Articles Posted in Technology

Published on: | by

Computers are learning to do it all—even surf the Web. These computers, or programs, explore the World Wide Web, gathering information and processes for use in other forums. This technology, which is known as “web scraping” may also threaten website and consumer privacy concerns. Indeed, websites have a proprietary interest in their content and others are not authorized to access and reuse this information. Consumer information that is available online is not necessarily available for any use.  As such, web scraping has become a concern as regulators attempt to outline the parameters. Do you operate a website? Are you a consumer with personal information available over the Internet—such as your name, address, salary, or work history?  Do you have an interest in gathering information from various sites for your personal use? Do you wish to revise your terms of service in light of these advancements? If so, web scraping is relevant to your business and privacy concerns.

What Is Web Scraping?

Web scraping is the process of using computer software to extract information from websites. Usually, this type of software simulates web browsing that is performed by a human. This technique is used to automatically gather information from various websites. This is an effective tool in several fields such as online price comparisons. Often, the aggregate website will have agreements with other websites allowing web scraping to gather pricing data. Additionally, web developers often use this technique to copy website content and reuse it when designing a new site. However, this process can also be used in ways that press against privacy concerns. For example, web scraping can be used to gather a consumer’s personal information. This includes contact information, personal websites, and professional histories. Web scraping can also gather an online user’s comments on discussion boards. All such information is valuable to businesses that want to know how consumers feel about their products or services. Web scraping has increased drastically over the last few years. In 2013, web scraping made up 23% of all online browsing traffic.

Continue Reading ›

Published on: | by

Where you visit online seems to say a lot about you. Online privacy has been in the spotlight recently, as consumers come to terms with the reality that their online tracks define who they are to marketers and government agencies.  By studying this data, third parties can paint a picture about consumers—i.e., where they go, what they do, their preferences, and even any illegal conduct.  Now, data brokers can also compile and study large bodies of data to find patterns in behavior. While this carries huge potential for technological advancement, it also comes with greater threats to consumer privacy.

What Is Data Mining?

Data mining is the intricate process whereby data brokers collect, store, and study large sets of data for patterns.  The data includes everything from shopping habits, healthcare records, online practices, and public records (e.g., court and property records). This data is then used in a variety of fields, including intelligence gathering, statistics, database systems, and machine learning. Usually, data mining is used to compile lists for targeted marketing purposes—such as lists of diabetics, smokers, and political affiliations. However, recent reports indicate that data mining has been used to compile more personal lists—rape victims, addicts, and AIDS victims. The U.S. government has used data mining in various surveillance projects. These projects were ultimately terminated because of rising concerns that they violate the Fourth Amendment protection against unreasonable searches and seizures. It is most shocking that the subjects never know they are victims to data mining. At a glance, most of these categories seem harmless. However, the underlying threat is that data brokers conduct mining projects without notifying consumers and without obtaining consent.

Continue Reading ›

Published on: | by

On July 11, 2014, the privacy watchdog, Electronic Privacy Information Center (“EPIC”) filed a formal complaint with the Federal Trade Commission (“FTC”) against Facebook. EPIC alleged that Facebook broke the law by secretly monitoring users’ emotions in response to news feeds. The complaint explains that Facebook deceived users through its psychological experiment because the users did not give prior consent to participate in the experiment and they were not aware that an experiment was taking place. EPIC stated that this could also be a violation of the guidelines for experiments involving humans. In a world where social media and online presence dominate interaction, such social experiments threaten to undermine privacy and expose the most personal information to marketing and commercial techniques.

What Was the Nature of Facebook’s Experiments?

Facebook conducted surveys to determine whether seeing positive or negative updates in news feeds impacted users’ emotions and altered their browsing tendencies. It controlled the newsfeed of nearly 700,000 members to study whether positive and negative news reports impacted online behavior. The findings from this study were reported in the Proceedings of the National Academy of Sciences. The issue underlying the EPIC complaint arose because Facebook did not warn users in their Data Use Policy that it would be using their data for research purposes. Other agencies have also threatened to take action against Facebook. The Center for Digital Democracy and regulators in the United Kingdom have stated an intent to file complaints. Indeed, the United Kingdom’s Information Commissioner’s Office intends to address its concerns with Facebook after it reviews the study and its findings. Facebook responded to these allegations by explaining that all users consent to this type of research when they sign up. Representatives did apologize to the public for the misunderstanding.

Continue Reading ›

Published on: | by

The smartphone has brought a world of possibility to the average consumer’s fingertips. Now, this has come to include mobile banking. With fast-paced lifestyles and long lines at the banks, mobile banking has emerged as a thrilling convenience. However, this convenience brings cybersecurity concerns. Therefore, consumers who have turned to mobile banking for their financial needs must protect their financial privacy from cybersecurity breaches.

What Is Mobile Banking?

Mobile banking allows customers to access their financial institutions and conduct transactions through their mobile devices. Initially, this began with SMS Banking, which allowed customers to conduct various financial transactions by sending and accepting SMS messages or “texts.” In its most basic form, mobile banking allows customers to access their bank accounts and check on financial transactions. However, as the systems have progressed, customers can now make bill payments, transfer funds, and monitor deposits. Indeed, customers can now manage their investment portfolios and rearrange their investments through a smartphone or tablet. This has certainly increased everyday conveniences. However, it has also contributed to the speed with which finances can shift. Although, customers can review and monitor their accounts faster and more regularly, this also means greater security threats for the underlying financial information. This expansive access may lead to greater unauthorized breaches.

Continue Reading ›

Published on: | by

In the aftermath of high profile cybersecurity breaches, businesses and consumers are alert to the real dangers of cyber vulnerability. In response, various government agencies have taken up efforts to protect against future breaches. Thus, consumers and businesses must continue to take steps to protect themselves and their private information. Accordingly, the office of California’s Attorney General has issued Cybersecurity Guidelines aimed at reducing the threat of electronic security leaks. Furthermore, these guidelines set the standard that businesses must meet to protect customer privacy.

What Are Attorney General’s Cybersecurity Guidelines?

The Attorney General outlined the basics steps to “minimize cyber vulnerability.”  First, anyone could be a target. Therefore, assume cybersecurity could affect you and take preemptive steps to protect your network.  Also, it is important to know where you store your data. The guidelines are directed towards small to medium-sized firms.  So, they focus on the importance for businesses to know which third parties hold company information. It is important to be familiar with these third-party security measures. If a data storage company is not taking proper steps to protect cybersecurity, it may be time to seek different storage options or take steps to counter the vulnerabilities. Alternatively, if your business stores information on the cloud, make sure to back up information, and store data only with secure entities. The overall point is that in the event of a breach, the level of preparedness will limit the consequences.  Next, encrypt your data as an added measure of security. It is also helpful to include firewall and antivirus protection on all devices.  Additionally, make sure to conduct banking and other financial transactions with reliable vendors.  Especially when dealing with third party financial information, the safety and security of those transactions are vital to ongoing business.  Finally, it is important to note that these guidelines are the minimum requirements. It is not a comprehensive list and companies must take care to implement personalized measures based on their cybersecurity needs.

Continue Reading ›

Published on: | by

The expansion of cyber consumerism—buying and selling products over the Internet, or engaging in business over the Internet—has called into the question whether international laws are equipped to protect consumers in their online transactions. Indeed, online business often takes place over several countries, implicating the legal standards in those countries. When such transactions involve a party that is more experienced than the other, there is the potential that the experienced party will take advantage of the disparity for financial gain. Accordingly, countries around the world have enacted and adopted legislation to combat the threat of unfair business practices. These provisions aim to protect online transactions to promote successful international business.

What Are Unfair Trading Practices?

Unfair trading practices include fraud, misrepresentations, and unconscionable business acts. Fraud is the act of providing false information in a transaction for personal financial gain at the expense of the other party. Misrepresentation involves providing misleading information about any part of a transaction—for example, the quality of the product in question. Finally, unconscionable acts deal with contract terms or negotiations that are overwhelmingly one-sided. These favor the party with greater bargaining power or business experience. The threat of these practices may arise in all sorts of business contexts—for example, insurance contracts, commercial and residential lease provisions, debt collection efforts, and general purchases.

Continue Reading ›

Published on: | by

Early in 2012, the European Commission proposed a reformation of the European Union’s data protection rules.  The European Commission sought to strengthen online privacy rights and improve Europe’s digital economy. The European Commission pointed to expansive globalization and different levels of implementation by the EU’s 27 member states as reasons to seek uniform online privacy rights. Indeed, each member state has different standards of enforcement for the rules. This leads to expensive administrative costs in maintaining and continuing to implement the different standards. The European Commission predicated that a uniform law across the European Union would lead to savings of approximately 2.3 billion Euros a year. In addition, with a clearer set of regulations to govern data protection, the European Commission hoped to instill more confidence in consumers in online services, leading to a growth in jobs and innovations.

What Were the Terms of the 1995 Data Protection Directive?

The 1995 Data Protection Directive was adopted to regulate the processing of personal data among European Union member states. This Directive has a broad definition for “personal data,” including “any information relating to an identified or identifiable natural person.” Also, the standards within the Directive apply only if the entity controlling personal data is established within the European Union or uses equipment located therein. The standards prohibit the processing of personal data without transparency of purpose, a legitimate purpose, and proportionality. In terms of the requirement for proportionality, a controller can process personal data only to an extent necessary to its purpose—it cannot store that data for a potential future purpose.  However, the 1995 Directive fails to take into account the implications of social networks and cloud computing on online privacy.

Continue Reading ›

Published on: | by

Employees, in the course of their employment, will often have broad access to company files.  If employees are terminated or seek other employment, such access can become problematic.  Indeed, companies store sensitive and commercially valuable information on their servers. Employee misuse of these files can substantially weaken a company’s economic viability and threaten its progress.  In a recent court decision, the United States District Court for the Northern District of California held that a former employee who accessed an employer’s servers using his login information was not liable for unlawful hacking. The court explained that the employee had not violated the Computer Fraud and Abuse Act (“CFAA”) or the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”).

What is the holding in Enki Corporation v. Freedman?

According to the record, Enki Corporation had entered into a contract with Zuora to provide certain consulting and information technology services. As part of these services, Enki installed a computer resource and performance monitor on Zuora’s network. Additionally, Enki contracted with Keith Freedman, a former employee, to provide consulting services for Zuora. Enki subsequently terminated its contract with Freedman when it discovered that Freedman was speaking negatively about Enki’s services. Freedman had also accessed the monitor Enki installed on Zuora’s network using his employee login to download Enki’s proprietary information (e.g., private company files and data) from the servers. The court held that this did not violate the CFAA because Enki had failed to show that Freedman accessed the computer system without authorization. Since the CFAA is aimed at regulated access to protected data, not the misuse of such data, where employers lawfully access servers, there is no CFAA violation. As for the CDAFA claims, the court also did not find a violation because Freedman did not have to “hack” into the system because he did not have to override a computer code. He simply logged in using his employee login information.

Continue Reading ›

Published on: | by

With the advent of virtual currency, consumers can now conduct entire transactions online without the burden of having to seek a common currency. Bitcoin has spread across the world as a popular form of this currency. In turn, transactions can now take place without switching from one form of currency to another (e.g., conversion from U.S. Dollar to Euro). On March 25, 2014, the Internal Revenue Service (“IRS”) issued guidelines regarding its approach to virtual currency, such as Bitcoin. Under these guidelines, the IRS will treat virtual currency as property, not currency, for federal tax purposes. Accordingly, the tax principles that typically apply to property will now apply to transactions involving virtual currency.

What Is Bitcoin?

Bitcoin is a form of virtual currency.  An unknown individual using the alias Satoshi Nakamoto created Bitcoin in 2009. This virtual currency allows for online transactions without bank issued transactions fees. People store their Bitcoins in a “digital wallet” on a personal computer or on the cloud. This serves as an online bank account, which can send and receive Bitcoins. Then, people use this currency to conduct transactions. However, unlike funds stored in a traditional bank account, the Federal Deposit Insurance Corporation (“FDIC”) does not insure Bitcoin wallets. Furthermore, transactions can now take place entirely anonymously. Online consumers do not have to provide bank accounts or other financial information. Therefore, it becomes nearly impossible to trace transactions using virtual currency. Bitcoin is becoming increasingly popular and more merchants accept this currency for all types of transactions. International transactions can also take place without fees from foreign countries or conversion fees. Consumers can also “mine” Bitcoin, which involves competitions to solve complex computer-based math problems to win additional Bitcoins. Bitcoin is also a valuable investment, with people purchasing Bitcoin to profit from increases in its value.

Continue Reading ›

Published on: | by

In recent years, there has been an increase in cyber-attacks directed towards usernames and passwords for online banking accounts.  Through these attacks, outside parties have been able to misuse banking information for fraudulent wire transfers.  Hackers have starting using foreign accounts because it is more difficult to recover funds when dealing with some foreign banks.  Online banking fraud has led to over $40 million in stolen funds from small and mid-size companies.  Recently, the nature of these attacks have become more complex as regulatory agencies, e.g., FDIC, and enforcing agencies, e.g., FBI, scramble to keep up with changing technologies.

How Have Online Cyber-Attacks Changed In Recent Years?

In recent years, online banking fraud has become dramatically more sophisticated.  Now, hackers have the capacity to infect not only small, local sites, but also high-volume webpages all across web.  These hackers infect popular websites with Trojan viruses, which latch onto users’ computers when they visit the website.  The virus then directs to online banking information, such as account numbers and login information, allowing the hackers to access these accounts and conduct fraudulent transactions.  The virus may even have the capacity to record and hold this information itself.  To carry through the cyber-attack, criminals only need to setup funds transfers without the respective bank noticing.  Banks learned to watch for transfer activity from unknown computers, so now hackers steal victims’ IP addresses to avoid detection.  With this information, the transfer looks like a typical transaction from the user’s computer.  The hackers may obtain the ability to take control of a computer and use it to conduct fraudulent transfers.

Continue Reading ›