Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

LinkedIn Allegedly Violates Federal Law by Making Employment History Available

Posted in eCommerce, Internet Privacy

A new class action lawsuit alleges that on LinkedIn “any potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained.”  In the case of Tracee Sweet et al v. LinkedIn which was filed on October 4, 2014 in the US District Court for the Northern District of California, the potential class makes these allegations against LinkedIn for violations of the Fair Credit Reporting Act (FCRA):

(1) fails to comply with the certification and disclosure requirements mandated by the FCRA for credit reporting agencies who furnish consumer reports for employment purposes,

(2) fails to maintain reasonable procedures to limit the furnishing of consumer reports for the purposes enumerated in the FCRA and to assure maximum possible accuracy of consumer report information, and

(3) fails to provide to users of the reference reports the notices mandated by the FCRA.

LinkedIn currently claims that it “operates the world’s largest professional network on the Internet with more than 313 million members in over 200 countries and territories.”

Given LinkedIn’s business model of members posting employment history it is hard to believe that there are FCRA violations, so this will be an important case to follow, but of course the court has to approve the class before the case proceeds.

$600,000 Fine for Blocking WiFi Hotspots in Hotel

Posted in eCommerce, Internet Access

TexasBarToday_TopTen_Badge_Small (1)

The Federal Communications Commission (FCC) fined a hotel after “some of its employees in a Nashville hotel illegally blocked private WiFi signals and customer hotspots so that guests and conference attendees would have to pay to use the hotel’s WiFi services.” On October 6, 2014 the FCC reported that the “incident occurred in March 2013 at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee” and that the hotel:

…had used features of a WiFi monitoring system at the Gaylord Opryland to contain and/or de-authenticate guest-created WiFi hotspot access points in the conference facilities.

The FCC stated that:

Blocking of such signals is a violation of Section 333 of the U.S. Communications Act, according to the FCC. Section 333 provides that “No person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this Act or operated by the United States Government.” That interference includes any kind of jamming or other interference with such signals.

This FCC fine should change how WiFi is offered in hospitality settings in the future.

40 Count Indictment Against Cybercriminal for Stealing Credit Cards and Offering Online Tutorials

Posted in eCommerce

A Russian cybercriminal allegedly “was a leader in the marketplace for stolen credit card numbers, and even created a website offering a tutorial on how to use stolen credit card numbers to commit crime.”  According to an October 9, 2014 Department of Justice (DOJ) Press Release that Roman Valerevich Seleznev, aka “Track2,” 30, of Vladivostok, Russia was indicted:

…with 11 counts of wire fraud, nine counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.

The government expects to prove at trial (currently scheduled for trial on November 3, 2014):

…between October 2009 and October 2013, Seleznev allegedly hacked into retail point of sale systems and installed malicious software to steal credit card numbers from various businesses. Seleznev allegedly created and operated the infrastructure to facilitate the theft and sale of credit card data, used servers located all over the world to facilitate his operation, and sold stolen credit card data on a website known as “”

According to Oregon Live in August 2014:

U.S. Secret Service agents, working with local officials, arrested Seleznev at an airport in the Maldives last month as he was preparing to return to Russia from vacation with his girlfriend. He was flown to the U.S. territory of Guam, where another federal judge sent him to Seattle.

He has pleaded not guilty to the charges, which carry a range of potential penalties, with some counts punishable by up to 10 years in prison and a $250,000 fine.

The DOJ also reported that:

Seleznev is also charged in a separate indictment in the District of Nevada with participating in a racketeer influenced corrupt organization (RICO) and conspiracy to engage in a racketeer influenced corrupt organization, as well as two counts of possession of 15 or more counterfeit and unauthorized access devices.

These will be important trials that hopefully will deter future cybercriminals.

What a Surprise! US Supreme Court Relies on Unsubstantiated Internet Facts

Posted in eCommerce

We all know that “everything on the Internet is true” or at least as presented in Amicus (friend-of-the-court) briefs to the US Supreme Justices who have to figure “out how to distinguish between real facts and Internet facts.”  On August 27, 2014 Professor Allison Orr Larsen (College of William and Mary Law School) wrote a Virginia Law Review article entitled “The Trouble with Amicus Facts” stating that the “court is inundated with 11th-hour, untested, advocacy-motivated claims of factual expertise.”   Professor Larsen also wrote:

The Supreme Court may be hungry for more factual information than the parties can provide, but this Article argues the amicus brief (at least under current rules) is not the best place to find it. In a digital world where factual information is exceedingly easy to access, more amici than ever before can call themselves experts and seek to “educate” the Court on factual matters. In the 79 cases from last term, for example, 61 of them involved an amicus brief filed to supplement the Court’s factual understanding of the case.

The New York Times commented on Professor Larsen’s research:

Some of the factual assertions in recent amicus briefs would not pass muster in a high school research paper. But that has not stopped the Supreme Court from relying on them. Recent opinions have cited “facts” from amicus briefs that were backed up by blog posts, emails or nothing at all.

Supreme Court Regularly Researches on Google

After studying opinions over 15 years Professor Larsen concluded that Justices on the US Supreme Court regularly use Google since apparently Opinions issued by the Supreme Court cite facts never offered by the lawyers’ briefs in another article in the Virginia Law Review in 2012 entitled “Confronting Supreme Court Fact Finding.”

No surprises in either law review article, but why is this different than before the Internet?  Just because someone writes a book does not make it any truer than facts on the Internet.

$100+ Million Lawsuit Threat to Google Over Celebrity Pictures

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

A demand letter reminded Google of its corporate motto “Don’t be evil,” alleged that Google is making “millions and profiting from the victimization of women,” and that “it is time that Google owns up to its conduct and remedies this gross violation of law, ethics, moral and basic privacy rights.”  The October 1, 2014 letter with a Re line “Google’s Repeated Copyright & Privacy Violation in Connection with Hacked Photo Scandal” was sent by attorney Martin Singer of the Los Angeles, California law firm of Lavely & Singer on behalf of over:

…a dozen female celebrities, actresses, models and athletes, whose confidential, personal, private photos and videos (the “Images”) were recently hacked from their respective iCloud accounts and illegally posted on various websites and blogs, including YouTube, Blogspot and other Google based sites, servers and systems.

Mr. Singer’s letter also accuses Google of unethical behavior for which Google is exposed to significant liability for compensatory and punitive damages that could excel $100,000,000 for:

…Google’s despicable, reprehensible conduct in not only failing to act expeditiously and responsibly to remove the Images, but in knowingly accommodating, facilitating and perpetuating the unlawful conduct.

eWEEK reported about Mr. Singer’s letter and described the a common security researcher practice known as Google Hacking  as  ”searching for bad things, including potential security issues on Google…” However “whether Google is responsible for users who are searching for bad things” is unclear with mixed opinions by technology experts interviewed by eWEEK.

Privacy Policy Challenge: Google Ordered to Cease Data Profiling in Germany

Posted in eCommerce, Internet Privacy

A recent administrative order was issued for Google to “to take the necessary technical and organisational measures to guarantee that their users can decide on their own if and to what extend their data is used for profiling.” Last week the Hamburg Commissioner of Data Protection and Freedom of Information (HmbBfDI) ordered that Google is “compelled to collect and combine user data only in accordance with the existing legal framework.”

The HmbBfDI made the following complaint about Google’s privacy policy:

…Google excludes the association of especially sensitive data with other usage data for the purpose of presenting users tailored ads. Nevertheless the combination of all the collected data form the different single services used allows the creation of meaningful and nearly and comprehensive personal records.

The HmbBfDI cited as examples that Google content and usage date collected the following data about individuals:

  • to compile detailed travel profiles by evaluating location data,
  • to detect specific interests and preferences by evaluating search engine use,
  • to assess the user’s social and financial status, their whereabouts and many other of their habits by analysing the collected data and
  • to infer information such as friend relationships, sexual orientation and relationship status.

The Washington Post made the following observation:

That administrative order is bringing to a head the question of whether U.S.-born, ad-driven Web services like Gmail, YouTube and Facebook can peacefully co-exist with a Europe that is enormously sensitive about possible incursions on personal privacy.

Many countries in the EU have been highly critical since 2012 when Google changed its Privacy Policy and no doubt these types of orders will continue to be issued in the EU.

Bitcoin Company Shutdown for Failing to Deliver Bitcoin Mining Computers

Posted in eCommerce

Based on the FTC’s request, a judge enjoined Butterfly Labs from marketing “BitForce” which were “specialized computers designed to produce Bitcoins, a payment system sometimes referred to as “virtual currency.”” According to the FTC’s complaint,” as of September 2013, more than 20,000 consumers had not received the computers they had purchased.”  So on September 18, 2014, US District Judge Brian Wimes (Western District of Missouri) in the case of FTC v. BF Labs, Inc. et al issued an Ex Parte Order enjoined the defendants “from misrepresenting, expressly or by implication, directly or indirectly:”

1. The amount of Bitcoins or any other virtual currencies Defendants’ products or services will generate; or

2. When products or services will be delivered to consumers.

The Ex Parte Order included a repatriation of foreign assets that the defendants had 5 business days to provide the Temporary Receiver “full accounting of all assets, accounts, funds, and documents outside of the territory of the United States that are held either”:

(1) by them;

(2) for their benefit;

(3) in trust by or for them, individually or jointly; or

(4) under their direct or indirect control, individually or jointly.

There is another side to this story as eWeek reported:

According to Butterfly Labs, the company shipped more than $33 million worth of products to customers. The Butterfly Labs Bitcoin miner technology was sold in multiple places, including popular online retailer TigerDirect currently lists the Butterfly Labs Bitcoin miner as being out of stock.

Bitcoin headlines will continue because as the FTC pointed out in its news release “We often see that when a new and little-understood opportunity like Bitcoin presents itself, scammers will find ways to capitalize on the public’s excitement and interest.”

2 Courts Permit Defendants to be Served on Facebook

Posted in eCommerce

TexasBarToday_TopTen_Badge_Small (1)

When the defendants could not otherwise be located and served by paper, face-to-face, two Judges ordered service on Facebook since the defendants were in Turkey and Antigua.  Since Turkey “has not specifically objected to service by email or social media networking sites which are not explicitly listed as means of service” on February 20, 2014, US Magistrate Judge Thomas Rawles Jones, Jr. (Eastern District of Virginia) in the case Whoshere, Inc., v. Gokhan Orun d/b/a/ WhoNear; Who Near; ordered that the summons and complaint could be transmitted to the defendant under Federal Rules of Civil Procedure 4(f)(3) by:

1) email to;

2) email to;

3) Facebook at; and

4) LinkedIn at http://www.linkedin/in/gokhanorum.

In the other case a New York Family Court ruled that service on Facebook was acceptable.  In that case Staten Island Support Magistrate Gregory Gliedman ordered that the plaintiff could serve his ex-wife who left no forwarding address  “…to cancel his court-ordered $440-a-month child support based on their son having turned 21.”

These rulings were both in trial courts, and may not survive appellate review.  However service on Facebook has been used since at least 2008 in Australia, Canada, and other countries, so these US rulings were inevitable given the use of Social Media.

18+ States Rely on “Stingrays” (Fake Cell Towers) for Surveillance – Is this an Invasion of Privacy?

Posted in Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Privacy issues have been highlighted by a recent Newsweek report that “mysterious devices sprinkled across America—many of them on military bases—that connect to your phone by mimicking cell phone towers and sucking up your data“ and an earlier Florida Today report that “[l]ocal and state police, from Florida to Alaska, are buying Stingrays with federal grants aimed at protecting cities from terror attacks, but using them for far broader police work” led the American Civil Liberties Union (ACLU) to intervene in a lawsuit to learn more about Stingrays.

The ACLU reported on June 3, 2014 “VICTORY: Judge Releases Information about Police Use of Stingray Cell Phone Trackers” that the Judge granted its Motion for Public Access to Sealed Judicial Records in the case of State of Florida vs. James Thomas.  The Judicial Records were part of an investigation by the Tallahassee Police Department’s means of locating and arresting a rape suspect which relied on Stingrays which were used as follows:

  • Stingrays “emulate a cellphone tower” and “force” cell phones to register their location and identifying information with the stingray instead of with real cell towers in the area.
  • Stingrays can track cell phones whenever the phones are turned on, not just when they are making or receiving calls.
  • Stingrays force cell phones in range to transmit information back “at full signal, consuming battery faster.” Is your phone losing battery power particularly quickly today? Maybe the cops are using a stingray nearby.
  • When in use, stingrays are “evaluating all the [cell phone] handsets in the area” in order to search for the suspect’s phone. That means that large numbers of innocent bystanders’ location and phone information is captured.
  • In this case, police used two versions of the stingray — one mounted on a police vehicle, and the other carried by hand. Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood “at every door and every window in that complex” until they figured out which apartment the phone was located in. In other words, police were lurking outside people’s windows and sending powerful electronic signals into their private homes in order to collect information from within.
  • The Tallahassee detective testifying in the hearing estimated that, between spring of 2007 and August of 2010, the Tallahassee Police had used stingrays approximately “200 or more times.”

The ACLU claims that 43 agencies in 18 states own stingrays and “many agencies continue to shroud their purchase and use of stingrays in secrecy.”  Given the continuing use of cell devices the use of Stingray towers appear to be easy camouflage for police agencies but pose a threat to privacy.

3 IoT (Internet of Things) Cyber Threats to Privacy in Your Home That Might Surprise You

Posted in eCommerce, Internet Privacy

TexasBarToday_TopTen_Badge_Small (1)

Most people freely attach devices to the Internet throughout their home without contemplating any privacy risk, but a recent home inspection of “network-attached storages (NAS), Smart TVs, router, Blu-ray player” by Kaspersky Lab security analyst David Jacoby proved otherwise.  As a result of this inspection a report was issued entitled “Hacking a Living Room: Kaspersky Lab Finds Multiple Vulnerabilities in Popular Connected Home Entertainment Devices” which included these three vulnerabilities:

1. Remote code execution and weak passwords: The most severe vulnerabilities were found in the network-attached storages. Several of them would allow an attacker to remotely execute system commands with the highest administrative privileges. The tested devices also had weak default passwords, lots of configuration files had the wrong permissions and they also contained passwords in plain text. In particular, the default administrator password for one of the devices contained just one digit. Another device even shared the entire configuration file with encrypted passwords to everyone on the network.

2. Man-in-the-Middle via Smart TV: While investigating the security level of his own Smart TV, the Kaspersky researcher discovered that no encryption is used in communication between the TV and the TV vendor’s servers. That potentially opens the way for Man-in-the-Middle attacks that could result in the user transferring money to fraudsters while trying to buy content via the TV. As a proof of concept, the researcher was able to replace an icon of the Smart TV graphic interface with a picture. Normally the widgets and thumbnails are downloaded from the TV vendor’s servers and due to the lack of encrypted connection the information could be modified by a third party. The researcher also discovered that the Smart TV is able to execute Java code that, in combination with the ability to intercept the exchange of traffic between the TV and Internet, could result in exploit-driven malicious attacks.      

3. Hidden spying functions of a router: The DSL router used to provide wireless Internet access for all other home devices contained several dangerous features hidden from its owner. According to the researcher, some of these hidden functions could potentially provide the ISP (Internet Service Provider) remote access to any device in a private network. What’s more important is that, according to the results of the research, sections of the router web interface called “Web Cameras”, “Telephony Expert Configure”, “Access Control”, “WAN-Sensing” and “Update” are “invisible” and not adjustable for the owner of the device. They could only be accessed via exploitation of a rather generic vulnerability making it possible to travel between sections of the interface (that are basically web pages, each with own alphanumeric address) by brute forcing the numbers at the end of the address.

What IoT cyber risks do you have in your home?  If you do not know, you probably have a problem!