Technology

Wiretapping and Privacy Laws

Published on: February 9, 2014 | by Law Offices of Salar Atrizadeh

In 2013, Edward Snowden, a former CIA employee, and National Security Agency (“NSA”) contractor, leaked top secret documents to the public. These documents detailed the NSA’s controversial electronic surveillance practices and procedures, sparking a debate about wiretapping and privacy laws. Snowden revealed that the government employed questionable electronic surveillance programs. The controversy circles around the potential privacy violations surrounding government agency practices to monitor communications. Since then, the Obama Administration has been under pressure to address individual privacy concerns. Last month, President Obama addressed the nation and introduced proposed changes to current electronic surveillance practices.

What Are the Current Wiretapping Laws, Before President Obama’s Proposed Amendments?

Wiretapping has been possible since the invention of the telephone. The procedure gets its name from earlier methods, which required officials to physically place electrical taps on telephone lines. Wiretapping is a constitutional and legal practice. In most cases, officials must secure a warrant from a judge beforehand. However, federal intelligence agencies can apply to the Foreign Intelligence Surveillance Court (“FISA”), under secret proceedings, for court approval. In some circumstances, these agencies can proceed with approval from the United States Attorney General, without court approval. In the event that the agency does need to secure a warrant before wiretapping, courts typically apply a very strict standard of review before granting approval. For instance, the judge will look to ensure there are no other less intrusive methods to gather information. In general, the courts look at wiretapping as a last resort. Alternatively, if a party who is participating in a call, records the call and produces it to a government agency, the agency does not need prior court approval. The agency is then at liberty to use the contents of the recorded phone call for its purposes.

Federal Privacy Laws

Published on: February 2, 2014 | by Law Offices of Salar Atrizadeh

In general, the federal government enforces privacy rights at the federal level and state governments regulate privacy standards at the state level. Depending on the area of privacy laws at issue, different government agencies have enforcement authority. For example, Office of the Attorney General, Federal Trade Commission, and Department of Health and Human Services have certain enforcement authority.

What are federal privacy rights?

The federal Privacy Act of 1974 applies privacy standards for the information that federal executives and agencies can access and disclose. However, these requirements apply only to information about U.S. citizens and legal alien residents. They do not apply to illegal immigrants or corporations.

Class Action Lawsuits and Internet Law Violations

Published on: January 13, 2014 | by Law Offices of Salar Atrizadeh

Class action lawsuits are a staple in the American court system. The notion that there is strength in numbers is shown in the extraordinarily large settlements that come from these cases. In recent years, there has been a significant increase in class action suits involving internet-based companies (e.g., Facebook, Google, Tumblr, Instagram, or MySpace).

As consumers spend more time on the Internet, sharing their work, preferences, and private information, there is a growing potential for internet law violations. Since numerous consumers engage in same or similar activities, e.g., use email to send/receive information, a single violation implicates the rights of a large group of consumers. In turn, this sparks a class action suit.

How Are Class Action Lawsuits Different From Other Suits?

Target’s Security Breach and Identity Theft Threats

Published on: January 5, 2014 | by Law Offices of Salar Atrizadeh

On December 19, 2013, Target issued a statement confirming a major security breach. According to the statement, approximately 40 million customers were at risk for identity theft because of the breach. Hackers had gained access to customer information, including their names, credit card numbers, debit card numbers, card expiration dates, and security codes. This incident brought light to the ongoing threat of identify theft for customers who use credit or debit cards to make purchases, either in stores or online. With this growing threat, consumers need to take care to protect themselves against potential attacks.

What Is the Extent of the Target Security Breach?

According to Target’s investigations, the hackers began accessing customer information from before Thanksgiving until mid-December. With the information they stole, which is stored on a card’s magnetic strip, the hackers could have made purchases all around the world. Indeed, hackers can also use this information to create new credit or debit cards. Although, there is no evidence the hackers also stole pin numbers, but if they had, they could have withdrawn money from customers’ bank accounts. The United States Secret Service is looking into this massive security breach. In the past, federal and state authorities have held companies liable, even issuing fines, if investigations reveal that a company did not take adequate steps to protect customer information. Analysts predict that here Target may have to spend over $100 million in legal costs to fix the security breach. Costs will increase even more if it’s forced to reimburse credit card companies for fraudulent purchases. However, in the meantime, Target’s first priority has been to act quickly to secure and protect customer information. Although, they have not reached any conclusions, initial investigations suggest the breach could have come entirely from outside hackers, or it could have been achieved with help from its employees. Either way, this level of a security breach suggests that it reached deep within the corporation.

California’s New Revenge Porn Legislation

Published on: November 17, 2013 | by Law Offices of Salar Atrizadeh

The spread of social media networks and social profiles has, unfortunately, made the potential for cyber harassment more common today. For instance, the phenomenon of revenge porn has sparked controversy in society, prompting California’s Legislature to enact a new law to help deter future acts of involuntary pornography. If you, or someone you know, has been a victim of cyber harassment, including revenge porn, please contact us today to speak to an attorney who can help explain the legal remedies.

What Laws Apply to Acts of Revenge Porn or Cyberharassment?

In October 2013, California’s governor, Jerry Brown, signed Senate Bill 255 (“SB 255”) a law into effect, which made revenge porn a criminal offense, allowing victims to seek legal remedies from perpetrators. Revenge porn, also known as involuntary pornography or “cyber revenge,” is the act of posting pictures and videos that contain sexually-explicit content of a former significant other without their knowledge or consent. Typically, former significant others will post this kind of content to harass or embarrass previous partners. However, in some cases, hackers can get a hold of this type of content and post the pictures on adult websites. And, often times, the party distributing the images will include personal information about the victim (e.g., name, address, and social media accounts). Posting this type of personal information increases traffic through Google and draws more online visitors. However, this information also poses a serious threat to the victims, some of whom have reported the unwanted attention that comes from strangers.

California’s “Do Not Track” Legislation

Published on: November 11, 2013 | by Law Offices of Salar Atrizadeh

In September 2013, California’s legislature enacted a new “Do Not Track” law–Assembly Bill 370 (“AB-370”)–that requires websites to disclose their practice of tracking consumers’ personal identification information. The new law may be the first step towards universal anti-tracking standards, which will provide greater protection over the Internet for online users and their personal information. According to the executive director of the Center for Digital Democracy, Jeff Chester, at the very least the new law is a signal to websites that political bodies are mobilizing to protect online consumer privacy.

What Are the Provisions of California’s “Do Not Track” Law?

Under AB-370, any website that collects personal information from online users will have a duty to disclose the specifics of their tracking behavior to consumers. The “Do Not Track” legislation requires that websites inform consumers their protocol for responding to do not track signals (“DNT signals”). For instance, consumers who use Mozilla Firefox have the option to request that the browser not track the users’ personal information. However, Mozilla is still under no legal obligation to follow this request. AB-370 also addresses any practices that allow third parties and sites to access and use consumers’ personal information. Specifically, the new law requires websites to disclose whether they grant third-party access to personal information the website has gathered from online users. This law does not prohibit websites from continuing to track personal information, or grant access to this information to third parties. Instead, the law aims to improve disclosure standards, so that consumers are better informed of how their online activities can affect access to their personal information.

Search Engine Privacy

Published on: November 4, 2013 | by Law Offices of Salar Atrizadeh

The answer to many questions is an online search away. However, online searches are not free of all consequences. Indeed, search engines can track and store a user’s search history and even sell this personal information to third parties for profit. What someone types into a search bar then becomes part of a permanent link tied to that Internet Protocol (“IP”) address. This certainly raises several concerns regarding online and individual privacy. In a highly digitized era, this affects anyone with Internet access, a computer, and even a cellphone.

What are the Main Concerns of Search Engine Privacy?

Search engines track personal information using users’ search history, including a user’s IP address, search terms, name, and location. Websites, such as Google and Yahoo, can then use this information for their marketing, or they can sell users’ search history to marketing firms. Online search history generates an impression of the user, which the public can then use to its advantage–e.g., for criminal investigations, employment opportunities, and to fuel personal disputes. Public opinion in this area strongly disfavors this level of surveillance. As a result, websites have begun to compete in terms of which search engine provides the greater privacy protection. Efforts to improve search engine privacy consider, among other standards, how long a search engine stores user information, how a search engine deletes such information, whether the search engine engages in behavioral targeting (i.e. whether a site uses search history to provide targeted advertisements), and whether the search engine uses profile information to manipulate advertisements. Based on a recent survey by CNet, only Ask.com does not record search terms. Outside the circle of the large search engines, sites such as ixquick.com allege that they do not record IP addresses when users conduct searches through their website. According to the survey, Google also does not engage in behavioral targeting.

Internet Sales Tax Laws

Published on: October 28, 2013 | by Law Offices of Salar Atrizadeh

Online sales markets are in a state of expansion as more consumers continue to conduct their purchases online. Indeed, the topic of an Internet sales tax has been in debate in the California Legislature for some time. And now, with the possibility that the federal government may pass the Marketplace Fairness Act of 2013, online sales taxes could change across the country. If you are a consumer who makes purchase online, or a business that conducts sales online, the California Internet sales tax provisions apply to you. Please contact us today to speak with an attorney who can help explain how changing tax requirements could affect your online transactions.

What Is California’s Online Sales Tax Now?

Currently, the standard tax rule in California, and across America, is that online retailers must collect sales tax from customers who are located in states where the online retailer maintains a “physical presence.” Online retailers maintain a physical presence in states where they have a warehouse, a store, a corporate office, or a sales representative. In states where online retailers do not collect an online sales tax, customers nonetheless have a duty to report and pay a sales tax on online purchases. In this case, the tax is a “use tax,” not a “sales tax.” However, these standards differ between each state and for federal taxes. The federal government has also been considering the Marketplace Fairness Act of 2013, which would allow businesses to collect taxes on sales in individual states, regardless of where the seller is located. However, any businesses that are not physically located in a state and make less than $1 million a year would not be required to follow this tax schedule. This law would also require states to reform their current sales tax laws to make online sales tax collection simpler. For California, this new law will not make a substantial difference because the largest online sellers, such as Amazon, already maintain a physical presence in California. Therefore, California online shoppers already pay an online sales tax for most of their online purchases.

Protecting Trade Secrets in Cyberspace

Published on: October 1, 2013 | by Law Offices of Salar Atrizadeh

A business’s trade secrets are an essential component of its foundation, growth, and development. A trade secret is any sort of confidential and proprietary information that a company seeks to protect from unauthorized access. For example, a trade secret, includes a formula, pattern, compilation, program, device, method, technique, or process (e.g., computer algorithm). By definition, a trade secret is only valuable so long as it remains a secret. In recent years, as businesses conduct more transactions over cyberspace, there is a higher probability of trade secret theft or loss. However, the constantly changing nature of cyberspace, and the anonymity users enjoy over the Internet, make protecting trade secrets a complex issue.

What is the Threat to Trade Secrets in Cyberspace?

Trade secrets in cyberspace, which involve software and digital information, can be misappropriated or wrongfully taken and used without detection. It is also known as “cybertheft.” For example, an online user has the capacity to view and distribute trade secrets without detection within minutes. Online message boards allow users to post trade secrets over the web anonymously. By concealing their identity, it is possible to steal a trade secret without detection. Indeed, the courts continue to issue decisions that recognize individual privacy rights in digital trade secret misappropriation cases, preventing the trade secret owner from seeking legal remedies. Furthermore, in the past, trade secret theft was intended to secure an economic advantage between competing companies. However, recent cases, such as Ford Motor Co. v. Lane, illustrate that trade secrets are vulnerable to dissatisfied employees who distribute trade secrets only to harm an employer. On a side note, hackers may even steal and distribute trade secrets simply to show off their technical skills.

ISP Data Retention Policies in the United States

Published on: September 23, 2013 | by Law Offices of Salar Atrizadeh

In the aftermath of the Snowden scandal, and an on-going concern for cyber-surveillance practices, the United States Congress and the American people are increasingly concerned that their online privacy is at risk. The government continues to wrestle with the possibility of including mandatory data retention standards for Internet Service Providers (“ISPs”). While this poses a serious threat to individual privacy, supporters of data retention argue that these standards are essential to national and personal safety.

What Is Data Retention?

Data retention is the practice of ISPs monitoring and storing information tied to an IP address, including, but not limited to, browsing history. ISPs that also provide email services may store email logs, but not the content of those emails. ISPs also have the capacity to identify which third-party email service providers are tied to an IP address. Law enforcement agencies could require ISPs to turn over this information in the course of a criminal investigation. PRISM, the National Security Agency’s avenue of access to online data, is similar to traditional data retention practices, except that PRISM targets cloud-based services. Currently, there are no mandatory data retention policies in America. However, governmental pressures and international influences may be pushing America to join Europe in its data retention practices. In March 2013, James Sensenbrenner, Republican House representative from Wisconsin and the author of the Patriot Act, argued that America should adopt ISP data retention laws similar to those in Europe. Indeed, the Justice Department has fully supported data retention policies. The Justice Department argues that the lack of data retention policies dramatically hinders law enforcement efforts. However, regardless of whether the government implements policies requiring ISPs to store personal data, ISPs currently maintain the freedom to monitor and track online activity. Indeed, Time Warner currently retains user data for six months, and Verizon retains data for eighteen months. Then, under the Stored Communications Act, which is codified under 18 U.S.C. § 2701 et seq., the government may access this data.