Internet Law

Ransomware Laws

Published on: May 24, 2021 | by Law Offices of Salar Atrizadeh

Ransomware is used to infiltrate and lock the victim’s computer system in exchange of money. This type of malicious software (a/k/a “malware”) can cause substantial disruptions in an individual’s and a company’s business operations. It is usually caused when the unsuspecting victim clicks on a link to open an attachment or clicks on an advertisement or uniform resource locator to visit a third-party’s website that is embedded with the malware. The culprits usually request some form of ransom in order to decrypt the files. They will, and usually do, threaten the victim to either sell or leak the sensitive or confidential information if the ransom is not paid in time. There have been demands of up to or more than one-million dollars in recent years so the impact can be significant.

Ransomware can cause a “system lock” when the malware is unleashed on the computer or network system. This, in essence, will encrypt sensitive or confidential files on local or attached hard drives or other storage units. It is difficult to determine when or how the hackers infiltrated the system but the victim usually finds out when the computer systems are locked and inaccessible.

Technology experts recommend training yourself and your employees on a regular basis. This way, they will know what to look for and how to avoid these cybersecurity incidents. It’s important to have a regular backup of sensitive and confidential files and store the backup files in a secure location. We usually recommend storing them in local and remote locations. It is recommended to restrict user privileges such as permissions to install and execute software applications. Technology experts recommend enabling strong spam filters to prohibit phishing emails. They also recommend properly configuring the firewall to block access to known malicious Internet Protocol addresses. It’s also crucial to update the operating system and software applications on a regular basis according to law enforcement agencies.

Quantum Computing Laws – Part III

Published on: May 17, 2021 | by Law Offices of Salar Atrizadeh

The Fourth Industrial Revolution is another name for the quantum technology movement. Quantum computers are in the process of being developed at this time and it will continue to impact the legal system and our daily lives. It will also impact data privacy and national security on various levels.

Conventional computers have obvious limitations which can be surpassed by quantum computers. First, conventional computers use binary bits (i.e., 0s and 1s) to operate which presents a significant limitation. Second, as a result of the aforesaid limitation, they cannot operate as quickly and efficiently. Therefore, the simple fact that quantum computers operate by using superposition and entanglement, allows them to yield a lot more power than conventional computers. So, in other words, their computing power has an extremely higher capability which can have a positive effect on medical research, business analyses, artificial intelligence, virtual reality, and other technologies. However, there is a potential problem with quantum computers with error correction issues which can be fixed according to the experts. So, in summary, the final objective is to build a fully error-corrected quantum computer which can manage all disruptions.

The cybersecurity infrastructures in the private and public sectors can be affected by this emerging technology. The private sector which owns, manages, or operates a vast amount of sensitive data at local and remote locations (e.g., cloud servers) can be directly impacted. The public sector will also be affected for the same reasons. There are various types of intellectual properties (e.g., patents, trademarks, copyrights) that have been stored on private and public organization’s network servers. These valuable documents, include, but may not limited to, trade secrets which should be properly protected from public access.

Quantum Computing Laws – Part II

Published on: May 10, 2021 | by Law Offices of Salar Atrizadeh

Quantum computers will probably take over the various technology industries in the near future. It is called the “Fourth Industrial Revolution” and it will change the way we use and experience technology. These superfast computers have an extremely powerful computing power that is unmatched by traditional computers. Its technology is based on quantum physics. It will arguably disrupt many industries and will have a direct impact on cybersecurity and privacy. Quantum computers use “quantum bits” or “qubits” which can have multiple properties (i.e., they can be both 0 and 1 simultaneously) and can store electronic information. In other words, they can be in two states at one time which is called “superposition” by the experts. However, they are susceptible to distortion and therefore proper error correction is important.

The large technology companies such as IBM, Google, Intel, and Microsoft have invested a significant amount of their resources. In fact, IBM Quantum is an organizational initiative to build universal quantum computers to solve complex problems with its supercomputers. So, once this type of technology becomes more prevalent, other manufacturers will follow a similar path.

Cybersecurity will be directly impacted by these supercomputers because it will allow their owners or operators to infiltrate the target’s defense mechanisms. It may take a traditional computer a longer time to decipher strong passwords and hack into a computer network system. As such, the owners or operators of quantum computers will have a significant advantage when it comes to these procedures. Cybersecurity and privacy will be major concerns due to the nature of these supercomputers as they can potentially disrupt multiple industries. We know that electronic information can be protected by algorithms. Now, quantum algorithm is referred to as “Shor’s algorithm” which gives quantum computers a higher capability to decrypt information.

Quantum Computing Laws – Part I

Published on: May 3, 2021 | by Law Offices of Salar Atrizadeh

Quantum computers will be more prevalent in the coming years as technology advances and they become more affordable. Quantum computers function differently than traditional computers. They are faster and much more efficient when compared to traditional computers. Today’s traditional computers use digital bits which represent zeros and ones – i.e., they must be either on or off for computing process. However, quantum computers operate by using qubits which can store digital information and have several properties. In essence, they can make instantaneous calculations that can take a traditional computer several years. Quantum computers can resolve industrial problems that can take traditional computers a longer time.

What are the applicable technologies and legal problems?

The advantage of having access to quantum computers can be significant. This is because, for example, a company that has access to these exponentially-advanced electronic devices can decrypt a sophisticated program within minutes and threaten the victim’s privacy rights. In other words, it could carry a potential invasive power that would be unmatched by traditional computers. Encryption technology is being used to protect sensitive information. There is “symmetric” and “asymmetric” encryption technology that is being used in the market.

California Electronic Communications Privacy Act

Published on: April 26, 2021 | by Law Offices of Salar Atrizadeh

The California Electronic Communications Privacy Act (“CalECPA”) was enacted several years ago to require government agencies to obtain a valid search warrant prior to requesting electronic information from service providers. These statutory protections can be enforced by business entities and individuals and extend to communication service providers which collect and store electronic information, including, but not limited to, emails, digital documents, pictures, videos, geolocation data, and Internet Protocol addresses.

This statute yields additional privacy protections when compared to the federal Electronic Communications Privacy Act which was passed as Public Law 99-508, Statute 1848, and codified under three separate titles. Title I, is referred to as the “Wiretap Act” and prohibits the unlawful interception of electronic communications. Title II, is referred to as the “Stored Communications Act” and protects content that is stored by service providers. Title III, is referred to as the “Pen Register Act” and addresses pen registers and trap-and-trace devices. It mandates government agencies to obtain a valid court order that authorizes the installation and use of pen register and trap and trace devices.

The CalECPA requires a valid search warrant in order to compel the production of or access to sensitive information such as emails that are stored on a computer server for more than 180 days, detailed geolocation, and sensitive metadata that is related to the consumer’s electronic communications. The statute does not allow government agencies to: (1) compel the production of or access to electronic communication information from a service provider; (2) compel the production of or access to electronic device information from any person or entity other than the authorized possessor of the device; or (3) access electronic device information through physical interaction or electronic communication with the electronic device unless it is voluntarily disclosed by the intended recipient.

Deepfake Rules and Regulations

Published on: April 19, 2021 | by Law Offices of Salar Atrizadeh

Machine learning algorithms can help create fake videos or pictures of someone else without their knowledge or consent. In fact, in 2017, University of Washington’s researchers created a video of Barak Obama who was seemingly discussing important issues. Now, there are software applications such as FakeApp that can help create deepfake pictures or videos for free. FakeApp was created by using Google’s open-source deep learning software program.

The advent of “fake news” has created a new movement in the entertainment and news industries. It has allowed everyone to question the source and validity of journalistic works. So now, deepfake movements and creations are creating new legal predicaments. The relevant issues, include, but may not be limited to, invasion of privacy, false light, and defamation.

The creator or publisher of the deepfake picture or video can put together a seamless video by having access to a base video and several source images of the person’s face. The computer-generated face can look identical to the original person’s face which can create confusion. This confusion can result in monetary damages to the victim. For example, a deepfake video can show the victim saying or doing something wrong which could cause the victim’s loss of employment. Or, in another example, the victim, who is running for political office, may be shown to have said or done something that could impede the election process.

Deepfake: What are the Laws?

Published on: April 12, 2021 | by Law Offices of Salar Atrizadeh

Deepfake rules and regulations have been developing in the recent times. The term “deepfake” comes from two separate words – deep learning and fake – which uses artificial intelligence technology to create fake pictures or videos. The creator can utilize special software programs to create the picture or video by face swapping. This has become a problem because it can violate the victim’s privacy rights and public image.

We can detect the false image by conducting a reverse-image search. So, in other words, if the fake image was made by using another image on the web, the original version should be found. The fake image may be also detected by close evaluation. So, for example, the person in the fake video may not blink or yield normal facial expressions. It may also be detected through magnification or physiological analysis.

The victim’s legal rights can be violated by the deepfake creator or publisher. In most cases, it raises an issue regarding privacy rights. In California, false light is a legal cause of action that can be used by the plaintiff against the defendant who improperly represented the plaintiff who was embarrassed or offended by those actions. The plaintiff may argue that any reasonable person in the same or similar circumstances would be embarrassed or offended. The plaintiff may bring a cause of action for defamation against the creator and argue that the false factual statement – i.e., picture or video – was not privileged and had a tendency to damage his or her reputation in the community. The plaintiff may also file a legal action for misappropriation or right of publicity of the picture or video was utilized to promote a promote or service. Now, if the plaintiff suffers from emotional distress (e.g., depression, anxiety, insomnia), then he or she may also bring a cause of action for intentional or negligent infliction of emotional stress. See https://www.justia.com/trials-litigation/docs/caci/1600/1600 for more information.

What is Deepfake?

Published on: April 5, 2021 | by Law Offices of Salar Atrizadeh

Artificial intelligence technologies have been used to enhance deepfake campaigns. Deepfake is defined as synthetic media where a real person’s image is replaced with someone else’s likeness. It can be used to create an artificial video of another person and make it look real. It has been used to create celebrity porn videos, revenge porn, or fake news. It uses deep learning artificial intelligence software to create a fake picture or video. So, in essence, it can threaten valid and truthful information by publishing false or inaccurate information.

The technology that permits the creation of deepfake is “deep neural networks” which is one kind of artificial intelligence algorithm that finds large data set patterns. The neural-network structure that is generally used is the “autoencoder” which comprises of an encoder and decoder. The encoder compresses the image to a smaller size and the decoder decompresses the image back to the original size. A similar technology is the VFX which has been used by movie studios for visual effects. However, at the present time, a similar and less expensive technology is available.

There can be problems with deepfake technologies. For example, it’s been used to create fake images or videos of well-known individuals. This, in and of itself, can create legal issues such as defamation, false light, and civil harassment. Defamation is a false factual statement that is not privileged and tends to harm someone’s reputation. Defamation can occur against individuals and corporations and can have a lasting negative effect. False light is similar to defamation but it usually concerns invasion of privacy. So, for example, it can happen when a person is falsely portrayed as something he or she is not due to inaccurate impressions. The Restatement Second of Torts, Section 652, defines it as follows:

Bitcoin Security and Privacy Laws – Part III

Published on: March 22, 2021 | by Law Offices of Salar Atrizadeh

Digital currency security and privacy laws are changing with time. We have mentioned transparency issues in previous articles. The fact that Bitcoin’s blockchain transactions are public and generally accessible can be beneficial when it comes to government investigations. Yet, it may not be the most secure platform for cryptocurrency transactions especially for legitimate businesses. So, in short, we should realize that government surveillance and subsequent investigation may be part of the deal.

The Bitcoin blockchain automatically records all transactions to show when, where, or how the digital currency was bought or sold. It does not show the true name of the associated individuals but that information can be obtained from digital currency exchanges (e.g., Coinbase), third-party wallet providers, or third-party intermediaries. In fact, state or federal anti-money-laundering laws require them to store customer records for identification purposes. So, for example, if a government agency wanted to identify the customer, it could issue a warrant without obtaining a court order. Then, the third-party recipient – i.e., a digital currency exchange like Coinbase, Abra, or Uphold – would be obligated to respond within a certain deadline. Now, if the government agency has no probable cause to issue the subpoena or warrant, then there may be a problem. There are two notable cases on this point. First, is United States v. Gratkowski, No. 19-50492 (5^th Cir. 2020), where the district court held that the government was allowed to subpoena Bitcoin records from a digital currency exchange without a warrant. Second, is Harper v. Rettig, et al., where the plaintiff sued the Internal Revenue Service (“IRS”) for violating his Fourth Amendment right against unreasonable searches and seizures when it issued an informal demand letter to the digital currency exchange to obtain his financial records. Plaintiff argued that he was unlawfully subject to the government’s investigation since there was no evidence to prove he had committed a violation. Plaintiff also argued that his rights were violated under the Fifth Amendment’s Due Process Clause since the government agency seized his private financial records without prior notice. The government argued the “Third-Party Doctrine” was applicable, and as such, it should be allowed to access any kind of information that was shared with the digital currency exchanges. The Third-Party Doctrine holds that there is no reasonable expectation of privacy when an individual shares information with another party – e.g., Internet Service Provider, Digital Currency Exchange. These cases clearly show that there will certainly be an ongoing clash regarding cryptocurrency security and privacy regulations. On one hand, the government agencies will be overseeing the transactions to ensure legal compliance. On the other hand, consumers will protect their rights pursuant to the applicable state, federal, or international laws.

The government has, and will probably, continue to investigate websites for criminal activities. The government can use special tools or techniques – e.g., forensic software – to evaluate and obtain suspicious addresses from the blockchain. The next step is to send subpoenas towards third-party digital currency exchanges to trace cryptocurrency payments back to the user. The government agents can obtain more information from the digital currency exchange and determine whether they should obtain a search warrant. If so, then they can legally search the suspect’s home or other properties for more incriminating evidence. We have mentioned the Third-Party Doctrine carves out an exception to the Fourth Amendment’s principle against unreasonable searches and seizures. The courts have held that a user who submits information to a third-party digital currency exchange may not protect his privacy by using the Fourth Amendment. However, some litigants have argued that digital currency transactions are similar to cellphone location records which are protected by the Fourth Amendment under Carpenter v. United States (2018) 138 S. Ct. 2206. The district courts have rejected that comparison because cellphone location records are automatically gathered as a result of communications between the individual’s cellphone and communication service provider’s cell towers. However, the digital currency financial records are gathered as a result of the user’s voluntary transactions.

Bitcoin Security and Privacy Laws – Part II

Published on: March 15, 2021 | by Law Offices of Salar Atrizadeh

Bitcoin has become a popular digital currency in the past several years. Its price has fluctuated tremendously in the past five years. And now, everyone is rushing into buying it by using various applications such as Coinbase. As always, the bad actors (i.e., hackers) are on the prowl to exploit weaknesses. These weaknesses include the lack of preventive measures such as encryption and backups to secure the wallets. Therefore, once the wallet has been hacked, there isn’t much the victim can do to regain the digital currencies.

It is important to remember that Bitcoin transactions are transparent. In other words, all Bitcoin transactions are public, traceable, and stored on the blockchain network. Bitcoin addresses are the only indicators that show where they are stored and transmitted. Our research indicates that you should be able to protect your privacy if you use a new Bitcoin address every time you receive payment. Technology experts recommend that it may be prudent to use several wallets for different objectives – i.e., you can have a software and hardware wallet that can be used for a different reason. This way, there would not be a direct link between the cryptocurrency transactions.

Technology experts recommend not posting a Bitcoin address on a public domain such as a social media platform. The whole point is to avoid publishing information regarding your digital currency transactions since it could let third parties identify your Bitcoin address. It must be noted that Bitcoin’s network is a so-called “peer-to-peer” network that can be used by the general public. Also, in this kind of network, the user’s Internet Protocol (“IP”) address can be logged without your knowledge or consent. Therefore, it’s important to use some kind of masking software (e.g., ToR) or other technology to hide your computer’s IP address. ToR, which is also called “The Onion Router” provides a way for its users to mask their identities. It was originally designed for the military but it has been used by civilians for several years.