Articles Posted in Internet Law

EMV stands for EuroPay, Mastercard and Visa and starting next week, it will be important for business owners to consider how they employ this payment method. On October 1, 2015 the liability for credit card fraud will shift to the business entity that employs the least effective security technology. In other words, in disputes between the merchant (store front owner) and the credit card issuer (for example a Citizens Bank Visa), the party that uses non-compliant EMV technology will assume the liability for credit card fraud if the other party uses EMV technology. If both parties do not use EMV technology then the liability issues remains unchanged.

So what is EMV technology and how does it work? Have you ever noticed on your new credit card that there is shiny silver square? This is a computer chip and it produces a code that EMV compliant credit card terminals must receive in order to authorize the trasaction. You will no longer “swipe” your card but rather insert it into the terminal. The code will be constantly changing making fraud much harder to occur. In addition, some issuers will also require a PIN to confirm the transaction as well. If either your credit card or the merchant’s terminal is not EMV compliant, the card, for now, will work as before by the swipe method. The only thing that has changed is the potential shift of liability. This is not new technology. Europe has been using this technology for years. For more information on EMV technology, click here.

While it makes sense for brick and mortar stores to switch to EMV compliant terminals it is less clear for on-line retailers. Right now major credit card companies are using two different systems for EMV online technology. MasterCard uses its “Chip Authentication Program” or CAP and Visa offers its “Dynamic Passcode Authentication” or DPA.  It is very similar to the choice between VHS and Betamax all over again. Which technology will prevail is anyone’s guess at this point. In the meantime, it’s best to understand what’s out there and make an informed decision for your business’ individual needs.

The Supreme Court continued its trend of significant decisions today, issuing rulings in favor of copyright holders over technological innovation (ABC v Aereo) and in favor of upholding privacy rights in the face of police searches (Riley v California). While the decisions were broad in scope, they also both created substantial unanswered questions that the Court is essentially pleading with Congress to resolve. From a political standpoint, that appears unlikely, and I predict both of these issues will be back before the Court in the not too distant future.

Looking first at the Riley case, the Court held cell phones contained private information which the police are not entitled to review merely incident to an arrest. Unlike the contents of your pockets or items in plain view, the government now cannot access your cell phone without a warrant during an arrest. This rule applies to both smartphones and so called dumb phones alike (the police viewed the incoming caller ID in one of the defendant’s older style flip phones to determine where he lived), and actually signals real concern for future business cases.

While this may seem like a boon to privacy advocates, there are holes in this ban big enough to steer Google’s self driving car through. First, there are exceptions for when the police believe they need to access your device in exigent circumstances. No warrant is required when the police are trying to prevent a disaster, or save someone else. Second, the Border Search exemption does not come up in this case. This exemption, still on the books but possibly overruled by today’s decision, allows for a warrantless customs search anywhere within 100 miles of an international border. That includes our offices in Philadelphia, and most of the population of the US who live within 100 miles of an international coastline. Is every police search now going to have a customs element to get around the Riley decision?

The bigger concern with this decision, from a business perspective, is the growing use by the Roberts Court of anecdotal evidence not truly before the Court. The Riley decision in some ways is based upon a faulty understanding of technology and how we interact with it on a daily basis. Justice Roberts cites to the iPhone User Guide as definitive proof that “Law enforcement officers are very unlikely to come upon such a phone in an unlocked state because most phones lock at the touch of a button or, as a default, after some very short period of inactivity.” While many phones have this feature, it’s frequently not used. Various surveys have shown between 40% to 70% of cell phone users don’t lock their phones. The Court similarly dismisses out of hand the potential for automatic wiping via geofencing as simply not a real concern. I’ll grant Justice Roberts that most criminals are not IT specialists, but it’s not difficult to set up a directive for your phone to be wiped if it enters the local police station. In fact, the controls to set that up are right in the apps at the heart of the Riley decision. Finally, the Court suggests merely turning the phone off or removing the battery as a way police can prevent a remote wiping signal, failing to understand that (i) many, if not most, new smartphone have integrated non-removable batteries; and (ii) a phone is not rendered completely inaccessible simply because it’s turned off.

The problem here is not holding itself, which may actually be a bit of a pendulum swing against the destruction of privacy standards we’ve seen since 9/11. Rather, the issue I see is that the Court continues to decide cases based upon a misunderstanding of how people interact with technology. This has led to, and will continue to create, decisions which raise significant business issues. We’ll have more in the next few days on the Aereo decision, which even the Court acknowledged will hang over SAS and cloud computing services for some time to come. But in the meantime, it’s clear that if we are going to continue to see technological growth, Congress needs to get on the ball and deal with some of these issues before they’re dumped at the courthouse steps.
Continue reading

I came across an interesting blog that was posted by a professional hacker whose job is to find vulnerabilities in top corporations’ IT security. His official title is “penetration tester”. Rather than just summarize what is already a short blog, I decided to just let the hacker speak for himself and tell you directly what he believes are the top 3 mistakes corporations make with their IT security programs. I think the top 3 will surprise you. Click here for the security blog.

The attorneys at Danziger Shapiro, P.C. can help you with developing your security protocols and smart phone/tablet work policies customized to the unique needs of your business. Call us today to set up a free consultation to discuss this and any other issue affecting your business.
Continue reading

It seems we cannot go a day without big news regarding online security and privacy or the lack thereof. Most recently it was Target and tomorrow who knows. California has always been at the forefront when it comes to protecting consumers and internet privacy. Thus it comes as no surprise that, as of January 1, 2014, every business with an online presence will need to comply with California’s amendment to its Online Privacy Protection Act. This recent amendment has teeth and you must comply if a California resident clicks on your commercial web site either through his computer or mobile phone.

In a nutshell, privacy policies will now be required to include how the website will respond to a web browser’s “do not track” security option and if the web site allows third parties to collect personally identifiable information from users and across third party websites. Failure to comply will cost you $2,500 for each violation. However, before any fine is imposed, the noncomplying business will be given 30 days to correct its privacy disclosures.

What is interesting about this new law is that while it places the onus on businesses to state how their website responds to a customer’s “do not track” option, it does not require the business to honor that request. We are truly operating in one unified economy and it is becoming increasingly important to be aware of the laws of other states as you do business on the global web.
Continue reading

For Immediate Release
Contact: Danziger Shapiro, P.C.
215-545-4830 leavitt@DS-L.com
Danziger Shapiro, P.C.
Announces Investigation of NQ Mobile, Inc.

PHILADELPHIA, PA, December 16, 2013- Danziger Shapiro, P.C., a Philadelphia based litigation law firm, (www.DS-L.com) is investigating securities fraud claims against NQ Mobile, Inc.. (NYSE: NQ). This inquiry centers on allegations that statements issued by NQ Mobile regarding its business operations and the company’s financial condition were deceptive and false.

NQ Mobile purports to provide security solutions for the mobile phone market. On October 24, 2013, a report issued by Muddy Waters states that NQ Mobile had engaged in fraudulent practices by, among other things, vastly overstating its market share in China by asserting it had a 55% share of the market when in fact it only had a 1.5% market share and that at least 72% of NQ Mobile’s alleged Chinese security revenue is fictitious. Upon the release of this news, in less than 36 hours, shares of NQ Mobile dropped approximately 56%, representing over $500 million in losses to investors
Individuals who purchased NQ Mobile shares between May 5, 2013 and October 24, 2013 who would like to learn more about this investigation, have an interest in joining a class-action lawsuit, or have any questions concerning this announcement and their rights, should on or before December 23, 2013, contact Douglas M. Leavitt, Esquire: (215) 545-4830 or visit: www.DS-L.com. You may also email Mr. Leavitt at leavitt@DS-L.com.

This press release may be considered Attorney Advertising in some jurisdictions under the applicable law and ethical rules.
Continue reading

Earlier in the Fall I talked about NJ’s proposed privacy bill that would prohibit employers from requiring employees and job applicants to disclose their private social media account information. (Click here for prior post) Well, the law took effect December 1. Be mindful that this new law applies to all employers regardless of size.
Continue reading

Governor Christie signed into law on August 29 a privacy bill that prohibit employers from requiring employees and job applicants to disclose their private social media account information. The law will become effective December 1, 2013. Click here for a related blog entry I wrote on a similar law in Philadelphia.

First off, the law will apply to ALL NEW JERSEY EMPLOYERS regardless of size. Yes that is correct; there is no minimum number of employees for this law to apply. There is a minor exception relating to state and county jails and parole officers but for purposes of this entry, this law applies to ALL NEW JERSEY EMPLOYERS.

Under this law, an employer will not be able to force an applicant or a current employee to disclose any password, user name or other account login information to any social media that is used exclusively for personal communications and is unrelated to a business purpose of the employer. It will be a violation of this law if you even ask a prospective job applicant or current employee if they have a social networking site. However, there is nothing in this law that would prevent an employer from doing his own search to see if the prospective employee has her own social media accounts at Facebook and similar sites.

Like most laws, there are exceptions. In certain limited circumstances, an employer will be allowed to compel an employee to disclose his or her username and password. For example, disclosure may be required for (1) the employer to comply with a state or federal statute; or (2) employer investigations of workplace misconduct or theft of proprietary or confidential information. In each workplace investigation, the employer must be acting on credible and specific information and not be conducting a fishing expedition.

The law has anti-retaliation provisions designed to protect the applicant or employee from adverse actions of an employer who violates this law. If an employer does violate this law it will be fined $1,000 for the first violation and $2,500 for each successive violation. The proceeds will be collected by the Commissioner of Labor.
Continue reading

An angel investor who invests in a “qualifying” New Jersey emerging technology business in tax year 2012 and beyond is now eligible to receive a tax credit of up to 10% of the total amount invested. This law is designed to stimulate investment in emerging New Jersey technology companies by allowing the investor to use the 10% tax credit as a direct offset against an investor’s New Jersey business or gross income tax. While Governor Christie signed this act, known as the New Jersey Angel Investor Tax Credit Act, into law on January 31st of this year, the underlying rules do not come out until today, August 5, 2013, in the New Jersey Register.

The act defines both “qualified investment” and “New Jersey emerging technology business” and I will not bore you with every detail here. However, in brief; in order for an investment to be a “qualified investment,” the investment must be a non-refundable transfer of cash to a “New Jersey emerging technology business” in exchange for rights to participate in the upside of the business or to use or market the technology.

To be considered a “New Jersey emerging technology business,” the act specifies the physical connection the company must have to New Jersey as well as the technological areas the business must be involved with. For example, the New Jersey business must have fewer than 225 employees, of whom at least 75 percent work in New Jersey. The company must also transact business, own property, or maintain an office in New Jersey. Finally, the company is required to operate in one of the following industries: advanced computing, advanced materials, biotechnology, electronic device technology, information technology, life sciences, medical device technology, mobile communications technology or renewable energy technology.

For investments made on or before July 1, 2013, an investor must submit a completed application before July 1, 2014. For all other investments, an investor must submit a completed application within one year of the date of the qualified investment. There are application fees not to exceed $1000 and approval fees that will be offset against the tax credit.
Continue reading

Pennsylvania has just passed legislation that allows, if certain conditions are met, the tax free transfer of a family owned business to a decedent’s heirs. The idea behind this exemption is in these tight economic times to keep businesses in the family. This financial burden comes at a critical juncture as the business is now faced with not only a forced transfer of organizational control, but an inheritance tax bill when nothing has changed in the actual running of the fundamental core business. In some cases, the business is forced to sell assets to meets its inheritance tax obligations or in dire circumstances, has to shut down business operations altogether. While the local governments want to collect every penny they can, our elected officials also know this hurts the economy at the grass roots level because when an otherwise viable business shuts down only because it cannot afford to pay an inheritance tax, employees who were gainfully employed are now added to the unemployment line and this becomes another drain on the local economy.

With this as background, in order to be entitled to the family owned business inheritance tax exemption the following requirements must be met:

• Qualified Business – The business must be a “qualified business” which requires that the business must be operated by either a sole proprietor or through a business entity (LLC, partnership or corporation). The business must have fewer than 50 employees and a net book value of less than $5million dollars.

•Ownership of Qualified Business – The business must have been in existence for the past 5 years and must have been owned by the decedent and members of the decedent’s family.

•Qualified Transferees
– The “qualified business” may only be transferred to “qualified transferees”. Qualified transferees are, as you would expect, the decedent’s immediate family – spouse, children, grandchildren, siblings, cousins, parents and grandparents.

•Time Restriction – In order to retain this tax savings, the family business may not be transferred to another individual or entity for a period of 7 years from the date of the decedent’s death. Yearly certifications to the taxing authority will be required. If the business is transferred within this 7 years period, all inheritance tax plus interest that would have been due will now become immediately due and payable.
Continue reading

I was reading the Philadelphia Inquirer this weekend and came across an interesting article in the business section. As a result, I decided to take a break from the typical commercial litigation or real estate post and ask you this: When you die, what happens to all of the pictures you posted on Facebook or Instagram? Who takes over your Gmail account? Would you like your children to be able to access these pictures? Have you ever asked yourself these types of questions?

Lucky for us, Karen Dilko’s July 1, 2013 article sets forth the different policies by several media giants. If you are with Yahoo, you are out of luck. There is no right of survivorship. When you die, Yahoo will delete all account information upon presentation of a death certificate. That seems harsh, no? Luckily, it is different with other providers such as Facebook or Twitter. These entities will work with your estate to transfer ownership.
Continue reading

Contact Information