Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Bitcoin Company Shutdown for Failing to Deliver Bitcoin Mining Computers

Posted in eCommerce

Based on the FTC’s request, a judge enjoined Butterfly Labs from marketing “BitForce” which were “specialized computers designed to produce Bitcoins, a payment system sometimes referred to as “virtual currency.”” According to the FTC’s complaint,” as of September 2013, more than 20,000 consumers had not received the computers they had purchased.”  So on September 18, 2014, US District Judge Brian Wimes (Western District of Missouri) in the case of FTC v. BF Labs, Inc. et al issued an Ex Parte Order enjoined the defendants “from misrepresenting, expressly or by implication, directly or indirectly:”

1. The amount of Bitcoins or any other virtual currencies Defendants’ products or services will generate; or

2. When products or services will be delivered to consumers.

The Ex Parte Order included a repatriation of foreign assets that the defendants had 5 business days to provide the Temporary Receiver “full accounting of all assets, accounts, funds, and documents outside of the territory of the United States that are held either”:

(1) by them;

(2) for their benefit;

(3) in trust by or for them, individually or jointly; or

(4) under their direct or indirect control, individually or jointly.

There is another side to this story as eWeek reported:

According to Butterfly Labs, the company shipped more than $33 million worth of products to customers. The Butterfly Labs Bitcoin miner technology was sold in multiple places, including popular online retailer TigerDirect.com. TigerDirect currently lists the Butterfly Labs Bitcoin miner as being out of stock.

Bitcoin headlines will continue because as the FTC pointed out in its news release “We often see that when a new and little-understood opportunity like Bitcoin presents itself, scammers will find ways to capitalize on the public’s excitement and interest.”

2 Courts Permit Defendants to be Served on Facebook

Posted in eCommerce

TexasBarToday_TopTen_Badge_Small (1)

When the defendants could not otherwise be located and served by paper, face-to-face, two Judges ordered service on Facebook since the defendants were in Turkey and Antigua.  Since Turkey “has not specifically objected to service by email or social media networking sites which are not explicitly listed as means of service” on February 20, 2014, US Magistrate Judge Thomas Rawles Jones, Jr. (Eastern District of Virginia) in the case Whoshere, Inc., v. Gokhan Orun d/b/a/ WhoNear; Who Near; whonear.me ordered that the summons and complaint could be transmitted to the defendant under Federal Rules of Civil Procedure 4(f)(3) by:

1) email to gokhan@whonear.me;

2) email to gokhanorun@gmail.com;

3) Facebook at https://www.facebook.com/OrunGokhan; and

4) LinkedIn at http://www.linkedin/in/gokhanorum.

In the other case a New York Family Court ruled that service on Facebook was acceptable.  In that case Staten Island Support Magistrate Gregory Gliedman ordered that the plaintiff could serve his ex-wife who left no forwarding address  “…to cancel his court-ordered $440-a-month child support based on their son having turned 21.”

These rulings were both in trial courts, and may not survive appellate review.  However service on Facebook has been used since at least 2008 in Australia, Canada, and other countries, so these US rulings were inevitable given the use of Social Media.

18+ States Rely on “Stingrays” (Fake Cell Towers) for Surveillance – Is this an Invasion of Privacy?

Posted in Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Privacy issues have been highlighted by a recent Newsweek report that “mysterious devices sprinkled across America—many of them on military bases—that connect to your phone by mimicking cell phone towers and sucking up your data“ and an earlier Florida Today report that “[l]ocal and state police, from Florida to Alaska, are buying Stingrays with federal grants aimed at protecting cities from terror attacks, but using them for far broader police work” led the American Civil Liberties Union (ACLU) to intervene in a lawsuit to learn more about Stingrays.

The ACLU reported on June 3, 2014 “VICTORY: Judge Releases Information about Police Use of Stingray Cell Phone Trackers” that the Judge granted its Motion for Public Access to Sealed Judicial Records in the case of State of Florida vs. James Thomas.  The Judicial Records were part of an investigation by the Tallahassee Police Department’s means of locating and arresting a rape suspect which relied on Stingrays which were used as follows:

  • Stingrays “emulate a cellphone tower” and “force” cell phones to register their location and identifying information with the stingray instead of with real cell towers in the area.
  • Stingrays can track cell phones whenever the phones are turned on, not just when they are making or receiving calls.
  • Stingrays force cell phones in range to transmit information back “at full signal, consuming battery faster.” Is your phone losing battery power particularly quickly today? Maybe the cops are using a stingray nearby.
  • When in use, stingrays are “evaluating all the [cell phone] handsets in the area” in order to search for the suspect’s phone. That means that large numbers of innocent bystanders’ location and phone information is captured.
  • In this case, police used two versions of the stingray — one mounted on a police vehicle, and the other carried by hand. Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood “at every door and every window in that complex” until they figured out which apartment the phone was located in. In other words, police were lurking outside people’s windows and sending powerful electronic signals into their private homes in order to collect information from within.
  • The Tallahassee detective testifying in the hearing estimated that, between spring of 2007 and August of 2010, the Tallahassee Police had used stingrays approximately “200 or more times.”

The ACLU claims that 43 agencies in 18 states own stingrays and “many agencies continue to shroud their purchase and use of stingrays in secrecy.”  Given the continuing use of cell devices the use of Stingray towers appear to be easy camouflage for police agencies but pose a threat to privacy.

3 IoT (Internet of Things) Cyber Threats to Privacy in Your Home That Might Surprise You

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Most people freely attach devices to the Internet throughout their home without contemplating any privacy risk, but a recent home inspection of “network-attached storages (NAS), Smart TVs, router, Blu-ray player” by Kaspersky Lab security analyst David Jacoby proved otherwise.  As a result of this inspection a report was issued entitled “Hacking a Living Room: Kaspersky Lab Finds Multiple Vulnerabilities in Popular Connected Home Entertainment Devices” which included these three vulnerabilities:

1. Remote code execution and weak passwords: The most severe vulnerabilities were found in the network-attached storages. Several of them would allow an attacker to remotely execute system commands with the highest administrative privileges. The tested devices also had weak default passwords, lots of configuration files had the wrong permissions and they also contained passwords in plain text. In particular, the default administrator password for one of the devices contained just one digit. Another device even shared the entire configuration file with encrypted passwords to everyone on the network.

2. Man-in-the-Middle via Smart TV: While investigating the security level of his own Smart TV, the Kaspersky researcher discovered that no encryption is used in communication between the TV and the TV vendor’s servers. That potentially opens the way for Man-in-the-Middle attacks that could result in the user transferring money to fraudsters while trying to buy content via the TV. As a proof of concept, the researcher was able to replace an icon of the Smart TV graphic interface with a picture. Normally the widgets and thumbnails are downloaded from the TV vendor’s servers and due to the lack of encrypted connection the information could be modified by a third party. The researcher also discovered that the Smart TV is able to execute Java code that, in combination with the ability to intercept the exchange of traffic between the TV and Internet, could result in exploit-driven malicious attacks.      

3. Hidden spying functions of a router: The DSL router used to provide wireless Internet access for all other home devices contained several dangerous features hidden from its owner. According to the researcher, some of these hidden functions could potentially provide the ISP (Internet Service Provider) remote access to any device in a private network. What’s more important is that, according to the results of the research, sections of the router web interface called “Web Cameras”, “Telephony Expert Configure”, “Access Control”, “WAN-Sensing” and “Update” are “invisible” and not adjustable for the owner of the device. They could only be accessed via exploitation of a rather generic vulnerability making it possible to travel between sections of the interface (that are basically web pages, each with own alphanumeric address) by brute forcing the numbers at the end of the address.

What IoT cyber risks do you have in your home?  If you do not know, you probably have a problem!

John Doe Can Remain Anonymous and Not Be Deposed in Pre-Litigation Discovery

Posted in Anonymous Internet Activity, eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Since the plaintiff did not a file a lawsuit against John Doe, the Texas trial court had no jurisdiction to allow the plaintiff to take the deposition of “Trooper,” an anonymous blogger who launched on on-line attack on the CEO of a company who lives in Houston. In the case of In Re John Doe a/k/a “Trooper” on August 29, 2014 the Texas Supreme Court ruled 5-4 the pre-litigation discovery seeking John Doe’s identity is unacceptable in Texas, and the discovery to learn the identity of John Doe can only proceed if a lawsuit is filed.

The Supreme Court said that under “Rule 202 the Texas Rules of Civil Procedure allows “a proper court” to authorize a deposition to investigate a potential claim before suit is filed” however if the court does not have “personal jurisdiction over the potential defendant, or if not, the rule violates due process guaranteed by the Fourteenth Amendment.”

The Trooper’s blogs were critical of Houston resident Robert T. Brockman, CEO of Reynolds & Reynolds Co. “a privately held company, headquartered in Ohio with offices in Texas and elsewhere, that develops and markets software for use by auto dealerships.”

The Court recited these facts in the case:

To discover Trooper’s identity Brockman and Reynolds (whom we refer to collectively as Reynolds) filed a Rule 202 petition in the district court in Harris County, seeking to depose Google, Inc., which hosts the blog. The petition requests that Google disclose the name, address, and telephone number of the owner of the blog website and the email address shown on the site. The petition states that Reynolds “anticipate[s] the institution of a suit” against the Trooper.

Reynolds says it will sue for libel and business disparagement, and, if the Trooper is a Reynolds employee, for breach of fiduciary duty. With the court’s permission, Reynolds gave the Trooper the notice of the petition required by Rule 202 by sending it to the blog email address.

Google does not oppose Reynolds’ petition, but the Trooper does, appearing through counsel as John Doe, without revealing his identity. The Trooper filed a special appearance, asserting that his only contact with Texas is that his blog can be read on the Internet here. He argues that because he does not have minimal contacts with Texas sufficient for a court in this State to exercise personal jurisdiction over him, there is no “proper court” under Rule 202 to order a deposition to investigate a suit in which he may be a defendant. The Trooper also moved to quash the discovery on the ground that he has a First Amendment right to speak anonymously.

Since a lawsuit had not been filed against John Doe, John Doe could not make a Special Appearance under Rule 120a to defend the lack of jurisdiction.  

9 Common Reasons Cloud Systems Crash to Remember When Negotiating Cloud Contracts

Posted in eCommerce, IT Industry

TexasBarToday_TopTen_Badge_Small (1)

My 2011 eCommerce Times column “Cloud Computing – New Buzzword, Old Legal Issues” reminded many folks that “the technology concept behind cloud computing has been around for more than 50 years, and the legal issues are equally old.”  Obviously the reasons Cloud systems crash are equally old news, so it would be wise to negotiate Cloud contracts with these 9 common reasons in mind thanks to eWeek’s report on August 13, 2014:

  1. Human Error.  This is by far the No. 1 cause for cloud downtime. Even with perfect applications, cloud environments are only as good as the people who manage them. This means ongoing maintenance, tweaking and updating must be worked into standard operational procedures. One bad maintenance script can—and will—bring down mission-critical applications. 
  2. Application Bugs. While the cloud does introduce a new level of complexity, application failure still trumps cloud provider issues as a leading cause for downtime. More often than not, such failures are unrelated to the cloud infrastructure running your applications. Traditional IT practices still apply, except that you are continuously developing, testing and deploying your application in the cloud.
  3. Cloud Provider Downtime. Cloud failures are routine. Whether it’s an instance, an availability zone or an entire region, applications should plan for these failures. This means routinely checking performance and spinning up new instances to replace terminated machines. Amazon Web Services, for one example, enables users to spread and load-balance an application across several availability zones so that when one does fail, the application does not suffer.
  4. Quality of Service. As far as consumers are concerned, streaming videos that freeze up mean your cloud is not working. They don’t really care (or even know) that the application is technically speaking still running. That means accommodating for network latency, fluctuating demand and shifting customer requirements.
  5. Extreme Spikes in Customer Demand. This is actually a great example of cloud superiority. If customer demand exceeds capacity, there’s not much you can do with an on-premise IT infrastructure. In a public cloud environment, you can respond to fluctuations in customer demand by automatically scaling capacity during peaks and backing down when demand levels off.
  6. Security Breaches.  Security is often raised as a red flag when it comes to hosting critical applications in the public cloud. Much like on-premise environments, it’s up to you to comply with regulatory and security concerns. However, the cloud does make it easier to check off a list of security requirements, since cloud providers have addressed these concerns repeatedly with hundreds of enterprise customers.
  7. Third-Party Service Failures.  The whole is greater than the sum of its parts, but all it takes to bring your cloud down is one third-party app that isn’t working. This could happen to any type of infrastructure application (sustaining, garbage collecting, security and so on) in yours or another supplier’s data center. It’s up to you to continuously monitor these applications as well and have a contingency plan in place for a rainy day.
  8. Storage Failures.  In a recent disaster recovery survey, storage failure was listed as a top risk to system availability. The cloud still depends on physical storage, which routinely fails. Much like overall service availability and quality, storage issues can lead to serious performance issues. This means planning for these failures by setting up dedicated cloud storage applications that maintain data resiliency and meet data retrieval requirements
  9. Lack of Cloud Disaster Recovery Procedures.  Although disaster recovery has been a common practice for decades in physical data centers, cloud DR only recently has come under scrutiny. Few realize that it’s the customers who are solely responsible for application availability. Cloud providers can help you develop failover and recovery procedures, but it’s up to you to integrate them into your applications.

Look at your Cloud contracts and make sure you are properly protected to avoid these Cloud disasters.

$19 Million Settlement for Droid App Charges between Google and FTC

Posted in eCommerce

TexasBarToday_TopTen_Badge_Small (1)

Unsuspecting children downloaded apps from the Google Play store with “unlimited in-app charges without Google requiring entry of a password or other account holder involvement to obtain the account holder’s consent before the charges were incurred” according to FTC (Federal Trade Commission) Chair Edith Ramirez.  On September 4, 2014 the settlement between Google and the FTC was announced that:

Google Inc. has agreed to settle a Federal Trade Commission complaint alleging that it unfairly billed consumers for millions of dollars in unauthorized charges incurred by children using mobile apps downloaded from the Google Play app store for use on Android mobile devices.

Under the terms of the settlement, Google will provide full refunds – with a minimum payment of $19 million – to consumers who were charged for kids’ purchases without authorization of the account holder.

Google has also agreed to modify its billing practices to ensure that it obtains express, informed consent from consumers before charging them for items sold in mobile apps.

Google is not the only app store violator, on January 15, 2014 Apple agreed to refund $32.5 million for similar charges “incurred by children in kids’ mobile apps without their parents’ consent” and on July 10,2014 the FTC filed suit against Amazon for similar claims for sales to children at the Amazon App Store for the  Kindle and Droid.

5 Reasons to Read “Big Data Analytics for Dummies”

Posted in eCommerce, IT Industry

Wikipedia describes “Big Data” as a broad term “for any collection of data sets so large and complex that it becomes difficult to process using on-hand data management tools or traditional data processing applications.”  Forbes identified these “5 Things Managers Should Know About The Big Data Economy” which are great reasons to read IBM’s Dummies book:

1. We Now Create Knowledge Without Expertise
2. We Can Attain “Scale Without Mass”
3. Data Is The New Capital
4. Privacy Will Become A Brand Value
5. The Semantic Economy

“Big Data” analytics can be critical for competitive advantages and are considered by many businesses to be “one of the world’s most valuable resources” as explained in the IBM Limited Edition of “Big Data Analytics Infrastructure for Dummies” published in 2014 which includes a description of 3 V’s of Big Data and Analytics (BD&A):

Volume.  The first attribute of Big Data is volume. Big Data projects tend to imply terabytes to petabytes of information. However, some smaller industries and organizations are likely to deal with mere gigabytes or terabytes of data.

Velocity.  The second attribute of Big Data is velocity — the speed at which information arrives, is analyzed, and is delivered. The velocity of data moving through the systems of an organization varies from batch integration and loading of data at predetermined intervals to real-time streaming of data. The former can be seen in traditional data warehousing. The latter is in the world of technologies such as complex event processing (CEP), rules engines, text analytics, inferencing, and machine learning.

Variety. The third attribute of Big Data is variety. In the past, enterprises had only to deal with a manageable number of data sources. Times have changed. Today’s business environment   includes not only more data but also more types of data than ever before. Disparate data is data from a variety of data sources and in a variety of formats, and is a major challenge that business  business analytics and Big Data projects must contend with.

As Big Data expands it will impact every business, so everyone needs to understand Big Data.

VIDEO: Cyberethics in the Work Place

Posted in eCommerce, Internet Privacy, IT Industry

TexasBarToday_TopTen_Badge_Small (1)

Wikipedia describes cyberethics as “the philosophic study of ethics pertaining to computers, encompassing user behavior and what computers are programmed to do, and how this affects individuals and society.”  To learn more about cyberethics in business, please watch my recent video entitled “CyberEthics: A Growing Business Challenge.” The video interview by Financial Management Network (& parent SmartPros Ltd.) is part of a series of educational videos provided for accounting, finance, and IT professionals.

Cyberethics are very old news as the “Ten Commandment of CyberEthics” were created in 1992 by Computer Ethics Institute (according to Wikipedia):

  1. Thou shalt not use a computer to harm other people.
  2. Thou shalt not interfere with other people’s computer work.
  3. Thou shalt not snoop around in other people’s computer files.
  4. Thou shalt not use a computer to steal.
  5. Thou shalt not use a computer to bear false witness.
  6. Thou shalt not copy or use proprietary software for which you have not paid.
  7. Thou shalt not use other people’s computer resources without authorization or proper compensation.
  8. Thou shalt not appropriate other people’s intellectual output.
  9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
  10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.

More updated to the Internet, Wikipedia lists these examples of cyberethical questions:

  • Is it OK to display personal information about others on the Internet (such as their online status or their present location via GPS)?
  • Should users be protected from false information?
  • Who owns digital data (such as music, movies, books, web pages, etc.) and what should users be allowed to do with it?
  • How much access should there be to gambling and pornography online?
  • Is access to the Internet a basic right that everyone should have?

No doubt Cyberethics will continue be a challenge for all businesses.

“BYOD Bill of Rights” May Help Concerns about Privacy

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

A recent survey about BYOD (“Bring Your Own Device”) resulted in the finding that “78% of employees use their own mobile devices for work” and “the use of personal technology to access corporate data can be solved by better communication between both parties regarding security, data and privacy concerns.”  On July 10, 2014 Webroot issued its BYOD Security Report entitled ” Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)” which included these key findings:

  • Although 98% of employers have a security policy in place for mobile access to corporate data, 21% allow employee access with no security at all.
  • Over 60% of IT managers surveyed reported the use of personal devices by their employees and 58% indicated they were ‘very’ or ‘extremely’ concerned about the security risk from this practice.
  • Most employee devices are lacking real security with only 19% installing a full security app and 64% of employees limited to using only the security features that came with their devices.
  • Over 60% of employers indicated they seek employee input on mobile device security policies, but over 60% also said employee preference has little or no influence on mobile security decisions.
  • Top concerns from employees regarding a company-mandated security app include employer access to personal data, personal data being wiped by an employer, and employers tracking the location of the device. Other concerns included impact on device performance and battery consumption.
  • 46% of employees using personal devices said they would stop using their devices for business purposes if their employer mandated installation of a specific security app.

Webroot proposed these BYOD Bill of Rights: 

1. Privacy over their personal information

2. Be included in decisions that impact their personal device and data

3. Choose whether or not to use their personal device for work

4. Stop using their personal device for work at any time

5. Back up their personal data in the case of a remote wipe

6. Operate a device that is unencumbered by security that significantly degrades speed and battery life

7. Be informed about any device infections, remediation, or other activity that might affect their device’s performance or privacy

8. Download safe apps on their personal device

BYOD  privacy issues continues as headline news, which is likely to continue given the increasing use of BYOD by employees.