Constitutional Law

President Obama Signs an Executive Order to Protect Cybersecurity

Published on: March 4, 2013 | by Law Offices of Salar Atrizadeh

In light of recent news that America’s cyber-network is vulnerable to outside attack, President Obama signed an Executive Order to improve cyber-security for the nation’s “critical infrastructure.” According to the Order, “critical infrastructure” applies to the vital physical and virtual systems in the United States that are essential to the country’s economic security, public health, and safety. This definition is in line with the definition of “critical infrastructure” in the Cybersecurity Act of 2012, which the federal government failed to pass.

The Executive Order is meant to promote greater information sharing among members of the same network. This will ensure that all network providers are adequately aware of potential threats to the system in time to plan and implement an effective response. Accordingly, American companies now bear the responsibility of evaluating whether “critical infrastructure” applies to their operations. Alternatively, the Executive Order may also apply to companies that provide goods or services to other companies that the Executive Order implicates. In this case, the Executive Order would also apply to the companies that provide the goods or services. These companies would then bear the same responsibility to abide by the Executive Order and participate in the information-sharing network.

The Executive Order also requires various federal agencies to participate in this network. The Office of the Attorney General, the Department of Homeland Security, and the Office of National Intelligence, among others, are responsible for participating to create an information-sharing network. Such a network will make it easier to detect and ward off cyber-threats. Additionally, the information-sharing network will allow the participating agencies to quickly notify the President of any legislation that is necessary to further protect the nation’s cyber-network. Furthermore, a working and productive network will incentivize other agencies and companies to join the network. Increased participants will improve the breadth of the network, work to expand the reach of the network, and add to the information that is available within the network.

Cloud Computing and Privacy Laws

Published on: January 28, 2013 | by Law Offices of Salar Atrizadeh

The proliferation of cloud computing has given rise to increased privacy concerns. These concerns are especially grounded in Google’s new terms of service that allow the company to gather user information and data and release it to government entities upon request, without obtaining user consent. According to these new terms, as of March 1, 2012, Google has been consolidating data on users who access Google and creating a single profile that contains all of this information. Google’s new terms have caused concern with the Electronic Privacy Information Center (“EPIC”), which argues that these terms conflict with an FTC Consent Order that outlined privacy standards for all Google products and services. The order required Google to obtain users’ consent before gathering and sharing personal user information with third parties.

In response to Google’s new terms, EPIC petitioned the Federal Trade Commission (“FTC”) to compel Google to abide by the terms of the 2011 consent order. EPIC brought suit in the United States District Court of the District of Columbia against the FTC, urging the organization to enforce the consent order, and stop Google’s new policy of gathering and storing user information in individual profiles. The court heard EPIC v. FTC in 2012 and ruled that the court lacked the jurisdiction over the FTC to compel it to act according to EPIC’s demands. Nonetheless, the court noted that it had “serious concerns” regarding Google’s revised terms of service.

The National Association of Attorneys General sent a letter to Google on behalf of 36 states, expressing concern with Google’s intention to gather information about users from all products that utilize Google services, such as cell phones, computers, and tablets. This is especially concerning for Android smartphones, which rely heavily on Google systems and products. Users with electronic devices use various Google products, such as Gmail, YouTube, and the Google search engine, in different ways. However, according to Google’s new terms, user profiles would consolidate usage from all such products into a single profile for each user. The Attorneys General also voiced a specific complaint towards users’ inability to opt out of these new terms. According to the letter, the lack of choice poses a severe threat to individual privacy.

Legal Implications of Online Impersonation

Published on: January 7, 2013 | by Law Offices of Salar Atrizadeh

The possibility of identity theft is a growing concern. However, banks, credit card companies, and various other institutions that house private information regularly take steps to protect customers’ identities. Nonetheless, a different type of identity theft continues to thrive. Online impersonation is a quick and easy form of identity theft that takes place over the Internet. It is an easy type of identity theft given the breadth and convenience of social media and expanding networking sites. However, in light of the Sandy Hook Elementary School incident, state and federal authorities are considering the possibility of bringing criminal charges for online impersonation.

State legislatures called for laws against online impersonation following the case of Megan Meier, a 13-year-old girl who killed herself after a woman impersonated a boy and engaged in cyberbullying. After the Sandy Hook shooting, people began posting incorrect information about the shooting and the suspect. Others began posing as the shooter and staging crime scenes similar to the shooting. Connecticut State Police Lieutenant J. Paul Vance called attention to this matter in a public press conference. He noted that these posts, in addition to being highly inappropriate, were also threatening and criminal in nature.

A spokesman for Commissioner Reuben Bradford stated that, harassing anyone who was a victim of the shooting would be criminally prosecuted. He noted that harassment would not only include in person contact, but also harassment through via the Internet and social media sites. Charges could include criminal impersonation and criminal misrepresentation. California and several other states have established online impersonation as a criminal offense. Critics argue that criminal regulations that prohibit online impersonation may arm interest groups with the power to suppress speech. For example, Electronic Frontier Foundation argues that such laws could silence groups like The Yes Men, which utilizes online impersonation as a form of commentary on the government and large corporations.

Privacy Concerns for Personal Email Accounts

Published on: December 10, 2012 | by Law Offices of Salar Atrizadeh

Former CIA Director David Petraeus from his position after the FBI looked through Petraeus’ private Gmail account and discovered that he was having an extramarital affair. These events have brought to light the fragile state of individual privacy on the Internet, particularly in relation to individual email accounts.

According to the Electronic Communications Privacy Act of 1986 (“ECPA”), which is current and applicable cyber law, the FBI has the authority to look through any email account simply by accessing the account through providers such as Yahoo or Gmail. Under the ECPA, law enforcement agencies do not need a search warrant to look through such accounts if the message is more than 180 days old.

In addition, the Foreign Intelligence Surveillance Act of 1978 (“FISA”), under Title 50, sections 1801 et seq. of the United States Code, allows the government to monitor communications between foreign parties, without a search warrant. A 2008 amendment to FISA further allows the government to monitor communications between American parties if the government does not know of the parties’ exact locations or identities. A group of attorneys raised a constitutional challenge to this amendment, and the matter is now before the United States Supreme Court. The justices have focused on whether the amendment offers the government an inappropriate range of power, or whether the amendment simply expands the government’s resources to protect America.

Facebook Pictures and Privacy Concerns with Facial Recognition Technology

Published on: December 3, 2012 | by Law Offices of Salar Atrizadeh

Facebook is struggling to decide how to handle its pictures. While consumer companies urge Facebook to profit from its face recognition technology, international regulators insist that user identities remain protected. According to a New York Times article entitled, Facebook Can ID Face, But Using Them Grows Tricky, Facebook agreed to delete user identification information, which the site gathers through facial recognition technology. The technology at issue is Facebook’s “tag suggestion” which automatically matches names with faces when a user uploads a photo. Facebook has deactivated this feature to make improvements that international regulators can approve.

Chris Hoofnalge, a professor at the University of California Berkeley, School of Law stated in the article that increasing developments in this field “directly affects civil liberties.” Although, the public is more likely to accept using identifying information from facial recognition technology for security purposes, Wall Street is now pressuring Facebook to utilize its users’ personal data for profit. Legislators, such as Senator Al Franken, have expressed concern over Facebook’s “database of face prints,” which Facebook has gathered “without the explicit consent of its users.” Franken urged Facebook to provide the same right of privacy to its American users as it does its European counterparts.

The Federal Trade Commission (“FTC”) has issued a guide, “Facing Facts Best Practices for Common Uses of Facial Recognition Technologies,” aimed at defining facial recognition technology and outlining authorized uses. In addition, earlier this year Google announced a new tool that would allow individuals to blur their faces in YouTube videos. This is one of the first steps to provide “visual anonymity” in cyberspace.

Privacy Concerns in the Changing Face of the Internet and Technology

Published on: November 11, 2012 | by Law Offices of Salar Atrizadeh

The technological advancements and the ever-expansive world of cyberspace are in a perpetual state of conflict with individual privacy concerns. For example, a recent research project by the Massachusetts Institute of Technology demonstrates that independent component analysis allows companies to track changes in pulse by the subsequent change in skin color that is readily visible through a video signal. In addition, employers, credit agencies, and health insurance providers can now purchase indexes that contain consumer profiles based on individual consumer’s browsing history, site membership, and online purchases.

The Federal Trade Commission has issued a report that proposes the steps companies can take to ensure optimal protection of consumer privacy. The report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers,” urges companies to incorporate privacy protection in every stage of their products, provide a mechanism against online activity tracking, and fully disclose what user information it shares with other entities.

The California legislature has proposed a new bill that would impose new restrictions on social networking sites, which would limit the information available about users. The proposed legislation would allow users to select privacy settings before ever using the site, which limits the sites accessibility. Social Networking sites, such as Facebook, have responded that such legislation would inappropriately burden the sites, in turn devastating cyber-business in California.

The Need for Cyber Security Sparks Action In Government

Published on: September 13, 2012 | by Law Offices of Salar Atrizadeh

With a growing concern for national security and expanding information sharing networks, the government is making efforts to establish legislation protecting the American cyber community.

Most recently, in February 2012 Congress considered the Cybersecurity Act (“Act”) as a means to provide for information sharing across different industries to establish cybersecurity. The Act also places the burden of monitoring sites and infrastructures on the owners of the sites, rather than any managers hired to maintain the sites.

Congress ultimately has not passed the Act because there is such a divide among politicians regarding the most effective means to establish protection for the American cyber community. See http://articles.cnn.com/2012-08-02/politics/politics_cybersecurity-act_1_cybersecurity-bill-homeland-security-cyberattacks for more information.

The Facebook “Like” Button: Is It Protected Speech?

Published on: May 13, 2012 | by Law Offices of Salar Atrizadeh

As some of readers, who have active facebook profiles know, the like button is a way to express your support for a cause or idea. However, a federal judge states that, clicking it doeos not constitute constitutionally protected speech.

For example, the employees of a local police department sued their boss (Sheriff B.J. Roberts) for firing them after they supported his opponent in his 2009 re-election campaign. One of those workers, Daniel Ray Carter, had “liked” the Facebook page of Roberts’ opponent, Jim Adams. Exactly what a “like” means – if anything is the main question. The ex-employees posit that their First Amendment rights were violated.

While public employees are allowed to speak as citizens on matters of public concern, the United States District Judge, the Honorable Raymond Jackson, ruled that clicking the “like” button does not amount to expressive speech. Express conduct, also referred to as “symbolic speech,” relates to the communication of ideas through one’s conduct. Expressive conduct raises some interesting constitutional questions because it combines expression, which typically receives First Amendment protection, and conduct, which typically does not receive First Amendment protection. This dualistic nature may account for the court’s position of affording expressive conduct some constitutional protection, but substantially less protection than pure speech.

Legislative Efforts to Regulate Online Transactions

Published on: February 11, 2012 | by Law Offices of Salar Atrizadeh

Last year, the California State Legislature made various efforts to regulate commercial transactions on the Internet. These efforts provide interesting questions and concerns regarding practical and constitutional limits on a state’s capability to legislate or regulate transactions on the world-wide-web (i.e., the Internet) due to its intrinsic interstate character.

One important consideration is the Dormant Commerce Clause, which stems from Article I, section 8, clause 3 of the federal Constitution. This doctrine implies that Congress only has the power to regulate interstate commerce and that the states do not have such power. Its application to the regulation of activities on the Internet is not quite developed and includes a series of judicially-created analyses. So far, the United States Supreme Court (which is the nation’s highest court) has not issued any definitive rulings. In addition, we do not have authoritative decisions by federal courts regarding the capability of the states to control online privacy and data security, tax online sales, or regulate online gambling.

As mentioned in this article, the legislators in this state passed or proposed laws that would develop our state’s regulatory power over transactions on the Internet which relate to the following topics: (i) privacy and data security; (ii) taxation of retail sales over the Internet; and (ii) online gambling.

Cyberstalking, Cyberharassment and Cyberbullying Laws

Published on: October 3, 2011 | by Law Offices of Salar Atrizadeh

In light of the circumstances, numerous states have enacted “cyberstalking” or “cyberharassment” laws or currently possess laws that specifically include electronic forms of communication within more traditional stalking or harassment laws. In addition, many states have enacted “cyberbullying” laws in reaction to issues related to protecting minors from online bullying or harassment.

Cyberstalking constitutes use of the world-wide-web (i.e., the Internet), electronic mail or other electronic communications to stalk. It generally refers to a pattern of threatening or malicious behaviors. It may be considered the most dangerous of the three types of Internet harassment, based on a posing credible threat of harm. Penalties range from misdemeanor to felony. See Cal. Civil Code § 1708.7, Cal. Penal Code § 646.9.

Cyberharassment is different from cyberstalking since it may not involve a credible threat. It usually pertains to threatening or harassing email messages, instant messages, or to blog entries or websites dedicated solely to tormenting a person. Some state legislatures have dealt with this issue by inserting provisions which address electronic communications in general harassment statutes, while others have created stand-alone cyberharassment statutes. See Cal. Penal Code §§ 422, 653.2, and 653m.