Internet Lawyer Blog

Electronic Discovery and Data Retention Policies

Published on: May 18, 2020 | by Law Offices of Salar Atrizadeh

The management of electronic records in litigation is important. In general, there should be a data retention policy for all business entities especially if they are part of a highly-regulated industry such as health care, energy, securities, and banking. There are state and federal laws that regulate the management of electronic records. For example, HIPAA, Sarbanes Oxley Act, and GLBA are the relevant and applicable federal statutes. These laws require the responsible officers to maintain records for a certain period and enforce penalties for intentional document alteration or destruction.

The litigants have the right to engage in discovery and demand the production of electronic records such as emails, letters, pictures, reports, and spreadsheets. The recipient of the discovery documents usually has a limited time to respond but if it fails to produce the requested electronic records, the court may issue sanctions. The courts have the authority to penalize the parties for overwriting emails in bad faith even though they were supposed to retain them for a certain time. So, in other words, the courts may issue monetary sanctions for not following the rules.

What is a data retention policy?

Is Internet Gambling Legal?

Published on: May 4, 2020 | by Law Offices of Salar Atrizadeh

This article has been prepared to discuss the legality of online gambling and the relevant rules and regulations. These laws affect individuals, businesses, startups, and entrepreneurs as they’ve recently expressed their interests in this topic. Therefore, we will discuss the relevant state and federal laws.

It’s important to note that in Murphy v. NCAA, the Supreme Court struck down the Professional and Amateur Sports Protection Act (“PASPA”) and granted the states the right to regulate sports gambling within their own jurisdictions. In general, placing an online wager is legal but it should not be placed on a website that is located in the United States. In other words, the gambling website and its owner must not reside or do business within the United States and its territories. So, for this reason, individuals may run into contradictory state laws which will be referenced here.

What are the state laws?

What Is Cryptojacking?

Published on: April 29, 2020 | by Law Offices of Salar Atrizadeh

Cryptojacking (or “malicious cryptomining”) happens when the culprits hijack a third party’s network bandwidth without authorization to use for their cryptocurrency mining efforts. The malicious software conceals itself on the electronic communication device and utilizes its resources. Obviously, the culprits engage in such clandestine activities to gain profit or else they would spend their time and energy on other matters.

Cryptocurrencies are digital funds stored on electronic wallets (also known as “virtual wallets”) that are encrypted and exist on electronic communication devices. They are considered a new kind of digital assets. Coins are cryptocurrency units which are entered into a database for recording the transactions. The digital transaction takes place online between the virtual wallet owners and recorded on a public ledger. Then, special computers transform the digital transaction into a complicated mathematical puzzle, and thereafter miners independently solve and confirm the digital transaction. The reward for solving the mathematical puzzle is to receive a new cryptocoin. So, as time has progressed, the mining efforts have increased and caused a significant amount of money to be spent on the process. There are miners who have created “computer farms” and dedicated a vast amount of specialized hardware and software programs.

Unfortunately, in most cases, when you fall victim to cryptojacking it will go unnoticed. You may realize your electronic communication devices are slowing down or using too much bandwidth even though it’s not necessary. There are reports indicating the culprits have been detected on mobile devices, cloud servers, and critical datacenters. Now, some companies have been able to defend against cryptojacking by upgrading browsers and malware scanners. However, as always, the culprits will try to circumvent these defense mechanisms. For example, there is a report from an international cybersecurity firm confirming a cryptojacking campaign against a specific brand of routers. This attack exploited a flaw in the network routers and infected them. So, in short, the culprits used the flaw to promote their cryptojacking scheme.

Class Action Lawsuits: Privacy Violations

Published on: April 22, 2020 | by Law Offices of Salar Atrizadeh

There has been an increase in privacy violations that have led to class action lawsuits. For example, Facebook was forced to pay $550 million to settle a class action lawsuit for privacy violations. In that case, it was ordered to pay the plaintiffs due to an alleged systematic violation of an Illinois consumer privacy law. The settlement agreement included a provision that required Facebook to procure express consent for face analysis and auto-tagging its users. There have been other lawsuits filed against technology companies, such as, Shutterfly, Snapchat, and Google for similar violations.

The California Consumer Privacy Act (“CCPA”) gives consumers the right to request information from a business about its data collection and retention practices. The consumers have the right to know if the business is using their data to make inferences from their behavior, attitude, psychology, intelligence, or abilities. This statute grants consumers the right to request a data deletion. It gives the consumers an “opt-out option” from selling their data to third parties. However, the statute is not retroactive which means that it does not apply to violations that took place before implementing the law.

A putative class action lawsuit was filed against Hanna Andersson, LLC and Salesforce.com for their alleged failure to maintain reasonable safeguards that led to a data breach. The complaint alleges that a group of hackers infiltrated the defendants’ websites with malware allowing them to extract personal information. Under Civil Code § 1798.150, a consumer is permitted to file a lawsuit if he or she can prove the business failed to implement reasonable safeguards to protect personal information. Then, if the plaintiff overcomes the applicable burden of proof, then he or she may be entitled to a minimum of $100 or maximum of $750 per consumer per incident, or actual damages, whichever is greater, as well as injunctive relief. However, there is a provision which requires giving the business an opportunity to cure the violation. In other words, the consumer must initially inform the business of the violation and grant at least 30 days to cure the violation. The business must provide a written statement that confirms the violation has been cured and no other violation will take place. Yet, the statute does not yield a safe harbor clause for the business against consumers who are seeking actual damages.

Intellectual Property Violations

Published on: April 15, 2020 | by Law Offices of Salar Atrizadeh

There are various ways to protect your intellectual property rights. First, you can register a copyright. Second, you may register a trademark or service mark. Third, you may register a patent. Copyrights are meant to protect literature, music, motion pictures, artistic works, photographs, essays, articles, computer programs, graphic design, and sound recordings. A trademark is a word, phrase, symbol, or design, or a combination of any of them that identifies and distinguishes the source of the goods of one party from those of others. A service mark is the same as a trademark but it identifies and distinguishes the source of a service. A patent grants a property right to the inventor. It grants the right to exclude others from making, using, offering for sale, or selling the invention or importing the invention into the United States. In general, patents are valid for 20 years from the application date.

So, in summary, trademarks, service marks, copyrights, and patents protect different types of intellectual property. Trademarks protect brand names and logos used on goods and services. A copyright protects an original artistic or literary work. A patent protects inventions. For example, if you invent a television, you should file a patent application. You would apply to register a trademark to protect the television’s brand name. You can also register a copyright for the product’s advertisement.

There have been multiple intellectual property disputes especially between e-commerce websites. For example, there was a legal battle between Amazon and Barnes & Noble regarding the “single click” or “one-click” buying mechanism. This legal action was confidentially settled between the parties. Google has been sued by multiple companies for selling their trademarks as keywords. In fact, American Airlines and Geico have instigated legal actions against it. Also, the infamous “Da Vinci Code” lawsuit was brought by several authors against the Random House Group claiming copyright infringement. The case was about an alleged copyright violation by Dan Brown who wrote the bestselling “Da Vinci Code” book. However, the court dismissed the case and stated that there was no copyright infringement by textual or non-textual copying of a substantial part of the subject book.

Electronic Discovery Rules and Regulations

Published on: April 8, 2020 | by Law Offices of Salar Atrizadeh

Electronic discovery (“eDiscovery”) rules and regulations must be understood when dealing with digital or electronic evidence. It is the concept of locating, identifying, collecting, and producing electronically stored information (“ESI”) as part of a response to production of documents in a pending legal action. Electronically stored information may include electronic messages, files, presentations, databases, voicemails, audio/video files, or websites.

Federal Rule of Civil Procedure 34 defines “electronically stored information” as writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations that are stored in any medium from which information can be obtained directly or after translation by the responding party into a reasonably usable form.

Federal Rules of Evidence 902(13) and 902(14) provide for the self-authentication of electronic evidence. So now, electronic evidence may be authenticated by certification instead of testimony. FRE 902(13) applies to electronic evidence like computer files, social media posts, and smart device information. FRE 902(14) applies to data copied from an electronic device, storage medium, or file.

Coronavirus Online Scams

Published on: April 1, 2020 | by Law Offices of Salar Atrizadeh

The coronavirus pandemic has affected us on a national and global level. This pandemic has caused a financial and health crisis for most of us. Now, the bad actors are taking advantage of this tragic situation by engaging in online scams. For example, our law firm’s investigation has determined that they are sending emails and other types of messages to unwary individuals as a way to extract sensitive or confidential information.

The Federal Trade Commission has outlined the following steps to avoid coronavirus scams:

Do not pick up any kind of robocalls and do not press any numbers. Scammers are using illegal robocalls to pitch everything from scam Coronavirus treatments to work-at-home schemes.

Identity Theft Laws

Published on: March 23, 2020 | by Law Offices of Salar Atrizadeh

Identity theft has been described as the use of one person’s identity by another to commit fraud. See Remsburg v. Docusearch, Inc. (2003) 149 N.H. 148, 155, 816 A.2d 1001, 1007. This case was about an individual seeking personal information (e.g., date-of-birth, social security number, work address) about someone else from an internet-based investigation and information service company. Unfortunately, the culprit, who obtained the personal information, located and fatally shot the victim as she left work. Thereafter, the victim’s mother sued the defendants for negligence, invasion of privacy, and violation of the state consumer protection act. In response, the federal court issued an order of certification and outlined the following factual questions to be determined by the state Supreme Court:

(1) Under the common law of New Hampshire and in light of the undisputed facts presented by this case, does a private investigator or information broker who sells information to a client pertaining to a third party have a cognizable legal duty to that third party with respect to the sale of the information?

(2) If a private investigator or information broker obtains a person’s social security number from a credit reporting agency as a part of a credit header without the person’s knowledge or permission and sells the social security number to a client, does the individual whose social security number was sold have a cause of action for intrusion upon her seclusion against the private investigator or information broker for damages caused by the sale of the information?

Real Estate Transactions and Electronic Signatures

Published on: March 9, 2020 | by Law Offices of Salar Atrizadeh

In the past, real estate transactions were consummated by signing the dotted line with ink after printing the documents. Now, most, if not all, real estate transactions are being finalized by using electronic signatures. Technology is directly affecting real estate transactions since software programs allow the parties to electronically review and sign the papers. So, in this article, we will be discussing how technology affects real estate transactions and the relevant rules and regulations.

On June 30, 2000, the Electronic Signatures In Global and National Commerce Act (“E-SIGN Act”) was passed to ensure the validity for electronic records and signatures in commercial transactions. It was formally enacted under 15 U.S.C. §§ 7001, et seq. It actually grandfathered pre-existing contracts that were consummated between users and commercial entities in delivering electronic information. Yet, any contracts that were executed on or after October 1, 2000 are subject to the statute’s provisions.

The E-SIGN Act has several requirements. For example, a commercial institution should provide notice to the consumer and obtain prior consent. It should provide notice to the consumer regarding hardware and software requirements. It should be able to associate the electronic signature with the records. It should ensure proper retention and accurate reproduction of those records for a period that is legally required.

The Information Age and Cyberthreats

Published on: March 2, 2020 | by Law Offices of Salar Atrizadeh

The Information Age has brought many advantages for us all across the globe. Now, we can instantaneously communicate with each other by email or text messages. We can connect by using videoconferencing software and see each other in real time. We can send and receive files in a very efficient manner.

Our clients want to know if a cyberthreat can be prevented before it happens. The usual answer is that a complete prevention is not possible for several reasons. First, the technology that is being used may be susceptible for using legacy or open source technologies. In most cases, the network architecture is outdated and the electronic devices may not be able to properly communicate with each other. In other words, they are as smart as the least smart device within the framework. Second, most individuals do not update their software programs on a constant basis and do not participate in training programs. Third, the executive team of an organization must ensure that their technology experts understand and efficiently use the latest tools and techniques. Fourth, it has been proven that not one organization can have sufficient threat intelligence to fend off all kinds of cyberthreats by itself. As such, it is important to strive for real-time sharing of threat intelligence.

What Is a Cyberthreat and How Does It Happen?