Internet, Information Technology & e-Discovery Blog

Internet, Information Technology & e-Discovery Blog

Social changes brought about by the Internet & Technology

Mark Zuckerberg requested to testify to Congress about Facebook/Cambridge Analytica Privacy

Posted in Cyber, Internet Privacy

The Washington Post reported that there was an official request for Mark Zuckerberg to testify at the House Energy and Commerce Committee since the Committee believes the “CEO of Facebook, he is the right witness to provide answers to the American people. We look forward to working with Facebook and Mr. Zuckerberg to determine a date and time in the near future for a hearing before this committee.”  The March 22, 2018 article entitled “A key congressional committee has asked Facebook CEO Mark Zuckerberg to testify about Cambridge Analytica” included these comments from Rep. Greg Walden (R-Ore.) (panel chairman) and Rep. Frank Pallone Jr. (D- N.J.):

The latest revelations regarding Facebook’s use and security of user data raises many serious consumer protection concern,…

After committee staff received a briefing yesterday from Facebook officials, we felt that many questions were left unanswered.

It will be interesting hear Mr. Zuckerberg’s testimony since Facebook confessed to the Federal Trade Commission in 2011 that it failed to comply with FTC Privacy Laws.

Blockchain insurance promises faster claims payments and cheaper coverage!

Posted in eCommerce reported that Allstate Insurance is optimistic that “Blockchain has the potential to revolutionize underwriting…”  The March 16, 2018 article entitled “Blockchain could ‘revolutionize’ insurance” included these comments from Dale Sherman, Allstate vice president of claims:

Coverage could be just-in-time or on-demand. You can imagine mile-by-mile insurance for a specific individual based on their very specific, idiosyncratic risk profile that would change in value, and there could be a bidding marketplace.

Blockchain could enable that in real time depending on where they are going.

The article also included these comments from Tara Acton (Denver-based director of claims and senior corporate counsel at telecommunications firm CenturyLink Inc.):

Efforts in the insurance and reinsurance sector to test blockchain transactions for catastrophe losses, if successful, could reduce costs and make transactions more efficient,…

The ability to process those large catastrophic losses with one proof of loss that’s shared amongst everyone … we could dramatically reduce the administrative costs and friction for insureds in that space…

Great news for Blockchain!

Cyberintrusions by Russia put US power infrastructure in jeopardy!

Posted in Cyber

The Washington Post reported that “Since at least March 2016… Russian hackers have ‘targeted U.S. government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.’”  The March 16, 2018 report entitled “Why Russian hackers aren’t poised to plunge the United States into darkness” includes this natural question “How serious is this hacking? :

The idea of Russian hackers having access to the control switches of America’s power infrastructure is particularly unnerving, raising the idea of waking up one morning to learn that the United States has simply been switched off.

The article also included these comments from several experts:

…explained that this is not only oversimplistic but also that it is almost certainly impossible.

The effects of infiltration of America’s power grid would be much more geographically limited thanks to the distributed, redundant nature of the system.

This all seems pretty frightening that a foreign government could take control of the power infrastructure in the US!  Something we should keep an eye on!

Yahoo’s ToS limitations of liabilities challenged in Cyberbreach of 3 billion users!

Posted in Cyber, eCommerce

Reuters reported that Judge Lucy Kohl ruled that “the plaintiffs could try to show that liability limits in Yahoo’s terms of service were “unconscionable,” given the allegations that Yahoo knew its security was deficient but did little.” The March 12, 2018 article entitled “Data breach victims can sue Yahoo in the United States” included these comments about Judge Kohl’s (US District Judge, Northern District of California) ruling:

Yahoo was accused of being too slow to disclose three data breaches that occurred from 2013 and 2016, increasing users’ risk of identity theft and requiring them to spend money on credit freeze, monitoring and other protection services.

The breaches were revealed after New York-based Verizon agreed to buy Yahoo’s Internett business, and prompted a cut in the purchase price to about $4.5 billion.

A Verizon spokesman had no immediate comment on Monday. A lawyer for the plaintiffs did not immediately respond to requests for comment.

This will be a important case to follow given the cybercrime and reliance on Terms of Service (ToS), Click Agreements, and Privacy Policies that are never read!

Court orders that Cryptocurrencies should be regulated by the US government!

Posted in eCommerce reported “that virtual currencies can be regulated by the U.S. Commodity Futures Trading Commission [CFTC].” The March 8, 2018 report entitled “Federal Court Just Ruled CFTC Can Regulate Crypto—But Agency Isn’t Alone” included these questions resolved by US District Judge Weinstein (Eastern District of New York) with a resounding “YES”:

Is virtual currency a commodity?

Does the CFTC have jurisdiction over fraud that does not directly involve the sale of futures or derivative contracts?

Here’s the background on the case:

The CFTC sued Patrick McDonnell and his company CabbageTech Corp. in January, alleging fraud and misappropriation connected to cryptocurrency purchases. Pro se litigant McDonnell attempted to have the suit thrown out for lack of jurisdiction, but the judge ruled in favor of the CFTC.

This ruling will likely have significant impact on cryptocurrencies!

Tax phishing attacks leads to theft of millions of passwords at Office365 (think Microsoft)!

Posted in Cyber, Internet Privacy reported a “new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS.” The March 2, 2018 report entitled “Millions of Office 365 Accounts Hit with Password Stealers” included these comments:

Barracuda Networks last month flagged a “critical alert” when it detected attack attempts to steal user passwords. This threat lures victims with Microsoft 365 Office files claiming to be tax forms or other official documents; attackers use urgent language to convince people to open the attachment.

Examples of this tactic include files named “taxletter.doc” and phrases like “We are apprising you upon the arisen tax arrears in the number of 2300CAD.” The use of popular file types like Word and Excel, which are globally known and used, further ensures victims will fall for it.

Given the wide usage of Office365 this very alarming news!

Equifax only had $75M in cybersecurity insurance but expect claims of at least $275M!

Posted in Cyber, eCommerce

Reuters reported that Equifax’s 2017 cyber incident where +147M consumers’ data was stolen included “costs mainly reflect technology and data security upgrades, legal fees, and free identity theft protection and credit monitoring offered to the more than 147 million consumers affected by the cyber security incident.”  The March 2, 2018 report entitled “Equifax expects $200 million in breach-related costs in 2018” reported a number of class action lawsuits:

…as well as investigations by U.S. federal, state, local and foreign governmental officials and agencies.

Seems like their estimate of $275M is on the low side when all is said and done!

German Court Ruling against Facebook portends trouble under GDPR!

Posted in Internet Privacy reported about “a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules. “  The article entitled “Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future” included these comments about how “the German court ruling was a signal that social media and tech companies may be wholly unprepared for the GDPR and may have a long way to go to become compliant with its mandates” and that:

…people are going to be surprised by a lot of the fundamental heavy lifting and changes that they are going to have to do around the way that they design products going forward.

This case may help shape GDPR court interpretations.

What took the SEC so long to adopt Cybersecurity Disclosure requirements?

Posted in Cyber

The Securities and Exchange Commission (SEC) Chairman Jay Clayton announced the SEC’s approval of the “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” under which “the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents.”  Chairman Clayton’s February 21, 2018 public statement entitled “Statement on Cybersecurity Interpretive Guidance” included these statements:

In today’s environment, cybersecurity is critical to the operations of companies and our markets.  Companies increasingly rely on and are exposed to digital technology as they conduct their business operations and engage with their customers, business partners, and other constituencies. 

This reliance on and exposure to our digitally-connected world presents ongoing risks and threats of cybersecurity incidents for all companies, including public companies regulated by the Commission. 

Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion

Better late than never, and it will be interesting to see what is reported!

Cybersecurity threats targeted at State elections?

Posted in Cyber, Internet Privacy

The Washington Post wrote an article that “State officials have been scrambling to address vulnerabilities in their systems, particularly since the fall, when the Department of Homeland Security disclosed the attempts on the 21 states. Though it is not believed there were further attacks, experts say Russian operatives may have been laying the groundwork for a more aggressive effort in 2018.” The February 17, 2018 article entitled “State elections officials fret over cybersecurity threats” included these observations about a meeting of State Election Officials on Saturday following the February 16th Federal indictments against 13 Russians:

The indictments underscored warnings issued by the nation’s top intelligence officials who said earlier in the week that they had already uncovered evidence that Russians and other foreign operators aimed to disrupt the midterms.

State elections officials and cybersecurity experts are pressuring Congress to act, asking lawmakers to appropriate all the federal funds approved in 2002 for election security. They also want lawmakers to pass legislation that would enact sweeping changes to strengthen U.S. election cybersecurity.

It will be interesting to following these Cybersecurity threats to US elections!