Articles Posted in Technology

Published on: | by

Early in 2012, the European Commission proposed a reformation of the European Union’s data protection rules.  The European Commission sought to strengthen online privacy rights and improve Europe’s digital economy. The European Commission pointed to expansive globalization and different levels of implementation by the EU’s 27 member states as reasons to seek uniform online privacy rights. Indeed, each member state has different standards of enforcement for the rules. This leads to expensive administrative costs in maintaining and continuing to implement the different standards. The European Commission predicated that a uniform law across the European Union would lead to savings of approximately 2.3 billion Euros a year. In addition, with a clearer set of regulations to govern data protection, the European Commission hoped to instill more confidence in consumers in online services, leading to a growth in jobs and innovations.

What Were the Terms of the 1995 Data Protection Directive?

The 1995 Data Protection Directive was adopted to regulate the processing of personal data among European Union member states. This Directive has a broad definition for “personal data,” including “any information relating to an identified or identifiable natural person.” Also, the standards within the Directive apply only if the entity controlling personal data is established within the European Union or uses equipment located therein. The standards prohibit the processing of personal data without transparency of purpose, a legitimate purpose, and proportionality. In terms of the requirement for proportionality, a controller can process personal data only to an extent necessary to its purpose—it cannot store that data for a potential future purpose.  However, the 1995 Directive fails to take into account the implications of social networks and cloud computing on online privacy.

Continue Reading ›

Published on: | by

Employees, in the course of their employment, will often have broad access to company files.  If employees are terminated or seek other employment, such access can become problematic.  Indeed, companies store sensitive and commercially valuable information on their servers. Employee misuse of these files can substantially weaken a company’s economic viability and threaten its progress.  In a recent court decision, the United States District Court for the Northern District of California held that a former employee who accessed an employer’s servers using his login information was not liable for unlawful hacking. The court explained that the employee had not violated the Computer Fraud and Abuse Act (“CFAA”) or the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”).

What is the holding in Enki Corporation v. Freedman?

According to the record, Enki Corporation had entered into a contract with Zuora to provide certain consulting and information technology services. As part of these services, Enki installed a computer resource and performance monitor on Zuora’s network. Additionally, Enki contracted with Keith Freedman, a former employee, to provide consulting services for Zuora. Enki subsequently terminated its contract with Freedman when it discovered that Freedman was speaking negatively about Enki’s services. Freedman had also accessed the monitor Enki installed on Zuora’s network using his employee login to download Enki’s proprietary information (e.g., private company files and data) from the servers. The court held that this did not violate the CFAA because Enki had failed to show that Freedman accessed the computer system without authorization. Since the CFAA is aimed at regulated access to protected data, not the misuse of such data, where employers lawfully access servers, there is no CFAA violation. As for the CDAFA claims, the court also did not find a violation because Freedman did not have to “hack” into the system because he did not have to override a computer code. He simply logged in using his employee login information.

Continue Reading ›

Published on: | by

With the advent of virtual currency, consumers can now conduct entire transactions online without the burden of having to seek a common currency. Bitcoin has spread across the world as a popular form of this currency. In turn, transactions can now take place without switching from one form of currency to another (e.g., conversion from U.S. Dollar to Euro). On March 25, 2014, the Internal Revenue Service (“IRS”) issued guidelines regarding its approach to virtual currency, such as Bitcoin. Under these guidelines, the IRS will treat virtual currency as property, not currency, for federal tax purposes. Accordingly, the tax principles that typically apply to property will now apply to transactions involving virtual currency.

What Is Bitcoin?

Bitcoin is a form of virtual currency.  An unknown individual using the alias Satoshi Nakamoto created Bitcoin in 2009. This virtual currency allows for online transactions without bank issued transactions fees. People store their Bitcoins in a “digital wallet” on a personal computer or on the cloud. This serves as an online bank account, which can send and receive Bitcoins. Then, people use this currency to conduct transactions. However, unlike funds stored in a traditional bank account, the Federal Deposit Insurance Corporation (“FDIC”) does not insure Bitcoin wallets. Furthermore, transactions can now take place entirely anonymously. Online consumers do not have to provide bank accounts or other financial information. Therefore, it becomes nearly impossible to trace transactions using virtual currency. Bitcoin is becoming increasingly popular and more merchants accept this currency for all types of transactions. International transactions can also take place without fees from foreign countries or conversion fees. Consumers can also “mine” Bitcoin, which involves competitions to solve complex computer-based math problems to win additional Bitcoins. Bitcoin is also a valuable investment, with people purchasing Bitcoin to profit from increases in its value.

Continue Reading ›

Published on: | by

In recent years, there has been an increase in cyber-attacks directed towards usernames and passwords for online banking accounts.  Through these attacks, outside parties have been able to misuse banking information for fraudulent wire transfers.  Hackers have starting using foreign accounts because it is more difficult to recover funds when dealing with some foreign banks.  Online banking fraud has led to over $40 million in stolen funds from small and mid-size companies.  Recently, the nature of these attacks have become more complex as regulatory agencies, e.g., FDIC, and enforcing agencies, e.g., FBI, scramble to keep up with changing technologies.

How Have Online Cyber-Attacks Changed In Recent Years?

In recent years, online banking fraud has become dramatically more sophisticated.  Now, hackers have the capacity to infect not only small, local sites, but also high-volume webpages all across web.  These hackers infect popular websites with Trojan viruses, which latch onto users’ computers when they visit the website.  The virus then directs to online banking information, such as account numbers and login information, allowing the hackers to access these accounts and conduct fraudulent transactions.  The virus may even have the capacity to record and hold this information itself.  To carry through the cyber-attack, criminals only need to setup funds transfers without the respective bank noticing.  Banks learned to watch for transfer activity from unknown computers, so now hackers steal victims’ IP addresses to avoid detection.  With this information, the transfer looks like a typical transaction from the user’s computer.  The hackers may obtain the ability to take control of a computer and use it to conduct fraudulent transfers.

Continue Reading ›

Published on: | by

The expansion of social media networks has helped connect people and ideas all over the world. However, it has also raised substantial privacy concerns as more people store personal information on the web. Congress has enacted legislation in an effort to circumvent the dangers associated with online networks–for example, the Electronic Communications Privacy Act, the Child Online Privacy Protection Act, and the Stored Communications Act. States have also passed their own legislation to help protect cyber activity within their jurisdiction. For example, California passed “Do Not Track” legislation in November 2013 requiring websites to disclose their tracking practices. These laws, along with several others, work to protect individuals, entities, and their related private information as they continue to operate and conduct business over the Internet. Recently, a federal court applied the Stored Communications Act and found that it is applicable to a user’s wall posts.

What Are The Provisions of the Stored Communications Act?

In 1986, Congress passed the Stored Communications Act (“SCA”) which is codified under 18 U.S.C. §§ 2701 et seq.  The SCA aims to protect privacy interests implicated throughout electronic communications. Various court holdings have interpreted the SCA to apply to non-public electronic communications that take place over electronic communication services in an electronic storage medium. Violations of the SCA may carry potential criminal penalties, including serving time in prison. The penalties and liabilities will generally depend on the circumstances of the violation. The SCA does allow Internet service providers to share “non-content” with another person or entity. This includes log data and recipients’ email addresses. Still, this is a limited exception to the general rules and the SCA is still prohibited with sharing any information with a government entity. The government may compel Internet service providers to provide stored information. For electronically held communications, the government is required to have a probable cause and obtain a search warrant. For communications stored remotely, the government only needs a subpoena or a court order. Hence, remotely stored data enjoys a lower level of protection since it is easier to submit a subpoena rather than to obtain a search warrant.

Continue Reading ›

Published on: | by

In recent years, electronic spam has become a public nuisance. In response, several states, including, but not limited to, California, have enacted statutes to prevent electronic spam. As with most legislation that deals with the constantly-changing nature of the web, these statutes struggle to define the extent of their application while staying current with trends. Therefore, courts are charged with the responsibility of interpreting the intent of these laws.

What Are The Provisions of California’s Anti-Spam Statute?

In fact, California’s Business and Professions Code section 17529.5 prohibits any person or entity from sending commercial email advertisements, or spam, in three defined circumstances. First, spam is prohibited if an email advertisement uses a third-party domain without the third-party’s permission. Second, the statute prohibits email advertisements that use misrepresented information in the header. Finally, it is unlawful to use a subject line that is reasonably likely to mislead a recipient about the content or subject of the message. This section applies if the email is sent from California or if it is sent to a California email address. Accordingly, the reach of California’s legislation into other jurisdictions is also an issue for courts to interpret. Furthermore, a party bringing suit may recover both actual damages and liquidated damages. Liquidated damages are limited to $1,000 for each unlawful email and may go up to $1,000,000.

Continue Reading ›

Published on: | by

In general, both copyright and patent laws provide different levels of protection for computer software. Additionally, depending on the aspects of software that an owner wants to protect, these two areas of law will apply differently. Furthermore, securing a patent is a more rigorous process. However, a patent does provide a greater degree of protection. On the other hand, obtaining a copyright is less difficult, but it also provides a thinner veil of protection.

What Protection Does Copyright Law Provide For Computer Software?

The Copyright Act of 1976 is codified under 17 U.S.C. sections 101 et seq. Traditionally, copyright has been the common form of protection for computer software. However, copyrights only protect the expression of a work, and not its underlying idea. Copyrights have been instrumental in preventing software piracy and infringement of related works. The protection applies to software because the underlying computer code is similar to the types of writings the law protects. So, copyright holders can protect their software much like other literary works (e.g., books, scripts). Copyright protection essentially provides broad protections for software. It grants the typical copyright authority depending on the nature of the software. The courts have grouped software with other literary works and provided copyright protection accordingly. There also exist inconsistencies in court decisions applying the Copyright Act to software. This difficulty arises because the legal community often lacks the technical expertise necessary to properly classify software. For instance, where a judge cannot understand the program’s code, he or she cannot determine whether another infringing program’s code is substantially similar. It is necessary to establish substantial similarity to find copyright infringement. Therefore, the lack in technical background has led to unclear definitions as to what constitutes software copyright infringement.

Continue Reading ›

Published on: | by

On September 23, 2013, Governor Jerry Brown signed Senate Bill 568 (“SB 568”) into law, which requires social media sites to permit children to permanently erase online posts. These websites, including, but not limited to, Facebook, Twitter, and Tumblr, will have to provide options for users under the age of 18 to delete texts, photos, and videos. However, this option will not extend to content that a third party uploads regarding the minor. Hence, as California works to implement this new law, public debate circles around its effects and whether it will actually be helpful in protecting children online.

What Are The Provisions Of California’s New Digital Erase Law?

The law addresses websites that are directed to minors and have actual knowledge that a user is a minor. The websites include ones created specifically for the purpose of targeting minors rather than adults. These websites must provide a method for underage users to remove public posts about them. Alternatively, these users may ask the website to remove the content. However, if a minor received any compensation (i.e., marketing benefits, rewards) for a post, then the post is not subject to this law. In theory, websites may provide minimal compensation to minors to circumvent this law and avoid having to take down any posts. Furthermore, the law is ambiguous in some areas. For example, it is unclear whether minors are required to erase the content while they are still minors or whether they retain the right to erase any content they posted as minors. These details will need to be clarified to ensure proper enforcement.

Continue Reading ›

Published on: | by

In a recent case, Petronas v. Godaddy.com, the Ninth Circuit held that “contributory cybersquatting” was not a valid theory for relief. This case addressed the issue of whether the Anti-Cybersquatting Consumer Protection Act (“ACPA”) allows for secondary liability.

What Are the Facts?

Plaintiff, Petroliam Nasional Berhad (aka “Petronas”) is a Malaysian government-owned entity. Petronas holds the American trademark “PETRONAS.” The entity also owns the Petronas Towers in Malaysia. Defendant, Godaddy.com, is the world’s largest domain name registrar. The case revolves around a third party who registered the domain names petronastower.net and petronastowers.net in 2003. In 2007, the party began using Godaddy’s domain forwarding services to direct the domain names to an adult website. Petronas sued Godaddy for cybersquatting and contributory cybersquatting. In general, cybersquatting is the act of holding a trademark hostage in the form of a domain name and forcing the trademark owner to negotiate an unreasonable price for the domain. Although Godaddy did investigate the alleged cybersquatting, ultimately, they did not take any action.

Continue Reading ›

Published on: | by

In 2013, Edward Snowden, a former CIA employee, and National Security Agency (“NSA”) contractor, leaked top secret documents to the public. These documents detailed the NSA’s controversial electronic surveillance practices and procedures, sparking a debate about wiretapping and privacy laws. Snowden revealed that the government employed questionable electronic surveillance programs. The controversy circles around the potential privacy violations surrounding government agency practices to monitor communications. Since then, the Obama Administration has been under pressure to address individual privacy concerns. Last month, President Obama addressed the nation and introduced proposed changes to current electronic surveillance practices.

What Are the Current Wiretapping Laws, Before President Obama’s Proposed Amendments?

Wiretapping has been possible since the invention of the telephone. The procedure gets its name from earlier methods, which required officials to physically place electrical taps on telephone lines. Wiretapping is a constitutional and legal practice. In most cases, officials must secure a warrant from a judge beforehand. However, federal intelligence agencies can apply to the Foreign Intelligence Surveillance Court (“FISA”), under secret proceedings, for court approval. In some circumstances, these agencies can proceed with approval from the United States Attorney General, without court approval. In the event that the agency does need to secure a warrant before wiretapping, courts typically apply a very strict standard of review before granting approval. For instance, the judge will look to ensure there are no other less intrusive methods to gather information. In general, the courts look at wiretapping as a last resort. Alternatively, if a party who is participating in a call, records the call and produces it to a government agency, the agency does not need prior court approval. The agency is then at liberty to use the contents of the recorded phone call for its purposes.

Continue Reading ›