display:none
Are you Cryptomining?

Are you Cryptomining?

by | Oct 30, 2017 | Consumer Law, Law for Online Business, Legal

Are you Cryptomining?

  is crypto mining illegal?

Do you remember the old Lemmings computer game? It came out in around the early nineties. Lots of tiny blue and green figures with pick-axes trying to work their way through tunnels and mounds without falling off cliffs.

That’s the picture I get when talking about crypto mining, but its a long way from what really happens. The details are quite complicated, and my background is not technical, so we’ll stick with the basics.

Crypto mining basics

Lifewire are ahead of Wikipedia on this one. Their explanation – “crypto mining is providing bookkeeping services for cryptocurrency, for which you get paid a fraction of each coin“.

A lot of computational power (processing power and speed) is needed to verify cryptocurrency transactions. The why is quite technical and to do with blockchain tech, so I leave you to check that out yourselves.

If you started crypto mining early, you might have made a little money. If you’d invested in cryptocurrency (different to crypto mining) early, you would have made more.

Because crypto mining requires a lot of computational power, there are miners out there now adding little bits of code to unsuspecting websites to harvest computing power. It doesn’t just use the website where the code sits, but also grabs power from visitors to your website.

It has been reported that currently available cryptocurrencies use more energy than Iceland, Syria and Jordan.

This can be done in two ways – legitimately with permission, secretly, without permission.

Cryptomining as Malware

It is the “secretly, without permission” group that is a problem here. Providers like CoinHive and Authedmine enable website owners to embed code onto a website that can access the computer power of visitors to that website for crypto mining. CoinHive does promote full notice to website visitors and opt-in use. This is legitimate.

However, Wordfence have recently reported that some enterprising hackers are already using vulnerabilities in WordPress websites to add code to sites without the website owners knowledge. The code then accesses the computing power of visitors. This can slow down the loading time and user experience of the website affected, and also increase the power used by the visitor’s computer – increasing their costs. Payments for crypto mining go to the hacker, not the website owner and no one is any the wiser, unless they are checking CPU usage.

Cryptomining as Revenue

Apart from website access, there are people around the world who have set up hardware systems to supply processing power for bitcoin. One popular marketplace for connecting sellers of computer power for crypto mining is NiceHash.

cryptomining

In addition, websites with high visitor numbers and decreasing adWords revenue can now use coding to provide their visitors with the option of paying for access, or allowing crypto mining using the visitor‘s computer power for using the website. By way of example, some sites add a button or image that provides visitors with the option of donating computing power to you instead of recieving advertising.

One site I have seen calls it a crypto mining donation, with the explanation “As long as you keep this page open you will support my efforts by donating your computer’s idle time“; although I’m not sure whether it is only idle time that would be used. That would depend upon what code was applied.

Check out this post from Authority Hacker to learn more about the legality and morality of monetising crypto mining.

What does this mean for you?

Firstly – Understand whether crypto mining makes any sense in the context of your business or services. If it does, consider providing visitors with the choice of supporting your business with computing power, and what that means for them. You can do this with FAQs, a disclaimer and or terms and conditions. 

Secondly – check your website for crypto mining code that might have been put there without your knowledge. Get a professional to help you clean it off.

Thirdly – If crypto mining has no part of your business, leave it alone.

How can Onyx Legal help you?

If you’d like to add cryptomining to your website and encourage visitors to use it, then you need help with terms of use and appropriate FAQs.

Make an Appointment

Lawyers v. Smart Contracts & Templates

Lawyers v. Smart Contracts & Templates

by | Jun 18, 2017 | Contracts, Law for Online Business, Legal

Lawyers v. Smart Contracts & Templates

Are Contracts written by lawyers better than Templates?

It helps if you have an idea whether the template you want to use was written by a lawyer in the country where you are, and you know that it is right for the purpose you want to use it for.

Basic website terms of use, a simply Australia privacy policy, an agreement to buy a piece of furniture; these can all be fairly simply documents, until you have something out of the ordinary. For example, a privacy policy will be more detailed if you collect health information, and terms of use for a website will be more detailed if you have a membership area people can login to.

Templates are easy. Or seem to be. Fill in a few gaps and off you go. For a predictable business with low risk, templates may well be sufficient.

But, if you have anything unique about your business or the deal that you are trying to achieve, then a lawyer can help you to cover everything that needs to be covered in your agreement, rather than relying on a template full of gaps. Consider that standard business sale contracts in some Australian States still don’t adequately cover the online assets of a business, like a website, email list or social media pages.

While a very simple contract may be able to be automated, more complex contracts will be a hybrid of automated and manual terms. While contracts generally don’t cover all eventualities, they are created in the context of broader contract law, and therefore the solutions to various contractual issues can be found in the system into which those contracts are born.
Molly Thomas, Proctor 12/2016

What can go wrong with a template agreement?

Templates have to be generic to be effective, and are often limited. If you have specific requirements for your business, they probably won’t all be addressed in a stock standard template, and at that point you need additional help.

The trouble with templates is that if you ask a lawyer to review it and amend it to fit your circumstances, and they did not write it, it might take longer than them drafting it. This is because most lawyers have their own compilation of templates they are already familiar with. Something in a new format has to be understood first.

Not all templates are the same value or quality.

Some have lots of guidance to help you complete yourself, others have none. Different laws apply in different countries, as well as different ways of presenting information. So a contract written for an English company might be similar to something written for an Australian company, and completely different from something written for a company in the United States. If you pick the wrong law, your template might not have any effect, or might even contradict the law that applies.

For example, we had a client who bought a business using a contract from a different jurisdiction. There were some items that simply didn’t apply to the deal, but were included in the document.

The parties ended up in dispute and the dispute was much more expensive to resolve than it would have been if an appropriate contract had been used. It would have helped if either or both parties had sought legal advice before the deal.

Is there a set format or language for contracts?

Some contracts are clearly written for the lawyers involved and have only passing application to what the client actually wants to achieve.

Many lawyers out there might consider that statement harsh, but we do believe that if a client can’t understand what you have written for them without needing you to interpret it for them, then the contract was not written for the client.

On the other hand, downloadable templates are now prolific, both paid and for free. Again, not always written in a way that makes sense to the lay (non-legal) person.

You will see that the way contracts are written in the United States the documents contain more legalese than something written in Australia.

The format followed for writing contracts is more from convention and is not a requirement. An exchange of emails, with no formal layout or order, can be read together to create a contract.

Why is a written Contract better than a handshake?

If you can remember in clear detail everything you did on Friday of last week, congratulations. You have a better memory than 99.99% of the population.

Not only do most people have limited memory, but neuroscience has shown that our memories are selective. You might remember a clear event from your childhood that your sibling, who was there with you, has no memory of at all.

Given that memory is so unreliable, why would you not put a contract in writing? Particularly an agreement you want to keep in place and rely upon for years to come?

What are Smart Contracts?

Technology is constantly evolving.

The next step in evolution is to create ‘smart contracts’. Smart contracts are generated on the basis of your response to a catalogue of questions and are supposed to adapt to your requirements. Smart forms and smart contracts will work in circumstances where there are limited variables, but may not be effective where a novel approach is required.

It is possible that smart contracts might become normal for employment contracts, shareholder agreements and other contracts that have defined limits, but not where creativity and flexibility are required.

The worst thing you can do is sign something you don’t understand.

How can Onyx Legal help you?

Find out more

What is a Mandatory Data Breach Notification for Privacy? – FAQs

What is a Mandatory Data Breach Notification for Privacy? – FAQs

by | Jun 18, 2017 | Law for Online Business, Legal, Privacy

What is a Mandatory Data Breach Notification for Privacy? – FAQs

Do mandatory data breach notifications apply to you?

 

If you are in Australia and collect personal information from clients, customers, suppliers, partners or anyone else for that matter, then maybe they do.  But a compliance perspective, these laws don’t affect you unless you are already required to comply with Australian Privacy law. Which means, you must comply if:

  • you operate a public, private or not for profit organisation with more than $3m turnover per year
  • you are a health service provider (not just doctors, this can include gyms, childcare centres, life coaches and schools), regardless of turnover
  • you are part of a federal government agency
  • you are part of a credit reporting agency
  • your business buys or sells personal information

What are mandatory data breach notifications about?

Data breach falls within Australian privacy laws and is all about cyber security.

The objective of the new law is to give individuals (those who care) confidence that their privacy is being protected. The laws apply regardless of technology, and encourage transparency and accountability.

What does it mean if you have an eligible data breach?

Mandatory data breach notifications only related to personal information. Personal information is defined in the Privacy Act as:

Personal information is –

information or an opinion about an identified individual, or an individual who is reasonably identifiable:

– whether the information or opinion is true or not; and– whether the information or opinion is recorded in a material form or not.

So if your business is hacked and you lose commercial information, that is irrelevant to this law.

The key components of a data breach are:

  • it involves personal information
  • it does not have to be bulk data, personal information about one person may be enough
  • the data has been accessed or disclosed
  • the data has been lost in circumstances where it is likely to be accessed or disclosed (like when NASA employees left a laptop containing access codes to the space station in a cab…)
  • there is a likely risk of serious harm to the people who have had their personal information accessed, disclosed or lost

What does ‘Serious Harm’ mean for a data breach?

Serious harm is a broad concept including physical, psychological, emotional, economic, financial or reputational harm (like when Ashley Madison got hacked and all those people cheating on their partners risked being exposed…)

What is serious harm is likely to be different for each organisation and probably associated with the reason why data has been collected. Customers of a financial institution might risk economic loss, and customers of a medical clinic might risk psychological, emotional or reputation damage.

Think about what is important to your customers, or the people who’s personal information and data you collect.

What should you have in place to handle mandatory data breach notifications?

Not surprisingly, a large proportion of small businesses have adhoc systems in place and no real understanding of what they collect, or how they control their data. This is particularly the case when using third party systems that also store data, like Eventbrite.

IT, management and communications teams will need to work together for data breach notifications.

The top 10 things to consider are:

  1. Every organisation covered by these laws should have a clear understanding of how their data is collected, stored and used and the vulnerabilities of those systems.
  2. Identify ‘who’ in the organisation is responsible for managing data.
  3. Identify the likelihood and consequence of an eligible data breach.
  4. Put in place staff training and security measures to reduce the chance of an eligible data breach.
  5. Understand what ‘serious harm’ could arise if there was a breach.
  6. Work out what would need to happen to avoid ‘serious harm’ and how quickly that could be implemented if there was a breach.
  7. Put in place a recovery plan in case of a breach.
  8. Put in place a communications plan that includes (as a minimum) the communication to those affected, a press release to reduce reputational damage, and the notification to the Privacy Commissioner.
  9. Check the business cyber insurance to see that it covers data breaches and the consequences.
  10. Test a data breach scenario to ensure your business has the ability to manage an eligible data breach.

And lastly…

Remember that data breach laws are technology neutral.

Just because you still operate with a largely paper based system does not mean that this law will not apply.

As someone pointed out to me, most filing cabinets can be unlocked with a paperclip.

How can Onyx Legal help you?

If you need help identifying risks to disclosure of personal information in your business and procedures to manage those risks, or need support developing policies and procedures for managing personal information, then make an appointment to find out how we can help you.

Make an Appointment

Avoid copyright infringement with Facebook Live

Avoid copyright infringement with Facebook Live

by | May 30, 2017 | Copyright, Law for Online Business, Legal

Avoid copyright infringement with Facebook Live

On 3 February 2017, Australian television broadcaster Foxtel televised a highly anticipated boxing match between two well-known boxers, Danny Green and Anthony Mundine. To watch the fight, viewers were required to subscribe through Foxtel and pay a fee to watch the fight live on TV.

copyright fair use in Australia
Australian resident Darren Sharpe was a genuine Foxtel subscriber who paid the required fee to watch the fight live. For those who aren’t exactly sure what live streaming is, it’s the ability to broadcast audio and video as it happens. Any time you want to “go live” you can and anyone watching your posts on Facebook can see you, or whatever it is you are streaming.

Sharpe made the mistake of using his phone to record the fight and stream it live through Facebook Live. While he was live streaming the fight, Sharpe received a call from Foxtel asking him to stop. It was reported that he said he couldn’t, because he has 70,000+ people watching it, which was exactly Foxtel’s point. While Sharpe was allowing a bundle of people to watch the fight for free, Foxtel and all those Sports Bars out there were losing revenue.

When Sharpe refused to stop the streaming, Foxtel immediately suspended his subscription, himself and his followers missing the rest of the fight.

Sharpe did what he did on purpose, and continued after receiving notice of infringement. You should also be aware of the risk of accidental infringement. You might have seen some television shows blur posters, signs, t-shirt branding and other images. It is usually because what has been blurred is protected by copyright and the producer didn’t get permission. It is easy to blur a background image when you have the ability to edit, but not in live streaming. If you infringe someone’s copyright, even accidentally, there can be consequences you didn’t anticipate.

Originally Foxtel claimed that it would pursue legal action against Mr. Sharpe for breaching copyright. Luckily for Mr. Sharpe, that legal action was dropped after he posted a carefully worded public apology on his Facebook page. It is unclear what conversations occurred between Foxtel and Facebook. Given that Mr. Sharpe was able to so easily live stream the fight from his Facebook page, it raises the question –

Should Facebook be responsible for copyright infringement?

Probably not.

One side of the argument is that Facebook should be more responsible for what users post as it has the ability to police the content on its website and act quickly to disable infringing material. On the other hand it is costly and time-consuming to monitor the Facebook page of over 1 billion users. Facebook terms and conditions do require all users to have permission to use the content they upload, whether written, audio, video, or as is now available, through live streaming.

United States legislation requires online service providers, such as Facebook, to take action against copyright infringement. The Digital Millennium Copyright Act (“DCMA”) exempts online service provides from liability for copyright infringement by its users in certain situations. There is no Australian equivalent. The exemption requires online service providers to take down, remove or disable access to infringing material where it is given notice that offending material has been posted on its network. It is clearly working. Facebook’s copyright policy provides rights holders with an easy mechanism to give notice to Facebook that intellectual property have been infringed and have the offending material removed or have a user’s profile disabled.

Facebook Live copyright infringement

Can Facebook be over zealous in taking down infringing content?

Has the DCMA and its safe harbours caused Facebook to be over zealous when taking down material and disabling profiles?

Facebook page administrators are given no warning that the page would be shut down. Anybody with an email address, real or fake, can make a complaint to Facebook without having to validate the claim, effectively giving anyone the ability to shutter any page without proof.

Facebook has suffered criticism in the past (Huffington Post) for shutting down pages where copyright has been alleged, when in fact no copyright infringement existed. The above extract of Facebook terms shows the ‘hands off’ approach taken by the company after Facebook has removed content. What is worse, is when a business page is removed without warning, taking potential customers and contacts with it. In late 2017 a Queensland client had their page removed and received email notification from Facebook referring them to the company that lodged the complaint.

Hello,

We’ve removed or disabled access to the following content that you posted on Facebook because a third party reported that the content infringes or otherwise violates their trademark rights:

Page: ###

Facebook is not in a position to adjudicate disputes between third parties. If you believe that this content should not have been removed from Facebook, you can contact the complaining party directly to resolve your issue:

Notice #: ###

Contact Information
Rights Owner: ## Inc.
Email: ##
Trademark: ##

If an agreement is reached to restore the reported content, please have the complaining party email us with their consent and include the original reference number. We will not be able to restore this content to Facebook unless we receive explicit notice of consent from the complaining party. Please note that the complaining party is not required to respond to your request.

We strongly encourage you to review the content you have posted to Facebook to make sure that you have not posted any other infringing content, as it is our policy to terminate the accounts of repeat infringers when appropriate.

For more information about intellectual property, please visit our Help Center at https://www.facebook.com/help/370657876338359/.

The Facebook Team

In this instance, the rights holder had a trade mark registered in the United States. Intellectual property rights are not granted worldwide. The Queensland company had the same trade mark registration pending in Australia. Facebook appears to be very U.S.- centric in how it reviews rights. The help centre information suggested that an appeal process would be available, but then failed to respond to any communication.

Facebook-content-take-down

Facebook’s aggressive stance on copyright and trade mark infringement may hinder the impact of genuine rights holders. Where someone in the United States and Australia have the same trademark in respect of similar goods, both are equally as enforceable as each other in their respective territories.

Facebook has put the onus back on rights holders to work the details of the infringement out for themselves. Their copyright policy states that users can follow up (by email) with the person who alleges the infringement. It also provides guidance on how to file an appeal if the content was removed due to a take down notice under the DMCA.

Facebook’s policy surrounding two legitimate rights holders is not clear but it appears they are acting cautiously. It may be the case that whoever gets in first to lodge infringement with Facebook may be the winner.

However, in the case of live streaming, Facebook’s response time might simply not be quick enough to protect their interests and alternate avenues will have to be explored.

How can Onyx Legal help you?

If you have any questions about copyright or trade marks, make an appointment to find out how we can help.

Make an Appointment

Australian Standard Contracts Need Updating

Australian Standard Contracts Need Updating

by | May 14, 2017 | Contracts, Law for Online Business, Legal, Service Agreements

Australian Standard Contracts Need Updating

Do your eyes glaze over when presented with a written contract for review? Do your hit the ‘I agree’ button and hope the contract terms are fairly standard? You are not the only one. A survey by The Guardian back in 2011 identified that only about 7% of consumers read terms and conditions before agreeing to them.

If so few people read contracts, then why should you bother to get your Australian Standard Contracts reviewed or updated?

Quick Answer: Update your contracts to avoid $100,000 in penalties and corrective advertising costs –

  • in April 2016 Europcar was ordered to pay $100,000 in penalties to ACCC and spend more in corrective advertising
  • in December 2016 Valve Corporation (online gaming) was ordered to pay penalties of $3 million to ACCC, publish corrective information and implement compliance programs

…Not to mention avoiding having to deal with customer complaints and potentially being sued.

Its also a good opportunity to have your contracts converted to plain English and presented in a language that makes sense to both you, and your customers. I’ve had clients give feedback that their customers have been impressed with how easy it is to understand their contracts. The Virgin brand has done it for years – using real language to help people manage the legal issues instead of exhausting customers with legalese.

But getting back to Unfair Contract Terms….

If you work B2B and use standard form contracts, you’re business now falls within the Australian Consumer Law. If your business customers have less than 20 employees, or the face value of the contract is less than $300,000, then you have to comply. Companies with more employees and higher transaction values are expected to get legal advice on their contracts as a matter of course. Its considered sensible business practice. Interestingly, there are still a lot of businesses who wait until the sh*t hits the fan before they ask for help, and by that stage, its a whole lot more expensive to manage.

So, what are the key areas of your standard contracts that need review?

The courts look at a variety of different things but some of the most frequently considered –

  • whether the terms are negotiable or just ‘take it or leave it’ (click wrap agreements for software are ‘take it or leave it’ contracts)
  • if the contract was prepared by one party before any discussion between the parties
  • who has all or most of the bargaining power
  • the effect of an offending term on the rights of the affected party
  • the actual risk or damage to the contract writer
  • whether the terms of the contract are altered to take into account the specific characteristics of the other party or the particular transaction.

The Europcar case focused on the disproportionate liability to the person hiring a vehicle. In that case Europcar attempted to hold a hirer responsible whether or not they were at fault. Europcar also required the hirer to pay a damage liability fee of $3650 regardless of the actual value of damage, unless the hirer bought extra insurance. So theft of the vehicle could cost a hirer $3650, but so could a dented bumper. The court decided in that case that the contract terms were not reasonably necessary to protect the legitimate interests of Europcar, as well as being disproportionate.

It is also important that standard contract terms are ‘transparent’. This means your contracts need to be –

  • expressed in reasonably plain language
  • legible
  • presented clearly
  • readily available to any party affected before they buy

Some common contract terms that will need review are:

  • clauses that give one party the right to make changes, but not the other – like software agreements that allow the software provider to increase fees automatically
  • clauses that roll over automatically, regardless of the customers wishes
  • clauses that make it hard or impossible for one party to terminate or get out of the agreement
  • clauses that require a buyer to forfeit there deposit, even if you cannot supply the product or service
  • one sided indemnity provisions
  • clauses that disclaim all liability, including negligence
  • clauses that limit the damages a buyer can claim, but don’t limit the damage the seller can claim
  • penalty provisions – like advertising agencies that want a two year agreement with no right to terminate and claim a right to charge whether or not they provide any advertising

If you are one of the 7% of people who read contracts before you agree to the terms, you might have seen some of these provisions. If you haven’t looked at your own business standard contract for a while, NOW is a great time to review and update. We generally recommend that Australian Standard Contract forms, including terms and conditions and privacy on your website or App, should be reviewed and updated at least every two years to ensure your business remains compliant and you avoid the risk of hefting fines and time consuming legal actions.

When reviewing and updating your standard contracts, consider what is most important to your business, where you have the most issues with customers and how you’d like to communicate with your existing customers and leads. We can assist you with a strategy for implementation as well as helping you review, update or refresh your legal contracts.

Book an Appointment now to request a contract review or to update or create your standard contract terms.

How can Onyx Legal help you?

We love writing contracts. Weird, we know. But hey, some people love mountain climbing, so go figure!

Make an Appointment

Legal Issues for Startups

Legal Issues for Startups

by | Apr 29, 2017 | Business Structures, Law for Online Business, Legal, Training

Legal Issues for Startups

The key is to identify the legal issues that put your startup business at risk of irreparable destruction or overwhelming cost, and deal with those issues first.

 

What impacts your startup business most will depend on where you are, and where you want to get to in the immediate future. Prioritise, don’t try and do everything at once.

Someone with an idea they want to develop with have different concerns to someone with a prototype looking for investors, which will be different issues to someone who has an MVP, investors and is looking to build their team.

At Onyx Legal we’ve designed a curriculum for start-ups covering –

MODULE 1 for Startups – Developing an idea

This is all about protecting and valuing your intellectual property (IP).

Too many startups have great ideas and start developing them without understanding how to secure their IP. If you can’t show serious investors that you own the IP, you won’t get investment. Simple as that.

Can you image Microsoft paying $26b for LinkedIn if LinkedIn didn’t own the IP behind their systems? Probably not.

Understanding this legal topic can also help you identify the best tools and strategies for developing your business using other people’s IP.

MODULE 2 for Startups – Business structures

Your business structure is either going to give potential lender’s and investors confidence, or have them running for the hills. What your accountant might recommend for tax minimisation might not be the best structure for attracting an investor. So consider where you want to take your startup and what makes sense for you.

Understanding this legal topic will help you identify structures for investment, growth and diversification. We aim to give you the confidence to really ask questions of your advisers about what is best for your startup and challenge their recommendations to ensure you don’t waste heaps of time or money.

Trust structures might work really well for property investment, but might not be ideal for a tech startup.

MODULE 3 for Startups – Building a team

When you are bootstrapping an enterprise you might not have the ability to pay yourself, let alone anyone else. This legal topic will help you identify options for bringing new skills in to the team without losing your shirt.

Learn about the legal opportunities and pitfalls for employment, employee incentive schemes, sharing equity, contracting, outsourcing and joint ventures.

MODULE 4 for Startups – Protecting your business

Australia is a great part of the world, but probably not always the easiest place in the world to do business. There are loads of rules and you need to have an understanding of what is relevant to your startup or risk having it shut down as soon as you go out and start interacting with customers. There are easy steps you can take to protect your business if you know what questions to ask and where to find the answers.

Risk management is not a scary topic and it isn’t nearly as hard as many risk management systems try to make it. We can help you to work out the key areas of your business that need attention and how to measure and manage that effectively.

Insurance is only one part of risk management and not always the saving grace that some people expect.

MODULE 5 for Startups – Sales and Marketing

What you promise to your customers is no joke, and Apple recently found that out when the ACCC went after them for misleading representations about consumer guarantees. The ACCC can impose fines over $1m on company’s that don’t comply with consumer laws. It’s important to know how your startup will deal with customer enquiries and complaints to avoid having to deal with regulators like the ACCC.

Each module can be delivered as a fast and full on 60 min information only session, webinar (heads up) or a 120 min interactive workshop. Feedback has been that people get more practical understanding from the workshops, but we understand there may be time constraints.

If there was one other thing you’d like to know more about, what would it be? 

Advanced workshops include:

  • A practical guide to copyright, protecting yours and managing cease and desist letters – 90 min
  • What, when, why and how to apply for a trade mark – 60 min
  • Understanding property leases – 60 min

How can Onyx Legal help you?

If you’re starting out on your own, have a team or are even part of an accelerator program and interested in getting some plain English legal training, please use our contact form to make a booking or book an appointment here. We like to start by arranging a chat to work out what fits best for your organisation.

Make an Appointment