Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

EU Demands that Google’s ‘right to be forgotten’ to be Worldwide Searches, Not just in the EU

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Google is fighting a June 2015 order from the French CNIL (Commission nationale de l’informatique et des libertés) that ordered Google to “delist links not just from all European versions of Search but also from all versions globally.”  Google’s Global Privacy Counsel Peter Fleischer blogged on July 30, 2015 about the background of the EU May 2014 ruling:

…the Court of Justice of the European Union (CJEU) established a “right to be forgotten”, or more accurately, a “right to delist”, allowing Europeans to ask search engines to delist certain links from results they show based on searches for that person’s name. We moved rapidly to comply with the ruling from the Court. Within weeks we made it possible for people to submit removal requests, and soon after that began delisting search results.

However Mr. Fleisher’s blog about June CNIL order called this as a “troubling development that risks serious chilling effects on the web” and ultimately:

…the Internet would only be as free as the world’s least free place.

This CNIL order applies to other search engines, but since Google accounts for 90% of the search engine traffic the EU, Google is the target of testing the broadening the ‘right to be forgotten.’

HIPAA Violation from Cyberattack that Exposes 4.5 Million Patients at UCLA Health?

Posted in Cyber, Internet Privacy

In July 2011 UCLA Health settled HIPAA violations, paid a fine of $865,000, and “committed to a corrective action plan aimed at remedying gaps in its compliance with the rules,” but they were not prepared for a 2014 cyberattack because of July 17, 2015 UCLA issued a press release where it admitted a new HIPAA violation affecting up to 4.5 million patients “believed to be the work of criminal hackers”:

UCLA Health announced today it was a victim of a criminal cyberattack. While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information.

UCLA Health is working with investigators from the Federal Bureau of Investigation, and has hired private computer forensic experts to further secure information on network servers.

Apparently the cyberattack investigation began in 2014 and as part of the investigation:

…on May 5, 2015, UCLA Health determined that the attackers had accessed parts of the UCLA Health network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information.

Time will tell about how bad this cyberattack has been for UCLA and its patients.

Bad News- You’re Not Entitled to Privacy When You Make a “butt call”!

Posted in Internet Privacy

A court ruled that there is no privacy to people who make “butt calls” and particularly when the party making the “butt call” admitted “that he was aware of the risk of making inadvertent pocket-dial calls and had previously made such calls on his cellphone.” On July 21, 2015 the US 6th Circuit Court of Appeals considered in the case of Huff v. Spaw :

…whether a person who listens to and subsequently electronically records a conversation from an inadvertent “pocket-dial” call violates Title III of the Omnibus Crime Control and Safe Street Act of 1968, 18 U.S.C. § 2510 et seq. (Title III).

The Court of Appeals affirmed the trial court which granted:

….summary judgment for Spaw on the ground that, because James Huff placed the pocket-dial call, the Huffs lacked a reasonable expectation that their conversations would not be intercepted, which is a prerequisite for protection under Title III.

Be careful what you say since everyone makes “butt calls” from time to time, because you will have no privacy.

NO EVIDENCE that “personal information was ever transmitted” So Google Wins Privacy Lawsuit!

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Android users lost their lawsuit claiming that Google “violated its own privacy policy by disclosing their names, email addresses and account locations to third parties without permission, to boost advertising revenue” according to Reuters.  On July 15, 2015 US Magistrate Judge Paul Grewal (Northern District of California) in the case In Re Google, Inc. Privacy Policy Litigation granted Google’s motion to dismiss with this first paragraph since he states in a footnote that the “Plaintiffs offer no evidence that any personal information was ever transmitted from any Android device to any third-party developer, summary judgment in Google’s favor would be required”:

You might think that after three years of complaints, motions to dismiss, orders on motions to dismiss, leave to amend, amended complaints and more, at least the fundamental question of Plaintiffs’ Article III standing to pursue this suit would be settled. You might think that, but you would be wrong.

According to the Order this nationwide class action was “brought by Plaintiffs… against Google on behalf of all persons and entities in the United States that purchased at least one paid Android application through the Android Market and/or Google Play Store between February 1, 2009 and May 31, 2014.”

Magistrate Judge Grewal ruled that the “Plaintiffs fail to satisfy all three prongs, they lack standing to pursue their claims”:

First, Plaintiffs have no evidence of concrete, particularized and actual or imminent “injury-in-fact” because they no longer allege that the battery-and-bandwidth -using transmission containing personal information ever occurs from Plaintiffs’ phones.

Second, Plaintiffs’ claim of battery and bandwidth depletion has no nexus to Google’s alleged breach or unfair competition.

Third, any injury is not redressable by a favorable decision. No past or future change to merchant queries or receipt of information would alter the battery or bandwidth consumed in purchasing an app.

This lawsuit was originally filed in 2012 when Google changed its Privacy Policy and may yet be challenged by appealing this Order.

Cyber Rewards – A New Concept in Airline Mileage Reward Program?

Posted in Cyber, eCommerce

According to the Washington Post United Airlines “had rewarded two people with 1 million free miles of air travel each for discovering and disclosing software defects through the airlines “bug bounty” program…. so named because it offers bounties for the detection of software defects — is the first of its kind in the transportation industry, United claims.”  United Airlines new reward program is in response to the July 8, 2015 events that caused “United’s reservation system malfunctioned for two hours and did not allow passengers to check in for their flights.”  Actually United Airlines announced the program in May:

…pledging to give hackers between 50,000 and 1 million miles of free air travel for identifying and reporting bugs within the company’s software. (Tips or questions about the program can be sent to  bugbounty@united.com.)

Of course rewarding hackers is very old news since the US government has recruited hackers for decades, and many companies attend DefCon every August in Las Vegas looking for more hacker candidates.

Amazon Guilty of Antitrust Violations?

Posted in eCommerce

Booksellers and authors demanded the DOJ (Department of Justice) investigate that “Amazon has used its dominance in ways that we believe harm the interests of America’s readers, impoverish the book industry as a whole, damage the careers of (and generate fear among) many authors, and impede the free flow of ideas in our society.”  As reported in the New York Times “Accusing Amazon of Antitrust Violations, Authors and Booksellers Demand Inquiry,” the American Booksellers Association included this statement in their July 14, 2015 letter to the Department of Justice:

Given Amazon’s dominant market share, no publisher — regardless the size — can afford to not do business with them, whatever the cost. And no one knows this better than Amazon, which has ruthlessly cut off the sales of publishers large and small when they have not yielded to Amazon’s strong-arm negotiating demands.

These antitrust allegations are not a surprise, and it will be interesting to see what the DOJ given Amazon’s evolution and history.

Bloggers Beware- You May Go to Prison!

Posted in eCommerce

Free speech is not the law in Singapore where a 16 year old blogger was just released after 50 days in prison for “criticizing Lee Kuan Yew, the founding father of modern Singapore” according to a recent New York Times article.  On July 3, 2015 Amnesty International  issued a demand issued  -“Singapore: Free 16-year-old prisoner of conscience Amos Yee” as follows:

The Singapore authorities must immediately and unconditionally release teenager Amos Yee, who is facing a minimum of 18 months of reformative training after criticising the late Singapore Prime Minister Lee Kuan Yew online. Amnesty International considers him to be a prisoner of conscience, held solely for exercising his right to freedom of expression. As he is a minor, authorities must also ensure that his treatment is consistent with the UN Convention on the Rights of the Child to which Singapore is a State party.

The Internet is the greatest social change agent ever, but law is still a creature of local society standards and apparently in Singapore bloggers will suffer if they violate those laws.

Is the Internet “not a necessity or human right”?

Posted in eCommerce

Commissioner Michael O’Rielly (Federal Communication Commission – FCC) has been criticized for “commingling of the words “necessity” and “basic human right.””  Infoworld’s recent article “Do we really need the Internet?” about the June 25, 2015 speech of FCC Commissioner O’Rielly to the Internet Innovation Alliance entitled “What is the Appropriate Role for Regulators in an Expanding Broadband Economy?” included the following comments:

Those two statements are not necessarily synonyms. Do we need the Internet like we need air, water, food, and shelter? No, of course not. Assuming that we have those four elements, do we need the Internet to exist and thrive in the United States of America? Yes, we do.

Here are Commissioner O’Rielly’s comments about the 4th point of whether “Internet access is not a necessity or basic human right”:

It is important to note that Internet access is not a necessity in the day-to-day lives of Americans and doesn’t even come close to the threshold to be considered a basic human right.  I am not in any way trying to diminish the significance of the Internet in our daily lives.  I recognized earlier how important it may be for individuals and society as a whole. But, people do a disservice by overstating its relevancy or stature in people’s lives.  People can and do live without Internet access, and many lead very successful lives. Instead, the term “necessity” should be reserved to those items that humans cannot live without, such as food, shelter, and water.

It is even more ludicrous to compare Internet access to a basic human right. In fact, it is quite demeaning to do so in my opinion.  Human rights are standards of behavior that are inherent in every human being.  They are the core principles underpinning human interaction in society.  These include liberty, due process or justice, and freedom of religious beliefs.  I find little sympathy with efforts to try to equate Internet access with these higher, fundamental concepts.

Commissioner O’Rielly included these 5 points regarding the need for all citizens to have Internet access:

  1. The Internet cannot be stopped
  2. Understand how the Internet economy works
  3. Follow the law; don’t make it up
  4. Internet access is not a necessity or basic human right
  5. The benefits of regulation must outweigh the burdens

Stay tuned because this debate about the Internet availability to all citizens is long from over!

7 Reasons for You to Worry About eMail eDiscovery

Posted in E-Discovery, IT Industry

eDiscovery is the monster that ate Cleveland and email is the most significant volume of ESI in eDiscovery, and IDC “estimates that as much as 60% of this business-critical information is stored in email and other electronic messaging tools” and as result “email archives as they not only work to protect organizations from compliance and litigation risk.”  Commvault recently issued a report entitled “7 Reasons to Worry About Your Current Email Archiving Strategy” which includes these comments about #6 “You Can’t Discover Data Quickly”:

Discovery costs for litigation and compliance events can be exorbitant, especially if your legacy archive solution doesn’t support intuitive search functionality. Given that over 55 percent of organizations have been ordered by a court or regulatory body to produce email, the cost of eDiscovery is likely to hit your organization.

To best assure compliance and eDiscovery, you must

1) be certain you’ve archived all pertinent information;

2) assure that you’ve used defensible deletion best practices for the content you no longer retain;

3) be ready to quickly and easily search enterprise-wide to discover all needed Electronically Stored Information (ESI) in a comprehensive and documented way.

Here’s a list of all 7 Reasons:

  1. You’re Collecting and Storing Everything.
  2. You’re Keeping It All Forever.
  3. You Can’t Control Your PSTs.
  4. Your Archive Isn’t Cloud-Ready.
  5. Your Employees Can’t Access Content Themselves.
  6. You Can’t Discover Data Quickly.
  7. You’re Not Leveraging the Value in Your Archived Data.

Good advice to every litigant, but the Report is not only directed at eDiscovery but also “insight that can transform business productivity.”

You Can’t Trust Crowdfunding Promises After Confession to the FTC

Posted in E-Discovery

Immediately after filing a lawsuit  the defendant confessed that he spent monies on personal expenses even though he “raised more than $122,000 from 1,246 backers, most of whom pledged $75 or more in the hopes of getting the highly prized figurines” after he “launched a crowdfunding campaign to raise money from consumers purportedly to produce a board game.”  In the case of the Federal Trade Commission v. Erik Chevalier also d/b/a The Forking Path, Co. which filed a lawsuit on June 10, 2015 in the US District Court in Portland, Oregon and which settled the following day as report by the FTC reported that the defendant:

…agreed to a settlement that prohibits him from deceptive representations related to any crowdfunding campaigns in the future and requires him to honor any stated refund policy.

This was the first such case brought for Crowfunding misuse by the FTC, but surely will not be the last.