Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

GUEST BLOG: Finally! The Supreme Court Supports Trial Judges in Markman Rulings in Patents Cases

Posted in IT Industry

BARRY BARNETT GUEST BLOGGER

Barry Barnett has been a Guest Blogger in the past, his Blawgletter provides great thoughts, and insights. I read his blogs regularly. Over the years Barry and I have had a number of cases together and he is an outstanding trial partner at Susman Godfrey.

Barry Barnett Jan 2015Barry Barnett Masthead Jan 2015

Clear Error Test Governs Review of Patent Rulings, Supreme Court Holds

The U.S. Supreme Court held 8-2 today that the Federal Circuit may no longer ignore some rulings by trial court judges on how to construe patent claims. The outcome marks a major victory for parties that win the often-decisive battles over claim construction in Markman hearings in district court.

In Teva Pharmaceuticals USA, Inc. v. Sandoz, Inc., No. 13-854, slip op. at 4 (U.S. Jan. 20, 2015), the Court held that Rule 52(a)(6) governs review of “a district court’s resolution of subsidiary factual matters made in the courtse of its construction of a patent claim.”

The case turned on the meaning of “molecular weight” in a patent on a method for making a drug, Copaxone, that doctors prescribe for multiple sclerosis. The district court heard evidence on whether “a skilled artisan” in the field would know what the term meant, found that he or she would grasp it, and rejected Sandoz’s attack on the patent as invalid for indefinitess.

On appeal, the Federal Circuit reversed, ruling de novo that “molecular weight” had no definite meaning in the patent.

Justice Breyer’s majority opinion for the Court vacated the Federal Circuit’s decision and remanded for the lower court to reconsider in light of its obligation under Rule 52(a)(6) to uphold the district court’s fact findings unless Sandoz showed “clear error”.

Although the Court’s ruling applies both to infringement plaintiffs and infringement defendants, it as a practical matter helps plaintiffs more. Parties that claim infringement often have fewer resources than defendants do and must pursue claims — if at all — on a contingent-fee basis. For firms that handle infringement claims under a contingent-fee arrangement, winning in the trial court is crucial, and holding that victory on appeal is key.

By making trial courts’ Markman determinations less subject to appellate tinkering, the Court even-handedly leveled the playing field. But infringement plaintiffs and their contingent-fee counsel are the ones smiling the most.

10 Cyber security tips all employees need to know, including Phishing Scams & BYOD

Posted in eCommerce, Internet Privacy

Employers want to blame cyberthreats on bad guys but “the threat actually originates from within when employees’ ignorance and/or negligence opens the door for cybercriminals” as reported by Kasperky in “Top 10 Tips for Educating Employees about Cybersecurity.”

Phishing Scam advice is included in Tip #4:

Phishing remains the primary method for infecting users via social engineering, especially for corporate employees.

Employees should know that, when in doubt, they should not click on or repost suspicious links in email, tweets, posts, online ads, messages,or attachments – even if they know the source.

Phishing schemes are probably one of the most prevalent methods that cybercriminals use to target businesses via employees.

BYOD advice is included in Tip #8:

Wireless connectivity, cloud services and file-synchronization applications are making these devices highly desirable targets for physical theft.

Thieves and hackers with stolen mobile devices will compromise them to lift valuable data or use them.

Here are the 10 tips:

Tip #1: Create and communicate clear-cut security policies.

Tip #2: Test employees’ security knowledge.

Tip #3: Require complex passwords that must be updated regularly.

Tip #4: Teach employees to avoid phishing scams.

Tip #5: Create systems to automatically back up work.

Tip #6: Use spam and web filters to close windows of vulnerability

Tip #7: Utilize systems management tools to ensure all software updates are installed across multiple endpoints.

Tip #8: Don’t forget mobile.

Tip #9: Keep the lines of communications open between IT and other staff.

Tip #10: Select a trusted security partner.

Kaspersky offered this simple advice which should be a help to all employers.

Cyber Advice to Lawyers: Advanced Persistent Threats (APTs) are directed at your clients!

Posted in eCommerce

TexasBarToday_TopTen_Badge_Small (1)

According to a recent Kaspersky Lab Report every “corporation, regardless of its size or industry, is at risk of becoming the victim of a targeted attack by a variety of threat actors including APT groups, politically-driven “hacktivists,” and more advanced cybercriminals, who offer their services for hire.”

The report entitled “The Evolution of Corporate Cyberthreats” goes on to say:

All APTs are vehicles for cybercrime but not all cybercrimes involved APTs.

Although both are based on monetary gain, APTs specifically target more sensitive data including passwords, competitive intelligence, schematics, blueprints, and digital certificates and are paid for by third-party clients or resold in the underground.

General cybercrime operations are direct “for profit” attacks and target customers’ personal and financial information which can be quickly monetized and laundered underground for ID theft and fraud.

Here are different types of target attacks identified by Kaspersky:

  • Economic Espionage: Targeted Information: Intellectual property; proprietary information; geopolitical, competitive or strategic intelligence
  • Insider Trading Theft: Targeted Information: Pending M&A deals or contracts; upcoming financial earnings; future IPO dates
  • Financial & Identify Theft: Targeted Information: Employee and customer personally identifiable information; payment transactions; account numbers; financial credentials
  • Technical Espionage: Targeted Information: Password or account credentials, source code, digital certificates; network and security configurations; cryptographic keys; authentication or access codes
  • Reconnaissance and Surveillance: Targeted Information: System and workstation configurations; keystrokes; audio recordings; emails; IRC communications; screenshots; additional infection vectors; logs; cryptographic keys

In order to assist clients lawyers need to learn more about APTs!

eDiscovery in Arbitrations

Posted in E-Discovery

The American College of e-Neutrals (ACESIN) and the American Arbitration Association will conduct a training program entitled “Arbitrating in a Digital World – An eDiscovery Course for AAA® Neutrals” in 2015 in Los Angeles on February 19 & 20, Chicago on April 9 & 10, New York on June 11 & 12, and Washington, DC on September 24-25.

The training will be conducted by Allison Skinner, A.J. Krouse, and me.

If you are interesting in signing up for this program please check out this site online:

 

AAA Arbitrating in Digital World C

Do you have the right cyber insurance?

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

“Whether a cyber attack is covered by an insurance policy may depend on the motive for the attack and its perpetrator … as this will affect whether clauses and exclusions for cyber insurance can be considered”according to a recent report issued by the CRO Forum which was entitled “Cyber resilience – The cyber risk challenge and the role of insurance.

Also the report makes this observation about the Chief Risk Officer (CRO) who:

…has an important role to play within an organisation in working with internal stakeholders across business functions to promote awareness and understanding that support effective risk management of cyber risk” 

Here are 5 factors influencing the threat landscape:

  1. The cloud – Businesses are becoming far more complex as they outsource bespoke requirements and large scale infrastructure to external cloud providers.
  2. Shadow IT -The growing use of “shadow IT” – when business functions procure IT solutions without involving the IT department – is eroding organisational boundaries.
  3. Mobile and flexible working – The rush to provide new services on platforms such as mobile devices and through social media is exposing companies to unforeseen risks and new technologies that are less understood.
  4. Bring your own – The traditional boundaries and tight controls enjoyed by IT are being devices eroded as organisations embrace “bring your own device” (BYOD) solutions and web collaboration services to support mobile working and customer engagement.
  5. Internet of things – The growing connectivity of devices via the internet (e.g. smart home appliances) is increasing society’s vulnerability to cyber attacks on control and infrastructure systems.

In order to minimize disasters and have the right insurance coverage all businesses must understand their cyber risks.

Cyber Nightmare for Folks Hiding Money in Swiss Banks

Posted in eCommerce, Internet Privacy

Banque Cantonale de Geneve (BCGE) refused to pay a $11,779 (€10,000) ransom and as a result “an anonymous person or group using the Twitter moniker Rex Mundi said it had hacked the Genevan cantonal (state) bank’s servers and downloaded more than 30,000 emails by Swiss and foreign clients” according to a January 9, 2015 report in Reuters.  As part of the threat before publishing the 30,000 emails the “hacker had earlier posted names, addresses and messages to the bank from two people it said were BCGE clients” but the bank declared:

We chose not to give in to blackmail and chose instead the path of transparency…

Reuters also reported:

BCGE is one of a host of Swiss banks to come forward under a government-brokered scheme for banks to pay fines for helping wealthy Americans avoid tax.

Hackers like this are likely to change attitudes about hiding money in Swiss banks.

Do you think a consumer website can arbitrate disputes? Maybe not without prior approval

Posted in eCommerce

The American Arbitration Association (AAA) changed its Consumer Arbitration Rules effective Sept. 1, 2014 and now requires AAA pre-approval and annual renewal for Terms of Service that obligate consumers to arbitrate disputes. According to the AAA, “contracts that typically meet the criteria for application of these Rules, if the contract is for personal or household goods or services and has an arbitration provision, include, but are not limited to the following:”

  • Credit card agreements
  • Telecommunications (cell phone, ISP, cable TV) agreements
  • Leases (residential, automobile)
  • Automobile and manufactured home purchase contracts
  • Finance agreements (car loans, mortgages, bank accounts)
  • Home inspection contracts
  • Pest control services
  • Moving and storage contracts
  • Warranties (home, automobile, product)
  • Legal funding
  • Health and fitness club membership agreements
  • Travel services
  • Insurance policies
  • Private school enrollment agreements

To learn more about the AAA rules please see the Gardere Client Alert entitled “AAA Changes Arbitration Rules for Websites that Sell to Consumers.”

New Privacy Risks to your Wifi Passwords with Free Phishing App

Posted in eCommerce, Internet Privacy

Wifiphisher is a new tool created “to launch phishing attacks against users of wireless networks in order to steal their Wi-Fi access keys” according to a January 5, 2015 report in Computerworld. The inventor of Wifiphisher is IT security engineer George Chatzisofroniou who says:

Wifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase,…

It is a social engineering attack that unlike other methods does not include any brute forcing.

Computerworld also reported:

Like many other freely available security tools, Wifiphisher can be used by both security professionals — for example during penetration testing engagements — and by malicious attackers. The tool does not exploit any new vulnerabilities; it combines known methods to automate a Wi-Fi attack.

Given the use of wide-spread use of Wifi, Wifiphiser can either help or make things worse….time will tell.

Snapchat Admits it Violated Privacy Laws

Posted in Internet Privacy

The Federal Trade Commission (FTC) announced a Final Order which was “settling charges that Snapchat deceived consumers with promises about the disappearing nature of messages sent through the service…” and “…deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure.”  The December 23, 2014 Final Order includes a 20 year monitoring for Snapchat and a comprehensive privacy program that is reasonably designed to:

(1) address privacy risks related to the development and management of new and existing products and services for consumers, and

(2) protect the privacy and confidentiality of covered information, whether collected by respondent or input into, stored on, captured with, or accessed through a computer using respondent’s products or services.

In the December 31, 2014 FTC News Release stated that the “…settlement with Snapchat is part of the FTC’s ongoing effort to ensure that companies market their apps truthfully and keep their privacy promises to consumers.”

China Uses “Great Firewall” to Block Gmail

Posted in eCommerce, Internet Privacy

“Data from Google shows traffic to Gmail dropping to zero from Chinese servers” which is part of China’s strategy “to block Google, wherever it is, in hopes of causing users enough frustration that they migrate to services like Baidu, a Chinese company that has a popular search engine here, that adhere to party rules” as reported in the New York Times.  Apparently Gmail was blocked beginning on Friday December 26, 2014 “and has ignited anger and frustration among many Internet users in China.”

Nonetheless the New York Times reported this statement from Hua Chunying (a Chinese Foreign Ministry spokeswoman) who disclaimed knowledge of about the blocking:

China has consistently had a welcoming and supportive attitude towards foreign investors doing legitimate business here,…We will, as always, provide an open, transparent and good environment for foreign companies in China.

Obviously freedom on the Internet does not operate in China as it does in most of the world.