Case Study: Zappos.com Data Breach & Verizon v. FCC - BMIS 570

Verified

Added on 2022/09/08

AI Summary

This case study analyzes two significant legal cases: In re: Zappos.com, Inc. Customer Data Security Breach Litigation and Verizon v. FCC. The Zappos case involves a data breach where customer information, including names, email addresses, and financial details, was compromised. The study examines the plaintiffs' arguments regarding the loss of sensitive data and the defendants' arguments regarding the lack of proven "injury in fact." The court ruled in favor of the plaintiffs, concluding that the lack of cybersecurity controls led to a substantial risk. The second case, Verizon v. FCC, concerns the FCC's Open Internet Order aimed at establishing net neutrality. The study explores arguments for and against the order, including the FCC's promotion of competition and Verizon's claims about limitations on incentives. The court vacated parts of the order, indicating the FCC's lack of authority. The analysis provides facts, issues, arguments, and conclusions for each case, offering insights into legal principles, cybersecurity, and internet regulation.

LAW
Module: Week 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Case 1: In re: Zappos.com, Inc. Customer Data Security Breach Litigation
Facts of the case
The parties to the case were 24 million customers of Zappos.com and the entity itself
which is a unit of Amazon.com Inc. based at Seattle. Some of the key details that were
hacked included the names, email addresses, account numbers, billing and shipping
addresses, passwords, and the phone numbers of the customers. This was in addition to the
last four digits of the credit cards, as the same are used to make payments for the purchases.
The access was gained by the hackers through the internal networking through the servers
that were located at Shepherdsville, Kentuck (Greenwald, 2018). Some of the customers
alleged the breach of the privacy, while others did not. The issue was acknowledged by the
Zappos the customers were urged to change their passwords on their accounts.
Discussion of the issues
What were rights of the plaintiffs?
What are the rights of the defendants if any?
Discussion of the arguments
The plaintiffs in this case were the numerous customers that engaged in making
purchases from the said website. The argument presented in their favor is the loss of sensitive
financial and personal details, which can be misused. Further, the fact the entity itself asked
customers to change passwords highlights the gravity of the issue. The advantage of this
argument in the light of the cyber security environment of the present times, the companies
are required to understand the significance of strong cyber security practices and policies.
The argument presented in the favor of the opposition side is the requirement of suffering of
the “injury in fact” and not the possible injury as is required to be proven in the court. This is
referred to as standing. As was held in the case of Clapper v. Amnesty International USA, 568
U.S. 398 (2013), it is necessary for the claimants to prove that they actually suffered the harm
and not that they are making the estimation of the harms that may be caused in such a case.
The advantage of this argument is that the damages must be imposed in relation to the harm
caused and not the estimation of the same (Solove, 2018). However, it must be noted that

even if the harm is not caused at present, such an incident highlights the lack of security
which has the enough potential to cause harm, if the same goes undetected or unaddressed.
Conclusion
I agree with the ruling of the court. It was concluded therein the lack of the sufficient
cyber security controls led to the substantial risk, which further led to the breach of the
sensitive data. The reasoning taken by the court was that the though the harm has not yet
been known, however the nature of the information in the breach would enable the hackers to
engage in one in near future. The positive effect on the society from the ruling is increased
consideration of data of customers in online environment.

Case 2: Verizon v. FCC
Facts of the case
The central issue of the above case was the establishment of the “Open Internet
Order” by the defendant Federal Communications Commission (FCC). The rationale behind
the said step was to establish net neutrality or Internet openness by the prevention of the
different means of user and content discrimination. It was stated in the Open Internet Order
that Internet Service Providers must be transparent by the disclosure of the network-
management practices, must not engage in unreasonable discrimination and the lawful
content must not be blocked (Quimbee, 2014). The plaintiff Verizon sued FCC on the
grounds that the Open Internet Order was beyond the authority of the FCC.
Discussion of the issues
Was such an establishment of Open Internet Order within the authority of FCC?
Discussion of the arguments
The first argument that is in favor of the act of the FCC is that the entity was engaged
in the promotion of the competition by means of the Open Internet Order which was in the
line of the entrusted responsibility of the development of the broadband services. The counter
argument in favor of the company Verizon was that the said development of the broadband,
to the users would be lesser than the limitation on the incentives for the service providers. In
addition some of the regulations as were applicable on the common carriers are not applicable
likewise on the providers of the broadband services. However, in spite of the benefits of the
internet to the consumers the reclassification of the ISPs cannot be forced on FCC, as the
latter is a distinct entity (Musil, 2014).
Conclusion
I agree with the order of the court in which there was vacation on the two parts of the
FCC Open Internet Order 2010. This meant there was absence of the authorities on the part of
the FCC unless the network providers are classified as the common carriers. As per the
previous classification, the broadband providers were termed as "information services"
instead of the "telecommunications services," and thus, the said regulations cannot be applied

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

on the providers of the broadband. The effect of the same on the society is the consumers
would be benefitted by more choices and the network neutrality has become efficient.

References
Clapper v. Amnesty International USA, 568 U.S. 398 (2013)
Greenwald, J. (2018). Court reinstates Zappos data breach litigation. Retrieved from:
https://www.businessinsurance.com/article/00010101/NEWS06/912319751/Court-
reinstates-Zappos-data-breach-litigation
Musil, S. (2014). White House says it won't direct FCC to reclassify broadband. Retrieved
from: https://www.cnet.com/news/white-house-says-it-wont-direct-fcc-to-reclassify-
broadband/
Quimbee (2014). Verizon v. Federal Communications Commission. Retrieved from:
https://www.quimbee.com/cases/verizon-v-federal-communications-commission
Solove, D. (2018). In re Zappos: The 9th Circuit Recognizes Data Breach Harm. Retrieved
from: https://teachprivacy.com/in-re-zappos-9th-circuit-recognizes-data-breach-harm/