Stolen Digital Assets!

• Opening: general chat about digital assets, how they can move, how they can be stolen, people forgetting bitcoin wallet passwords, etc.
• This used to be about domain name
  • Revision Legal past experience in litigating stolen domain name issues
    • ACPA/CFAA/UDRP
    • Damages
    • Procedure/Jurisdiction
• Continuing the NFT train – stolen NFT is the newest rage
  • Recent lawsuit – Armijo v OpenSea and Yuga Labs (BAYC) – District of NV
    • FACTS
      • Nov 2021, Jan 2022, P bought 3 BAYC/MAYC for total of about 80 ETH (about 300k)
      • Feb 2022, he wants to trade the MAYC for some “Cool Cats” NFTs
      • He goes on a discord channel and finds a willing trade partner
      • P alleges a third party trading service was needed to complete the trade, P wanted to use NFT Trader.io, other side agrees.
      • “A few minutes” after agreeing to the trade, the other side says he uploaded the Cool Cats to the website, and he just needs P to upload the MAYCs and complete the transaction. Other side sends P a link to the NFT Trader website.
      • P thought it was the real website, it wasn’t
      • He uploads, and clicks to approve the transfer, nothing happens, he clicks multiple times more, then he notices his ETH in his wallet is lower than expected, he checks the wallet, and BAYC and MAYC are gone.
      • Turns out the website was fake, every time he clicked to complete the transaction, he was allowing access to his wallet
      • He tries to tell Open Sea in order to prevent the re-sale, does the same on discord, reaches out to BAYC on discord, they tell him sorry and will try to help with Open Sea
      • 4 hours after they are stolen, they are all re-sold on open sea
      • It appears they were then later sold on LooksRare
      • New owners will not give them back unless they are paid what they lost
      • Complaint goes on to detail many other similar situations, complains of lack of gov regulations
    • CAUSES OF ACTION
      • Alleges OpenSeas grew too fast, not sufficient security protocols, same w LooksRare, says BAYC doesn’t do anything to prevent this
      • Negligence as to OS and LR – not maintaining the database for stolen items, not sufficient customer service
        • Points to media interviews about OS admitting they have an “obligation” as to security
      • Negligence as to BAYC – not monitoring the community for stolen items
      • Negligent supervision and training and negligent hiring as to OS and LR
• Discuss SIM SWAP cases
  • What is a sim swap
  • How do they happen
  • Causes of action
  • Arbitration

“May It Please The Internet” is a podcast brought to you by: RevisionLegal.com, lawyers who represent businesses who make money online.

Speaker 1:

This is May I Please the Internet, a podcast brought to you by Revision Legal, lawyers who represent businesses that make money online.

John Di Giacomo:

Hey everyone, this is John Di Giacomo of Revision Legal and this is the May I Please the Internet podcast and I’m joined, as always, by my business partner, Eric Misterovich. Hello, Eric.

Eric Misterovich:

Good afternoon, John.

John Di Giacomo:

And today, we are talking about stolen digital assets. Eric, we see this stuff all the time. What kind of digital assets are we talking about here?

Eric Misterovich:

Yeah, it’s something that we have been a part of for quite a while but I think something that’s even more prevalent today in talking about crypto and NFTs and domain names that, you have them one minute and then they’re gone, and what do you do? That’s what going to talk about today.

John Di Giacomo:

Yeah. We’ve had crazy cases ranging from… What was it? Second Life to somebody stole my three letter domain name so it’s been a wild ride and we’ve seen just about everything. Let’s talk about the history here. In the past, it seemed like the type of matter that we would always see was the stolen domain name. Do you agree with that?

Eric Misterovich:

Yeah. We had a run there for a few years where there was a lot of activity of stolen domain names. Where either pretty valuable, brandable, generic word domains, or three letter domains, or just entire profiles or portfolios of domain names just transferred out of a registrar account and the prior owner is just completely lost.

John Di Giacomo:

Yeah. I remember one in particular that was around 200 very valuable domains that were stolen from a single registrar account. The owner was not very happy that occurred. What types of remedies are available in the domain name space? What kind of approaches can people take when a domain name is stolen out of a registrar account, for example?

Eric Misterovich:

I think you’re quizzing me on a blog post I wrote in 20… Obviously, there’s legal remedies but before we talk about that, I think the real life remedy is always to write down what is happening and make a timeline of what you knew, when you knew it, and kind of what you know now and organize what’s going on because there’s a lot going on and if you don’t pay attention, you might miss something.

That’s always my first advice to these kind of situations is try to build out a timeline of what happened so when you talk to your attorney, you can kind of clearly explain and kind of get to the bottom what’s going on as fast as possible because time really matters in these kinds of settings. This is one where time is, we probably throw a clause in, that time is of the essence in a lot of contracts we do, but this one’s actually true where time is of the essence and you have to act as quickly as you can.

Getting those kinds of that baseline, what the hell happened, down on paper is really helpful because then your attorney can look at that and start to map out what is the legal kind of wrangling and procedure? Are we going to go into federal court? Are we going to pursue a domain dispute? Where are the registrars? Where was your registrar? Where’s the new registrar? Where do you live? What kind of other facts do we have? Because we have to piece together a puzzle to figure out, if we’re going to go into federal court, where? Where is jurisdiction proper?

John Di Giacomo:

Yeah, I agree entirely. I think time is always of the essence in these cases and it’s particularly true because these are recoverable assets. These scenarios are very different from those where a hacker steals, for example, cryptocurrency and does so via a VPN or something at the Tor network where they’re obscuring their IP address. Because there’s a asset that is controlled by a central body, there are things that can be done but they need to be done very quickly. And I think you’re right, jurisdiction is a huge issue because some registrars are located overseas and a federal court is going to have very limited jurisdiction over them.

You have to look at things like, “Okay, who’s the registry? and for our listeners, the registry is the party that in the case of.com which is Verisign, is the party who grants a registrar, the person you buy a domain name from, with the ability to sell that domain name to you. In our case in the US, the registry Verisign of the .com top level domain’s office is actually located in Virginia. So if the registrar is located in China, for example, and a federal court has no jurisdiction over it, then all of a sudden we need to look at it and say, “Okay, do we file in Virginia to see if we can compel Verisign to do something for you?” I agree entirely. Time is of the essence, write everything down, and get it to us or get it to your attorney so that they can understand exactly what needs to be done and do it very quickly.

Eric Misterovich:

Yeah. And that’s where, “Where does the domain name live?” is essentially what we’re trying to figure out because that’s one of the questions in jurisdiction. Certainly, not the only one, but where is the place of the domain is a factor. And then, if there’s an interesting route you can take with cyber squatting litigation where you can actually name the property of the domain as the defendant. It’s one of these really unique circumstances. I mean, to me, it’s kind of one of… I like doing in cyber squatting cases because they’re so rare that it’s such like a unique procedural vehicle and you really get to take advantage of what this law allows and it’s really set up for these purposes. It’s when you can’t gain jurisdiction over the underlying owner, you can still gain jurisdiction over the domain name itself and it’s just a nice little wrinkle that the cyber squatting law provides.

John Di Giacomo:

Yeah. I remember in law school, I thought I’d never see in rem in action and lo and behold, it’s way more… In rem, by the way, it means where the property is located where the res, as we call it, the R-E-S, res is located and I never thought I would touch one of those cases. I thought that’s a weird scenario but lo and behold, it’s something that we do pretty frequently.

There are a number of remedies here that I think are worth talking about. One is kind of the standard arbitration policy which is the uniform domain name dispute resolution policy which we call the UDRP. The UDRP is an arbitration clause that is required to be inserted in every registration agreement for a domain name and that clause effectively says that, “For cases where there has been an abusive registration of a domain name, the case can be heard by an arbitration body.” In the US, there are two arbitration bodies that hear these types of cases. There is the World Intellectual Property Organization or WIPO and there is the National Arbitration Forum. To recover the domain name, you can file an arbitration proceeding with either WIPO or with the NAF, National Arbitration Forum, and argue that the domain name was taken from you but there are downsides to that approach. Eric, what do you see as the downsides there?

Eric Misterovich:

It depends on the domain in issue, how fast you need to act, the cost that you’re willing to invest in it, because UDRP, generally, lower cost but also, it will take maybe a little bit longer to get some immediate action. Federal court, it’s going to be more expensive but you could likely get immediate action much faster. Also, the arbitration route, it’s not a United States district court judge. It’s a private practitioner who serves as an arbitrator and you’re kind of at the whim of their decision. You can’t appeal it. You can’t obtain money damages. If you ever did identify who actually did this and you’re able to obtain a judgment against someone, you can only do that in federal court. You cannot do that in a UDRP proceeding. Also, you’d run this risk that the UDRP is really not intended to handle stolen domain names.

UDRP is really for these, like you said, those abusive registrations, a typosquatting, a clear squatter on someone’s trademark rights then a domain and… A stolen domain is a little different. Also, you have to have strong trademark rights to proceed there. Because I know I’ve had one where we had a stolen domain and I think it was just four numbers and we tried to assert that we had trademark rights in it. No one appeared to defend the case and the arbitrator ruled against us finding there was no rights. But for that client, it didn’t make sense to invest a ton of money into federal court litigation. This was the shot that we took and it didn’t work.

John Di Giacomo:

Yeah, I agree entirely. The UDRP seems to be, or is, entirely oriented towards trademark related remedies as opposed to property or theft conversion type remedies. It’s weird. The UDRP process is just weird. It has no precedent. While you can argue that prior case law is persuasive authority, it’s not mandatory authority. Those, some arbitrator already found that similar circumstances or similar facts do constitute domain theft or cybersquatting, it has no binding authority to any subsequent arbitrator.

So you’re really kind of hoping that you can convince the arbitrator that this is a case worth ruling in your favor on. And then, there are also some weird international things that come into play where sometimes the WIPO arbitrators rule differently than the National Arbitration Forum arbitrators because they’re located in Europe and not in the United States or some arbitrators will say, “This is too complex. This is a contract issue or this is an issue that must be resolved in some other manner.” So there’s a lot of risk in taking that approach. What other approaches do you see, Eric?

Eric Misterovich:

The other approach that we’re talking about is federal court. When you file a lawsuit in federal court, you can primarily rely on two acts. One, the Anti-Cybersquatting Consumer Protection Act and this is, again, a law about abusive registrations that allows a plaintiff to come in and obtain rights and take back a domain but it can also win damages. The test is similar to the test within the UDRP but not identical.

But federal court, you can also include other causes of action. There’s Computer Fraud and Abuse Act. We’ve used that many times to apply to stolen domains. You can even use kind of these very old time-y laws like conversion or replevin when we’re talking about these stolen property in your remedy to get it back. I think in federal court, you’re more likely to have a default setting where no one shows up and the court, most of the time, I think is going to go along with your request as long as it’s made in good faith and you’re kind of checking the boxes. You’re likely to win on those cases. Having the federal court option is, in my opinion, a superior route to recovering a stolen domain and probably stolen anything in terms of digital assets but it’s not always the right fit for everyone’s circumstances.

John Di Giacomo:

I agree entirely. The two benefits that I see are, one, if the defendant does not appear, then you can get a default and a default judgment. The presumption is that the allegations in your pleading are true so the court is likely to award a default and a default judgment in your favor if no one appears. The second is, if somebody does appear, there are damages of up to $100,000 per domain name and the ability to get costs and attorney’s fees in federal court. There are some real sticks that you can hit people with if you find that the defendant decides to make an appearance.

I find the ACPA to be really useful in cases where an ex-employee, for example, steals a domain name or there’s a dispute between partners and one partner gets a little spicy and decides that he’s going to take the domain name hostage and run away with it. Those are really the cases where I find that this cause of action to be very, very useful.

Eric Misterovich:

Yeah. And when you’re in federal court, like I said, the timing, normally, federal court, you think slow, anything in court is going to be slow. That’s true almost all of the time but you can file for these temporary restraining orders and preliminary injunctions and you can seek a ruling at an expedited basis. When I say expedited, I would say within a matter of a week, you’ll probably have a decision from a judge on those kinds of motions and that’s lightning speed for courts and it’s perfect for this kind of setting.

John Di Giacomo:

Yeah. I agree entirely. Let’s talk about some other digital assets. We have talked about domain names. What about crypto and NFTs? What’s out there and what kind of things have you run into in this area with respect to the theft of these assets?

Eric Misterovich:

I think that NFTs are the hot commodity right now in terms of stolen assets. There’s a lot of trading going on and buying and selling and there’s people out there that know how to take advantage of that. It’s interesting to see it play out and learn from that experience and then see how the legal side fits in this or really doesn’t fit. I think is probably a better example. But for example, there was a case recently filed against OpenSea and against Yuga Labs which is the entity that is behind Bored Ape Yacht Club. This was a lawsuit filed in the district of Nevada, so federal court in Nevada, and the plaintiff is suing because essentially, he was duped into trading away his Bored Ape and Mutant Ape Yacht Club NFTs.

Here’s the kind of timeline of what happened because I think it’s kind of interesting. November 21 and February 22, the plaintiff buys these NFTs. He spends about $300,000 on purchasing three NFTs. He decides that, “You know what? I want to trade some of these NFTs for the Cool Cats NFT Project.” Goes on Discord, finds someone that wants to trade, they talk about how they’re going to do it. The other side recommends a couple trading platforms. The plaintiff says, “No, no, no. I want to use nfttrader.io because I’ve heard that’s a good one.” It is what he says in his complaint. The other guy acts like he has never heard of that and says, “Well, okay, I guess I’ll trust you.” So then, the other guy says he loads his Cool Cats into that website and sends a link to the plaintiff. Plaintiff goes, clicks the link, he’s trying to upload his NFTs, it’s not working, getting error messages, he keeps clicking the link, and nothing is happening then… By the way, this is all in the plaintiff’s complaint. This is how he phrases it.

He then notices his crypto wallet has a lower amount of ether in it than what he expected. He’s looking at it, goes in and checks, and all three of his NFTs are gone. The website that he was led to that looked like the genuine NFT Trader website was fake. The link was just allowing the bad guy in to essentially take these items out of his wallet and then, he basically watches as these NFTs are then later resold for far below their market value and he is essentially powerless in doing so.

So between committing this trade to four hours later, everything had been resold on other platforms, including one called Looks Rare. He has now filed this lawsuit saying, essentially, that the OpenSea Bored Ape Yacht Club and this Looks Rare entity were negligent and effectively allowing their platforms to be used for this illicit purpose and not having sufficient protocols in place to prevent the resale of stolen items.

John Di Giacomo:

What’s your take on the likelihood of liability for OpenSea and Yuga Labs/Bored Ape Yacht Club in this case?

Eric Misterovich:

Extraordinarily low.

John Di Giacomo:

It seems terrible. I mean, I’m looking at this complaint as we’re talking and the duty that they’re alleging is that Bored Ape Yacht Club should have been monitoring these 10,000 or so NFTs that they had released for stolen NFTs. I mean, is that what the primary allegation is?

Eric Misterovich:

Yeah. That he tried to get in touch with Bored Ape Yacht Club and tell them it was stolen and then wanted that to create some duty for Bored Ape Yacht Club to then, shut it down somehow to prevent the resale of that item. He says, “Well, they get paid every time it’s resold. They have a very tight knit community and they should be able to take stronger measures to stop this thing from being resold once I’ve notified them that it’s stolen.”

John Di Giacomo:

So the analogy would be, I bought a Porsche, I took it to a shady valet that wasn’t quite in front of the restaurant but just down the street, the valet stole the Porsche, and now I’m going back to the dealership and asking them for some money because they, eventually, will sell parts to repair that Porsche. I mean, that’s a terrible claim.

Eric Misterovich:

Yeah, right. That the stolen Porsche is then listed on a different website and it sold and that different website is under some obligation to do its due diligence to make sure it’s not stolen, I guess, is what they’re talking about? Of course, this is happening in a crypto NFT space in a matter of hours so I don’t really understand what they expected Bored Ape Yacht Club to do. And then OpenSea, none of this happened on OpenSea. So OpenSea, I don’t even know why they are here. They had literally nothing to do with it.

John Di Giacomo:

Yeah. That’s wild. I don’t see where they fit in either. I wonder if it’s because they were the primary platform through which Bored Ape Yacht Club was originally sold or something along those lines.

Eric Misterovich:

Yeah. It’s very difficult to understand. Basically their complaint says, “Not maintaining a database of stolen items and then not having sufficient customer service to handle this.” And then, their proof of this duty is digging through interviews with leadership of OpenSea and finding a quote that’s saying they recognize they have some sort of obligation about security like that’s imposed as a legal duty and those two things are not the same thing whatsoever. Yeah, I mean, I don’t think this lawsuit has a shot in hell of going anywhere. What would you… Do you think there’s anything they could have done different in terms of causes of action?

John Di Giacomo:

Against these defendants? Is that the question? Against Bored Ape Yacht Club and OpenSea?

Eric Misterovich:

I don’t think against these defendants. Isn’t there something to say for a subsequent buyer can never acquire valid title in a stolen property?

John Di Giacomo:

Yeah. I mean, bonafide purchaser in good faith like those types of doctrines, definitely. I think that if the NFT is listed somewhere where it’s recoverable, you could file a John Doe lawsuit and request injunctive relief to have the NFT placed in the custody of the court or even in the possession of the plaintiff during the pendency of the lawsuit. You could chase down the subsequent purchaser, definitely, like you had just mentioned. So yeah, I think there’s a lot there that could actually be done. This seems like it wasn’t real well thought out.

Eric Misterovich:

Yeah, because they have found the subsequent purchasers and they’ve tried to negotiate to get it back and the subsequent purchasers are like, “Well, I’ll give it back to you for what I paid for it but I’m not just going to give it to you.” That seems like the way to go. If I was the plaintiff, I mean, we did the exact same thing for a stolen domain name where it was stolen, it was then sold, and we found the subsequent purchaser and named him as a defendant. I think we would’ve won on the merits but we found a favorable settlement in which the domain was returned to us. That seems like the route to go here. I have no idea why they think OpenSea or Bored Ape Yacht Club has anything to do with what happened.

John Di Giacomo:

I agree entirely. I agree with that approach. Let’s talk about SIM swap cases because this is a very similar area. A SIM swap is where a third party calls your cell phone carrier and they convince the cell phone carrier through social engineering or some other process to swap the SIM card in your phone for another phone. They’re essentially taking the phone number and the IMEI and the data, the metadata, associated with your phone and they’re dropping it somewhere else. A lot of the ways that this typically happens is a party will call an overseas call center. They’re smart. They know that at 2:00 AM, the call center switches to Europe and they’re not as sophisticated as the call center in the US or wherever it might be. And then, they talk through and socially engineer this individual in the customer service center to make this swap.

And then from there, they can get access to the two factor authentication or the challenge questions for your crypto account, for example. We’ve handled a bunch of these cases and I want to talk specifically, Eric, about one that I recently saw and I think is very close to this OpenSea Bored Ape Yacht Club case that we were just mentioning. And that is, there was a recent attack on Gemini and a company called IRA Financial.

IRA Financial is a self custody IRA for crypto and they utilized Gemini’s platform. Gemini is a cryptocurrency exchange and either IRA Financial or Gemini did not maintain adequate security. There was some problem with the way that the API connected the two. Someone discovered this and decided that they’re going to exploit it. And so, they called the police and swatted… If you don’t know what swatting is, it’s calling the police and making a fake report. Swatted IRA Financial, cleared the IRA Financial office, because the police arrived and were looking for a bomb. And then the hacker, used the exploit to drain a number of accounts from Gemini and got away with $35 million of other individuals’ IRA accounts.

These are retirement accounts that people are going to rely on for their future. The crypto immediately went into tumblers to launder it so that it could not be recovered, though some of it was recovered. And now, these poor individuals are left without any remedy because this retirement asset that they were relying on is gone. In that case, Eric, similar causes of action, what do you think?

Eric Misterovich:

Yeah, you are asserting similar causes of action as the plaintiff in this Bored Ape lawsuit, but you have a defendant who actually owes you with duty. That’s the difference here is, Bored Ape and OpenSea had nothing to do with the reason that guy got sent a phishing link and clicked on it and his stuff was stolen.

Here, you have people that you’re depending on for your retirement money and you are depending on them and they have a duty to you to install all adequate security measures to prevent this from happening. Whether that’s through the actual security measures, training, supervision, hiring, maintenance, monitoring, whatever, anytime you hear the word negligence, the first question is duty. Does that person have a duty to you? And if they do, they have to conduct that duty as a reasonable person would. If their security protocols or systems were not maintained in a reasonable fashion, that’s a breach of the duty and that is how you establish negligence and can result in obtaining damages. There’s, of course, approximate cause and causation mixed in there but in this case, it’s pretty clear that this security flaw, whatever it was, opened the door to this kind of theft and I think most people would expect that to be an unreasonable execution of their duty to safeguard these funds.

John Di Giacomo:

Yeah. I got to go back to law school for a second and talk about TJ Hooper. TJ Hooper is this classic case from law school where a tugboat was basically going out to the sea and it went out without a radio, the VHF radio. At the time, VHF radios were not relatively new but they were new enough where not everyone had them and the boat, had it been able pick up weather reports from that VHF radio would’ve known that the seas were rising and that there was a storm coming in. The TJ Hooper, ultimately, either crashed into something or it was sunk. I believe some individuals died. If I’m recalling correctly, it’s been a long time. But something happened, some damages occurred, and the question became, “Did they have a duty?” because VHF radios were relatively accessible, they were not overly expensive, they could have been adopted as an adequate security measure for the boat.

That’s going to be the case here. It’s going to be a question of, “Is the exploit, the API exploit or whatever it was in this case, was it sufficient under the circumstances and with the knowledge of both Gemini and IRA Financial to protect against the types of attacks that they were aware of?” It’s the same question in the case of, for example, Verizon or T-Mobile or AT&T, is the security that they have in place to protect against these SIM card swaps sufficient and commercially reasonable under the circumstances to protect against known threats? It’ll be interesting to see the way courts shake out on this because I think that in the case of IRA Financial, they had eight accounts tied to every IRA account. So you’ve got eight vectors of attack and that’s just poor planning. It’s just poor IT planning, because if one of those people gets a man in the middle attack, like we discussed in the Bored Ape Yacht Club case, then it opens the door to every account. It’ll be interesting to see the way that this one plays out.

Eric Misterovich:

Yeah. I think, it’s important to remember it’s a reasonable duty under the circumstances. So like, one guy with three NFTs, his duty to maintain his own email account and not let people into his… Or with domains, like how did this domain get stolen? Usually, someone gets into your email and then goes and resets your registrar account.

Well, yeah, you have your own responsibility to maintain security of your own Internet account and email and everything. But we’re talking about a financial company that’s holding millions and millions and millions of dollars, what’s expected of them is going to be a lot higher than what’s expected of a normal individual. So those kinds of circumstances count in that kind of reality of, this is what’s expected of someone like you in your situation holding millions and millions of retirement funds. You’re going to have a high bar to what you should be doing to protect those funds.

John Di Giacomo:

Yeah, I agree entirely. We talked a little bit about negligence as a cause of action. There are some others here too in the case of holding funds. There might be a breach of fiduciary duty because you are a fiduciary of those funds. There might be state level regulations that apply so there might be, what we call negligence per se, where a state regulatory standard sets the standard and a violation of that standard immediately constitutes negligence as opposed to having to prove that it was negligent.

One of the things that a lot of these cases, with either SIM swap or the case that we’re discussing with IRA Financial, have in common is a lot of these companies have instituted arbitration clauses. That process is interesting itself because typically, arbitration is going to be confidential. There will be no notice to any subsequent person about what the decision of the arbitrator was in any prior case. There’s no database of awards to know how much money people have won against Verizon, for example, in the past. There’s a lot of these things that have to be thought through if you’re a victim of cryptocurrency theft or any digital item theft because arbitration and a waiver of a class action lawsuit is probably going to in the terms of use agreement for whatever service applies to the case.

Eric Misterovich:

A couple minutes ago, you talked about a known risk. To me, that’s one of the big items to establish this negligence is, they know it’s a risk and they know this happens and they’ve been sued on it many, many, many times. I mean, if you just go in and look through PACER, the federal court system where you can check the dockets of any federal court lawsuit, you can see that all the big players in telecommunications being sued for SIM swap cases. And then, it’s usually just a fight about, “Is this subject to arbitration?” Very rarely if ever, are those cases actually being decided on the merits within federal court. It’s usually just a procedural fight about arbitration. But I would say, a lot of attorneys would choose not to even do that and just get right to arbitration because it probably applies.

The number of cases that have made it to federal court fighting arbitration alone, combined with how we have seen the terms of use change for all the companies you expect, they now try to address this and limit their liability regarding the theft of cryptocurrencies directly in their turn. Those two things, on its face, makes it clear they know this is a risk and are they taking adequate measures to prevent it? They really benefit from arbitration because we don’t have a history of… Let’s just call it, the screw ups they make because the screw ups are sometimes laughably bad. We’re talking about, we get discovery and every call is recorded and it’s a clearly an Eastern European male acting like a US female. It’s obviously, there’s something wrong and then, “Oh, the files show multiple suspected suspicious activity,” but then one customer service person is asleep at the wheel and lets it go through and boom, all of that person’s digital assets are at risk. They really benefit from arbitration because we don’t have that access to all that data.

John Di Giacomo:

Yeah. I can’t believe that case is real still. I’m just thinking about that the call you are describing actually occurred and it was horrible. I cannot believe that individual got through customer service. Well, this has been, I think, very useful and appreciate the discussion, Eric, as usual. This again is the Revision Legal podcast, May It Please the Internet, and we will talk to you next time.