Domingo Rivera Cyber Lawyer Blog

Internet lawyer Domingo Rivera blog on cyber law topics

Cybersecurity: Stuck Between Advanced Hackers, Government Regulators, and Liability

Cyber attacks occur every second of every day. The frequency and sophistication of the attacks
continues to rise. With the increased sophistication and the proliferation of corporate espionage and nation-state actors, the days of curious teen hackers trying to prove their worth are behind us.  Now the threat is bigger and better financed, the stakes are higher, and government intervention changes the landscape. Cybersecurity is now a top priority for businesses and government.

We start with a brief summary of some of the recent major cyber attacks. This list is purposely kept short as to show only the more “elite” type of attacks that are shaping the new cyber landscape.  Given their level of sophistication, these attacks frequently require in-depth analysis by computer forensics experts.  Here, we are focusing on the legal aspects only.

Timeline of Advanced Cyber Attacks

Advanced Cyber Attacks of 2010: One Word: STUXNET

Stuxnet makes clear that cyber attacks have escalated to new heights. The Stuxnet worm damaged Iranian uranium enrichment centrifuges. Stuxnet temporarily knocked out some of the
centrifuges at Iran's Natanz nuclear facility. This caused a delay to Iran’s uranium enrichment program.  This attack was very effective and stealthy, giving birth to the new cyber warfare.

Advanced Attacks of 2011

China: Its “Comment Group” penetrated the Diablo Canyon nuclear plant operated by Pacific Gas & Electric Co. The breach was reportedly facilitated through a breach of a senior nuclear planner’s computer. There is no indication of intent to damage the target.  Reconnaissance is the name of the game, no need to break it if you can own it.

Canada: The Canadian government reported a major cyber attack against its agencies, including Defence Research and Development Canada, a research agency for Canada's Department of National Defence.  This particular attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the Internet.

US Department of Defense, July 2011: in a speech unveiling the Department of Defense’s cyber strategy, the US Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files from the Department of Defense were stolen.

The Nitro Attacks: Through trickery and social engineering, attackers tricked users into downloading Poison Ivy, an off the shelf Trojan. This was a targeted attack directed at at companies involved in the research, development and manufacture of chemicals and advanced materials. After the compromise, the attackers issued instructions to the compromised computers, looking for passwords and data exfiltration.

Duqu Trojan: Industrial Control Systems (ICS) are compromised by the Duqu remote access Trojan (RAT).  Its purpose was to steal data. However, RATs can also be used to control the systems. If you don’t believe that this is a serious threat, think of nuclear power plants and imagine what could happen.

Advanced Attacks of 2012

Saudi Aramco: A destructive Trojan horse (the kind that steals data and then wipes files), Shamoon, is allegedly used in an attack that disabled thousands of computers at Saudi Aramco, the national oil company of Saudi Arabia. The attack wiped the hard drives of 55,000 computers or 75% of Aramco’s corporate computers.

Flame: Another Iran related malware and a very sophisticated one. Flame is believed to have caused data loss incidents at Iran's oil ministry. The alleged use of the malware was to collect intelligence about Iran's computer networks that would facilitate future cyberattacks on computers used in Iran’s nuclear fuel enrichment program.

U.S. Natural Gas Pipelines: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. Department of Homeland Security, issued an alert warning of ongoing cyber attacks against networks of U.S. natural gas pipeline companies. The alert stated that the campaign involved narrowly focused spear-phishing scams targeting employees of the pipeline companies. The alert urged utilities to monitor Internet-facing control systems for activity by hackers attempting to gain remote access through brute force authentication attacks.

U.S. Banks: Distributed Denial of Service (DDOS) attacks were launched against U.S. Banks, including Citigroup, Wells Fargo, Bank of America, and U.S. Bank. The U.S. accused Iran of staging these attacks and Defense Secretary Leon Panetta warns of potential for a "cyber Pearl Harbor" against critical infrastructure. Panetta also called for new protection standards.

Red October Returns: Kaspersky discovered a worldwide Red October attack. Red October had been around since at least 2007. Attackers gathered information through vulnerabilities in Microsoft’s Word and Excel. The malware collected information from government embassies, research firms, military installations, energy providers, nuclear and other critical infrastructures.

Early 2013 Cyber Attacks: 2013 Is The Year The Government Gets Serious

South Korea: South Korean financial institutions as well as the Korean broadcaster YTN had their networks infected in an incident said to resemble past cyber efforts by North Korea.

The list goes on and on. As it should be obvious by now, cyber attacks, particularly those by sophisticated attackers and nation-states can be very dangerous to business and society. While money is a motivator, the exfiltration of valuable data has become a major issue. There is also the potential threat to life and business. With that in mind, the government is in the process of drafting and enacting sweeping cybersecurity laws and regulations.

Congress failed to reach a consensus on cybersecurity legislation. Following that, in early 2013,
President Obama issued a cybersecurity Executive Order 13636 to enhance the security of the critical infrastructure of the United States.

A very raw outline of Executive Order 13636 is as follows:

What? (Purpose): Help owners and operators “identify, assess and manage cyber risks”
Who? : NIST will coordinate development of “Cybersecurity Framework”
End Result: “Voluntary consensus-based standards and industry best practices”
But? (Caveats): Participation is voluntary but the Framework will most likely be used to judge a company’s cybersecurity practices. For example, Sec. 7(b) states that it “shall include guidance for measuring the performance of an entity in implementing” the Framework.

The Executive Order requires federal agencies to share information about cyber threats and to work with the private sector to develop a cybersecurity framework to protect the critical infrastructure. For now, participation is voluntary and the Executive Order requires federal agencies to develop incentives for private sector adoption of the framework. Our guess is that some of the recommendations included in the develop framework would eventually be seen as the exercise of due care by the courts when determining liability for cybersecurity breaches.

Cyber Intel Notices: The Executive Order provides for the issuance of Catastrophic Target Notices. These notices identify “where a cybersecurity incident could reasonably result in catastrophic regional or national effects.” It is unclear how the notices may affect a business in the determination of due diligence. You can fore
see a case where a Court would decide that DHS put the company on notice of a cybersecurity vulnerability an
d that the company had the o
bligation to act in accordance with this notice. A party may have a difficult time challenging the validity of the notice, given that the information may have been derived from classified sources.  Whether the Cyber Intel notices will became a source of notice for due care determination remains to be seen. However, we are getting guidance on how the Courts are leaning regarding cybersecurity due care issues. ''

An example is the case of Patco Construction Co. v. People’s United Bank, 684 F.3d 197 (1st
Cir. 2012). The events occurred in 2009. During a one week period, a bank in Maine authorized fraudulent electronic withdrawals from Patco Construction’s account. The bank’s cybersecurity system had flagged the transactions as high-risk. However, the attackers were able to answer the account security questions and the transactions were allowed. Patco Construction filed suit against the bank alleging that the bank’s cybersecurity practices were not “commercially reasonable” under Article 4A of the UCC.

The bank was successful in obtaining Summary Judgment. In December 2012, the United States Court of Appeals for the First Circuit reversed, holding that by the authentication scheme utilizing the security questions for every transaction exposed the bank’s customers to increased risk. The Court recognized that malware often logs keystrokes. The bank had a duty to monitor the suspicious transactions that had been flagged by its cybersecurity engine or provide notice to Patco Construction. In other words, the Court of Appeals decided that the bank’s cyber security practices were not “commercially reasonable.”

Not unexpectedly, the FTC already filed a case against HTC, a manufacturer of smartphones and other devices.  The case is In the Matter of HTC America Inc., FTC File No. 122 3049. The case stems from multiple flaws and vulnerabilities in mobile devices that HTC created or failed to remediate.

Some of the faults identified include:

1. Permission re-delegation vulnerabilities in its preinstalled applications. According to the FTC, HTC’s custom voice recorder could be exploited to allow third-party access to the device's microphone without the user’s consent. This flaw could allow an attacker to record conversations, track a user’s location, or perpetrate other fraud.

2. Carrier IQ implementation: According to the FTC, In order to assist carriers in their implementation of the Carrier IQ diagnostic software, HTC developed a “CIQ Interface” that would pass the necessary information to the Carrier IQ software. HTC used an insecure communications mechanism which allowed third-party applications on the user's device to communicate with the CIQ Interface.

The FTC and HTC entered into a settlement. Under the terms of the settlement, HTC must patch the vulnerabilities and establish a comprehensive security program. HTC must also undergo independent security assessments every other year for the next 20 years and is prohibited from making false or misleading statements about the security and privacy of consumers' data on its devices.

We will continue to keep you informed of the latest issues arising from cyber security, cyber threats, government regulation of cyberspace as well as what it all means to your business.

  1482 Hits

Anonymous Internet Cowards and Public Interest Law Firms

In our efforts to identify the authors of defamatory contents targeting our clients, we utilize many methods.  Sometimes we issue subpoenas, but that is not all we do.  Our Internet law firm stands out for our use of technology to assist our clients, methods that, in my experience, most lawyers don't even understand.   Will the evidence be admissible?  I submit to you that it does not really matter.  Once the target is identified, if litigation results our client will be entitled to issue discovery, which will need to be answered under oath.  If the target lies, we will have enough to impeach this person in front of a jury.  As a technology guy, I find this more effective (and absolutely less boring) than writing sleep-inducing legal briefs.   By the time these briefs are filed, we have often identified the author through technology.

Now, some people who get these subpoenas are faced with a choice, fight the subpoena or try to work it out.  So, they seek advice from "Uncle Google", where they may find some of the aforementioned briefs filed by certain "public interest" law firms contesting the subpoenas.  Due to my results-oriented approach and lack of interest in useless debate, I have refrained from posting what happened in these cases.  Rest assured, we got what we wanted and the subpoenas were moot as unnecessary.  Lesson learned: to the extent permitted by law, we will use technology to stay ahead of dinosaur law firms.  This is important, because whether you are Dr. M.L. posting about a fellow doctor, D.A. from San Francisco, Dr. J.E. posting about a newly graduated surgeon, or a school teacher from Florida posting during working hours at the taxpayer's expense, it is very likely that we will get to you, legal briefs or not.   (Note that the initials were used to protect the identities of those involved, at least for the time being).

Now, what about the First Amendment?  We all know that opinions regarding matters of public interest are protected.  If someone writes about a doctor (or any other business or professional) claiming to be a patient (or customer), do we take that at face value?  Are we so naive? 

Let's take an example.  Look at the post below:

Now, some of these well-intentioned but naive "public interest" attorneys may claim that this is protected opinion.  On the face of the post, they are probably right. 

Now, true story... what if the post was traced to a surgeon who was never a patient?   Even my naive "public interest" friends may agree that we have a problem here.   If the premise that there was a "surgery" is false, is this really an opinion protected by the First Amendment?  Really?

This is only an example.  The attorneys who participated in my recent Internet defamation CLE saw more examples, and I can write a book with the stuff I have seen.  Recently, we had a heated court argument in Virginia regarding the need to reveal the identity of an anonymous poster.  Fortunately, we prevailed.  When the answer came back, the author was a competing doctor.  Do you see a pattern here?  What if I cited 20 more examples (which would be only a fraction of what we have seen)?

From my experience, I have no sympathy for people who hide behind anonymity to trash others.  It is just not an honorable and honest thing to do.  If you are a real patient or a customer with a gripe, you can simply attempt to resolve the issue like people of character do.   If you can't, then express yourself all you want and stand by what you said.  Unfortunately, cowards don't do that.  If you don't lie about material facts, you will probably be safe from a lawsuit.   

The real "chilling effect" of the situation is that if Courts do not require the identity of the poster to be revealed because the statement on its face is only an "opinion", how can you protect yourself from being defamed on the Internet?  The doctor in the post pictured above may have had her career as a surgeon shattered before it began.  Perhaps, courts should require disclosure under seal to protect all involved and to determine the course moving forward.   In the meantime, the fight against Internet defamation using all legal means, whether conventional or not, will continue.  To the "public interest" law firms, we appreciate your briefs, even if naive.
  1384 Hits

Copyright Law: Pornographers Following RIAA's Shakedown Tactics

At this Internet law firm, we are no strangers to copyright litigation.  From whether website reviews are copyrightable to defending individuals caught in the RIAA's use of the Department of Justice to do RIAA's litigation in the form of criminal copyright infringement prosecutions.   Now the pornographers are here and they are taking a page out of the RIAA's playbook.  It appears that the pornographers' strategy is to file lawsuits against unidentified parties, issue subpoenas and follow up with threatening letters to the identified individuals demanding payment of a few thousand dollars.  These individuals are accused of utilizing bit torrent software to infringe on the copyrights.  Multiply the $2k to $3k requested from each identified "John Doe" times a few hundred defendants in several jurisdictions and the pornographers can feasibly make more money through lawsuits than through selling their product.

To further the strategy, pornographer Patrick Collins filed an action in the U.S. District Court for the Eastern District of Virginia against 58 different unidentified (John Doe) defendants.  The case is
Civil Action No: 3:11CV531.  We were retained by one of the "John Doe" Defendants.  We identified a number of problems with Plaintiff's case, not the least of which is the joinder of totally unrelated parties on the same litigation.  After seeing this situation, we filed a Motion to Quash on behalf of our client.  Some excerpts of the filing follow below:

Over the past several years, copyright owners across the nation, even those such as Plaintiff, who is yet to receive a copyright registration for its hardcore pornography, have attempted to take advantage of federal joinder rules in order to sue numerous John Doe defendants within a single complaint. These complaints are for copyright infringement via the Internet, and the complaints generally allege the use of peer-to-peer programs such as BitTorrent to download and/or upload copyrighted works. Some of these cases attempt to join defendants by the dozens, but many extend to hundreds and even thousands of unnamed defendants. See infra. Some courts have opined that the rationale for the joinder of multiple defendants in these copyright cases is an attempt by plaintiffs to “identify hundreds of Doe defendants through pre- service discovery and facilitate mass settlement.” See, for example, On the Cheap, LLC v. Does 1-5011, Case No. C10-4472, *11 (Zimmerman, M.J.) (N.D. Cal. Sept 6, 2011) (quoting IO Group, Inc. v. Does 1-435, 2011 U.S. Dist. LEXIS 14123, *9 (N.D. Cal. Feb. 3, 2011)).

Doe Defendant notes that this is not Plaintiff's first mass-defendant copyright infringement lawsuit. For example, a similar copyright infringement suit regarding a different pornographic video was filed by Plaintiff in the Northern District of West Virginia against 281 John Doe defendants. In that case, all John Doe defendants except for John Doe 1 were severed on the basis of misjoinder, and subpoenas for the identities of the severed defendants were quashed. See Patrick Collins, Inc. v. Does 1-281, Case No. 3:10-cv-00091, *3-4 (Bailey, J.) (N.D. W.V. Dec 16, 2010). It appears that after failing in West Virginia, Plaintiff now asserts similar claims before this Court.


Under the Federal Rules of Civil Procedure, joinder of defendants is appropriate where two factors are met: 1) “any right to relief is asserted against them jointly, severally, or in the alternative with respect to or arising out of the same transaction, occurrence, or series of transactions or occurrences” and 2) “any question of law or fact common to all defendants will arise in the action.” Fed. R. Civ. P. 20(a)(2). If it is clear that misjoinder has occurred, then Fed. R. Civ. P. 21 permits a court, by a party’s motion or
sua sponte, to drop parties or to sever claims. “On motion or on its own, the court may at any time, on just terms, add or drop a party. The court may also sever any claim against a party.” Fed. R. Civ. P. 21.




Continue reading
  1222 Hits

Attorney Domingo J. Rivera wins Summary Judgment in Computer Trespass Case

In another pioneer decision, attorney Domingo J. Rivera obtained summary judgment in a case involving an ex-husband accessing his wife's email and social network accounts without authorization. 

There has been some discussion in the news about a Michigan man that criminally charged with with accessing his wife's computer accounts.   Some commentators have argued that utilizing the computer hacking statutes to prosecute these acts is overreaching, but so far, the courts have provided little guidance on this issue.

Many Federal and State computer crime statutes provide not only criminal, but also civil remedies for the victims.  Recently, attorney Domingo Rivera handled one of these civil cases.   As is the case for many pioneering cases handled by attorney Domingo Rivera, this was a case that other attorneys expressed doubt about and that opposing counsel openly minimized. 

In this case, the opposing party claimed that the divorce property settlement agreement barred our client's claims and filed a counterclaim against our client for breach of the agreement.  We also obtained summary judgment dismissing this claim against our client.

The Court not only agreed with the legal argument advance by attorney Domingo Rivera, but also granted summary judgment.   Obtaining summary judgment means that we prevailed as a matter of law and that a trial to establish liability was not necessary.   The Court expertly discussed the standard for summary judgment:

In determining whether summary judgment is appropriate, the burden is placed on the moving party to establish both the absence of a genuine issue of material fact and that it is entitled to judgment as a matter of law. See Fed. R. Civ. P. 56(c); Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586-87 (1986); Nat’l. Bank of Commerce of El Dorado, Ark. v. Dow Chem. Co., 165 F.3d 602 (8th Cir. 1999). The Court must review the facts in a light most favorable to the party opposing a motion for summary judgment and give that party the benefit of any inferences that logically can be drawn from those facts. Canada v. Union Elec. Co., 135 F.3d 1211, 1212-13 (8th Cir. 1998) (citing Buller v. Buechler, 706 F.2d 844, 846 (8th Cir. 1983)).
Once the moving party demonstrates that the record does not disclose a genuine dispute on a material fact, the non-moving party may not rest upon the mere allegations or denials of his pleadings, but his response, by affidavits or as otherwise provided in Rule 56, must set forth specific facts showing that there is a genuine issue for trial. Ghane v. West, 148 F.3d 979, 981 (8th Cir. 1998)(citing Burst v. Adolph Coors Co., 650 F.2d 930, 932 (8th Cir. 1981)). In order for there to be a genuine issue of material fact, the non-moving party must produce evidence “such that a reasonable jury could return a verdict for the nonmoving party.” Allison v. Flexway Trucking, Inc., 28 F.3d 64, 66 (8th Cir. 1994) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986)). Furthermore, “[w]here the unresolved issues are primarily legal rather than factual, summary judgment is particularly appropriate.” Aucutt v. Six Flags Over Mid-America, Inc., 85 F.3d 1311, 1315 (8th Cir. 1996)(quoting Crain v. Bd. of Police Comm’rs, 920 F.2d 1402, 1405-06 (8th Cir. 1990)).

The Court then moved on to the respective arguments of the parties, attorney Domingo Rivera represented the Plaintiff.  The Court explained:

III. Plaintiff’s Claims
As a threshold matter, Defendant claims that Plaintiff is barred from bringing her claims by the terms of the Property Settlement Agreement (the “Agreement”) signed by both parties as a part of the parties’ divorce proceeding. Defendant’s counterclaim alleges that Plaintiff is in breach of contract for bringing the present claims. In signing the Agreement, both parties acknowledged that they had been represented by counsel prior to executing the Agreement. “Settlement agreements are contracts subject to the general rules of contract construction.” Hill v. Southside Public Schools, 688 F.Supp. 493, 497 (E.D. Ark. 1988) (quoting N.L.R.B. v. Superior Forwarding, Inc., 762 F.2d 695, 697 (8th Cir. 1985)). The Court is to construe any agreement to give effect to the intent of the parties. Id. The intent of the parties is determined by reviewing the language of the contract itself, as well as by considering “the circumstances surrounding the making of the contract, its subject, and the situation and relation of the parties at the time of its making.” Id. (quoting Louisiana-Nevada Transit Co. V. Woods, 393 F. Supp. 177, 184 (W.D. Ark. 1975)).
The Agreement was meant to settle any and all claims related to the divorce proceeding. It strains logic to infer that the parties’ intended to waive the ability to bring any and all claims, including federal claims that could not have been litigated in a state divorce proceeding, that could ever potentially arise between the parties. Taking into consideration the fact that the parties were forming and signing the agreement in the context of a divorce proceeding; the subject and purpose of the agreement was to settle issues “arising out of this [divorce] litigation”. (Doc. 8, p. 11, ex. A). The fact that the divorce proceeding took place in state court that would not have jurisdiction over many of the claims Plaintiff now raises, can only lead the Court to conclude that Plaintiff did not waive her ability to bring the instant claims. While the alleged conduct may have taken place prior to and during the pendency of the divorce proceedings, the Court does not find Plaintiff’s claims to be intertwined with the Agreement such that she would now be precluded from bringing her claims in federal court.
Defendant also argues that Plaintiff is precluded from bringing her claims because the court presiding over the custody proceeding admitted the materials that he accessed into evidence. A court’s admission of materials into evidence is not relevant to the issues currently before the court. The judge in that proceeding made no determination as to the merits of the present claims. As Defendant points out, Plaintiff may have been able to appeal the decision to admit the evidence, but she also has the independent ability to pursue separate claims in this Court. For these reasons, the Court finds that Plaintiff is entitled to Summary Judgment on Defendant’s Counterclaim, and her motion as to the counterclaim (doc. 22) is GRANTED.
Finally, the Court explored the applicability of the Stored Communications Act and the State Computer Trespass statutes:

ii. Federal Stored Communications Act (SCA)
The relevant section of the SCA provides that whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided; or intentionally exceeds an authorization to access that facility; and thereby obtains . . . access to a wire or electronic communication while it is in electronic storage in such system shall be punished . . .” 18 U.S.C. § 2701(a). The statute allows for private causes of action where “any person” injured by a violati
on of the SCA can show that the person viola
ting the Act acted with a
  2087 Hits

Are Website User Reviews Copyrightable?

Are Website User Reviews Copyrightable? by Domingo J. Rivera , Esq.

review sites continue to gain popularity. Users can find a website where they can review just about anything. From whether
they like the breakfast bar at a particular hotel to their Toyota's
breaking capabilities (or lack thereof), from whether their obstetrician is friendly
enough to whether their plastic surgeon made their nose a bit too
pointy. If an Internet user wants the world informed of his or her
every interaction with the outside world, there is a platform out
there to accommodate that.


question is, are these reviews copyrightable material. If they are,
the author grants a license to publish these materials to the website
and can generally revoke this license. What happens if the original
author demands removal of the review? Can the website refuse to do
so without incurring potential liability for copyright infringement ?
The answer depends on whether these reviews are copyrightable in the
first place and involves an Internet law question. In my opinion, they are. You do not need to be John
Grisham to copyright your writings.

to the notes of committee on the Judiciary (1976) for 17 U.S.C. §
102, “[t]he phrase 'original works of authorship,' which is
purposely left undefined, is intended to incorporate without change
the standard of originality established by the courts under the
present copyright statute. This standard does not include
requirements of novelty, ingenuity, or esthetic merit, and there is
no intention to enlarge the standard of copyright protection to
require them.” Additionally, regarding the nature of copyright,
the notes further state that “[c]opyright does not preclude others
from using the ideas or information revealed by the author's work. It
pertains to the literary, musical, graphic, or artistic form in which
the author expressed intellectual concepts” (emphasis added).


is well-established that facts cannot be copyrighted. Rather, the
United States Supreme Court has held that “[t]he copyright is
limited to those aspects of the work—termed 'expression'—that
display the stamp of the author's originality.” Harper Row,
Publishers Inc v. Nation Enterprises
, 471 U.S. 539, 547, 105 S.Ct.
2218, 85 L.Ed.2d 588 (1985). However, “[c]reation of a nonfiction
work, even a compilation of pure fact, entails originality.” Id.

Continue reading
  1174 Hits

The CDA, cyber-racketeers, the DMCA, and changes to Section 230 by Domingo Rivera







/* Style Definitions */
{mso-style-name:"Table Normal";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
font-family:"Times New Roman";

It has been quite a while since my previous post.  I have been extremely busy assisting my clients with Internet legal mattersInternet defamation continues to affect the reputation of
businesses and professionals as former customers, patients, and others who know
that they do not have valid legal claims assert their false and frivolous
complaints in blogs, forums and smear sites.  Even competitors are now posing as unsatisfied consumers in order to post false and defamatory statements
with hopes to gain an unwarranted economic advantage.  Everyday we protect
the reputation of businesses and professionals against these unlawful

With the elections over, it is now time to get back to business as normal.  Speaking
of the elections and politicians, many do not know that they can thank Congress for the
continued proliferation of Internet defamation.  The name of the culprit law is Section 230 of the Communications Decency Act.  The purpose of this law was to allow Internet service providers to be able to alter or remove objectionable content without assuming the liability associated with a traditional publisher of content.  Congress sought to allow providers of interactive computer services to perform some editing on user-generated content without becoming liable for all defamatory or otherwise unlawful messages that they didn’t edit or delete. In other words, Congress sought to immunize the removal of user generated content, not the creation of content. 

Sections 230(c)(1) and 230(e)(3) provide that "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,"  and that "[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section."  Noble intentions behind this Congressional law, but not-so good intention behind "Internet street law" which could be read as saying "service provider, you can stand by while your services are used to ruin the reputation of good businesses and people, don't worry, we will not hold you liable." 

This has given rise to many consumer complaints websites.  While some of these are well-intentioned and responsible, the majority are not.  The lawlessness has now sparked many websites charging fees for "investigating" consumer complaints.  Some of these websites have their employees call their targets and offer to help with the defamatory postings... for a membership fee, of course.  Some of these websites have been known to have their employees actually create the postings in an "anonymous" manner. 

Continue reading
  792 Hits

Cease and Desist Letters: Balancing the Punishment for Bad Faith Against the Punishment for Bad Letters

There is no doubt that cease and desist letters serve a very important purpose in the litigation process, particularly in legal matters related to the Internet.  Many causes of action have bad faith as either an essential element or a factor that increases damages.  A party’s refusal to correct its acts after receiving a legitimate cease and desist notice can be interpreted as a sign of bad faith.  Although a recipient of a cease and desist notice has every right to decline pre-litigation requests without adverse consequences, he must do so in good faith.  Good faith means a reasonable belief of having the right to engage in the challenged behavior.  However, this “good faith belief” will not be interpreted broadly.  See, for example, Northern Light Tech., Inc. v. Northern Lights Club, 236 F.3d 57, 65 (1st Cir.2001) (approving district court's use of defendant's disregard of legitimate cease and desist letters as evidence of bad faith).

The question then becomes whether the recipient of the cease and desist letter willfully refused to comply with the law.  The answer involves an inquiry into the recipient’s state of mind.  In many cases there is no direct evidence of bad faith, however, the court may infer bad faith from the surrounding circumstances.  Therefore, if you receive a legitimate cease and desist letter from an attorney you should either cease the challenged behavior, or seek the immediate help of a competent attorney for candid advice as to whether your behavior violates the law.  You should select an attorney who is familiar with the area of law that is at issue.

If you receive a cease and desist letter from us, you can be sure that we will advice our client to seek additional remedies if the matter cannot be adequately resolved.  The letter may concern copyright infringement, trademark infringement, defamation, or other Internet legal matters.  Ignoring the letter is usually a bad bet, as the court may see it as a sign of bad faith.  The defense side of a courtroom is not a pleasant place to be. 

However, we understand that some attorneys venture into sending letters that make no legal sense.  I have previously commented about cease and desist letters and how ineffective they can sometimes be.  Some of these letters are so far-fetched, unrealistic, and unprofessional that many do not take them seriously.  Hence, the Third Circuit Court’s decision on Green v. Fornario, 486 F.3d 100 (3rd Cir. 2007). 

In Fornario, the plaintiff sent a cease and desist letter that included a threat from the attorney to refer the “conduct to the appropriate criminal authorities." The small problem: this was a trademark dispute and the Lanham Act is a purely civil statute.  The big problem: lawyers should take threatening criminal prosecution very seriously.  In many States, a lawyer cannot threaten criminal prosecution for the purpose of gaining an advantage in a civil case.

The Fornario court refused to find that the defendant’s refusal to cease the allegedly infringing behavior was in bad faith.  Whether the court would have reached a different decision if the cease desist letter from the attorney been of better quality and without idle threats of criminal prosecution is anybody’s guess.  In Northern Light Tech. the court viewed the defendant's disregard of legitimate cease and desist letters as evidence of bad faith.  To reconcile the decisions probably requires an understanding of the difference between bad faith and bad cease and desist letters.

  678 Hits

Internet Bloggers Beware: Ohio Court Lands Another Blow Against Those Engaging in Internet Defamation

I recently commented on the impact of the U.S. Court of Appeals for the Ninth Circuit Court of Appeals’ decision limiting the protections afforded to service providers under the Communications Decency Act.  In that case, the court refused to provide immunity to website owners who encourage unlawful or defamatory statements.  Less than a month later, the Ohio Court of Appeals also refused to protect the “interests” of bloggers and others who engage in online defamatory statements.  The Ninth Circuit’s message was that if you encourage unlawful conduct, the CDA will not provide you with unwarranted solace.  The Ohio Court of Appeals message is that if you post defamatory statements online, you may be sued in a State where the other party’s reputation is damaged.

In Kauffman Racing Equipment v. Roberts, a Virginia resident, Mr. Roberts, purchased an engine block on the Internet.  Mr. Roberts was dissatisfied with his purchase and decided to express his dissatisfaction by posting a number of statements on various Internet websites.   Kauffman Racing, a company with its main place of business in Ohio, filed a lawsuit in Ohio.   Mr. Roberts moved to dismiss alleging that Ohio did not have personal jurisdiction over him.  The Ohio Court of Appeals disagreed.

In applying Ohio’s long-arm statute as well as Constitutional principles, the Court held that Ohio’s long arm statute applied and that, as a result of the postings, exercising jurisdiction over Roberts established the necessary “minimum contacts” under the jurisdiction. The implications of this ruling are far reaching.

Let’s say, for example, that a blogger posts defamatory comments about an individual.  An implication that the individual has engaged in misconduct, such as perjury (even if the statement is qualified by the word “allegedly”) would qualify.  Let’s further assume that the defamed individual is applying for a position with a college in Virginia.  Under the Kauffman Court’s reasoning, the defamed individual may sue the blogger in Virginia.  This applies even if the blogger lives in the West Coast and has no intentions of ever visiting Virginia.  The blogger is now exposed to liability in the Federal District Court for the Eastern District of Virginia, aka the “rocket docket,” where litigation is intense, bloggers are not particularly appreciated, and jury awards can be devastating.  So go ahead, blog and defame others… at your own risk.

  617 Hits

Internet Defamation Law - Website owners and bloggers beware - The latest interpretation of Section 230 of the Communications Decency Act

As a general rule, we encourage many of our clients who own or operate websites or blogs and who want to be somewhat protected from Internet defamation claims to not encourage others to post comments.  We also explain to our clients the impact of Section 230 of the Communications Decency Act.  The U.S. Court of Appeals for the Ninth Circuit has validated our general recommendation for a cautious approach ...

Website operators and web log (blog) owners beware - If you encourage illegal content or design your website to require users to input illegal content, you may not be afforded immunity under Section 230 of the Communications Decency Act.

On April 3, 2008, the decision of the U.S. Court of Appeals for the Ninth Circuit came down (the full text of the opinion is posted here) ... and inevitably shook the confidence of website operators and bloggers who encourage others to post comments (usually defamatory), on their website or blog.

The opinion is quite lengthy and I am still analyzing the full extent of its impact, but here are some highlights:

The court clarified a misconception that many have of the interpretation of Section 230 of the CDA:

In passing section 230, Congress sought to spare interactive computer services this grim choice by allowing them to perform some editing on user-generated content without thereby becoming liable for all defamatory or otherwise unlawful messages that they didn’t edit or delete. In other words, Congress sought to immunize the removal of user generated content, not the creation of content: “[S]ection [230] provides ‘Good Samaritan’ protections from civil liability for providers . . . of an interactive computer service for actions to restrict . . . access to objectionable online material.

The Court continued:

We believe that both the immunity for passive conduits and the
exception for co-developers must be given their proper scope and, to
that end, we interpret the term “development” as referring not merely
to augmenting the content generally, but to materially contributing to
its alleged unlawfulness. In other words, a website helps to develop
unlawful content, and thus falls within the exception to section 230,
if it contributes materially to the alleged illegality of the conduct.

The message is clear, if you incite or "implore" others to
participate in unlawful conduct, usually defamatory, the CDA will not
be your savior. 

Perhaps, one of the most important sections of the opinion is the following passage which creates a clear ambiguity. On one hand, plaintiffs are warned against overly litigious stances.  On the other hand, the Court makes clear that if the provider becomes a participant, legal liability may result.  The Court stated:

Websites are complicated enterprises, and there will always be close cases where a clever lawyer could argue that something the website operator did encouraged the illegality. Such close cases, we believe, must be resolved in favor of immunity, lest we cut the heart out of section 230 by forcing websites to face death by ten thousand  duck-bites, fighting off claims that they promoted or encouraged—or at least tacitly assented to—the illegality
of third parties. Where it is very clear that the website directly participates in developing the alleged illegality—as it is clear here with respect to Roommate’s questions, answers and the resulting profile pages—immunity will be lost. But in cases of enhancement by implication or development by inference—such as with respect to the “Additional Comments” here—section 230 must be interpreted to protect websites not merely from ultimate liability, but from having to fight costly and protracted legal battles.

As this decision shows, the development of Internet defamation and CDA jurisprudence remain fluid.  We will continue to keep you posted on the progress and the development of this as well as other Internet Law matters.

  625 Hits

Internet Copyright Infringement - Courts Weigh-In

We frequently handle Internet copyright infringement issues.  These issues present themselves in many forms.  Some examples include: Internet copyright infringement resulting from copied website contents, Internet copyright infringement claims against ISP resulting from copied website photographs, Internet copyright infringement claims against Internet search engine from displaying copyright images as thumbnails with the indexed results, and Internet copyright infringement claim against search engine and online retailer resulting from the use of copyrighted images as thumbnails.

Internet copyright infringement decisions are far from uniform.  Quite to the contrary, Internet law is one of the least predictable areas of law. However, the decisions of some courts follow:

Internet copyright infringement from copied Internet website contents

The owner of a website that sold goods and services over the Internet discovered that a competitor had copied the contents of its website and had created a rival Internet site that was a virtual mirror image if its website. The website was copied by posting identical source code at other Internet websites. The replication of the site diverted traffic and sales from the original website.

A New York federal court held that the Internet copyright infringement resulting from the copying of the website was willful and awarded statutory damages for Internet copyright infringement as well as costs and attorneys’ fees.

The Court found that the infringement was willful and awarded statutory damages with the objectives of compensating copyright owners for past infringement and deterring future infringement. The Factors considered relevant to determining an appropriate statutory damages award include the “expenses saved and profits reaped by the infringers,” the revenues lost by the plaintiff, the infringers' state of mind (wilful, knowing or merely innocent), the value of the copyright and the deterrent effect on both the defendant and others. The court also awarded attorney's fees and costs

Internet copyright infringement claims against ISP resulting from copied website photographs

The owner of an Internet website containing commercial real estate information sues an ISP for Internet copyright infringement, contributory copyright infringement, vicarious Internet copyright infringement, and challenging the applicability of the DMCA safe harbor provision to the ISP.

A Virginia federal court dismissed the claims of Internet copyright infringement, contributory copyright infringement, and vicarious copyright infringement. The DMCA safe harbor provision protected the ISP.

A provider of commercial real estate information on the Internet collected a comprehensive a comprehensive database of information on commercial real estate markets and commercial properties in the United States and the United Kingdom. The database, including photographs was available to customers through the Internet.

An Internet service provider’s (“ISP”) website allowed subscribers, generally real estate brokers, to post listings of commercial real estate on the Internet. The ISPs terms of service included a promise not to post copies of photographs without authorization. When informed of the violations, the ISP removed the photographs.

The commercial real estate provider commenced action against the ISP for copyright infringement, violation of the Lanham Act, and several state-law causes of action. A federal court in Maryland held that the ISP had not engaged in direct infringement under the Copyright Act. It left open, however, CoStar's claims that LoopNet might have contributorily infringed CoStar's copyrights and that LoopNet was not entitled to the “safe harbor” immunity provided by the Digital Millennium Copyright Act, 17 U.S.C. § 512.

The U.S. Court of Appeals held that an Internet service provider (ISP) could not be held liable as a direct copyright infringer when its facility was used by subscriber to violate copyright without intervening conduct of ISP; ISP, which provided system that automatically received subscriber's infringing material and transmitted it to Internet at instigation of subscriber, had not itself fixed copy in its system of more than transitory duration.

Internet service providers (ISPs), when passively storing material at direction of users in order to make that material available to other users upon their request, do not “copy” material in direct violation of Copyright Act. 17 U.S.C.A. § 106.

Automatic copying, storage, and transmission of copyrighted materials, when instigated by others, does not render Internet service provider (ISP) directly liable for copyright infringement; ISP can become liable indirectly upon showing of additional involvement sufficient to establish contributory or vicarious infringement, but even then may still look to Digital Millennium Copyright Act (DMCA) for safe harbor if it fulfilled conditions therein. 17 U.S.C.A. §§ 106, 501, 512.

Internet copyright infringement claim against Internet search engine from displaying copyright images as thumbnails with the indexed results

A professional photographer and owner of copyrighted images displayed on his Internet web site sued a leading Internet search engine, which displayed search results as “thumbnail” pictures, for copyright infringement.

A California federal court dismissed the claim of Internet copyright infringement. The use of copyrighted images that were displayed on Internet web sites by the search engine, which displayed search results as “thumbnail” pictures, was “fair use” of copyrighted images.

The plaintiff was a professional photographer who has copyrighted many of his images. Some of these images are located on plaintiff’s web site or other web sites with which plaintiff had a license agreement. The defendant operated an internet search engine that displayed its results in the form of small pictures rather than the more usual form of text. The defendant obtained its database of pictures by copying images from other web sites. By clicking on one of these small pictures, called “thumbnails,” the user can then view a large version of that same picture within the context of the web page.

When plaintiff discovered that his photographs were part of defendant’s search engine database, he brought a claim against defendant for copyright infringement. The court found that plaintiff had established a prima facie case of copyright infringement based on defendant’s unauthorized reproduction and display of plaintiff’s works, but that this reproduction and display constituted a non-infringing “fair use” under Section 107 of the Copyright Act.

The use of copyrighted images that were displayed on Internet web sites by operator of visual search engine, which displayed search results as “thumbnail” pictures, was “fair use” of copyrighted images; although creative nature of the copyrighted works weighed in favor of image owner, purpose and character of operator's use of works and effect of that use on potential market for or value of works weighed in favor of search engine operator. 17 U.S.C.A. § 107.

Internet copyright infringement claim against search engine and online retailer resulting from the use of copyrighted images as thumbnails

A copyright owner brought legal action major Internet search engine and Internet retailer for Internet copyright infringement resulting from the copying of copyrighted images. The copyright owner sought a preliminary injunction based on its claim of Internet copyright
infringement to prevent the retailer and the search engine from copying, reproducing, distributi
ng, displaying, or otherwise
infringing, or contributing to the Internet copyright infringement of its photographs.

A California court dismissed the claim of Internet copyright infringement, held that the Internet search engine operator's display of thumbnail images of copyright owner's photographs, in response to user searches, was fair use of copyrighted photographs; operator put images to a use fundamentally different than use intended by owner, thereby providing significant benefit to the public.

A copyright owner brought legal action major Internet search engine and Internet retailer for Internet copyright infringement resulting from the copying of copyrighted images. The copyright owner sought a preliminary injunction based on its claim of Internet copyright infringement to prevent the retailer and the search engine from copying, reproducing, distributing, displaying, or otherwise infringing, or contributing to the Internet copyright infringement of its photographs.

Internet search engine operator's display of thumbnail images of copyright owner's photographs, in response to user searches, was fair use of copyrighted photographs; operator put images to a use fundamentally different than use intended by owner, thereby providing significant benefit to the public. 17 U.S.C.A. § 107.

Even if search engine users who linked to websites showing owner's copyrighted photographs automatically made “cache” copies of full size images of the works, and such action amounted to direct infringement of owner's right of reproduction, such automatic copying was fair use of copyrighted images; such copying was a transformative use, the cache copied no more than was necessary to assist the user in Internet use, and the copying had no more than a minimal effect on owner's rights, while having a considerable public benefit. 17 U.S.C.A. § 107.

Owner of copyrighted photographs was not likely to succeed on its claim of vicarious copyright infringement by Internet search engine operator that provided, to its users, links to third-party websites that reproduced, displayed, and distributed unauthorized copies of owner's images, as required for preliminary injunction prohibiting such linking; owner did not demonstrate likelihood of showing that operator had legal right to stop or limit direct infringement of third-party websites, notwithstanding agreements, through an advertising program, permitting it to terminate an entity's participation in that program, operator could not terminate third-party websites or block their ability to host and serve infringing full-size images on the Internet, and operator lacked practical ability to police the infringing activities of third-party websites.

Contact us for a professional consultation if you wish to discuss Internet copyright infringement issues or other Internet legal issues with an Internet trial attorney.
  713 Hits

Our Interview With the BBC

Last Friday, I had the pleasure of being invited for an interview with reporter Alex Ritson from the BBC. I appeared on his  satellite  radio  broadcast where we discussed issues related to Internet Defamation, the Communications Decency Act immunity, the differences between a service provider and a content provider, the Wikileaks case, and related Internet Law matters. 

  665 Hits

Peer to Peer (P2P) software is great!... until the SWAT team arrives

Many people install file sharing, peer-to-peer (P2P) software in their computers.  The concept sounds promising, having open collaboration and open sharing of files and information between Internet users throughout the world.  Unfortunately, that is not the way it usually ends. 

P2P software frequently becomes a tool for copyright infringement, computer hacking, child pornography, and similar actionable conduct.  Often, this conduct results in civil and/or criminal prosecution.  Now, we are not discussing whether P2P software is itself a problem. There is plenty of case law discussing whether the software can be used for non-infringing uses and whether infringement is the primary purpose of the software.  In fact, these points have been discussed ad nauseam by the courts and commentators.  The intention here is to present a practical perspective of the issue, so that those thinking of installing and using P2P software may make a more informed decision.

Many people, perhaps out of curiosity, or maybe knowing full well what they are getting themselves into, install P2P software in their computers.  Next thing, they search for songs by their favorite artists or for their favorite movies. Double click and the file is transfered to computer.  The trip to Target to buy the CD or DVD is hereby canceled.  This becomes an addiction for some, getting song after song, movie after movie, and in turn sharing them with other P2P users.  However, people who think that their P2P acts will go unnoticed are wrong.  The owner of the copyrighted works will use the same P2P software to track down and catch the infringer.  The result is single mothers having to pay enormous amounts of money in damages, college students seeing their future career possibilities hampered, and some being prosecuted criminally.  Not to mention that the downloaded version of your "favorite song" may contain a computer virus that may destroy your hard drive or facilitate the theft of your personal identification data and files. This addiction to P2P becomes more and more expensive.

Speaking of addictive, many use P2P software to download pornographic material.  As an Internet crime defense attorney, I have spoken to people who use P2P software to download hundreds of pornographic files every day. Some download the files just to download them and never even view a large number of the downloaded files.  Downloading adult pornography is not usually prosecuted, but those who download child pornography are. 

These people who download a large number of files from P2P may not realize that embedded between their files are depictions of child pornography.  These files are sometimes put in the "shared" folder of the P2P software for others to download.... sounds like distribution to me.  The P2P user may not realize that these acts will almost certainly subject them to prosecution for receipt, possession, and distribution of child pornography.  States aggressively prosecute these crimes and the federal system is merciless.  We frequently defend people charged with these crimes and have the required legal and technical expertise to do so in an expert manner, but make no mistake, you can pick up serious felony charges from the comfort of your own home.  By the time you hear the agents knocking on your door, your life has already changed.   Is it worth it to install and use P2P software?... You decide.

  685 Hits

Hidden System Files May Support Criminal Prosecution

We recently completed an Internet crime trial.  The large majority of the prosecution's evidence was found in hidden system files of a computer running Windows XP.  These files could not be retrieved without the use of software not standard in Windows and which is not available to unsophisticated computer users. 

It took dedication and patience to explain to the court the inner workings of hidden files such as thumbs.db.  Without the ability to effectively describe the operation of the Windows XP Operating System it would have been impossible to obtain a favorable outcome for our client.  Without this specialized technical competence, taking this case to trial, as opposed to pleading to whatever could be gotten from the prosecutor, would have been insane.  Without expertise about computer operating systems and the Internet, it is very difficult for an attorney to be effective when trying a computer or cyber crime case.

As far as I know, we are the only Internet Law Firm that has an attorney who is also a Computer Engineer with in depth technology experience, including critical projects with the Department of Defense.  We can apply our unique computer and Internet knowledge to any cyber crime matter.

  652 Hits

Computer Hacking and Unauthorized Access to Computer Networks: Curiosity Can Kill the Cat

Recently, we have encountered many instances of the following scenario... Often out of curiosity, an Internet website visitor may exceed his authorized access under his access login or under the website's terms of use.  Website access scripts are easily available online. Their use, however, may generate serious accusations of computer crime, specifically hacking and unauthorized access.  Under cybercrime and computer laws, a conviction for computer hacking can carry 20 years to life in prison.

If you are accused of computer hacking or unauthorized access to a computer network, our computer hacking defense attorneys understand the technical aspects of the Internet and can provide you with a top tier computer hacking defense.

  584 Hits

The importance of having a computer expert as your Internet cyber trial attorney

During a cyber trial, a computer crime, or a trial involving issues of Internet law, I can’t overstress the importance of having an attorney who is not only a legal subject matter expert, but also an expert in computer technology and the technical concepts related to the Internet.

Case in point, we recently completed a long and complex cyber crime trial.  We were fully equipped to expertly handle the criminal defense aspects of the case, we knew the law, how to cross-examine witnesses, and how to establish reasonable doubt.  However, during the trial, it was our technical expertise what allowed us to provide a unique perspective to the evidence presented.

For example, the alleged criminal activity was traced to our client’s IP address and MAC addresses.  However, the documentation used by the government contained errors that only an attorney with expert Internet technology knowledge would have caught.  Error number one was that one of the MAC addresses utilized by the government to justify the search warrant had one character too many, i.e., it was not valid.  The other MAC address pointed to a laptop computer, but the government identified it as a router.  These critical defects would have probably gone unnoticed to the eyes of the typical lawyer.  Does the average attorney even know how many characters there are in a valid MAC address?  I can guarantee you that the answer is no.

Another issue that came up was that the government’s evidence was mostly obtained through forensic analysis of hidden system files, such as the thumbs.db file and others.  If it takes forensic analysis to even retrieve evidence that a client who is not technically sophisticated and who does not have the necessary computer forensic tools is accused of “intentionally” possessing, how can the government show intent?  It took a lot of finesse, patience, and art to explain to the court how the evidence presented could have been retrieved in the first place.  The typical non-technical attorney would have had a hard time understanding these concepts and attacking this evidence.  I have seen cases forced to a settlement or plea that is not warranted under the circumstances simply because, although the attorney can competently argue the law, he/she can’t competently argue the technology.  Our expertise includes technical degrees in Computer Engineering and years of Internet technology experience.

  522 Hits

Microsoft Corporation Sues a Dentist for Trademark Infringement and Cybersquatting

The Anti-cybersquatting Consumer Protection Act (ACPA) makes those who register infringing domain names in bad faith liable to civil suits from a trademark owner.  

Microsoft has filed a trademark infringement suit against a California dentist, Dr. Saed Said, who has registered more than 40 Internet domains with names similar to Microsoft’s products or brands, including:,, and

Microsoft claims that Dr. Said operates the domains with the intent to divert Internet surfers looking for Microsoft’s products. "The person has been diverted from the Microsoft Web site he or she was seeking to visit, and Microsoft has lost the opportunity to interact with that person," Microsoft claims in the lawsuit.  According to Microsoft, Said profited from the misdirection because his Web sites contain advertising for non-Microsoft products.

We are experts in all issues related to Domain Name law and cybersquatting.  If you receive a cease and desist notice or are served with a lawsuit accusing you of cybersquatting, we can provide you with the expert legal representation necessary to fight against large corporations such as Microsoft.

  454 Hits

Internet Defamation can cost you.... to the tune of $11.3 M

Internet blogs continue to create litigation.  The days when the courts would not intervene in matters involving Internet defamation resulting from Internet blog postings are behind us.  Recently, a Florida woman was awarded $11.3 million dollars in damages resulting from postings made by a Louisiana woman accusing the Florida woman of being a "crook", a "con artist" and a "fraud." 

The defendant in that case was not represented by counsel at the time the verdict was issued.  Although it appears that in this case, the Defendant was affected by Hurricane Katrina in a manner that affected her ability to defend herself, the situation brings up a significant issue.  Many misunderstand the impact and importance of Internet defamation accusations.  The result can be financially devastating.

Bloggers and cyber gripers run a significant risk when they post their statements online.  There is no such thing as a completely "anonymous" blog post.  A competent Internet defamation lawyer who knows the technical aspects of the Internet and knows how to properly utilize the legal process can discover the identity of the author.  At that point, the author must be prepared to utilize the services of a competent attorney to provide expert legal defense.

For more information regarding Internet defamation, please visit our Internet defamation website at or our main Internet law website at

  472 Hits

Single mother ordered to pay $222,000 in Internet copyright infringement damages

A Minnesota federal jury found Jammie Thomas guilty of copyright infringement.  She now owes a total of $222,000.00 in damages to the RIAA.  The copyright damages are based on the jury's valuation of $9,250 for each infringed recording.  Under copyright laws, RIAA might have recovered up to $150,000 per song infringed.

This judgment can potentially shake up the way the P2P copyright infringement litigation game is played.  The defense had some questionable moves, or lack thereof.  Of note is that the defense relied almost exclusively on the theory that some hacker might have used Ms. Thomas' usual user
name and her computer without her knowledge. Was it lack of knowledge of the technology involved, lack of knowledge of how to properly defend an Internet copyright infringement case, overconfidence, etc?

The lesson learned is that if you are accused of online copyright infringement or involved in any other Internet law related litigation, you are best served to seek the assistance of competent counsel.  Competent counsel will not only claim to practice Internet Law, but will also have a proven successful litigation record as well as a technical resume that demonstrates in-depth knowledge of the complicated technological aspects of these matters. 
  404 Hits

ICANN fails to pass domain name WHOIS registry privacy reforms

The Internet Corporation for Assigned Names and Numbers (ICANN) failed to overcome a stalemate on its efforts to reform the way that domain names WHOIS data is handled.  The WHOIS registry contains the names, address, and contact information of Internet domain name registrants.  The information contained in the registry is public, with the exception of domain names with proxy registration.

Businesses, law enforcement, and especially Intellectual Property and Internet Lawyers regularly utilize the domain names WHOIS registry to identify cybersquatters, spammers, phishers, trademark infringers, copyright infringers, and others.  However, the WHOIS registry is also open to abuse and can potentially expose domain name registrants to spam as well as Internet privacy violations.  ICANN’s attempts to reform the WHOIS system to balance the ability to identify cyber wrongdoers against privacy concerns have failed.

Several proposals failed to gain acceptance.  For example, under a proposal called the “Operational Point of Contact”, domain name registrars would continue collecting contact information from domain name registrants.  However, domain name registrants would have been required to keep certain information shielded from public access with certain exceptions.  Defining these exceptions was fatal for this proposal.  

A different proposal included shielding the contact information of individual domain registrants but not the information of commercial registrants.  The difficulty of determining whether a domain name registrant was “commercial” proved fatal for this proposal.

These proposals, as well as others failed and an acceptable compromise between the needs for privacy and the need for identification was not reached.  In the foreseeable future, the only mechanism available to domain name registrants who choose to remain anonymous is to purchase proxy registrations from the domain name registrars.

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law and domain name law cases throughout the United States. 

  527 Hits

Website development contracts: The “handshake deal” can cost you.

Under  U.S. copyright laws, the developer of a website owns the intellectual property and copyrightable elements of the website.  The copyrightable elements of a website include the text, graphics, scripts, code, and the “look and feel.”  Unless there is a contract to the contrary, the website developer’s client only obtains a non-exclusive license to utilize the intellectual property that it paid to develop.  Even the copyright notice on the client’s website applies only to the contents that were developed by the client and not to the contents that were created by the developer.

This means that under the default scenario, your business’ website developer can create a very similar website for your competitors.  Furthermore, at the end of your business’ relationship with the website developer, the website developer can also demand that you stop using its intellectual property and copyrightable contents.  If you refuse, you may find yourself as the defendant in a copyright infringement lawsuit.  Even worse, your website developer may refuse to facilitate your business’ transition to a new developer.  If your business depends on its website, it may never recover from this website hijacking scheme commonly applied by some unscrupulous website developers.

You should be aware of the risks associated with the absence of a carefully drafted website development agreement and should consult with an Internet Attorney before hiring others to develop your website.

Cyber Lawyer, Domingo J. Rivera, is an attorney specialized in Internet Law, handling cases throughout the United States. 

  547 Hits