Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Challenges to EU ‘right to be forgotten’ Implementation

Posted in eCommerce, Internet Privacy

Approximately “91,000 requests” to be forgotten have been submitted to Google since the May 2014 EU European Court of Justice ruling which has led to “a total of 328,000 links that applicants wanted taken down” according to a BBC news report.   The report went to say that Google’s ‘right to be forgotten’ statistics so far are:

  • Approved more than 50% of the requests
  • Asked for more information in about 15% of the cases
  • Rejected more than 30% of the applications

Critics of Google include the Index on Censorship which has written to the EU Article 29 Working Party (A29WP) with urgency to:

  • issue detailed guidance on the types of information that can be considered “irrelevant” by search engines. Simply asking search engines to have a due regard to information that is “in the public interest” is insufficient guidance;
  • detail an appropriate mechanism of oversight to ensure that it is possible for data protection or other relevant national and European authorities to examine any search engines’ decision on a Right to be Forgotten request;
  • include an appeals mechanism that allows publishers of content who have had links removed to be able to challenge that decision. Index understands the need to balance privacy rights with rights to information and freedom of expression rights. However, we are concerned that the recent actions of the ECJ and data protection authorities has failed to sufficiently taken into account the latter, and we would urge greater consultation with civil society groups on the implementation of this ruling and in the development of future data protection guidelines to ensure that that these rights are protected.

Google, Microsoft, and Yahoo are meeting with the EU A29WP, “which brings together data protection authorities from across the EU” trying to get clarity about implementing the ‘right to be forgotten’ ruling as reported by Computerworld.

Implementation of the ‘right to be forgotten’ was provided it the May 2014 ruling by the EU Court, so how this will work out will be interesting to watch.

Google Ordered to Produce All Content for xxxxxx@gmail.com in Criminal Investigation

Posted in eCommerce, Internet Privacy

As part of an “investigation of possible conspiracy to commit money laundering” a Judge stated that he perceives “no constitutionally significant difference between the searches of hard drives… and searches of email accounts.”  On July 18, 2014 Magistrate Judge Gabriel W. Gorenstein (US District Court, Southern District of New York) issued a Memorandum Opinion In the Matter of a Warrant for all Content and Other Information Associated with the email account xxxxxx@gmail.com Maintained at Premises Controlled by Google, Inc.

The criminal search warrants were issued under Rule 41 of the Federal Rules of Criminal Procedure and the 1986 Stored Communications Act which ruling is in conflict with other Court rulings in Kansas and the District of Columbia as reported by Computerworld.

This ruling is likely to lead to appellate review so that there will be uniform laws regarding search warrants for content stored at ISPs.

Cybersecurity for Dummies

Posted in eCommerce

This Dummies handbook describes how “APTs (advanced persistent threats) have changed the world of enterprise security and how networks and organizations are attacked” and includes “an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and security best practices.”  Palo Alto Networks released its handbook which provides “some real-world examples of high-profile attacks” so the reader gets “a glimpse into the psyche of a cybercriminal to understand what motivates such a person…”

Here are the 6 chapters:

Chapter 1: Understanding the Cybersecurity Landscape

Chapter 2: The Role of Malware in Advanced Persistent Threats (APTs)

Chapter 3: Why Traditional Security Solutions Fail to Control APTs

Chapter 4: What Next-Generation Security Brings to the Fight

Chapter 5: Creating Advanced Threat Protection Policies

Chapter 6: Ten Best Practices for Controlling APTs

Although the handbook is written in relatively technical fashion it provides basic information to assist anybody that feels they need to know more about the current state of cybersecurity.

Special Masters Have an Important Role in Litigation

Posted in E-Discovery, eCommerce

I am honored to be a member of the Academy of Court-Appointed Masters (ACAM) which provides the advantages that Special Masters “…can monitor discovery and resolve time-consuming disputes; they can help with the growing burden on courts caused by electronically stored information (ESI) discovery problems; they can be assigned trial duties…; they can administer settlement claims; and they can monitor compliance with a court order or settlement agreement.”

For more than 20 year I have served as a Special Master in state and federal courts for disputes about eDiscovery, IT, or Internet business, and it has been my experience that the cost of litigation generally decreases significantly.  As well, Judges find that the Special Master can assist parties when their dockets would not otherwise allow.

Law360 recently interviewed a number of members of ACAM including me and wrote an article entitled “5 Tips For Serving As A Successful Special Master” which included my comments not to “be afraid to ask for a modification to view certain documents or speak to additional parties if that will better serve the court’s goals.” The Law360 article’s 5 tips are as follows:

  1. Create a Culture of Respect
  2. Be Accessible to the Parties
  3. Talk to the Judge (as Much as You Can)
  4. Know Your Order
  5. Strike the Right Tone

Where there are complex eDiscovery, IT, or Internet business disputes parties can recommend to the Judge that a Special Master be appointed, or the Judge may recommend the parties offer Special Master candidates.

FTC Sues Amazon for Unlawfully Billing Children from In-App Store

Posted in eCommerce

Amazon allegedly “billed parents and other Amazon account holders for children’s activities in apps that are likely to be used by children without having obtained the account holders’ express informed consent.” On July 10, 2014 the FTC sued Amazon in the US District Court in the Western Washington which included these allegations for the Amazon App Store for the  Kindle and Droid:

Amazon offers thousands of apps through its mobile app store, including games that children are likely to play. In many instances, after installation, children can obtain virtual items within a game, many of which cost real money.

Amazon bills charges for items that cost money within the app—“in-app charges”—to the parent. Amazon began billing for in-app charges in November 2011, well after media reports about children incurring unauthorized charges in similar apps from other mobile app stores.

Amazon nonetheless often has failed to obtain parents’ or other account holders’ informed consent to in-app charges incurred by children.

The case may have a larger impact to other app stores and products.

Facebook Charged with FTC Violations for Messing with Users’ Minds

Posted in Internet Privacy, Social Media

EPIC alleges that Facebook’s “secretive and non-consensual use of personal information to conduct an ongoing psychological experiment on 700,000 Facebook users.”  On July 3, 2014 EPIC (Electronic Privacy Information Center) filed a complaint with the FTC that Facebook “purposefully messed with people’s minds” when:

Facebook altered the News Feeds of Facebook users to elicit positive and negative emotional responses. 

Facebook conducted the psychological experiment with researchers at Cornell University and the University of California, San Francisco, who failed to follow standard ethical protocols for human subject research.

EPIC claims that Facebook violated its 2012 Consent Decree with the FTC that requires Facebook to “established new privacy safeguards for Facebook users” and specifically prohibits Facebook from:

  • misrepresenting the extent to which it maintains the privacy or security of covered information.
  • misrepresenting “its collection or disclosure of any covered information,” and “the extent to which Respondent makes or has made covered information accessible to third parties.”

The Complaint includes these causes of action:

Count I: Deceptive Failure to Inform Users that their Data Would Be Shared With Third-Party Researchers

Count II: Unfair Failure to Inform Users That They Were Subject to Behavioral Testing

Count III: Violation of the 2012 Consent Order

It will be interesting to follow the EPIC case and how Facebook and the FTC respond.

Google Street View Wifi Collection Case Finally Headed to Trial Court

Posted in Internet Privacy

The US Supreme has refused to consider Google’s claim that when Street View collected unencrypted Wifi data between 2007 and 2010 that it was “readily accessible to the general public” so the collection was not a violation of the Wiretap Act” which claim was rejected in December 2013 by the 9th Circuit Court of Appeals.

The Electronic Privacy Information Center (EPIC) filed an amicus brief in support of Internet users and stated:

This case involves the intentional interception of electronic communications sent over home Wi-Fi networks. The intercepted data includes personal information and communications – passwords, e-mails, financial records, and other documents – that individuals consider extremely private.

The fact that this data was transferred over a wireless network does not change its private nature. Internet users are constantly at risk of cyber attacks and exploits, but they still retain their right in law to communicate privately across computer networks.

The Electronic Communications Privacy Act of 1986 (“ECPA”) ensures the privacy of these communications, and its protections should not be interpreted in an unfair and inconsistent way.

Now the class action suit is headed to the trial court in the California, and it will be interesting to follow since other countries around the world have held against Google.

Facebook Claims NY Court Violated the Constitution with Sweeping Search Warrants

Posted in Internet Privacy

Facebook filed a brief that states that the “Fourth Amendment does not permit the Government to seize, examine, and keep indefinitely the private messages, photographs, videos, and other communications of nearly 400 people—the vast majority of whom will never know that the Government has obtained and continues to possess their personal information.”  Computerworld reported that Facebook has been fighting July 2013:

…a set of sweeping search warrants issued by the Supreme Court for New York County that demanded that it turn over to law enforcement nearly all data from the accounts of the 381 people, including photos, private messages and other information.

The Electronic Frontier Foundation supports Facebook and commented about the New York District Attorney’s search warrants which were supported by a 93 page “affidavit about a long-term investigation into a massive scheme to defraud and other related crimes”:

…the vast majority of the target, the information was not relevant to any crime.  Only 62 people were ultimately charged

On June 20, 2014 Facebook filed its brief under seal in the New York State Supreme Court Appellate Division in the case of IN RE 381 SEARCH WARRANTS DIRECTED TO FACEBOOK, INC. AND DATED JULY 23, 2013 asking the court:

…for the return or destruction of the data as well as a ruling on whether the bulk warrants violated the Fourth Amendment to the U.S. Constitution and other laws.

The Facebook brief also claims that the First Amendment does not “permit the Government to forbid Facebook from ever disclosing what it has been compelled to do—even after the Government has concluded its investigation.”

This case could eventually get to the Supreme Court, and impact all Social Media content.

Pro Football Teams Among 14 Who Settle EU Safe Harbor Misrepresentations

Posted in Internet Privacy

The FTC agreed to  ”settle charges against 14 companies for falsely claiming to participate in the international privacy framework known as the U.S.-EU Safe Harbor. Three of the companies were also charged with similar violations related to the U.S.-Swiss Safe Harbor.”  The Atlanta Falcons, Denver Broncos, and Tennessee Titans were among the 14:

  1. American Apparel
  2. Apperian, Inc.
  3. Atlanta Falcons Football Club, LLC
  4. Baker Tilly Virchow Krause, LLP
  5. BitTorrent, Inc.
  6. Charles River Laboratories International, Inc.
  7. DataMotion, Inc.
  8. DDC Laboratories, Inc.
  9. Fantage, Inc.
  10. Level 3 Communications, LLC
  11. PDB Sports, Ltd., d/b/a Denver Broncos Football Club
  12. Reynolds Consumer Products Inc.
  13. Receivable Management Services Corporation
  14. Tennessee Football, Inc. (Tennessee Titans)

The big question is, why would pro football teams misrepresent Safe-Harbor participation with the EU?

TV SHOW: Net Neutrality Discussion Including Comments from Dr. Vint Cerf (“A Father of the Internet”)

Posted in Net Neutrality

Current debate in Congress that the FCC “should leave net neutrality enforcement to antitrust agencies that can bring lawsuits against broadband providers after they see evidence of anti-competitive behavior” as reported by PCWorld.

I was part of the panel discussing Net Neutrality on the KERA (Dallas Public TV) broadcast on June 22, 2014 entitled “Net Neutrality: What Is It and Why Should I Care?

You are welcome to view the Net Neutrality program on the McCuistionTV.com website with host Dennis McCuistion interviewing a father of the Internet – Dr. Vinton Cerf, Tom Giovanetti (President, Institute for Policy Innovation), Gabe Rottman (Legislative Counsel/Policy Advisor American Civil Liberties Union (ACLU) Washington Legislative Office), and me.