Criminal Law – Ping® by AdlerLaw A Legal Blog

Illinois Updates Eavesdropping Law, Ambiguities Remain

Illinois has recently enacted a revised version of the Eavesdropping Act. (720 ILCS 5/14, et. seq.) Prior to 2015, Illinois was a “two-party consent” state. The Act prohibited recording police and other public officials without their consent. There were several prosecutions under the old version of the law. The new law makes it legal to make such recordings in public without consent.

Under the old law, the statute had the effect of barring the recording of loud arguments on the street, political debates in the park, or even public interactions between citizens and police officers. While the new law attempts to create a balance between privacy and the need to preserve the details of conversations with authorities, it is being criticized for creating a new set of problems.

Chief among the concerns from both criminal defense attorneys and prosecutors are the definitions of “surreptitious” and “reasonable expectation” of privacy.

For example. although the statute protects one right o secretly record one’s conversations, the reality is that with today’s ubiquity of cell phones, even if someone has a cell phone out on the table or is checking a cell phone during the conversation, it may be unclear whether that person is also using the cell phone to record a conversation.

Furthermore, the concept of a “reasonable expectation of privacy” is problematic. Critics say that ultimately this opens the door for a debate about whether one’s expectation of privacy was a reasonable or not.

Lastly, some have criticized the Act for creating a fast track for police to conduct surveillance on citizens private communications without a warrant. The law allows police to get a approval from a local states attorney under a broad set of circumstances as opposed to having to go in front of a judge and show probable cause.

Given these ambiguities in the law, many believe that it will take time and lawsuits in order to clarify some of the boundaries of these issues.

Authentication, Cloud, cloud computing, Compliance, Computing, Content Development, Creative Content, Criminal Law, cybersecurity, Data, data privacy, enterprise, Internet, Law, Legislation, Litigation, Media, Mobile, Monetizing Content, Networks, Patriot Act, Platforms, Privacy, Regulation, Regulatory Compliance, Security, Strategy, Technology, Trade Secrets

Proposed Amedments To Computer Fraud & Abuse Act

Enacted by Congress in 1986, the Computer Fraud and Abuse Act (CFAA) builds upon existing computer fraud law (18 U.S.C. § 1030). Initially, the CFAA was intended to limit federal jurisdiction to cases “with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.” Notably, the CFAA criminalized certain computer-related acts such as distribution of malicious software code, propagating denial of service attacks as well as trafficking in passwords and similar items. Recently, the CFAA has gained prominence as a bludgeon used to prosecute a wide-range of activities, some broadly labelled “hacking” and other stretching the boundaries of “unauthorized” computer access.

Two recently introduced bills, one by Representative Zoe Lofgren (D-CA) in the House and one by Senator Ron Wyden (D-OR) in the Senate aim to amend the CFAA in hopes of ameliorating application of the CFAA to claims of breach of terms of service, employment agreements. Additionally, with the nickname “Aaron’s Law,” they also seek to limit what some see as the CFAA’s tendency to allow for overzealous prosecution that they claim characterized Aaron Swartz’s case.

In short the bills would amend the meaning of “exceeds authorized access,” changing it to “access without authorization,” which is defined to mean:

“to obtain information on a protected computer”;
“that the accesser lacks authorization to obtain”; and
“by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.”

For a well-documented discussion of the application and boundaries of the CFAA, check out the Electronic Frontier Foundations Legal Treatise on civil and criminal cases involving the Computer Fraud and Abuse Act here.

As businesses become ever more dependent on digital assets and systems, a working knowledge of the legal and regulatory framework that defines and protects those assets is paramount.

If you or your executive teams has questions about securing and protecting digital assets, please feel free to contact David M. Adler for a free consultation. LSGA advises a wide range of businesses on creating, protecting and leveraging digital assets as well as computer, data and information security and privacy.

Please tweet, comment on, and forward is article!

David M. Adler | Adler Law Group
300 Saunders Road, Suite 100
Riverwoods, Illinois 60015
Toll free Phone: (866) 734-2568
http://www.ecommerceattorney.com

*2015 Illinois Super Lawyer http://bit.ly/gFfpAt

Twitter: http://twitter.com/#!/adlerlaw
LinkedIn: http://linkedin.com/in/adlerlaw

Advertising, Authentication, Branding, Cloud, cloud computing, Compliance, Criminal Law, cybersecurity, Data, data privacy, Design, enterprise, FTC, Internet, Law, Legislation, Litigation, Marketing, Media, Mobile, Platforms, Privacy, Regulation, Regulatory Compliance, Security, Strategy, Technology, Uncategorized

#Mobile #Privacy Continues to Challenge Marketers, Developers & Lawmakers

The rapid growth and expansion in the mobile market presents a number of privacy and security issues for mobile software and hardware developers, platform operators, advertisers and marketers who collect, store, use and share consumer information. As awareness of privacy risks grow among consumers, legislators and regulators are increasing scrutiny of mobile privacy and privacy policies in mobile apps.

Businesses operating in the mobile industry are facing a widening array of Regulatory compliance issues. Staying abreast of legal risks and issues can be daunting. How can mobile operators and application developers spot trends and adjust strategies to start competitive? First, keep an eye on FTC activity. Second, monitor new bills coming up in Congress. Third, follow this blog, adlerlaw.wordpress.com.

FTC Privacy Enforcement Actions

Earlier this year, the FTC expanded mobile privacy obligations beyond software to include hardware makers when it announced a settlement with HTC America over charges that HTC failed to use adequate “security by design” in millions of consumer mobile devices. As a result, the company is required to patch vulnerabilities on the devices which include #Smartphones and #Tablets. The settlement, the first action involving a mobile device manufacturer and the new “Privacy By Design” guidelines, sheds some light on the legal risks for mobile device manufacturers and, to some extent, mobile application developers.

Congressional Privacy Laws, Bills & Initiatives

Not surprisingly, federal legislators are taking up the mantle of Consumer Privacy in the area of Mobile Applications. In January 2013, U.S. Rep. Hank Johnson, introduced his mobile privacy bill, The Application Privacy, Protection and Security Act of 2013, or the “APPS Act,”. The bill focuses on transparency, user control and security, mandating that an application 1) provide the user with notice of the terms and conditions governing the collection, use, storage, and sharing of the personal data, and 2) obtain the consent of the user to the terms and conditions. Significantly, the privacy notice is required to include a description of the categories of personal data that
will be collected, the categories of purposes for which the personal data will be used, and the categories of third parties with which the personal data will be shared.

The Bill also requires that application developers have a data retention policy that governs the length for which the personal data will be stored and the terms and conditions applicable to storage, including a description of the rights of the user and the process by which the user may exercise such rights in addition to data security and access procedures and safeguards.

App developers unaware of the data protection requirements may face significant risks and potential harm to their reputation among users of smart devices. If you have concerns about what key data protection and privacy legal requirements apply to mobile applications and the types of processing an app may undertake contact us for a mobile app legal audit. Vague or incomplete descriptions of the ways which a mobile app handles data or a lack of meaningful consent from end users before that processing takes place can lead to significant legal risk. Poor security measures, an apparent trend towards data maximisation and the elasticity of purposes for which personal data are being collected further contribute to the data protection risks found within the current app environment.

Learn more David M. Adler here.

Authentication, Cloud, cloud computing, Compliance, Computing, Criminal Law, cybersecurity, Data, data privacy, Evidence, FTC, Infringement, Internet, Law, Legislation, Litigation, Marketing, Media, Mobile, Networks, Privacy, Regulation, Regulatory Compliance, SaaS, Security, Small Business, Technology, Trade Secrets, Uncategorized, Video

#Bank Information #Security: The Evolving Threat From Insiders

VIDEO: The Evolving Insider Threat– Dawn Cappelli, Randy Trzeciak of CMU’s Insider Threat Center

This video from RSA Conference 2013 discusses:

Who typically commits insider crimes – and how;
How employees are being victimized from outside;
Why our critical infrastructure is at heightened risk.

Even if you are an employer using standard commercial verification measures, you should be cautious about misuse of any information by employees, managers and contractors. Accordingly, you should be careful with training and education and not on only newly-hired employees. Further, plan on how login credential and access to sensitive information will be handled and/or turned over when training or when terminating, suspending, withholding pay, lowering pay, or taking any other adverse action against an employee.

Authentication, Cloud, cloud computing, Compliance, Computing, Content Development, Criminal Law, cybersecurity, Data, data privacy, Design, enterprise, Entertainment, Entrepreneurs, Facebook, Finance, Internet, Law, Litigation, Media, Mobile, Networks, Patriot Act, Platforms, Privacy, Regulatory Compliance, SaaS, Security, Small Business, Social Media, Start-ups, Strategy, Technology, Twitter

Three Things I Learned About Personal Cybersecurity At RSAConference That You Should Be Doing Right Now

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

Twitter looks to add two-factor authentication to stop password hacks (arstechnica.com)

censorship, Cloud, cloud computing, Compliance, Computing, Criminal Law, cybersecurity, Data, data privacy, Internet, Law, Legislation, Media, Privacy, Regulation, Regulatory Compliance, Security, Social Media, Technology

Adlerlaw’s International Cyber Security Legal News

Experts: State Needs Long-Term Cyber Security Plan
WLTX.com

By TIM SMITH — The Greenville News. A month after state officials learned of a massive data breach at the Department of Revenue, officials are still discussing what security measures to take to protect all of the state’s computer systems.

How Obama’s reelection may spur work on cybersecurity in the United States
The Next Web (blog)

Now that the President’s electoral and popular vote victories are in the books, their various ramifications are still being felt. One key element of the addition of four more years to the President’s legacy is the issue of cybersecurity.

Israel’s HLS 2012 Event Highlights Cyber Security Innovations
Defense Update

The Cyber Security panel taking place in Tel-Aviv this week at the HLS 2012 event is attracting considerable interest on the backdrop of the recent revelations of massive Iranian cyber attacks crippling the networks of Aramco Oil Company in Saudi Arabia.

Cyber security facility launched
Alpena News
YPSILANTI, Mich. (AP) — Michigan Gov. Rick Snyder has announced the opening of a facility designed to help electronic security professionals detect and prevent cyber threats and attacks.

Evolving Cyber Crooks Waiting For That Click
The Borneo Post
On the final day of the three-day Cyber Security Awareness campaign, Mohd Izuddin bin Hj Md Hussin, Learning Solution Specialist from Tech One Global, who delivered a public talk on ‘Protect your Computer, Your Family and Yourself’ at Times Square.

Is Obama’s Cybersecurity Executive Order Imminent?
Of course, there remains the chance that Congress will pass some version of a cybersecurity bill before the president can issue his edict.

Advertising, Chicago, cloud computing, Compliance, Computing, Criminal Law, cybersecurity, Data, data privacy, Design, Entrepreneurs, FTC, Internet, Law, Legislation, Litigation, Marketing, Media, Mobile, Networks, Photography, Privacy, Regulation, Regulatory Compliance, SaaS, Security, Small Business, Technology, Video

Outrageous! Seven Rent To Own Firms Used Nefarious Software to Spy on Customers in Their Homes

On September 25, 2012, the Federal Trade Commission announced a settlement with seven rent-to-own companies that secretly installed software on rented computers, clandestinely collected information, took pictures of consumers in their homes (WTF?!) and tracked these consumers’ locations.

If you haven’t vomited on your computer from the sickening outrage, you can read the FTC press release here.

Software design firm DesignerWare, LLC licensed software to rent-to-own stores ostensibly to help them track and recover rented computers. The software collected the data that enabled rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase, to track the location of rented computers without consumers’ knowledge

According to the FTC, the software enabled remote computer disabling if it was stolen, or if the renter failed to make payments. It included an add-on purportedly to help stores locate rented computers and collect late payments. Alarmingly, the software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.

When activated, the nefarious feature logged key strokes, captured screen shots and took photographs using a computer’s webcam, according to the FTC. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.

“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC. “The FTC orders today will put an end to their cyber spying.”

“There is no justification for spying on customers. These tactics are offensive invasions of personal privacy,” said Illinois Attorney General Lisa Madigan.

Compliance, Criminal Law, cybersecurity, Data, data privacy, Internet, Law, Legislation, Media, Privacy, Regulation, Regulatory Compliance, Security, Technology, Video

A complete collection of the 38 federal acts governing U.S. information privacy law.

1. Bank Secrecy Act
2. Cable Communications Policy Act
3. CAN-SPAM Act
4. Children’s Online Privacy Protection Act
5. Computer Fraud and Abuse Act
6. Communication’s Assistance for Law Enforcement Act
7. Computer Security Act
8. DNA Identification Act
9. Dodd-Frank Wall Street Reform and Consumer Protection Act
10. Drivers Privacy Protection Act
11. Economic Espionage and Protection of Proprietary Information Act
12. Electronic Communications Privacy Act
13. Electronic Signatures in Global National Commerce Act (ESIGN)
14. Employee Polygraph Protection Act
15. Fair and Accurate Credit Transactions Act of 2003 (FACTA)
16. Fair Credit Reporting Act
17. Family Educational Rights and Privacy Act
18. Federal Computer Crime Act
19. Federal Privacy Act
20. Federal Trade Commission Act
21. Foreign Intelligence Surveillance Act
22. Freedom of Information Act
23. Gramm-Leach-Bliley Act
24. HIPAA Regulations
25. Identity Theft Assumption and Deterrence Act
26. Medical Computer Crime Act
27. OECD Privacy Guidelines
28. PATRIOT Act
29. PIPEDA Privacy Act
30. Privacy Protection Act
31. Real ID Act
32. Right to Financial Privacy Act
33. Safe Harbor Privacy Principles
34. Telecommunications Act
35. Telephone Consumer Protection Act
36. Uniform Computer Information Transactions Act (UCITA)
37. Veteran’s Affairs Information Security Act
38. Video Privacy Protection Act

Authentication, Compliance, Criminal Law, cybersecurity, Data, data privacy, Internet, Law, Legislation, Media, Privacy, Regulation, Regulatory Compliance, Security, Technology

International Cybersecurity & Information Security News Roundup

UVU receives $3 million grant for cybersecurity training
Deseret News

26 2012 4:39 p.m. MDT. Summary. With the help of a $3 million grant from the U.S. Department of Labor, officials at Utah Valley University are working to meet the demand for workers trained in information technology and cybersecurity.

Cyber-security contest in RI opens to students
Boston.com
PROVIDENCE, R.I. (AP) — Students interested in the field of cyber-security are being urged to enter the state’s third Cyber Foundations Competition. U.S. Rep. Jim Langevin (LAN’-jih-vin), who is co-chair of the Cybersecurity Caucus in Congress, says.

Government said to be making larger strides in cybersecurity
FCW.com
Michael Daniel, special assistant to the president and cybersecurity coordinator at the NSC, highlighted progress in a number of initiatives including short-term, medium-term and long-term plans. “Right now cyberspace seems to favor the intruder…”

Verizon Joins Cybersecurity Group
Personal Liberty Digest
GAITHERSBURG, Md. (UPI) — Communications company Verizon has joined the Lockheed Martin Cyber Security Alliance to counter cybertreats to U.S. information technology infrastructure.

Media Advisory: Minister Toews to Make Announcement Related to Cyber
U.S. Politics Today
MISSISSAUGA, ONTARIO — (Marketwire) — 09/26/12 — The Honourable Vic Toews, Minister of Public Safety, will launch Cyber Security Awareness Month. He will be joined by Michael Kaiser, Executive Director of the U.S. National Cyber Security Alliance.

Lieberman pushes Obama to issue cybersecurity executive order
Daily Caller
Lieberman was the lead co-sponsor of the failed Cybersecurity Act of 2012, a controversial bill that sought to give the federal government regulatory control over the cybersecurity standards of water, power and utility companies.

White House said to plan EO on cybersecurity
ABS CBN News
SAN FRANCISCO – The White House is preparing to direct federal agencies to develop voluntary cybersecurity guidelines for owners of power, water and other critical infrastructure facilities, according to people who said they had seen recent drafts.

Northrop Buys M5 Network Security – Analyst Blog
NASDAQ
Northrop Grumman Corporation ( NOC ) has closed the acquisition of M5 Network Security Pty Ltd. for an undisclosed amount. Canberra, Australia-based, M5 Network Security Pty Ltd. provides cyber security and secure mobile communications products and …

Official Reaffirms US DOD Commitment to Cybersecurity
defpro
The U.S. Defense Department remains vigilant and committed to cybersecurity, especially since its cyber operations present a target for hackers, a senior Pentagon official said here Sept.

Cloud, cloud computing, Compliance, Computing, Creative Content, Criminal Law, cybersecurity, Data, data privacy, Entrepreneurs, Infringement, Internet, Law, Legislation, Litigation, Networks, Patriot Act, Privacy, Regulation, Regulatory Compliance, Security, Small Business, Strategy, Technology

World Information, Data & Cyber Security News & Legal Roundup

German cybersecurity agency prods users to ditch IE

Computerworld – Germany’s cybersecurity agency on Monday urged users to drop Internet Explorer (IE) and switch to a rival, like Chrome or Firefox, until Microsoft patches a new critical bug in its browser.

Democratic senators call for ‘cybersecurity’ executive order
CNET

Senators call for ‘cybersecurity’ executive order. This summer’s partisan sparring that derailed a federal cybersecurity law has resumed, with Democrats proposing an executive order and Republicans saying it would levy “more mandates.”

Cybersecurity scholarships to be offered
UPI.com

“The nation is in dire need of people who are capable of handling the cybersecurity challenges we face,” professor of computing and information sciences Xinming “Simon” Ou said. “We are lagging behind in the number of experts we have versus the threats.

Cybersecurity: Kay Bailey Hutchison condemns Obama’s ‘heavy handed …
Houston Chronicle (blog)

Amid escalating partisan rhetoric over the bipartisan goal of protecting U.S. computer systems from terrorist attacks, Texas Kay Bailey Hutchison criticized President Obama for a “heavy handed, regulatory regime” that would be created.

National Cyber Security Alliance Announces Theme for Data Privacy Day
The Herald | HeraldOnline.com

18, 2012 /PRNewswire-USNewswire/ — The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online and official coordinator of Data Privacy Day (DPD), today …

When it comes to cybersecurity law, where do we draw the line?
ZDNet

Over the past few years, the Obama administration and Congress have taken a variety of legislative runs at creating comprehensive cybersecurity law. See Also: How cybersecurity is like Star Trek’s transporter.

Cyber security biggest challenge for universal credit, says David Freud
ComputerWeekly.com

Cyber security is the biggest challenge for the government’s universal credit roll-out, welfare reform minister David Freud has told a select committee. Speaking to a select committee, pensions minister Ian Duncan Smith said government had consulted …

NetLib teams with CIS to fight cyber security
Mass High Tech

Neil Weicher wants to win the battle in cyber security. NetLib, a Stamford, Conn.-based provider of encryption software founded by Weicher, has partnered with the Center for Internet Security, a non-profit focused on cyber security readiness.

UK spy agency tests Britons’ cyber skills
Reuters

The Government Communications Headquarters (GCHQ) said those aged 16 or over and not already working in cyber security could apply to test their ability to guard a computer network but only 150 contestants at most would be eventually allowed.

Former FBI Cybersecurity Official Steven Chabinsky Thinks FBI is Doing Great …
ticklethewire.com

The FBI’s former top attorney for cybersecurity, Steven Chabinsky, who stepped down this month, thinks the FBI is doing a great job battling the problem, but told the Washington Post that the “federal government” has taken a “failed approach”.

Share this:

Share this:

Share this:

Share this:

Related articles

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: