Internet Lawyer Blog

Cloud Computing and Security

Published on: August 10, 2015 | by Law Offices of Salar Atrizadeh

Security issues related to cloud computing must be dealt with carefully because of the legal uncertainties that surround its regulation. At this time, the European Union and the United States deal differently with cloud computing and its security.

What methods are used to deal with cloud computing security issues?

Security issues can be dealt with by breaking them down, which is how the United States approaches them. The European Union, on the other hand, prefers to directly control cloud-computing issues. In the case of the European Union, all states must be in agreement about regulations in order for them to become rules. However, when specifically evaluating the United States, the Stored Communications Act (“SCA”) proves to be an issue. Because the SCA is a subpart of the Electronic Communications Privacy Act (“ECPA”), certain transactions within cloud computing fall separately under the statutes. This is significant because only certain classifications of stored data are protected by the SCA. Thus, different data transmission processes have varying levels of protection. Because the ECPA was drafted in 1986, it is outdated, and brings concerns about data security. Additionally, security concerns exist when it comes to the power of the federal government in regards to data, especially in the hands of the Department of Justice or National Security Agency.

Cloud Computing and Privacy

Published on: August 3, 2015 | by Law Offices of Salar Atrizadeh

Cloud computing is a service that is offered by service providers and allows for large amounts of information to be stored in virtual servers. These organizations are referred to as Cloud Computing Service Providers (collectively “CCSPs”) and operate within the “cloud.” They are able to operate on a global scale, which makes their activities subject to international laws and places their users at the risk of loss of privacy.

What steps have been taken to protect user data?

In general, users of cloud computing relinquish their data, which may include confidential information, in order to store large amounts of information. Thus, CCSPs must be careful to protect privacy according to industry standards. The failure to establish proper safeguards may result in legal action by private individuals or governmental agencies (e.g., Federal Trade Commission). However, due to the security risk that users face by storing their data, governments have taken active roles in protecting against information loss. For example, the European Commission has instituted a Data Protection Directive. The purpose of this directive is to to give citizens control over of their personal data and to simplify the regulatory environment for business.

Internet Privacy: Social Media and Search Warrants

Published on: August 2, 2015 | by Law Offices of Salar Atrizadeh

The New York State Court of Appeals recently upheld a lower court’s verdict against Facebook’s claim that it had legal standing to challenge search warrants on behalf of its members. Facebook claimed that it had the ability to challenge search warrants that it saw as illegal before the warrants were executed. This verdict is considered a major setback for companies that seek to increase internet privacy.

What were the claims?

Facebook claims that, as an online entity which stores customer information, it had standing to contest search warrants brought to obtain information about its users, including, private personal messages and photographs. The company made the argument that search warrants for electronic information are different from a physical search of someone’s home. Someone else at a company has to do the searching, not the police, and more private information is accessible than would be found through a search of a defendant’s home. Therefore, Facebook claimed that the warrants served on social media companies are more like civil subpoenas for records and should be able to be challenged in court. Facebook also claimed its right to contest the warrants under the federal Stored Communications Act, but the court held that it had misinterpreted the law, which only applied to subpoenas and court orders. Although, the five-judge panel expressed concern over the scope of the search warrants and the large amounts of warrants executed, versus the small amount of those charged with a crime, however, it held that federal and state laws specify that the only person who can challenge a search warrant is the defendant. In general, the challenge takes place at a hearing before the trial court.

eDiscovery and Arbitration

Published on: July 27, 2015 | by Law Offices of Salar Atrizadeh

In recent years, with lawyers and their clients calling for alternate methods of dispute resolution, the discovery of electronic documents has become more difficult to manage. In fact, this dilemma is due to the expansive nature of technology and related software and hardware platforms. As such, it has increased the costs and burdens of litigation.

What is Arbitration?

Arbitration came about as an alternative method to resolve litigation. It exists as a way to provide a way for the parties to resolve their disputes before trial. An arbitrator is granted the authority to ask for electronic data to be presented in a case. Although, arbitration is cost effective, however, flaws exist regarding the scope of electronically-stored information that may be discovered during litigation. Due to the large amount of electronically stored information, arbitral institutions like the International Institute for Conflict Prevention and Resolution (“IICPR”) have proposed guidelines for discovery.

Internet Law and Class Action Lawsuits

Published on: July 20, 2015 | by Law Offices of Salar Atrizadeh

In recent times, the concern over the distribution of, and access to, users’ data on the web continues due to rising cyber activity. This has lead to an increase in Internet-related class action lawsuits.

What are the different types of class action categories?

One category of class actions relates to the use of internet cookies, which are utilized by websites and applications to obtain information about users’ activities. These files are saved on a user’s hard drive, so the host server gains access to certain information (e.g., user’s identity and recent transactions). “Zombie cookies” have become a concern leading to class action lawsuits, as they cannot be deleted and lead to online surveillance of users. Online advertising has also become a source of class action lawsuits, as third-party advertisers have teamed up with websites to use cookies without consent. As a result, online behavioral advertising is created based on a user’s browsing history in order to create relevant advertisements, which may violate privacy policies. Another category of class action is brought when a company website violates its own terms of service or privacy policies, sometimes leading to breached databases. The last category has to do with information contained on social media platforms. As a general matter, user profiles on social media platforms (e.g., LinkedIn, Facebook) yield a large quantity of information. These social media platforms create user profiles that are shared with third parties such as advertising firms.

Internet Rights v. Human Rights

Published on: July 13, 2015 | by Law Offices of Salar Atrizadeh

During the course of history, the United States Constitution has been amended in order to achieve the best interests of the nation and citizens. However, technological advancements have posed as obstacles to the changes as internet and human rights have recently become issues.

What is the relation between the Internet and Human Rights?

As of now, approximately 40% of the world’s population has access to the Internet. Because of its extensive reach, the Internet has become a basic component of human life. It encompasses an individual’s freedom of expression, freedom of association, privacy, and other fundamental factors. Civil liberty and human right groups have expressed their concerns regarding the increase in government’s control and power. For example, on April 21, 2015, Senate Bill 1035 was introduced, which seeks to reauthorize Section 215 of the Patriot Act for five additional years. This means that there would be continued data collection and surveillance programs. As such, groups like Human Rights Watch have expressed their concern towards NSA’s violation of privacy rights.

The LastPass Data Breach

Published on: July 6, 2015 | by Law Offices of Salar Atrizadeh

LastPass is a password management service that allows users to centralize all of their collective passwords under one master password. On June 15, 2015, LastPass announced that it was hacked and user data was compromised in the process.

What was stolen from the LastPass database?

LastPass officials released a statement following the attack proclaiming that the hackers did not steal master passwords, but instead gained access to authentication hashes and/or checksums. These are used in order to verify that the master password is correct upon trying to access an account. The attack also compromised cryptographic salts, password reminders, and user email addresses. Officials are confident that LastPass encryption measures ensure the protection of most users and their master passwords. However, it is also possible that fairly weak master passwords, or ones short in length, were also subject to the attack.

Telephone Call Harassment

Published on: June 29, 2015 | by Law Offices of Salar Atrizadeh

In general, harassing phone calls are distinguished from unwanted phone calls based on obscene or threatening language used to intimidate or scare the recipient. A phone call must hold malicious intentions in order to be classified as harassment punishable under California state laws.

What makes telephone calls a crime in California?

Under California Penal Code 653m, certain elements of a telephone call can lead to liability for criminal activity. The first element is the act of making a telephone call or electronic communication. This can be done via telephone, smartphone, computer, pager, or recorder, among other communication devices. This means that forms of electronic harassment could include text messages, phone calls, emails, faxes, picture messages, video messages, or voice recordings. A defendant can be accused of violating Penal Code 653m even if he/she was not the one to initiate the call. A violation may exist if he/she requested the electronic communication. The next element is the use of obscene language that is meant to threaten or injure the recipient, his/her family and/or property. This includes repeated calls or communication attempts, regardless of the content. The last element is the intent to harass or annoy a victim. There is no violation if the communication is made with the intention of legitimate business purposes, even though certain business calls might seem as nuisance.

Computer Hacking Laws

Published on: June 22, 2015 | by Law Offices of Salar Atrizadeh

In general, computer crime is a term that covers a variety of crimes involving internet or computer use that may be prosecuted under state or federal laws. Because of the rise in computer crimes, California state laws include provisions that prohibit these violations. In addition, other states have passed computer crime statutes in order to address this problem.

What is a computer crime?

An individual who accesses a computer, computer system or computer network and alters, destroys, or disrupts any of its parts is considered a perpetrator of computer crime. The charge is selected based upon the intention of unlawful access. Hacking is the breaking into a computer, computer system, or computer network with the purpose of modifying the existing settings under malicious intentions. Unlawful or unauthorized access means that there is trespassing, storing, retrieving, changing, or intercepting computer resources without consent. Viruses, or other contaminants, include, computer code that modify, damage, or destruct electronic information without the owner’s permission. This often disrupts the operations of a computer, computer system, or network. As such, Congress enacted the Computer Fraud and Abuse Act in order to regulate computer fraud and to expand laws against it. This federal statute provides that “whoever knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period” shall be punished accordingly.

Online Free Speech Limitations: Elonis v. United States

Published on: June 15, 2015 | by Law Offices of Salar Atrizadeh

On June 1, 2015, the Supreme Court of the United States ruled in favor of Anthony Elonis in Elonis v. United States, regarding free speech limitations as implemented via social media platforms. This ruling was the first time the Supreme Court raised implications of free speech related to social media.

Under what circumstances was Elonis indicted?

Anthony Elonis was convicted on four separate counts for postings on social media, specifically Facebook. The federal statute he was convicted under, 18 U.S.C. § 875(c), states as follows: “Whoever transmits…any communication containing…any threat to injure the person of another, shall be fined under this title or imprisoned not more than five years, or both.” Elonis sparked concern after posting graphic threats involving the rape and murder of his ex-wife, detonation of bombs in the presence of law enforcement, and shooting up an elementary school, all under an alias. Elonis did not dispute that the statements were posted, but declared that they were merely expressions of his frustration. He claimed that the trial court incorrectly instructed the jury on the standard of a “true threat” in which the expressions were interpreted as more serious under the context.