Government

FTC’s Enforcement Action Against LifeLock

Published on: August 27, 2015 | by Law Offices of Salar Atrizadeh

According to its website, the Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. LifeLock has used the massive security breaches of companies like Anthem and Target to increase its membership. On July 21, 2015, the Federal Trade Commission (FTC) claimed that LifeLock—an identity theft protection company—has violated a 2010 Settlement it had made with the agency and thirty-five state attorneys general. This assertion was made due to LifeLock’s alleged misrepresentation of its security capabilities and failing to take steps to protect consumers’ information.

What is the Federal Trade Commission’s responsibility?

The FTC was created to prevent anti-competition business practices and protect consumers against deceptive or unfair business dealings. The Federal Trade Commission Act (which incorporates the U.S. Safe Web Act amendments of 2006) sets the parameters for how the agency can prosecute companies, which it believes are misleading consumers through false or deceptive advertising. In fact, sections 45 and 52 of the statute indicate that, when a company commits an unfair act or deceptive practice, “and if it shall appear to the Commission that a proceeding … would be to the interest of the public, it shall issue and serve … a complaint stating its charges …” In addition, section 52 addresses the illegality of false advertisements, which would be likely to induce consumers to purchase a product. Although, LifeLock was not advertising a product, it was falsely advertising services, so consumers were induced to buying memberships. Therefore, the FTC is utilizing its ability to prosecute companies for violating the law.

Cloud Computing and Security

Published on: August 10, 2015 | by Law Offices of Salar Atrizadeh

Security issues related to cloud computing must be dealt with carefully because of the legal uncertainties that surround its regulation. At this time, the European Union and the United States deal differently with cloud computing and its security.

What methods are used to deal with cloud computing security issues?

Security issues can be dealt with by breaking them down, which is how the United States approaches them. The European Union, on the other hand, prefers to directly control cloud-computing issues. In the case of the European Union, all states must be in agreement about regulations in order for them to become rules. However, when specifically evaluating the United States, the Stored Communications Act (“SCA”) proves to be an issue. Because the SCA is a subpart of the Electronic Communications Privacy Act (“ECPA”), certain transactions within cloud computing fall separately under the statutes. This is significant because only certain classifications of stored data are protected by the SCA. Thus, different data transmission processes have varying levels of protection. Because the ECPA was drafted in 1986, it is outdated, and brings concerns about data security. Additionally, security concerns exist when it comes to the power of the federal government in regards to data, especially in the hands of the Department of Justice or National Security Agency.

Internet Privacy: Social Media and Search Warrants

Published on: August 2, 2015 | by Law Offices of Salar Atrizadeh

The New York State Court of Appeals recently upheld a lower court’s verdict against Facebook’s claim that it had legal standing to challenge search warrants on behalf of its members. Facebook claimed that it had the ability to challenge search warrants that it saw as illegal before the warrants were executed. This verdict is considered a major setback for companies that seek to increase internet privacy.

What were the claims?

Facebook claims that, as an online entity which stores customer information, it had standing to contest search warrants brought to obtain information about its users, including, private personal messages and photographs. The company made the argument that search warrants for electronic information are different from a physical search of someone’s home. Someone else at a company has to do the searching, not the police, and more private information is accessible than would be found through a search of a defendant’s home. Therefore, Facebook claimed that the warrants served on social media companies are more like civil subpoenas for records and should be able to be challenged in court. Facebook also claimed its right to contest the warrants under the federal Stored Communications Act, but the court held that it had misinterpreted the law, which only applied to subpoenas and court orders. Although, the five-judge panel expressed concern over the scope of the search warrants and the large amounts of warrants executed, versus the small amount of those charged with a crime, however, it held that federal and state laws specify that the only person who can challenge a search warrant is the defendant. In general, the challenge takes place at a hearing before the trial court.

Internet Rights v. Human Rights

Published on: July 13, 2015 | by Law Offices of Salar Atrizadeh

During the course of history, the United States Constitution has been amended in order to achieve the best interests of the nation and citizens. However, technological advancements have posed as obstacles to the changes as internet and human rights have recently become issues.

What is the relation between the Internet and Human Rights?

As of now, approximately 40% of the world’s population has access to the Internet. Because of its extensive reach, the Internet has become a basic component of human life. It encompasses an individual’s freedom of expression, freedom of association, privacy, and other fundamental factors. Civil liberty and human right groups have expressed their concerns regarding the increase in government’s control and power. For example, on April 21, 2015, Senate Bill 1035 was introduced, which seeks to reauthorize Section 215 of the Patriot Act for five additional years. This means that there would be continued data collection and surveillance programs. As such, groups like Human Rights Watch have expressed their concern towards NSA’s violation of privacy rights.

International Hackers Breach Government Database

Published on: June 8, 2015 | by Law Offices of Salar Atrizadeh

On June 4, 2015, four million current and former federal employees were informed that China-based hackers were suspected of gaining access to and compromising their personally identifiable information (PII) via a breach of government computer networks. The scope of the attack has allowed it to be described as one of the largest governmental data thefts.

What actions have been taken since the attack?

Directly after the attack, the administration decided to expand the National Security Agency’s internet traffic surveillance, especially in regards to international hackers. The FBI is currently investigating the attack by looking into the threats posed to the public and private sectors. The Office of Personnel Management (OPM) reported that federal employees will be appropriately notified and given access to credit reports, credit monitoring, identity theft insurance, and recovery services. The OPM is responsible for collecting and processing security clearance forms, which were accessed in the breach. It is possible that the hackers have access to the personal and professional references of the victims. Because of the breadth of the data held by the OPM, the agency is telling individuals to monitor and report unusual activities.

Cyberattackers Gain Access to IRS Tax Returns

Published on: May 29, 2015 | by Law Offices of Salar Atrizadeh

On May 26, 2015, the Internal Revenue Service (“IRS”) announced that criminals illegally accessed data to retrieve the past tax returns of approximately 100,000 individuals through the IRS website. The criminals managed to use social security numbers, birth dates, street addresses, and “out of wallet” data (e.g., person’s first car, high school mascot.)

How was the personal information accessed?

During the months of February to May, attackers attempted to get access to tax information over 200,000 times through the IRS “Get Transcript” online application, which allows for viewing information from previous returns. The criminals managed to go through many steps of an authentication process to view these previous returns, exploiting data from breaches in the past. Recent breaches of companies like Target, Home Depot, JP Morgan Chase, Sony, and Anthem have allowed for personal information to be easily accessible to hackers. In addition, it is possible for identity thieves to get basic answers to security questions from individuals’ social media accounts and search databases. The IRS proceeded to send $50 million in refunds before detecting the criminal activity.

Regulation A+ and Tiers I and II

Published on: May 25, 2015 | by Law Offices of Salar Atrizadeh

As of March 25, 2015, the Securities and Exchange Commission (“SEC”) adopted new rules to update and expand Regulation A. Regulation A+ will allow companies to gain access to funds through crowdfunding. These new rules are mandated by Title IV of the Jumpstart Our Business Startups (JOBS) Act.

What will the new rules do?

The update and expansion of Regulation A to Regulation A+ will allow smaller companies to sell up to $50 million of securities in a 12-month period. These exemptions, however, are subject to eligibility, disclosure, and reporting requirements. The new rules have created a more effective way to raise capital while attracting and protecting investors. Non-accredited investors will be allowed to annually invest up to ten percent of their income or net worth, depending on which amount is greater. Before the new rules came out, only accredited investors were able to invest in startups through equity crowdfunding. The final rules are referred to as Regulation A+ and are provided in two tiers of offerings based on amount of security offerings over a 12-month period. Both are subject to the same basic requirements and eligibility limits, but differ in registration and qualification offerings.

Revenge Porn and Related Laws

Published on: April 20, 2015 | by Law Offices of Salar Atrizadeh

In recent times, the non-consensual publishing of private images online has been a topic of debate among lawmakers. Since our last article discussing revenge porn, there have been new laws passed and proposed that show state governments’ increasing pushback against posters of revenge porn and their facilitators. More and more states are passing laws that address cyberstalking, cyberharassment, and similar offenses leading to a wide array of people prosecuted for revenge porn.

What is the new California law?

On October 1, 2013, Senate Bill 255 (“SB 255”) took effect and was codified in California Penal Code § 647(j)(4). On January 1, 2015, a new amendment to this section went into effect specifying that a defendant is liable if he/she should have known that the subject of the photo did not consent to having his/her picture published online. An amendment to California Civil Code § 1708.85, also came into effect recently in order to allow victims of revenge porn to sue for civil damages. Now, revenge porn posters and hosts may be held liable, both criminally and civilly, in California. In fact, a recent California case caused quite a stir when the operator of a website, who allowed third-party posting of revenge porn, was sentenced to 18 years in prison for identity theft and extortion. So, with the new civil code amendment, this form of prosecution should be more available to victims.

Controlling Online Piracy and Counterfeiting

Published on: March 30, 2015 | by Law Offices of Salar Atrizadeh

In 2011, Congress proposed two relatively similar bills—House of Representatives’ Stop Online Piracy Act (SOPA) and Senate’s Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA)—that legislators and lobbyists hailed as providing important protections against piracy and counterfeiting online. Yet, this apparently strong support was quickly withdrawn when a massive online protest in January 2012 sparked intense and ultimately fatal opposition to the bills.

Despite the strong public disapproval and lack of Congressional support, in July 2014 the Intellectual Property Law (IPL) Section of the ABA issued a white paper proposing that Congress enact legislation allowing essentially the same private copyright infringement suits against allegedly infringing foreign websites as those provided for in SOPA and PIPA, and suggesting that those protections be extended to trademarks as well.

How Does the ABA’s Proposal Differ From Previously Rejected Legislation?

Drones, Privacy Concerns and Regulations

Published on: March 2, 2015 | by Law Offices of Salar Atrizadeh

The recreational use of drones, or unmanned aerial vehicles (UAV), has become increasingly popular in the United States. While such use has gone largely unregulated due to the unlikeliness that these drones will obstruct air traffic, commercial and governmental use of drones—especially larger drones—has sparked safety and privacy concerns leading to attempts at regulation.

What Are the Major Concerns?

With respect to public safety, the primary concern is that drones will collide or otherwise interfere with other aircraft, particularly when flown in congested airspace such airports. The Federal Aviation Administration (FAA) legitimized this concern by admitting the difficulty in policing drone use since they are typically undetectable by radar. Even assuming drone violations were detectable, it would be nearly impossible to track down the device or, more importantly, its operator. In addition, the inability to fully monitor drone use has caused public concern over personal privacy and accountability for breaches.