LITIGATION SUPPORT TIP OF THE NIGHT

Passed in 2017, Nevada Senate Bill No. 538 requires internet sites that collect personal data notify Nevada residents of the measures they will take to ensure that this information is securely kept private. Businesses for which online sales do not constitute the primary source of income, and which have fewer than 20,000 visitors in a year, do not have to comply with the provisions of the law.

If a web site operator that is covered by the law fails to provide notice of how personal data is protected within 30 days, the Attorney General of Nevada can seek an injunction against it.

The Communications Assistance for Law Enforcement Act (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified at 47 USC §§ 1001-1010), was passed to facilitate wiretaps by law enforcement agencies by requiring telecommunications companies to develop systems that included built-in functions to conduct covert surveillance on telephone lines. It was expanded in 2006 by the Federal Communications Commission at the request of the Department of Justice, the FBI, and the DEA to include the internet as well. When phone companies first implemented digital systems, the FBI was initially concerned that it would be technologically impossible to monitor phone conversations on the new systems.

In order to develop CALEA compliant systems, telecommunications and internet providers can engage outside companies. CALEA TTPs (trusted third parties) like VantagePoint (which provides networking engineering services to corporations) offer to intercept data in response to requests from law enforcement, and confirm a broadband system meets the provisions of CALEA.

Under the Act, law enforcements agencies are required to receive intercepted communications at a point outside of the telecommunications company's facility in order to discourage illegal wiretapping.

A CALEA 'Tap and Trace' wiretap will only cover the metadata of the call. 'Title III wiretap' is the term used to describe wiretaps which include the audio of phone conversations or the full content of text messages. Network taps will use a process called deep packet inspection to analyze the data in internet communications. However HTTPS protocols and VPNs can prevent deep packet inspection interceptions.

Router mirror ports can also be used to create copies of internet data transmissions.

The FBI has developed the Digital Collection System Network (DCSNet) to allow it conduct wiretaps without delay. A FBI employee can make a wiretap active with a few mouse clicks. The DCS-3000 ('Red Hook') software is used for pen registers or 'Tap and Traces'. The DCS-6000 software ('Digital Storm') captures the content of phone calls and text messages.

I don't know if the drafters of this legislation chose a title with the acronym CALEA on purpose, but amusingly Calea is shrub that has psychopharmacological properties and is, "used by Chontal Indians to receive divine messages during dreaming". Alexander de B.F. Ferraz, Pharmacological and Genotoxic Evaluation of Calea clematidea and Calea uniflora, 28(6) Lat. Am. J. Pharm. 858, 858 (2009).

The Gramm-Leach-Bliley Act includes a 'Safeguards Rule', which requires financial services companies to take certain measures to ensure the security of the customer data they collect.

The Rule directs a business to prepare an information security plan. The plan must address the following concerns:

1. Note the risks to the disclosure of personal information in each area the business is involved in.

2. Review the adequacy of the measures taken to protect the personal information.

3. Continuously evaluate the plan in order to determine the need to adjust it to changing circumstances.

Companies engaged in the business of mortgage lending, credit reporting, real estate, and tax preparation may be required to comply with the Safeguards Rule, and confirm through contractual agreements that third parties they exchange nonpublic personal information with take the necessary precautions as well. Consumers must be notified when their personal information is given to a third party.

Both financial services companies, and individuals in positions of responsibility at those companies can be fined for violations of the Safeguards Rule. A company can be fined $100,000 for an individual violation, and an individual $10,000. An individual may also be sentenced up to five years in prison.

In 2020, Mortgage Solutions agreed to a settlement with the FTC in which it paid $120,000 for disclosing personal information it obtained from credit reports and mortgage applications. The information was posted on Yelp in response to negative reviews Mortgage Solutions received .