Saturday, July 30, 2016

Cloud Storage Across Borders

Cloud storage of data for business brings efficiencies and as well could bring unbeknown reasons for concern.  Data is not static and neither is how it be directed for load balancing.  It is not only stored, it is shared via transfers and as such it is accessed by users. How the data is accessed and managed differs among businesses.  Whether the processes occur across national borders that is the issue being raised for consideration. If the operating server is located overseas that punctuates the issue of jurisdiction and welcomes international law to the realm of cloud computing via the protocols of the Internet in business practices.
The idea of a national law applying overseas, i.e., ‘extraterritoriality’, is common by the design of international agreements says in the Telecomm industry and natural gas referring to antitrust.[1]  Countries engage in mutual agreements to foster assistance with enforcement of law such as the mutual legal assistance treaties that the U.S. has engaged in with European and South American countries.  But when the national law addresses a function that has the capability of crossing borders, it must not be silent in order to apply cross-border .  When a law was written without cognition of its need to address international aspects of business, the law then is rendered ineffective to address the desired reach.
This transpired with the United Stated government seeking to apply the Stored Communications Act[2] for the purposes of acquiring data in an investigation.  When a law such as the SCA that was promulgated several decades ago without contemplation of business practices extending into cross-border digital records management, it will appear archaic and drastic need of congressional action to enhance its currency to today’s business practices.  In Microsoft Corp. v. U.S.[3], Microsoft sought to appeal the previous magistrate’s and district court’s determination of the United States District Court for the Southern District of New York, which denied Microsoft’s motion to quash a warrant.  The U.S. issued a warrant for records under the SCA that were stored on servers stationed outside of the U.S.  The records sought by the U.S. the contents of users emails.  Microsoft ran the risk of being held in contempt for failure to abide by the warrant.
The actual rendition of the SCA that was overturned was the depiction of the SCA warrant as if it was subpoena and not a search warrant.  With this depiction, the district court construed that Microsoft was compelled to produce that which it has control over and it operated and maintained.  The district court did not consider the location of the where the sought data to be an important consideration.  The district court stated that Congress intended the SCA to oblige ISP (internet service providers) to produce information that was under their control even if it was outside the United States. It, however, stayed its decision allowing for Microsoft’s appeal.
As Microsoft appealed, the issues of extraterritoriality reach of SCA and explicit intent of the statute to apply abroad became crucial was contemplated by the Second Circuit.  It also noted that the data content being sought by the United States was abroad located on a server in Ireland.  With the absence of the SCA having an international scope and the United States conceding the absence, the court determined that a warrant only applied if it is contemplated to be executed within the territorial confines of the United States.  The court depicted that an SCA warrant is not a subpoena and that it did not have that authority.  The Second Circuit rejected the district court’s description that the SCA warrant was equal to a subpoena.
As Congress proceeds to address enhancing the SCA it will encounter the various methods of data storage and integrated data sharing processes.  It will also have to embrace how the SCA will chime with European Union’s new General Data Protection Regulation (GDPR) and the EU-US Privacy Shield.  Privacy of user records remains the central point that will dominate the discourse as the SCA is placed under the microscope for contemporary relevance.
[1] Author’s doctorate in international law:  ‘Determining Jurisdiction Across Borders - Extraterritorial Application of Antitrust’. Doctoral dissertation, 2004 – Josef Korbel School of International Studies, University of Denver, Denver, Colorado.
[2] Stored Communications Act, 18 U.S.C. § 2701-2712.
[3] Microsoft Corporation v. the United States of America, No. 14-2985 (2d Cir. July 14, 2016)

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2013- 2016, all rights reserved, Lorenzo Law Firm, P.A.

Friday, July 22, 2016

Privacy Policy and Terms of Use of Smartphone Games

Privacy concerns over the use of a fun new game are not high among many users who by and large may not read the fine print of terms of use and the game’s privacy policy.  The manner in which the game is subscribed to via the use of an existing social media account for authentication purposes permits the sharing of personal information.  I call this ‘cross-identification’.  This all is under the rubric of making sure the user is who he or she says they are and for security reasons as well.  The concern that emerges is the extent of access that a game may receive unbeknownst to the newly subscribed gamer.
While there are concerns that will be addressed later, the benefits are for the immediate gratification of access and ease of use. The designers of the game believe that the easier it is for the player to sign-up the more the game will be accessed.  The designers use the vehicle already provided by the authenticating credentials that reside in the player’s smartphone.  By using the method, the subscriber does not have to establish a new account.  The broader view of this benefit also causes security minded individuals to imagine a centralizing source of credentials that all soon to be subscribed games, apps, programs, you name it, will just resort to in order to prove who actually is the subscriber.  That centralizing source will house and collect subscriber’s device identification, operating system, location information, personal settings and use information of the device.
This concern arose with Pokémon Go’s success as reported by the Guardian, that it caught Congress’ attention. The concern actually raised by Senator Al Franken was the extent of data that the game would be collecting on the subscribers, which would include children.  What lurks is the possibility of the data being used in ways undisclosed.  The reasons for the information collected as well is important to discern.   In a letter from Senator Franken, the Senator voiced his concern over the extent and need for the collecting and using and sharing of players/subscribers private data and if there has been appropriate informed permission to do so.  These concerns were sent to the developer of Pokémon Go game.
Games and Apps have privacy policies that state their sharing protocol but seldom do the subscribers learn to whom their personal information is given and the purpose for the sharing.  The creeping issue is the matter of how to deal with rogue apps that can be nefarious especially once infiltrating Google’s app store.  The would-be gamer seeking a game may subscribe to a rogue game that extracts the gamers personal information and beyond as unknowingly full access is given to the users Google account as he or she is setting up the game on their iOS device.
To this day, rogue apps are getting harder to identify as they share information by being able to gain full access to accounts on user devices.  With cross-identification, the adage that a chain’s strength is determined by its weakest link may hold true where an email account can serve as a way into a user’s personal treasure trove identifying information.  How that Google linkage for subscription serves a viable vehicle for external and or internal intruder to pierce the veil of a network to garner email information, and the valued token that allows for the linking and user information to be transacted.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2013- 2016, all rights reserved, Lorenzo Law Firm, P.A.

Privacy Policy and Terms of Use of Smartphone Games

Privacy concerns over the use of a fun new game are not high among many users who by and large may not read the fine print of terms of use and the game’s privacy policy.  The manner in which the game is subscribed to via the use of an existing social media account for authentication purposes permits the sharing of personal information.  I call this ‘cross-identification’.  This all is under the rubric of making sure the user is who he or she says they are and for security reasons as well.  The concern that emerges is the extent of access that a game may receive unbeknownst to the newly subscribed gamer.
While there are concerns that will be addressed later, the benefits are for the immediate gratification of access and ease of use. The designers of the game believe that the easier it is for the player to sign-up the more the game will be accessed.  The designers use the vehicle already provided by the authenticating credentials that reside in the player’s smartphone.  By using the method, the subscriber does not have to establish a new account.  The broader view of this benefit also causes security minded individuals to imagine a centralizing source of credentials that all soon to be subscribed games, apps, programs, you name it, will just resort to in order to prove who actually is the subscriber.  That centralizing source will house and collect subscriber’s device identification, operating system, location information, personal settings and use information of the device.
This concern arose with Pokémon Go’s success as reported by the Guardian, that it caught Congress’ attention. The concern actually raised by Senator Al Franken was the extent of data that the game would be collecting on the subscribers, which would include children.  What lurks is the possibility of the data being used in ways undisclosed.  The reasons for the information collected as well is important to discern.   In a letter from Senator Franken, the Senator voiced his concern over the extent and need for the collecting and using and sharing of players/subscribers private data and if there has been appropriate informed permission to do so.  These concerns were sent to the developer of Pokémon Go game.
Games and Apps have privacy policies that state their sharing protocol but seldom do the subscribers learn to whom their personal information is given and the purpose for the sharing.  The creeping issue is the matter of how to deal with rogue apps that can be nefarious especially once infiltrating Google’s app store.  The would-be gamer seeking a game may subscribe to a rogue game that extracts the gamers personal information and beyond as unknowingly full access is given to the users Google account as he or she is setting up the game on their iOS device.
To this day, rogue apps are getting harder to identify as they share information by being able to gain full access to accounts on user devices.  With cross-identification, the adage that a chain’s strength is determined by its weakest link may hold true where an email account can serve as a way into a user’s personal treasure trove identifying information.  How that Google linkage for subscription serves a viable vehicle for external and or internal intruder to pierce the veil of a network to garner email information, and the valued token that allows for the linking and user information to be transacted.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2013- 2016, all rights reserved, Lorenzo Law Firm, P.A.

Saturday, July 16, 2016

Defamation Online Issues




Defamation online in reviews posted by readers and comments stated in social media platforms throughout the United States and across its borders, raise legal questions. The aspects of posts in general also raise the issues of responsibility an individual has in controlling the content of one’s Facebook page or blog.  The Communication Decency Act, Section 230 was intended to protect readers from objectionable communications and to also shield platforms from the effects that third-party posts could have on other readers who may find posted content objectionable and defamatory.  The problem that arises for many who are actively posting and commenting on their own blog, Facebook page and what not, is that if they are actively engaged in a conversation where defamatory contact is posted, they may be deemed responsible for the defamation to have occurred on their site.  This may be so when the statement that could have been deleted within a reasonable time of its posting was not deleted by its owner.
Commenting on the quality of a service or product and the republication of a video, a restatement of a defamatory comment or a publication of link that leads to defamatory content raises different legal issues.  For instance, with regard to latter scenario, the publication of a link does not republish the content that is defamatory making someone liable.  The publishing of the link only shows the online location where the content resides.  The search engine, then upon the user’s selection of the link, will retrieve the site selected by the link.
On the other hand, republishing online a defamatory online video or statement triggers jurisdictional questions regarding the requisite contact to establish jurisdiction.  By virtue of a user going online on a particular website the requisite connotation of minimum contacts is not met for jurisdictional purposes.  There is a lack of geographic positioning to the act itself.  That is one of the complications of online communications where a user’s location may be different than the location of the server and certain protections may not be afforded.
Furthermore, the manner in which the content is presented, either through a blog, a generic site or just a social media page, may be rendered an opinion and not considered defamation.  The lack of formality of the content stated could also be deemed as lacking facts and affirmative statements which will appeal more to being an expression of opinion than rising to the level of defamation.  When posting or engaging in sharing of information online, the user should be mindful of these considerations in order to avoid a defamation claim. The subject of an online statement should also be noteworthy of the jurisdictional element present in Internet communications via blogs and social media platforms where the subject may be addressing a location.  Indeed the questions raised by defamation online and the resulting claims have several considerations for the user or the subject of the posted statement or media.

Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2013- 2016, all rights reserved, Lorenzo Law Firm, P.A.

Free Speech and Purpose Driven Ads

Free speech has come a long way through hurdles and bumps as a result of the Internet.  Many postings are challenged as well are ads online. The Seventh Circuit Court of Appeals had to struggle with such an issue in a case that arose from a municipal ad.[1]
Judge Posner in his analysis of the prohibition by Fort Wayne Public Transportation Corp. of Health Link’s ad stressed the purpose of the prohibition.  In that, it stated that “Citilink refused to allow the ad to be posted. It forbids public service ads that “express or advocate opinions or positions upon political, religious, or moral issues.”  The court noted that indeed the ad did not state or express an advocacy for any position.
The court as well noted that despite the ads’ absence of claiming and stressing an opinion or advocacy, Citilink became aware that Health Link was among other provided healthcare services, was also providing services that were alternatives to abortion including adoption counseling.  Based on Citilink’s consideration that abortion is a moral issue, and Health Link provided services among which provided counseling services for an alternative to abortion, it deemed Health Link’s ad prohibitive.  As such, it determines that Health Link ads should not be displayed on the buses throughout Fort Wayne’s transportation system run by Citilink.
Health Link argued that the First Amendment was intended to protect free speech for all people, regardless of their political or religious stance.  If the City of Fort Wayne were to allow similar if not nearly identical ads of other nonprofits providing services, it cannot be allowed to single out Women’s Health Link for purposes of censorship.  The plaintiff further stated that “government has a responsibility to ensure that all organizations benefit from community advertising.”
The court took note of the purposes of the municipality to run ads on buses as a source to raise funds. It is common that ads should not advocate “political, religious, or moral issues.”  This type of restriction, as the court well noted, is based on the advertisement.  The restriction should not be based on the advertiser or what the advertiser does among its many services offered to the community at large.  The ad plainly stated offering “Free resource for women seeking health care,” which anyone would ascribe to be an acceptable value free service.
However, in making the distinction on the basis of the prohibition being on the advertisement and not on the advertiser, the court determined that what Citilink was prohibiting was based not on the advertisement, but the restriction was being applied on the advertiser and its affiliations and what services it provides.  Citilink disapproved of one of many of Health Link’s provided services within the panoply of women’s health care available services.  The court stressed that as the content of the ad was not objectionable and the ad did not express a religious or political and moral issue, the only basis of Fort Wayne to seek to restrict the ad was by essentially restricting an organization’s right to free expression because of the organization’s affiliations.  This “going behind” approach to restricting ads was determined by the court as objectionable.
Judge Posner clearly articulated that regulation cannot and should not be used to stifle free speech, so long as the ad did not violate the rule of the city.  In doing so, the city’s actions, the court stated, were unjustifiable, arbitrary, and a discriminatory restriction of Health Link’s speech.
[1] Women’s Health Link, Inc. v. Fort Wayne Public Transportation Corp., No 16-1195 (7th Cir. June 22, 2016). On appeal from 1:14-cv-0107 (NDIN).
 Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2013- 2016, all rights reserved, Lorenzo Law Firm, P.A.