Government

President’s Executive Order on Cybersecurity

Published on: May 8, 2017 | by Law Offices of Salar Atrizadeh

President Donald Trump has signed an executive order on cybersecurity as a response to the WannaCry ransomware attack. This executive order is entitled as “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The executive order contains three main sections and a fourth category that includes some definitions of terms that are contained in the order.

The first section of the executive order is regarding Cybersecurity of Federal Networks. This section states that the United States Information Technology (IT) should have the data secured responsibly by the United States Government. The President said that he will also be holding the heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises. One of the findings included in this first section is that the executive branch has been too accepting of IT in that it is antiquated and difficult to defend. To manage these risks, the first section includes a risk management section, which includes ideas of how to reduce future cybersecurity risk. For example, the head of each agency must provide a risk report to the Secretary of Homeland Security and Director of Office of Management and Budget.

The second section of the executive order is regarding Cybersecurity of Critical Infrastructure. This section states that support must be provided to the critical infrastructure that faces the greatest risk. It also describes how the Secretary of Commerce and Secretary of Homeland Security will both go through an open process to try and improve how resilient the internet is, so they can reduce threats of automated attacks.

Who Is Responsible for the WannaCry Attack?

Published on: May 1, 2017 | by Law Offices of Salar Atrizadeh

On May 12, 2017, what is believed to be the largest ransomware attack in history occurred on the internet.

A global search is heating up trying to locate those who are responsible for the attack.

While this search is occurring, there is also a question of how much blame for the attack should be placed on Microsoft. This is because the WannaCry attack took advantage of a weakness that was already existing in the Microsoft operating systems.

What Is the Future of Internet of Things?

Published on: October 24, 2016 | by Law Offices of Salar Atrizadeh

So, where do we go from here? After the Internet of Things was effectively used as a way to crash various online stores and services, it leaves us with the question of how can we fix this gaping hole in our security that would allow this new technology to continue to exist without causing further risk? As mentioned last week, the most likely solutions are either in the private sector, through consumer choice and manufacturer investment, or through government action. What actions should individuals take? What is the government doing now? What might the government do in the future?

What is the private sector currently doing?

The private sector is not doing much at this time. While consumers could demand more secure smart devices, the focus of the demand for these devices tends to be towards their functioning. In general, less sophisticated consumers buy smart devices for the sake of convenience, with security being a distant thought when compared to the more sophisticated consumers. These smart devices, like any other internet-connected device, occasionally need security updates to remain resistant to online bugs (i.e., malware). So, as the world becomes smarter, this technology will need to adapt and advance, accordingly, in order to mitigate the risks. Yet, without some motive to do so, it’s less likely that resistance to the botnet will emerge, and it may be due to the government’s intervention.

Internet of Things: Is It Safe or Dangerous?

Published on: October 10, 2016 | by Law Offices of Salar Atrizadeh

As it stands, the Internet of Things can be a dangerous proposition. Due to various hacking techniques, like rubber ducks, pineapples, and pivoting, one must wonder, if it can be hacked into, and if so, then what can we do about it? What about cars, planes, trains, and power plants? To this point, the U.S. Government has launched the Cybersecurity National Action Plan or CNAP. The idea is to add more information and resources into the system, increasing the amount of resources to help build up cybersecurity and investing resources into security measures. So, what is the government doing with CNAP? How might this help a business? How might this help individuals?

What does CNAP do?

It’s a set of guidelines and goals that the Obama Administration has implemented to help build the cybersecurity network, protect against attacks on the Internet of Things, and the general national network as a whole. The first, and easiest way it plans to do this is through the 2017 budget, allocating approximately 19 billion dollars for cybersecurity, up by 35% from the previous year’s budget. It also incorporates and promotes other existing goals and changes, such as the BuySecure Initiative requiring credit cards to incorporate smartchips, and making large businesses use the smartchip option rather than the traditional magnetic strip. CNAP also incorporates other ideas, such as multifactor authentication, identity for Federal Government digital services, training for small businesses, and relaunching identitytheft.gov. Therefore, it is less of a new initiative, but rather a continuation of previous actions.

What Are The Effects of Brexit?

Published on: August 22, 2016 | by Law Offices of Salar Atrizadeh

For entrepreneurs who seek to engage in international business, it is important to keep abreast of developments in other countries. Political problems, exchange rates, and legislation may affect the business climate when engaged in international business. The most recent shake up in international legal requirements seems to have risen from “Brexit” and what it means for those doing business with the United Kingdom, European Union, and United States. Brexit (which comes from the merger of “Britain” and “Exit”) is the UK’s vote to leave the European Union. While this decision has had repercussions on the value of the British Pound, Euro, and U.S. Dollar, it also serves to show that the UK will no longer be bound by the European Union’s rules or regulations. So, what law applies now? How soon will the United Kingdom be unbound from the European Union’s rules or regulations? What should American businesses take out of this referendum?

What does “Brexit” do?

The UK has voted to leave the European Union as part of a referendum voted on by its citizens. The EU is an economic and political partnership between various member states, sharing a common currency, with the exception of the United Kingdom, which uses the British Pound. The EU imposes certain restrictions when working with member states (e.g., Privacy Shield, Digital Single Market initiative). It serves to allow the free movement of people between member states. However, Brexit does not mean that right now, the UK has officially separated from the European Union. Brexit has set in motion the process to fully remove the United Kingdom from the European Union. It needs to invoke “Article 50 of the Lisbon Treaty,” to initiate the process, which grants both sides two years to negotiate the terms and conditions. Essentially, the referendum will start the process, but does not remove the United Kingdom from the European Union immediately.

Crowdfunding Under Title III

Published on: August 1, 2016 | by Law Offices of Salar Atrizadeh

We know that the JOBS Act has been officially confirmed by the government. We have written about the JOBS Act in the past, and Title III has provided various new rules regarding equity crowdfunding, specifically on who can donate, and where the participating entities can receive funds. Yet, even with these developments, few issues have emerged with various blind spots in the law, prompting new efforts to patch them to make crowdfunding viable for startups. So, what are the new rules? What are the blind spots? How are they being addressed by lawmakers?

What’s Title III?

As it stands, Title III allows entities to raise money for their projects, or business in general, through an equity format. This would differentiate itself from the more prominent crowdfunding platforms, like Kickstarter, which have projects that would not give an investor any stake in the company, instead selling copies of the product, akin to an advanced order. Instead, under Title III, unaccredited investors can invest over $2,000, or 5% of their annual income or net worth—whichever is higher—if they have an income under $100,000, or 10% of an individual’s net worth or income if they make $100,000 annually. However, this is capped at $100,000 per investor, per year, with a larger cap of $1,000,000 in fundraising for the entity. In addition, the money must be gathered through a fundraising portal, such as Crowdfunder, and those portals are not currently exempt from liability. Unfortunately, while this law has been a positive step towards fundraising, however, it has fallen short on certain issues. For example, there are issues with the fundraising caps, as well as, the responsibilities and liabilities of the portals. In capping the investments, investors are limited in the aggregate to how many projects or entities they may wish to support, while an entity may need to undertake various crowdfunding efforts for larger projects costing over one million dollars.

Drone Laws – Part III

Published on: June 20, 2016 | by Law Offices of Salar Atrizadeh

So far, we have discussed what licenses are necessary and how you will be using your drone. Surely, there can’t be more issues. Well, not quite. Following the issuance of drone licenses, there are restrictions on where and when these drones can fly. Be it for safety or for general security concerns, drones are not allowed in all national airspace. So, where can you fly? What sort of events and situations would cause the airspace to become restricted? Is there any way to fly without licensing or airspace restrictions?

Where can you fly?

This first aspect is an interesting one. When you fly, you are generally flying in the National Airspace. Be it from a blade of grass to the wild blue sky, that space is regulated by the Federal Aviation Administration. However, not all of that space is available for drones. First, is the restriction on altitude, ranging your navigation to approximately 400 feet, and restrictions on piloting drones in certain areas, like sporting arenas, restricted airspace (e.g., Disneyland), heavily populated areas and airports. This is mainly due to security concerns, as it is measured by what damage a drone can do in those areas. For example, it is generally prohibited to fly model aircrafts within five miles of an airport without notifying the tower, to prevent any difficulties with takeoffs and landings. In those cases, where a drone may be piloted, it’s generally with a letter of agreement with the airport, detailing the operator’s authorization.

Drone Laws – Part II

Published on: June 13, 2016 | by Law Offices of Salar Atrizadeh

So, now you’ve registered and gotten everything you need for your drone. What now? Well, it depends on what you plan on using your drone for. Maybe it’s a gift for a child or a friend. Maybe you’d just like to use it for fun. However, as we briefly touched upon in our last post, there are requirements and restrictions placed on your drone if those actions are for commercial use. So, what qualifies as a commercial act? What has to be done regardless of commercial or non-commercial uses? What uses would require a business to register and go through the whole process, and which uses would allow an individual to operate freely?

Non-Commercial Use

Part of the reason there are fewer restrictions on non-commercial use of drones is due to the special rule of model aircraft. This would have the drone operate under different, less restrictive rules, and while still requiring the drone be registered with the FAA if it is within the weight range of 0.55 LBS to 55 LBS, it is generally exempted from onerous requirements.

CAN-SPAM Act – Part II

Published on: April 25, 2016 | by Law Offices of Salar Atrizadeh

So, now that we know more about preemption in the CAN-SPAM Act, then what more is there to consider? There is actually quite a lot of other factors, namely standing. Now that you know how the federal CAN-SPAM Act and state laws may interact, there leaves the question of “standing.” Standing is essentially a way for individuals to claim that they can sue under the law. Without standing, a lawsuit cannot occur. So, can you sue as an individual under the law? Can you sue as a business? Who can sue?

Can an individual sue under CAN-SPAM?

In general, individuals likely cannot sue under this federal law. We can revisit the case of Gordon v. Virtumundo where the plaintiff had setup a business to profit off of violations of anti-spam legislation. He was a Verizon subscriber for his internet access, and had started his business through GoDaddy. In the trial, the court revisited the standing provisions of the CAN-SPAM Act and made three determinations. First, the federal statute was not made to stamp out all spam. Second, it was not specifically implemented to allow private right of actions. Third, plaintiff had not suffered adverse effects due to spam.

Cloud Computing and Privacy Shield Regulations

Published on: April 11, 2016 | by Law Offices of Salar Atrizadeh

As the implementation of the European Union Privacy Shield comes closer, other elements of the shield come into influence and place restrictions on businesses that transfer data between the United States and Europe. Further adding onto this, is the General Data Protection Regulation. This can be a major issue in cases where data transfers may occur, but more specifically, it impacts the cloud computing sphere, and services like Dropbox and Google Docs. So, how do these services work? What would the General Data Protection Regulation do? How can they be used with the Privacy Shield in effect?

How do these services work?

Now, these systems work by allocating computing resources to another location. Usually, this is done through the internet, by transferring data towards other electronic devices or servers. Effectively, it allows for individuals or businesses to take advantage of greater resources of other entities, like those of Dropbox or Google, by granting use of their services for a fee. On the flip side, these services could be compromised by hackers, and cause the loss of personal or confidential information. We have discussed some of the risks associated with cloud computing before and would ultimately encourage our readers to carefully evaluate the risks of submitting any information to the Cloud.