IMPORTANT INTERNET ISSUES FOR LAWYERS Spyware and Phishing and Spam…Oh
My! The
computerized law office has made practice faster and more efficient. Email allows you to
communicate with clients, opposing counsel and others faster and easier than ever
before…and you can even send and receive files, documents and attachments. This makes
transmitting pleadings and correspondence…even discovery materials, and in some
jurisdictions court filings…almost instantaneous. On the other
side of the coin, if your home of office computer is part of either a local area (LAN) or
wide area (WAN) system, or if your computer is connected to the Internet, there are
hazards to your computer, your documents and files and your client confidences that you
simply must know about and protect yourself and your clients against. While the
Internet has brought us a wealth of information, ease and advantages, it has it’s
“dark side” that presents problems ranging from mere annoyance up to the
dangerous and invasive, such as spam, or bulk unsolicited email (“UCE”) on the
one hand, towards the hazards of virus, Trojans, spyware and malicious code on the other
hand. This
activity will discuss some of the more significant important internet issues effecting
both your home and law practice internet use, and its prospective impacts on your clients
as well. Topics
included in this activity: · Spam and the CAN-SPAM ACT · Adware and Spyware · Phishing · Computer and Data Security for your
“Always On” Broadband connection · “Blogs” and Blogging
SPAM: What is
“spam” and how did that term originate?
The name spam comes from a Monty Python television skit in which restaurant patrons
cannot get any order unless accompanied by spam. It is
believed that email spam originated in 1994 when two Arizona lawyers posted their
commercial message to 8,000 internet newsgroups and reached an estimated 20 million
people, causing quite an uproar among the recipients and giving birth to a whole new way
of marketing on the then so new internet. Since
it’s birth in 1994, unsolicited commercial email (UCE, also known as bulk email and
hereafter referred to as spam) has reached epidemic proportions. Estimates
place the percentage of spam to all email messages at about 8% in 2001, to about 56% in
2003, with estimates of marketers spending upwards of $1.3 Billion to send spam email in
2002. America
Online, one of the largest U.S. based Internet Service Providers estimates that up to 80%
of ALL it’s email traffic is spam, and it’s “spam filters” block about
1 ½ BILLION spam emails in a 24-hour period…while an estimated 30% to 40% of all
their inbound emails still consisting of unblocked spam. The U.S.
agency responsible for enforcement of anti-spam legislation is the Federal Trade
Commission (FTC) who estimates receipt of 120,000 consumer complaints daily and claims
that 66% of all spam contains false information. According to an article by Chris Gaither in the Boston Globe in December 2003, the daily “spam count” was an incredible 13 Billion spam emails daily! It’s not hard to understand why spammers keep up their pace with an estimated income coming their way of 12% of the $138 Billion total Internet commerce pie…about 16.5 Billion in income from spam marketing. Regardless
of the numbers, no one could disagree that spam is a real problem. On the one hand, your
email “in box” may be crowded with spam emails that take your time and attention
to separate from legitimate messages, and then more time to delete. And from the
standpoint of your Internet Service Providers (ISPs), their resources are often taxed to
accommodate the enormous volume of spam email. In recent
years, the problems and outcry associated with spam became so acute that the State
Legislatures began to react by enacting legislation against it. Some of the state attempts
at regulation of spam included requirements and/or regulations such as prohibiting false
header/routing data, mandatory labeling of advertising, disclosure of adult oriented ads
and requiring “opt out” provisions whereby recipients can get off the spammers
email lists. In addition,
ISPs began to bring civil actions against spammers. In one case, the State of Washington
Attorney General brought a civil action against a spam emailer and obtained a judgment of
$100,000. The action was premises on 3 distinct causes of action: (1) false and misleading
information in the subject line of the email, (2) misrepresenting the actual transmission
path and return/reply route of the emails and (3) failing to provide a valid reply email
address to which recipients could respond. Actions in
other states followed suit, including rules promulgated by professional licensing
boards attempting to regulate unsolicited commercial email. The
spammers, some of whom were making multi-millions of dollars annually operating their
businesses sending bulk email as a paid service for others, began to fight back. One such
effort involved brash litigation by Cyber Promotions Inc. against America Online (Cyber
Promotions Inc. vs. America Online, 948 F. Supp. 436, 1996). Another interesting case
involving Cyber Promotions as defendant in an ISP’s action for trespass to chattels
is included in the annotations to this program. In Cyber
Promotions, the spammer contended (1) it had a First Amendment right to send UCE
advertising to AOL members, (2) that AOL exercised a “quasi governmental”
function in providing email and other services; (3) that AOL’s email service was in
the nature of a public function as it had no other manner of reaching AOL’s email
subscribers. Cyber
Promotions lost on all counts, with the court holding, inter alia, that AOL was not
performing a public function, was not standing in the shoes of the state, and that there
were alternative ways for Cyber Promotions to place it’s advertisements on line. Cost-Shifting
as a basis for regulating commercial speech: An important state interest must be
articulated in order to regulate commercial speech, and one such interest is cost
shifting. The concept here is that where an advertiser can send its solicitations and in
effect, shift the actual cost of its marketing efforts to either the consumer or others
without their consent, a sufficient state interest may be found to regulate such
“cost shifting” commercial speech. With spam
email, as with unsolicited fax marketing, the advertiser can send one or one million
messages for the same cost…virtually nothing, while shifting it’s cost of
advertising onto the shoulders of the fax or email recipient, or in the case of email
advertising, the additional costs passed to the email provider in terms of increased
band-width, server and storage space and the like. As early as
1995, the Ninth Circuit Court of Appeals had held that as applied to unsolicited fax
advertising, this cost-shifting concept was sufficient to ban “spam faxes” and
withstand constitutional attack under the Telephone Consumer Protection Act of 1991
(Destination Ventures Ltd. vs. Fed. Communications. Comm’n, 46 Fed. 3d 54, 1995). In
Destination Ventures, the advertiser sent unsolicited fax advertising, and contended that
commercial speech could not be singled out for regulation when other non-commercial
unsolicited fax transmissions which utilized the same cost-shifting to the recipient were
not regulated. In
Destination Ventures, the 9th Circuit held, inter alia, that because
Congress’ goal was to prevent the shifting of commercial advertising costs to others,
regulation of commercial speech consisting of unsolicited “spam advertising
faxes” that employed such cost-shifting was permissible. In July of
2003, the U.S. Congress’ Senate Committee on Commerce, Science and Transportation
issued a report on the proposed CAN-SPAM Act of 2003. The Senate reported it felt spam had
become a pervasive intrusion, could reach millions of recipients almost immediately and at
no cost to the advertiser, but had become a favored method of those seeking to defraud
consumers and make their living preying on unsuspecting email users. The Senate
Committee also commented on the FTCs report that up to 66% of all spam contained some
false, fraudulent or misleading information, either in the header/routing information, the
subject line, or the body of the commercial message itself. The Committee also concluded
that spam poses a significant economic burden on ISPs and consumers. The Senate
Committee described the goals of the CAN SPAM Act as, among others, give the consumer a
right to demand a spammer stop sending them unsolicited email and preventing spam that is
false and/or deceptive as to its source or content. The proposed statute would vest
enforcement in the FTC. The CAN-SPAM
Act (“Controlling the Assault of Non-Solicited Pornography and Marketing”) The
final version was approved by the Senate in November 2003 and by the House of
Representatives in December 2003, and was signed into law by President Bush on December
16, 2003. The CAN-SPAM
Act applies to unsolicited commercial email messages, and requires they be labeled and
include opt-out instructions and the senders’ actual physical address. In addition,
it prohibits the use of deceptive subject lines and false headers or return/routing
information in such messages. Under CAN-SPAM, The FTC is authorized (but not required) to
establish a “Do Not Email” registry similar to the recently established “do
not call” list. In addition,
the CAN-SPAM Act pre-empts State laws that regulate spam or require labels on unsolicited
commercial email or prohibit such messages entirely, except that State provisions
regulating or proscribing false or deceptive emails are not pre-empted. Finally,
there is no private right of action or “private attorney general” provisions for
enforcement by private plaintiffs or their counsel in the CAN-SPAM Act. The CAN-SPAM Act --
"Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003"
became effective on January 1, 2004. This federal law is important in it’s regulation
of those who send UCE-unsolicited commercial email, generally known as spam. The statute
does not make spam unlawful, but rather attempts to regulate it. The CAN-SPAM Act presents 3
broad requirements that apply to those sending spam email messages:
(NOTE: the CAN-SPAM Act offers
certain exclusions from the preceding three requirements.) A quick 5-Point Overview of
the CAN-SPAM
Act’s
requirements: i.
CAN-SPAM
regulates commercial e-mail, any e-mail whose primary purpose is to commercially advertise
or promote a commercial product or service. ii.
It
requires that commercial e-mail contain opt-out provisions, including clear and
conspicuous notice that the recipient may decline to receive future e-mails from the
sender and a valid e-mail address for the sender. After a recipient opts out, transmission
of additional commercial e-mail is prohibited. iii.
The law
prohibits false or misleading transmission and routing information and deceptive subject
headings. iv.
Using
prohibited spamming techniques to promote a business is not allowed even if the business
uses a third party spammer to send e-mail on its behalf, and a party who did not commit an
offense may still have vicarious liability under the act if they own more than half of the
entity that committed the violation or had actual knowledge of the violation and received
an economic benefit from the violation. v.
Certain
violations may be subject to treble damages, increasing the maximum of $2,000,000 to
$6,000,000. These
aggravated violations include address harvesting, automated creation of multiple e-mail
accounts, and relay through a computer or computer network without authorization. The FTC, states or the federal
government, and ISPs may enforce the CAN-SPAM Act’s provisions. For recipients who have
previously consented to receipt of unsolicited commercial email, the act has two
additional requirements: 1. First, senders must use accurate
subject lines. Use of false or misleading subject lines to fool recipients into opening
email is forbidden, even where consent to the email is obtained in advance. 2. In addition, bulk emailers must
comply with the proposed "Do Not Email Registry." To be established by the FTC,
akin to the “Do Not Phone” registry maintained for telemarketing. The CAN-SPAM
Act indicates that within six months, a proposed plan will be submitted by the Federal
Trade Commission to Congress for a "Do Not Email" list. While about 30 states have
enacted their own anti-spam statutes, The CAN-SPAM Act is intended to pre-empt state and
local anti-spam laws, with limited exceptions for state laws regulating deceptive trade
practices or "computer crime." Of importance, some of the
state anti-spam laws that CAN-SPAM pre-empts actually are stronger than CAN-SPAM in terms
of regulation or in giving rise to individual causes of action and “private attorney
general” provisions. The scope of CAN-Spam’s reach of pre-emption has not been
clearly ascertained as of this time. While a number of states have enacted anti-spam laws
which provide both civil and criminal provisions, most states' criminal anti-spam laws
directed to false and misleading or fraudulent spam, or computer crime, may not be
pre-empted. Enforcement and Penalties: The
enforcement of the act is vested primarily in the FTC and Attorneys General of the states.
While CAN-SPAM does purport to
provide a private right of action, it is limited to ISPs - Internet service providers. As
a result, individuals and businesses who are recipients of spam have no right of action
either against their Internet service providers or the spammers originating the spam
email. There are significant
penalties for violation of the CAN-SPAM Act. Certain specified fraudulent acts, and repeat
offenses thereof include the possibility of imprisonment for three to five years. For
non-fraudulent violations, violators can be subject to actual damages, statutory damages,
or fines of $250 per violation, with each unlawful message to each recipient being a
separate violation. Statutory damages can go as high as $2 million. Because CAN-SPAM does not
outlaw conforming spam email, spammers who comply with the act’s provisions may send
"lawful" spam, which as discussed supra, will have to contain accurate headers
and routing information, and subject lines which are not deceptive, false or misleading. Under the CAN-SPAM act, UCE
(Unsolicited Commercial Email) must be identified as advertising, though the act does not
specify any particular label, unlike the "ADV" that some state laws demanded.
(An "ADV" label identifies an email as advertising in the email header, which
would allow users to employ filtering software to block the message.) Also, the act
requires bulk email to have a truthful header address and subject line, neither of which
can be deceptive, false or misleading. Some are of the opinion that
not requiring a particular label in the subject line, such as "ADV" will make it
more difficult for spam blocking programs to filter out spam. Others feel it’s likely
that the FTC will eventually require specific email labeling as advertising, and will
probably deploy this step starting with adult oriented and sexually explicit email. Pre-emption and state
anti-spam laws: The state pre-emption
provisions of the CAN-SPAM act will undoubtedly have a major impact on states’
attempts to regulate UCE. For example,
California's recently enacted and now pre-empted anti-spam law, which was to go into
effect on Jan. 1, 2004, the same effective date as the CAN-SPAM Act, will be seriously
impacted by CAN-SPAM. The California statute was to
be a state anti-spam law intended to be more restrictive than the new federal law. It
attempted to ban ALL spam, even if truthful and non-deceptive, if the spam was unsolicited
(unless it was from a business with which the customer had an existing relationship). The
California law would have made spammers, and advertisers who employ them, liable. The CAN-SPAM Act has
pre-empted state anti-spam regulation, except as to state regulation based on deception or
computer crime. Looking to the requirements of
CAN-SPAM, it appears that spam senders that use their actual reply email address and
comply with the other two primary provisions of CAN-SPAM (providing an opt-out feature and
listing their actual physical address in the spam emails) will be found to be in
substantial compliance despite engaging in activity that will inevitably result in
numerous instances of individuals receiving spam involuntarily. The act will likely be
used in conjunction with existing state computer and computer data protection laws. Because the Internet has no
centralized regulation or control from any particular central authority, spammers cannot
completely control who gets their UCE email, nor can they completely control the receipt
of "opt-out" requests. Thus the FTC and the courts will have to determine what
constitutes substantial (acceptable) compliance with respect to the CAN-SPAM Act, since
complete compliance is not technically possible. Currently, a number of
Internet service providers use their terms of use agreements (“TOS”) in an
attempt to stop spammers who email to their subscribers. The CAN-SPAM Act may also be used
in combination with those agreements, to facilitate the ISPs to block spam. As referred to above, while
there is no private right of action for individual spam recipients in The CAN-SPAM Act ,
it does contain a provision for ISPs to sue spammers. In addition, the act also reaches
companies which do not actually send spam themselves, but who use a third party
“spamming service” to knowingly send spam on their behalf. ADVISING YOUR BUSINESS
CLIENTS ON SENDING PERMISSIBLE SPAM: In the event you represent a
client interested in sending bulk email advertising, you would be well advised to discuss
with them general principles regarding both solicited or consented to email, and
unsolicited or spam emails: A. First, the client should be
informed they should establish a written policy against employees or agents sending
unapproved, unsolicited commercial bulk email to others. This policy should be written,
and incorporated into the client’s appropriate company documents, or manual. B. Next, the client should review all
their present and/or proposed bulk email marketing programs. To avoid treading on the thin
ice of the CAN-SPAM Act, they may wish to avoid unsolicited emails, and instead only mail
to only email addresses of recipients with whom they have a pre-existing or on-going
business relationship, or those who have consented to receive such mailings. C. Third, the client should be advised
to consider reviewing their documentation purporting to allow email (or fax) marketing and
solicitation. Some authorities suggest that the written consent from the client’s
contacts require some affirmative action on the prospective recipients’ part, in the
event the use of pre-filled forms may later be found (by a court) to not be acceptable. In addition, when obtaining written
consent (including email or fax consent) by prospective recipients for receipt of
unsolicited materials, the client should make it clear specifically what they will to
receive by email. Failure to get an acknowledgment of what is to be sent to them may allow
the recipient to later contend your client failed to give full disclosure, thus negating
their consent. D. Finally, in the event the client
intends to send purely unsolicited email…that is, to spam, you should advise them of
the requirements of The CAN-SPAM Act: o The Act’s requirements of
truthful header and routing information (no “spoofing” or faking of email
origins or the actual sender of the email; o The requirements of truthful and
non-deceptive “Subject” information and labeling/warning if of an adult nature,
and finally… o The Act’s requirement of a
legitimate “Opt Out” procedure; o Finally, the CAN-SPAM requirement
that the sender include their actual physical postal address in the email. Will the CAN-SPAM Act be effective in
reducing or eliminating spam? There are already contentions that rather than reducing
spam, the act has actually increased it. Questionable Effectiveness
of CAN-SPAM: The CAN-SPAM legislation may
well be ineffective for several reasons. First, to a large extent, the CAN-SPAM act has
legitimized spam and made it lawful, as long as the sender complies with the few
requirements of the act. In addition, sources report
that a large volume of the spam received in the United States comes from out of the
country. Obtaining jurisdiction over international spammers requires the cooperation of
authorities outside of the United States, which requires additional effort not envisioned
by the CAN-SPAM law. International measures may be necessary to truly eradicate
misleading, fraudulent and deceptive, or pornographic spam. While the CAN-SPAM Act
actually lays the groundwork for “legal spam”, some hardcore spammers who
don’t have any intention to comply with the CAN-SPAM act may simply move their
operations offshore. It should be noted that U.S.-based spammers or those on whose behalf
they operate may be required to move more than merely their operation centers and servers
to avoid the jurisdiction of the United States. Additionally, the FTC, the
primary U.S. agency charged with enforcing the CAN-SPAM Act against spammers within the
United States, probably does not have either the jurisdictional reach or other resources
to enforce CAN-SPAM against all spammers, especially those located outside the borders of
the USA. It is one thing to sue a large spammer or make an example of an individual
spammer, but considering the enormous volume of spam, it would be a more daunting task to
attempt to sue all UCE users that do not comply with the CAN-SPAM law Finally, the Constitution may limit the
implementation of the CAN-SPAM law. it is likely CAN-SPAM will be challenged under the
First Amendment. Unlike regulation by a private actor,
such as in the Cyber Promotions case mentioned supra, CAN-SPAM clearly constitutes
governmental restriction on commercial speech. Similar to the do-not-call registry in
the telemarketing context, CAN-SPAM is regulation of commercial speech. As such, the
government must demonstrate a substantial interest in regulating that commercial speech,
and it must demonstrate that the restrictions imposed will directly advance its interest,
as well as showing that the regulation is sufficiently narrowly tailored so that it does
not regulate more speech than is necessary. The government does have a strong
interest in preventing invasion of consumer privacy, fraud and cost-shifting, much as in
the unsolicited fax marketing cases. Regulating commercial e-mail by
requiring it’s users/spammers to provide and honor opt-out provisions may achieve
both protection of privacy and prevention of cost-shifting. Since estimates indicate that
up to 2/3 of spam contains false information, requiring truthful information, subject
headings, and return addresses may be found to be sufficiently narrowly tailored to
address the government’s interest in preventing fraud The FTC’s proposed Do-Not-Spam
Registry referred to in CAN-SPAM may be subject to First Amendment attack, much like the
telemarketing “Do-Not-Call Registry. While there's no First Amendment restriction
against fraudulent commercial speech; the courts have not supported unlimited restrictions
on commercial speech, and the
telephone Do-Not-Call Registry has been subject to a First Amendment challenge. Currently,
its status is still unresolved, hence the success of a challenge to the proposed “do
not spam” registry remains an unanswered Constitutional question. Are there any effective
technology solutions to spam? Among the technological solutions to be considered in
conjunction with the act are those that filter out spam and that help authorities
implement the CAN-SPAM law. One way is to change the setting on a company's email server. In particular, a company
should implement a setting that checks whether the origin of incoming email has been
faked. Such "spoofing" is a main reason spam goes undetected. In the event a
spoof is discovered, the server should not deliver the email and record it for use by
authorities implementing the CAN-SPAM law. Additionally, companies should
implement what is referred to as a "challenge/response" system. These systems
allow users to send direct messages only to people who have the sender's email address in
their address books. In the event a "challenge/response" system encounters an
unexpected address, the system sends back a puzzle/question to which only a human, not an
automated spam program, can respond with a solution. Give the
correct response, and the email goes through. Such systems should record "fails"
for use by those agencies (such as the FTC) charged with implementing the CAN SPAM Act. Less than
a month after CAN-SPAM went into effect, Bill Gates announced that Microsoft
Corporation could eradicate spam within two years. Microsoft
announced it is looking into technological methods for its users to charge senders a fee
before accepting messages, a way of charging Internet “postage.” Assessed on
spammers. It too is also studying “challenge-response” technology as mentioned
above, whereby senders of spam would get an automated response from recipients asking for
verification that the spammer is a real person. The
“challenge-response” procedure has reportedly already been adopted by some ISPs
such as Earthlink and Mailblock, however it’s implementation by the very large
providers, such as AOL, Microsoft’s MSN and Hotmail services, with more than 100
million users, could even have a larger effect in removing the “no cost” aspects
from bulk e-mailing spammers. Spam is an effective marketing tool because a sender can
mail millions of messages for the same cost
as one. If the marketplace adopts and adapts, so that sending a million messages costs a
million times more than sending one message, the spammers may be forced to find another
method of delivering their messages. Controlling
spam on your own computer: One fairly
effective method of controlling spam directed to your home and law office computer
involves the use of email filtering and spam-blocking software. A number of ISPs such as
AOL and others, including web-based email services, currently include spam blocking and
filtering. In addition
to existing spam blocking or filtering programs used by email services and ISPs, there are
a number of very effective tools you can use to enhance your ability to block and reduce
the spam you receive. For
additional information about tools you can use to reduce spam on your home and practice
computers, CLICK HERE. ADWARE AND SPYWARE: Web browsers
or “surfers” may well be aware of that insidious internet creature
adware”…small programs or “applets” that can deliver advertising
messages or cause those annoying pop-up ads, displays and banners in the strangest times
and places. Some
(perhaps you?) have been victimized by “Spyware”, best described as malicious
adware, or a type of web-based virus. Current
estimates disclose that there are currently over 38,000 spyware and adware programs
circulating, which can infect your computer through downloadable games, music,
screensavers, pictures, pop-ups, emails, and the list goes on and on. Some of the
more insidious varieties can invade your computer as a result of your simply visiting a
website. Once there, hidden “browser helper objects”, ActiveX, java scripts and
other code can be installed onto your computer through your web browser without your
knowledge. Once on your
PC, Spyware and Adware can cause your PC to run extremely slowly and even crash. In
addition they can also allow hackers and advertising companies to invade your privacy at
their pleasure. What’s
the difference between “Adware” and “Spyware”? “Adware”
can be described as a type of helper program or applet that carries as the price for its
use exposure to advertising. Generally, adware is not malicious, and the user knows or
quickly learns that a price for the use of this generally free item is exposure to one or
more advertising messages. Spyware, on
the other hand, is generally a more malicious sort of application whose nature may range
from a relatively innocuous changing of your Web browser’s home page to that of an
advertiser’s site all the way up to installation of a logging program on your
computer that can capture information and key-strokes as you type, such as passwords or
other data, then transmit them secretly for malignant purposes. As a general
proposition, a working distinction between “Adware” and “Spyware” is
that as regards Adware, it’s generally fairly benign, and in many cases receipt of it
may be consented to. Spyware, on the other hand, tends to be more malignant, computer
virus-like and is often loaded onto your computer without your knowledge and consent. First
we’ll discuss adware, then after that, spyware. One example
of a species of benign Adware would be the Yahoo search and email services. When you visit
Yahoo to perform a web search, you’re greeted by a number of ads on your
arrival…likewise as a user of their free email service “mail.yahoo.com”
you’re exposed to the same sort of advertising as the “cost” of using their
free services. Some Adware
is a bit more insidious, but none the less fairly benign. Various “free”
programs, helper applications or search tools often come to you with an overt promise of
enhanced usefulness, but the hidden cost is constant and repeated exposure to various
advertising messages. One
of the better known anti-adware and spyware companies, Webroot, defines adware as
“any advertising-supported software application that has the ability to display
pop-up, pop-under, and banner advertisements on your computer. Some adware may track your
Web surfing habits. C.O.A.S.T.,
the consortium of anti-spyware technology vendors has documented that adware can slow your
Web browser's performance, and in a worst-case scenario, may have the ability to download
unwanted, even malignant third-party software programs on your computer without your
knowledge or consent. Those
who study and follow the online adware/spyware scene have determined that CoolWebSearch
(CWS) is a particularly virulent form of adware and one of the top adware threats found on
the Web. Acting
more like a hybrid virus/spyware tool, CWS is a very defiant threat, and the anti-spyware
company Webroot has identified and written definitions for close to 100 CWS variations,
each one more complex to remove than the last. The
increased prevalence of adware in the report is concerning, and consumers should know that
not all adware is harmless or benign,” said David Moll, Webroot's CEO.
“CoolWebSearch is a nasty example of adware that hijacks homepages and Web searches,
triggers a crippling amount of pop-ups, and changes a user's browser settings,” added
Moll. CWS's most common exploit is
to hijack your homepage, then direct it to a paying client's Web site. Particularly
damaging CWS variants can: ·
Pop-up so many
ads that a computer locks up or crashes. ·
Add pornography
links to a favorites list. ·
Change your web
browser settings. ·
Download then
install a large number of files throughout a PC's system, which quickly reduces
performance. CWS has the
ability to modify itself, so finding and removing it is an ongoing challenge for
consumers. Once CWS is discovered by an anti-spyware program, you should take prompt
action to remove the program from your home or office computer. So,
what does adware do once you’ve got it? Adware can watch as you surf the internet and
may disrupt your visits by popping up context-related promotions right on top of the
screen, causing you to second guess your next online move... should you stay on that
website, or should you click on the pop-up and go to a new site? Generally,
adware applications run in the background of your computer and can function
“undercover”, both observing your actions and tracking your movements. This
information is often recorded or “logged” then can be used to create a user
profile on you, as it relates to advertisements. Your user profile may also include
unrelated personal information. This information can be sent to various sites for data
collection. Your
data and user profile can then be used to match your profile to advertiser criteria or
even used as a data mining tool to evaluate your web surfing habits. How
can you get adware on your home or office computer? Broadly
stated, adware is attached to an intentionally installed program you install having
knowledge and consent to do so. Some common sources of adware can include being bundled
inside free software…so called “freeware”, that is, software available at
no cost to you is one of the most common ways that adware is installed on computers. Those
who accept then install this “freeware” often unknowingly agree to license terms
that can result in an ongoing exposure to pop-up ads and other commercial exploitation. Common examples of free
software and so-called “help-ware” that may carry adware as well can include: ·
Search engines
and related functions touted as “A better, more advanced” tool ·
Unusual mouse
pointers or “emoticons”…those cute little smiley faces ·
Free and
frequent local or instant news or weather updates ·
Free computer
games ·
Applications
touted as being of great utility that improve the efficiency of your computer ·
File sharing
resources for digital photos or music such as the now infamous Napster, Kazaa and the
like. Additionally,
peer-to-peer groups (“P2P”, such as Napster, Kazaa) are notorious for attaching
adware to their file sharing programs. It’s an easy way for developers to secure
revenue by then providing your personal and web-surfing data with interested companies who
pay them for that information, then repay you with a relentless bombardment of their ads. How
to Detect Adware on your Computer: Of
course, the easiest way to tell if you’ve been “adwared” is when you see
tons of unexpected ads and pop-ups cropping up when you’re online. If your computer
slows down or begins to act strangely for no apparent reason, or if it seems to be
“working behind the scenes”, you may have been the recipient of adware. Later
in this activity we’ll cover how to verify both adware and spyware on your home and
office computer, and how to remove it and prevent further attacks by both. First,
we’ll take a look at some common sense ways to protect yourself from becoming a
victim of adware in the first place. Where
do adware and spyware come from? The main source of spyware infection is free software
programs downloaded from the Internet. Pay attention to what you are downloading and know
what other hidden programs it may bring into your PC along with the original file. Unfortunately,
even if you've done your homework including carefully reading a program’s User
License Agreements before installing it, some spyware can still slip onto your computer. Be
careful to avoid websites that offer content such as pirated software or pornographic
content…they’re notorious for spreading spyware. You
can (and should) also set your browser's security settings sufficiently high to protect
yourself from surreptious downloads or automatic installation of unwanted
“malware” programs. When
you do download programs, be sure to do so only from trustworthy sites, and it’s a
good idea to first read the reviews posted there from others using those programs before
you actually install them. Email,
especially spam, is a common delivery tool for spyware. You should use special care to
delete messages from unknown senders that contain any attachments. Even
email from someone you know can contain spyware or a virus, as some email virus programs
seize a user’s computer to replicate themselves by sending the virus to everyone in
the user’s email address book.. Cookies
are small files added to your internet browser when you visit a website that uses them.
While they may add convenience during your browsing the Web, they can also track your
activities while online and relay that information back to third parties without your
knowledge. The outbound communication caused by cookies can also slow your internet
connection and can bog down your online usage.. Detecting
and removing spyware is a difficult business. Even if you think you've successfully
removed a piece of spyware manually, a remaining tickler file can trigger a complete
reinstallation at start up of the spyware program you worked so hard to delete. Effective
anti-spyware software provides users with regular updates to combat the latest spyware
variations. Run scheduled or manual scans, and make sure you select any proactive
monitoring options the software may have. Also, fortify your defenses with anti-virus and
firewall protection. SPYWARE: Spyware
is more malicious than adware, and in frequently referred to as malware, trackware and
adware. Some of the things it can do include tracking your online and/or offline PC
activity, then saving or transmitting your computer activity to third parties usually
without your knowledge or consent. Spyware
is more like a computer virus than adware, both in terms of it’s insidious infection
and it’s negative effects. Spyware
can infect your computer through a variety of sources. It can be installed by a hacker or
someone who uses or gains unauthorized access to your computer, through a pop-up window or
ad, via an instant messenger service, or delivered through a spam e-mail or an attachment
in e-mail. File-sharing programs and swapping music, photos or other files are also
well-known avenues for spyware infection. In
some cases, spyware has been included with a desired program, and is disclosed in buried
text as part of the software licensing agreement. These spy programs can enter your
computer then install themselves in a number of places on your PC, including your
registry, start up menu, files and folders. Once
they’ve gained access to your computer, many spyware programs can spread themselves
throughout your system, operating silently in the background while burying themselves into
your files, making complete removal of them very difficult. Spyware
can come in many flavors, such as tracking cookies, dialers, browser hijackers, system
monitors, key loggers, Trojans and other variations. Cookies
can let others track your activities on a Web site and tailor pop-up advertising messages
based on your choices. Trojans, keyloggers and system monitors can capturing your
keystrokes, online screenshots, and your personal information on your computer, such as
passwords, your social security number, bank account numbers, logins and even your stored
credit card numbers. These
malicious programs can also, if on your law office system, compromise client
confidentiality, breach the attorney-client privilege
and allow third parties to access confidential client information and confidences. In
addition to these pernicious effects, spyware programs can also hog your bandwidth and use
your internet connection. If you use a modem, the “dialer” programs can
surreptitiously dial “976” or toll numbers, resulting in enormous add-ons to
your phone bill. How
can you tell if you’ve been victimized by spyware? Typical symptoms of spyware on
your computer can include any of all of the following: A. increased pop-up ads or unexpected
spawning of multiple browser windows; B. unexplained browser homepage
changes; C. unexpected or unusual search engine
results; D. sluggish computer performance; E. Slower than normal internet
performance; F. Web browser changes you can’t
restore or undo. Additional
symptoms of spyware and/or adware infection can also include: Different default
homepage. Homepage
hijacker spyware resets your homepage so each time you launch Internet Explorer (your
browser), you land on that site. Until you remove it, this type of spyware application
will not let you change your default homepage to a more desirable address. Unusually slow
Internet access. Spyware
clogs bandwidth because it is importing information (like pop-up ads) while sending out
information (user activity, screenshots, bank account numbers, keystroke logs). Reduced computer
productivity. Even
a small amount of spyware on a system can slow down a PC because it operates in the
background, sapping hard drive resources. Other spyware applications store advertising on
a computer's hard drive. Some applications, like Buddylinks, turn computers into spyware
drones, where an infected PC joins an army of others that all work together to distribute
a certain strain of spyware. More frequent pop-up
ads. Adware
tracking cookies trigger the most benign form of pop-up ads. Cookies that reside on your
PC serve up pop-up ads related to the site you are visiting, your personal information or
online activities. The more cookies you have on your PC, the more pop-ups you'll see. A
more malignant type of pop up won't stop appearing until you allow it to download spyware
software. Sometimes, even the "close" or "cancel" buttons mean yes. A
slightly different pop-up, which mimics a Windows Messenger Service window, is also a ploy
to download spyware onto your PC. New or different
search toolbars. Spyware-riddled
applications often install a new search toolbar on a system with the intention of
hijacking searches for search terms. Depending on the legitimacy of the toolbar, searches
may end up on a pay-per-click site, and some of those sites load additional spyware onto
your PC via drive-by download. Anti-spyware or
anti-virus software is turned off, or malfunctioning. As
a survival tactic, spyware sometimes targets the software designed to find and remove it. Unidentified toll
charges on your phone bill. A
“dialer” can initiate outgoing calls from your PC to 900 numbers with the sole
intention of generating large phone bills charged to that phone line. Dialers can also
change your dial-up settings to an international or 900 number, instead of your local
Internet dial-up number. For
virtually everyone surfing the Internet, malware and adware are a nuisance, but if you do
not detect spyware on your PC, it can lead to much more serious consequences like identity
theft. Because of the threats that malware pose, a spyware remover installed on your PC is
essential. Gathering spyware info also helps protect yourself from malicious attacks by
adware or malware. How
common is spyware? A recent study showed that the average computer used for internet
activities has over 26 spyware traces on it. In addition, in one 6 month period, 2 million
scans of computers found 55 million instances of spyware. Even
in large practices and corporations having 100 employees or more, their IT managers report
“major spyware problems. It’s estimated that 9 of every 10 computers used to
connect to the internet have spyware and/or adware infections. There
are a number of ways to protect yourself from a spyware infection, both for your home and
law office. The first is to be judicious and exercise these common sense rules: ü Delete spam email ü Never open an email
with an attachment from someone you don’t know ü Practice safe
surfing ü Secure your browser ü Be wary of browser
cookies ü Avoid peer-to-peer
file sharing services for both legal and spyware aspects ü Don’t download
programs or “helper applications” from an untrusted source ü If a Free
Program looks too good to be For
additional information about avoiding Adware and Spyware, and what to do if you suspect
you’ve been infected by either, CLICK HERE. PHISHING Phishing
(pronounced “fishing”) also called “spoofing” is an internet scam,
usually conducted by email, that attempts to trick the recipient into giving the
perpetrator one’s sensitive personal information such as passwords, credit card
numbers, PIN numbers, social security numbers, bank account information or the like. Phishing attacks use both social
engineering and technical subterfuge to steal personal identity data and
financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead
consumers to counterfeit websites designed to trick recipients into divulging financial
data such as credit card numbers, account usernames, passwords and social security
numbers. Hijacking and
fraudulent misuse of the trademarks and brand names of banks, e-retailers and credit card
companies, phishers often convince recipients to respond. Technical subterfuge schemes
plant crimeware onto PCs to steal credentials directly, often using Trojan
keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy
servers, typically through DNS hijacking or poisoning. These
fraudulent “phishers” pose as a well-recognized entity such as a bank, an online
auction site such as eBay, eBay’s “coin of the realm” subsidiary PayPal [O1]or a credit card company in their
attempts to trick you into giving your sensitive financial or other information. The most
common phishing or spoofing methods are to send realistic appearing emails, often with the
legitimate organizations’ actual logo informing the recipient of either an attempted
fraudulent use of their account, or of the organization’s new (but spurious) change
in procedures, either of which call for the recipient to divulge their confidential
information. The goal of
the phisher or spoofer is to obtain your information, then loot your bank account, run up
your credit card, enter your password protected area or commit identity theft, using the
information voluntarily but fraudulently obtained. Wells Fargo
bank offers the following hints to spot a spoof or phishing expedition: “Fake emails will often:
Contain
real phone numbers. Some of the telephone numbers
listed in fake emails may be legitimate, connecting to actual companies. Just like with
links, fraudsters include the real phone numbers in an effort to make the email appear to
be legitimate. Always keep in mind that Wells
Fargo will never send email containing attachments, or require customers to send personal
information to us via email or pop-up windows. Any unsolicited request for Wells
Fargo account information you receive through emails, Web sites, or pop-up windows should
be considered fraudulent and reported immediately.” The primary
method of attack by phishers/spoofers is to first stress the necessity of immediate prompt
action by clicking in a link in the email which will misdirect the recipient to a fake web
site, which often appears uncannily like the real one. Once on the
fake website, you’ll be instructed to enter the information sought by the spoofers. In addition
to attempts to direct you to a fake website to enter your personal information, there are
other dangers posed by phishing/spoof emails, such as acquiring a Trojan horses Virus from the email.
In many
cases, these fake sites appear so realistic that you have no easy way to determine that
you are on a phony Web site because the URL will contain the name of the institution it is
spoofing. However, if you type, or cut and paste, the URL into a new Web browser window
and it does not take you to a legitimate Web site, or you get an error message, it was
probably just a cover for a fake Web site. Another way to detect a phony Web site is to
consider how you arrived there. Generally,
you were directed by a link in a fake email requesting your account information. Most
legitimate requestors will not request personal information from customers via email, and
almost never by a link to a website. Those that maintain such sites will have you either
go to your bookmarked link, or actually type their URL address into your browser top
bar…not request you click on a link in an email. The following
will walk you through a typical phishing attack:
Many “phishing”
efforts appear more realistic than you’d think, right down to copyright and trademark
notices. Following are graphic images of some actual phishing emails received by the
editor of this segment over a short period of time. Graphics rather than actual copies of
the emails are used to protect you from inadvertently clicking on working links. DO NOT
visit any of the websites or links in these phishing/spoof emails! WARNING: WHILE THE LINKS IN
THE FOLLOWING SPOOFS CANNOT BE “CLICKED ON”, YOU ARE CAUTIONED NOT TO ATTEMPT TO
TYPE ANY OF THE ADDRESSES INTO YOUR BROWSER AND NOT TO ATTEMPT TO VISIT ANY OF THE PHISHING WEB SITES! WASHINGTON MUTUAL BANK SPOOF #1:
WASHINGTON MUTUAL BANK SPOOF #2:
AOL SPOOF:
CHARTER ONE BANK
SPOOF:
COMERICA BANK SPOOF
EBAY SPOOF #1:
EBAY SPOOF #2:
PAYPAL SPOOF:
How can you protect yourself from
Spoofs and Phishing?
Avoid
emailing personal and financial information. If you get an unexpected email purporting to
be from a company, government agency or credit card company asking for your personal
information, contact the company or agency referred to in the email using a telephone
number you know to be genuine, or start a new Internet session and type in the Web address
yourself that you know is correct. When you
receive a request for personal or financial information in an email, Do NOT either type in
or click on any URL or web address appearing in the email into your web browser as it may
take you to the counterfeit spoof site, exposing you to spyware or Trojan risks. The
FTC, the nation’s consumer protection agency, suggests these tips to help you avoid
getting hooked by a phishing scam: ·
If
you get an email or pop-up message that asks for personal or financial information, do not
reply or click on the link in the message. Legitimate companies don’t ask for this
information via email. If you are concerned about your account, contact the organization
in the email using a telephone number you know to be genuine, or open a new Internet
browser session and type in the company’s correct Web address. In any case,
don’t cut and paste the link in the message. ·
Don’t
email personal or financial information. Email is not a secure method of transmitting
personal information. If you initiate a transaction and want to provide your personal or
financial information through an organization’s Web site, look for indicators that
the site is secure, like a lock icon on the browser’s status bar or a URL for a
website that begins “https:” (the “s” stands for “secure”).
Unfortunately, no indicator is foolproof; some phishers have forged security icons. ·
Review
credit card and bank account statements as soon as you receive them to determine whether
there are any unauthorized charges. If your statement is late by more than a couple of
days, call your credit card company or bank to confirm your billing address and account
balances. ·
Use
anti-virus software and keep it up to date. Some phishing emails contain software that can
harm your computer or track your activities on the Internet without your knowledge.
Anti-virus software and a firewall can protect you from inadvertently accepting such
unwanted files. Anti-virus software scans incoming communications for troublesome files.
Look for anti-virus software that recognizes current viruses as well as older ones; that
can effectively reverse the damage; and that updates automatically. SECURITY
FOR YOUR “ALWAYS ON” BROADBAND CONNECTION If
you use a high speed internet connection such as DSL or a cable modem, your computer is
always connected to the internet when it’s turned on. While
this lets you enjoy the benefits of a fast connection, it also puts you at risk, because
having your computer always connected to the internet poses security threats to both you
and the data on your computer. Especially
in the legal environment, that can also means risks to your client confidences and
confidential attorney-client information residing on your computer. This
means if you use a cable modem or DSL connection, you need to be specially concerned about
computer security; not only to protect the integrity of your system, but to protect your
confidential client information as well. “Computer
security” includes prevention and detection of unauthorized use of your computer,
both from within by those having actual physical access, and from those unauthorized
outside intruders. You should start thinking about whether any unauthorized intruders can
read your email, send forged or
“spoofed” email from your computer, or examine any of the data on your computer,
including attorney-client data. Potential intruders (also
referred to as hackers, attackers, or crackers) may not attempt to access your computer
specifically. Often, they don’t know or care about your personal identity.
Frequently, their goal is to gain control of your computer so it can be used to launch
their attacks against other computer systems. And if they succeed in getting
control of your computer, it gives these intruders the ability to hide their true identity
and location when they launch attacks. These computer attacks may be directed against
high-profile computer systems such as those operated by the government or financial
institutions. Even if you have a computer connected to the Internet simply to “surf
the web” or to send and receive email, your computer may be a become their target.
Let’s take a quick and
easy look at the technology behind today’s “broadband” connections to see
why computer security is so important for lawyers using them. Generally speaking,
"Broadband" is the term used to refer to high-speed network connections.
In this context, Internet connections using either a cable modem or Digital Subscriber
Line (DSL) are usually referred to as broadband Internet connections. "Bandwidth" is the
term used to describe the relative speed of a network connection -- for example, most
current dial-up modems can support a bandwidth of 56 kbps (thousand bits per second).
While there is no pre-determined bandwidth threshold required for a connection to be
referred to as "broadband", it is typical for such connections to be in excess
of 1 Megabit per second (Mbps). Why are cable modem and DSL
connections different and more at-risk that a telephone dial-up modem internet connection? Traditional modem-based
dial-up Internet connections can be thought of as "dial-on-demand" services.
That means your computer only connects to the Internet when the user has an online task to
perform, such as email or web browsing. Once the particular task is completed or there is
no more data to be sent or received, and often after a certain amount of pre-determined
idle time, the computer disconnects the call. Also, in most cases each call
connects to a pool of modems at the ISP, and since the modem IP addresses are dynamically
assigned (this means they change each time you connect to your service), your computer is
usually assigned a different IP address each time you connect. As a result, it is more
difficult for an intruder to take access or take control of your computer. Think of this
kind of connection as a “moving target” to the potential attacker. Broadband services are
referred to as "always-on" services because there is no call setup when your
computer has something to send. The computer is always connected to the network, ready to
send or receive data through its network interface card (NIC). Since your broadband
connection is always connected, your computer’s IP address will change less
frequently (if at all), and this can make your PC more like a fixed target to the hacker. In addition, in the hacker
community, many broadband service providers IP addresses for home users are well-known.
Even if an attacker may not be able to single out your specific computer as belonging to
you, they may that your service providers’ broadband customers are within a certain
IP address range, and this can make your computer a more likely target. Why should you be concerned
with computer security? When you think about information security, you need to consider 3
distinct areas:
§
Confidentiality
- information should be available only to those who rightfully have access to it
§
Integrity
-- information should be modified only by those who are authorized to do so
§
Availability
-- information should be accessible to those who need it when they need it These concepts apply to both
your home Internet use and your law practice computer(s) as well, and just as much to you
as to any corporate or government network. As applied to the law practice
uses of your computer, it may even be more important, as you certainly wouldn't
voluntarily allow a stranger look through your clients’ documents. And you
wouldn’t want third parties to have access to your personal computerized financial or
other sensitive records, and you don’t want them snooping into emails you send and
receive from clients and other lawyers. These are just some of the reasons you require
assurance that the information you enter into your computer remains private, intact and is
available when you need it. Some security risks arise from
the possibility of intentional misuse of your computer by intruders via the Internet.
Others are risks that you would face even if you weren't connected to the Internet (e.g.
hard disk failures, theft, power outages). Of course, we probably cannot plan for and
avoid all possible risks. On the other hand, you can take some simple steps to reduce the
chance that you'll be affected by the most common threats -- and some of those steps help
with both the intentional and accidental risks you're likely to face. Before we get to what you can
do to protect your computer or home network, let’s take a closer look at some of
these risks. Cable modem and DSL basics: A cable modem allows either a
single computer, or a local network of computers to connect to the Internet through your
cable TV provider. The cable modem that connects the computer(s) to the provider’s
services typically has an Ethernet LAN (Local Area Network) connection to the computer,
and is capable of speeds in excess of 5 Mbps. In addition, there may be a hub or router
which allows other computers to share the same cable connection. While cable modems are
theoretically very fast, their actual speeds tend to be lower than the maximum, because
the cable providers in effect turn your entire neighborhood into LANs which share the same
bandwidth. Because of this "shared-medium" technology, cable modem users
may experience somewhat slower network access during periods of peak demand, and may be
more susceptible to security risks such as “packet sniffing” and unprotected
attacks than users with other types of connectivity. Digital Subscriber Line (DSL)
Internet access is different than cable modem-based service, because you have dedicated
bandwidth; that is, there are no others in your neighborhood sharing your DSL connection.
On the other hand, the maximum DSL available bandwidth is usually lower than the maximum
cable modem rate because of differences in their network technologies. Also, the DSL
provider’s "dedicated bandwidth" is actually only dedicated between your
home and the DSL provider's central office -- the providers offer little or no guarantee
of bandwidth all the way across the Internet. One advantage of DSL access is
that it’s not as susceptible to packet sniffing as cable modem access, but many other
security risks apply to both DSL and cable modem access.
“Packet
sniffing” is a procedure using a program to captures data from information packets as
they travel over the network. That data may include your user names, passwords, and
proprietary information that travels in clear text. With perhaps hundreds or thousands of
passwords captured by the packet sniffer, intruders can launch widespread attacks both
yours and other systems The following table from
Carnegie Mellon’s Software Engineering Institute gives a quick overview of the most
common differences between a dial-up modem and a broadband connection:
Implementing protections for your
broadband connection: One of the simplest ways to protect
your computer with an “always on” broadband connection is to simply see to it
that it’s not “always on” by turning off your computer when not actually
using it. When your home or law office computer is turned off, even if attached to a
broadband service, it’s not vulnerable to attack from the internet. While that’s
only a partial fix, here “half a loaf is better than none at all.” Firewall and Virus Protection: A better approach is to use a
2-prong defense including both a firewall and anti-virus software. The first prong of your
2-prong defense is to use a firewall. A firewall is defined as "a system or group of
systems that enforces an access control policy between two networks." As regards your
home or law office networks, a firewall typically takes one of two forms:
§
Software
firewall -
specialized software running on an individual computer, or
§
Network
firewall - a
dedicated hardware device designed to protect one or more computers. Both software and network (or hardware)
firewalls allow you to first define access policies for inbound connections to your
protected computers. Many firewalls also give you the ability to control what services
(ports) the protected computers are able to access on the Internet (outbound access). Many of the firewalls intended for home
and small office use come with pre-configured security policies from which you can choose
the ones to apply to your unique situation, and some even allow you to customize these
security policies to best match your specific requirements. A firewall once installed and
configured can do much to prevent outside attacks on not only your computer, but all
computers on your home or office network, and keep out intruders. Your next defense it to use
anti-virus software. Some aspects of virus threats have been discussed supra in the
section on spyware and adware, however not all spyware and adware defense programs include
a comprehensive anti-virus function. For that reason you should install a comprehensive
anti-virus program, run it regularly and keep it updated to identify the latest virus
threats. “BLOGGING”, AND IT’S POTENTIAL EFFECTS ON YOUR CLIENTS AND YOUR LAW PRACTICE AND LEGAL ETHICS The
proverbial “fifteen minutes of fame” for everyone with a computer and internet
connection from blogging, a contraction of “Web” and Log”, where the
blogger contributes to an online journal, then typically make these postings open and
available to anyone that cares to read them, and some cases, these readers can add their
own comments to the blog. Blogs are
typically journal or diary-like entries, and may be included on a blogger’s own
website, or maintained on a third party blog sites. A recent study shows us the popularity of blogging,
with an estimated 8 million Americans publishing their own blogs, which have an estimated
readership of 32 million in 2004 . To see some typical block sites maintained by a third
party services or learn more about blogging, see the resources at the end of this
activity. Bloggers, those who maintain their own web logs,
appear to believe they have a certain degree of anonymity on what they feel is a faceless
internet, and seem to also feel their blogging, regardless of it’s content, may carry
with it First Amendment protection. On the other hand, especially when the blogger is a
member of a law firm, their online activities may prove a threat to attorney-client
confidences or even result in a waiver of the attorney-client or work-product privileges. As regards
employers in general, blogging may also disclose the employer’s confidential or
proprietary information or processes, result in abuses of an employer’s intellectual
property rights or the publication of defamatory matter. Employers are beginning to take
notice of, and strong action regarding blogging in their workplace. Companies’
attempts to control what they see as the potential threats posed by blogging have resulted
in both litigation and termination of employees. One organization, the “Committee to
Protect Bloggers”, reports tracking a number of cases in which bloggers have been
terminated by their employers as a result of the employees’ blogging activities. As a result
of the increase in blogging activities, both on and off the job, companies are adopting
employment policies, renewing confidentiality agreements to cover blog activities, and in
some cases taking stronger legal action to control what they see as the potential hazards
posed by blogging employees. In a recent
California civil action, Apple Computer vs. Does, plaintiff Apple Computer Company
sought to discover the sources used by a blogger to post what plaintiff Apple contended
was confidential company information. (That case is on appeal to a California State
District Court of Appeal as this is written). In other
circumstances, employers are attempting to close the door on employees posting what
management feels may be construed as negative information regarding the employer it’s
employees or activities, or disclosing confidential information about the company. In a
“turnabout is fair play” case, blogger Ellen Simonetti was discharged by her
employer Delta Airlines, and thereafter brought a claim against the former employer with
the U.S. Equal Employment Opportunity Commission. In her claim, she contends that her
discharge for blogging constitutes actionable discrimination by her former employer. Management
labor lawyers feel that their employer clients can take steps short of litigation to
control the potential threats posed by employee blogs, including adoption of appropriate
company policy provisions, confidentiality agreements, and where necessary, cease and
desist procedures. Blogging and the Law Office: Lawyers must be alert to the potential hazards and
ethical pitfalls that may be posed by unregulated employee blogging, by both their lawyer
and non-lawyer staff. Paramount in the law office should be prompt implementation of
appropriate policies to prevent disclosure of confidential client information. Law firms must also be alert to avoiding potential
claims of waiver of privilege, including both the attorney-client and attorney’s work
product privileges, which may be posed by blogging. In addition, law firms may wish to
consider implementation of policies regarding blogging from the office, as well as by
it’s staff wile away from, but involving the law practice, it’s clients and
activities. The
continuing growth in popularity of blogging, including both maintaining one’s own web
log, as well as browsing blogs of others will probably put the interests of bloggers at
litigation loggers head with their employers and others. Until then, you should be alert
to, and take appropriate steps to head off the
potential hazards posed by blogging, both in your law practice, and on behalf of your
clients. BLOGGING RESOURCES FOR INTERESTED
PARTICIPANTS: If
you’re interested in learning more about blogs and blogging, the following resources
can get you going…You must be connected to the internet to access the following
links: Blog-City.com: free and easy Blogging William Gibson - Blog Blogarama - The Blog
Directory - Blogs and Blog Resources! Blogger: Create
your Blog Now -- FREE Free Blog Create
Your Own Blog with Solidload Free Blogging
from Tripod 20six Weblogs. Blog
via the web, MMS or E-Mail. Weblog
- Wikipedia, the free encyclopedia Blogwise - Blog directory Other
Resources
To use the following Resources, your
computer must be online and connected to the Internet PHISHING: Materials compiled by organizations
that were impersonated by phishers: Organizations that have
documented numerous phishing scams: Some links to other useful
phishing and identity theft resources: Department of Justice (Special Report on Phishing) Security Focus Magazine (Phishing Forensics) Federal Trade Commission (Anti-Phishing) Federal
Trade Commission (Identity Theft) Better Business Bureau (Anti-Phishing) FBI Internet Fraud Complaint Center SPYWARE
AND ADWARE: Dictionary
of Spyware, Adware, Malware and related terms: You must be connected to
the internet to access the following links: ActiveX --------------------------------------------------------------------------------------------------------------------------------------------------------- CLICK HERE TO RETURN TO THE MAIN MENU / TABLE OF CONTENTS Or USE THE “BACK” BUTTON ON YOUR
BROWSER TO RETURN TO THE MAIN MENU / TABLE OF CONTENTS |
|||||||||||||||||||||
