Internet Law

First Annual Review of EU-US Privacy Shield

Published on: November 13, 2017 | by Law Offices of Salar Atrizadeh

The European Commission released its first annual review of the current EU-US Privacy Shield in order to determine what may or may not need changes as a matter of policy. As it currently stands, the Privacy Shield creates enforceable protections for European Union residents regarding the use of their personal data. The US-based entities that wish to participate will have to conform to greater transparency standards in how the data is used, as well as submitting to strong oversight to ensure adherence, and increased cooperation with Data Protection Authorities (“DPAs”). So, what changes are suggested in this new report? How might this affect businesses in the United States? What consequences, if any, may be added to the new changes?

What is the review?

It was conducted by the Commission to the European Parliament, which in essence reviewed the function of the Privacy Shield and gathered input from publicly-available sources. These sources combined press releases as well as legal cases that were available to the Commission; although, neither source was cited specifically within the seven-page report. The Commission is composed of both European and American representatives, such as the European Data Protection Supervisor and Federal Trade Commission.

Internet Commerce and GDPR

Published on: November 6, 2017 | by Law Offices of Salar Atrizadeh

In general, internet commerce transpires on the national and international levels. Naturally, data protection is an important concern for private and public agencies. The European Union’s remaining members are currently in the process of another process to protect data with the “General Data Protection Regulation” (GDPR) set to take effect next year. This differs from the previous Privacy Shield in some respects, as it is broader, and expands beyond the European Union and deals with any individual that may have a shred of a connection to the European Union. So, what is GDPR? What does it require? Also, what are the consequences for non-compliance?

What is the GDPR?

The GDPR grants the following as rights to a data subject (i.e., a user): breach notification; right to access a copy of personal data free of charge in electronic format; right to be forgotten; data portability, allowing transmission to another provider; privacy by design for systems; and data protection officers in cases where constant monitoring of data subjects on a large scale may occur, or for special categories of data regarding criminal convictions.

Artificial Intelligence and Copyright Laws

Published on: October 2, 2017 | by Law Offices of Salar Atrizadeh

A question for you to consider: Imagine a world where music is created by a random set of numbers. Who owns the music? Is it the programmer? Is it the user who gave specifications for the music? It’s certainly an odd question to ask, and unsurprisingly, one without a clear answer. The question has been mostly unlitigated, although programs such as the Artificial Intelligence (“AI”) made by DeepMind can produce music by listening to it. For example, some programs can restore or create mimics of Rembrandt. One might wonder: With the increasing role of technology, what are the limits to copyright laws? Who is a creator, and hasn’t this issue already been settled in courts?

Previous Litigation

To determine the possibility of authorship to AI, it’s important to simplify things. Technology is a little complex. What about monkeys, animals, or something that occurs naturally?

The Equifax Breach: Part Four Analysis

Published on: September 25, 2017 | by Law Offices of Salar Atrizadeh

As the Equifax breach continues to become a complicated issue, certain lessons can be learned for other businesses handling personal information. Namely, what not to do in their business operations? In the wake of the cybersecurity breach, it had been reported that Equifax was aware of the security gaps, and did nothing to remedy them. So, where exactly did Equifax go wrong in its data security plans? How was it informed about the open holes in its security infrastructure? What can a business owner do to avoid becoming an encore of Equifax’s folly? Is there any way to determine gaps in security policies and procedures?

Where did Equifax go wrong?

Effectively, Equifax appears to have failed at multiple levels, resulting in this breach. This is best summarized into one large mistake. There were no updates implemented to the computer systems Equifax used on its networks. This was due to a delayed response to a known vulnerability in the Apache Struts web application. This framework is well known, it is used in the business community, and is an open-source framework for developing Java applications. In short, the delay was exasperated by the company’s failure to detect the vulnerability during a security scan.

The Equifax Breach: Part Three Analysis

Published on: September 18, 2017 | by Law Offices of Salar Atrizadeh

As the Equifax breach has developed recently, another issue has come up, namely the arbitration provision within its website, which has caused consumer outrage and confusion. So, why does this provision matter? If consumers want to get their credit frozen, or check to see if they were affected, surely Equifax wouldn’t add insult to injury to the consumers who are suffering from its mistakes. Certainly, it would appear to be bad business to do so, or at least, unwanted attention. However, Equifax cannot be said to avoid adding insult to injury. Instead, Equifax has implemented that arbitration provision, and later removed it. So again, why would Equifax implement this provision? What impact might it have on the consumer? Why might this be important for businesses everywhere to observe?

What is the arbitration provision?

The arbitration provision that had insulted many consumers was attached to Equifax’s offer of free credit monitoring. In exchange for the service being performed (after the security breach) Equifax demanded that consumers settle any dispute with them through arbitration. In general, arbitration is a private and less costly way to settle disputes outside of the courtroom. While the results of the arbitration may be binding, it gives broader latitude to discovery, time, and may be faster and less formal than a formal trial. While Equifax later clarified this provision would not apply to the current breach, however, nevertheless consumers were upset at the revelation.

The Equifax Breach: Part Two Analysis

Published on: September 11, 2017 | by Law Offices of Salar Atrizadeh

Let us move on to the ways to protect ourselves in the future by using a credit freeze or fraud alert. These options can protect your personal, private, and confidential information after a security breach and effectively add extra protection against identity theft. We have discussed them briefly in the past, although now, it seems appropriate to dive into further analysis. What are credit freezes and fraud alerts? How do they add more protection against identity thieves? What other actions might someone take to create additional safeguards?

Credit Freeze

The first and most basic way to prevent harm from identity theft is through a credit freeze, also known as a security freeze. A credit freeze is more or less what it sounds like–i.e., it “freezes” your credit where no lender can get access to your credit unless the consumer decides to lift it. Even then, the freeze cannot be undone without a pin number issued at the time of the freeze.

The Equifax Breach: Part One Analysis

Published on: September 4, 2017 | by Law Offices of Salar Atrizadeh

Equifax presents an interesting question to consumers. Somehow, an entity that no consumer may have had an actual interaction with has their information, and had leaked it out onto the world. For example, names, phone numbers, credit card numbers, social security numbers, addresses, e-mails were collected and released to unauthorized individuals. They may not have given consent, at least none they could remember. Yet, the information was with Equifax. How did the breach occur? What exactly is Equifax? How did it obtain your personal information? And perhaps most importantly, what comes next?

What is Equifax?

Equifax is a credit reporting agency. The purpose of entities like Equifax (as well as Experian and TransUnion) is to collect and share credit information on consumers. The credit reporting agency tells businesses which consumers are worthy of credit. Effectively, it is a way to outsource due diligence that may otherwise be more costly or time consuming for the business to perform on its own.

Internet Scams: What Are Your Options?

Published on: August 28, 2017 | by Law Offices of Salar Atrizadeh

You may have been considering legal actions due to a recent internet scam. Or, you may be wondering what other options you may have for dealing with the issue outside of the legal sphere. Naturally, legal recourse may provide financial or equitable remedies (e.g., temporary restraining orders) but usually there are limits. For example, damages may continue unless action is taken to stymie the leak or prompting the need for another lawsuit to remedy the new situation. So, what are the risks of an internet scam? What can someone do to prevent those risks? When should someone take the step to prevent additional harm?

What can possibly go wrong?

Internet scams can lead to situations like identity theft, credit card fraud, or other financial crimes, all using information that the individual may or may not have given the scammer. Depending on the scammer’s motive, this information may be used for embarrassment of the target or for financial gain.

What Are Online Scam Factors?

Published on: August 21, 2017 | by Law Offices of Salar Atrizadeh

So, despite your best efforts, you may have been cat-fished, doxed or otherwise victim to an online scam. Your information is probably now out into the Internet and a stranger that you may have trusted now has personally identifying information. So, your next question may be “well, what comes next?” Naturally, there are certain measures that a person can take to freeze credit, change phone numbers, or otherwise make information unavailable. However, the real question, and the more frightening one to a person may be: “When might I need an attorney?” Naturally, the actions they take may result in damages, and in some cases, the actions of the scammer are against the law, and may provide civil remedies. That said, there are different factors that may make hiring an attorney a prudent act compared to other scenarios. What are these factors? Who might you recover against? What might make you want to use legal actions to protect yourself?

What are the online scam factors?

In any online scam, there are five factors that generally come into play:

What Are Catfishing Motives?

Published on: August 14, 2017 | by Law Offices of Salar Atrizadeh

Now that we’ve discussed Catfishing as a scam, let’s go into further detail regarding the motives. Like any scam, there must be some benefit to the scammer. This benefit is the primary motive for anyone to commit a catfishing scam. Previously, we mentioned that among other things, the perpetrator may ask for photographs, or for some information to “verify” a person’s age, or to enable their transportation to be “closer” to their target. So, what are the major risks to these actions? What exactly does a catfishing perpetrator want to get from a victim? How might the information provided be used against you?

For Financial Information

The more dangerous elements of catfishing tend to prompt for, as we discussed before, a financial component. This would include asking for money–to get transportation to the person’s location, clothing, or whatever reason the scammer may present–or for credit card information. In the case of the latter, this is usually done in conjunction with asking the individual to sign up through a different, new dating site compared to what the potential victim may be using, and generally to “verify” the age or identity of the person involved.