Articles Posted in E-commerce

Published on: | by

As it stands, the Internet of Things can be a dangerous proposition. Due to various hacking techniques, like rubber ducks, pineapples, and pivoting, one must wonder, if it can be hacked into, and if so, then what can we do about it? What about cars, planes, trains, and power plants? To this point, the U.S. Government has launched the Cybersecurity National Action Plan or CNAP. The idea is to add more information and resources into the system, increasing the amount of resources to help build up cybersecurity and investing resources into security measures. So, what is the government doing with CNAP? How might this help a business? How might this help individuals?

What does CNAP do?

It’s a set of guidelines and goals that the Obama Administration has implemented to help build the cybersecurity network, protect against attacks on the Internet of Things, and the general national network as a whole. The first, and easiest way it plans to do this is through the 2017 budget, allocating approximately 19 billion dollars for cybersecurity, up by 35% from the previous year’s budget.  It also incorporates and promotes other existing goals and changes, such as the BuySecure Initiative requiring credit cards to incorporate smartchips, and making large businesses use the smartchip option rather than the traditional magnetic strip.  CNAP also incorporates other ideas, such as multifactor authentication, identity for Federal Government digital services, training for small businesses, and relaunching identitytheft.gov.  Therefore, it is less of a new initiative, but rather a continuation of previous actions.

Continue Reading ›

Published on: | by

Nowadays, we’re using the web for numerous purposes, including, but not limited to, online banking.  So, we should be able to protect our financial information. There are many options for hackers to gain access to financial information, and without the prerequisite security, financial information can be accessed by hackers.  The law outlines the rules for financial institutions, such as data protection, data sharing, data preservation, security breach notification, or insurance requirements.  Also, there are different standards when it comes to consumer and business bank accounts.  For example, businesses face different prerequisites that must be fulfilled prior to submitting a claim towards a financial institution.

How might hackers commit banking fraud?

Looking at how hackers may even access your financial information, there are a few tools that need to be highlighted. Among them are Pivoting, Rubber ducks, and Pineapples. While this perhaps sounds odd, the way they can work is terrifying. Pivoting is a process hackers can use to break into a computer system by accessing it through an already-compromised device. For example, a hacker may access a web server by gaining access to an email server within the same network.  These discrepancies can also occur between smart devices, which indicate a downside to the Internet of Things. Rubber ducks are special USB drives with small processors. They act as a “Trojan Horse” by downloading and re-uploading information quickly and autonomously without causing alerts. Pineapples, in comparison, are more likely to come across, but more difficult to avoid.  These are devices that “clone” Wi-Fi networks. They will function in the same way, allowing individuals to connect and access the web, but can also be used to access and hack data after someone is connected. Pineapples and Rubber ducks are dangerous because they can download “keyloggers” onto computers, which would record and transfer confidential information (e.g., passwords, financial data) to the hacker’s computer.

Continue Reading ›

Published on: | by

We know that the JOBS Act has been officially confirmed by the government. We have written about the JOBS Act in the past, and Title III has provided various new rules regarding equity crowdfunding, specifically on who can donate, and where the participating entities can receive funds.  Yet, even with these developments, few issues have emerged with various blind spots in the law, prompting new efforts to patch them to make crowdfunding viable for startups.  So, what are the new rules? What are the blind spots? How are they being addressed by lawmakers?

What’s Title III?

As it stands, Title III allows entities to raise money for their projects, or business in general, through an equity format. This would differentiate itself from the more prominent crowdfunding platforms, like Kickstarter, which have projects that would not give an investor any stake in the company, instead selling copies of the product, akin to an advanced order. Instead, under Title III, unaccredited investors can invest over $2,000, or 5% of their annual income or net worth—whichever is higher—if they have an income under $100,000, or 10% of an individual’s net worth or income if they make $100,000 annually.  However, this is capped at $100,000 per investor, per year, with a larger cap of $1,000,000 in fundraising for the entity.  In addition, the money must be gathered through a fundraising portal, such as Crowdfunder, and those portals are not currently exempt from liability.  Unfortunately, while this law has been a positive step towards fundraising, however, it has fallen short on certain issues.  For example, there are issues with the fundraising caps, as well as, the responsibilities and liabilities of the portals.  In capping the investments, investors are limited in the aggregate to how many projects or entities they may wish to support, while an entity may need to undertake various crowdfunding efforts for larger projects costing over one million dollars.

Continue Reading ›

Published on: | by

In the current business world, parties may be separated by great distances and may never meet face-to-face. During the course or interactions, their communications may only be online, leading to a constant trade of contracts over e-mail.  So, when it comes time to sign the contracts, a meeting may not be feasible, and instead, an electronic signature may be needed to finalize the transaction.  Electronic signatures or “e-signatures” are those substitutes for a traditional “wet signature.” We have mentioned in passing some ways these signatures can be formed, but it leaves the question of what exactly can be an e-signature? To what extent can it be used? What are the benefits of using an electronic signature, and how might it be detrimental to your business arrangements?

What can be used as an electronic signature?

An electronic signature can be any sufficient substitution for a wet signature. This ranges from typing the individual’s name in a signature box, to signatures placed onto the electronic document through some sort of tablet device, or a checkbox in a click-wrap agreement stating: “I Agree.” There are even some cases where biometric data is being used as an electronic signature, such as fingerprint or facial image. Furthermore, while these could be used as electronic signatures, digital signatures differ, as they rely on a form of encryption to validate the authenticity of a document. These are then affixed to electronic documents, again, like a click-wrap agreement, or a contract that has been transmitted electronically. There are business services that facilitate and authenticate these signatures, e.g., DocuSign, that allows the tagging of the signature pages in the document. However, there are some limitations on what can be an electronic signature. As part of ESIGN (United States Electronic Signatures in Global and National Commerce Act), voice recordings for an oral agreement do not work as electronic signatures.

Continue Reading ›

Published on: | by

Following from last week, there is another counterpart to clickwrap agreements, known as a browsewrap. These are ultimately agreements that are harder to enforce than a clickwrap because instead of an action to assent to the agreement, a contract is formed, in part, by the individual continuing to browse the website. This would be akin to the terms of use that a website may have listed for users.  This could be implemented to bind users, much like click-wrap, and for the same purposes. However, what are the limits to a browsewrap agreement? What is required to enforce a browsewrap agreement? What are some of the things that could ultimately dismantle a browsewrap agreement and how can you to avoid them?

What is required for a valid browsewrap agreement?

A valid browsewrap agreement requires that the agreement be available on the website, via a hyperlink, and can be clicked on for the visitor to read.  However, this is generally harder for an individual to enforce, as there’s no “affirmative statement” like in clickwrap agreements. Instead, the affirmative statement is determined by the continued use of the website as specified in the terms. Yet, the way that this is compensated for is to demonstrate that the individual is aware that the agreement exists, and generally aware of its terms. In essence, if an agreement is present, and the visitor is aware that there are terms, the browsewrap agreement is more likely to be held as valid.

Continue Reading ›

Published on: | by

In the current times, website design is a basic step for business operations. The design must be balanced, with attractive features and easy-to-use interface.  The user interaction has to be accounted for, the visit locations, how the website flows.  And with that, various user agreements are also in place to prevent liability for certain actions, or to impose restrictions on what an individual can do on the website.  So, how might this be enforced? What if there were difficulties in the website design that would render the clickwrap agreement invalid? How might this be decided?

What is a clickwrap agreement?

Now, as we’ve discussed before, a clickwrap agreement is a virtual agreement, made when a digital product is delivered online. This could be anything from a song over iTunes, or an eBook over Nook or Kindle. The idea behind this sort of agreement, differentiating it from a similar “browsewrap” agreement, is how the individual using the page does not need to explicitly assent to the agreement. This would be like a link that takes a user to a page with the full terms or a popup with the ability to assent, by clicking “I agree” or “I accept” the terms and conditions.

Continue Reading ›

Published on: | by

With the ever-increasing dominance of cameras in our society, we might never think to ask “can someone find me from a picture?”  How futuristic would it be, to snap a picture of someone’s face and see their social media? To use a face like a business card? While technology may not be at that point, the law seems to be ahead of the curve. Currently, there are two lawsuits regarding the “tagging” of a person’s image online through social media due to one state’s law protecting biometric privacy, and how that affects us in interstate commerce. So, what is this law? What are the details of the lawsuits? How might this affect interstate commerce in general?

What are the lawsuits about?

The law itself comes out of Illinois, prompted by biometric additions to payment systems. Biometric data itself is quite common. It could include an individuals’ face, voice, fingerprint, retina scan, or blood type.  Anything that comes from the individual’s body that is recorded could qualify. This would then be used to determine the person’s identity or recorded for their own use, like in a health-monitoring app. The law requires any entity that is collecting this type of information, both tell the individuals, and explicitly obtain their consent.

Continue Reading ›

Published on: | by

After establishing the issues of preemption and standing, how can you sue for violations of CAN-SPAM? Is there any way for spam to be combated by an individual?  Yes, there is by suing for fraud or deception, which are not explicitly covered under the CAN-SPAM Act.  So, how do you plead fraud?  And how much do you need to plead?

How to plead fraud to avoid preemption?

In ASIS Internet v. Subscriberbase, which was heard by the Northern District of California, the court examined preemption and the question of fraud in relation to a motion to dismiss that was filed by defendants.  Plaintiff was suing under the California Business & Professional Code Section 17529.5, otherwise known as the False Advertising Law.  In its claim, plaintiff pleaded the following three factors California has in a fraud claim: (a) misrepresentation; (b) knowledge of falsity; and (c) intent to defraud.  However, plaintiff left out reliance and damage in its claims.  In general, the CAN-SPAM Act does not coincide with laws that prohibit falsity or deception, as well as, some other laws that overlap with it, but are extended to subject matter outside of email.  Here, that aspect of CAN-SPAM was specified to state that a claim containing the common law elements of fraud would not be prohibited.  Hence, the court decided that the complaint satisfied fraud allegations, pending the question of if all the factors were required to be alleged in the complaint.

Continue Reading ›

Published on: | by

So, now that we know more about preemption in the CAN-SPAM Act, then what more is there to consider?  There is actually quite a lot of other factors, namely standing.  Now that you know how the federal CAN-SPAM Act and state laws may interact, there leaves the question of “standing.”  Standing is essentially a way for individuals to claim that they can sue under the law.  Without standing, a lawsuit cannot occur.  So, can you sue as an individual under the law?  Can you sue as a business?  Who can sue?

Can an individual sue under CAN-SPAM?

In general, individuals likely cannot sue under this federal law.  We can revisit the case of Gordon v. Virtumundo where the plaintiff had setup a business to profit off of violations of anti-spam legislation.  He was a Verizon subscriber for his internet access, and had started his business through GoDaddy.  In the trial, the court revisited the standing provisions of the CAN-SPAM Act and made three determinations.  First, the federal statute was not made to stamp out all spam.  Second, it was not specifically implemented to allow private right of actions.  Third, plaintiff had not suffered adverse effects due to spam.

Continue Reading ›

Published on: | by

As the implementation of the European Union Privacy Shield comes closer, other elements of the shield come into influence and place restrictions on businesses that transfer data between the United States and Europe.  Further adding onto this, is the General Data Protection Regulation.  This can be a major issue in cases where data transfers may occur, but more specifically, it impacts the cloud computing sphere, and services like Dropbox and Google Docs.  So, how do these services work?  What would the General Data Protection Regulation do?  How can they be used with the Privacy Shield in effect?

How do these services work?

Now, these systems work by allocating computing resources to another location.  Usually, this is done through the internet, by transferring data towards other electronic devices or servers.  Effectively, it allows for individuals or businesses to take advantage of greater resources of other entities, like those of Dropbox or Google, by granting use of their services for a fee.  On the flip side, these services could be compromised by hackers, and cause the loss of personal or confidential information.  We have discussed some of the risks associated with cloud computing before and would ultimately encourage our readers to carefully evaluate the risks of submitting any information to the Cloud.

Continue Reading ›