Domingo Rivera Cyber Lawyer Blog

Internet lawyer Domingo Rivera blog on cyber law topics

Computer Hacking and Unauthorized Access to Computer Networks: Curiosity Can Kill the Cat

Recently, we have encountered many instances of the following scenario... Often out of curiosity, an Internet website visitor may exceed his authorized access under his access login or under the website's terms of use.  Website access scripts are easily available online. Their use, however, may generate serious accusations of computer crime, specifically hacking and unauthorized access.  Under cybercrime and computer laws, a conviction for computer hacking can carry 20 years to life in prison.

If you are accused of computer hacking or unauthorized access to a computer network, our computer hacking defense attorneys understand the technical aspects of the Internet and can provide you with a top tier computer hacking defense.

  584 Hits

The importance of having a computer expert as your Internet cyber trial attorney

During a cyber trial, a computer crime, or a trial involving issues of Internet law, I can’t overstress the importance of having an attorney who is not only a legal subject matter expert, but also an expert in computer technology and the technical concepts related to the Internet.

Case in point, we recently completed a long and complex cyber crime trial.  We were fully equipped to expertly handle the criminal defense aspects of the case, we knew the law, how to cross-examine witnesses, and how to establish reasonable doubt.  However, during the trial, it was our technical expertise what allowed us to provide a unique perspective to the evidence presented.

For example, the alleged criminal activity was traced to our client’s IP address and MAC addresses.  However, the documentation used by the government contained errors that only an attorney with expert Internet technology knowledge would have caught.  Error number one was that one of the MAC addresses utilized by the government to justify the search warrant had one character too many, i.e., it was not valid.  The other MAC address pointed to a laptop computer, but the government identified it as a router.  These critical defects would have probably gone unnoticed to the eyes of the typical lawyer.  Does the average attorney even know how many characters there are in a valid MAC address?  I can guarantee you that the answer is no.

Another issue that came up was that the government’s evidence was mostly obtained through forensic analysis of hidden system files, such as the thumbs.db file and others.  If it takes forensic analysis to even retrieve evidence that a client who is not technically sophisticated and who does not have the necessary computer forensic tools is accused of “intentionally” possessing, how can the government show intent?  It took a lot of finesse, patience, and art to explain to the court how the evidence presented could have been retrieved in the first place.  The typical non-technical attorney would have had a hard time understanding these concepts and attacking this evidence.  I have seen cases forced to a settlement or plea that is not warranted under the circumstances simply because, although the attorney can competently argue the law, he/she can’t competently argue the technology.  Our expertise includes technical degrees in Computer Engineering and years of Internet technology experience.

  522 Hits

Microsoft Corporation Sues a Dentist for Trademark Infringement and Cybersquatting

The Anti-cybersquatting Consumer Protection Act (ACPA) makes those who register infringing domain names in bad faith liable to civil suits from a trademark owner.  

Microsoft has filed a trademark infringement suit against a California dentist, Dr. Saed Said, who has registered more than 40 Internet domains with names similar to Microsoft’s products or brands, including:,, and

Microsoft claims that Dr. Said operates the domains with the intent to divert Internet surfers looking for Microsoft’s products. "The person has been diverted from the Microsoft Web site he or she was seeking to visit, and Microsoft has lost the opportunity to interact with that person," Microsoft claims in the lawsuit.  According to Microsoft, Said profited from the misdirection because his Web sites contain advertising for non-Microsoft products.

We are experts in all issues related to Domain Name law and cybersquatting.  If you receive a cease and desist notice or are served with a lawsuit accusing you of cybersquatting, we can provide you with the expert legal representation necessary to fight against large corporations such as Microsoft.

  454 Hits

Internet Defamation can cost you.... to the tune of $11.3 M

Internet blogs continue to create litigation.  The days when the courts would not intervene in matters involving Internet defamation resulting from Internet blog postings are behind us.  Recently, a Florida woman was awarded $11.3 million dollars in damages resulting from postings made by a Louisiana woman accusing the Florida woman of being a "crook", a "con artist" and a "fraud." 

The defendant in that case was not represented by counsel at the time the verdict was issued.  Although it appears that in this case, the Defendant was affected by Hurricane Katrina in a manner that affected her ability to defend herself, the situation brings up a significant issue.  Many misunderstand the impact and importance of Internet defamation accusations.  The result can be financially devastating.

Bloggers and cyber gripers run a significant risk when they post their statements online.  There is no such thing as a completely "anonymous" blog post.  A competent Internet defamation lawyer who knows the technical aspects of the Internet and knows how to properly utilize the legal process can discover the identity of the author.  At that point, the author must be prepared to utilize the services of a competent attorney to provide expert legal defense.

For more information regarding Internet defamation, please visit our Internet defamation website at or our main Internet law website at

  472 Hits

Single mother ordered to pay $222,000 in Internet copyright infringement damages

A Minnesota federal jury found Jammie Thomas guilty of copyright infringement.  She now owes a total of $222,000.00 in damages to the RIAA.  The copyright damages are based on the jury's valuation of $9,250 for each infringed recording.  Under copyright laws, RIAA might have recovered up to $150,000 per song infringed.

This judgment can potentially shake up the way the P2P copyright infringement litigation game is played.  The defense had some questionable moves, or lack thereof.  Of note is that the defense relied almost exclusively on the theory that some hacker might have used Ms. Thomas' usual user
name and her computer without her knowledge. Was it lack of knowledge of the technology involved, lack of knowledge of how to properly defend an Internet copyright infringement case, overconfidence, etc?

The lesson learned is that if you are accused of online copyright infringement or involved in any other Internet law related litigation, you are best served to seek the assistance of competent counsel.  Competent counsel will not only claim to practice Internet Law, but will also have a proven successful litigation record as well as a technical resume that demonstrates in-depth knowledge of the complicated technological aspects of these matters. 
  404 Hits

ICANN fails to pass domain name WHOIS registry privacy reforms

The Internet Corporation for Assigned Names and Numbers (ICANN) failed to overcome a stalemate on its efforts to reform the way that domain names WHOIS data is handled.  The WHOIS registry contains the names, address, and contact information of Internet domain name registrants.  The information contained in the registry is public, with the exception of domain names with proxy registration.

Businesses, law enforcement, and especially Intellectual Property and Internet Lawyers regularly utilize the domain names WHOIS registry to identify cybersquatters, spammers, phishers, trademark infringers, copyright infringers, and others.  However, the WHOIS registry is also open to abuse and can potentially expose domain name registrants to spam as well as Internet privacy violations.  ICANN’s attempts to reform the WHOIS system to balance the ability to identify cyber wrongdoers against privacy concerns have failed.

Several proposals failed to gain acceptance.  For example, under a proposal called the “Operational Point of Contact”, domain name registrars would continue collecting contact information from domain name registrants.  However, domain name registrants would have been required to keep certain information shielded from public access with certain exceptions.  Defining these exceptions was fatal for this proposal.  

A different proposal included shielding the contact information of individual domain registrants but not the information of commercial registrants.  The difficulty of determining whether a domain name registrant was “commercial” proved fatal for this proposal.

These proposals, as well as others failed and an acceptable compromise between the needs for privacy and the need for identification was not reached.  In the foreseeable future, the only mechanism available to domain name registrants who choose to remain anonymous is to purchase proxy registrations from the domain name registrars.

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law and domain name law cases throughout the United States. 

  527 Hits

Website development contracts: The “handshake deal” can cost you.

Under  U.S. copyright laws, the developer of a website owns the intellectual property and copyrightable elements of the website.  The copyrightable elements of a website include the text, graphics, scripts, code, and the “look and feel.”  Unless there is a contract to the contrary, the website developer’s client only obtains a non-exclusive license to utilize the intellectual property that it paid to develop.  Even the copyright notice on the client’s website applies only to the contents that were developed by the client and not to the contents that were created by the developer.

This means that under the default scenario, your business’ website developer can create a very similar website for your competitors.  Furthermore, at the end of your business’ relationship with the website developer, the website developer can also demand that you stop using its intellectual property and copyrightable contents.  If you refuse, you may find yourself as the defendant in a copyright infringement lawsuit.  Even worse, your website developer may refuse to facilitate your business’ transition to a new developer.  If your business depends on its website, it may never recover from this website hijacking scheme commonly applied by some unscrupulous website developers.

You should be aware of the risks associated with the absence of a carefully drafted website development agreement and should consult with an Internet Attorney before hiring others to develop your website.

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law, handling cases throughout the United States. 

  547 Hits

Your website’s Privacy Policy: Draft carefully and always abide by it.

Almost every e-Commerce website collects personal identifiable information from its users.  Personal identifiable information includes name, address, e-mail address, phone number, social security number, date of birth, age, gender, income, occupation, browsing patterns, etc.  Many websites have a posted privacy policy explaining what information is collected from the users of the website and how the information is used. 

Once a company posts a privacy policy on its website, it will be held legally liable for its failure to abide by the policy.  For example, Geocities’ website contained the statement “we will never give your information to anyone without your permission.” However, when it appeared that Geocities sold and disclosed the information to others, the FTC accused Geocities of misrepresenting its reasons for collecting information from adults and children.  The matter eventually settled.

So with such a big risk, why should companies even post a privacy policy at all?  After all, it is impossible to violate a privacy policy that does not exist.  However, some jurisdictions require websites to have posted privacy policies. 

For example, the California Online Privacy Protection Act requires websites to 1) identify the categories of information collected and with whom the information may be shared; 2) describe how to review and change the personally identifiable information; 3) explain how to find out about changes to the privacy policy; and 4) indicate the effective date of the privacy policy.  Additionally, websites that collect information from children are subject to the requirements of the Children’s Online Privacy Protection Act (COPPA).  The European Union also imposes privacy protection requirements for websites who operate in or have customers in the European Union. 

Therefore, if your website obtains business from California residents, children, or the European Union, you must have a carefully drafted privacy policy and must abide by it.  

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law, handling cases throughout the United States. 

  495 Hits

Cybercrime basics...

The term Cybercrime is broadly defined to include any criminal activity committed on the internet.  Almost everyone has at least a basic understanding about online identity theft, probably the most common cybercrime.  However, there appears to be considerable confusion regarding some of the other basic cybercrimes and their definitions.  I recently visited the website of a firm where the terms phishing and spoofing were incorrectly used interchangeably! 

Some of the most common cybercrimes are: 

Email spoofing – The forgery of an e-mail header in a manner that the message appears to have originated from somewhere other than the actual source.   Widely used by spammers, a spoofed e-mail may appear to be from a legitimate source asking for personal information, passwords, credit card numbers, etc. 

Phishing – The sending of an email to a recipient in an attempt to scam the recipient into revealing private information. The email contains a link to what appears the website of a legitimate enterprise but is only a fake version of the organization’s website.  When the recipient visits the fake website, the recipient is asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has.

Cookie Poisoning – Some websites store cookies on your computer's hard drive to authenticate your identity, speed up your transactions, monitor your behavior, and personalize your website experience. Cookie poisoning is the modification of a cookie by an attacker to gain unauthorized access to private information about the user.  The attacker may use this private information for identity theft and to gain access to the user's existing accounts.

Continue reading
  504 Hits

CAN-SPAM Act: Non-compliance is a crime… and overzealous ISPs may refuse to deliver legally compliant email messages

On May 31, 2007, the BBC reported “U.S. Arrests Internet spam king” Robert Soloway.   (A copy of the Article can be found at:  

Mr. Soloway is accused of being “responsible for tens of millions of unsolicited e-mails promoting his own company between November 2003 and May 2007” in violation of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003.

The CAN-SPAM Act is codified under 15 U.S.C. § 7701-7713.  Contrary to the belief of many, the CAN-SPAM Act does not prohibit sending spam emails.  Instead, it imposes certain requirements.  These mandatory requirements include, inter alia, the use of accurate email subject lines and transmission information, opt-out procedures where recipients can elect not to receive additional emails fom the sender, mandatory timeframes for the removal of users who elect to opt-out, and a prohibition of improper email harvesting. 

But, what happens when a sender complies with all the requirements of CAN-SPAM?  Can an ISP still refuse to deliver compliant email messages to the intended recipients?

In White Buffalo Ventures, LLC v. University of Texas, 420 F.3d 366 (5th Cir. 2005), the Plaintiff, White Buffalo, was an online dating service operating several online dating websites, including one that targeted students of the University of Texas (UT).  White Buffalo obtained the "non-confidential, non-exempt email addresses" held by UT through a Public Information Act request. 

White Buffalo used these email addresses to send CAN-SPAN compliant commercial emails to members of the UT community. UT issued a cease and desist letter but White Buffalo refused to comply.  As a result, UT blocked all emails originating from White Buffalo’s IP address.

White Buffalo sued UT, arguing that the First Amendment and the CAN-SPAM Act precluded UT’s actions.  The Court disagreed and held that the CAN-SPAM Act does not prevent Internet Service Providers (ISPs), in this case UT, from filtering CAN-SPAM compliant commercial emails.

Continue reading
  381 Hits

Are domain names property or contractual rights, and why do we care?

Some courts have held that that domain names are property.  In Kremen v. Cohen, 337 F.3d 1024 (9th Cir. 2003), the plaintiff registered the domain name  The registrar transferred the name to a different individual on the basis of a forged letter.  The Court reversed the district court’s holding that domain names were intangibles not subject to conversion.  The Court held that the registrar was subject to liability “for giving away someone else's property.”  Id. at 1035.

Other courts, however, have concluded that "a domain name registration is the product of a contract for services between the registrar and registrant.”  Network Solutions, Inc. v. Umbro Int'l, Inc., 259 Va. 759, 770 (2000) (citing Dorer v. Arel, 60 F. Supp. 2d 558, 561 (E.D. Va. 1999)). 

If considered property rights, domain names would be subject to state property laws and state property causes of action, such as conversion, would be applicable.  However, if domain names confer only contractual rights, the nature of the protection afforded to the registrant would be quite different. 

Under ICANN rules, a domain name owner must intervene within five days to stop an inter-registry transfer request.  Therefore, whether a domain name is treated as property or as a contractual right can make a huge difference in the remedies available to victims of domain name hijacking who do not intervene within the five-day period prescribed by ICANN.

  414 Hits

The Digital Millennium Copyright Act: Protecting the ISPs and bogging down technology

The Digital Millennium Copyright Act (DMCA), codified in 17 U.S.C. § 512, amended the U.S. Copyright Act of 1976.  The DMCA provides for severe criminal penalties for circumventing technical measures protecting copyrighted works. 

The DMCA protects Internet Service Providers (ISPs) from liability arising from acts by the ISP’s customers.  However, there are certain conditions that an ISP must meet in order to qualify for the Act’s safe harbor provisions.  To enjoy safe harbor protection, an ISP must:  

1. Implement a policy to terminate infringers;
2. Designate a service provider agent for notification of claims of infringement.  (The list of designated service provider agents is located at:
3. Provide means to receive notice of infringement and upon obtaining notice act expeditiously to remove, or disable access to the infringing material; and
4. Have no actual knowledge of the infringing activity.

Arguably, the DMCA has bogged down the development of technology.  For example, in Sony Corp. v. Universal City Studios, Inc., 464 U.S. 417 (1984), a case decided prior to the passage of the DMCA, the U.S. Supreme Court held that a manufacturer of video tape recorders could not be held liable for contributory copyright infringement.  The Court found that although video tape recorders could be used to copy copyrighted television shows, there were commercially significant non-infringing uses for the device.  This decision facilitated the commercial widespread of video tape recording devices such as Betamax and VCRs.

In Universal City Studios v. Reimerdes, 111 F. Supp. 2d 294 (2000), a case decided after the passage of the DMCA, motion picture studios brought action under the DMCA to enjoin Internet website owners from posting or downloading software that decrypted digitally encrypted movies on DVDs.  The United States District Court for the Southern District of New York granted the injunction under the authority of the DMCA. 

Despite the obvious differences between the distribution of a machine that records unencrypted television shows and the distribution of code that allows the copying of encrypted DVDs, had the DMCA existed in 1984, what would have happened to the development of the home video recording industry?

  379 Hits

FTC Opens preliminary antitrust investigation into Google’s acquisition of DoubleClick

Today Google owns the Internet search engine market and DoubleClick owns the Internet banner advertisement market.  Now Google is bidding $3.1 billion to dominate the search engine market, the banner advertisement market… and a lot of data.  

DoubleClick has the ability to track what sites people visit and Google has the ability to collect search histories.  Unfettered exclusive access to all this information could potentially allow Google, not the market, to set the prices for Internet advertisement.  We will be waiting for the Federal Trade Commission’s report.

A related news article can be found at:

  378 Hits

KSR International Co. v. Teleflex, Inc - Obvious non-obviousness?

Teleflex International Co. held a patent titled “Adjustable Pedal Assembly With Electronic Throttle Control.”  One of the claims of the patent describes a mechanism where an electronic sensor is combined with an adjustable pedal to control the throttle in an automobile.  KSR International Co. added an electronic sensor to its previous automobile pedal design and Teleflex obviously sued for patent infringement. 

The District Court dismissed the case, holding that the claim contained in Teleflex's patent was obvious.  The Federal Circuit reversed, applying its "Teaching, Suggestion, Motivation" test.  Under this test, the combination of existing processes to create new processes is not obvious when there is no prior art that explicitly or implicitly teaches, suggests, or motivates the combination.  

The Supreme Court reversed, holding that the Federal Circuit's application of the test need not become “rigid and mandatory formulas” and finding that “any need or problem” can provide the patentee with a reason for combing processes.   The Supreme Court's new obviousness standard will probably increase litigation on obviousness grounds (the Verizon v. Vonage appeal comes to mind)... However, the full impact of the new obviousness standard is certainly non-obvious.

The full text of the opinion may be found at:

  419 Hits

Site Pro-1 Inc. v. Better Metal LLC: a better approach for deciding trademark infringement claims resulting from competitive metatag usage and keyword advertising?

This was a trademark infringement lawsuit filed by Site Pro-1, Inc, the owner of the registered trademark SITE PRO 1®, against Better Metal, LLC.  Better Metal is a competitor of Site Pro-1. 

Better Metal purchased a "sponsored search" from Yahoo! that caused its website to be included among the results listed when a Yahoo! search user searched for some combination of the terms "1", "pro", and "Site."  The SITE PRO 1® mark was not displayed in the sponsored search result linking to Better Metal's website.

The Court stated:

The key question is whether the defendant placed plaintiff’s trademark on any goods, displays, containers, or advertisements, or used plaintiff’s trademark in any way that indicates source or origin. Here, there is no allegation that Better Metal did so, and therefore no Lanham Act “use” has been alleged. Indeed, the search results submitted as an exhibit to the complaint make clear that Better Metal did not place plaintiff’s SITE PRO 1® trademark on any of its goods, or any advertisements or displays associated with the sale of its goods. Complaint, Ex. B. Neither the link to Better Metal’s website nor the surrounding text mentions SitePro1 or the SITE PRO 1® trademark. The same is true with respect to Better Metal’s metadata, which is not displayed to consumers.

The Court's approach seems to be inline with the Second Circuit's position regarding competitive metatag usage and keyword advertising.  Most courts do not share this approach. Under similar facts, Courts in Virginia, California, Pennsylvania, Minnesota, and many others, have reached contrary results.  

So which court has the better approach for deciding trademark infringement claims resulting from competitive metatag usage and keyword advertising?  The debate continues... 

The text of the opinion may be found at:

  400 Hits

Email privacy at work: Your employer can lie to you about reading your emails… and then fire you for relying on these lies!

Most employees probably know that the emails sent from their work email accounts are probably being monitored.  However, what if your employer repeatedly assures you that all e-mail communications would remain confidential and privileged?  What if your employer further tells you that e-mail communications could not be intercepted and used by against you as grounds for termination or reprimand?  Can your employer still intercept your emails, read them, and then fire you for the contents…?  YOU BET!!

In Smyth v. Pillsbury Co., 914 F. Supp. 97 (1996), Pillsbury maintained a company e-mail system which the employees used to communicate among themselves.  Mr. Smyth was an employee of Pillsbury. Pillsbury assured Mr. Smyth as well as the other employees that all e-mail communications would remain confidential and privileged and that the e-mail communications could not be intercepted and used against the employees as grounds for termination or reprimand. 

The U.S. District Court for the Eastern District of Pennsylvania surprisingly held that despite the assurances made by Pillsbury, its employees did not have a “reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system.”  The Court went on to hold that no “reasonable person would consider the . . . interception of these communications to be a substantial and highly offensive invasion of his privacy.” 

The Pillsbury case, although decided under Pennsylvania law and dating back to 1996, has been cited with approval by courts in other states, including Massachusetts, Rhode Island, New York, Oregon, and Texas.

So, what should this mean to you?

Continue reading
  400 Hits