Today, March 31, 2018, marks the eighth annual World Backup Day. Before you physically step back from wherever you’re standing, that’s not the kind of “backing up” we’re talking about. World Backup Day started by a group of concerned internet users, posting their thoughts and ideas about data security to the international internet chalkboard Reddit. This backup is a noun, in this case meaning a second (or third, fourth, fifth, etc.) copy of all your digital files, which you store in a different location that the one where the files primarily live (i.e. you don’t keep a backup of your computer on that same computer; it must be stored on another machine or disk drive, whether that be a tangible drive that’s physically located in your home or office, or in the cloud).
Perhaps you’ve already stopped reading, because you thought to yourself, “This is ridiculous—in this day and age, who doesn’t backup their data?” But simply having a backup plan in place isn’t good enough anymore. To guard against the potential catastrophes caused by a total data loss, you also need to test your backup plan, to make sure it works the way it’s supposed to. A recent survey conducted by a well-known IT company revealed that 71% of those surveyed (mostly businesses) have a backup plan in place, but despite having a plan, data loss continues to be a vexing issue. Don’t just dismiss World Backup Day as something for geeks, or something that doesn’t apply to you or your business because you own an external hard drive, and already have your files backed up to it at least daily or weekly. Even worse, don’t think that World Backup Day doesn’t concern you because you use Dropbox… Continue Reading
Do you post things “privately” to Facebook, which you wouldn’t ordinarily post to a public forum that anyone could access (as opposed to being limited to your Facebook friends or circles)? A few weeks ago, I wrote about the consequences of deleting something from the internet, questioning the extent to which those things are really “gone.” Very similarly, if you post images or comments on Facebook, you run the risk of that content becoming a matter of public record, even if your posts are intended only towards a finite or limited group of individuals.
Case in point, New York’s highest court recently ruled, regarding so-called private Facebook posts, “even private materials may be subject to discovery if they are relevant.” (The phrase “subject to discovery” simply means that the opposing party has a right to see the material at issue.) The court’s reasoning for this decision is “[W]hen a party commences an action, affirmatively placing a mental or physical condition in issue, certain privacy interests relating to relevant medical records – including the physician-patient privilege – are waived.” The court’s full opinion can be found here (PDF).This just states the well-established principle that when a person files a lawsuit claiming injuries (physical, mental, etc.) the party they’ve sued has a right to review their medical records, regardless of HIPAA, or any laws or regulations that protect patient medical records. But are medical records the same as a person’s personal and/or private documentation of events, which they legitimately believed would only be seen by certain people?
Although I disagree that Facebook content is equal to, and should be treated the same as a person’s medical records, as a trial attorney I recognize that in some limited situations private Facebook content could provide a smoking gun as to some material issue being litigated. As the New York Court of Appeals recognized, there are rules and procedural roadblocks that help protect and limit the scope of disclosure, and prevent the distribution of private content beyond the parties to the case (and sometimes even limiting disclosure to their attorneys only). But those rules are only as good as the attorney who negotiates the terms of disclosure, and then carefully drafts a confidentiality or protective order to prevent his client’s sensitive content from being used for other purposes, or worse yet, going viral on YouTube.
It is therefore critically important that all attorneys use and be proficient in at least the more common social media channels, so they have a working understanding of the privacy controls, security/login procedures, and manners of sharing or re-posting content. Imagine you have to write a list of detailed instructions for someone to fly a kite for the first time. Then imagine doing it if you’ve never before flown a kite.
So there are two lessons learned here: 1) Be careful what you post to Facebook, and other social media that allows material to be “private,” because it may not be as private as you think; and 2) Before hiring a lawyer, make sure he/she knows how to fly a kite.
The short answer is: Yes. But it’s not easy. It’s pretty common that every week I’ll get a call or email from a small business owner, or another attorney (who represents a small business owner) asking about how to get a negative/bad review of their product or service removed from Yelp! or from appearing at the top of Google search results for their business. Usually the offending review/post was written by some anonymous individual, which makes things more complicated (discussed below), and they business owner or attorney may have already tried contacting the website and requested removal, to no avail. Every time this happens, I say the same thing: Continue Reading
Have you ever posted something hastily on social media, and then deleted it later, after coming into your rational mind? Lots of people do it, and while oftentimes it does the trick, it isn’t a reliable way of removing something once it’s been published on the internet. This is because once something has been “published” on the internet, there’s no way to prevent it from being copied—by anyone, anywhere in the world. There are even sites, like archive.org, a.k.a. the “Wayback Machine,” specifically designed to take snapshots of everything that appears on the web, not to mention the countless bots and spiders programmed to methodically scan or “crawl” through web pages in search of specific data or classes of data, and then create an index of the data discovered.
That’s why I tell all my clients not to post anything on the internet, which they wouldn’t want their mother/father/boss/significant other to see. But what about in closed forums, such as your “private” Instagram account, or Facebook wall? Even thought these places aren’t accessible to the general public, you are still distributing information to an outside network, which is ultimately controlled by someone else, and once it’s out there, it’s possible that people other than your friends could see it—even if you delete it.
There’s a bunch of reasons Facebook might want to make it less easy for users to hide their history on the website; old posts are almost certainly used in its advertising algorithms and are used to fuel “Memories” posts which generate additional engagement.
When you delete something from your wall, account, or even your personal computer folder, it may disappear from plain view, but that doesn’t mean it never happened (i.e. can’t be discovered using sophisticated software or methods). For example, whenever you delete a tweet or a Facebook post, it gets removed from your timeline, but the data is still retained, because they consider deleted posts to contain valuable marketing data. Recently, Facebook was even accused of removing the option to delete posts. Although that didn’t actually happen, the mere thought of its ramifications caused agita for more than a few. But even if you could totally delete something from the internet, there’s no way to guarantee it wasn’t captured before you deleted it (remember this poor girl?).
Here’s the other scary thing about deleting data: if you delete anything that’s related a lawsuit—even if there isn’t a lawsuit yet, but you think there might be one in the future—you’re required to preserve that data, and if you delete it, it’s the same as destroying evidence, which can result in huge penalties, depending on the substance and circumstances of the data in question. The best thing you can do is to think twice before you post anything on the internet, especially if what you’re posting is about somebody else.
Do you ignore messages like this? A recent study analyzing the security health of 4.6 million endpoint devices, which included 3.5 million mobile phones across multiple industries and geographic regions revealed that across all devices and operating systems (OS), only about 31% of the devices were running the latest OS version. That means more than two-thirds of the nearly five million devices surveyed were running outdated software, which oftentimes means the devices are vulnerable to being hacked. An even scarier statistic revealed was that use of Microsoft Windows XP in the healthcare industry was up one percent over the previous year—Microsoft stopped supporting Windows XP over three years ago!
In this day and age, protecting your computer/laptop and mobile devices with a password should be automatic, and depending on the strength of your password, and the operating system (OS) it’s protecting, that may be a good step towards securing your data from hackers, but even the strongest password won’t protect you from the security vulnerabilities of associated with running outdated software. That’s why it’s so important to make sure your software (especially the OS files) is always up to date. This applies to all computing devices you own, even things like your Nest thermostat, Amazon Echoes, and anything else that connects to the internet. Why are software updates so critical to staying safe?
Many software updates are pushed out in response to security defects discovered by hackers—computer experts with special skills and knowledge for gaining unauthorized access to networks. Once the updates are available to the public, the security defects they aim to fix also become public knowledge, so if you don’t update you could be leaving yourself open to an attack. This doesn’t mean you will be hacked for sure, but is it worth the risk? Updating your software and firmware is the low hanging fruit equivalent of protecting your privacy and data. There’s no reason not to do it.
But with dozens of devices to keep track of, how can you be sure they’re all up to date? This is the good news. It’s getting easier to stay up to date, and many systems are building in automatic updates that you can just “set and forget.” In Windows 10, for example, the system defaults to automatically updating itself. If you’re running Apple’s macOS, you can customize your update settings from the App Store button in the System Preferences app. Pro tip: If you select background OS downloads, your Mac looks for opportunities to download the important updates bits at times, or in a way that impacts you the least, oftentimes while it’s asleep.
Don’t forget about your mobile devices though. According to the study, only 27% of Android phones surveyed were running the latest major OS version, compared with 73% of iPhones being up to date. This is because Apple makes it dead easy to keep your iPhone/iPad up to date—whenever an update is available, it asks you whether you want to install now, later, or even “tonight,” which handles the dirty deed whilst you sleep. Android devices are trickier, because there is such a range of devices, by multiple manufacturers, and not all devices are capable of running the latest OS version. You can see what version of Android your device is running by selecting Settings > About phone/About tablet/About device menu (you may have to also tap on ‘Software information’ if the version isn’t shown).
Check your devices now, and make sure you’ve got the latest OS, and that you’re set to get updates automatically. This is something we do with new clients, when getting them set up with login credentials to our secure client portal, because it won’t matter how great the password is its vulnerable to being accessed by a hacker.
Further reading: Before doing any major software or firmware updates, make sure your data is backed up.
When copyright protection was created in the late 1700s, it was for books, poetry, and other written works. After all, Thomas Edison didn’t invent the phonograph until almost a century later, and sound recordings weren’t commonly made until the 1900s. But as technology allowed new ways of disseminating creative material, copyright law has evolved to protect the myriad forms of media. Today, there are copyrights for everything from musical compositions, and sound recordings on vinyl (phono record), analog tape (reel to reel and cassette), compact disc and various digital media forms, movies, videos, architectural designs, photographs, computer software, and materials specifically created for the web, and other online platforms.
Copyright protects original works of authorship and the original expression of ideas. Copyright does NOT protect ideas themselves, however. Ideas are protected by patent law. Copyright protection differs from patent, which protects useful ideas and inventions (though materials describing patentable materials can be copyrighted), and copyright differs from trademark, which protects the use of words, phrases, symbols, designs, and even colors that have acquired a close association with a particular product, company, or specifically identifiable source. Patents and trademarks are the exclusive dominion of the U.S. Patent and Trademark Office (USPTO). The U.S. Copyright Office, on the other hand, is its own sovereign entity, which is totally separate from the USPTO.
Last year, the U.S. Copyright Office processed more than 468,000 applications for which it issued over 414,000 copyright registrations. The overwhelming majority of those applications were filed electronically, and unlike patent applications (and to a slightly lesser extent, trademark applications) many, if not most copyright applications are filed by the author or creator, rather than an attorney. The filing fee for a copyright application starts at just $35, for a single work/single author, but can cost many multiples of that, depending on the number of elements to the work, and how many co-authors contributed. For example, a nautical designer can pay as much as $400 to register the various design components of a vessel’s hull.
Copyright law originates in the U.S. Constitution, but the laws we use today are primarily the U.S. Copyright Act of 1976, and the Digital Millennium Copyright Act of 1998 (a.k.a. the DMCA). Copyright law protects any original creative work that is fixed in a tangible medium of expression. That’s just white wig speak meaning that it has to be (a) an original creation, and (b) written on paper, recorded in a media file, etc. (which is what they mean by being fixed). Once you have something that meets those two criteria, you automatically have exclusive rights to:
- Produce copies or reproductions, and to sell those copies (including, electronic copies)
- Import or export the work
- Create derivative works (e.g. sequel, prequel, or spinoff)
- Publicly perform or display the work
- Publish or broadcast the work
- Sell, transfer, or license these exclusive rights to a third party
Registration isn’t required to establish federal copyright protections. You don’t need an attorney to register a copyright and as a matter of principle, it’s a good idea to familiarize yourself with the registration process by personally registering your own copyrights, as you embark upon your creative endeavors. Aspiring songwriters making ends meet as baristas are not likely to be able to afford or need legal assistance to help them register for copyrights on the first songs they pen. It isn’t difficult to do. People involved in imagining original materials owe it to themselves to learn the basics of how to protect their creations.
It is necessary to seek registrations for new works or when materials are substantially altered or updated, such as a redesigned website.
While a non-attorney can apply for a copyright registration, properly registering a copyright establishes who could later become crucial in a fight to establish an individual as the rightful originator of a work. A person must have registered to bring a lawsuit for copyright infringement.
If you have to legally assert your copyrights against infringement, it’s easier if your materials have been registered with the U.S. Copyright Office. I look at taking the time to register copyrights as the difference between riding on the express train or the local; a successful infringement claim will come a lot faster and easier with a valid copyright registration in hand. Better yet, by having your copyright registered, you just might be able to avoid having to go to court in the first place,that is because (smart) people don’t want to litigate copyright infringement cases where the work was previously registered.
Registration also creates a public record of a person’s claim to authorship of original materials. Works can be registered at any time, but in most situations, registrations are NOT retroactive. So, if you register a copyright after it was infringed, and then file a lawsuit for copyright infringement, unless an exception applies, you won’t be entitled to the same relief afforded to registered copyrights.
What relief is available for infringement of registered copyrights that is unavailable for unregistered copyrights? When a copyright is registered, if you have to sue for copyright infringement, you won’t have to prove the value of the work. That is because registered works are entitled to statutory damages, which are set forth in the Copyright Act. If your work is registered, all you have to do is prove that somebody unlawfully copied it, and the minimum amount of damages the court will award is $750 per work infringed. For willful infringement, the award of statutory damages could be as high as $150,000 per work, depending on the circumstances. But the biggest benefit to registration is that as the prevailing party in a suit for infringement, you are automatically entitled to an award of attorney’s fees.
Without registration, you’ll have to pay your own legal fees, and you’ll only be entitled to actual damages (e.g., the amount of lost profits you can prove are attributable to the infringement), which are oftentimes difficult to prove, especially when the subject matter is a creative work of art.
People should seek legal guidance on registering copyrights when their materials begin to show real commercial value. Legal assistance may also be indicated if a person cannot navigate registration themselves because of problems with, for instance, understanding the terminology involved.
More complicated issues may arise from registration practices, too. For example, if you want to register a work you co-authored or contributed to, or a collection of songs, videos, drawings, etc., a computer software application, or the entire design and contents of a website, these are situations when you should at least consider hiring a copyright lawyer, or at least consulting with one to make sure you don’t make any fatal mistakes.
People who believe their professional reputations or personal integrity have been unfairly impugned by materials anonymously posted on the internet are not defenseless against their unnamed tormentors.
Is it possible to discover the identity of those behind anonymous posts? Yes. But it’s not easy, especially if you don’t have experience communicating with the various webmasters, and a comprehensive understanding of not only the applicable federal laws in play, but also the various state laws, which differ, and can be especially confusing when you, the online troll, and the website are all in different jurisdictions. Sometimes the laws of more than one state may apply, which then raises an even more complicated legal issue called conflicts of law.
Nevertheless, unmasking the anonymous online troll requires a systematic and methodical approach that must be tackled step by step. The first question you must answer is — On which platform do the objectionable materials appear? Arguably you should first determine whether the objectionable material is actionable under existing law, however, the requisite standard for removing the objectionable material often differs depending on where the material is posted, which is why it’s usually best to start by identifying the medium, including ALL syndicated or duplicate publications.
Most online service providers (OSPs), like Facebook, Yelp, Google Plus, etc., have policies in their terms of service (ToS), which provide guidance for having objectionable content removed from their sites. Unfortunately, the process is different for every site. Website operators are faster, and more likely to remove objectionable materials when intellectual property violations, such as copyright or trademark infringement are involved. This is because the most important/prominent law governing online service providers, the Digital Millennium Copyright Act of 1998 (DMCA), contains “safe harbor” provisions allowing OSPs, without penalty, to take down materials that infringe on people’s copyrights if they do so “expeditiously” upon learning of the infringements contained in postings.
Many people are successful at sending DMCA takedown notices themselves, and sometimes that makes the problem go away. But if your DMCA takedown notice is unsuccessful, or the OSP doesn’t respond, if you didn’t have an attorney who specializes in intellectual property and/or internet and privacy law, you will likely need one at that point.
The identities of anonymous posters are held by the OSPs, and most providers are going to require people seeking to discover the identities of those behind anonymous postings to get a court order before they will reveal their identities.
Materials that anonymously or falsely malign a business almost cry out for a business owner or company to respond. If you are in a situation where your business is either being hurt or is going to be hurt, then there is really nothing to think about in terms of whether to fight back (unless you don’t care about your business). If you can prove the damaging statement is not true, and it’s truly defamatory, that’s a surefire way to get a court to issue a takedown order. There is no First Amendment protection for false and defamatory statements. If somebody calls you an “asshole,” that is objectionable, but it is not defamatory. But if you are a restaurant owner, and somebody says you put chopped-up fingers in the chili, that’s a different scenario. That gives a quest for redress a lot more teeth because of how obviously detrimental that kind of allegation could be to a restaurant’s business.
But what about fighting anonymous postings of the “asshole” variety? People may bristle at being branded that way on the internet, where the characterization can be seen by thousands, if not millions of people. But the opinions of a critic, anonymous or otherwise, are rarely defamatory unless they contain claims of fact that can be refuted. Calling a person a “crook” or a “thief,” for instance, is often objected to by the those alleged to be “crooks” or “thieves.” Even then, claims of defamation are difficult to prove. Anonymous opinions may bruise the egos of their targets, but getting real redress may prove even more bruising to the patience (and pocketbooks) of the maligned.
This is an easy one. No. By definition, defamation is a false statement of fact, which damages another’s reputation or character. So, telling someone to eat shit, which is nothing but a more colorful way of saying ‘go fly a kite,’ is not defamation. Then why did HBO get sued along with its show host, comedian John Oliver, for saying exactly that about the owner of West Virginia coal mine? This is where the answers get (slightly) more difficult.
Spoiler alert: It depends. Continue Reading