Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Facebook Sues Lawyers for Deceit and Malicious Prosecution for Representing Ceglia

Posted in eCommerce, Social Media

DLA Piper and a group of law firms are accused of conspiring “to file and prosecute a fraudulent lawsuit” on behalf of Paul Ceglia who fabricated evidence that he owned 84% of Mark Zuckerberg’s stock in Facebook. On October 20, 2014 Facebook and Mark Zuckerberg sued the group of lawyers in NY state court who represented Celia which began in 2010.

In 2012 the FBI arrested Geglia for alleged criminal violations regarding fabricating evidence that Zuckerberg and he signed a contract in 2004 for web design for Facebook. The Complaint filed for mail and wire fraud by the US Postal Service includes these allegations against Ceglia that he:

  • filed a federal lawsuit falsely claiming that he was entitled to at least a 50% interest in Facebook.
  • has deliberately engaged in a systematic effort to defraud Facebook and Zuckerberg and to corrupt the federal judicial process.
  • manufactured and destroyed evidence, for instance replacing a page of the original contract with a fraudulent one that made it look like Zuckerberg had offered Ceglia interest in the company.

The Litigation Daily reported that “DLA Piper general counsel Peter Pantaleo vowed to fight the suit and emphasized that his firm represented Ceglia for less than three months”:

This is an entirely baseless lawsuit that has been filed as a tactic to intimidate lawyers from bringing litigation against Facebook…

Given the target on Facebook to be sued, more lawsuits will surely follow so it will be interesting see what happens in this new lawsuit.

$10 Million Fines for Privacy Violations

Posted in Internet Privacy

The Federal Communications Commission (FCC) announced that it was issuing fines since “TerraCom and YourTel apparently stored Social Security numbers, names, addresses, driver’s licenses, and other sensitive information belonging to their customers on unprotected Internet servers that anyone in the world could access.” However, the FCC stated in “their privacy policies, the two companies stated that they had in place ‘technology and security features to safeguard the privacy of your customer specific information from unauthorized access or improper use.’”

On October 24, 2014 the FCC issued a press release that this was the FCC’s “first data security case and the largest privacy action” based violations “from September 2012 through April 2013” when the companies:

…allegedly breached the personal data of up to 305,000 consumers through their lax data security practices and exposed those consumers to identity theft and fraud.

Travis LeBlanc, Chief of the FCC’s Enforcement Bureau stated:

Consumers trust that when phone companies ask for their Social Security number, driver’s license, and other personal information, these companies will not put that information on the Internet or otherwise expose it to the world,..When carriers break that trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices.

The Washington Post reported that these privacy violation were detected:

When reporters for the Scripps Howard News Service stumbled on the data with a simple Google search, they reported on the lax security and notified the FCC

Company need to better protect customer data, and particularly when they promise to guard it from unauthorized access.

FTC Shuts Down Company that Made $2.5 Million Masquerading as Facebook & Microsoft

Posted in eCommerce

A court granted the FTC’s motion to “shut down a company that scammed computer users by tricking them into paying hundreds of dollars for technical support services they did not need, as well as software that was otherwise available for free.” In the case of FTC v. Pairsys, Inc. et al, the FTC persuaded a US District Judge in the Northern District of New York to issue an injunction to cease their operations. The FTC alleged that since 2012 the defendants made over $2.5 million with these scams:

Whether consumers were cold-called by the company or drawn in by deceptive ads, the FTC’s complaint notes that what followed was a deceptive and high-pressure sales pitch conducted by scammers in an overseas call center. The scammers would convince a consumer to allow them to have remote control over the individual’s computer, in order to analyze the supposed issues.

Once they had access to a consumer’s computer, the FTC alleges, the scammers would lead the consumer to believe that benign portions of the computer’s operating system were in fact signs of viruses and malware infecting the consumer’s computer. In many cases, they implied that the computer was severely compromised and had to be “repaired” immediately.

At that point, consumers were pressured into paying for bogus warranty programs and software that was freely available, usually at a cost of $149 to $249, though in some cases, the defendants charged as much as $600 for the supposed products. The FTC’s filings in the case allege that the company made nearly $2.5 million since early 2012.

Jessica Rich, director of the FTC’s Bureau of Consumer Protection stated:

The defendants behind Pairsys targeted seniors and other vulnerable populations, preying on their lack of computer knowledge to sell ‘security’ software and programs that had no value at all,

Although successful in shutting down these scammers, there are still many stealing monies from unsuspecting Internet users.

LinkedIn Allegedly Violates Federal Law by Making Employment History Available

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

A new class action lawsuit alleges that on LinkedIn “any potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained.”  In the case of Tracee Sweet et al v. LinkedIn which was filed on October 4, 2014 in the US District Court for the Northern District of California, the potential class makes these allegations against LinkedIn for violations of the Fair Credit Reporting Act (FCRA):

(1) fails to comply with the certification and disclosure requirements mandated by the FCRA for credit reporting agencies who furnish consumer reports for employment purposes,

(2) fails to maintain reasonable procedures to limit the furnishing of consumer reports for the purposes enumerated in the FCRA and to assure maximum possible accuracy of consumer report information, and

(3) fails to provide to users of the reference reports the notices mandated by the FCRA.

LinkedIn currently claims that it “operates the world’s largest professional network on the Internet with more than 313 million members in over 200 countries and territories.”

Given LinkedIn’s business model of members posting employment history it is hard to believe that there are FCRA violations, so this will be an important case to follow, but of course the court has to approve the class before the case proceeds.

$600,000 Fine for Blocking WiFi Hotspots in Hotel

Posted in eCommerce, Internet Access

TexasBarToday_TopTen_Badge_Small (1)

The Federal Communications Commission (FCC) fined a hotel after “some of its employees in a Nashville hotel illegally blocked private WiFi signals and customer hotspots so that guests and conference attendees would have to pay to use the hotel’s WiFi services.” On October 6, 2014 the FCC reported that the “incident occurred in March 2013 at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee” and that the hotel:

…had used features of a WiFi monitoring system at the Gaylord Opryland to contain and/or de-authenticate guest-created WiFi hotspot access points in the conference facilities.

The FCC stated that:

Blocking of such signals is a violation of Section 333 of the U.S. Communications Act, according to the FCC. Section 333 provides that “No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this Act or operated by the United States Government.” That interference includes any kind of jamming or other interference with such signals.

This FCC fine should change how WiFi is offered in hospitality settings in the future.

40 Count Indictment Against Cybercriminal for Stealing Credit Cards and Offering Online Tutorials

Posted in eCommerce

A Russian cybercriminal allegedly “was a leader in the marketplace for stolen credit card numbers, and even created a website offering a tutorial on how to use stolen credit card numbers to commit crime.”  According to an October 9, 2014 Department of Justice (DOJ) Press Release that Roman Valerevich Seleznev, aka “Track2,” 30, of Vladivostok, Russia was indicted:

…with 11 counts of wire fraud, nine counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.

The government expects to prove at trial (currently scheduled for trial on November 3, 2014):

…between October 2009 and October 2013, Seleznev allegedly hacked into retail point of sale systems and installed malicious software to steal credit card numbers from various businesses. Seleznev allegedly created and operated the infrastructure to facilitate the theft and sale of credit card data, used servers located all over the world to facilitate his operation, and sold stolen credit card data on a website known as “2pac.cc.”

According to Oregon Live in August 2014:

U.S. Secret Service agents, working with local officials, arrested Seleznev at an airport in the Maldives last month as he was preparing to return to Russia from vacation with his girlfriend. He was flown to the U.S. territory of Guam, where another federal judge sent him to Seattle.

He has pleaded not guilty to the charges, which carry a range of potential penalties, with some counts punishable by up to 10 years in prison and a $250,000 fine.

The DOJ also reported that:

Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

These will be important trials that hopefully will deter future cybercriminals.

What a Surprise! US Supreme Court Relies on Unsubstantiated Internet Facts

Posted in eCommerce

We all know that “everything on the Internet is true” or at least as presented in Amicus (friend-of-the-court) briefs to the US Supreme Justices who have to figure “out how to distinguish between real facts and Internet facts.”  On August 27, 2014 Professor Allison Orr Larsen (College of William and Mary Law School) wrote a Virginia Law Review article entitled “The Trouble with Amicus Facts” stating that the “court is inundated with 11th-hour, untested, advocacy-motivated claims of factual expertise.”   Professor Larsen also wrote:

The Supreme Court may be hungry for more factual information than the parties can provide, but this Article argues the amicus brief (at least under current rules) is not the best place to find it. In a digital world where factual information is exceedingly easy to access, more amici than ever before can call themselves experts and seek to “educate” the Court on factual matters. In the 79 cases from last term, for example, 61 of them involved an amicus brief filed to supplement the Court’s factual understanding of the case.

The New York Times commented on Professor Larsen’s research:

Some of the factual assertions in recent amicus briefs would not pass muster in a high school research paper. But that has not stopped the Supreme Court from relying on them. Recent opinions have cited “facts” from amicus briefs that were backed up by blog posts, emails or nothing at all.

Supreme Court Regularly Researches on Google

After studying opinions over 15 years Professor Larsen concluded that Justices on the US Supreme Court regularly use Google since apparently Opinions issued by the Supreme Court cite facts never offered by the lawyers’ briefs in another article in the Virginia Law Review in 2012 entitled “Confronting Supreme Court Fact Finding.”

No surprises in either law review article, but why is this different than before the Internet?  Just because someone writes a book does not make it any truer than facts on the Internet.

$100+ Million Lawsuit Threat to Google Over Celebrity Pictures

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

A demand letter reminded Google of its corporate motto “Don’t be evil,” alleged that Google is making “millions and profiting from the victimization of women,” and that “it is time that Google owns up to its conduct and remedies this gross violation of law, ethics, moral and basic privacy rights.”  The October 1, 2014 letter with a Re line “Google’s Repeated Copyright & Privacy Violation in Connection with Hacked Photo Scandal” was sent by attorney Martin Singer of the Los Angeles, California law firm of Lavely & Singer on behalf of over:

…a dozen female celebrities, actresses, models and athletes, whose confidential, personal, private photos and videos (the “Images”) were recently hacked from their respective iCloud accounts and illegally posted on various websites and blogs, including YouTube, Blogspot and other Google based sites, servers and systems.

Mr. Singer’s letter also accuses Google of unethical behavior for which Google is exposed to significant liability for compensatory and punitive damages that could excel $100,000,000 for:

…Google’s despicable, reprehensible conduct in not only failing to act expeditiously and responsibly to remove the Images, but in knowingly accommodating, facilitating and perpetuating the unlawful conduct.

eWEEK reported about Mr. Singer’s letter and described the a common security researcher practice known as Google Hacking  as  ”searching for bad things, including potential security issues on Google…” However “whether Google is responsible for users who are searching for bad things” is unclear with mixed opinions by technology experts interviewed by eWEEK.

Privacy Policy Challenge: Google Ordered to Cease Data Profiling in Germany

Posted in eCommerce, Internet Privacy

A recent administrative order was issued for Google to “to take the necessary technical and organisational measures to guarantee that their users can decide on their own if and to what extend their data is used for profiling.” Last week the Hamburg Commissioner of Data Protection and Freedom of Information (HmbBfDI) ordered that Google is “compelled to collect and combine user data only in accordance with the existing legal framework.”

The HmbBfDI made the following complaint about Google’s privacy policy:

…Google excludes the association of especially sensitive data with other usage data for the purpose of presenting users tailored ads. Nevertheless the combination of all the collected data form the different single services used allows the creation of meaningful and nearly and comprehensive personal records.

The HmbBfDI cited as examples that Google content and usage date collected the following data about individuals:

  • to compile detailed travel profiles by evaluating location data,
  • to detect specific interests and preferences by evaluating search engine use,
  • to assess the user’s social and financial status, their whereabouts and many other of their habits by analysing the collected data and
  • to infer information such as friend relationships, sexual orientation and relationship status.

The Washington Post made the following observation:

That administrative order is bringing to a head the question of whether U.S.-born, ad-driven Web services like Gmail, YouTube and Facebook can peacefully co-exist with a Europe that is enormously sensitive about possible incursions on personal privacy.

Many countries in the EU have been highly critical since 2012 when Google changed its Privacy Policy and no doubt these types of orders will continue to be issued in the EU.

Bitcoin Company Shutdown for Failing to Deliver Bitcoin Mining Computers

Posted in eCommerce

Based on the FTC’s request, a judge enjoined Butterfly Labs from marketing “BitForce” which were “specialized computers designed to produce Bitcoins, a payment system sometimes referred to as “virtual currency.”” According to the FTC’s complaint,” as of September 2013, more than 20,000 consumers had not received the computers they had purchased.”  So on September 18, 2014, US District Judge Brian Wimes (Western District of Missouri) in the case of FTC v. BF Labs, Inc. et al issued an Ex Parte Order enjoined the defendants “from misrepresenting, expressly or by implication, directly or indirectly:”

1. The amount of Bitcoins or any other virtual currencies Defendants’ products or services will generate; or

2. When products or services will be delivered to consumers.

The Ex Parte Order included a repatriation of foreign assets that the defendants had 5 business days to provide the Temporary Receiver “full accounting of all assets, accounts, funds, and documents outside of the territory of the United States that are held either”:

(1) by them;

(2) for their benefit;

(3) in trust by or for them, individually or jointly; or

(4) under their direct or indirect control, individually or jointly.

There is another side to this story as eWeek reported:

According to Butterfly Labs, the company shipped more than $33 million worth of products to customers. The Butterfly Labs Bitcoin miner technology was sold in multiple places, including popular online retailer TigerDirect.com. TigerDirect currently lists the Butterfly Labs Bitcoin miner as being out of stock.

Bitcoin headlines will continue because as the FTC pointed out in its news release “We often see that when a new and little-understood opportunity like Bitcoin presents itself, scammers will find ways to capitalize on the public’s excitement and interest.”