations, international standards, industry regulations and internal policies. Government regulations are set by state or federal governmental agencies such as the Federal Trade Commission and Internal Revenue Service. International standards are set by the International Organization for Standardization like ISO/IEC 27040, IS 9001, ISO 17068:2017. Industry regulations include the GDPR, PCI-DSS, and CCPA. Finally, internal policies include data version controls and employee record retention.

Data disposal is a key process in a legal entity’s policies and procedures for managing personal and confidential information. In general, private and public entities store data on their servers. This information may include financial and health information which should not fall into the wrong hands. So, there must be a proper procedure for destroying and disposing that information by using industry approved methods.

The Federal Trade Commission has implemented a data disposal rule in relation to consumer reports and records to prevent unauthorized access to or use of that information. In California, several statutes have been promulgated to address this issue. For example, California Civil Code Sections 1798.81, 1798.81.5, and 1798.84 are applicable. In fact, Civil Code 1798.81 states as follows: “A business shall take all reasonable steps to dispose, or arrange for the disposal, of customer records within its custody or control containing personal information when the records are no longer to be retained by the business by (a) shredding, (b) erasing, or (c) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.” Therefore, there are standards to follow and implement to avoid unnecessary complications. The state legislature has encouraged the implementation of “reasonable security” for personal information under Civil Code 1798.81.5. Also, Civil Code 1798.84 outlines the legal remedies which include initiating a civil action.

The proper retention of emails is paramount especially if the electronic messages include private, confidential or proprietary information. For example, “email archiving” is one method to retain electronic messages especially if there is the possibility of litigation. The emails should be backed up in a searchable format for practical reasons. Electronic discovery allows the parties to request and obtain electronic documents during litigation. In most cases, the electronic discovery process is time consuming and complicated especially because there is a large volume of data involved in the lawsuit. Also, more importantly, the failure to comply with electronic discovery requests may result in sanctions.