 |
|
|
|
 |
|||
|
“Get a Personal Trainer for Your Computer!”© |
|||
|
|
 |
|
|
||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PRO-IP (Prioritizing Resources and Organization for Intellectual Property) Act of 2008 |
|
|
|
Transportation Safety Administration guides to air travel with laptops |
|
|
|
Criminal laws prohibiting accessing any computer or network without the owner’s permission |
|
|
|
|
|
“CyberStalking” and “CyberBullying” laws |
|
|
|
CYBERSECURITY LAWS: Federal Personal Data Privacy and Security Act |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FTC RULES: |
||||||||||||||||
|
CHILDREN’S ON-LINE PRIVACY PROTECTION ACT OF 1998 [28 U.S.C. Sec. 1301] (“COPPA”): Regulates unfair and deceptive practices in connection with the collection and use of personal information from and about children under the age of thirteen over the Internet as violations by web providers under the FTC Act. For example, under this law, website hosts may want to prohibit membership applications or registration by users under the age of thirteen, absent written parental consent, in order to protect themselves from violation of this law. In view of what the FTC calls “an explosion in children’s use of mobile devices, the proliferation of online social networking and interactive gaming,” on 9/15/11 the agency proposed regulatory changes, expanding the definition of “personal information” to include a child’s location, along with any personal data collected through cookies for the purposes of targeted advertising, which must be protected and held, then deleted, for only as long as reasonably necessary. This immediately followed the FTC fine of $50,000 against W3 Innovations, a company which makes mobile phone applications, which collected personal information about children without parental consent over mobile phones. |
||||||||||||||||
|
ELECTRONIC COMMUNICATIONS PRIVACY ACT, a/k/a “ECPA” [18 U.S.C. Sec. 2701-2711 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS]: This 1986 law was originally enacted to extend restrictions on traditional wire taps of telephone calls to include transmissions of electronic data by computer, long before Internet use became mainstream. This protection was somewhat weakened by the provisions of the U.S. Patriot Act. The act, and the case law interpreting it, concern the extent of protection accorded e-mails, both stored and in transmission and records of ISPs. So what about employers’ monitoring of employee e-mail and telephone calls? This would come under any of the three exceptions to the ECPA: Employers are generally allowed to monitor business-related telephone calls, to monitor communications where there has been employee consent (e.g. by employment contract or signed separate agreement, and to retrieve and access stored e-mail messages. See also, e-discovery, below, for the application of the Stored Communications Act provisions. |
||||||||||||||||
|
DIGITAL MILLENNIUM COPYRIGHT ACT of 1998, a/k/a “DMCA” [17 U.S.C. Sec. 512]: This is a U.S. copyright law, signed 1n 1998 by President Clinton, which implemented two 1996 World Intellectual Property Organization treaties and added stronger penalties for copyright infringement on the Internet. The DCMA makes it a criminal offense to circumvent any kind of technological copy protection, even if you don’t violate anyone’s copyright in doing so. Simply disabling copy protection is a federal crime. Even if you “crack” DRM, without making or distributing illegal copies of the copyrighted material, it’s against this law, which applies to all sorts of copy-protected files, including music, movies and software. Click HERE for a summary of the law. |
||||||||||||||||
|
THE STOP ONLINE PIRACY ACT (“SOPA”): Introduced in October, 2011 by Rep, Lamar Smith (R-Tx) at the urging of the Motion Picture Association of America and the U.S. Chamber of Commerce, if adopted, will authorize the Justice Dept. to direct U.S. companies to stop hosting or providing payment services to foreign sites that illegally stream American content. It could order search engines to stop listing such sites and domain registrars to direct traffic elsewhere. A similar bill known as the ProIP Act (“PIPA”), is being considered by the Senate. Both are aimed at stopping the illegal streaming of movies in the U.S., which has become a big business. |
||||||||||||||||
|
PROTECT IP Act (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011) (“PIPA”) The Senate counterpart of SOPA. [See discussion below.] |
||||||||||||||||
|
Online Protection and Enforcement of Digital Trade Act (“OPEN”) A draft act by a partison group of House members supported by the tech industries as a compromise to SOPA and PIPA. [See discussion below.] |
||||||||||||||||
|
A discussion about DCMA, SOPA, PIPA and OPEN Anti-Piracy Laws: DCMA has protected against copyright infringement since 1998. For example, if a YouTube posting violates an author’s copyright, the author may post a “takedown notice” with YouTube demanding that the infringing materials be removed from the site. YouTube, in turn, sends the alleged infringer a notice, allowing him to counter file if he believes he has not infringed and, if the allegations are not settled, the issue may ultimately go to court for resolution. The problem is that this works fine for U.S. based infringers, but not well at all for overseas infringers (such as, for example, torrent hub The Pirate Bay). Because of this, the SOPA was introduced in the House in October, 2011 and is currently pending and PIPA was approved by a Senate committee in May, 2011. Both of these bills tackle the issue by moving up the Internet chain. While the U.S. can’t force overseas sites to take down copyrighted work, it could at least permit companies to obtain a court order to stop U.S. companies from providing their services and links to those sites, making it much harder for U.S. internet users to find and access them by delisting them in search results and refusing to connect to the servers and requiring advertising companies (like PayPal) to cut off payments to it. Moreover, SOPA potentially puts site operators on the hook for the content their users upload, deeming it responsible if it fails to take “deliberate actions to avoid confirming a high probability” that its service will be used for copyright infringement. It is this language which scares legitimate U.S. technology companies to new and uncertain liabilities and impossible mandates requiring monitoring of websites. Many tech companies have supported the compromise of OPEN, which offers accused sites greater protection and allows cases to be brought before the U.S Int’l Trade Commission, which is more qualified than civil courts to deal with such issues. January 18, 2012 has been designated “Internet Blackout Day” on which certain Internet sites (Wikipedia, Google, Boing Boing, Firefox, Wired, etc.) will go dark or show home pages protesting the two pending privacy bills for a 24 hour period. Right now, none of the new laws have been passed and it doesn’t look likely that they will be, at least without a period or substantial public debate. |
||||||||||||||||
|
On 10/13/2008 President Bush has signed an intellectual property enforcement bill into law, after near unanimous approval by Congress. The new law, named the PRO-IP (Prioritizing Resources and Organization for Intellectual Property) Act of 2008, establishes within the executive branch a position of intellectual property enforcement coordinator (copyright enforcement “czar”), who will be appointed by the President. The law also heightens the penalties for intellectual property infringement and provides the Dept. of Justice with greater resources for handling piracy issues, such as seizure of houses, cars, boats, computers, etc. allegedly involved in the commission of a crime. For my own personal take on this law, see the RANTS page. See also, SOPA, for the House version of this bill. |
||||||||||||||||
|
NO ELECTRONIC THEFT (“NET”) ACT: This law was also passed during the Clinton administration and is the basis for the familiar “FBI Warning” at the beginning of most DVD movies. The NET Act made copyright infringement itself a federal criminal offense (prior to that it was a civil issue), regardless of whether the circumvention of the copy-protection was made for any gain or commercial benefit. Just making a copy of a copyrighted work for a friend can make you subject to up to five years in prison and $250,000 in fines. Click HERE for more. |
||||||||||||||||
|
COMPUTER FRAUD AND ABUSE ACT [18 U.S.C. 1030]: This law was passed by Congress in 1986 to reduce hacking of computer systems. It was amended in 1994, 1996 and 2001 by the U.S. Patriot Act (see below). Because it includes the element of “scienter” (knowledge) that one is breaking into a computer directly or indirectly, the penalties are quite severe, starting at 10 years maximum penalty for a first offense. |
||||||||||||||||
|
UNLAWFUL INTERNET GAMBLING ACT OF 2006: This Federal law criminalizes acceptance of funds from bettors, not the bettors themselves. However, many states have gone the additional step further and make gambling on the internet a felony. For example, Washington state makes on gambling a Class C felony punishable by up to five years in prison and a fine of $10,000. Check your own state’s laws on this subject. |
||||||||||||||||
|
THE 1990 AMERICANS WITH DISABILITIES ACT, 42 USC Sec, 12101 (“ADA”): Section 508 of the “ADA” requires that Federal agencies’ electronic and information technology be accessible to people with disabilities. While most web sites are designed for persons with disabilities to access them regardless of limitation, the same cannot be said of the huge number of available plug-ins. The W3C has compiled a list of guidelines and standards that a website should meet for ADA compliance. Click HERE for more information. |
||||||||||||||||
|
|
||||||||||||||||
|
REVISIONS TO FEDERAL RULES OF CIVIL PROCEDURE REGARDING DISCOVERY OF ELECTRONIC MEDIA RECORDS [E-DISCOVERY]: 2006 Revisions to Rules 16,26,33,34,37 of FRCP Discovery Provisions: You should be aware of these provisions, which govern cases filed after 12/06. Essentially these rules say that businesses must be able to quickly find data when required by the federal court in litigation. That means that every electronic document - - including e-mails, instant messages, financial documents, computer logs, voice mail and all text and graphical documents -- must be easily retrievable. As the result of the Stored Communications Act, a part of the Electronic Communications Privacy Act of 1986, above, (way before the concept of “cloud” storage) , you may discover that your “cloud” service provider may not be particularly cooperative and may not be particularly useful or even obligated to help you retrieve your stored data or return it to you, so be very choosy in setting up your cloud data storage and backup. Also, any scheduled destruction may be the subject of a “Litigation Hold Order” issued by a court. Enterprises must also be able to show that they have a repeatable, predictable system in place to handle (maintain, archive, retrieve, restore) this data, including a data recovery system in the event of loss or failure. Note that case law allows the use of an “adverse inference” instruction if a party fails to produce requested e-mails. This can be quite expensive: Ask Morgan Stanley, which (originally) had to pay investor Ron Perelman a total of $1.45 billion due to their failure to provide requested e-mails pertinent to the suit. Or ask the Office of Federal Housing Enterprise Oversight how it spent 9% ($6 million) of its 2009 budget complying with an e-discovery order from the D.C. Court of Appeals. If you are a business of any size, you should immediately consider developing a Legal Response Plan, which means preserving any information that’s pertinent to litigation, audits or investigations. You must identify relevant time ranges, people and the location of the relevant data so that you can separate it from everything else. Also, eliminate all useless data, you are permitted to do this. FRCP 37(e) recognizes that data destruction is a routine part of standard IT operations and that relevant documents might be destroyed during that process without any malicious intent. Even if you can’t produce every relevant document, good and responsible preparation for e-discovery will be sufficient for most judges. They’re not necessarily interested in perfection, just a reasonable plan which has been followed. For more see FAQ #37.For a discussion about the dangers of texting and e-mailing and how they may be used in investigation and litigation, see the discussion in SOCIAL NETWORKING. |
||||||||||||||||
|
SARBANES-OXLEY ACT OF 2002, a/k/a the Public Company Accounting Reform and Investor Protection Act of 2002: In response to various well publicized scandals such as Enron, Tyco and Worldcomm, congress passed this law, and following regulations (e.g. SAS 70 Type I and II Certifications) which apply to U.S. public (not private) companies, their boards, management and public accounting firms. The law establishes policies for internal corporate control of data, including storage and electronic media protection. If you think you are within the purview of SarBox, call us to develop procedures for you. |
||||||||||||||||
|
|
||||||||||||||||
|
|
|
Health Insurance Portability and Accountability Act [P.L. 104-191] (“HIPAA”): Under this law, health information may not be disclosed without a patient’s express written consent unless it is necessary to administer benefits, payment or health care. All healthcare providers (including doctors, dentists, nurses, hospitals, mental health providers, rest homes, nurse assistants, paramedics, etc.) must comply with this Federal law, passed in 1996. Further, providers must regularly disclose their privacy practices to their patients. Click HERE for HHS guidelines. |
|
|
|
|
|
|
Gramm-Leach-Billey Act: Also known as the Financial Modernization Act of 1999: Includes provisions to protect consumers’ personal financial information held by financial institutions; three principal parts to the privacy requirements are the Financial Privacy Rule, the Safeguards Rule, and pretexting provisions (prohibiting the access of private financial information using false pretenses). Also requires banks to provide written privacy notices. |
||||
|
PCI Data Security Standards: Applicable to those organizations processing credit, debit and cash card transactions to protect cardholders against misuse of their personal information. See the Glossary for additional information. |
||||
|
Federal Information Processing Standards: These are issued by the National Bureau of Standards, Computer Systems laboratory and specify standards and procedures for document processing, encryption and other tasks for use within government agencies or by those interfacing with those agencies through computers. There are also similar standards for some states as well. |
||||
|
KYC: Stands for “know your customer”. This refers to the enhanced due diligence (so-called “EDD”) and bank regulation that financial institutions and others must perform to identify their customers and ascertain relevant financial information about them. It is typically a policy implemented to conform to a customer identification program mandated under the Bank Secrecy Act and the Patriot Act. |
||||
|
U.S. Federal Trade Commission “Red Flag” Rules: According to the FTC, companies are now on the hook for their business dealings, even small or internet companies, should what they sell be used for criminal or terrorist activities or identity theft. The punishments include six-figure fines and even jail time. The new standard is known as the FTC’s “Red Flag” rules (implementing sections 114 and 315 of the Fair & Accurate Credit Transactions Act (“FACT”) of 2003), which have already been passed and are due to go into law on December 31, 2010, after the FTC delayed its rule enforcement for the FIFTH time - it was originally due to start on January, 2009 (although businesses must be compliant by 11/1/2008). One of the delays was caused by defining physicians as creditors whenever they do not require full payent at the time they provide care, due to their privacy considerations (they weill probably be exempt).Since small businesses are most likely to be unaware of these rules or have the ability to implement the required programs, they will be the most likely targets of criminals. If your business involves any type of financing or credit for your customers, you should check out the requirements for these rules. If, for example, you finance a vehicle, or a computer perhaps, that is used later in a crime, you could be held liable if you should have known of a “red flag” that would have required you to report the transaction to the Government. For more information about who the law applies to and how to comply, click HERE for the FTC Business Alert. |
||||
|
Congress has passed and the President has signed a new law titled “The Internet Tax Freedom Act Amendment of 2007”: This law extends the present ban on certain Internet taxes for another seven years. It prohibits state and local governments from imposing taxes on Internet access services, and also on independent e-mail and instant messaging services. This does NOT, however, prohibit SALES taxes on Internet service or on purchases of goods sold over the Internet, which you are already paying in many states (e.g. New York, as of 6/1/08). |
||||
|
|
|
NET NEUTRALITY: [See Net Neutrality for basic definition.] Since 2006, at least three bills have been introduced in Congress which would require ISPs to treat all content passing through their networks in a “reasonable and nondiscriminatory” manner. The purpose of these bills is to prevent companies with monopoly or duopoly power from controlling how the Internet operates and essentially choosing what content is available. None of these bills have ever gotten to a full vote in Congress, perhaps because the mere existence of the dispute has created a fund-raising opportunity for our lawmakers that they’ll probably milk for years. To fill the gap before any legislation will be passed, providers such as Verizon and Comcast have introduced a two-tiered approach, offering both a fast lane and a slower lane, with pricing to match. Broadband providers such as Comcast have taken advantage of this window to also institute “capping” (sometimes called “throttling”) and have already notified their customers that there will be limits on service, with some users charged a premium for heavy usage. Some service providers have allegedly slowed access to certain sites during peak times of network congestion. Opponents of net neutrality claim that a non-neutral net is actually beneficial: Like an auto highway, the Internet highway has its HOV lanes, auto-only lanes, toll roads and the like, without which a single paved roadway for every type of user would (arguably) be very slow. Similarly, a non-neutral net providing higher speeds and priority to some users (i.e. those with time-sensitive information such as stock market transactions, or medical information during an operation) might travel in a different and slower “lane” on the information superhighway than others. Supporters for non-neutrality argue that, especially if certain users are willing to pay extra for the speed or priority (as a driver would for a less-traveled and faster toll road), this shouldn’t bother the slower users, who haven’t paid for the additional speed. In his campaign, President Obama said that he supports net neutrality, and had promised to select only pro-net neutrality appointees to the FTC. He appointed Julius Genachowski FCC head and on December 21, 2010 the FCC issued regulations giving the FCC regulatory power to protect the free flow of information over the Internet and requiring high-speed Internet providers to regard all types of connections equally. So, for example, ISPs like Comcast and Time Warner can’t block web video sites like Netflix and Hulu, or peer-to-peer websites (as Comcast has previously done) and they can’t deliver some sites such as Amazon faster than eBay, which would be “unreasonable content discrimination”. However, these regulations don’t cover wireless providers (watching videos over your smart phone, for example) and doesn’t forbid ISPs from either charging heavy users more than light users or charging some users for faster service. And, of course, Congress may always vote to repeal any or all of these regulations. |
|
|
|
If you travel with your laptop, you might want to be sure that you don’t have anything on it that may hurt you, even if it’s got nothing to do with terrorism. You might think that the luggage inspector can only look to see if the laptop is, in fact, a computer and not a bomb, but that’s not all. According to the 9th Circuit Court of Appeals, customs agents can search your laptop on what amounts to nothing more than a whim, because a laptop is no different to them from a suitcase. The Fourth Amendment to the Constitution does not, in the Court’s view, require customs agents to have reasonable suspicion before searching the contents of laptops or other digital devices. Ask Michael Timothy Arnold, a 43 year old California resident facing charges of transporting child pornography after customs officials seized his laptop at LAX and examined the contents of his laptop hard drive for no particular reason. Now, I’m not condoning child pornography and certainly not terrorism; but I do question the apparent and growing lack of constitutional rights guaranteed our citizens. Also, recent changes to U.S. Customs & Border Protection regulations allows officers to seize, examine and destroy electronic devices (cell phones, laptops, disks, drives, etc.) For links to Transportation Safety Administration guides to laptops, click HERE. |
|
|
|
And then there’s “CyberStalking” and “CyberBullying” laws. Many states have found it necessary and advisable to pass these laws, mindful of those who have abused modern technology to stalk others. And the language, you should be aware, is often very broad. For example, it may be a crime to send a message via e-mail or other computerized communication system (Instant Messenger, Web chat, IRC, etc.) that uses obscene, lewd, or profane language with the intent to frighten, intimidate, threaten, abuse or harass another person. You might want to watch out what you say in your angry communications to companies, dissatisfaction with help desks, flaming discussions in chat rooms, etc., as you may get more than you bargained for in return. The toughest Antibullying Bill of Rights (2011), that of New Jersey, requires that all public schools adopt comprehensive antibullying policies (some 18 pages of “required components,” increase staff training and adhere to tight deadlines for reporting episodes. This was the direct result of the suicide of Rutgers University freshman Tyler Clementi (see above, at Privacy legislation. |
|
|
|
CYBERSECURITY LAWS: 46 states have passed some sort of cybersecurity law protecting personal data. Now, in an effort to unify these laws, the federal government has proposed the Personal Data Privacy and Security Act. As of December, 2009, the bill has been approved by the U.S. Senate Judiciary Committee, and will go to the Senate for full deliberation. The Act calls for government and private entities to follow stricter rules for protecting sensitive and personally identifiable information. Entities will have to execute detailed risk assessments and susceptibility tests, and be required to implement safer approaches to accessing sensitive data, detecting and recording illegal access to the data, and protecting data at all times. HOWEVER, don’t expect these privacy laws to apply to the Government, which is pretty much exempt from penalties against snooping on the Internet, which it regards as a public domain. For further discussion, see Social Networking; also Echelon, Carnivore. |
|
|
|
|
|
Communications Assistance for Law Enforcement Act of 1994 [and related regulations issued by the Federal Communications Commission]: Telecommunications, information and internet service providers must provide a means (a so-called “back door”) for U.S. federal agencies, usually the FBI, to view the ostensibly private data of their subscribers when lawfully ordered to do so. Notice the trouble that RIM, the Canadian company that manufactures Blackberry smart phones, got into in 2010, when the United Arab Emirates banned the phone service in that group of countries because RIM refused to modify its information architecture in such a way that would enable UAE authorities to intercept the communications of select subscribers. The federal government also has the means to lawfully intercept and monitor real-time and stored electronic data as part of its counter-terrorism policy, in ways that are not explained to the public for obvious reasons. The Obama administration, through federal law enforcement and national security officials, are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone. Officials want Congress to mandate that all services that enable communications (including encrypted e-mail transmitters such as BlackBerry, social networking sites such as FaceBook and direct peer-to-peer messaging such as Skype) be technically capable of complying if served with a wiretap order, so that they will immediately able to intercept and unscramble encrypted messages. This bill should be submitted to Congress in 2011, so stay posted. |
|||
|
If you are using your computer for telemarketing because of the low cost and availability of so-called “robocalling” software, you should be aware of the FTCs new TSR (“Telemarketing Sales Rules”), effective 9/1/09, prohibiting such calls without express written permission, at a penalty of $16,000 per call. Think twice before using this type of marketing unless you fall under one of the exceptions. The rules can be found at http://www2.ftc.gov/opa/2008/08/tsr.shtm. For more see TELEPHONE. Also RANT. As usual, this law didn’t work! |
|||
|
|
|
And while we’re discussing state laws, be aware of some states (such as California) that have passed so-called Security Breach Disclosure Laws, requiring any company doing business in the state to notify their California customers if they discover or suspect that nonencrypted data about them has been accessed without authorization. This applies even if the company is physically outside of California, or is a small business. |
|
|
|
FEDERAL AND STATE ELECTRONICS RECYCLING LAWS: You should be aware that, as of 2010, 23 states and several individual cities have enacted electronic waste laws which dictate electronics disposal methods, controlling how manufacturers recycle and dispose of electronic waste, and also limiting how and where consumers may dispose of their electronics. If you’re looking for an electronics recycler, look for an e-Stewards certified electronics recycler, which assures that it complies with all environmental mandates for electronics recycling. For a somewhat up-to-date listing of the laws by state, click HERE to view the compilation by the Electronics Takeback Coalition. |
|
|
|
Credit Card and Consumer Warranty Laws: Just because your computer equipment, camera or other hardware dies just after the manufacturer’s warranty expires doesn’t always mean that you’re completely out of luck. Don’t forget to check your credit card warranty provisions. In many cases, if you purchased the product with a credit card, you automatically get the added benefit of an extended warranty, in some cases double the original warranty. Also, many jurisdictions (Maine, for example) have “implied” warranties that may take precedence over the manufacturer’s warranty, stating that the article must be usable for the purpose intended for the length of time most such articles are useful. Check HERE for a list of consumer protection offices. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Software Compliance Audits: Audits for contractual compliance by software providers as well as government audits for compliance with Sarbanes-Oxley and other laws and regulations, in addition to specific security requirements for companies awarded federal, state and local contracts can open your organization up to audits substantiating your company’s compliance in choosing, purchasing and operating various software. Whether you are a small or a large business, the challenges and threats are essentially the same; non-compliance can subject administrators to personal liability, meaning fines, confiscated assets or even jail time if they knowingly have unlicensed software on their network. Staying compliant with software licensing agreements is a must, given the prevalence of software and the ever-increasing complexity of IT infrastructures (virtualization, for example) and licensing agreements. A combination of automated discovery technology, good policies and procedures and lots of oversight are imperative. A dated spreadsheet just won’t survive an audit. We recommend, and implement, an external annual audit combined with an automated discovery tool to identify where software is installed in the enterprise, and a central source for all hard-copy information. Call us for further information. |
||||||||||||
|
A NOTE ABOUT “COMPUTER FORENSICS”: Electronic records have now reached the mainstream of the law, as shown by the revisions to the Federal Rules of Civil Procedure. You can no longer plead ignorance of your electronic, computer and e-mail records when faced with a dispute or litigation. Associated with this trend is the field of “computer forensics,” the investigation of digital evidence. Forensic investigators are professionals who ensure that evidence will be admissible in court, for defense or the assertion of claims. If you have computer records that might be evidence in a court proceeding or other dispute (e.g. mediation), you must secure the evidence and preserve a dated digital copy, keep a manifest log of those who have handled the records, and provide a chain of custody for the media to prove that there was no tampering or alteration of the media or the data within. It’s no surprise, then, that many of the SaaS vendors [e.g. Message One (Dell) and Postini (Google)] are offering e-mail archiving and search capabilities. With our legal background and experience, we are uniquely capable of assisting you with this protection, but you must call immediately, before data is compromised, otherwise it may be inadmissible! If you’re on the receiving end of a lawsuit, you could be charged with obstruction, also quite unpleasant. [Of course, it’s always a good idea to plan ahead, and have a data archive and disaster recovery plan in place before litigation, and we can help you with this as well.] |
||||||||||||
|
WHY LAWSUITS ARISE AND HOW TO AVOID THEM: Our court system is filled with disputes about computer hardware, software and systems that allegedly don’t perform as required (or at least up to customers’ expectations). Why? The single largest cause by far is that the parties to these disputes don’t read the contract between them, as it is solely that written agreement which controls the relationship and the promises between them. Not the pre-contract discussions, not the sales team’s representations, not the software vendor’s sales literature, it is the contract which finalizes and supercedes all of these negotiations and representations. That is, none of the previous statements, whether oral or in writing, survive. The contract even says so in virtually every case. In my experience as both a litigator and an IT expert, I have found that, because the vendors are trying to sell their system by often telling the customers whatever they want to hear (leaving it to the poor souls in technical support to resolve specific “issues” later) and, conversely, because the customers are hearing what the reps are telling them while all the time trying to superimpose their own particular business demands on the software, the “meeting of the minds” that is supposed to result in a binding written contract really never occurs. And the contract that does result is, as always, skewed in favor or the vendor, not the customer. Contracts, as a whole, are drafted in a negative way, that is to favor the drafter, in this case the vendor, in the event of any possible disputes that may later result between the parties. They are almost always “contracts of adhesion,” meaning that the customer doesn’t get to change any important terms in the agreement, and is forced to deal with a take-it-or-leave-it deal. Whether it is a loan agreement, real estate lease or software contract, it will almost always favor the vendor, not the customer. Add to this the natural reluctance (mostly because of cost and sometimes because business owners believe that because they know their own business they are qualified to act as their own attorneys) of customers to consult attorneys to review contracts and you have a predetermined disaster when the parties’ expectations are not met. If the purchasers of computer software would think to ask who owns the underlying code for privately developed software (usually the vendor, not the customer) or how changes to the baseline are made and priced or how the sub-vendors licenses fit with the providers own licenses, or the responsibilities of the customer (yes there are some - e.g. sufficient electrical power or memory), down-the-road issues could be avoided. Lawyers have a saying: “When all else fails, read the contract, stupid!” Hopefully before you sign it.If you have any doubts about IT contracts, call us for a review and advice before you sign it...It could save you time, money and frustration later. |
||||||||||||
|
IS SEXTING ILLEGAL? No, not per se. For example, two adults sending each other naughty photos or using sexual language, not illegal at all. It’s protected speech under the 1st Amendment. But when sexually explicit content includes a participant who is under 18 years of age, child pornography laws may apply. Take the case of the boys in Chinook Middle School in Lacey, Washington who in 2011 circulated the photo of a naked 14 year old student, posted by the boyfriend who just broke up with her. They were all charged with child pornography, although later the charges were dropped to a telephone harassment misdemeanor charge with a lengthy probation involving student education of the dangers of sexting. Although the girl in the photo wasn’t charged (the D.A. reasoned that she was a victim), the incident has caused her continuous pain even after she changed schools, as the Internet follows us everywhere. It also illustrated the fact that parents had little idea about what their children were doing with their cellphones and that it might have been illegal or harmful. Girls, by the way, are much more often the victim of forwarded sexts because boys are far more likely to forward sexts to their friends than girls are of their boyfriends. |
||||||||||||
|
THE TRUTH IN CALLER ID ACT OF 2009 [47 U.S.C. Sec. 227(e)(1)]: Signed into law on December 22, 2009, this law amends the Communications Act of 1934 to prohibit manipulation (“spoofing”) of caller identification information for purposes of defrauding or otherwise causing harm. There are some exceptions, such as for law enforcement, medical communications and women’s shelters, where confidentiality and privacy allow the hiding of legitimate telephone numbers for public protection. The FTC adopted rules implementing the Act, which subjects violators to penalties of $10,000 per incident and up to $1 million for repeated violations. |
||||||||||||
|
IS THERE GOING TO BE AN INTERNET SALES TAX? Most likely, someday. Probably never a federal tax, but state taxes, and that’s the problem. Usually, states collect sales taxes in those state where a company is incorporated or has some sort of “nexus,” such as offices, sales teams or a warehouse. But in the internet age, these distinctions don’t really work. The old system of taxing a real-world exchange of tangible goods as opposed to the exchange of goods in a cyberspace marketplace that exists both everywhere and nowhere is more than difficult, and has resulted in states crafting tax regulations that don’t work or don’t work fairly. Add to this the concept of cloud computing, where a company may no longer transact business through its own server computer in it’s own home office location, but through leased equipment somewhere inside or outside of the country (or, worse, in varying locations at various times, caused by it’s vendor’s “load balancing”), drop-shipping of goods from outside the country, or even the purchase of a company which may have existing tax obligations in other states where the purchaser didn’t do business, and you can get some idea of the problems to be solved. Some of the larger companies such as Amazon, Verizon and Apple have been pushing the Fed for a limitation on the states’ authority to tax the cloud, but that hasn’t happened either. Although it may happen some day, that day appears to be a long while off. As the amount of lost revenue increases, that day will come sooner. But no state wants to be the first to drive off businesses, so until a fair tax regulation comes about, it won’t happen. |
||||||||||||
|
||||||||||||
|
|
 |
|
|
|
|
|
|
|
|
||||||
|
© Computer Coach. All written materials are the sole property of Computer Coach (unless otherwise attributed) and no part of this website may be used in any format without the express written permission of Computer Coach. |
||||||
|
|
||||||
BLOGGERS MUST DISCLOSE PAYMENTS FOR REVIEWS: Starting December 1, 2009 (unless extended), the FTC has unanimously approved guidelines for the first time regulating deceptive and unfair practices in on-line and blogging testimonials. Consumer Reports states that almost 80% of on-line shoppers check user reviews first. In order to gain consumer’s trust many unscrupulous companies use their own employees or paid endorsements to masquerade their advertising. Now, the FTC will require that bloggers and reviewers on the Web “clearly and conspicuously” disclose any freebies or payments they get from companies for reviewing their products and any association with those companies. It also prohibits advertisers featuring testimonials that claim dramatic results from hiding behind disclaimers that the “results are not typical”. Penalties for violations will be severe, including fines ($11,000 per incident) and injunctive relief against the blogger, or more likely, the advertiser. (Lifestyle Lift was recently fined $300,000 because its employees published positive reviews and other deceptive actions.) But these disclaimers may still be difficult to find. So, if you only see positive reviews with no negative factors, or no mention of personal experience, question their credibility. 
CONTROLLING THE ASSAULT OF NON-SOLICITED PORNOGRAPHY AND MARKETING ACT OF 2003 (“CAN-SPAM”) [15 U.S.C. Sec. 7701-7713]: Establishes the U.S.’s first national standards for the sending of commercial e-mail. The success of the act has been debated, and the anti-spam activists commonly refer to it as the YOU-CAN-SPAM law because it doesn’t require the e-mailers to get permission before they send marketing messages. There are also state versions (e.g. VA) of the Federal CAN-SPAM law.
U.S. PATRIOT ACT (Stands for Uniting and Strengthening America by Providing Appropriate Tools Required To Intercept and Obstruct Terrorism Act of 2001 (P.L. 107-56): This Act, passed in response to 9/11, increases the ability of U.S. law enforcement agencies to search telephone and e-mail communications, among other things.