The law for justice: Cyber Law

Ecommerce - The Importance of Having a Privacy Policy

A privacy policy, also known as an information management policy, is an agreement between a website operator and a website user that determines how the operator intends to use, collect, store, share, and protect the data that the user shares through interactions with the website. Even a little more than a decade ago, some commercial websites did not have privacy policies, but now, virtually all websites have one. These policies, which should be separate from the website's terms of use agreement, are a necessity for several different reasons.

The Policy Can Foster Transparency and Trust between Operators and UsersIn connection with privacy policies, website users usually want to know two things: what information the website collects and how that information is used. Best business practices dictate that website operators let users know the answers to those two questions and let them know how to control that use.

Some websites inform users that they simply collect information for their own use, and other websites disclose that they provide that information to third parties under certain circumstances. eBay's privacy policy, for instance, tells users that it does not "disclose your personal information to third parties for their marketing and advertising purposes" without the user's explicit consent. The policy says eBay may share personal information to third parties when it is necessary to prevent fraud or use the eBay website's core functions. The extended version of eBay's reader-friendly policy could be improved by specifically informing users at what points of service the information is collected and how it is shared at each point.

A website should also update users whenever the privacy policy changes. It should let the users know when the new policy will go into effect, and it may allow users to agree to the changes, explicitly through a dialogue box or implicitly through continued use of the website.

The Policy Can Help Shield You from Legal Liability

Although there is no general federal law outlining privacy policy requirements for websites that collect information from adults, several state laws and minor-specific federal laws exist. For instance, the California Online Privacy Protection Act of 2003 (OPPA) requires that website privacy policies must contain certain information, including: "personally identifying information collected, the categories of parties with whom this personally identifying information may be shared, and the process for notifying users of material changes to the applicable privacy policy." The Children's Online Privacy Protection Act (COPPA) requires operators to maintain a privacy policy if the website is directed to children under the age of 13 or knowingly collects information from children under the age of 13.

The Importance of Having a Terms of Use Agreement for Your Website and eCommerce

A terms of use agreement serves as a contract between a website operator and a website user, essentially allowing the operator to set ground rules for the website's use. These agreements have become a near-necessity for website operators because they help show that users understand how they are permitted to interact with the website and that they have agreed to adhere to those parameters of interaction. Thus, any company with an online presence should consider including a well-crafted terms of use agreement for several reasons.

The Agreement Can Help Protect Your Website's Content

Within a terms of use agreement, the operator can inform users of how they may use the website and how they may not use a website. Further, if the website allows account registration, the agreement may include a termination clause, which permits the operator to terminate the account and ban the user from the site, typically at the operator's complete discretion.

A terms of use agreement may also limit the operator's liability by disclaiming that the operator cannot be held liable for any errors found in the website's content or by limiting liability to the amount that the user paid for the website's services. It may disclaim warranties of fitness or merchantability that might otherwise apply to products that the website sells.

Finally, the terms of use agreement can determine the jurisdiction that will govern the interpretation and adjudication of the agreement. Typically, the jurisdiction should be where the law is favorable to the operator or where the operator is physically located.The Agreement Can Help Protect Your Website's Users

A terms of use agreement can also help ensure that a website user's interaction with the website is a pleasant experience. For instance, the agreement can dictate the way in which users can interact with each other, and it can disallow spamming or directing abusive content toward other users. Such provisions are typically coupled with the previously mentioned termination clause.

The Agreement Can Help Protect Your Intellectual Property

An intellectual property clause within a terms of use agreement can provide an invaluable opportunity to reinforce protection of any intellectual property integrated into the website. Generally, it might say that the website and its original content, design, features, functionality, and other intellectual property are owned by the website's operator.

A detailed terms of use agreement is an important safeguard for any company with an online presence. And the most important thing to remember is that mutual assent between the website operator and user should be present if a company wants its agreement enforced. Read for more for additional information regarding terms of use agreements, internet business, and eCommerce.

What Are Cyberbullying, Trolling and Cyberstalking?

CyberbullyingOur culture and probably most others have historically felt that bullies are bad news, but that being bullied is also a rite of passage. We often think that bullying tends to end with grammar school. Nothing is further from the truth.

As a culture, we tolerate and often reward adult bullies - especially bully managers in the workplace. We celebrate bullies in entertainment as warriors and winners (even as we also celebrate a bully getting his or her comeuppance), and although hazing in schools, the military, and fraternities are getting pushback from the culture, we otherwise do little to eradicate bullying. Our politicians are often famously bullying in nature. Unless there are dead bodies, it seems that we expect people to just put up with it (or fight back).

As harmful and heinous as bullying can be, cyberbullying takes things a step further. Cyberbullying uses the Internet and other electronic forms of technology to post mean or embarrassing photos, messages, emails, or to make threats. However, the attacker is often anonymous - unknown - and there is no one to fight back against. As a result, the potential cyberbully is often emboldened to create as much havoc with their victim's life as possible. The potentially viral nature of such posts - that is, the ability for these posts to be replicated widely, quickly, and endlessly - doesn't happen in a face-to-face encounter.

A typical (non-cyber) bullying event happens at a moment in time and then is over (although another such event may occur). The bullying happens at a location in space - a street corner or the office, perhaps. A bullying is often witnessed, with the victimizer known to everyone present. A cyberbullying incident, on the other hand, can be spread to hundreds of people in seconds and millions of people in fairly short order, can persist for a lengthy period, can be distributed worldwide, and has no one to answer for their action.

As a result, damage from such an incident can recur and echo over and over. Sadistic sorts can take pleasure in repeating and reposting, and even create web sites to encourage their persistence. These sites cause a pile-on effect, with fellow nasty travelers putting in their own often excruciatingly foul insults, reposting the private images, and multiplying the harm. Some may not realize or care about the damage they cause; others delight in it.One unfortunate creation of cyberbullying is "revenge porn." There are sites on the Internet that are in place solely to embarrass and hurt people (mostly women) by electronically publishing and reposting sexual images of a former lover or interest. Some such postings are designed to embarrass associates of the person whose pornographic image is being posted. The target may be the former boyfriend or husband with the victim being "collateral damage." Even well-known individuals may participate in the ugly behavior, such as the recent case of a hip-hop star and his site featuring pornographic video of a girlfriend of hip-hop in his beef with a rap.

Many victims of seemingly endless cyberbullying, including clients who have come to us for help, have had their self-esteem devastated. Others have been driven to substance abuse, dropping out of school or society, and such bullying behavior has even been implicated in suicides. While not usually considered a crime, it is far from victimless.

Cyberstalking

Cyberstalking is a more specific form of cyberbullying, and like cyberbullying, is much enabled by the anonymity possible via the Internet. It is the use of the Internet and other technology to harrass someone, although some cyberstalking can be secret for a time. While a "traditional" stalker may shadow a victim's movements, spying on them from hidden areas, or with binoculars or telescopes, the cyberstalker keeps an eye on their target(s) electronically.

Much of our social life is semi-public these days, on social media such as Twitter & Facebook. The Internet makes it easy for a person to hide his or her identity, make a fake identity, or pose as someone else - as a false friend perhaps - making it simple to spy on a person's activities via social networking. Like cyberbullying, the ease of anonymity on the Internet may embolden the cyberstalker, thinking (often correctly) that they will not be found out.

We regularly encounter cases where the stalker has managed to research and guess credentials for their victim's email or other online accounts making it easy to discover the victim's whereabouts, conversations and correspondence. In some of these cases, the perpetrator will even impersonate the victim, sending faked emails and messages, posting as the victims themselves, or publishing embarrassing images as if the victim herself were the source of the statements, pictures, or videos.

This has come to be understood and adjudged to mean that the government can't keep you from saying your piece, no matter how much the government, or anyone else might disagree. This applies to all government in the U.S. - Federal, State, local entities and public officials of those public entities. You are free to speak in "the Public Square." Note that the concept of the Public Square applies only to governmental entities, property and officials. It does not apply to private or commercial property. Property owners or business owners can prohibit you from saying certain things, or from saying anything at all on or within their own property, business, or broadcasts unless it is otherwise allowed.

Stalkers can find a way to infiltrate themselves into the fabric of the victim's financial, social, and family life, leaving personal lives in tatters. Though it is easy to read about such events and behavior - it's all over the news - the victims often find themselves not being taken seriously, with friends and loved ones calling her neurotic or paranoid. Because the cyberstalker is often trying to damage the victim's reputation, the reactions of those close to the victim often further the stalker's aims.

And while cyberstalking is illegal in many places around the country and around the world, these actions rarely rise to the level law enforcement needs to see in order to take it seriously, or to investigate. Read between the lines in the news and you will find that nearly all arrests that include cyberstalking also include a dire threat, a violation of an existing restraining order, ID theft, theft of physical property, or child abuse.

Trolling

Internet trolling is a behavior wherein the troll intends to inflame, upset, or otherwise damage civil discourse. In the context of this series of articles, it tends toward disrupting the online or public communication of others through the use of vile invective, insults and other verbal havoc. It is often misogynistic. The ability to be anonymous on the Internet removes much of the inhibition a person might otherwise feel to behave so uncivilly.

What To Do?

A common thread throughout the described behaviors is the ability to be anonymous on the Internet. One might imagine that removing the option for being anonymous would remove the motivation for the behavior, but in this case, the solution would arguably be worse than the problem. In part one of this series, we discussed free speech - one of our most important rights - and the importance of anonymity. Both have played a huge role in the very creation of our nation and continue to protect those who would speak out about abuses, even as said anonymity enables other kinds of abuse. What are we to do?

Who Has Our Credit File?

Interesting question, Isn't it?

Who has our credit file...The problem with answering that question, is there is not a simple answer that we want to hear, because the truth is a hard pill to swallow.

To do this, I would like for us to look back in our more recent history, so that we may follow a chain of events that leads us to where we have ended up at today. I will first present some scenarios to you, so that you are thinking in the same terms as we do in my business of Data/Information Security.

Let's begin with our Credit Scores; We all know that we must have good credit scores in order to do the things that are necessary in life, such as buying a car or house, taking out a loan, and opening credit card accounts. Now most of us also know that there are "Credit Bureaus" which are responsible for those numbers being in existence. How often, though, have you considered that they must track your information and all of your purchases in order to produce and maintain those records?

The truth is: That is done continuously. Not only by the Credit Bureaus, but by a myriad of other organizations which have the sole purpose of monitoring and recording our transactions; they are Information Brokers. Our Personally Identifiable Information (PII) is something that is widely monitored by numerous groups for one purpose or another, and that information is also then bought and sold by Information Aggregators.

Very Interesting, right? I thought so too!Of course, this brokering of information is all very benign in nature, because many businesses rely heavily on the exchange of this personal information, including law enforcement and the Federal Government. Did you know there are also organizations tied to the very Credit Bureaus whom provide us our credit scores, that are in business as Information Brokers and Information Aggregators?

I also found that very interesting, and I will explain why.

Many of these Credit Bureaus also have subsidiaries or child companies which provide "identity theft" related services, which amounts to nothing more than their customers paying them to monitor their credit, which is something that their organization is already doing. So, now, let's add insult to injury in the fact that federal laws have been enacted which more or less requires corporations who are unfortunate victims of data breaches, and that number climbs daily it seems, to offer to their customers (the innocent victim) "identity theft" services. Remember the services I just mentioned that the child companies are offering? Well, guess what, take a look at who owns the company providing the services being offered next time you read a news report about a new business suffering from a data breach.

Let's recap what has been covered: Credit Bureaus monitor our information; Information Brokers gather our information for the Credit Bureaus; Information Aggregators buy and sell our information which was gathered by the Information Brokers; Child companies of the Credit Bureaus are offering credit monitoring services for us when we become identity theft victims due to data breaches.

Now imagine for a moment what would happen if an Identity Thief were to impersonate one of these Information Aggregators... Scary, right? Well, unfortunately, it has already happened at least once - you will remember it as when one of the well-known Credit Bureaus alerted the public that they had been the victim of a breach. I fear that it will happen againBusinesses, I have found, have much at stake when it comes to their employees falling prey to the scenarios I have mentioned, both with the corporate bottom line as it relates to productivity, as well as the employees suffering from more medical related issues caused by the undue stress.

Being an advisor has provided me instances where numerous products and services have been discussed, and I am pleased to say that although there honestly is nothing we can do about the loss of privacy our information has, we do have the ability to take matters into our own hands and ensure that if our information is misused in any way, we have the best resources available and that will help alleviate the stresses that are sure to ensue.There are steps which can be taken today, which will guarantee that when the inevitable happens, you are equipped with the tools necessary to put things back as they were before the event.

Federal Rules of Civil Procedure and ESI - The 2006 FRCP Amendments

Federal Rules of Civil Procedure and ESI - The evolution of e-discovery and computer forensics, Part 3: The 2006 ESI Amendments to the FRCPThe field of electronic discovery and digital forensics is rapidly evolving. In the early years of this millennium, discovery rules dealt primarily with paper, but with the advent of the computer age, documents are drafted electronically and important rules regarding Electronically Stored Information still needed to be invented. This series looks at a few of the major cases, opinions and outcomes that have informed this evolution. This article describes the important 2006 Amendments to the FRCP.

Following on Judge Shira Scheindlin's rulings and guidance through 2005 in the precedent-setting Zubulake V. UBS Warburg case, there were several Amendments regarding Electronically Stored Information (ESI) made to the Federal Rules of Civil Procedure (FRCP) that took effect at the end of 2006. Importantly these new rules treat ESI as a specific thing separate from "documents & things." Rules 16, 26, 33, 34, 37, and 45 were amended and the ripples have moved through American law and States' law in the ensuing years.

Rule 16 is concerned with scheduling of discovery. The new language encourages that ESI be considered early in the process. The new language added to Rule 16(b) is: "provisions for disclosure or discovery of electronically stored information" and "any agreements the parties reach for asserting claims of privilege or protection as trial preparation materials after production," which more or less comes around to: include scheduling production of ESI early on in discovery.

Rule 26 is concerned with the Duty to Disclose. It previously required both parties to disclose the category and location of all documents and things that it will use to support its claims or defenses. The producing party has a duty to disclose relevant information that's been requested. Hiding data is deeply frowned upon by the court and could have negative consequences. What is acknowledged in the new changes is the fact that ESI may actually be easier and less expensive to produce than the (previously) traditional hard-copy format. But also acknowledged is that some ESI may not be reasonably accessible and if it will be an undue burden or cost, the producing party may be able to forgo said production. However, the requesting party may move to compel the discovery, requiring the producer to show why it's not reasonably accessible. The court may consider the balancing rules formerly established by Judge Scheindlin in Zubulake v. UBS and order disclosure after all.

The Amendment to Rule 26 also provides for clawback provisions for inadvertently disclosed data. Given the large volume of data that may be produced as ESI, it's not unusual to accidentally disclose something you don't want to with the incredible wealth of information that can be produced electronically. There are to be accommodations for getting that data back and not allowing it to be used as a part of the case.

The Rule 26 provision that encourages parties' conference & voluntary agreements early also encourages extra planning and requires counsel to preserve discoverable information, consider issues relating to disclosure or discovery of electronically stored information, including the form or forms in which it should be produced, and to consider any issues regarding claims of privilege or protection as trial-preparation material. Cooperation at the outset regarding what is to be included should now be part of the process.

The Rule 26 Amendments also state that what's easily accessible should be the first to be obtained. For instance, with email the first thing to go after is existing email sitting on a server or workstation, and documents visible to the user. If backups or offline storage is likely to produce relevant data, a small amount should be sampled first, to see the likelihood of there actually being ESI that is relevant enough to be worth the cost and effort.

The Rule 33 Amendment dealing with interrogatories to parties settles the question of whether or not ESI should be produced. It should be.

Rule 34 Amendment deals with the production of documents & things for inspection. The Amendment to this rule explicitly recognized ESI as a category distinct from "documents and things."The new amendment also allows and encourages sampling of data. In a case that may have many - dozens or hundreds - of backup tapes, for instance, just a few should be restored and extracted first, to see if the resident data is of particular value to the case.

The Amendment to Rule 37 is the "Safe Harbor" rule. Although sanctions had been established as a consequence for spoliation of ESI, this amendment says that the court may not impose sanctions if the data was lost due to routine, good faith operation of an electronic information system. This rule is somewhat controversial and changes to it are currently under consideration. However sanctions would at least be appropriate if the data was lost due to purposeful destruction with intent to deprive the other party of ESI relevant to the case.

The Subpoena Practice-oriented Rule 45 again specifically includes ESI as a category of discoverable information. It again allows for the data to be requested produced in a specific form. It again revisits the provision that undue burden or cost may preclude discovery. It revisits the responsibility to preserve evidence until the claim is resolved.The 2006 ESI Amendments memorialized at a Federal level rules for production and preservation of electronic data. As technology leaps forward, the courts must evolve to keep up.

Missing Persons Investigations of a New Age

George Orwell's novel Nineteen Eighty-Four was first published in 1949. You'd have thought that his vision would no longer be up-to-date 65 years later. The world he described was a world where Big Brother was watching people, constantly seeking information about crime think or any other kind of offence against the glorious super state of Oceania.

Edward Snowden showed us, that what Big Brothers these days are doing is not all that different from what Orwell described. Sure, the technology is quite different from what he had envisioned, but Orwell's novel is not about science and technology, but about the horrible world where governments might monitor our every move, observe us in our most intimate moments and know about everything we do. Modern day supercomputers, satellites and all sorts of technology make that easily possible for various government agencies.

Yet there is so much information out there that is easily accessible without any spying satellites, supercomputers or without bugging mobile phones. It's the information millions of users are putting online every day of their own free will, just to get some likes, re-tweets or shares. People tell themselves that they are doing this to stay in touch with each other, but they fail to realize how much of their personal information they are giving away every moment of every day.

With more than half of Australians being active on Facebook, it seems like this would be the most promising social network to start an investigation. The information found on Facebook is truly varied. There are photographs, comments as well as check-ins that give away a person's current location. Furthermore there is a time stamp on everything, which makes it easy to create a collage of events a person went through at a certain time. No special equipment is needed for all of this with much of it capable of being performed with a simple smart phone.

Of course people tend to forget, that social media doesn't mean just Facebook and Twitter. Apart from other household names like LinkedIn, Google+ or Pinterest, there are dozens of other smaller, niche websites that cater to all sorts of profiles. Finding information across all of these platforms can turn into a large investigation on its own.

Investigating social media is not only about snooping either. People tend to forget, that Facebook is first and foremost a platform for communication. As many people from the younger generations no longer even have a landline and choose not to publicly reveal their mobile number, Facebook and other social media may be an easy way of tracking them down for communication or to even serve court documents.

Being a private investigator and not knowing anything about social media is something that has become unimaginable in this day and age. While traditional methods such as surveillance are still very effective, they are considerably supplemented with comprehensive desktop investigation based on extensive social media profiling and as the next generation moves more of their life onto the internet the value of this brand of profiling is only going to increase.

Stay Safe in the Online World

The Internet is a wonderful place. It provides millions of people with access to information that they would have never been able to procure through traditional means. However, as many people have learned the hard way, there is also a darker side to the Internet where crimes are committed and criminals hide behind a wall of anonymity.

Things get hacked, people post embarrassing photos and children and adults are lured into sordid things just from a few clicks of the keyboard. The past year has seen two major hacking scandals. One was perpetuated by a legitimate, British media agency (which has now closed) and the other happened by a person with impure motives.

Both incidents highlighted how easily accessible the Internet is and that even the most well-protected websites are vulnerable to attacks. However, one of the biggest threats to their online security is the person who is the owner of the web accounts. Many cyber attackers use phishing to garner information from unwitting suspects.

Phishing is simple. It asks the intended victim to provide sensitive information so the attacker can have access to their accounts. Yet, if one thinks that they cannot be fooled by phishers, he or she should understand that many of them use complex methods to retrieve the information.

Phishers make almost exact replicas of emails from legitimate companies that the intended victim does business with. It then asks for the target to reveal their login information and password or else their accounts will be cancelled. This is a farce and meant to throw the target into confusion.

The simplest remedy is for the target to directly call the real company's phone line and ask them to confirm the situation. Many times they will tell the target that the email is a scam and to ignore it.

The Internet's anonymity makes it easier for people to send out fake emails and create fake profiles. Many a fake profile has caught a person unaware and it was only after they lost their money, their love or sadly their life.

Many people know about scams originating primarily in West Africa which target people in the West. Yet, there are also scams where these same people hide in online dating profiles and pose as handsome military officers and doctors hoping to find the loves of their lives.Although the Internet has helped numerous people find the loves of their lives, they should question anyone that asks for money for medical bills, house repairs or anything else. It is a scam. However, most of these issues can be prevented by a simple Skype chat.

The scariest method that many people use is to attack children. Chat rooms are a notoriously dangerous place for a child to reside. Many men lure minors through age-appropriate chat rooms. They pose as a person (usually a boy) and gain a girl's confidence.

Then they typically ask them to send lewd photos, meet them somewhere or run away from home to be with them. This is a very dangerous thing to do and parents should monitor their children's interactions within chat rooms (including Facebook) or block them altogether.

Another major security issue is malware. Malware infects a computer and sends information back to the source. There are very good malware blockers on the market. Yet the computer's owner should continue to update all antivirus programs and only use one antivirus program to prevent multiple blockers from cancelling each other out.Although the Internet has managed to transform the world as we know it, it has also given criminals an endless supply of potential targets. Yet, people should know the pitfalls of the darkest reaches of the Internet in order to protect themselves and their families from any unfortunate incidents.

Computer and Technology Forensics Expert: Managing the Risky Business of Company E-Mail

As an employer, Human Resources Director, or Risk Management Supervisor, ask yourself this question: "Do our employees think about the legal risk of sending communications over the internet?" If you are like the majority of companies, your answer would be, "It is highly improbable". It is a very common problem amid the work place, for an employee to believe their electronic communications are transient, temporary and, once deleted, untraceable and therefore, harmless.

The fact is e-mail, faxes and even cellular phones leave a trace. Just one e-mail sent from your employee to the employee of a different company passes through an average of four different computer systems. This creates a trail making e-mail real, traceable, and permanent.

As an industry leader in Computer and Technology Forensics for the past 20 plus years, we have documented, during the examination of electronic systems, employees who frequently say/save things into e-mails or store on a computer, things they would never say anywhere else. Either having an employee delete a potentially damaging or inflammatory e-mail or even an employee deleting an e-mail on their own, does not protect anyone. In fact, it could in the end harm everyone involved.If a complaint or inappropriate conduct of an employee has risen to the level where you as an owner/supervisor, need to consult a Computer and Technology Forensics expert, one of the first areas checked is for deleted documents and/or e-mails. These items cause red flags during an examination of equipment, and the original items can and most likely will be found and/or reconstructed. It is very important to understand that the intentional destruction of evidence is a felony, and if proven, could land one in jail.

An example of computer message in a court case dates back to the infamous trial of some of the Los Angeles Police being tried in the 1991 beating of Rodney King. One of the officers created a computer message stating, "... I haven't beaten anyone that bad in a long time." This obviously became admissible in court.

A more recent example, is one in which we as a company were hired in a libel case. The libeler was using the internet to post messages on a public bulletin board that were both slanderous and libelous against a competitor in the same field. This person felt that by using "anonymous" e-mails and postings, this would increase their own standing within the same professional community. What the libeler didn't count on was the traceability of the e-mails to their home, cell phone and company computer systems. We were able to locate the electronic trail, and with this information obtain, on behalf of the client, a court order to confiscate the equipment in order to create image copies of the electronic systems. As a result, in order to keep the issue private, the libeler agreed to a significant out of court settlement.

As an owner/supervisor, it is left to you to consider and take great care in educating your employees in what should or shouldn't be put in writing. In addition, it is also up to you to make your employees aware how the written word is conveyed when read.

We have now asked and answered two very important questions. First, the majority of employees do not consider the legal risk of electronic communications. Second, as an owner/supervisor why it is crucial you understand the potential legal ramifications. The remainder of this article is devoted to assisting you in creating and/or updating your current policies.

In today's litigious society, company's both large and small should have company policies. These policies have traditionally covered areas from dress codes to vacation policies. Within the past five years companies have begun adopting IT policies, generally found within the employee handbook. As a professional Computer and Technology Forensics company, when we are called in to examine hard drives and/or servers due to a company suspecting the improper use of systems, we also discuss the company's IT policies with the appropriate supervisor or IT manager.

In many cases we have found that most policies do not adequately cover what is necessary in the computer and electronic communication age. Companies should have a very clear e-mail and technology use policy. One of the more important ones usually not covered, and unfortunately to the detriment of the employer, is an e-mail retention policy. Since many industries are governed by different and specific federal and/or state statutes on how long information must be retained, your policy should reflect these guidelines.

The policy should be as specific as possible in what types of communications are kept and how long. Make it clear there are both business and legal reasons for the company keeping such information. Information from e-mails as well as other electronic systems can be used in many types of cases, including: harassment, discrimination, antitrust, retaliation, Americans with Disabilities Act, insider trading, accounting fraud, improper trade secret disclosure and more!

REMEMBER- The intentional destruction, of any kind, of evidence relevant to a current or pending lawsuit contained in the e-mail or e-mail attached document, is a felony, and if proven, could land one in jail.

As an owner/supervisor, take a moment to examine your current IT or company's technology policy. If your company doesn't currently have an IT or technology policy-get one! While you will need to insure the individual needs of your company are met, following are some topics of what you should consider including in your usage polices:    Electronic information ownership

Monitoring of technology use

Acceptable use of company technology

Acceptable content

If you currently hold meetings with your employees or publish a company newsletter, these are excellent venues to use to educate your employees. Utilize these opportunities to let them know there are certain things they should be aware of when sending or responding to e-mails. Employees should be counseled to be cautious and to not make statements that can be considered a legal conclusion. Let your employees know they should utilize the knowledge and expertise within the company by picking up the phone and calling their supervisor or Human Resource Department.

When educating your employees about the content of an e-mail or using other forms of traceable electronic technology, train the employee to ask themselves these simple questions:

Should I put this in e-mail or should I call?

Would I write this down knowing that it may exist forever?

Would I put this on a postcard and mail it?

Would I want to see this printed in the newspaper?

Would I want this to get into the hands of my company's competition?

Would I want this to get into the hand of my worst enemy?

Electronic communications are not transient, temporary or untraceable. E-mail is evidence. Education and proper policies go a long way to keep both employees and the employer from ending up in a potential lawsuit trying to explain the written word.

California Bans Non-Disparagement Terms in Consumer Contracts

Can you be sued for saying you did not like a product? Or because a business did not like your negative review on Yelp?

It has happened, and now California lawmakers have stepped in and banned the practice.

The issue involves non-disparagement clauses. A non-disparagement terms in a contract prohibits someone from making truthful, but negative statements about a business, its employees, or products.

For example, if you write a review about your experience at a restaurant saying the service was slow, the food was cold, it was over priced, and give it one star, that is a negative review. These are disparaging comments about the restaurant.

Compare disparaging comments to defamation. If you slander or libel someone that means you have made factual statements about them which are false. Untruthful statements are still against the law in California if defamatory, and you can be sued for making them.

What was happening is bad businesses were seeing negative reviews appearing online on popular websites like Yelp. To stop negative reviews, and to only have positive reviews appear, businesses were including terms in their online purchase contracts which state the consumer cannot make any disparaging comments about the company.

Often, the abusive contract would include a term stating the customer automatically owed thousands of dollars in penalties saying anything negative about the business. The customer could also be required to pay the company's attorney fees.

When a negative review appeared the company would threaten the consumer with thousands of dollars in damages unless their removed their review. Sometimes businesses actually sued it this had generated some publicity.

The new law in California creates Civil Code section 1670.8. The law states a business can no longer include these terms in a consumer contract. This is a contract for the sale of consumer goods or services. The new law does not apply to business to business contracts.

The new law provides it is illegal to have a non-disparaging clause in a contract, or even in a proposed contract.

A business also cannot try to enforce such a term, or threaten to enforce it.If the business violates the law the consumer or the California Attorney General can sue. For a first violation the penalty is up to $2500. The penalties increase for subsequent violations.

Additionally, if the violation is intentional, which will usually be the situation, another $10,000 in penalties can be recovered.

These are in addition to any other damages allowed under the law.

Finally, California says this is an important public policy issue and a consumer cannot be required to waive the law. Any waiver is void.

The bottom line is California now imposes stiff penalties for any business who tries to prevent its customers from saying what they really think about their product or service.

The Supreme Court and Your Smartphone

Suppose you're pulled over because your left taillight is out, because your license plate tag is a bit out of date, or because one of your passengers just threw a cigarette butt out the window. And suppose the officer notices that you have a cell phone in your pocket. Should he be able, without a warrant, to look through it like he might look at your wallet photos as you pull out your driver's license?

One of these very things happened to David Riley, in California. His tags were expired & he was pulled over. It was further discovered that he was driving with an expired license and the police impounded his vehicle. A search of the car turned up weapons and his cell phone, which was seized and searched much as if it was a wallet in a pocket.

A modern wallet (even one made out of duct tape) has the ability to store more or less the same quantity of data as a wallet of yesteryear: Driver's license, ID card, a few credit cards, a few family photos, a couple of phone numbers on corners of napkins, and some cash.

But a modern size-of-a-wallet smart phone - even though 8 year-olds may be using them to play Angry Birds or to watch Sponge Bob - are a wonder of engineering, with more computing power than the supercomputers that were top of the line not so long ago. When Huey Lewis was singing "The Power of Love," the most powerful supercomputers of the day would have underperformed the iPhone of today. A smart phone is not just a wallet, for it can store 100,000 wallets-worth of documents.

The Solicitor General of California said that a phone in a pocket is no different than a wallet or a picture in a pocket, even though it would take truckloads to haul around said data in paper form. Hence the case of Riley v. California, which resulted in a conviction on another charge (a gang shooting), based on evidence in Riley's smart phone. Riley maintains that the Fourth Amendment "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures," should have protected him from having all that data in his cell phone seized and examined. The US Supreme Court will be hearing and presumably deciding on this case at a Federal level in the coming months.

We have recently discovered, thanks in part to sources like WikiLeaks and Edward Snowden, that we already live in an era of ubiquitous spying, listening, and observation. Should we then also allow our "papers and effects" stored on our mobile devices to be seized and searched for the static data they contain? To decide, perhaps we should take a look at what these devices do contain, and what a forensic examiner can see in them.

Let's start with the obvious: pictures & phone books. I'm not a complete pack rat, but my iPhone has about 5,000 photos on it. It also has a couple hundred phone numbers on it, with names, street addresses, email addresses and more. And that's just my immediate family!A quick look at my apps and I see more than 200. A lot of those apps store data on my phone, including texts, messages, more pictures - there's a whole host of stuff. The data stored by the apps on my device include dates, times, durations of events and activities. It stores who I had & who I will have meetings with, and when and where. A forensic examiner can see where I've been on the web, what I've looked for, what I've looked at and for how long.

Then there is less obvious data. The phone stores the names of the networks & wi-fi signals I've been attached to and when. The pictures store GPS data so we can see when and where I took a picture, down to a few yards in distance, and fractions of a second in time. So we can see not only where I've been on the Web, but where I've been in the world.Notes - pages and pages and pages of notes I seem to have collected. Perhaps hundreds. Voice memos - mine go back 5 years. What's in all those? I don't even remember. But I don't really want to dump them unless I know what I'm throwing away.

Then there's an interesting item that isn't even accessible through an app but that forensic examiners love. It's a dictionary file - not Webster's, but one deigned by [your-name-here]. It is kind of an informal keylogger. It keeps track of items you type and helps your autocorrect come up with the occasional crazy spelling because you have spelled it that way before. It can be thousands of words long, and several hundred of them are in almost sentence-like form, just as you typed them. You might have typed them in any application - even one that doesn't store documents, messages, or emails on your phone. You might be surprised at what's in there.

So you decide - do you want all this info public? Do you want to be pulled over for an expired license tag and have to hand over your phone and all these reams of information to an ambitious and curious law enforcement official who thinks there might be something of dubious legal interest in there? Do you think that there's nothing on your device that somebody or other might think is indicative of lawbreaking? Or vow-breaking?

That's the issue the Supreme Court will be dealing with this summer. The SCOTUS will be telling us what the law of the land will be, and whether Gigabytes of your private life could become public. Just. Like. That.

Where do you stand on the issue?

UPDATE: Not ten minutes after I published this article, on June 25, 2014 the Supreme Court's decision was announced (far faster than the author had expected). It found for Riley and for privacy, that the police must have a warrant if they want to search the cell phone, or other digital device, of an arrestee. Quoth Chief Justice Roberts, "Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple - get a warrant."

Federal Rules of Civil Procedure and ESI: The Evolution of E-Discovery and Computer Forensics

Nearly all documents start on a computer and discovery for litigation necessarily requires accessing electronically stored information (ESI). Rules regarding ESI in discovery - whether opponents are allowed access to it and who pays - are fast-evolving and differ from state to state. The Federal Rules of Civil Procedure are used as a touchstone and precedent by courts and states to help define their own rules. This series will look at a few of the major cases, opinions and outcomes that have informed this evolution.

Rowe Entertainment v. William Morris Agency - 2002 -The Back Story:Leonard Rowe, of Rowe Entertainment, was a promoter of some 30 years experience. He was president of the Black Promoters Association (BPA). The acts he promoted were primarily black musical artists. At the time, William Morris Agency had a near-monopoly on the kind of musical acts Rowe represented, and that he wanted to represent. However, he found noteworthy that he and his fellow black promoters were never able to represent a white artist. He suspected that they were not being allowed to do so for the entire 114-year history of the William Morris Agency.

He and his fellow promoters in the BPA were required to pay a 50% deposit for many artists. He discovered/asserted that white promoters had different requirements - for instance, white promoters were only required to pay deposits of 10% or even less. Furthermore he found that white promoters were able to represent both white and non-white artists. He called foul and, along with several other plaintiffs, sued the William Morris Agency (along with about 30 other defendants) for anticompetitive racial discrimination.

Among Rowe's discovery demands were production of a broad ("sweeping") range of emails, which the court found to be less than focused on the subject matter of the case. The judge let the production go forward, but shifted the entire cost of production to Rowe. The judge used eight factors to decide thus. These factors became the touchstone nationally for several years on how to weight the cost and responsibility for production (especially of emails) of ESI, and whether such production should be allowed to move forward.

This set of eight factors became known as the "Rowe Test." The factors, each of which was considered to be more or less of the same importance, were:

1. The specificity of discovery requests

2. The likelihood of discovering critical information

3. The availability of information from other sources

4. Purposes for which the responding party maintains the requested data

5. Relative benefits to the parties

6. Total cost of production

7. Relative ability and incentive to control costs

8. Resources available to each party.

Only number 3 was found in favor of Rowe, as the information was not available from other sources. The remaining seven factors were found in favor of William Morris, leading the judge to allow the discovery to proceed, but that Rowe would have to pay the entire cost. The cost amounted to about $200,000.00.

What do the eight factors actually mean?

1: The specificity of discovery requests refers to how targeted the requests are. If the requests are closely targeted to the kind of critical electronic documents and emails only from key players and that are most likely to be of relevant subject matter, then the court should favor having the producing party pay. If the requesting parties demands are overbroad, asking for everything in (and out of) sight rather than what is likely to be relevant, then the court should favor the producing party, leaving the requestor to shoulder the majority of the cost of production.

In the Rowe case, the judge found Rowe's demands to be "sweeping" and found that the this factor then favored having the requestor (Rowe) bear the cost of production.

2: The likelihood of discovering critical information. If there is strong evidence that the data being sought is of near-certain relevance to the case, or better, if there is an admission by the producing party that the requested electronic data is relevant, the court should favor having the producing party pay. On the other hand if the requests appear more or less to be a fishing expedition, the court will be looking to the requesting party to pay.

In the Rowe case, the court wrote, "However, there has certainly been no showing that the e-mails are likely to be a gold mine. No witness has testified, for example, about any e-mail communications that allegedly reflect discriminatory or anti-competitive practices." Based on this factor, the court favored William Morris again.

3: The availability of information from other sources. Are alternate sources of discovery available - for instance in hard-copy (paper) form, or as individuals files on computers that personnel has already searched for responsive data? If not, the court should find this factor in favor of the requestor, making it more likely for the producer to be told to bear the cost o production.

This was the one factor found to be in Rowe's favor, as there was little or no evidence the demanded emails could be found or produced, except by searching backup tapes and hard drives for them.

4: Purposes for which the responding party maintains the requested data references the reason the data exists. Is it kept just for disaster recovery or data recovery purposes? Does it exist simply because someone just forgot to discard it - and the producing party can show this to be true? Then the cost of searching this data more likely should be shouldered by the requestor.

Is it kept for ongoing business purposes, which might include accessing backup tapes or hard drives on a regular basis? Then the court should find it more likely that the producing party should pay for production.

The court found that William Morris either kept much of the requested data inadvertently, or had it just for archiving purposes.5: Relative benefits to the parties: in most cases, the production will favor the requestor - else why would they request the data? This was also true in the Rowe case, and hence this factor would again favor Rowe having to pay for discovery costs.

6: Total cost of production: If the cost is not substantial, or if discovery is more like traditional discovery, the court should be less likely to shift costs, and leave the presumption that the responding party should bear the costs. However, at the time of the Rowe case, email discovery was more an exception than the rule and hence the court found that this factor would favor William Morris, i.e. that this factor should make Rowe more likely to bear the burden of cost of production.7: Relative ability and incentive to control costs. In general, the requestor determines the scope of its requests, which would have the court favor having the requestor pay. Such was the case with Rowe.8: Resources available to each party. This factor only comes into account when there is a large disparity between the sizes of the two parties, such as in a case where an individual faces off against a corporation, where the smaller of the parties may not have the ability to pay for production at all. In a case such as Rowe, where the parties are both companies, the factor is unlikely to come into play, to be a neutral factor.Rowe was one of the formative cases in what has become Civil Rules with regard to electronically stored information (ESI). The 8-factor test was particularly important in informing future cases as to what ESI should be allowable in discovery and who pays for producing it.The case itself has had several episodes and court opinions as recent as 2012 have raised popular interest in what many see as racist-based court decisions, where others see outcomes based primarily on following (or not following) technical rules.

Evidence From the Web: How to Prove That That Data Was Actually There

Some years ago the servers of my preferred online game went down for some days and I already feared my in-game character to be lost and dead with all its achievements. Fortunately they solved their problems and some days later everything was online again. I wanted to be prepared for the next incident of this type, so I logged in on their website and made a screenshot of all my character's properties.

For a moment I was happy. Next time - even if all data was lost - I could prove what I had won and would get all my stuff back. Then I looked at my screenshot and realized that I equally easily could modify it to get even better in-game items. So it basically was worthless. Digitally signing it myself would not improve on that.

This scenario is not limited to online gaming. Being able to prove that an order has been placed, an offense has been made or any task has been fulfilled seems to be worthwhile to invest some general consideration.

Obviously you can not make and sign such a screenshot yourself. One needs the help of some trustworthy third party, but often the issue is too trivial to involve or even pay a "real world" lawyer. Your first thought might be to check if some web archiving sites like archive.org by chance could have a copy of that page. Often they don't. And even if so, they could never have accessed the parts protected by login.

No automatic tool can master the steps of the login process and if the website owners consider using a captcha there is little hope that a program could ever bypass it. This has to be done by hand and by a web browser. So some people try using plug-ins saving and digitally signing all data sent from the server.

Again, this is not the solution. It is relatively easy to manipulate DNS or routing on your machine to have another computer or even a virtual machine play the role of "the server". Browsers protect against this type of fraud by using SSL and certificates, but this only applies to encrypted traffic and installing your own "root-certificate" to allow man-in-the-middle manipulations is common practice.

Carefully checking the keys used might expose such methods. If all data transmitted was encrypted by asymmetric codes like RSA this could even be considered already signed by the originating server almost annihilating the problem. But for performance reasons in SSL asymmetric methods are only used to transmit key phrases for faster symmetric encryption. So faking a log of the encrypted code of the data actually transmitted is theoretically possible for the client, as it knows that symmetric key (while probably being even more difficult than reverse engineering some plug-in).

To avoid all these problems the browser must not run on your own computer. What one needs is a so called "remote controlled browser" (ReCoBS) as it is used - for completely different reasons - in high security facilities. This is a browser running on a different computer, controlled by a third party, sending only a video stream of its windows to the client and only accepting a limited set of commands. This remote browser can perform all the logging and signing operations as it cannot be manipulated by its user.

What paths of attack against this system have to be considered? First there is a chance of actually hacking the whole ReCoBS. Having a browser being controlled by some remote and possibly unknown user is of cause a risk in itself. The browser has to run inside a tightly locked down sandbox, not only protecting the system against hacking, but also preventing interdependences between parallel or subsequent sessions on the same computer,

When it comes to faking results of web sessions DNS cache poisoning seems to be the most dangerous option. This can be addressed by using DNSSEC when this someday includes whole the web, or possibly by having a net of machines around the globe and routing the DNS request by a random one. Script injections on the websites visited are a second way to get manipulated results, but there cannot be a working countermeasure by the ReCoBS if the injection comes from a fourth party, and being open to such an attack in the first place should be a bigger problem to the affected site than the logs created by this.

Even considering these issues ReCoBSes still appear to be the only option at least offering a theoretical chance of believable evidence. If implemented correctly they may work. Most other technologies are flawed by design and it's just a question of time until public exploits will be available.

Where Internet Jurisdiction Can Get Your Business Sued!

The concept of Internet jurisdiction can be complicated and unclear. What happens when a dispute arises over an item or service purchased from your business through the internet? If that dispute turns into a lawsuit, it could be with an individual residing across the country from your business. What happens then? If you live in California, could your business actually be dragged into a state court in Maine?

Any business with an Internet presence should understand how courts gain authority to hear claims made against out-of-state businesses. The bottom line is that establishing Internet jurisdiction over your business can potentially end up being very costly!

Establishing Internet Jurisdiction Over Your Business

No matter what the subject of the dispute is about, a court must have what is known as "personal jurisdiction" over all the parties involved. This applies to all courts, including state and federal district courts. Establishing personal jurisdiction means that the court has the legal power to make a binding decision over the plaintiff and the defendant in a given dispute. State and federal courts always have personal jurisdiction over state residents. But, when the defendant's principal residence or place of business is not in the state where the lawsuit is filed (often called the "forum state"), matters are much more complex. This is often the case with suits involving e-commerce.

(Note: A corporation is treated as a citizen of the state in which it is incorporated and the state in which its principal place of business is located. A partnership or limited liability company is considered to assume the citizenship of each jurisdiction of its partners/members. If you understand the nature of how a court can gain jurisdiction to hear a claim filed against your business, you can avoid certain practices that may expose you to out-of-state claims.)

The Concept of Minimum Contacts

One way a foreign court can claim personal jurisdiction over your business is by establishing that some sort of meaningful connection exists with the state in question and your business. States can exercise jurisdiction over your business through their "long-arm statutes" (which I discuss separately). However, the Due Process Clause of the U.S. Constitution mandates that certain "minimum contacts" must exist between the forum state and the defendant in order for a state to assert jurisdiction over the defendant. This basically means that activities which are deemed to establish substantially sufficient contacts with the residents or businesses of a particular state can be used by its courts to establish jurisdiction over your business. For example, you are not subject to the personal jurisdiction of an out-of-state court simply because you are involved in an automobile accident with a resident of that state where you live. All the events necessary to give rise to the claim occur outside the state of the other resident.

Activities establishing minimum contacts with another state are not always clear, but usually any substantial presence in the state will justify personal jurisdiction. Regularly soliciting business in that state, deriving substantial revenue from goods or services sold in that state, or engaging in some other persistent and continuous course of business conduct in the state are all examples of activities that would establish minimum contacts with that state.

Minimum Contacts Define Internet Jurisdiction

As stated, the concept of minimum contacts becomes more complicated when it involves the Internet. The courts have recognized that exposing the owners of a website to personal jurisdiction simply because the website can be viewed nationally is not enough to establish minimum contacts in a given state. Personal jurisdiction is "directly proportionate to the nature and quality of commercial activity that a business conducts over the Internet." Businesses that enter into contracts or subscriptions with residents of another state that involve the "knowing and repeated transmission of computer files over the Internet will be subject to the jurisdiction of out-of-state courts. But, websites that only post information without making active sales are unlikely to establish personal jurisdiction in a foreign state (except in the state where the owner(s) resides or conducts other business).

The 'Zippo' Sliding Scale Guide

Generally speaking, minimum contacts for Internet retailers and marketers are directly related to the nature and quality of electronic contacts they establish with residents of another state. In other words, mere advertising alone is not enough to establish jurisdiction. Most courts across the nation have adopted the "sliding scale" approach used in Zippo Manufacturing Co. v. Zippo Dot Com, Inc. (1997). The court in Zippo determined that the act of processing the applications from Pennsylvania residents and assigning passwords was sufficient to demonstrate sufficient minimum contacts with the state. But, the Court held that jurisdiction is not proper when a website passively posts information on the Internet which may or may not be viewed by residents of that particular jurisdiction.

In the Zippo case, the district court described a spectrum consisting of three categories websites fall under. This spectrum ranges from:

1) businesses clearly conducting commercial activities over the Internet by entering into contracts with residents of the forum state;

2) interactive web sites with which a user in the forum state can exchange information and jurisdiction is proper if the level of interactivity is sufficient and there is a commercial component to the web site and

3) web sites which are "passive" by merely allowing users to post information accessible nationwide or globally that do not target a particular plaintiff in a particular forum (i.e. by intentional trademark or copyright infringement or in cases of defamation). Basically, under the Zippo sliding scale jurisdiction is more likely to be established when your Internet business engages in commercial activities directed at residents of a given state.

Of course, many cases fall in the middle of the Zippo sliding scale. In these instances, the courts generally have determined that "the exercise of jurisdiction is determined by examining the level of interactivity and commercial nature of the exchange of information that occurs on the website." Making multiple sales to state residents is likely to expose an Internet-based business to personal jurisdiction in that state. A single sale may also be enough, provided it is accompanied by numerous intentional communications with a resident customers so that the transaction can be said to be purposefully aimed at the residents (or businesses) of that state.

Typically, the courts require "something more" than passive Internet advertising or more than just a single sale for jurisdiction to exist over a non-resident Internet business. Jurisdiction is often triggered by repeated or commercially significant sales to out-of-state residents, deliberate target marketing to out-of-state residents or significant non-Internet based contacts with the state.

State Long Arm Statutes

All states have enacted "long-arm statutes" setting forth what will be considered sufficient contacts with that state. In a nutshell, the long-arm statute allows that state's courts to gain personal jurisdiction over Internet businesses. These statutes form the legal basis allowing the courts to exercise personal jurisdiction over your business. Under these statutes, service of process outside the state on nonresident individuals and businesses is allowed for claims generally arising out of:

(1) the transaction of any business in the state;

(2) the commission of a tortious act within the state;

(3) the ownership, use, or possession of real estate in the state; or

(4) contracting to supply goods or services to any person or business in the state; or

5) causing injury or damage in this state to any person by breach of warranty expressly or impliedly made in the sale of goods;

6) contracting to insure any person, property, or risk located within this state at the time of contracting;

7) an act or omission outside the state causing injury in the state.

State courts typically exercise personal jurisdiction over Internet businesses under the "transacting business" provision of the long-arm statute. Like the Zippo court, state courts will look at jurisdiction in an Internet setting by looking at the "nature and quality" of the contacts with the state. Some Long-arm statutes set forth factual situations likely to satisfy the minimum-contacts test. Others contain much broader provisions not inconsistent with constitutional restrictions.

Helpful Case Summaries

Here is a summary of some decisions that have helped shape the law regarding internet jurisdiction. Hopefully, these summaries can provide some guidance.

Thompson v. Handa-Lopez, Inc. (1998): A Texas court gained personal jurisdiction over an out-of-state online gambling enterprise because the gambling operation entered into contracts with Texas residents to play online gambling games, sent emails to the Texas residents, and sent winnings to Texas residents;

Chloé NA v Queen Bee of Beverly Hills LLC (2010): The US Second Circuit Court of Appeals held that specific personal jurisdiction over an out-of-state website operator located in California may exist based on a single act of shipping a handbag into New York, along with other substantial business activity in the state. The single act of shipping an infringing handbag to New York combined with other substantial contacts, such as the shipment of several other items in-state and operating a commercial interactive website available to New York residents was sufficient to obtain specific personal jurisdiction;

Verizon Online Services, Inc. v. Ralksky (2002): The court held that nonresident defendants' transmission of spam emails through plaintiff's servers, located in Virginia, to nonresident Internet subscribers created a substantial connection to forum sufficient for exercise of personal jurisdiction on a claim of trespass to chattel;

Gates v. Royal Palace Hotel (1998): The court decided that the combination of a concentrated advertising effort within the state of Connecticut, active booking of reservations for Connecticut citizens through state travel agents, and an invitation to Connecticut citizens to make reservations through the Internet, constituted the transaction of business within the state such that exercise of personal jurisdiction was proper.

Causing an Injury within a State

Your Internet business can also be subject to jurisdiction in another state for purposefully causing a physical or economic injury (i.e. a "tort") to a business or resident of that state. This is a separate avenue of liability outside of a breach of contract claim where your business is dragged into court by one of your unhappy customers. If you use the Internet to cause an injury in one state, you or your business may be brought into court in the state where the injury occurred. For example, under state long arm statutes, committing a tortious act within the state is a basis of jurisdiction.

Of course, in cases where the connection between the activity and the injury is not clear, courts have looked for evidence that the activity was "purposefully directed" at the resident(s) of the forum state, or that the person causing the injury had substantial contacts with the state. Most courts are less inclined to exercise personal jurisdiction over non-residents in cases involving tort claims arising from Internet use. Generally speaking, an Internet business must direct its activities at an in-state resident, or have a continuing obligation with that resident, in order reasonably to anticipate being hauled into court in the state.

But, not all torts or injuries will expose your business to the personal jurisdiction of another state. Even if a plaintiff claims to feel the effects of the harm caused by an act causing injury in his or her forum state, there must still be "something more" than mere Internet use to satisfy due process under the Constitution. Purposeful conduct may still be insufficient in jurisdictions where the activity must be directed at the plaintiff in his or her capacity as a resident of that particular state.More case examples:

EDIAS Software International v. BASIS International Ltd. (1996): A New Mexico company was sued for sending defamatory email and making defamatory postings about an Arizona business. The court claimed personal jurisdiction because the defamatory statements intentionally targeted the Arizona business and actually caused an injury (defamation) within the state.

Pavlovich v. Superior Court (Cal. 2002): Under the "effects test", the trial court did not have jurisdiction over a foreign resident in a corporation's suit alleging the resident misappropriated its trade secrets by posting the corporation's program's source code on his website. The website was accessible to any person with Internet access and the resident merely posted information and had no interactive features. The court determined that the resident could not have known that his tortious conduct would hurt the corporation in California when the misappropriated code was first posted and this did not establish express targeting of California residents.

Blumenthal v. Drudge (1998): In another early decision, Matt Drudge of The Drudge Report made alleged defamatory statements about a Washington, D.C. resident on his website and the resident filed suit in the District of Columbia. Although Matt Drudge lived and worked in California at the time of the suit, a court ruled that he was subject to personal jurisdiction in the District because the injury occurred in the District. The court also determined that the Drudge Report had substantial contacts in D. C. since Drudge personally emailed his column to a list of emails belonging to D.C. residents, solicited contributions and collected money from D. C. residents and he traveled to D. C. on two occasions to promote his column. All of this was enough for the court in that case to determine that Matt Drudge had substantial contacts with the District;

Cybersell, Inc. v. Cybersell, Inc. (1997): An Arizona plaintiff suing for trademark infringement argued that a Florida defendant's mere use of the same trademark in its home page was sufficient for personal jurisdiction. The Florida defendant had "no contacts with Arizona other than maintaining a home page that was accessible to anyone over the Internet." The court declined to exercise jurisdiction, noting the Florida defendant "did nothing to encourage residents of Arizona to access its site, and there [was] no evidence that any part of its business (let alone a continuous part of its business) was sought or achieved in Arizona." The circumstances lacked the "something more" necessary "to indicate that the defendant purposefully... directed his activity in a substantial way to the forum state."Consenting to Jurisdiction over Your Business

A court can obtain personal jurisdiction if both parties consent to such jurisdiction. The most common type of consent is where a company is required to consent, in advance, to personal jurisdiction in a state for incorporating or organizing a business under the laws of that state. State business organization statutes require that a business provide the secretary of state with an agent to accept service of process. An Internet business can also consent to the court's jurisdiction by filing a response to a lawsuit filed with that court.

Similarly, you may grant consent by signing a contract that has a provision requiring you agree in advance to be subject to the personal jurisdiction of a state. For example, a California website developer may sign an agreement with an Illinois service provider containing a clause stating: "The parties consent to the exclusive jurisdiction of the federal and state courts located in Cook County, Illinois, in any action arising out of or relating to this agreement. The parties waive any other venue to which either party might be entitled by domicile or otherwise." (However, the States of Montana and Idaho do refuse to recognize such clauses).

You have now been introduced to the catch 22 of e-commerce! The Internet provides a great way for small businesses to operate and achieve massive growth. Unfortunately, such growth will inevitably expose your business to foreign jurisdiction and the ability to be hauled into court in some distant State. If you want to guarantee that you will avoid this risk and you plan on operating a commercial website, you will surely sacrifice sales and growth.

Computer Programs Copyright Protection in South Africa

INTRODUCTION

This paper gives a modest contribution to the issue of computer programs copyright and its protection under South African law. It uses as a case study the decision of the Supreme Court of Appeal in Haupt T/A Soft Copy v Brewers Marketing Intelligence (Pty) Ltd and Others 2006 (4) SA 458 (SCA) (the Haupt's case). What is the implication of this decision for South Africa in terms of copyright protection? Is South African copyright protection of software too soft? What consequences this decision can entail as far as software industry is concerned in South Africa? Can it scare off potential investors?

Here are some of the issues the paper is looking at. The paper is divided into three sections. The first section will give a brief view of the case, the second will deal with the concept and regulation of copyrights, finally the third will address the discussion of the case. The paper will end up with a conclusion.

1. FACTS OF THE CASE

Haupt, the appellant, applied to the Cape High Court for an order interdicting the respondents in terms of the Copyright Act of 1978 from infringing his alleged copyright in some computer programs. The High Court held that Haupt's claim could not be sustained and dismissed the application. The decision of the Cape High Court was reversed by the Supreme Court of Appeal which set an order interdicting the respondents from infringing the appellant's copyright in the computer programs.

2. ISSUE OF COPYRIGHTS

2.1 Concept of Copyrights

2.1.1 Definition

Copyrights are referred to as rights to ensure protection of information from duplication and distribution. They are a subset of intellectual property rights that aim to create a balance between the rights of an individual against those of the public by conferring the author or creator of a work the exclusive right to control and profit of his work.

2.1.2 Infringement of Copyright

The most relevant infringing activities to computer programs involve "copying", "adapting" and publicly distributing the work. In each case the activity can be in relation to the whole of the work or a substantial part of it.

2.2 Regulation

Before dealing with the regulation of computer programs copyright in South Africa, regard must be had to the way this question has been addressed in other jurisdictions and internationally, since this matter has a high international scope.

2.2.1 World Intellectual Property Organization (WIPO)

Computer programs are protected as literary works within the meaning of article 2 of the Berne Convention. Such protection applies to computer programs, whatever may be the mode or the form of their expression (article 4).

The Berne Convention provides that copyright vests in the author of a work (article3).

As illustrated below the approach taken by the WIPO is the general position throughout the world.

2.2.2 AustraliaIn terms of section 10(1) the Australian Copyright Act of 1968, computer programs are protected as literary works.

2.2.3 United Kingdom

Like in Australia, "literary work" has been extended in the UK Copyright (Computer Programs) Regulations 1992 to include preparatory design material for a computer program.

2.2.4 The European Union

The EU Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs requires that computer programs and associated design materials be protected under copyright as literary works within the sense of the Berne Convention.

2.2.5 Japan

Japan is one of the rare industrialized countries where computer programs are not protected as literary works. The Japanese Copyright Act 48 of 1970 under articles 21 and 27 grants the author of a computer program the exclusive right to reproduce and adapt his work.

2.2.6 South Africa

Copyrights are regulated in South Africa by the Copyright Act 98 of 1978. This Act provides copyright protection for a wide variety of works, such as literary works, musical works, artistic works, computer programs, etc. and states as a general rule that copyright vests in the person who creates the relevant work. Nevertheless since the amendment of 1992, computer programs gained a special status in terms of which the copyright vests in the person who exercised control over the making of the computer program, rather than the programmer who created the work.

Now that the legal framework of copyright has been set, we can discuss the decision of the Haupt's case accordingly.

3 DISCUSSION OF THE HAUPT'S CASE

3.1 Establishment of the infringement

As pointed out above this is a case of an alleged infringement of copyright in computer programs.

First, for infringement of copyright to be established, it is submitted that a plaintiff must satisfy two tests:

- a causal connection between the alleged infringement and the copyright work;

- there must be objective similarity

In the case at issue, the infringement is clearly established since these two tests are satisfied, indeed there is a causal connection between the copyright work and the infringement because some portions of the work have been copied, creating therefore an objective similarity.

Nevertheless, the question that can come to one's mind is how come the program was created by the first respondent and it is the appellant who is considered as the author while there was no employment contract. It is simply because according to the Copyright Amendment Act of 1992, the copyright of computer programs vests not in the programmer who created the program but in the person who exercised the control over the making of the program, which is here the appellant.

No doubt that this decision is consistent with the Copyright Act. But is the approach taken by the Act the most suitable for the protection of copyrights in South Africa?

3.2 Suitability of computer programs copyright protection in South AfricaAs noted above, South Africa has taken a position utterly different from most of foreign jurisdictions and the WIPO as well in the issue of computer programs copyright. Indeed, since 1992 computer programs are no longer protected as literary works with the implication that the copyright in the former programs has shifted from the creator of the work to the person exercising control over the making of the program.

What is the rationale of this approach when one knows that copyright is a legal means to encourage and protect human creativity and innovation?

It seems to me a peculiar position, since it takes away all the rationale of copyrights. Roos ("Rabble Rousing for Cyber Heads: Development in South Africa's IP law and international investment concerns" (No 82/2006), CIPS), on the other hand, contends that the fact that the copyright is shifted from the real creator to the person who exercises control over the making of the program does not really matter since the copyright still exists.

I definitely do not share this position, my personal opinion is that: to award copyright to the wrong person is nothing else that negation of copyright.

But where I agree with Roos is when he states that this decision will not scare off potential investors, since the investors have after all a coinciding interest with the party in which favour the court found.

So, as far as I am concerned, what I can say is that the rationale followed by the legislature in passing the Copyright Amendment Act of 1992 is more economic than copyright oriented. Indeed it strengthens the position of parties already strong by giving them more power and does not really protect nor encourage human creativity by defending the works of the mind.

Is this difference between South Africa and other jurisdictions and international bodies merely superficial?

3.3 South African approach contra international approach

As mentioned by Roos, the mere difference between the South African and the international handling of a computer program should not be confused with the prospect of less protection. Nevertheless does not the difference in this instance amount to discrepancy?

Roos contends that there is no discrepancy since South Africa protects the copyright in computer programs. He contends that the difference is merely superficial.

I do not agree with Roos on this point, I am of the view that the difference is substantial. Indeed, as we have seen in the second section, the WCT protects computer programs as literary works while South Africa protects computer programs as a category of its own. The copyright vests in the creator of the work in terms of the WCT while in South Africa, the copyright vests in the person exercising control over the making of the computer program. That makes all the difference, which definitely amounts to discrepancy.

How can programmers protect themselves against the flaws of the legislation?

3.4 Contractual clauses

It is fortunate that programmers have still a way to protect their copyrights in the computer programs they are creating through contractual clauses stipulating that the copyright vests in them. Indeed, as submitted by Roos, "most programmers with an interest in retaining the copyright should reasonably negotiate that the copyright vests in them". But are programmers really in a position to negotiate any copyright clause favouring them with parties far more powerful than they are? Therefore the efficiency of these clauses in protecting the programmers' rights is still to be seen.

Cyberstalking: A Federal Crime

Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group, or an organization. It may include false accusations, defamation, slander and libel.

This act is a Federal Crime punishable by stiff fines and imprisonment.

Stalkers may come in different shapes and sizes but they all share characteristics which allow them to stand out within a personal or professional relationship, if one is cognizant of these traits. It helps to be aware of these personality glitches from the beginning, to avoid falling into the predator's clutches and blocking him/her from attempting misanthropic actions. It's imperative to remember, you are dealing with a psychopath who is not interested in anything except owning you or ruining you, whichever the case may be. This is a narcissistic loner who breeds off of the attempted ruination of others.

Profile of the Stalker

- The stalker begins slowly, by injecting familiarity in a relationship. Their sole goal is to become a best friend and cohort, showing keen interest in your location, organizations, friends, colleagues, family and any other facets of your life. They may stalk through phone calls, emails, connecting to those who know you or even a collection of photos, documents, background information, social networks and anything connected to your current social life and job. They quickly drop formal titles you may have accrued over the years, feeling entitled to call you by your first name.

- They habitually trash their own former friends, former relationships, existing professional relationships and even their family members in unimaginable ways, always presenting themselves as the victim.

- Narcissism is a strong part of their disturbing behavior, as they strongly believe no one is up to dealing with their antics. They feel they live in a world where others "don't play by the rules.

"- They eventually become hostile and volatile when their "mark" becomes aware of their invasive behavior. This is when the mask of benevolence is dropped and their true nature rears its ugly head:

1- They begin by trying to make amends, which is impossible as the situation has already played itself out.

2- They become vindictive and begin to stalk and harass their victim.

3- They dance around issues, hiding behind assumed names and aliases. Fortunately, their efforts fall flat when others instantly see through their thin veil of drama. The third party warns the victim of the stalkers careless attempts at destruction. Their narcissism duped them into believing they could pull this off when in reality their inflated ego was once again blurred by rage.

Internet Violations

There are many reasons, in the perpetrator's mind, to use the internet as a means to stalk, slander and harass their victim. It is a very seductive venue until they are eventually unmasked. This always does occur, mostly sooner than later, with surprisingly high penalties and unforeseen consequences. Naturally, they are always shocked and indignant, when found out, once again claiming victimization.

- When first attempting the act of cyberstalking, the stalker believes in his heart of hearts that it's the perfect place to remain anonymous, although there are new electronics and distinct formulas including internet rules and regulations which carry strong penalties once their true identity is unmasked, and it always is since you can run but you can't hide in this day and age.

- Third party recipients of the stalkers weak attempts to discredit their victims are almost always willing and able to identify the stalker and produce solid evidence, both written and documented. They will also stand witness as a third party recipient of the stalkers intrusive actions.

Unmasking the Stalker: Self Protection

If you ever find yourself in this position remember, awareness will save you from having to endure the stalker's trap before it occurs. This is not a sad person, not a lonely person or an unfortunate individual. This is a psychopath who is able to twist situations, obliterate relationships, lie, steal and cheat others. Their only concern in life is "self" and nothing more. This is narcissism at its finest. This is someone with the strong intent to overtake you, ruin you and discredit everything you consider important in your life. They are to be avoided at all costs. Your best bet is the following action:

- Contact your local police, FBI, and any other agencies that deal with disturbed individuals who have threatened you, slandered you (either directly or through a third party), committed libelous acts, attempted theft or falsified documents. Keep records, website posts, and all documentation through internet and third party witnesses (organizations, individuals and emails) as this is essential. Remember, this is a federal offense.

- Contact an attorney, agencies, website administrators and share your story. You are the victim, regardless of what the other person is spewing.

- Do not allow this person living space in your consciousness. Remember, you are the antithesis of this personality and every moment you think of them, you are allowing them to live in the confines of your mind, rent free. Force them out by filling your mind with positivity and positive individuals, who share like interests and nourish your soul.

- Move forward, don't look back, but learn from this experience. This is a lesson in living and working, teaching you to be aware of boundaries and why they must be protected. This is your responsibility, to make certain no one crosses those lines again, because your sense of intuition is probably correct when you begin to doubt the veracity of the individual from the first time you speak to them.

- Never blame yourself. Unfortunately, these circumstances do occur when one is off guard and vulnerable. Extending oneself through kindness and sharing is not always rewarded when the intent of the recipient is purely malevolent and narcissistic. Unfortunately, these circumstances occur when one is off guard and vulnerable.- We all make mistakes, but this experience will enable you to take a step back and go with your intuition. Listen to those uncomfortable sensations when first dealing with someone in this category. Back off before you are forced to leave the relationship out of instinctive self protection. As the old saying goes, "When someone shows you who they are, believe them.

The Regulation Of Interception Of Communications Act 70 Of 2002

The development of new technologies such as Internet and cellphones has made imperative a legislative overhaul in the area of interception of communications. Thus, the Regulation of Interception of Communications and Provision of Communication-related Information Act no 70 of 2002 (RICA) which regulates the interception of communications and monitoring of signals and radio spectrum in South Africa has been enacted. But its promulgation has been surrounded with a hot debate in connection with the implications of the changes brought by it and their impact on, among others, the right to privacy, employers-employees relations, businesses and customers and civil or criminal proceedings.

The RICA, first and foremost reminds the right to privacy of communications, a fundamental right that implies not to have one's communications privacy infringed by stating the prohibition of the interception of communications, then as no right is absolute in itself sets out exceptions and conditions under which interception can be made. According to the RICA, communications can be intercepted by a party to communication, with consent of a party to communication, in connection with carrying on of business, to prevent serious bodily harm, for the purposes of determining location in case of emergency. Nonetheless, to restrict the invasion of privacy, the RICA requires the interception to be authorised by an interception direction issued by a designated judge at the request of authorised persons. The lawmaker in providing for the judicial oversight and the limitation of interception of communications guarantees a balance between rights to privacy and to security.

Another sector on which the RICA impacts significantly is the employers-employees relation. It protects the employee from the interception of his or her communications by the employer. This one may intercept the employee's communications only if it is related to the business and in the course of its transmission over a telecommunications system. In other cases, the employer needs to obtain written consent of employees in order to intercept. This provision may lead to abuses from employees. Indeed knowing the inability of the employer to monitor their communications and to punish them, they may misuse the communications tools. Therefore, the employer would need to set a formal company policy on the monitoring of all communications, including e-mail, phone and mail which must be legally sound and reasonable to balance the interest of both parties.

In relation to businesses, the RICA entails great financial implications on telecommunication service providers, which must provide a telecommunication service with the capability to be intercepted and to store communication-related information at their own cost; unlike the UK, where the government is obliged to pay a fair contribution to cover the costs. That is especially true for Internet service providers and cellphone operators who would need to invest in expensive technology to make the interception of e-mails and cellphone calls possible. In a nutshell, the Act may give rise to great expenses for the telecommunication service providers, as well as great losses in case of failing to comply with the provisions, given its heavy penalties. Besides the onus put on cellphone operators to collect customers details, customers have also some duties, among others, to inform the service provider when passing their phone or SIM-card with all information related to the new owner and report any loss, theft or destruction of cellular phone or SIM-card. This provision has the advantage of giving a sense of responsibility to the customer in order to stem the growing crime rate in this area.

The last sector on which the RICA has an important impact is the judicial field.. Indeed, as Canada, Israel, New-York State but unlike UK, it recognizes the admissibility of information obtained by means of interception as evidence in civil and criminal proceedings in South Africa. This will probably help to solve crimes as telecommunication equipment is being put to criminal uses. Nevertheless, this act has a shortcoming here in that it is silent as to when intercepted communication will not be admissible in a court of law.

At the end of the day, the enactment of the RICA has brought changes that are more likely to increase the protection of the right to privacy in crime investigation and intelligence gathering, the rights of the employee, to facilitate the combat against criminality on one hand, and on the other hand, to affect greatly businesses on financial point and restrict employers power towards employees.

The law for justice

Pages