this article is in reference to a comment replying to zfire xue which can be found under this blogpost here where I said I would expand on the violation information about zf redzone: http://treminarisecondlife.blogspot.com/2010/07/spywaretos-and-legal-violation-in.html?zx=e34557c63c81300e
ok someones already written an article on this but however I'm going to write my views on this law the Law I'm referring to is BPC17200-17210 which can be used to define the penalties for violation of BPC22575-22579 the article found here doesn't really explore the full scope of the law but gives idea about it which can be found here:(mind you this is the writers interpretation of the law based on their knowledge of internet and service and is not the law itself)
http://www.cooley.com/files/tbl_s24News%5CPDFUpload152%5C927%5CALERT-Cal_OPPA.pdf
now for the law itself:
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=17001-18000&file=17200-17210
in the article you should note that no enforcement provisions are provided however BPC22575-22579 defines acts by zfire with his redzone utility to be illegal and note that violation of it in accordance with the cooley.com article explaining BPC17200-17210 does note that violations can be enforced through BPC17200-17210 with that said in the cooley article you should pay particular attention to the section that is titled Consequences of Noncompliance with that said any violation of BPC22575-22579 legally constitutes a violation of BPC17200-17209
under the recommendations section zfire xue has not followed through with paragraphs marked by the bulleted paragraphs I will review here below before reviewing the law and where the violations are defined. do keep in mind when reading personally identifiable information in the cooley link it is defined by BPC22575-22579 as any information that can be used to contact an individual online or in person, as usernames in the secondlife service enable you to message a person these fall under that category.
Cooley.com recommends that a person operating an online service must determine whether or not they are collecting personally identifiable information, on the redzone website they say they consider this information not to be private, when it is Protected under BPC22575-22579. Cooley.com also recommends creation of an accurate privacy policy, this is not the case, their policy is deceptive as it states users will be notified before information collection, but no such notification takes place, it is also recommended the privacy policy be conspicuously posted, there are several ways to do this within secondlife the best way is to make use of the annoying scripting command LLDialogue, cooley also recommends that audits of the website take place to be sure the privacy policy still accurately reflects, actually the privacy policy regarding redzone has never been accurate. cooley also recomends that you keep in mind that several states are passing laws like this and you should be mindful that there may be many privacy laws you must adhere to in an online service it is also recommended that you insure there is adequate security for the information collected, in the case of redzone, there is no security as that information is given away to its users, dont believe me? lets reference the a blogpost of someone who recently commented in my blog and posted a screenshot in theirs http://forcemesilverspar.blogspot.com/2010/09/zf-redzone.html you can examine the screenshot there for yourself, and yet again cooley recommends creating internal procedures to prevent your service from being used to cause a privacy breach, but zf redzone alt detection in itself is a privacy breach. all these recommendations proposed by cooley.com are things recommended that would bring a service up to code. zf redzone does none of them
You should bear the phrasing in the cooley article with a grain of salt as most the phrasing pertains to web where as the law itself is in references to online services but lets take a look at the law which I linked above from here on in.
First Off lets take a look at section 17200:
"17200. As used in this chapter, unfair competition shall mean and include any unlawful, unfair or fraudulent business act or practice and unfair, deceptive, untrue or misleading advertising and any act prohibited by Chapter 1 (commencing with Section 17500) of Part 3 of Division 7 of the Business and Professions Code."
In my previous article linked at the top of this article we have established that zf redzone is unlawful as it collects information outside of the compliance of BPC22575-22579 and provided information as to how so, we have also exposed it as fraudulent by exposing weakness in its accuracy vs the ridiculous 120% accurate claim by its author and pointing out their willingness to violate the privacy policy and Terms of the service they operate with by falsifying by quoting it in part it is deceptive as it operates without notice to the user, and users supposedly reach an agreement through passing it by which actually has no legal binding, and the content of the privacy policy which you never get to see regarding it differs from how the system does thus further proving its deceptive
17201 pretty much defines how terminology will be used in the law, meaning person may refer to company yadda yadda yadda, 17204 pretty much states people may make claims on each-others behalf, so I guess this means class action lawsuits can be filed against companies and individuals who violate BPC22575-22579 which puts them in violation of BPC17200 as stated above in line 17200 any business that engages in unlawful business practice may be found in unfair competition so a violation of BPC22575-22579 constitutes a violation of BPC17200-17210
section 17202 pretty much defines that relief may be payed to competitors of the company that engages in unfair competition, since zf redzone is a security orb product this pretty much defines everyone who produces and sells any form of security orb within the secondlife service or any other land security utility or any sort of copybot protection system or for that matter any tool that has a feature which may put it in competition can make a claim and try to get a relief payment to aid their lost business
"17202. Notwithstanding Section 3369 of the Civil Code, specific or preventive relief may be granted to enforce a penalty, forfeiture, or penal law in a case of unfair competition."
17203 I wont quote here as its pretty long but as with anything I write regarding law the links provided and you can read it by following the link for yourself and interpret it yourself to verify it but pretty much it states court may take action against anyone who has engaged in unfair competition(so even if zfire xue was to quit committing these violations he could be charged with those hes already committed), anyone who is doing so, like he is doing now, or anyone who proposes to do so thus meaning if he proposes to create any more products outlawed by BPC22575-22579 he can be charged with a violation for the proposition of creating such a product.
we should also take a look at section 17206 of the law a bit lengthy to post here but you can read it at:
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=17001-18000&file=17200-17210
pretty much this states the penalty for entering into unfair competition is a maximum of 2500 but per violation as well, each of those 2500+ zf redzone locations, is an individual violation in itself also in court, this law states what shall be taken into account is the seriousness of the conduct, yeah its pretty serious silent privacy violations and persistence of misconduct, yep the creator of redzone has been informed, and has obviously read my article(as they commented on it, and left themselves quite a weak defense) so they are quite persistent in conducting this illegal activity also if each instance of violation can cost the operator 2500 each then that indicates that each $20-30 sale of this system can potentially end up costing its author $2500 but there's more on that which I will get into later
section 17206.1 pertains to an additional fine of $2500 if the act is perpetrated against senior citizens or the disabled, and really isn't too important as this does not target those groups, however in the event of a class action lawsuit regarding this the age and disability status may now of those who had information collected on them by this system may play a role in the author of this system being charged with additional fines should charges come to pass and I'm sure SL has plenty of disabled users and even a few elderly users. so that knocks the fine up to a total $5000 per orb that has uncovered information regarding a senior or a disabled person.
and onto my favorite part as to why I called zfire xue's comment in my blog enlightening, obviously we have established knowledgeable and willful violation with that comment and within the article of BPC22575-22579 willful violation for this law as established under section 22576 from BPC22575-22579 which can be found here http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=22001-23000&file=22575-22579 knowledgeable and willful violation or non compliance after 30 days of notice constitutes a violation, with zfire xues comment in my blog we have established knowledgeable and willful violation which means a 30 day wait to come up to compliance is no longer required but now lets take a look at section 17207 of BPC17200-17210 I like the first paragraph which I will quote here:
17207. (a) Any person who intentionally violates any injunction prohibiting unfair competition issued pursuant to Section 17203 shall be liable for a civil penalty not to exceed six thousand dollars ($6,000) for each violation. Where the conduct constituting a violation is of a continuing nature, each day of that conduct is a separate and distinct violation. In determining the amount of the civil penalty, the court shall consider all relevant circumstances, including, but not limited to, the extent of the harm caused by the conduct constituting a violation, the nature and persistence of that conduct, the length of time over which the conduct occurred, the assets, liabilities, and net worth of the person, whether corporate or individual, and any corrective action taken by the defendant.
so lets see here we've established that each instance of zf redzone is its each own unique violation with 2500+ violations but this part of the law states there is a civil penalty of $6000 for each violation, and for each violation each day the conduct occurs is to be considered a unique violation in itself, so with 2500+ zf redzone locations this constitutes zfire xue having committed 2500+ violations against this law a day with each violation carrying a civil fine of up to $6000, with that said if you view the related xstreet page(aw drat he deleted more of the item discussion) we can establish with a comment " Posted By: TheBoris Gothly at 2010-05-04 00:41:19 (item owner) " that this tool has been around since at least the time of the time-stamp, still all the the same I remember a 2009 post and its likely Linden Labs for legal reasons such as this and request of the court keeps records as to how long an item has been listed and probably records as to deleted text within the item discussion meaning it may be possible to prove these violations have been going on longer.
section B of 17207 refers where this shall be taken to court too and makes reference to relation to which county the violation took place in Linden Labs being a San Francisco based company and this system zf redzone being implemented on their servers establishes the location of the violation at a central point section C details who collects the fines
section 17208:
17208. Any action to enforce any cause of action pursuant to this chapter shall be commenced within four years after the cause of action accrued. No cause of action barred under existing law on the effective date of this section shall be revived by its enactment.
simply put if someone is found guilty of a violation of this code the courts may wait up to 4 years to take action and action must be taken within those 4 years, and that the person may not be charged with the particular violations again, but as established above, each new day is a new violation so if zfire xue was charged under this law the courts could impose the fines anytime within 4 years, and the violations addressed may not be addressed again(sort of like double jeopardy) but as said each day the violation occurs is a new violation meaning if zf redzone was not immediately done away with though the fines may or may not immediately take place new charges may be brought for a new day of violations(or however long this goes on after initial charges), however the days of violations addressed may not be charged again
17209 defines that if you shall take action against a party when the rest of your paperwork is due, big deal, I wanted to mostly look at fines related to this and with the link above you can read this for yourself if you so wish
section 17210 pertains to additional ways to violate this clause but pertains to information outside of internet business practices such as hotels and the such and covers nothing I found of any importance in writing this article.
No comments:
Post a Comment