Thursday, December 31, 2015

Advertising Guidelines from the FTC

Advertising guidelines from the Federal Trade Commission underscore the deceptive features of ‘native’ advertising.  Prior to Christmas the FTC released its “Enforcement Policy Statement on Deceptively Formatted Advertisements.”  The attention was towards the use of native advertising which is ‘dressed’ or ‘tailored’ to appear as if it is an actual editorial.  The FTC notes the creativity in advertising and is concerned with the potential for deceptive business practices by means of how the advertising is delivered.  These types of ads can be fashioned to appear as images, infographics, and even use animations, images and streaming processes.
The FTC is trying to draw to the line between what can be construed as advertising for commercial purposes and what can be construed as content without any commercial purpose.  The sophistication of the digital media use of images and videos tends to camouflage the actual ad being delivered.  The potential for the consumer to misinterpret the message is the concern that drives the FTC to earmark this type of advertising.  While the FTC understands the creative need for advertising to be integrated and seamless with the embedded platform and medium, it presents a high potential for misleading the viewer from knowing and identifying the sponsor or advertiser or that there is actually an advertisement in play before there very eyes.  The reasons for guidelines underscore the purpose of informing businesses on what the FTC considers deceptive, unfair, misleading, and possibly fraudulent in advertising.
The FTC’s Bureau of Consumer Protection is stressing the need to carry over ‘time-tested’ ‘truth-in-advertising’ norms to the digital age by emphasizing that every consumer should be made aware somehow that what they are viewing on social media or the internet in general is a commercial ad or not commercial content.  FTC’s general statement stressed that consumers could be misled about the purpose and origin of the content they are viewing on the internet that could then cause viewers to make bad decisions about a product or issue being presented.   Some would argue that without sound discretion in the setting out of these guidelines, the FTC could lead to censorship of commercial speech, but then again, they are just guidelines.  Yet, businesses that are appropriately counseled to resort to what the FTC considers inappropriate, do so to avoid regulatory take-down hassles of their advertising.
One of the guides emphasizes that the label ‘promoted’ is misleading because it could lead viewers to misconstrue it as an endorsed content.  Another guide is that the advertising company should provide an identifying means on the content of the main page that there will be advertising purpose to enhance transparency in the native advertising vehicle within websites, blogs, and social media platforms; this also includes newsletters, emails, web blasts, and webcasts.
All in all, disclaimers and notices take once again center stage to make John Q. or Mary J. Public aware of what he or she is reading and viewing.  Pretty soon the FTC will propose guidelines on how the public could enhance their own reading comprehension and discernment over what they view on the web.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2016, all rights reserved Lorenzo Law Firm, P.A.  

Cybersecurity and Internet of Things in the Last Quarter

Cybersecurity and internet of things did capture Capitol Hill in this last quarter of 2015, pardon the football metaphor, and needless to say net-neutrality as well.  With physical objects being interconnected and collecting user data and sharing data as well, regulators and privacy groups saw the improved efficiency accompanied with the torment of loss privacy and weakened security for our personal information.   To the innovators legally counseled to promote their illuminating and startling ideas, greater opportunities are being created seamlessly integrating the physical objects of our life with computerized hardware through cyber means.  This innovative wave is not only touching your refrigerator, iPad, Fitbit, automobile, mobile pay system, but also your neighboring nuclear power plant, airport’s air traffic control tower, and ubiquitous mosquito-like drones.  This interconnectedness is accompanied with greater vulnerabilities for our privacy, financial accounts, and personal safety from cyber hacking efforts and the concerns have, as said before, captured Capitol Hill.
For instance, the Nuclear Regulatory Commission (NRC) seeing this concern has issued a startling statement about needed security requirements adding ‘cybersecurity notification requirements’ upon event detection.  This alarming awareness of a regulatory requirement comes after the NRC has ‘become’ aware of the likelihood of terrorist cyber intrusions which will require nuclear reactors to notify agency regulators of security breach events.  One would think that this intuitive step is overdue and that a nuclear power plant would already have in place security advisory procedures to not only apprise the regulatory agency but as well apprise the public.  Let’s be thankful that they see it as a critical need.
Also, early this December the Fixing America’s Surface Transportation Act (FAST Act) was signed into law covering a plethora of initiatives.  One worthy of note was relaxing the banking requirement under Gramm-Leach-Bliley (GLB) of submitting privacy notices, electronically (consent required) to customers.  This relaxation under Section 75001 is effective so long as there were no changes to the financial institution’s information sharing requirements and that there information sharing does not require a customer opt-out.   The Act as well touches upon privacy concerns regarding the sharing of confidential financial information, enacting the Driver Privacy Act of 2015, securing and improving means of communications using Internet of Things to improve transportation in communities and their outlying areas.  The Act also requires the reporting to Congress by the Secretary of Transportation on the use of Internet of Things by states, cities and communities, on privacy and security best practices, among other issues related to transportation.
Moreover, the House Cybersecurity Caucus is embroiled with the White House and other agencies over the need to assess the restrictions on legitimate exports of ‘security intrusion software’ and the redefinition of ‘defensive security’ and offensive security.’  State, the Commerce Department and the Department of Homeland Security, are deliberating over the reclassification of the technology and the allowance of the export to facilitate integrity network testing from overseas and improve detection of malicious cyber events.  With the intention for implementing improved notice requirements, easily transferred ‘defensive security technology’, and securing information sharing we may possibly all have a happy new year.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Monday, December 28, 2015

Facial Recognition and Social Media

The use of facial recognition by social media platforms is drawing concern from European regulators.  The ramifications impinging on privacy by the social media networks' use of facial recognition technology are foreseen as limitless.  For instance, facial recognition technology can identify Facebook friends to whom users can then forward the photos.  Canadian authorities share the concern and have raised points of contention with the lack of the individual ability to opt-out of the service.  EU regulators are viewing the use of the technology an intrusive and open to allowing disclosure of private information.  The prevalence of internet of things and the ability for social networks to use facial recognition technology is moving too fast, according to EU and Canadian regulators wanting to have in place means of protecting individual privacy. The general concern is that with the ubiquity of smartphone use, people can be identified by unknown entities and businesses using facial recognition technology.
Data protection regulators in the EU, particularly Ireland and Germany have raised focused concerns pointed to the function of aggregation of combined facial biometric data along with biographic user information, location data, and their individual associations.  Belgian government has voiced through its data protection agency that these features along with monitoring internet activity even outside its own Facebook platform are highly troubling from a privacy protection standpoint and most important from the point of view of protection those who require greater protection in the eyes of law enforcement.
The urging is for the social media network to provide and opt-in feature for the App that allows users to share mobile-phone photos with friends without posting them publicly.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Cloud Use and Having an Exit Strategy

Cloud service uses, methods and liability considerations are involved in an appropriately devised exit strategy for any enterprise.  This could be in the form of a backup method for establishing redundancy.  For many businesses, the cloud use transitioning process is key for being able to maintain reliable services.  Minimizing disruptions, goes without saying, is and should be a major concern for any enterprise to reduce its liability exposure.
Identifying the entities service points or relationships, whether they are internal to the organization or external, is likely the initial step to devising an exit plan for purposes of activating an alternative system.  Assessing the cloud service used as either IaaS, PaaS, or SaaS is needed in this step as well.  Each will require different activation steps and process for an exit strategy, keeping in mind that the replacement for either one of the three is not the same application and may raise different regulatory considerations.   Understanding its own cloud service methods and delivery system and its result, along with knowing its legal contractual terms is intrinsically pivotal for any enterprise transitioning their cloud business process.
 Also, the regulatory requirements must also be attended to in order for an enterprise to devise a transitioning plan for its cloud service, especially when the service is uniquely designed for its industry or service class.  A company that uses SaaS may experience that its replacement during a transition cannot be operative with an IaaS, though they may appear similar technologically.  The process is key to note for considering the compliance requirements and the service delivery method that is required, in order to reduce unintended consequences of the service adaptation.
 Moreover, the cloud service exit strategy and its implemented transitioning process should inherently have security as its heightened goal.  During any transitioning service period exiting a cloud service there will be the inevitable migration of data where confidentiality is critical.  Having the ability of continuing secure reliable service delivery must be considered including applying encryption and data retention.  The fear of the unknowns should always trigger careful assessment of the list of transitioning technical, legal, and regulatory compliance considerations to ensure limited disruption of the service that is provided to customers and the general public and that also relies on the featured services that are delivered by the cloud service provider or its ultimate service replacement.  While this may not be an exhaustive note on cloud service exit plan, that plan must also weigh the obvious availability options for alternative cloud replacements, way before there is ever the need for a transitioning strategy to be put in place.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."

Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Sunday, December 27, 2015

Indentity Theft Event Responses

Identity theft laws in states may vary by state but a notice requirement is common among them.  The frequency and extent of data breaches is staggering with the Identity Theft Resource Center (ITRC) recording over 700 breaches so far recorded in 2015 affecting roughly 200 million records.  The previous year, the ITRC recorded for 2014 over 780 data breaches.  The numbers include inadvertent breaches along with data theft events.

As companies look for ways to prevent data breaches and be compliant with identity theft laws, it is fundamentally productive to as well focus on enhancing an incident rapid response process.  This concern is shared by the private sector as well as the public sector.  The aspect of immunity is a commonality among industries and sectors. The data breach events have affected the healthcare industry with Anthem’s February 2015 incident affecting over 70 million healthcare customer records, approximately 20m at the U.S. Office of Personnel Management in June, as well as Georgia’s Department of State registered voter records were affected with over 6 million potentially determined to have been disclosed.  The breach disclosed social security numbers as well as private information as a result of a claimed clerical error.

According to Georgia law, the Georgia Department of State is required to share voter registration data upon request from political parties and the media.  As a result of several disks containing social security numbers and private information being received by the recipients under the law’s requirement, two-class action suits have been filed.  The breaches were publicized after the suits were filed and the claimants are asserting that the responses were inadequate.

States like South Carolina, since its 2012 Dept. of Revenue data breach incident affecting nearly 4m individual social security numbers, are providing credit monitoring, mitigation services, plus credit protection to their affected citizens.  All these incidents underscore the need to enhance rapid response processes in addition to protection mechanisms and personnel training.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Saturday, December 26, 2015

Anti-Slapp in Florida

Anti-Slapp in Florida was put to the test in Roca Labs, Inc. v. Consumer Opinion Corp.(Pissed Consumer). In its original lawsuit, Roca Labs argued that the defendant’s consumer review website was fostering defamation, effectively causing tortuous interference, committing unfair competition.  The defense argued immunity under Section 230 of the Communication Decency Act, formally known as Internet Freedom and Family Empowerment Act.

The court determined that defendant’s posting of just excerpts of the post placed by the user were not actionable.  It followed the case where the court there reasoned that trimming user’s posts for space purposes is not illegal nor does it constitute defamation.  The court distinguished when a post is made by a third-party user.  The court went further in that it cleared the use of tweet aliases and the links to original posts.  Also, it cleared user feedback and rating systems under Section 230.  The court noted that plaintiff’s assertions that defendant allowed for menus selections and drop down buttons were not convincing to sway against triggering immunity under Section 230.  The court acknowledged that posters can be paid to place testimonials on defendant’s website.

The court was not convinced that the defendant was liable under the Fair Trade principles as Roca seeks to impose liability under Florida Deceptive and Unfair Trade Practice Act (FDUTPA).   The plaintiff argued that the posts had an effect and that the defendant refused to remove the posts.  As the court followed the reasoning in Ascentive v. Opinion Corp. it concluded that the liability posed by these claims were specifically precluded by the effect of Section 230’s intention.  Moreover, on the tail end with defendant seeking attorney fees, the court reasoned that by virtue of it ruling that defendant was immune under Section 230, it does not automatically constitute that the plaintiff raised a frivolous suit nor can it find that plaintiff presented a case in bad faith to award attorney fees under the court’s inherent sanctioning power.
Roca Labs, Inc. v. Consumer Opinion Corp., 2015 WL 6437786 (M.D. Fla. Oct. 21, 2015)

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Wednesday, December 23, 2015

Crowdfunding and New Conditions

Crowdfunding, an Internet based means of raising capital is getting a lot of attention.  The attention it has garnered is not only from businesses resorting to it but from the SEC as well.  Crowdfunding is instrumental for startups and small business, but it has originally been a vehicle for fund raising for worthy and charitable causes.  The function has been through for a variety of methods and purposes, for instance, by donations for charitable purposes, by issuing rewards; by providing a lending process in exchange for the promise to pay timely with accrued interest; and by equity interest based contributions. Crowdfunding and its new limits are addressing the function when the operation is to embed a securities-based crowdfunding offering. This is a variation from what traditionally is being done by businesses where raising capital is by virtue of seeking a commercial loan.
The SEC has stated that any offering or sale of a security must be registered unless there is an applicable exemption.  The requirement of disclosures are a key element to qualifying for an exemption from the registry requirement.  Additionally, small businesses seeking funding have to meet other federal and state laws that regulate offers and sales of securities.  Yet, because of the burgeoning interest in raising needed capital in this novel internet based vehicle, the SEC this October depicted crowdfunding and its new limits regarding securities based offering through online platforms.
Under its Jumpstart Our Business Startups (JOBS) Act section 4(a)(6) to the Securities Act of 1933, the SEC allows offerings through internet network platform without registering and preempts the state registration requirement. It addresses those crowdfunding vehicles of companies seeking security-based capital, but it established a cap of 1 million a year (12 months) with an individual investor limit of $2,000 or 5% of investor’s income if the investor’s net worth is less than $100,000.  The personal investment limited inches higher the higher the net worth of the investor.  The company issuing the offer will have to file electronically its disclosures and details for public viewing (form c).  The account opened by an investor will be done through an intermediary and its rules, where it may decline an issuer on its internet platform for reasons that may include fraud and is tasked to provide issuer’s disclosures.  As these conditions take form in 2016, small business have a greater chance of raising the necessary capital through crowdfunding.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Tuesday, December 22, 2015

Cybersecurity Buzz in Washington

Cybersecurity is at issue and a buzz in Washington with a bit of urgency and cluelessness.  From addressing anti-hacking methods to cyber security threat sharing, Congress, federal agencies, and the White House are trying to flatten their learning curve.  Private companies have been drawn in to give their two-bits and compare notes on cyber security threats.
Now with the House passing of the Protecting Cyber Networks Act (H.R.1560) (“PCNA”) and the National Cybersecurity Protection Advancement Act (H.R. 1731) (“NCPAA”) the dialogue on cyber threat sharing has covered both the concern for privacy and the manner in which to report cyber threats.  Additionally has been the query of designating the role of “portal” companies that would be tasked to report cyber threats.  The additional consideration is with the assigned role of the Department of Homeland Security as it could be earmarked as the portal for civilians.  The notion is not to house the reporting auspices within an agency having prosecutorial responsibilities.   But the weakness considered by privacy advocates is the inherent provision allowing the President the opportunity to appoint an alternate civilian portal, which could essentially open the door for government surveillance.   
Within the Cybersecurity buzz is as well the anti-hacking topic floating around as a result of the House Cybersecurity Caucus members urging the White House to change its draft regulations on ‘hacking tools.’   The private sector view is that the regulations are not based on a well-founded understanding of the distinction between defensive and offensive cyber tools.   While the stated goal is to prevent technology from getting in the hands of countries with undemocratic governments, the differing roles noted for the vying federal agencies, could instead impinge the efforts of U.S. private companies striving to protect their technological infrastructure and networks.
The wrinkle to addressing this is that the Department of State, the Department of Commerce and the Department of Homeland Security have different views on how the 2013 Wassenaar Agreement should be amended.  The Agreement has an expanded list of restrictions on dual-use technologies, including Internet-based surveillance systems and intrusion software.   Such technologies would be used to pressure and restrict journalists and governmental critics.  As is, the defined scope of ‘intrusion software’ appears too broad which will serve to prohibit U.S. companies from exporting technology they use to test their vulnerabilities and assists them on discerning where to implement cyber security improvements in their networks.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Monday, December 14, 2015

Idea Patent

Many consider having an idea into a patent and living the entrepreneurial dream.  For those who enjoy abstractions that is the beginning of something that could be valuable for all to use.  Many clients have the same query, “I have an idea and would like to know how to protect it.”  Ideas are not expressions that can be covered under the Copyright Act.  Ideas are not inventions for them to be covered by the Patent Act.  While all start from an idea per se, it is the kernel of what make it ‘intellectual property.’  Without that ‘kernel’ there would not be the exclusive right that would be attributed to the resulting item.   

The struggle for many clients is how to take the idea into a patent and draw it to the point of it being concrete so that it is no longer a concept.  So while an idea cannot be protected that should not be the final step.  The idea merits functional description and descriptive application and implementation.  Hence, the preliminary juncture toward a patent, i.e., an invention.

Business methods and ideas have gotten an outside corner 92 mph slider since the Alice decision* where the court weighed that a  computer service for financial transactions was abstract and not sufficiently tangible for it to be considered a patentable subject matter.  The take away from the Alice decision was that business methods or software were to be considered the same as was the computer service in Alice.  The conceptual turn that shines a bright light is the language from the decision in the Finjan case, whereas Finjan claimed, its invention was not abstract because it is based on computer technology and it seeks to address a tangible problem that occurs in computers.  It also argued that its claim was essentially a technical function for protecting computer networks.

In its argument, Finjan resorted to the Patent Office’s Interim Guidance on Patent Subject Matter Eligibility” of 2014.  In the Guidelines, there was a similar hypothetical to the actual claim that Finjan was seeking to establish in the case which related to detecting and removing malicious code from communications.  The court, while noting the stated guidelines and the similarity, therefore reasoned that what Finjan was claiming was not an abstraction nor was it an abstract idea.  It determined it to be a ‘function’ of software to ‘achieve’ the elimination of malicious code in electronic communications.  The court decided that the claimed patent had described identifiable steps to the claimed performance that as identified was to recognize the intrusive malicious code, remove it, and create a security file.  This, the court stated, has meaning nowhere else but within computer technology.  The lesson to be drawn from this case was that the initial idea was coupled with a descriptive functionality that achieved an identifiable result.  
 Finjan, Inc. v. Blue Coat Systems, Inc., Case No. 13-cv-03999 (11.20.15) (NDCA)
 *Alice Corp. v. CLS Bank International, 573 U.S. __, 134 S. Ct. 2347 (2014).

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Saturday, December 12, 2015

Internet Product Listing Infringing on Trademark

Internet product listing was argued to be infringing on the trademark of a watch manufacturer.  The watch manufacturer argued that it did not sell its watches to Amazon for resale nor did it authorize resale through the online retailer. The plaintiff in this case, Multi Time Machine (MTM), argued that the online retailer, Amazon was creating customer confusion.  It further elaborated that the search result format would confuse the potential customers.

Online retailer, Amazon, was sued for trademark infringement because it argued that Amazon was placing the MTM product online in a manner for when customer would search for their product watches.

The record showed that Amazon would display an image list with product names under a certain class of product.  By clicking on the image, the potential customer would be directed to the product page with the customers search term request remaining active in the search box.  The court noted that Amazon did not disclose to the potential customer that it did not carry the MTM product.  Evidence was introduced demonstrating that defendant's competing online retailers did disclose that they did not carry the plaintiff’s product. Question was posed as to why the defendant did not disclose it.

As the court weighed the evidence and expert testimony to determine the extent of potential confusion, it examined ‘initial interest confusion’ and not necessarily how customers purchase.  The court reasoned that initial interest confusion in and of itself is a trademark infringement in the goodwill associated with the plaintiff’s mark.  The online retailer would then benefit from the value and reputation of the plaintiff’s product through the effect of search results being ‘ambiguous, misleading, and confusing.’

The court also weighed into the relative strength of the plaintiff’s mark of its product.  In that analysis, coupled with the assessment of factors leading to the likelihood of confusion, the 9th Circuit on appeal reasoned that a jury could find the likelihood of confusion due to the fact that the plaintiff and defendant sell military-style watches.  More importantly, it concluded that that the jury would find that the defendant could confuse the potential customers. Multi Time Machine, Inc. v., Inc. Case No. 13-55575 (9th Cir. July 6, 2015)
Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  






Friday, December 11, 2015

Internet Freedom of Speech at Risk

Internet freedom of speech is not given the attention it merits while the EU ponders on its EU Data Protection Regulation.  Many rightfully fear that censorship is looming near and is nearer than one imagines.  While the General Data Protection Regulation (GDPR) has lingered since the 1990s, many countries have followed the EU aspiration of enhancing data protection to the extent of elevating the notion for fundamental right consideration.  Even the EU Charter underscores the notion by stating that individuals have the ‘right to protection of personal data as a separate and equal right to privacy.
This notion has had push back from companies that consider such pursuit of privacy to be inconsistent to business practices relying on marketing and other means for customer generation and profiling.  But the process for protecting personal information has had a negative impact on right to freedom of speech. By enforcing measures for the deletion of information that another individual may post on someone else, regardless of its public interest value, or about issues and policies, it effectively is denying the right of free expression.  The control and denial of the right of expression is also denying readers from being informed and forced to be informed only on future limited scope of information, hence, online censorship disguised.
Freedom of speech will be at risk of being limited as EU enforces its data protection by implementing directives to have information in the form of statements deleted from online sources.  The scope of such measures has surpassed just private information held by a company, but has now reached information that according to the Google Spain v. Mario Costeja González right to be forgotten case, is deemed to be inadequate, irrelevant or excessive about a person.
One critical concern, among others is how the GDPR’s July 2015 Draft version reads, it appears that it will exceed by implication the scope of the Google Spain’s court ruling.  There is a stated role for an internet intermediary to be tasked to asses and respond to the individual requesting the removal of online information.  This intermediary does not have the obligation to provide notice to the poster of the information. This is in contrast to Digital Millennium Copyright Act process that provides for notice and for an assessment of the legitimacy of the request by the search engine.
Another critical concern with the GDPR’s version is that while the intermediary may elect to have the content deleted without informing the poster, but still inform the downstream publishers and recipients of the otherwise posted content, the intermediary is responsible to provide the posters information to the individual requesting the content removal.  In essence, the GDPR provisions do in fact allow for personal information to be shared.
With the high penalties assessed on the poster/writer of the online posts if the EU authorities subsequently determine that it should have been removed, an intermediary tasked to assess will be most likely inclined not the take the risk of being penalized and out of caution direct removal of the posted content, provided the absence of countervailing public interest value of the posted content, and at the same time be obliged to provide the requester the personal information of the poster.  So, while the EU provision claims to seek the protection of privacy it allows for the personal information of the author of the post to be shared to the individual requesting the deletion, or claiming a right to be forgotten.  Internet freedom of speech may be at risk in the EU.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Thursday, December 10, 2015

Internet Technology and Encryption

Internet technology and encryption is placed at the forefront of the debate about how to process, store, secure, report, you get the picture, of communication that are otherwise deemed private.  The discussion embraces the ideas of using back-door means for law enforcement to peruse and search for possible suspects of the terror and their plots before a catastrophe engulfs us all.
The critical issue is the absence of a discernible policy on the idea of enhancing detection of terrorist intents.  On the long-term is the question how to administer the gathered information, if not differently from information in ‘transit’ that is detectably suspect.  In all points of concern, privacy relaxed for the greater is conceptually prevailing in intelligence and law enforcement discourse.  The crux of the concern with internet technology and encryption is the application of encryption of a device as opposed to the encryption used in communications between the use of devices.
By using the means of encryption an encoded message is created where only the reader with the key so-to-speak will understand the message.   A process of key specific means without backdoors is the problem that is being discussed.  Depending on the encryption system created backdoors are inept to discern the context of a communication.
While some argue for standardized encryption systems as we utilize in the financial and medical industries that are devoid of back doors, the broad use of encryption poses security vulnerabilities and creates a dark world or ‘dark web.’  The debate is about striking a balance between policy (law) and technology where there is the growing need to either know the contents of a device (cell, computer, tablet, etc.) or  to know the context of an ongoing communication (wiretap).  The former is a process involving law enforcement and the latter is a process of intelligence and information gathering.
Major software companies provide a mobile operating system that allows the user to be the only one possessing the key.  Law enforcement is stumped after the operating systems were changed from the provider housing the key to the user possessing the key.  The terrorist events are reigniting the debate toward seeking to have the software companies to possess the keys and rely on user.  But the debate is trumped by the existence of community-developed operating systems devoid of a company that can be forced to design a suitable operating system allowing for backdoors and numerous available software that provides encryption in a varied operating environments.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Trade Secret Act Update

Trade secret law and practice is about to change if Congress pursues the "Defend" Trade Secrets Act with the current provisions.  Not only will the practice change, rights as well as competition, may be affected for the worse.  The attention that this legislative activity is getting regarding trade secrets is scant to say the most.   Those larger entities holding a long list of trade secrets are pushing for its passing.  Yet the fact that the bill has issues has not driven the attention it needs in order to address the glitches that will affect industries, innovation, competition, and it practice.  To this day few are aware of the consequences of what the bill intends to do with regard to how courts will address trade secret misappropriation or theft.
Because the litigation involved in trade secret cases is murky where claims cross so commonly, the bill will have a chilling impact in the litigation process and could very well lead to a more anti-competitive environment.  The bill proposes to provide a procedural ‘fast lane’ allowing trade secret owners to prosecute claimed trade secrets takers through a newly created ‘ex parte’ step.  The bolder that crushes the process is the absence of notice that would otherwise inform the individual ‘defendant’ that its assets are going to be seized and that a court proceeding is going to adjudicate its rights to the claimed trade secrets.
This is without precedent in the field and most importantly, due process for defendants is rendered nil due to the fact that the bill proposes to not allow adequate notice of judicial proceedings regarding the claims against them nor provide them adequate opportunity to argue their position in court over the trade secrets in question.   More discussion and review is needed before its passing.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Tuesday, December 8, 2015

Internet Privacy – Florida Privacy Protection Act

Internet Privacy Law - Florida Internet Privacy Law
The flow of information from internet usage and ' Internet of Things'  is easily accompanied with its collection and systemic use for other purposes. Digital profiles are created with every online user’s key stroke, site visited, and key word used. In 2015, the Florida Legislature addressed many aspects of privacy.  It addressed systemic data gathering; data breaches; law enforcement use of RFID technology, school records privacy, portable electronic devices; and the use of identifiers by electronic communications services.
The 2015 Florida Legislature promulgated the Florida Privacy Protection Act.  The Act establishes Section 934.60, Florida Statutes, prohibiting electronic communications providers providing third parties with information that reveals the IP of users without the express permission of the subscriber or customer. Each violation will entitle the person to recover $10,000 penalty and civil actions must commence within 2 years of the date of the disclosure.  The Act construes digital data as property that is constitutionally protected from unreasonable search and seizure.
Specifically, the Act establishes the following: Section 933.41, Florida Statutes, relating to prohibition against searches using wall-penetrating radar device;  Section 934.60, Florida Statutes, pertaining to IP address privacy and the identification of users without their express consent;  Section. 934.70, Florida Statutes, regarding PEDs “portable electronic device” privacy; and  Section 1002.227, Florida Statutes, addressing contract requirements relating to student data usage.   The FPPA also places restrictions on the use of RFID by the Department of Highway Safety and Motor Vehicles. The Act became effective July 1, 2015.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Social Media Information in Litigation

Social media use and its information is telling of someone and it is increasingly sought after in court cases where we see social media information used in litigation. Many times social media accounts are a well-spring of vital information that can tip a case on its head. The information can reveal truthfulness or the lack thereof or even a possible smoking gun on liability. Gathered SNS information has at times revealed information discrediting the plaintiff’s damage claims.
While the balance is the pursuit of what is relevant, the predominance of social activity in “SNS” (social network sites) is drawing a need for revisiting discovery rules where social media information used in litigation is raised. The extreme efforts to discover – intrusively – personal information that is only available amid a person’s SNS network is also causing the court to reassess how the rules will address such discovery pursuits; particularly, when a party requests the court to approve the discovery request for passwords and login credentials of the opposing party.
The ultimate question wrestles with what is the inevitable discovery boundary. Absent a third party product that when applied sifts through a SNS account for relevant information, all discovery in SNS depends on the discretion of the information provider vis-à-vis the requester. The latter always deems all posted in SNS by the opposing party as fair game to be discoverable.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  

Trade Secrets and Employee Misappropriation

Employers overwhelmingly experience theft of trade secrets and employee misappropriation of employer intellectual property.  Employees transferring company confidential communications, business information, and items normally considered trade secret to a thumb drive or personal drives and accounts, could face being sued for a sundry of claims, including misappropriating trade secrets (violating the Uniform Trade Secrets Act), breach of fiduciary duty to the employer, and breach of non-disclosure agreement.
The Utah Supreme Court in InnoSys, Inc. v. Mercer2015 UT 80, over turned the state district court which had held in favor of the employee stating that “there was no objectively reasonable basis to believe that Mercer [employee] had harmed InnoSys or was threatening to do so.”
On appeal, the issue hinged on whether, as the lower district court determined, if the employer provided sufficient evidence of experiencing harm or the threat of it from the employees misappropriation of company trade secrets. The higher court determined differently, in that the element of the existence of harm was not important.
The Utah Supreme Court stated that when an employer demonstrates a prima facie case of misappropriation of trade secrets under the UTSA, there is a presumption of irreparable harm.  Based on this analysis, employers are not required to demonstrate damages and there is the presence of threatened harm of disclosure that supports injunctive relief.  On many levels, theft of trade secrets and employee misappropriation is irreparable to a business. 

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.  


IP Address and You

The use of an IP address is central to how the Internet functions.  The IP address reveals information about you, your trends, location, and a whole lot more.  By use of an email, say sending an email, the recipient can learn your location.  Through the IP address your internet service provider can be learned as well.  While the information may be limited to your location and your ISP, the online activity through a particular IP address can decipher more about the user.
Studies have been conducted to learn the extent of the information that is discernible from an IP address.  Network specific studies are easier to conduct and have revealed alarming information.  The Canadian Privacy Commission (CPC) sought to conduct a study within its network using a search vehicle to learn about the users of the internet through their network.  CPC was able to learn a variety of the following:  search history of the person to reveal interests, activity on sites to reveal purpose of use, sites visited to reveal a more detailed level of interest of the user, posting of comments on sites, online purchases, and even future vacation plans before they ask for the leave.
Advertisers pay handsomely for this information to enhance their directed marketing efforts. Employers may use this data to monitor their employees.  Government can use this data to anticipate security risks. Indeed, the IP address reveals much that many users do not realize.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."
Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.