Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Antitrust challenge of Microsoft’s acquisition of LinkedIn!

Posted in eCommerce

The New York Times reported that Salesforce “has raised concerns with Europe’s antitrust authorities about the potential takeover” as to “…whether Microsoft’s proposed deal would hinder access by people and companies to the vast collection of data held by LinkedIn.” The September 29, 2016 article entitled “Salesforce Is Said to Question Microsoft-LinkedIn Deal in Europe” includes these comments from Burke Norton (Salesforce.com’s chief legal officer):

Microsoft’s proposed acquisition of LinkedIn threatens the future of innovation and competition,
…Microsoft will be able to deny competitors access to that data, and in doing so obtain an unfair competitive advantage.

In response the New York Times included these comments from Brad Smith (Microsoft’s president and chief legal officer):

We’re committed to continue working to bring price competition to a C.R.M. [Customer Relationship Management] market in which Salesforce is the dominant participant charging customers higher prices today,

Stay tuned since Microsoft intends to proceed with its acquisition of LinkedIn.

Very likely that the cyberattacks against Southwest & Delta were directed your passenger data

Posted in Cyber, Internet Access

Darkreading reported that a recent cyber safety report to the Federal Aviation Administration (FAA) was based on a PriceWaterhouseCoopers’ survey of “85 percent of airline CEOs in the PwC survey cited cybersecurity as a major risk likely because of the very sensitive nature of passenger data and flight systems.”  The September 23, 2016 report in Darkreading was entitled “Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry” and cited the RTCA (Radio Technical Commission for Aeronautics founded in 1935) which included:

…recommendations is on ensuring that manufacturers, carriers, maintenance facilities and airports maintain an adequate level of cyber preparedness on a routine, day-to-day basis.

The long-term goal is on ensuring not only that systems are properly secured up front when in development but also on making sure the systems are maintained that way during operations.

The Wall Street Journal report entitled “FAA Advisory Body Recommends Cybersecurity Measures” described the RTCA as:

The Federal Aviation Administration’s top technical advisory group adopted language seeking to ensure that cybersecurity protections will be incorporated into all future industrywide standards—affecting everything from aircraft design to flight operations to maintenance practices.

Stay tuned for more airline cyber disasters until these guidelines are in force!

500 million Yahoo users compromised by cyberintrusion, but Yahoo doesn’t plan to provide credit monitoring!

Posted in Cyber, eCommerce

Reuters reported that Yahoo would likely not need to “provide them with credit monitoring services” even though Bob Lord (Yahoo’s CISO) posted “An Important Message About Yahoo User Security”:

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected

Yahoo’s recommended users take many actions including:

  • Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
  • Review your accounts for suspicious activity.
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
  • Avoid clicking on links or downloading attachments from suspicious emails.

Stay tuned as more details are revealed!

$1 trillion will be spent on Cybersecurity in the next 5 years!

Posted in Cyber, Internet Access

CSO recently predicted “a major uptick in cyber spending — to the tune of 12 to 15 percent year-over-year growth through 2021” in an article entitled “Cybersecurity spending outlook: $1 trillion from 2017 to 2021” which included these comments from the SANS Institute which were presented in February 2016:

Tracking security-related budget and cost line items to justify expenditures or document trends can be difficult because security activities cut across many business areas, including human resources, training and help desk.

Most organizations fold their security budgets and spending into another cost center, whether IT (48%), general operations (19%) or compliance (4%), where security budget and cost line items are combined with other related factors.

Only 23% track security budgets and costs as its own cost center.

Given the size of the cyber threat around the world we have little choice but spend these significant monies on Cybersecurity!

Yelp “not guilty”for 1 star review which led to a loss of 95% of locksmith’s business

Posted in Anonymous Internet Activity, eCommerce

The 9th Circuit ruled that Yelp was immune from content under the 1996 Communications Decency Act (DCA) which “immunizes providers of interactive computer services against liability arising from content created by third parties.” On September 12, 2016 in the case of Kimzey v. Yelp the court ruled that:

Yelp fell under the Communications Decency Act’s grant of immunity, and rejected Kimzey’s claims to the contrary. The panel held that there were no facts plausibly suggesting that Yelp fabricated content under a third party’s identity. The panel also rejected Kimzey’s theory that Yelp transformed a third party review into its own “advertisement” or “promotion.” The panel concluded that the proliferation and dissemination of content did not equal creation or development of content.

Here was the 2011 1 star review that Kimzey as a pro se plaintiff claimed to destroy 95% of his business:

THIS WAS BY FAR THE WORST EXPERIENCE I HAVE EVER ENCOUNTERED WITH A LOCKSMITH. DO NOT GO THROUGH THIS COMPANY. I had just flew [sic] back from a long business trip with absolutely no sleep, had to drive into work right after getting off the plane. I was so tired that I locked my keys in the car. So when I realized what happened I called Redmond Mobile. The gentlemen [sic] on the phone told me that a technician would be out ASAP and quoted me $50 for the service, which seemed reasonable. $35 for the service call and $15 for the lock. The technician called and said he’d be at my office in 30 min, an hour goes by and nothing. Call the company back to ask about the ETA and was greeted rudely by the person I had spoken to earlier. He took no responsibility. After the technician finally showed up, he was trying to charge me $35 for the service call and $175 for the lock. I got 20% off after trying to argue with him about being late and the incorrect quote. Supposedly, the lock is $15 and up. Bullshit. CALL THIS BUSINESS AT YOUR OWN RISK. I didn’t even need new keys. I just needed my car unlocked.

This may not be over since the LA Times reported that Kimzey will seek a full panel review.

Cyber criminals recognize security weakness at LinkedIn, Facebook, and Twitter

Posted in Cyber, eCommerce

Darkreading recently reported that LinkedIn confessed that “We don’t have a reliable system for identifying and counting duplicate or fraudulent accounts” and that “cyber criminals now weaponize social media sites and their data, leading to some of the biggest data breaches over the last few years.” The September 6, 2016 article entitled “Why Social Media Sites Are The New Cyber Weapons Of Choice” included these observations that “consumers implicitly trust people’s activity on social media” which is a treasure trove for cyber criminals:

The attackers now have incredibly broad reach and can easily manipulate users and execute a variety of widespread cyber attacks and scams, including everything from social engineering to exploit distribution to counterfeit sales to brand impersonations, account takeovers, customer fraud, and much more.

And the article goes on to make this recommendation:

Both security professionals and marketers alike should start treating social channels like the dangerous security threat they truly are, and align strategies to effectively fend against the range of cyber techniques currently in use.

Good advice, but it will likely go unheeded given the massive scope of social media.

Shadow IT (aka Stealth IT) – massive cyber (& legal) risk for 50% of all companies!

Posted in Cyber, IT Industry

Unfortunately most Shadow IT operations are based on “Click Agreements” and as a result the IT department has no idea of where the company data is located or what legal risks exist…, so if there is a cyber intrusion the company will have no clue about what data is stored where, and if the company has to report a crime, or let PCI know.   Usually Shadow IT comes about when the IT department cannot fulfill a business department’s request, like when HR (Human Resources) asks for a new payroll and IT says it cannot deliver for 3 years.  So the HR department may select a cloud based SaaS (Software as a Service) payroll solution.

It might help to know how Wikipedia defines Shadow IT – “…information-technology systems and solutions built and used inside organizations without explicit organizational approval…., to describe solutions specified and deployed by departments other than the IT department.”

Although no one really knows for sure, but there are many who estimate that at least 50% of all businesses have Shadow IT.   Gartner research vice president Matt Cain estimated that “Shadow IT investments often exceed 30 percent of total IT spend.”   Mr. Cain also made these comments:

This will only increase because demand for new apps and services to pursue digital opportunities outstrips the capacity of IT to provide them.

At the same time, cloud services will mature and employee demographics will shift to increasingly technically savvy employees frustrated by the pace of traditional IT, and with the skills to find their own IT solutions.

Companies need to work hard to locate all Shadow IT ASAP to protect themselves.

Amazon, Google, and LinkedIn support Microsoft’s lawsuit against the US challenging the SCA

Posted in eCommerce, Internet Privacy

Many major Internet players endorsed Microsoft’s April, 2016 lawsuit against the US that the SCA (Stored Communications Act) (part of the Electronic Communications Privacy Act (ECPA) 18 U.S.C. § 2705(b)) violates the First and Fourth Amendments since the Constitution should “afford people and businesses the right to know if the government searches or seizes their property.”  On September 2, 2016 an Amicus Brief was filed by “Amazon.com, Box, Cisco Systems, Dropbox, Evernote, Google, LinkedIn, Pinterest, and Salesforce, Snapchat, and Yahoo” believe that:

…that their customers have a right to be informed of government searches of their private data and that amici have a right to inform them.

Also the Brief included these comments to clarify their position:

Amici respect the important work that law enforcement agencies do every day.  

Technology companies like amici have, or in the future may have, obligations under the Stored Communications Act and other laws to deliver customer data to law enforcement in response to proper legal process, and amici take these obligations seriously.

Many amici have full-time teams of employees—with someone on duty or on call around the clock—dedicated to responding to law enforcement requests for data.

Indeed, in just the last six months of 2015, amici collectively responded to tens of thousands of U.S. government data requests in criminal investigations.

Many amici also publish guidelines for law enforcement that explain their products, describe what customer data can be requested through legal process, and set out how best to serve process on the company.

Amici, in short, have no desire to shield criminals.

This is a very important case to follow.

“Free Speech” prevails as court dismissed $1 million defamation lawsuit over 1 star Yelp review!

Posted in eCommerce

The Dallas News reported that a lawsuit was “dismissed based on the Texas Anti-SLAPP statute, meant to allow judges to dismiss frivolous suits filed against people who speak out about a matter of public concern.”  The August 30, 2016 article entitled “$1M lawsuit dismissed against Plano couple who gave 1-star Yelp review to pet-sitting company” was in the case of Prestigious Pets v. Michelle and Robert Duchouquette and included these comments about the 1 star review:

The Duchouquettes hired Prestigious Pets in October 2015 to watch their two dogs and betta fish, Gordy, while they were on vacation, according to court documents.

In the Yelp review, the Duchouquettes said their betta fish’s tank looked murky in a video feed, the billing was messed up and the company tried to charge to return the keys to the family.

After the court ruling Prestigious Pets’ attorney made these comments:

The pets and this business mean everything to the company and its owner,…

They remain confident that Texas law supports enforcing their contract, including the non-disparagement clause, particularly given the proof presented that Prestigious Pets never agreed to care for the fish, was not paid or hired to care for the fish, and the fish was never harmed.

He said the company tried to resolve the issues before taking legal steps, but “it is unfortunate that those efforts were ignored in favor of the Defendants’ ongoing media campaign.”

This is an important case, and it will be interesting to see if there is an appeal and the outcome.

Sure there are a kazillion eMails, but eMails are not automatically admitted as evidence!

Posted in E-Discovery, eCommerce

A recent case made it clear that under Federal Rule of Evidence 803(6) there was no “absolute right to admission of emails under the business records exception.” In Roberts Technology Group, Inc. v. Curwood, Inc., No. 14-5677, 2016 U.S. Dist. LEXIS 64538 (E.D. Pa. May 17, 2016) the court found that:

…the plaintiff had failed to provide “specific evidence” demonstrating the emails qualified as business records because there was no evidence that the emails were regular business records, were received by the plaintiff as part of its normal business practices, or had been retained pursuant to an email or electronic data policy.

On August 29, 2016 the Trial Evidence Committee of the American Bar Association Litigation Section published Kirsten R. Fraser’s (associate with Porter Wright Morris & Arthur LLP in Columbus, Ohio) article entitled “Admitting Emails under Rule 803(6) Is No Slam Dunk” that discussed a number of cases and advised the importance of:

(1) critically evaluating the content of emails before raising the business records exception, and
(2) providing foundational testimony through proper testimony at trial.

This article provides excellent advice given the critical content found in eMails.