Internet Law

CAN-SPAM Act – Part II

Published on: April 25, 2016 | by Law Offices of Salar Atrizadeh

So, now that we know more about preemption in the CAN-SPAM Act, then what more is there to consider? There is actually quite a lot of other factors, namely standing. Now that you know how the federal CAN-SPAM Act and state laws may interact, there leaves the question of “standing.” Standing is essentially a way for individuals to claim that they can sue under the law. Without standing, a lawsuit cannot occur. So, can you sue as an individual under the law? Can you sue as a business? Who can sue?

Can an individual sue under CAN-SPAM?

In general, individuals likely cannot sue under this federal law. We can revisit the case of Gordon v. Virtumundo where the plaintiff had setup a business to profit off of violations of anti-spam legislation. He was a Verizon subscriber for his internet access, and had started his business through GoDaddy. In the trial, the court revisited the standing provisions of the CAN-SPAM Act and made three determinations. First, the federal statute was not made to stamp out all spam. Second, it was not specifically implemented to allow private right of actions. Third, plaintiff had not suffered adverse effects due to spam.

CAN-SPAM Act – Part I

Published on: April 18, 2016 | by Law Offices of Salar Atrizadeh

Spam, for those lucky enough to be unfamiliar about it, are those unsolicited commercial emails that often clutter up inboxes with offers of sales and services that range from the reliable to the questionable. Due to the issues presented to consumers, Congress, in its wisdom, enacted a law called the CAN-SPAM Act, and began enforcing it in 2004. First, what is the CAN-SPAM Act and what does it prohibit? Second, as a federal law, does the CAN-SPAM Act override, or preempt those laws a state may already have in place? How can you tell if that may happen?

What is the CAN-SPAM Act?

The CAN-SPAM Act places prohibitions on transmission of any email that contains false or misleading headers or “from” lines. For example, a business that is not Facebook, and has nothing to do with Facebook, would be prohibited from sending an email with the subject “Your Facebook account has been compromised” or send an email from www.facebook.com. In addition, this law places a requirement for three disclosures: (1) clear and conspicuous identification that the message is an advertisement or solicitation; (2) clear and conspicuous notice of the opportunity to decline to receive further commercial email messages from the sender; and (3) a valid physical postal address of the sender. This is done, in part, due to the interest of the legislation in helping consumers under the principle that they should not be misled and should have a right to say no to unsolicited commercial emails.

Cloud Computing and Privacy Shield Regulations

Published on: April 11, 2016 | by Law Offices of Salar Atrizadeh

As the implementation of the European Union Privacy Shield comes closer, other elements of the shield come into influence and place restrictions on businesses that transfer data between the United States and Europe. Further adding onto this, is the General Data Protection Regulation. This can be a major issue in cases where data transfers may occur, but more specifically, it impacts the cloud computing sphere, and services like Dropbox and Google Docs. So, how do these services work? What would the General Data Protection Regulation do? How can they be used with the Privacy Shield in effect?

How do these services work?

Now, these systems work by allocating computing resources to another location. Usually, this is done through the internet, by transferring data towards other electronic devices or servers. Effectively, it allows for individuals or businesses to take advantage of greater resources of other entities, like those of Dropbox or Google, by granting use of their services for a fee. On the flip side, these services could be compromised by hackers, and cause the loss of personal or confidential information. We have discussed some of the risks associated with cloud computing before and would ultimately encourage our readers to carefully evaluate the risks of submitting any information to the Cloud.

Louisiana’s New E-commerce Tax Laws

Published on: April 4, 2016 | by Law Offices of Salar Atrizadeh

In recent years, states have continued to collect tax from e-commerce transactions. Louisiana has recently joined in on the trend and allowed the state to tax businesses without a physical presence there. This is a trend that we have discussed in the past and we encourage our readers to catch up on previous posts about online taxes in California and the evolving trends. However, Louisiana’s new regulations has shutdown Amazon’s affiliate program in the state. So, what is the history of this bill? Also, aside from retailers like Amazon, who would this legislation impact?

What is the bill’s history?

The bill fundamentally has its basis in something we’ve covered before where we discussed Quill Corporation v. North Dakota. This case effectively ruled that without a sufficient connection, i.e., nexus, to the state, that state cannot tax it. This has been interpreted that to tax the entity, the entity usually must have a physical presence in that state. This would mean “brick-and-mortar” retailers would be taxable, while an entity like Amazon, which may not have any warehouses or physical presence in the state, would be “immune” to taxation. In response, some states have taken action in legislating a “lowering” of the nexus standard. For example, Act No. 22, also under HB-30, in the State of Louisiana was authored by Representatives Leger, Carpenter, and White, and enacted into law by the Governor on March 15, 2016.

FCC Proposes New Broadband Privacy Regulations

Published on: March 28, 2016 | by Law Offices of Salar Atrizadeh

This one isn’t an April Fools’ prank. On April 1, 2016, the Federal Communications Commission (“FCC”) announced its proposed rulemaking to create regulation that would bind Broadband Internet Access Service (“BIAS”) providers in the interest of enhancing privacy towards consumers. This proposal has raised objections from AT&T, Comcast, USTelecom, and the Application Developer’s Alliance, claiming that the ensuing regulations would create a morass of regulation in the privacy sphere. Yet, the FCC’s regulations are to prohibit the monetization of the information that these providers would have due to the use of their services. So, what is a BIAS and how could these rules possibly protect privacy?

What is a BIAS provider?

The BIAS providers provide internet service through wire or radio. The FCC even expands this to any functional equivalents to BIAS providers. Of some note is which entities are not BIAS entities. For example, companies like Facebook, Apple, and to some extent, Google, would not be bound by the terms here and could use the information that is collected through their services. This is because none of them actually provide the internet service that their consumers use. There is some room for Google to be prohibited as it provides internet service in some locations through Google Fiber, but the regulations would only prohibit the information that was gained through the use of its internet services, but not services that it provides towards online consumers. Thus, Google’s Fiber service would likely be prohibited from using consumer’s personal information, while Google’s YouTube service would not.

European Union Privacy Shield Framework

Published on: March 14, 2016 | by Law Offices of Salar Atrizadeh

In recent years, the internet has connected the general public across continents. Notably, it can be expected that data can easily travel across countries in a blink of an eye, without any delay and on a daily basis. The transfer of data is an important part in business as well. With any multinational entity, personal data crossing countries is inevitable. However, each country may have different guidelines that a business must ensure compliance.

Recently, the European Union announced a new change to its privacy laws. Formerly, it would allow American, and other businesses, to obtain a “pass” for its privacy laws by certifying themselves as compatible for its safe harbors scheme. This safe harbor scheme requires a business to meet standards for privacy protection. However, on October 6, 2015, the European Court of Justice ruled that the previous system for allowing corporations to obtain accreditation, and shifting data between the United States and Europe, was improper due to the current intelligence methods in the United States. This oversight ended the safe harbor provision.

The new rules establish a Privacy Shield register and a free alternative dispute resolution system. The organizations will have to self certify annually, with verification by the Department of Commerce, and comply with the Privacy Shield framework. As part of compliance, organizations must provide a response within 45 days and create a no-cost independent recourse system where complaints and disputes will be resolved in a timely manner. In addition, the European residents will be able to pursue legal action for claims such as, misrepresentation, and the participants must commit to binding arbitration at the European citizen’s request.

Apple v. Federal Bureau of Investigation – Part II

Published on: February 29, 2016 | by Law Offices of Salar Atrizadeh

As we discussed in part one of this issue, during the late morning of December 2, 2015, a couple armed with weapons walked into a banquet room filled with people. At first, the attack was categorized as another mass shooting that ended in a large number of fatalities. As the investigation continued, however, more details emerged surrounding the couple. The FBI concluded that they were “homegrown violent extremists” that had no connection to foreign terrorist organizations. They were merely inspired by such organizations and committed the attack by their own volition.

During the investigation, the FBI obtained Syed Rizwan Farook, one of the shooters, cell phone. The FBI was attempting to gain access to the information stored on the phone, but the method they employed locked them out. As a result, the FBI asked Apple if they were willing to create a program that would create a backdoor. This backdoor would disable certain security features and allow investigators to access Farook’s phone. Apple, however, refused to do so, citing consumer privacy. The FBI then successfully applied for a court order. The judge ordered Apple to create the software, but Apple filed an opposition. In response to the opposition, the Department of Justice applied its own court order, requesting the judge to require Apple to comply with the first order. The federal judge has yet to rule on the request.

Apple’s Argument

Apple v. Federal Bureau of Investigation – Part I

Published on: February 22, 2016 | by Law Offices of Salar Atrizadeh

On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik, walked into a banquet room at the Inland Regional Center in San Bernardino, California, armed with semi-automatic weapons. At the time, the San Bernardino County Department of Public Health was holding a training event and holiday party. Approximately 75-80 people were in attendance. The couple opened fire, and in a matter of several minutes, killed 14 people and seriously injuring 22 others. The couple left the scene before the police arrived at the crime scene.

Immediately thereafter, law enforcement officials started a search for the couple who left in a black SUV. Based on a tip from one of Farook’s neighbors, officers went to his home and a car chase ensued. The SUV eventually stopped and there was an exchange of gunfire between the couple and officers. The couple was killed in the five-minute exchange.

While investigating the case, investigators found a possible link to a foreign terrorist group thereby ruling it a terrorist attack. However, after FBI investigations, it was concluded the couple were “homegrown violent extremists” inspired by foreign terrorist groups. The investigation stated they were not directed by a particular foreign terrorist group or part of any terrorist cell.

Product Diversion and Ways to Prevent It

Published on: February 15, 2016 | by Law Offices of Salar Atrizadeh

Product diversion is when an unauthorized seller sells a product outside of authorized distribution channels. The product goes through various unauthorized channels in order to reach the shelves or listings on a website. This is a common practice with high end and expensive beauty products.

The way these unauthorized retailers and e-commerce sites obtain these products often involves reaching out to an authorized seller of the product. For example, many manufacturers have a contract with various salons to exclusively sell their products. These salons, in turn, sell the products per their contract. However, there are salons that work in the gray market. The ones that are in the gray market enter into deals with a third party that offers to buy the items in bulk. The third party then sells the item to an unauthorized seller. The unauthorized seller then sells the items on websites such as eBay and Amazon.

The danger of diverted products going through these unauthorized channels are high for both the consumer and business. For example, products can be tampered with during the process. Products can change bottles, be diluted, and more. It could cause health problems for those who are sensitive towards certain ingredients. It can also be dangerous to businesses because it will hurt their profits. The businesses will lose their cut of product sales from the authorized seller and can receive negative reviews from the public. For example, if a consumer, who has used Brand X body wash for years, buys the Brand X body wash from an unauthorized reseller because it was cheaper on Amazon than in store and has a severe allergic reaction to it, then he/she may be tempted to post a negative review. The problem is that the blame is not on Brand X, but on whoever tampered with the product before it was sent to the consumer. Although, the blame is on someone else, Brand X will receive the negative review that will discourage other consumers from purchasing its product.

How to Detect and Address Online Counterfeiters

Published on: January 25, 2016 | by Law Offices of Salar Atrizadeh

The Internet has become an important aspect in our lives. With the Internet, people can pay bills, make appointments, and buy or sell products. For example, websites like Amazon, Craigslist, and eBay allow the public to buy and sell products. So, due to the ease of e-commerce transactions, counterfeiters have found a new medium to sell products. E-commerce transactions do not require a physical meeting of the seller and buyer, so it becomes easier for counterfeiters to falsely claim they are selling authentic products.

Not only do online counterfeiters affect the public, but they affect businesses as well. Counterfeit items can affect a business’s bottom line. Counterfeit items can cause loss of sales, bad reputation, and loss of goodwill.

A way a business can address online counterfeiting problems is by hiring investigators to locate and identify the online counterfeiters. These investigators are skilled at online fraudulent transactions and can become valuable assets. The investigators create a list of sellers that are known to sell counterfeit items or have the typical characteristics of online counterfeit sellers. These characteristics include selling designer items for an extremely low price on low quality websites. The list is then sent to the business and the business determines whether or not it wants to conduct a sting operation to confirm the counterfeit nature of the seller. If the business decides to conduct the sting operation, then the investigator will set up a purchase, make an inspection, and determine if the goods are actually counterfeit.