CLOUD Act dramatically changes international privacy laws (and eDiscovery)!

Without any public hearings, review, or public comment Congress created the CLOUD Act which was signed into law as part of the $1.3 trillion government spending bill which changed the 1986 Stored Communications Act (SCA).  The SCA was created to protect privacy in telephone records and with the advent of the Internet has been used by ISPs (Internet Service Providers) to restrict access to Internet content except with the owner’s permission in the US.

As a result of the CLOUD Act on April 17, 2018 the Supreme Court dismissed the US v. Microsoft case after hearing arguments on February 27, 2018 regarding Microsoft’s reliance on the 1986 SCA to refuse to produce emails in Ireland of an alleged drug dealer.

The Electronic Frontier Foundation made these comments about the CLOUD Act in March that it “is a far-reaching, privacy-upending piece of legislation that will”:

  • Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.
  • Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
  • Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
  • Allow foreign police to collect someone’s data without notifying them about it.
  • Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.

The CLOUD Act will have an interesting impact on privacy (and eDiscovery).

Are ATMs safe? Probably not since Black Box ATM attacks are mounting which is costing banks millions! report that “Fraudsters are now gingerly testing the waters in central and Western Europe with attacks that drain cash machines of their funds, according to a trade group that studies criminal activity around ATMs.”  The April 18, 2018 report entitled “No Card Required: ‘Black Box’ ATM Attacks Move Into Europe” included these statistics:

The European Association for Secure Transactions, or EAST, says the attacks, sometimes referred to as “jackpotting,” rose 231 percent in 2017 compared to 2016. Last year, 193 incidents were reported compared to 58 in 2016.

EAST published its year-end report on ATM attacks, which covers some 367,000 ATM in 21 European countries. There are about 413,000 ATMs in Europe.

If these attacks are successful in Europe surely these attacks will move around the world!

71% of US federal agencies have reported Cybersecurity breaches! reported that “Federal agencies must protect sensitive data and both thwart bad guys hunting for citizens’ private data and nation-state hackers with their own agendas — in addition to grappling with perennial underfunding, understaffing, and antiquated systems that commercial enterprises tossed into the dumpster years ago. At the same time, they need to make government more accessible and transparent via digital transformation, which inevitably exposes them to more cyber threats.” The April 13, 2018 Report entitled “Federal Agency Data Under Siege” referred to the Thales’ 2018 Data Threat Report—Federal Government Edition which cited:

… 57% of federal respondents reported data breaches, a threefold increase over the 18% recorded back in 2016. As many as 12% experienced multiple breaches in 2017 and in previous years.

Highlighted in the Thales Report was Garrett Bekker (451 Research’s principal analyst for information security) who made these comments:

Like most other sectors, data security spending plans in the US federal sector are up compared to last year — way up,…

Perhaps more importantly, for the first time, the US federal government ranks the highest of any US vertical in terms of spending increase plans — more than nine out of 10 (93%) plan to increase security spending in 2018.

Obviously we need to improve Federal Cybersecurity!

IBM Cybersecurity teams with Willis Towers Watson

Willis Towers Watson “a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries..”announced “an expansion of the company’s global advisory services aimed at addressing risk related to cybersecurity.” The April 12, 2018 announcement entitled “Willis Towers Watson Expands Cybersecurity Services via Collaboration with IBM Security” included these comments from Anthony Dagostino, Global Head of Cyber Risk, Willis Towers Watson:

We believe that a successful cyber resiliency strategy must have a comprehensive approach that addresses people, capital and technology in equal measure…

Recent cyber-attacks are a constant reminder of why companies need a proactive strategy.

We are excited to partner with IBM to better address the technological risks our clients face across the globe.

Great to see this news.

Facebook settles theft of trade secret lawsuit on the eve of Mark Zuckerberg’s congressional testimony! reported that “Facebook told a California federal judge Monday it had reached a mid-trial settlement of BladeRoom Group Ltd.’s $365 million data center trade secrets suit, prompting co-defendant Emerson Electric Co. to unsuccessfully seek a mistrial on grounds that Facebook’s ongoing Cambridge Analytica scandal will bias jurors against it.”  The April 9, 2018 article entitled “Facebook Settles $365M Trade Secrets Case Mid-Trial” included District Judge Edward J. Davila’s ruling that the trial against Emerson would continue even the lawyers argued that there was “nothing more politically charged in this country”:

Emerson argued that a mistrial or continuation is warranted on the remaining claims against it, saying that because of the Cambridge Analytica scandal, Facebook would remain an “elephant in the room” that jurors wouldn’t be able to forget.

Here’s the basis of the lawsuit:

BladeRoom is seeking $365 million in claimed damages, according to court documents, including $18.4 million for allegedly lost profits on the building contract, $88.4 million for future profits BladeRoom said it couldn’t generate as a result of the trade secret theft, and $188.4 million in unjust enrichment that BladeRoom said Emerson received from being able to later sell off part of its business.

Stay tuned to see what happens as the trial proceeds.