Chapter Eighteen Internet Law and Ethics
853
(
into new neighborhoods, the business creates false locations with contact information linked
to their actual location in another neighborhood or town. In still other situations, a rival of
a business hacks the listing and substitutes its own phone number and/or e-mail address in
order to hijack the original business’s customers. In a 2019 investigation, The Wall Street Jour-
nal searched for plumbers in a neighborhood of New York City. Thirteen of the addresses
in Google’s top-20 search results were false. Only two of the businesses were located where
Google Maps said they were. Similar results were found when the reporters searched for per-
sonal injury lawyers in Mountain View, California. Only one of the 12 addresses showing on
Google Maps was real. One of the fakes was a long-established Viennese patisserie.93
Google, which handles more than 90 percent of the world’s online search queries, has
largely failed to curtail the problem, citing the technological and other challenges involved.
A number of critics, however, assert that the company “has obviously chosen not to solve
the problem” because no meaningful validation that businesses are where they say they are
occurs. They believe Google has little economic incentive to seriously deter the practice,
having received payment for
listings.94
Scams
Tech-support scams are growing rapidly, at 24 percent per year according to Microsoft. A
2018 study found that 72 percent of the search results related to technical support led to
scam websites. The typical scenario is a computer user who needs technical support from
a major company like Microsoft, Apple, or Best Buy. The user does a search for company
support and sees what appears to be an official link or phone number. Clicking the link
or calling the number results in contact with the scammer, who masquerades as a techni-
cal support specialist. If the user is concerned about a virus, the scammer will find a way
to display something on the user’s screen that purports to show a deep infestation. In due
course, the scanner will attempt to secure a payment. Google has instituted a new program
to reduce these scams, but has met with limited success.95
Some scams involve counterfeit goods, such as knockoffs of Louis Vuitton handbags. The
rise of sites like Amazon has resulted in the dramatic expansion of counterfeit goods offered for
sale. Amazon’s poor performance in policing its site for such goods led to so great an outcry by
legitimate sellers that it revised its safeguards in 2019. For the first time, Amazon will allow sell-
ers themselves to delete listings of counterfeit goods. Companies typically detect these goods by
purchasing one from a suspected scammer. In some cases, companies can take a listing down
immediately because they know they do not produce such an item. In addition, Amazon now
issues unique codes for each product unit that the company can print on its packaging. Incom-
ing items are scanned for authenticity upon arrival at Amazon Warehouses.96
At this writing, scammers are taking advantage of the hardships
Scammers are taking advan- being suffered during the COVID-19 pandemic by pretending to be
tage of the hardships being
governments, healthcare facilities, and insurers. Fake websites are
proliferating. Scammers are sending emails and text messages pur-
suffered during the COVID-19
porting to be from unemployment benefits offices, agencies charged
pandemic.
with distributing stimulus checks, or other parties of similar impor-
tance and apparently legitimacy. The goal is to obtain private data
that can give the scammer information to exploit. Many federal and state regulators have
issued public alerts about these scams.97
854
Unit Five Selected Topics in Government Business Relations
The Internet Things
The Internet of Things (IoT) refers to “the physical devices around the world that are now
connected to the internet, all collecting and sharing data.”98 In the business environment,
it includes printers, air conditioning systems, and parking garage doors. In the personal
environment, it includes robot vacuum cleaners and connected refrigerators, smart light
bulbs and electrical switches, music systems, baby monitors, front door cameras, and tech-
nologies like Alexa and Siri. By the end of 2020, there are expected to be 31 billion IoT
devices in operation and 75 billion by 2025.99
The FBI and the Department of Homeland Security have issued warnings about the
vulnerability of IoT devices to cyberattack: “Hackers can use those innocent devices to do a
virtual drive-by of your digital life. … Unsecured devices can allow hackers a path into your
router, giving (them) access to everything else on your home network[.]”100
Question
Recall the question in Part Three following the discussion of facial recognition applications.
On the third and fourth floors above a retail mall, 650 apartments were planned, with facial
recognition technology included throughout the mall, the underground parking, and in the
common areas of the residential floors. Now imagine that you are considering renting one
of the new apartments and discover it comes pre-loaded with smart door locks with keycode
entry, smart thermostats with LCD touch screens, and various smart appliances. During
your move-in, you are told the unit’s smart systems can also be operated from Amazon’s
Alexa-powered devices, which means you would be able to add other Alexa-controlled
devices, like speakers, smart plugs, and lights, more easily.
1. Does this sound like an apartment you want to move into? Explain.
2. Would your decision change if your were aware that Amazon’s Alexa division is
actively approaching property managers, hoping to push many Alexa-controllable
devices into residences by offering discounted hardware and customized software
that provide “new ways for property managers to harvest and use data,” while
Amazon gains “access to data like … voice-based wish lists and Alexa-powered
shopping habits,” hoping that someday soon “you can say ‘Hey Alexa, pay my rent,’
and it will transfer that money from (your) bank account.” As with all Alexa ser-
vices, “Amazon records audio requests users make through its devices,” although it
does give users the ability to delete them. Explain your response. 101
Online Sex Business
Reliable statistics on the value of the online sex business are difficult to obtain. The por-
nography industry is sometimes said to be worth $15 billion.102 The value of the human
sex trafficking business is projected to be $99 billion. 103 Prostitution is believed to generate
annual revenues of $186 billion; but although online prostitution is now thought to com-
prise the larger share, no numbers could be found as to the revenues directly attributable to
the online versus street-based components. 104 Nonetheless, it cannot reasonably be doubted
that the entire illegal online sex business is worth tens of billions of dollars.
In 1996, the United States enacted the Communications Decency Act. Section 230 states:
“No provider … of an interactive computer service shall be treated as the publisher or
Chapter Eighteen Internet Law and Ethics 855
speaker of any information provided by another information content provider.” At that time,
neither Google, nor Facebook, nor Twitter existed. Amazon was a floundering, unprofit-
able, two-year-old company. The purpose of section 230 was to allow the fledgling Internet
room to realize its potential by immunizing websites from liability for the content posted
by its users. With certain exceptions like child pornography, the content providers, not the
websites, are responsible for the legal consequences of their content.
In 2018, the law was amended to allow prosecutors and victims to seek redress from web-
sites that facilitate the online sex business by removing immunity in this area. Connecticut
Democrat Senator Richard Blumenthal, cosponsor of the bill with Republican Senator Rob
Portman of Ohio, said the 1996 law was “never intended to immunize completely … web-
sites so they could knowingly facilitate sex trafficking.”105
Data Theft
Cyberattacks to acquire data are undertaken for a variety of purposes. Some hackers are
conducting industrial or military espionage. Others are seeking information that can be sold
(such as credit card and pasport numbers) on the dark web-“a collection of thousands of
websites that use anonymity tools … to hide their IP address.”106
Recent data hacks of note include: 107
.
.
• Equifax: 148 million drivers license numbers (the company will pay $700 million in dam-
ages and fines);
Marriott: 500 million credit card and passport numbers; and
Capital One: 106 million credit card, bank account, and Social Security numbers. Trou-
blingly, security professionals had warned about the vulnerability exploited for years.
An internal U.S. Navy review in 2019 concluded:
The Navy and its industry partners are ‘under cyber siege’ by Chinese hackers and others
who have stolen national security secrets in recent years, exploiting critical weaknesses that
threaten the U.S.’s standing as the world’s top military power. … [China has) derived an
incalculable near- and long-term military advantage from [the hackings), thereby altering the
calculus of global power. 108
Crucial military secrets were stolen from industrial suppliers and research universi-
ties, including a submarine-based supersonic antiship missile. The key access points for
the hackers were the electronic links between the Navy and its subcontractors. Disturb-
ingly, the internal review concluded that the Navy and Defense Department “have only
a limited understanding of the actual totality of losses that are occurring[.]… Only a
very small subset of incidents are ‘known’ and of those known, an even … smaller set
are fully investigated.” 109
Ransomware
A ransomware cyberattack occurs when a hacker gains access to a victim’s database and
encrypts it. Re-accessing the data requires a key that can only be obtained by paying the
ransom, often in Bitcoin, which makes the payee anonymous. Hackers are increasingly tak-
ing large portions or all of the database before encrypting it so bits of sensitive information
can be disclosed to overcome victim resistance to payment. Russian ransomware cyberattacks
856 Unit Five Selected Topics in Government-Business Relations
in Europe in 2018 cost FedEx $400 million and Merck $670 million. 110 On New Year’s Eve in
2019, Travelex’s 1200 foreign currency exchange outlets in 70 countries went off-line after a
ransomware attack. Six million dollars was demanded to release the data; $2.3 million was
eventually paid. As was true with the Capital One data theft, the company had been warned
about weaknesses in its system, but failed to eliminate them. Under the E.U.’s 2018 data pri-
vacy law, Travelex could be fined up to $38 million for taking inadequate steps to secure its
information. 111
Ransomware attacks have accelerated rapidly throughout the
Ransomware attacks have world against hospitals, laboratories, and research centers by hack-
accelerated rapidly against ers seeking to exploit the desperate circumstances of the COVID-19
hospitals, laboratories, and pandemic which is in full progress at this writing. Europe’s largest
research centers by hackers
hospital system, a world leader in the production of kidney dialysis
equipment and supplies, was attacked in May 2020. Many COVID-19
seeking to exploit the des-
victims suffer kidney problems, which makes these products crucial.
perate circumstances of the
Interpol warned that it had “detected a significant increase in the
COVID-19 pandemic. number of attempted ransomware attacks against key organizations
and infrastructure engaged in the virus response.”112 Europol, the
E.U.’s law enforcement agency, reported intensifying cyberattacks in almost all E.U. coun-
tries. The Department of Homeland Security issued a similar alert that state-sponsored
hackers were targeting both national and international groups involved in responding to the
COVID-19 pandemic.
Cities and other local governments across the United States are also increasingly experi-
encing ransomware cyberattacks. The supervisory special agent of the FBI’s cyber division
labeled it a “pandemic.” Large victims include the cities of Baltimore and Atlanta, and
Imperial County, California. In Baltimore “digital extortionists [had) frozen thousands of
computers, shut down email and disrupted real estate sales, water bills, health alerts and
many other services.”113 Atlanta’s court system and Department of Public Safety, includ-
ing its police and fire departments, lost network support. In August 2019, 22-small cities
across Texas came under simultaneous cyberattack. A ransomware attack in Allentown,
Pennsylvania, was traced to a city employee who had his laptop with him while travel-
ing. A critical software update was therefore missed. He clicked on a phishing email that
infected his computer. When he returned and reconnected to the city’s system, the mal-
ware spread across the entire network. These governments are highly vulnerable because of
their relatively antiquated systems, historically weak cybersecurity technology, and paucity
of cybersecurity expertise.
Seizing Control of or Influencing Physical Assets
A growing number of cyberattacks are directed at taking control of physical assets. For
instance, in 2017, Russian actors nearly got access to a large portion of the U.S. electric-
ity grid. As with the Navy cyberattacks previously described, the weak point was the
private company supply chain participants. The computers of subcontractors were
hacked using strategies such as planting malware on the sites of online publications fre-
quently read by utility engineers and sending fake job-seeker resumes with infected
attachments. Having gained access to their computers, the hackers exploited the linkages
to reach the networks controlling the physical systems themselves. At least 60 utilities
Purchase answer to see full
attachment
853
(
into new neighborhoods, the business creates false locations with contact information linked
to their actual location in another neighborhood or town. In still other situations, a rival of
a business hacks the listing and substitutes its own phone number and/or e-mail address in
order to hijack the original business’s customers. In a 2019 investigation, The Wall Street Jour-
nal searched for plumbers in a neighborhood of New York City. Thirteen of the addresses
in Google’s top-20 search results were false. Only two of the businesses were located where
Google Maps said they were. Similar results were found when the reporters searched for per-
sonal injury lawyers in Mountain View, California. Only one of the 12 addresses showing on
Google Maps was real. One of the fakes was a long-established Viennese patisserie.93
Google, which handles more than 90 percent of the world’s online search queries, has
largely failed to curtail the problem, citing the technological and other challenges involved.
A number of critics, however, assert that the company “has obviously chosen not to solve
the problem” because no meaningful validation that businesses are where they say they are
occurs. They believe Google has little economic incentive to seriously deter the practice,
having received payment for
listings.94
Scams
Tech-support scams are growing rapidly, at 24 percent per year according to Microsoft. A
2018 study found that 72 percent of the search results related to technical support led to
scam websites. The typical scenario is a computer user who needs technical support from
a major company like Microsoft, Apple, or Best Buy. The user does a search for company
support and sees what appears to be an official link or phone number. Clicking the link
or calling the number results in contact with the scammer, who masquerades as a techni-
cal support specialist. If the user is concerned about a virus, the scammer will find a way
to display something on the user’s screen that purports to show a deep infestation. In due
course, the scanner will attempt to secure a payment. Google has instituted a new program
to reduce these scams, but has met with limited success.95
Some scams involve counterfeit goods, such as knockoffs of Louis Vuitton handbags. The
rise of sites like Amazon has resulted in the dramatic expansion of counterfeit goods offered for
sale. Amazon’s poor performance in policing its site for such goods led to so great an outcry by
legitimate sellers that it revised its safeguards in 2019. For the first time, Amazon will allow sell-
ers themselves to delete listings of counterfeit goods. Companies typically detect these goods by
purchasing one from a suspected scammer. In some cases, companies can take a listing down
immediately because they know they do not produce such an item. In addition, Amazon now
issues unique codes for each product unit that the company can print on its packaging. Incom-
ing items are scanned for authenticity upon arrival at Amazon Warehouses.96
At this writing, scammers are taking advantage of the hardships
Scammers are taking advan- being suffered during the COVID-19 pandemic by pretending to be
tage of the hardships being
governments, healthcare facilities, and insurers. Fake websites are
proliferating. Scammers are sending emails and text messages pur-
suffered during the COVID-19
porting to be from unemployment benefits offices, agencies charged
pandemic.
with distributing stimulus checks, or other parties of similar impor-
tance and apparently legitimacy. The goal is to obtain private data
that can give the scammer information to exploit. Many federal and state regulators have
issued public alerts about these scams.97
854
Unit Five Selected Topics in Government Business Relations
The Internet Things
The Internet of Things (IoT) refers to “the physical devices around the world that are now
connected to the internet, all collecting and sharing data.”98 In the business environment,
it includes printers, air conditioning systems, and parking garage doors. In the personal
environment, it includes robot vacuum cleaners and connected refrigerators, smart light
bulbs and electrical switches, music systems, baby monitors, front door cameras, and tech-
nologies like Alexa and Siri. By the end of 2020, there are expected to be 31 billion IoT
devices in operation and 75 billion by 2025.99
The FBI and the Department of Homeland Security have issued warnings about the
vulnerability of IoT devices to cyberattack: “Hackers can use those innocent devices to do a
virtual drive-by of your digital life. … Unsecured devices can allow hackers a path into your
router, giving (them) access to everything else on your home network[.]”100
Question
Recall the question in Part Three following the discussion of facial recognition applications.
On the third and fourth floors above a retail mall, 650 apartments were planned, with facial
recognition technology included throughout the mall, the underground parking, and in the
common areas of the residential floors. Now imagine that you are considering renting one
of the new apartments and discover it comes pre-loaded with smart door locks with keycode
entry, smart thermostats with LCD touch screens, and various smart appliances. During
your move-in, you are told the unit’s smart systems can also be operated from Amazon’s
Alexa-powered devices, which means you would be able to add other Alexa-controlled
devices, like speakers, smart plugs, and lights, more easily.
1. Does this sound like an apartment you want to move into? Explain.
2. Would your decision change if your were aware that Amazon’s Alexa division is
actively approaching property managers, hoping to push many Alexa-controllable
devices into residences by offering discounted hardware and customized software
that provide “new ways for property managers to harvest and use data,” while
Amazon gains “access to data like … voice-based wish lists and Alexa-powered
shopping habits,” hoping that someday soon “you can say ‘Hey Alexa, pay my rent,’
and it will transfer that money from (your) bank account.” As with all Alexa ser-
vices, “Amazon records audio requests users make through its devices,” although it
does give users the ability to delete them. Explain your response. 101
Online Sex Business
Reliable statistics on the value of the online sex business are difficult to obtain. The por-
nography industry is sometimes said to be worth $15 billion.102 The value of the human
sex trafficking business is projected to be $99 billion. 103 Prostitution is believed to generate
annual revenues of $186 billion; but although online prostitution is now thought to com-
prise the larger share, no numbers could be found as to the revenues directly attributable to
the online versus street-based components. 104 Nonetheless, it cannot reasonably be doubted
that the entire illegal online sex business is worth tens of billions of dollars.
In 1996, the United States enacted the Communications Decency Act. Section 230 states:
“No provider … of an interactive computer service shall be treated as the publisher or
Chapter Eighteen Internet Law and Ethics 855
speaker of any information provided by another information content provider.” At that time,
neither Google, nor Facebook, nor Twitter existed. Amazon was a floundering, unprofit-
able, two-year-old company. The purpose of section 230 was to allow the fledgling Internet
room to realize its potential by immunizing websites from liability for the content posted
by its users. With certain exceptions like child pornography, the content providers, not the
websites, are responsible for the legal consequences of their content.
In 2018, the law was amended to allow prosecutors and victims to seek redress from web-
sites that facilitate the online sex business by removing immunity in this area. Connecticut
Democrat Senator Richard Blumenthal, cosponsor of the bill with Republican Senator Rob
Portman of Ohio, said the 1996 law was “never intended to immunize completely … web-
sites so they could knowingly facilitate sex trafficking.”105
Data Theft
Cyberattacks to acquire data are undertaken for a variety of purposes. Some hackers are
conducting industrial or military espionage. Others are seeking information that can be sold
(such as credit card and pasport numbers) on the dark web-“a collection of thousands of
websites that use anonymity tools … to hide their IP address.”106
Recent data hacks of note include: 107
.
.
• Equifax: 148 million drivers license numbers (the company will pay $700 million in dam-
ages and fines);
Marriott: 500 million credit card and passport numbers; and
Capital One: 106 million credit card, bank account, and Social Security numbers. Trou-
blingly, security professionals had warned about the vulnerability exploited for years.
An internal U.S. Navy review in 2019 concluded:
The Navy and its industry partners are ‘under cyber siege’ by Chinese hackers and others
who have stolen national security secrets in recent years, exploiting critical weaknesses that
threaten the U.S.’s standing as the world’s top military power. … [China has) derived an
incalculable near- and long-term military advantage from [the hackings), thereby altering the
calculus of global power. 108
Crucial military secrets were stolen from industrial suppliers and research universi-
ties, including a submarine-based supersonic antiship missile. The key access points for
the hackers were the electronic links between the Navy and its subcontractors. Disturb-
ingly, the internal review concluded that the Navy and Defense Department “have only
a limited understanding of the actual totality of losses that are occurring[.]… Only a
very small subset of incidents are ‘known’ and of those known, an even … smaller set
are fully investigated.” 109
Ransomware
A ransomware cyberattack occurs when a hacker gains access to a victim’s database and
encrypts it. Re-accessing the data requires a key that can only be obtained by paying the
ransom, often in Bitcoin, which makes the payee anonymous. Hackers are increasingly tak-
ing large portions or all of the database before encrypting it so bits of sensitive information
can be disclosed to overcome victim resistance to payment. Russian ransomware cyberattacks
856 Unit Five Selected Topics in Government-Business Relations
in Europe in 2018 cost FedEx $400 million and Merck $670 million. 110 On New Year’s Eve in
2019, Travelex’s 1200 foreign currency exchange outlets in 70 countries went off-line after a
ransomware attack. Six million dollars was demanded to release the data; $2.3 million was
eventually paid. As was true with the Capital One data theft, the company had been warned
about weaknesses in its system, but failed to eliminate them. Under the E.U.’s 2018 data pri-
vacy law, Travelex could be fined up to $38 million for taking inadequate steps to secure its
information. 111
Ransomware attacks have accelerated rapidly throughout the
Ransomware attacks have world against hospitals, laboratories, and research centers by hack-
accelerated rapidly against ers seeking to exploit the desperate circumstances of the COVID-19
hospitals, laboratories, and pandemic which is in full progress at this writing. Europe’s largest
research centers by hackers
hospital system, a world leader in the production of kidney dialysis
equipment and supplies, was attacked in May 2020. Many COVID-19
seeking to exploit the des-
victims suffer kidney problems, which makes these products crucial.
perate circumstances of the
Interpol warned that it had “detected a significant increase in the
COVID-19 pandemic. number of attempted ransomware attacks against key organizations
and infrastructure engaged in the virus response.”112 Europol, the
E.U.’s law enforcement agency, reported intensifying cyberattacks in almost all E.U. coun-
tries. The Department of Homeland Security issued a similar alert that state-sponsored
hackers were targeting both national and international groups involved in responding to the
COVID-19 pandemic.
Cities and other local governments across the United States are also increasingly experi-
encing ransomware cyberattacks. The supervisory special agent of the FBI’s cyber division
labeled it a “pandemic.” Large victims include the cities of Baltimore and Atlanta, and
Imperial County, California. In Baltimore “digital extortionists [had) frozen thousands of
computers, shut down email and disrupted real estate sales, water bills, health alerts and
many other services.”113 Atlanta’s court system and Department of Public Safety, includ-
ing its police and fire departments, lost network support. In August 2019, 22-small cities
across Texas came under simultaneous cyberattack. A ransomware attack in Allentown,
Pennsylvania, was traced to a city employee who had his laptop with him while travel-
ing. A critical software update was therefore missed. He clicked on a phishing email that
infected his computer. When he returned and reconnected to the city’s system, the mal-
ware spread across the entire network. These governments are highly vulnerable because of
their relatively antiquated systems, historically weak cybersecurity technology, and paucity
of cybersecurity expertise.
Seizing Control of or Influencing Physical Assets
A growing number of cyberattacks are directed at taking control of physical assets. For
instance, in 2017, Russian actors nearly got access to a large portion of the U.S. electric-
ity grid. As with the Navy cyberattacks previously described, the weak point was the
private company supply chain participants. The computers of subcontractors were
hacked using strategies such as planting malware on the sites of online publications fre-
quently read by utility engineers and sending fake job-seeker resumes with infected
attachments. Having gained access to their computers, the hackers exploited the linkages
to reach the networks controlling the physical systems themselves. At least 60 utilities
Purchase answer to see full
attachment
