Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Is the Internet “not a necessity or human right”?

Posted in eCommerce

Commissioner Michael O’Rielly (Federal Communication Commission – FCC) has been criticized for “commingling of the words “necessity” and “basic human right.””  Infoworld’s recent article “Do we really need the Internet?” about the June 25, 2015 speech of FCC Commissioner O’Rielly to the Internet Innovation Alliance entitled “What is the Appropriate Role for Regulators in an Expanding Broadband Economy?” included the following comments:

Those two statements are not necessarily synonyms. Do we need the Internet like we need air, water, food, and shelter? No, of course not. Assuming that we have those four elements, do we need the Internet to exist and thrive in the United States of America? Yes, we do.

Here are Commissioner O’Rielly’s comments about the 4th point of whether “Internet access is not a necessity or basic human right”:

It is important to note that Internet access is not a necessity in the day-to-day lives of Americans and doesn’t even come close to the threshold to be considered a basic human right.  I am not in any way trying to diminish the significance of the Internet in our daily lives.  I recognized earlier how important it may be for individuals and society as a whole. But, people do a disservice by overstating its relevancy or stature in people’s lives.  People can and do live without Internet access, and many lead very successful lives. Instead, the term “necessity” should be reserved to those items that humans cannot live without, such as food, shelter, and water.

It is even more ludicrous to compare Internet access to a basic human right. In fact, it is quite demeaning to do so in my opinion.  Human rights are standards of behavior that are inherent in every human being.  They are the core principles underpinning human interaction in society.  These include liberty, due process or justice, and freedom of religious beliefs.  I find little sympathy with efforts to try to equate Internet access with these higher, fundamental concepts.

Commissioner O’Rielly included these 5 points regarding the need for all citizens to have Internet access:

  1. The Internet cannot be stopped
  2. Understand how the Internet economy works
  3. Follow the law; don’t make it up
  4. Internet access is not a necessity or basic human right
  5. The benefits of regulation must outweigh the burdens

Stay tuned because this debate about the Internet availability to all citizens is long from over!

7 Reasons for You to Worry About eMail eDiscovery

Posted in E-Discovery, IT Industry

eDiscovery is the monster that ate Cleveland and email is the most significant volume of ESI in eDiscovery, and IDC “estimates that as much as 60% of this business-critical information is stored in email and other electronic messaging tools” and as result “email archives as they not only work to protect organizations from compliance and litigation risk.”  Commvault recently issued a report entitled “7 Reasons to Worry About Your Current Email Archiving Strategy” which includes these comments about #6 “You Can’t Discover Data Quickly”:

Discovery costs for litigation and compliance events can be exorbitant, especially if your legacy archive solution doesn’t support intuitive search functionality. Given that over 55 percent of organizations have been ordered by a court or regulatory body to produce email, the cost of eDiscovery is likely to hit your organization.

To best assure compliance and eDiscovery, you must

1) be certain you’ve archived all pertinent information;

2) assure that you’ve used defensible deletion best practices for the content you no longer retain;

3) be ready to quickly and easily search enterprise-wide to discover all needed Electronically Stored Information (ESI) in a comprehensive and documented way.

Here’s a list of all 7 Reasons:

  1. You’re Collecting and Storing Everything.
  2. You’re Keeping It All Forever.
  3. You Can’t Control Your PSTs.
  4. Your Archive Isn’t Cloud-Ready.
  5. Your Employees Can’t Access Content Themselves.
  6. You Can’t Discover Data Quickly.
  7. You’re Not Leveraging the Value in Your Archived Data.

Good advice to every litigant, but the Report is not only directed at eDiscovery but also “insight that can transform business productivity.”

You Can’t Trust Crowdfunding Promises After Confession to the FTC

Posted in E-Discovery

Immediately after filing a lawsuit  the defendant confessed that he spent monies on personal expenses even though he “raised more than $122,000 from 1,246 backers, most of whom pledged $75 or more in the hopes of getting the highly prized figurines” after he “launched a crowdfunding campaign to raise money from consumers purportedly to produce a board game.”  In the case of the Federal Trade Commission v. Erik Chevalier also d/b/a The Forking Path, Co. which filed a lawsuit on June 10, 2015 in the US District Court in Portland, Oregon and which settled the following day as report by the FTC reported that the defendant:

…agreed to a settlement that prohibits him from deceptive representations related to any crowdfunding campaigns in the future and requires him to honor any stated refund policy.

This was the first such case brought for Crowfunding misuse by the FTC, but surely will not be the last.

Did you realize that DDoS is used for Cyberblackmail?

Posted in Cyber, eCommerce

DDoS (Distributed Denial of Service) blackmail is just one form of cybercrime that historically has not been reported because victims of cyberblackmail “often do not publicly acknowledge the attack for reputational reasons” including banks, cloud services, or the like.  A recent Verisign report entitled “Distributed Denial of Service Trends” included these 3 motivations for DDoS including blackmail:

  • Activism and Protest
  • Cyber Crime (including blackmail, attacking competitors, and smokescreen for other intrusions)
  • Retaliation and Mischief

Here are the Report’s conclusions about DDoS:

Today’s DDoS attackers choose their targets and tactics for a number of reasons, many of which may not be clearly evident to the victims or the security professionals and law enforcement organizations who assist them.

Understanding the various potential motives behind DDoS attacks can help defenders anticipate and ideally prevent these attacks before they cause irreparable damage to business operations, online revenue generation and reputation. Regardless of their motivations, however, DDoS attackers are proving more adept and effective than ever at disrupting their targets, and network-dependent organizations of all industries, types and sizes should consider their risk and prepare accordingly.

Protecting businesses from DDoS continues to be important.

Cybersecurity Question: Should we teach kids ethical hacking?

Posted in Cyber, eCommerce

A recent panel discussion in London pondered whether “to recruit more young people into this area, in order to stir them “away from the dark side” and onto the right path.” The June 15, 2015 debate at the Innovate Finance was entitled “Catching the Big Phish” and the audience was “mainly comprised of banking professionals, some government representatives, education, and IT professionals.”

IDG Reported included these comments from Ian Glover, President at CREST, that “there is no doubt that young people should be encouraged to get into ethical hacking”:

[It’s encouraging] to see young people be interested in technology and then try to focus their attentions on doings things that are legitimate and legal. We need to describe this as a career aspiration. There is a legitimate career path [for young people] in cybersecurity. We need to define what that career structure is, define the input and then drive people into that direction with some understanding of what their career structure is going to be.

With all the cybercrime this debate will continue, but it is also hardly a new idea to recruit young hackers.

EU Court Rules that Website is Liable for Anonymous Comments

Posted in eCommerce, Internet Privacy

In spite of the fact that Estonian news site Delfi  took down anonymous offensive and “allegedly defamatory” comments from its readers, the European Court of Human Rights (ECHR) in Strasbourg ruled that Delfi was liable for those comments.  The June 16, 2015 ruling included the following:

11. In our view, member States may hold a news portal, such as Delfi, liable for clearly unlawful comments such as insults, threats and hate speech by readers of its articles if the portal knew, or ought to have known, that such comments would be or had been published on the portal. Furthermore, member States may hold a news portal liable in such situations if it fails to act promptly when made aware of such comments published on the portal.

The actual story in January 2006 was about a controversial plan for a shipping company to destroy public ice roads by “L” who was a supervisory board member of the shipping company. L’s story led to 185 comments posted including about 20 comments which “contained personal threats and offensive language directed against L,” and were removed under Delfi’s Rules:

Delfi prohibits comments whose content does not comply with good practice.

These are comments that:

–  contain threats;

–  contain insults;

–  incite hostility and violence;

–  incite illegal activities …

–  contain off-topic links, spam or advertisements;

–  are without substance and/or off-topic;

–  contain obscene expressions and vulgarities …

There was an interesting dissenting opinion:

In this judgment the Court has approved a liability system that imposes a requirement of constructive knowledge on active Internet intermediaries (that is, hosts who provide their own content and open their intermediary services for third parties to comment on that content). We find the potential consequences of this standard troubling. The consequences are easy to foresee. For the sake of preventing defamation of all kinds, and perhaps all “illegal” activities, all comments will have to be monitored from the moment they are posted. As a consequence, active intermediaries and blog operators will have considerable incentives to discontinue offering a comments feature, and the fear of liability may lead to additional self-censorship by operators. This is an invitation to self-censorship at its worst.

This is a very controversial ruling which may impact free speech through the EU.

Department of Justice (DOJ) Recommends that Lawyers Need to Know about Cybersecurity

Posted in Cyber, eCommerce

According to the DOJ it is a best practice for every business is to have “legal counsel that is familiar with legal issues associated with cyber incidents” in its recent “Best Practices for Victim Response and Reporting of Cyber Incidents.”  The April 2015 “Best Practices” includes these comments about ensuring legal counsel  is familiar with technology and cyber incident management since “Cyber incidents can raise unique legal questions”:

An organization faced with decisions about how it interacts with government agents, the types of preventative technologies it can lawfully use, its obligation to report the loss of customer information, and its potential liability for taking specific remedial measures (or failing to do so) will benefit from obtaining legal guidance from attorneys who are conversant with technology and knowledgeable about relevant laws (e.g., the Computer Fraud and Abuse Act (18 U.S.C. § 1030), electronic surveillance, and communications privacy laws). Legal counsel that is accustomed to addressing these types of issues that are often associated with cyber incidents will be better prepared to provide a victim organization with timely, accurate advice.

Many private organizations retain outside counsel who specialize in legal questions associated with data breaches while others find such cyber issues are common enough that they have their own cyber-savvy attorneys on staff in their General Counsel’s offices. Having ready access to advice from lawyers well acquainted with cyber incident response can speed an organization’s decision making and help ensure that a victim organization’s incident response activities remain on firm legal footing.

The DOJ Cybersecurity Unit (Computer Crime & Intellectual Property Section, Criminal
Division) identified these steps “Before a Cyber Intrusion or Attack Occurs”:

A. Identify Your “Crown Jewels”

B. Have an Actionable Plan in Place Before an Intrusion Occurs

C. Have Appropriate Technology and Services in Place Before An Intrusion Occurs

D. Have Appropriate Authorization in Place to Permit Network Monitoring

E. Ensure Your Legal Counsel is Familiar with Technology and Cyber Incident Management to Reduce Response Time During an Incident

F. Ensure Organization Policies Align with Your Cyber Incident Response Plan

G. Engage with Law Enforcement Before an Incident

H. Establish Relationships with Cyber Information Sharing Organizations

Since cybercrimes are daily headlines it certainly behooves all lawyers to understand in order to serve their clients.

Avoid Malware by Regular Employee Training About Suspicious Emails

Posted in eCommerce

Here is some basic advice for all employees – “Don’t open email attachments from strangers or seem strange, and don’t open links in emails that seems suspicious” …which should be part of the mindset of everyone reading email, but often employees fail to heed this advice or just forget.  If you do not continually train employees there it is highly likely you will find more malware on your systems.  So the recent Infoworld DeepDive report entitled “11 sure signs you’ve been hacked” should be a wake up about what happens when employees fail to use common sense about suspicious emails.  Here are the DeepDive 11 system compromises caused by malware:

No. 1: Fake antivirus messages

No. 2: Unwanted browser toolbars

No. 3: Redirected Internet searches

No. 4: Frequent random popups

No. 5: Your friends receive fake emails from your email account

No. 6: Your online passwords suddenly change

No. 7: Unexpected software installs

No. 8: Your mouse moves between programs and makes correct selections

No. 9: Your antimalware software, Task Manager, or Registry Editor is disabled and can’t be restarted

No. 10: Your bank account is missing money

No. 11: You get calls from stores about nonpayment of shipped goods

Regularly employee training will likely reduce or eliminate these hacked events!

Lawyers Need to Know these 10 Myths about Cyberthreats

Posted in Cyber

Since lawyers are guardians of client data it is essential that they be vigilant about cyberthreats and “be more proactive in finding and preparing for threats to physical and digital assets, it’s crucial to define and understand exactly what threat intelligence means, and separate fact from fiction” as reported in Cyvellience recent report entitled “10 Myths About Cyber Threat Intelligence: Separating Fact from Fiction.”  The 10 myths are as follows:

Myth 1: Threat intelligence is just another term for data.

Myth 2: Only big companies have a need for threat intelligence.

Myth 3: It’s impossible to develop a business case and show ROI for threat intelligence.

Myth 4: The volume of sources and data outside our perimeter is too overwhelming to be useful.

Myth 5: Threat intelligence is only useful for the information security department.

Myth 6: I deal with guns and guards, so I don’t need cyber threat intelligence.

Myth 7: Our network is already protected by firewalls, IDS, and anti-virus solutions.

Myth 8: Threat intelligence is only useful before a breach or a security event.

Myth 9: We already have an in-house cyber security team, so we don’t need threat intelligence from a third-party.

Myth 10: We can’t afford to hire more analysts to process, review, and act upon threat intelligence. 

Separating fact from fiction is not always pretty, but with cyberthreats today understanding these myths is critical.

Will the Google’s New Myaccount Improve Compliance with Privacy Laws?

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Google’s claims that Myaccount “gives you quick access to the settings and tools that help you safeguard your data, protect your privacy, and decide what information is used to make Google services work better for you.”  In a June 1, 2015 blog Google explained that myaccount.google.com can help with the following:

  • Take the Privacy Checkup and Security Checkup, our simple, step-by-step guides through your most important privacy and security settings.
  • Manage the information that can be used from Search, Maps, YouTube and other products to enhance your experience on Google. For example, you can turn on and off settings such as Web and App Activity, which gets you more relevant, faster search results, or Location History, which enables Google Maps and Now to give you tips for a faster commute back home.
  • Use the Ads Settings tool to control ads based on your interests and the searches you’ve done.
  • Control which apps and sites are connected to your account.

Given all the legal challenges Google faces around the world with managing privacy it will be interesting to see if privacy really improves.