Internet Lawyer Blog

Unauthorized Wiretapping Laws

Published on: March 13, 2017 | by Law Offices of Salar Atrizadeh

In addition to California’s precautions against unauthorized email access, there are additional Federal measures to protect privacy. Compared to state measures, this gives another way for an individual to seek legal remedies in a federal court. This is broken up into three different statutes, as part of the Electronic Communications Privacy Act, first regarding wiretapping, unlawful access, and pen registers. Yet, to a business only the first two have real consequence, with the final one applying in a narrower scope. So, what is the difference between anti-wiretapping and unlawful access laws? Why might someone choose to sue under the wiretapping statute, but not unlawful access? Can either provision provide an individual the ability to recover for lost or misappropriated sensitive information from electronic mail?

Federal Laws

Federal wiretapping laws are outlined in 18 U.S.C. 2511, which focuses on prohibiting the intentional interceptions of electronic communication unless it is for valid government purposes. Yet, while it is called a wiretapping statute, it’s far more expansive. An unlawful interception would result in a fine and, at most, five years of imprisonment. However, the civil remedies for a violation come from Section 2520, which allows equitable relief (e.g., injunction), punitive damages, and attorney’s fees. The computation of damages is limited to the greater between the actual damages or statutory damages of $100/day for each day of violation or $10,000.

Unauthorized Access To Email

Published on: March 6, 2017 | by Law Offices of Salar Atrizadeh

This article discusses the remedies for unauthorized access to email in the State of California. Now, email is an essential part of our lives and has been granted extensive protections in the state and federal spheres. Beyond that, it can occur in a variety of ways such as: (i) leaving an unlocked device on your desk; (ii) lending someone your email password; (iii) getting hacked by someone; or (iv) simply failing to properly update security on your device. Yet, what laws are in place to punish those who would unlawfully access an email account? What are the consequences? How might this help business owners protect their confidential information and intellectual properties?

California Laws

In California, there are statutes for computer crimes, which would prohibit individuals from unlawfully accessing another person’s email accounts. For example, Penal Code 502 prohibits access without permission of computers, networks, internet websites, electronic mail, and similar things. Although, it should be noted that Penal Code 502 lists other criminal acts, such as knowing misuse of domain names, introductions of contaminants, and deletion of data.

Who Are Script Kiddies?

Published on: February 27, 2017 | by Law Offices of Salar Atrizadeh

There are few things that you consider when forming a cybersecurity framework. Naturally, chief among them are the perpetrators such as hackers who engage in mysterious online threats by constantly adapting to new technology. These hackers might seem indomitable, clever, and always working to break down security. Yet, this is not necessarily the case. What if the nature of the threat was different? What if anyone could become a top-level hacker without sufficient knowledge of computer programming? How might a business address this issue and anticipate a different threat?

What is the nature of the threat?

On the issue of hackers, while there are certainly those who have the skills to access systems, but they are not the only threat. There are three kinds of hackers: First: “white-hat” hackers, who will hack to expose security flaws for a company. Second, “black-hat” hackers who hack to cause harm or gain profit. Third, “script kiddies” who are an offshoot of black-hat hackers. These script kiddies tend not to have the technical skills of a black-hat hacker. Instead, they rely on pre-existing tools that black-hat hackers disseminate. This allows a script kiddie to engage in a more advanced attack and cause harm. One particularly notorious instance occurred on February 7, 2000, where a 15-year old launched a massive DDoS attack using a slightly modified tool that was downloaded online.

Ransomware: Does A Tort Claim Apply?

Published on: February 20, 2017 | by Law Offices of Salar Atrizadeh

In our last blog post, we mentioned eBay, Inc. v. Bidder’s Edge, Inc. While the case wasn’t related directly to ransomware, it creates an important precedent for tort liability. Specifically, it supports the idea that common law torts can be carried out and applied in the digital world. So, what does eBay give us as a legal theory? How might it get applied to ransomware in a hypothetical case? What is the likelihood of succeeding on such a case?

Case Analysis: eBay, Inc. v. Bidder’s Edge, Inc.

In this case, eBay sued Bidder’s Edge for the use of a type of program known as a “spider” or “bot.” These programs would automatically go to eBay, search for information, and repost it on Bidder’s Edge. The purpose of this was to allow others to get better ideas of what to bid on items by searching multiple auction sites. While there were negotiations to allow Bidder’s Edge to access eBay, however, the negotiations broke down, and ultimately prompted the lawsuit.

What Are Ransomware Laws?

Published on: February 13, 2017 | by Law Offices of Salar Atrizadeh

Now, we know what ransomware is and a little on how to fight against it. So, what are the applicable statutes and how can you recover? Naturally, after a person pays the ransom, or loses their data, they have been harmed by a violation. This could be potentially devastating to a small business or an individual. Yet, there’s no explicit way to recover the funds or recover from the harm except through a lawsuit. While, there is a statute specific to ransomware in California, individuals do have other avenues and claims. What is this new statute? What can someone recover in a lawsuit? Are there any difficulties for ransomware lawsuits?

Ransomware Statutes

In September 2016, California passed a ransomware statute under SB 1137, which in essence amended Penal Code § 523. This was prompted by an uptick of the attacks on hospitals. In the statute, the use of ransomware is punishable by 2-4 years in prison. This is in line with treating ransomware like extortion crimes. Furthermore, it defines ransomware in the statute as a “computer contaminant or lock placed or introduced without authorization into a computer . . . which the person responsible for the placement or introduction of the ransomware demands payment . . . to remove the computer contaminant . . .”

What Is Ransomware?

Published on: February 6, 2017 | by Law Offices of Salar Atrizadeh

A business’s computer network, which may comprise of network and database servers, is the operation’s lifeline. A successful business should require its computer network to be secure and protected. There are many ways that these measures can go wrong. Yes, sometimes hackers can get in and access sensitive information (e.g., trade secrets, intellectual property) without authority. There are countless ways for a hacker to obtain unauthorized access to a private network. However, what happens when the hacker has gained unauthorized access? In the hacker’s tool belt is a special kind of malware known as “ransomware.” What can ransomware accomplish? How can you spot it? How dangerous can it be to your business?

What is Ransomware?

As the name might suggest, ransomware is a program that holds (or claims to hold) data hostage. It then encrypts data, and renders it inaccessible until the data owner pays off the hacker. Generally, the hacker will place the malware on the host computer through an email attachment, special program, unverified email, or malware that accesses a computer through pivoting, and then releasing the “payload” which consists of the malware. After ransomware is activated, it sends an alert on the electronic device, usually demanding payment to an account, in the form of cryptocurrency (e.g., Bitcoin) or credit card payment.

Doxing: Is It A Violation of Privacy Laws?

Published on: January 30, 2017 | by Law Offices of Salar Atrizadeh

In the last article, we ended our comments with anonymous online speech and the related complications. However, unmentioned before is an act that’s generally prohibited on websites, and indeed, it will probably be prohibited pursuant to state, federal, or international laws. This is “doxing” which is a practice of taking another individual’s personal information – e.g., name, address, telephone, photographs or other confidential information and publishing it online without authorization. So, how do doxers do it? How can you protect yourself? What are the remedies, if any?

What is doxing?

Doxing (a/k/a “doxxing”) is a common aspect of activism and vigilantism that occurs online. Frighteningly, this action does not require an individual to necessarily perform an illegal act to “dox” a person. Rather, it relies on perseverance and the type of information is available to the general public.

Anonymous Online Speech and Related Complications

Published on: January 23, 2017 | by Law Offices of Salar Atrizadeh

Following from libel proof individuals to the realm of Twitter, and the “Wild-West” approach towards online statements, comes an interesting idea. It is given that most people will communicate anonymously on the web. So, if a person is a victim of libel, then how can he/she recover? The online service provider technically didn’t publish it, but only acted as the forum. The person who published the statement cannot be easily found because the statement was posted under a pseudonym. So, what if the online service provider could be forced to give up identifying information (e.g., name, address, telephone, email, IP address) of the commenting individual? How much is that anonymity worth? Is there a way to actually engage in defamation and get away with it?

How does anonymity make things harder?

Naturally, an unknown person is difficult to sue in court. The amount of damages he or she could pay is difficult to ascertain. While there are rules allowing a lawsuit without knowing the individual’s identity (which is common in some cases), however, it adds the difficulty in discovering the identity of the “Doe Defendants.”

The Libel-Proof Theory and Its Real-World Application

Published on: January 16, 2017 | by Law Offices of Salar Atrizadeh

On the Internet, individuals can go out and make attempts to rib each other, or to mock certain celebrities or infamous individuals. This opens the realm of libel and slander laws to expand towards online activities. Yet, depending on the person’s history, defamation may be borderline impossible. If defamation is harm to one’s reputation, then theoretically it should be impossible to harm an irredeemable reputation. This idea is a concept known as being libel proof — i.e., a person who cannot be defamed any longer. So, can a completely libel-proof person exist? How could someone argue the individual is libel proof? How might this affect online communications?

What is libel proof?

Libel proof means, quite simply, that a person cannot be defamed any further. Generally, to even satisfy libel, it would have to be an unprivileged false written statement that was published towards third parties (compared to slander, which is an unprivileged false oral statement that was published towards third parties). Even then, defamatory statements are judged differently to protect free speech interests.

Reverse Engineering: Fair Use and Other Rights

Published on: January 9, 2017 | by Law Offices of Salar Atrizadeh

Among the rights people have, many are unknown or unsung until there is a dispute and the courts get involved in the process. Rarely recognized is the right to reverse engineer under the Fair Use Doctrine and Digital Millennium Copyright Act. However, this is not an absolute right. Rather, it can be waived under certain circumstances. So, how can the right to reverse engineer be used? How might an individual hope to reverse engineer anything? Can you prevent others from reverse engineering your products?

What does the reverse engineering law apply to?

Reverse engineering is a method of taking a device or program and taking it apart to determine how it works, occasionally in attempts to duplicate or improve it. Generally, this would be applied to devices or physical products that are protected by patents. However, in the realm of copyright, reverse engineering is allowed in some situations. Specifically, this applies to computer programs to allow interoperability of devices or systems. Since computer programs may be designed to only work with a few devices or systems, to allow a consumer to use them on another operating system, reverse engineering would be a necessity. This would allow individuals to ensure programs operate without interference or to add integration features.