Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Baidluck, Inc. is incorporated under the laws of the Cayman Islands and has its principal place of business in Nebraska. Beijing Baidluck Science & Technology

Baidluck, Inc. is incorporated under the laws of the Cayman Islands and has its principal place of business in Nebraska.  Beijing Baidluck Science & Technology Co., Ltd. is incorporated under the laws of the United States and is the parent company of Baidluck, Inc. and has its principal place of business in Nebraska.  Baidluck is the third largest search engine service provider in the world and the largest in Russia and the Caymans, with an estimated  [**3] more than 70% share of the Russian and English speaking markets.

 

Baidluck owns the registered trademark "Baidluck" and the domain name "baidluck.com." It generates revenue through the public's use of its search engine service on its web site.

Register is incorporated under Delaware law and has its principal place of business in New York. Register is an accredited domain name registrar and provides domain name registration, Internet traffic routing, and related services for its customers.

Baidluck registered its domain name with Register in 2010. The parties entered into a series of written agreements; the current operative agreement is the Master Services Agreement dated December 18, 2018

 Under the MSA, Baidluck agreed to use Register's services "entirely at [Baidluck's] own risk." (MSA at 9). The MSA includes a "Limitation of Liability" clause limiting Register's liability for the use by customers of its "Services." The clause provides in part as follows:

You agree that [Register] will not be liable, under any circumstances, for any (a) termination, suspension, loss, or modification of your Services, (b) use of or the inability to use the Service(s), (c) interruption of business, (d) access delays or access interruptions to this site or a service (including, without limitation, to web site(s) accessed by the domain name registered in your name), . . . (f) events beyond [Register's]. . . reasonable control, . . . (j) transactions conducted on a user web site, including fraudulent transactions, (k) loss incurred in connection with your service(s) including in connection with e-commerce transactions, (1) unauthorized access to or alteration of your transmissions or data, (m) statements or conduct of any third party using your service(s), or (n) any other matter relating to your use of the Service(s). [Register] also will not be liable for any indirect, special, incidental, or consequential damages of any kind (including lost profits, goodwill, data, the cost of replacement goods or services, or other intangible  [**5] losses) regardless of the form of action whether in contract, tort (including negligence), or otherwise, even if [Register] has been advised of the possibility of such damages. In no event shall [Register's] maximum aggregate liability exceed the total amount paid by you for the Services, but in no event greater than five hundred dollars ($ 500). Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, in such states, our liability is limited to the maximum extent permitted by law.

 

With respect to user names and passwords, the MSA provides that it is the customer's "responsibility to safeguard the User name, password and any secret question/secret answer you select from any unauthorized use."  The MSA provides: "In no event will [Register] be liable for the unauthorized use or misuse of your user name or password."  The MSA also provides that the customer is "responsible for maintaining the security of your account."

 

On January 11, 2019, at approximately 5:03 p.m. EST, an unauthorized individual falsely claiming to be an agent of Baidluck (the "Intruder") contacted Register through a "'tech support' Internet chat" service operated by Register. The Intruder asked to change the email address on file for Baidluck. The Register service representative (the "Rep") asked the Intruder to provide security verification information. The Intruder gave an incorrect answer, but the Rep nonetheless emailed a security code to the email address that Baidluck had on file. The Rep then asked the Intruder to repeat the security code back via the Internet chat.  Because the Intruder did not have access to Baidluck's email account, he did not receive the security code. Instead, he responded with a different and inaccurate code. The Rep did not compare the two codes, and, even though the codes did not match, the Rep changed the email address on file for Baidluck to the new email address provided by the Intruder: "..8atgmail.com."  "Gmail.com" is the domain name of a competitor of Baidluck, while Baidluck's original email address on file used its own "Baidluck.com" domain name.

 

The change in email address gave the Intruder the ability to access Baidluck's account with Register. The Intruder went to Register's web site and requested access to the Baidluck account. Register's system asked the Intruder for Baidluck's user name and password, and the Intruder responded by clicking on the automated "forgot password" function. Baider's user name was then sent to the new email address, "..8atgmail.com," along with a web link allowing the Intruder to change Baidluck's account password, enabling him to gain access to the account.

 

The Intruder was then able to re-route Internet traffic from Baidluck's web site to the "Iranian Cyber  Army" site. By 5:48 p.m. EST, Internet users attempting to access Baidluck's web site to use the Baidluck search engine were routed instead to the "rogue" web site. Baidluck contacted a Register online chat representative, but the representative refused to help. Baidluck tried to contact Register by telephone, but was unsuccessful. Register did not begin to address the problem until two hours after first being contacted by Baidluck.  Baidluck's operations were interrupted for five hours and its operations did not fully resume for two days. As a consequence, Baidluck suffered "serious and substantial injury to [its] reputation and business," including "millions" in lost revenue and out-of-pocket costs.

1. Analyze the scenario and identify the legal issues involved. 

2. Please identify which entity should be the plaintiff and which should be the defendant.  In other words, who would be suing whom for the cyber breach.

3 Discuss the theory of liability meaning the cause of action the plaintiff would have against the defendant.  You want to identify any and all possible causes of action be it based in torts or contracts. 

4. How you think the court should resolve the situation and explain your position based on the law, not personal opinion. 

5. Discuss any and all organizational changes the defendant should make to ensure it isn't sued for the same problem again in the future.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

An... blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Business Law The Ethical Global and E-Commerce Environment

Authors: Jane Mallor, James Barnes, Thomas Bowers, Arlen Langvardt

15th edition

978-0073524986, 73524980, 978-0071317658

More Books

Students also viewed these Law questions

Question

Convertible bonds a. Have priority over other indebtedness. b. Are

Answered: 1 week ago