Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

What took the SEC so long to adopt Cybersecurity Disclosure requirements?

Posted in Cyber

The Securities and Exchange Commission (SEC) Chairman Jay Clayton announced the SEC’s approval of the “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” under which “the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents.”  Chairman Clayton’s February 21, 2018 public statement entitled “Statement on Cybersecurity Interpretive Guidance” included these statements:

In today’s environment, cybersecurity is critical to the operations of companies and our markets.  Companies increasingly rely on and are exposed to digital technology as they conduct their business operations and engage with their customers, business partners, and other constituencies. 

This reliance on and exposure to our digitally-connected world presents ongoing risks and threats of cybersecurity incidents for all companies, including public companies regulated by the Commission. 

Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion

Better late than never, and it will be interesting to see what is reported!

Cybersecurity threats targeted at State elections?

Posted in Cyber, Internet Privacy

The Washington Post wrote an article that “State officials have been scrambling to address vulnerabilities in their systems, particularly since the fall, when the Department of Homeland Security disclosed the attempts on the 21 states. Though it is not believed there were further attacks, experts say Russian operatives may have been laying the groundwork for a more aggressive effort in 2018.” The February 17, 2018 article entitled “State elections officials fret over cybersecurity threats” included these observations about a meeting of State Election Officials on Saturday following the February 16th Federal indictments against 13 Russians:

The indictments underscored warnings issued by the nation’s top intelligence officials who said earlier in the week that they had already uncovered evidence that Russians and other foreign operators aimed to disrupt the midterms.

State elections officials and cybersecurity experts are pressuring Congress to act, asking lawmakers to appropriate all the federal funds approved in 2002 for election security. They also want lawmakers to pass legislation that would enact sweeping changes to strengthen U.S. election cybersecurity.

It will be interesting to following these Cybersecurity threats to US elections!

New US Attorney has extensive Cybersecurity experience!

Posted in Cyber recently interviewed Erin Nealy Cox (US Attorney for the Northern District of Texas since November 2017) who described her  “…expertise in cybersecurity will help me identify and communicate the threats to the affected communities so they can understand and craft solutions needed to defend themselves; and it will help me ensure that my prosecutors have the tools, training, and resources to prosecute vigorously those responsible for cyber crimes, wherever they may be located.” The February 8, 2018 interview was entitled “Erin Nealy Cox – How Cyber Background Helps as US Attorney “ began with this introduction:

Perhaps unique for a U.S. attorney, she has extensive background in cybersecurity, having worked as a senior adviser at McKinsey & Co. in the cybersecurity and risk practice; as an assistant U.S, attorney in the Northern District of Texas, where she prosecuted cyber crimes, white-collar crimes, and general crimes; and as a member of the executive team at Stroz Friedberg, a cybersecurity and investigations consulting firm.

Since I’ve known Erin for many years, I’m confident she will be a an excellent US Attorney and particularly dealing with cybercrime.

Uber settles claims for $245M that it stole Google’s trade secrets!

Posted in eCommerce

Money.CNN reported that Google’s Waymo (Google’s self-driving car program) sued Uber for theft of trade secrets, but during the middle of trial “accepted a settlement offer from Uber, which agreed to a deal that includes 0.34% of Uber’s equity at a $72 billion valuation, which works out to about $245 million.”  The February 9, 2018 article entitled “Uber and Waymo settle trade secrets lawsuit” settled even though “Waymo had initially asked for maximum damages of $1.8 billion after:

The investigation into potential trade-secret theft began in late 2016 when Waymo accidentally received an email from a supplier containing an attachment that detailed Uber’s LiDAR circuit board. Waymo claimed it looked suspiciously like its own design.

Given the settlement it sure looks like Uber decided to avoid the uncertainty of a jury verdict and appellate conflict for years to come.

Watch Out! Cyberattack scams the FBI impersonating the Internet Complaint Center (IC3)!

Posted in Cyber, eCommerce

Darkreading reports that there has been a new cyberattack at the FBI Internet Crime Complaint Center (IC3) which “scams people into providing personal data and downloading malicious files by impersonating the”… IC3…which is “intended to give the public a reliable means of reporting suspected illegal activity online.”  The February 2, 2018 report entitled “Cyberattack Impersonates FBI Internet Crime Complaint Center” includes these 3 versions of the IC3 scam:

  1. One involves a fake IC3 social media page requesting personal data to report Internet crime.
  2. Another arrives as an email stating that the recipient’s name was found in a corporate database and they can be compensated for unfair treatment.
  3. The third, an email from the Internet Crime Investigation Center/Cyber Division, claims the recipient’s IP address is a possible victim of cybercrime.

Be extra careful when reporting to the IC3!

Amazon now disrupting health care!

Posted in eCommerce

The New York Times reported that “Amazon, Berkshire Hathaway and JPMorgan Chase announced on Tuesday that they would form an independent health care company to serve their employees in the United States.”  The January 30, 2018 report entitled “Amazon, Berkshire Hathaway and JPMorgan Team Up to Disrupt Health Care” included these comments from Ed Kaplan (who negotiates health coverage on behalf of large employers as the national health practice leader for the Segal Group):

Those are three big players, and I think if they get into health care insurance or the health care coverage space they are going to make a big impact.

…larger insurers were frustratingly inefficient when it came to fixing problems like preventing people from visiting the emergency room when they did not need to, or requiring a doctor’s visit for routine tasks like refilling a prescription.

Stay tuned for more disruption!

GDPR will change world-wide privacy on May 25, 2018: here are 13 key GDPR terms you better know!

Posted in eCommerce, Internet Privacy reported that GDPR is “a massive piece of legislation and if you want to read all 250+ pages, talk about it with fellow data nerds or marketing professionals, or just comprehend the various articles online, you need to know some of the key terms.”  The January 24, 2018 report entitled “13 Key GDPR Terms You Need to Know” starts with GDPR Term #1 Personal Data:

This is the broad term for any information related to an individual or ‘Data Subject’, that can be used to directly or indirectly identify the person. This can be anything from a name or address to a fingerprint or banking details.

Here are all 13 Key GDPR Terms you need to know:

  1. Personal Data
  2. Binding Corporate Rules (BCRs)
  3. Processing
  4. Data Controller
  5. Data Processor  
  6. Consent
  7. Data Protection Officer  
  8. Data Protection Authority (DPA)
  9. Biometric Data –
  10. Data Subject
  11. Right to be Forgotten
  12. Pseudonymous Data
  13. Cross-Border Processing

It’s time all businesses got started learning how GDPR affects them!

Cybersecurity Software: Kaspersky Lab filed a lawsuit against US government to enjoin federal ban!

Posted in Cyber, E-Discovery

Darkreading reported that Kaspersky Lab’s filed a motion for injunctive relief against the Department of Homeland Security’s ban which has “caused considerable reputational damage and loss of sales to the company in North America. The debarment has precluded Kaspersky Lab from doing business with the US federal government, while hurting its consumer and commercial business as well,…”  The January 19, 2018 article entitled “Kaspersky Lab Seeks Injunction Against US Government Ban” included these comments:

The US Department of Homeland Security (DHS) last September ordered the removal of Kaspersky Lab software and services from all federal information systems covered under the Federal Information Systems Management Act, and banned further use of all products from the company.

The ban, issued under DHS Binding Operational Directive (BOD) 17-01, stemmed from concerns about the firm’s ties to the Russian government and the belief that Russian agents had used the company’s software to steal sensitive data from US government systems.

This will be an interesting case to follow.

Did you know that Artificial Intelligence (“AI” aka Machine Learning “ML”) is critical in Cybersecurity?

Posted in Cyber, eCommerce

Darkreading’s recent article identified goals of using ML in Cybersecurity “To make a broad statement, we are trying to use ML to identify malicious behavior or malicious entities; call them hackers, attackers, malware, unwanted behavior, etc. In other words, it comes down to finding anomalies.”  The January 11, 2018 article entitled “AI in Cybersecurity: Where We Stand & Where We Need to Go” included these comments:

With the omnipresence of the term artificial intelligence (AI) and the increased popularity of deep learning, a lot of security practitioners are being lured into believing that these approaches are the magic silver bullet we have been waiting for to solve all of our security challenges.

But deep learning — or any other machine learning (ML) approach — is just a tool. And it’s not a tool we should use on its own.

We need to incorporate expert knowledge for the algorithms to reveal actual security insights.

Stay tuned for AI/ML in Cybersecurity!

Is Bitcoin for real? Probably since the founder of Ripple was briefly richer than Mark Zuckerberg!

Posted in eCommerce

The New York Times reported that “In 2017, the cryptocurrency Bitcoin went from $830 to $19,300, and now quivers around $14,000. Ether, its main rival, started the year at less than $10, closing out 2017 at $715. Now it’s over $1,100.”  The January 13, 2018 story entitled “Everyone Is Getting Hilariously Rich and You’re Not” portrayed stories of many successful bitcoin investors but cautioned that this may be like the time before the world exploded in the late 1990’s:

The wealth is intoxicating news, feverish because it seems so random. Investors trying to grok the landscape compare it to the dot-com bubble of the late 1990s, when valuations soared and it was hard to separate the Amazons and Googles from the Pets.coms and eToys.

Another interesting part of the story was that:

The goal may be decentralization, but the money is extremely concentrated. Coinbase has more than 13 million accounts that own cryptocurrencies. Data suggests that about 94 percent of the Bitcoin wealth is held by men, and some estimate that 95 percent of the wealth is held by 4 percent of the owners.

Will the bitcoin burst and change these wealthy investors?