Published on: | by

The news outlets have been reporting that the Chinese have allegedly been hacking into American infrastructures. Assuming this report is accurate, the United States is not equipped to handle the consequences of such an attack. These hackers would possess the power to disable the critical infrastructure in this country, eliminating electricity, gas, water, and all major transit systems. Indeed, earlier this year, both The New York Times and The Wall Street reported that hackers had infiltrated their systems and stolen confidential employee information. The New York Times has further reported that it has been experiencing constant attacks from the Chinese in an attempt to control information that pertains to China. The Ministry of National Defense in China denies any such cyberattack on The New York Times. In light of these recent developments, it has become increasingly important for individuals and businesses to take steps to ensure their cyber protection. By serving California and Washington D.C., the skilled attorneys at the Law Offices of Salar Atrizadeh successfully work on legal matters pertaining to cybersecurity and Internet law.

The former Secretary of Defense, Leon Panetta, has described the scene that will unfold after such an attack as a “cyber Pearl Harbor.” Indeed, these hackers could possess software with the capacity to destroy infrastructure hardware. Such an attack would spread chaos throughout the country for months while the government works to restore its vital systems. Pointing to the failed Cybersecurity Act of 2012, Panetta has called upon the private citizens and businesses to act to secure their cybersecurity. Hillary Clinton, former Secretary of State, confirmed that this was a crisis that required global attention.

These instances of “cyberterrorism” threaten to cause damage far beyond the destruction of 9/11. Mandiant, a cyber-security company based in the United States, traces these cyber-attacks to the People’s Liberation Army, the Chinese military. The efforts in America to make sense of these attacks have not led to any definitive answers. The dangers of cyber-attacks are apparent in the recent attack on Aramco, the Saudi Arabian oil company. The attack consisted of a virus, which destroyed 30,000 Aramco computers, and replaced essential files within the system with an image of an American flag burning. There was also a reported cyber-attack on Telvent (now known as Schneider Electric), an international corporation that provides companies with the network and connections to remotely control power grids, oil pipelines, and gas pipelines. It remains unclear whether the hacking efforts are meant to steal confidential information, or whether the hacking is part of a larger scheme to derail vital American infrastructures. Indeed, the threat may not be limited to the Chinese, but rather part of a greater effort to launch an attack against American cybersecurity. This certainly poses a threat not only for national security, but also for individual cyber-security involving consumers and businesses that compose and participate in the crucial business and technology infrastructures.

Continue Reading ›

Published on: | by

In light of recent news that America’s cyber-network is vulnerable to outside attack, President Obama signed an Executive Order to improve cyber-security for the nation’s “critical infrastructure.” According to the Order, “critical infrastructure” applies to the vital physical and virtual systems in the United States that are essential to the country’s economic security, public health, and safety. This definition is in line with the definition of “critical infrastructure” in the Cybersecurity Act of 2012, which the federal government failed to pass.

The Executive Order is meant to promote greater information sharing among members of the same network. This will ensure that all network providers are adequately aware of potential threats to the system in time to plan and implement an effective response. Accordingly, American companies now bear the responsibility of evaluating whether “critical infrastructure” applies to their operations. Alternatively, the Executive Order may also apply to companies that provide goods or services to other companies that the Executive Order implicates. In this case, the Executive Order would also apply to the companies that provide the goods or services. These companies would then bear the same responsibility to abide by the Executive Order and participate in the information-sharing network.

The Executive Order also requires various federal agencies to participate in this network. The Office of the Attorney General, the Department of Homeland Security, and the Office of National Intelligence, among others, are responsible for participating to create an information-sharing network. Such a network will make it easier to detect and ward off cyber-threats. Additionally, the information-sharing network will allow the participating agencies to quickly notify the President of any legislation that is necessary to further protect the nation’s cyber-network. Furthermore, a working and productive network will incentivize other agencies and companies to join the network. Increased participants will improve the breadth of the network, work to expand the reach of the network, and add to the information that is available within the network.

Continue Reading ›

Published on: | by

Under the Telephone Consumer Protection Act, commercial entities are barred from freely soliciting customers using a short message service (“SMS”). A SMS typically allows vendors to send short text messages to consumers’ mobile phones. In this case, vendors send text messages to customers, or potential customers, advertising their deals and offers. The Telephone Consumer Protection Act of 1991 (the “TCPA”), codified under Title 47 U.S.C. § 227, limits telemarketers from using automated telephone services to target customers using text messages. Automated telephone services, or auto-dialers, use software programs to automatically send text messages to multiple telephone numbers using a telephone number database. Additionally, where the TCPA allows vendors to solicit customers using text message, it requires these vendors to include identification and contact information in the message. Furthermore, the TCPA and Federal Communications Commission (“FCC”) regulations prohibit such messages between 9:00 p.m. and 8:00 a.m. These provisions require solicitors to maintain a “do-not-call” list and honor the National Do Not Call Registry.

Under the TCPA and FCC regulations, companies may send text messages through an auto-dialer to solicit customers if: (1) the customer has given consent to receive such messages, or (2) the message is sent in case of an emergency. These restrictions apply regardless of whether or not customers have placed their numbers on the National Do Not Call List. According to the FCC, in order to send commercial text messages, companies must obtain written consent from customers. For informational text messages, such as those involving political messages and school information, the FCC only requires oral consent.

However, vendors are drawn to text SMS advertising because it allows them to target customers more directly through cellphones. Nonetheless, companies that violate federal standards against SMS advertising face severe legal consequences. For instance, Papa John’s, the American pizza chain, is currently involved in a class action lawsuit, with a class of customers as plaintiffs, for allegedly sending 500,000 unwanted text messages to customers in 2010. Customers explain they received multiple text messages in a string offering deals for pizza, sometimes in the middle of the night. Since the TCPA makes it illegal to send unsolicited text messages to customers who have not opted to receive offers via text message, the potential award in this case may be the largest recovery under the TCPA. A jury could award up to $1,500 per each text message if it finds that Papa John’s intentionally violated the TCPA.

Continue Reading ›

Published on: | by

In 1998, Congress passed the Children’s Online Privacy Protection Act (“COPPA”) to ensure online privacy for children under the age of thirteen. Under this Act, online operators must obtain parental consent before they begin to collect information about online users under the age of thirteen. The Federal Trade Commission (“FTC”) implements and enforces COPPA. In December 2012, the FTC adopted the first significant amendments to COPPA since the inception of this federal law in 2000.

In 2010, the FTC began to review the terms of COPPA to determine whether changes in the cyber community would require amendments to the Act. The FTC felt that COPPA would potentially require amendments in order to keep pace with the fast-changing nature of the Internet. Before drafting any such amendments, the FTC invited interested businesses and third parties to communicate their suggestions for changes that would help improve this law. After this process, the FTC adopted three significant changes to the Act.

First, the FTC expanded COPPA’s reach to include applications, plug-ins, and advertisement networks that could potentially gather personal information about children under the age of thirteen. Although, this was a controversial addition to COPPA, the FTC was able to compromise by indicating that COPPA will only apply to these online operators if the operator is aware that it is collecting information about children. Next, the FTC expanded COPPA substantially so that it applies to a wider range of personal information subject to the Act’s regulations. Under the 2012 amendments, “personal information” now includes online contact information such as instant messaging usernames, voice over Internet protocol (“VOIP”) identifiers, video chat user data, any other screen names that serve to identify users individually. The Act will also cover “persistent identifiers,” which include IP addresses, profile pictures, or audio files that contain a child’s voice. Finally, the FTC has revised the acceptable means of obtaining parental consent. Pursuant to COPPA, online operators must obtain parental consent before collecting personal information about a child. Under the 2012 amendments, these online operators can now accept consent by a parent’s use of an online payment system, by a parent’s confirmation through video conference with trained personnel, and by verifying a parent’s identification with government-issued identification. These amendments aim to protect children’s privacy in the quickly changing environment of online operators and in light of the constant advancements in the Internet community.

Continue Reading ›

Published on: | by

As part of a recent move to revise its body of business law, the Council of Washington D.C. has adopted an amended Title 29 of the District of Columbia Code on Business Organizations. Chapter 4 applies specifically to rules pertaining to Nonprofit Organizations. Also known as the Nonprofit Corporation Act of 2010 (the “Act”), as of January 2012, chapter 4 has applied to all non-profit corporations that existed after 1962. Nonprofit corporations that existed prior to 1962 will have until January 2014 to give notice waiving application of the Act to their operations. If pre-1962 corporations fail to file such notice by January 2014, the Act will apply to their operations.

A nonprofit organization’s Articles of Incorporation or Bylaws may replace most of the provisions of the Act. The Articles of Incorporation or bylaws serve as a set of specific laws that govern the operations and structure of each individual corporation. The revised Act may still provide new benefits for such companies. For instance, under section 29-102.11 of the Act, nonprofit corporations must now file their biennial reports by April 1st, not January 15th. In addition, according to section §29-401.03, nonprofit organizations must give notice in the form of a record. Under the Act, a “record” includes e-mails, taxes, and telegrams. However, a nonprofit corporation may include a provision in its Articles of Incorporation of bylaws, allowing for oral notice. The Act also allows nonprofit organizations to provide for electronic meetings– annual, regular, or special–under section 29-405.01-02. In the case of elections, section 29-405.28 now allows nonprofit corporations to appoint election inspectors to manage elections. When forming committees, the Act allows nonprofit organizations to only have a single member as the director of the committee. Furthermore, whereas nonprofit corporations’ directors held fiduciary duties towards the organization, including, but not necessarily limited to, duty of loyalty and duty of care under case law, now section 29-406.30-31 of the Act holds such duties. Finally, under section 29-406.70 of the Act, a transaction that bears the risk of a conflict of interest is not automatically voidable if the corporation has taken the steps to approve the transaction with shareholders. Additionally, a conflict of interest transaction may not necessarily be voidable if the corporation can demonstrate that the transaction was fair to the organization at the time that it was approved by the board of directors.

At the Law Offices of Salar Atrizadeh, we guide our clients in legal matters by using extensive knowledge and skills to create innovative solutions. Please contact us today to set up a confidential consultation.

Published on: | by

Employers use non-compete agreements often to protect trade secrets and keep valuable employees from moving to competing firms. Most employers who conduct business involving highly valuable business secrets require employees to sign non-compete agreements before commencing employment. These contracts prohibit employees from releasing trade secrets to competing companies. Additionally, non-compete agreements prevent employees from working for a direct competitor within a period of time after leaving the company.

In light of the emphasis that the legal system places on an individual’s right to earn a living, courts require a high level of reasonableness to uphold non-compete agreements. Courts generally look at the length of time, geographic area, and types of business that these contracts cover to determine whether they place an undue hardship on an employee’s ability to seek employment. In states that allow for non-compete agreements, courts require reasonable scope and duration in order to uphold such contracts. Furthermore, non-compete agreements may be valid regardless of whether an employee leaves of his own choosing or is terminated.

California’s policy regarding non-compete agreements emphasizes a strong public interest in open competition. The California Business and Professions Code § 16600 dictates that any contract that restricts business is “void” unless the agreement falls within the exception outlined in Business and Professions Code Section 16601. The exception looks to whether competition would dispose of a substantial ownership interest or goodwill of the company. However, California employers maintain the option of using non-solicitation agreements and non-disclosure agreements to protect trade secrets and employees from competitors. Non-solicitation agreements prevent employees from seeking out the company’s clients after leaving, unless the employee developed a relationship with the client before working for the company. Nondisclosure agreements are contracts that hold the parties responsible for protecting confidential information utilized in the course of employment or during a business transaction.

Continue Reading ›

Published on: | by

The proliferation of cloud computing has given rise to increased privacy concerns. These concerns are especially grounded in Google’s new terms of service that allow the company to gather user information and data and release it to government entities upon request, without obtaining user consent. According to these new terms, as of March 1, 2012, Google has been consolidating data on users who access Google and creating a single profile that contains all of this information. Google’s new terms have caused concern with the Electronic Privacy Information Center (“EPIC”), which argues that these terms conflict with an FTC Consent Order that outlined privacy standards for all Google products and services. The order required Google to obtain users’ consent before gathering and sharing personal user information with third parties.

In response to Google’s new terms, EPIC petitioned the Federal Trade Commission (“FTC”) to compel Google to abide by the terms of the 2011 consent order. EPIC brought suit in the United States District Court of the District of Columbia against the FTC, urging the organization to enforce the consent order, and stop Google’s new policy of gathering and storing user information in individual profiles. The court heard EPIC v. FTC in 2012 and ruled that the court lacked the jurisdiction over the FTC to compel it to act according to EPIC’s demands. Nonetheless, the court noted that it had “serious concerns” regarding Google’s revised terms of service.

The National Association of Attorneys General sent a letter to Google on behalf of 36 states, expressing concern with Google’s intention to gather information about users from all products that utilize Google services, such as cell phones, computers, and tablets. This is especially concerning for Android smartphones, which rely heavily on Google systems and products. Users with electronic devices use various Google products, such as Gmail, YouTube, and the Google search engine, in different ways. However, according to Google’s new terms, user profiles would consolidate usage from all such products into a single profile for each user. The Attorneys General also voiced a specific complaint towards users’ inability to opt out of these new terms. According to the letter, the lack of choice poses a severe threat to individual privacy.

Continue Reading ›

Published on: | by

The Electronic Communications Privacy Act of 1986 (“ECPA”) prohibits disclosure of stored communications without a court order. This includes instant messages, emails, and communications on Facebook. The issues that can arise from such a standard came to light in 2005, when Loren Williams died in a motorcycle accident in Arizona, and his mother attempted to access his Facebook account in the hopes of feeling closer to her son. However, according to the ECPA, Loren’s mother did not have the authority to access her son’s Facebook account. Loren’s mother eventually sued Facebook in 2007 and a court granted an order allowing her to access his Facebook account. Facebook has revised its policy, allowing relatives to report a death online, at which time, Facebook allows restricted access to an account for friends and relatives.

However, Facebook was merely abiding by the terms and conditions that Loren had agreed to when he signed up for his Facebook account. Under these terms, the “assets” that fell under the license agreement become subject to licensing rules. Accordingly, a license expires when the license owner dies. The rights to that license and those assets do not automatically transfer to the next of kin or to the decedent’s estate upon death. Many states throughout America are in the midst of considering legislation that would allow access to online accounts after death. However, any law in this field is still in its early stages.

In light of these legal circumstances, family members file lawsuits against email servers to gain access to emails after the owner of the account dies. In some cases, the courts have allowed the servers to release the emails as raw data to family members, but courts rarely allow access to accounts. To avoid costly litigation in order to gain access to such accounts, individuals could begin incorporating social media account access and the respective passwords in their wills. Alternatively, individuals could create accounts under a trust to ensure that other members of the trust can access the account in the event that one member passes away. This issue is especially impactful in light of all the other tasks that people are able to conduct online. For example, many people manage their banking online by and through the bank’s website.

Continue Reading ›

Published on: | by

The Americans with Disabilities Act (“ADA”) requires public businesses to provide equal access to their venues for persons with disabilities. Under Subchapter III of the ADA, such public establishments include, among others, restaurants, movie theaters, stores, and places of education. Now, the increases in businesses that operate exclusively online, without a physical location, call the reach of the ADA into dispute.

In June 2012, the United States District Court for the District of Massachusetts decided this issue of first impression in National Association of the Deaf v. Netflix, Inc. The court held that the ADA applies to businesses that operate exclusively on the Internet. The National Association of the Deaf sued Netflix, Inc., arguing that by failing to provide closed captioning for all of its content, Netflix was in violation of the ADA. Netflix, Inc. argued that it was not required to provide disability access to its site because it was not a “place of public accommodation” within the meaning of the ADA. The court based its opinion on the public policy underlying the ADA, which aims to provide equal access to public amenities for persons with disabilities. With the exponential rise in online businesses, the court found that it was within this public policy to allow persons with disabilities to access these sites alongside other members of society. One month later, the United States District Court for the Northern District of California reached the opposite conclusion in Cullen v. Netflix, Inc. In this case, the court looked to its prior decisions and held that the ADA’s reach is limited to public establishments with “physical structures.” These two opposite holdings show that the nature and reach of the ADA, as it pertains to online businesses, has not been solidified yet.

The Department of Justice has reviewed the ADA and provided regulations and guidelines for accessible website designs. For example, business can make their sites accessible to persons with disabilities by adopting a simple page layout throughout the site. This makes it especially easier for visitors with visual impairments to locate information quickly and easily. Websites may also provide transcriptions for any video or audio on the site for visitors with hearing impairments. Finally, websites may improve accessibility for persons with disabilities by inviting such visitors to notify website managers of ways to improve site accessibility. Nonetheless, in the absence of a binding uniform standard for website access, the reach of the ADA towards online businesses is still very much in the hands of courts in their individual jurisdictions.

Continue Reading ›

Published on: | by

The possibility of identity theft is a growing concern. However, banks, credit card companies, and various other institutions that house private information regularly take steps to protect customers’ identities. Nonetheless, a different type of identity theft continues to thrive. Online impersonation is a quick and easy form of identity theft that takes place over the Internet. It is an easy type of identity theft given the breadth and convenience of social media and expanding networking sites. However, in light of the Sandy Hook Elementary School incident, state and federal authorities are considering the possibility of bringing criminal charges for online impersonation.

State legislatures called for laws against online impersonation following the case of Megan Meier, a 13-year-old girl who killed herself after a woman impersonated a boy and engaged in cyberbullying. After the Sandy Hook shooting, people began posting incorrect information about the shooting and the suspect. Others began posing as the shooter and staging crime scenes similar to the shooting. Connecticut State Police Lieutenant J. Paul Vance called attention to this matter in a public press conference. He noted that these posts, in addition to being highly inappropriate, were also threatening and criminal in nature.

A spokesman for Commissioner Reuben Bradford stated that, harassing anyone who was a victim of the shooting would be criminally prosecuted. He noted that harassment would not only include in person contact, but also harassment through via the Internet and social media sites. Charges could include criminal impersonation and criminal misrepresentation. California and several other states have established online impersonation as a criminal offense. Critics argue that criminal regulations that prohibit online impersonation may arm interest groups with the power to suppress speech. For example, Electronic Frontier Foundation argues that such laws could silence groups like The Yes Men, which utilizes online impersonation as a form of commentary on the government and large corporations.

Continue Reading ›