Law – Page 6 – Ping® by AdlerLaw A Legal Blog

Advertising, Cloud, cloud computing, Compliance, Computing, Content Development, Creative Content, cybersecurity, Data, data privacy, Design, Entrepreneurs, FTC, Internet, Law, Legislation, Marketing, Media, Mobile, Platforms, Privacy, Regulation, Regulatory Compliance, Security, Small Business, Social Media, Strategy, Technology, Twitter, Uncategorized

Four #Mobile #Privacy Take-Aways From FTC Settlement With HTC

Intel Mobile Device (Photo credit: Frank Gruber)

On February 22, 2013, the FTC announced a settlement with HTC America over charges that HTC failed to use adequate “security by design” in millions of consumer mobile devices. As a result, the company is required to patch vulnerabilities on the devices which include #Smartphones and #Tablets. The settlement, the first action involving a mobile device manufacturer and the new “Privacy By Design” guidelines, sheds some light on the legal risks for mobile device manufacturers and, to some extent, mobile application developers.

The FTC alleged that HTC failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk. The resulting vulnerabilities posed risks to sensitive functionality, including the possibility that malware could send text messages, record audio, and install additional malware onto a consumer’s device.

Here are four key take-aways for mobile device manufacturers and application developers from the FTC’s complaint:

provide your engineering (programming) staff with security training
review or test your software on mobile devices for potential security vulnerabilities
follow well-known and commonly accepted secure coding practices
establish a process for receiving and addressing vulnerability reports from third parties

Smartphones and tablets are powerful, popular, and continue to find their ways into our personal and business lives. New mobile apps hit the market each day. In this fast-moving era of entrepreneurship and creativity, mobile device and app developers need to keep up with evolving privacy and security. Apps and mobile devices that tap into consumer data — including contact information, photos, and location to name a few — pose a heightened risk to digital snoops, data breaches, and real-world thieves.

Please contact us if you are interested in learning how to evaluate your mobile security and privacy risk or to help develop a “Privacy By Design” approach mobile app security.

Please comment, tweet and forward!

FTC moves against mobile device makers over security (networkworld.com)
AT&T to usher in split-personality mobile devices (reviews.cnet.com)

Authentication, Cloud, cloud computing, Compliance, Computing, Content Development, Criminal Law, cybersecurity, Data, data privacy, Design, enterprise, Entertainment, Entrepreneurs, Facebook, Finance, Internet, Law, Litigation, Media, Mobile, Networks, Patriot Act, Platforms, Privacy, Regulatory Compliance, SaaS, Security, Small Business, Social Media, Start-ups, Strategy, Technology, Twitter

Three Things I Learned About Personal Cybersecurity At RSAConference That You Should Be Doing Right Now

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

Twitter looks to add two-factor authentication to stop password hacks (arstechnica.com)

Advertising, Branding, Compliance, Content Development, Copyright, Creative Content, Entrepreneurs, Facebook, FTC, Infringement, Internet, Law, Legislation, Marketing, Media, Mobile, Monetizing Content, Networks, Platforms, Small Business, Social Media, Start-ups, Strategy, Technology, Trademarks, Video

Managing Risk: Legal Issues for Merchants & Affiliate Managers

I will be speaking at Affiliate Management Days SF 2013 (April 16-17, 2013) on the topic of “Managing Risk: Legal Issues for Merchants & Affiliate Managers.”

Affiliate marketing is one of the most cost-effective techniques for monetizing web site traffic and driving sales. Unfortunately, it has a reputation for high risk. While the industry is unlikely to ever be risk-free, it is possible to manage risk by: (1) understanding how techniques like behavioral and contextual targeting affect consumers, affiliates and merchants, (2) understanding the legal and regulatory environment, (3) understating risks involved with prospective marketing partners, (4) using and maintaining proper contracts that allocate risk and provide appropriate indemnifications, and (5) keeping informed about the changes in technology, marketing practices and the regulatory environment. Attendees will learn how to identify these issues and develop policies and procedures to keep informed about the current technology, marketing strategies and regulatory compliance.

Topics covered include:

Behavioral/Contextual Advertising
Regulatory/Industry Compliance : FTC Guides & Enforcement Actions
CAN-SPAM compliance
IP Law: Rules governing use of others™ Trademarks/Keywords, Right of Publicity/Endorsement Issues.
Identifying, protecting against, and disputing accusations of Click-Fraud

Geno Prussakov, the Founder & Chair of Affiliate Management Days and the CEO & founder of AM Navigator LLC did a pre-interview with me on Small Business Trends that can be found here.

Bad Affiliate Programs: Cheating and Stealing from Affiliates (earnblogger.com)

Advertising, Branding, Chicago, Content Development, Copyright, Creative Content, Entertainment, Fashion, Fashion Design, Fashion Law, FTC, Infringement, Internet, Law, Litigation, Marketing, Media, Monetizing Content, Platforms, Social Media, Start-ups, Strategy, Technology, Trademarks, Video

Entertainment & Fashion Law News Update

Entertainment Law News & Events

Entertainment Law Initiative Luncheon Set For Feb. 8 | GRAMMY.com
The GRAMMY Foundation announced today that the keynote discussion at the 15th Annual Entertainment Law Initiative Luncheon & Scholarship Presentation

Colorado IP and entertainment lawyer David Ratner forms ‘Creative …
‘Creative Law Network,’ a Denver-based law firm, will focus on small to mid-size businesses and artists.

Florida Bar Hosts Entertainment Law Event | Billboard
NEW YORK–The Florida Bar Assn.’s Entertainment Arts and Sports Law Section will host its sixth annual legal symposium on music, film and TV on March 26.

UNH Law to debut sports and entertainment law institute
Concord Monitor
The University of New Hampshire’s School of Law will open a Sports and Entertainment Law Institute next fall, giving students the opportunity to focus their studies for a law career in either field.

Entertainment lawyer Mike Novak dies
The Macomb Daily
For nearly three decades, Mike Novak’s name was synonymous with entertainment in the Detroit area. During his career the Troy-based attorney, a resident of Grosse Pointe Shores, represented the likes of artists such as Bob Seger and Kid Rock.

Use a Law Degree to Enter Environmental or Entertainment Fields
U.S. News & World Report (blog)
If you have a question about law school, E-mail me for a chance to be featured next month. This week, I will address questions from readers about pursuing environmental and entertainment law.

Fashion Law News

Minnetonka’s Trademark Suit Against Target Tip-Toes Away http://t.co/sF6vtszP via @FemmeLegale

VIDEO: First Ever Northern California Fashion Law Panel Produced …
First Ever Northern California Fashion Law Panel

Following the Dress Code: Fundamentals of Fashion Law with BK …
February 13th – 6:00-8:00pm 2 MCLE Credits (Professional Practice) 123 Remsen Street, BrooklyModerator: Allegra Selvaggio, Esq.

About The Author

David M. Adler, Esq. is a 2012 Illinois SuperLawyer, author, educator, entrepreneur and partner with Leavens, Strand, Glover & Adler, LLC, a boutique law firm in Chicago, Illinois created with a specific mission: provide businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value.

Advertising, Branding, censorship, Cloud, cloud computing, Compliance, Computing, Content Development, Copyright, Creative Content, cybersecurity, Data, data privacy, Design, Entertainment, Entrepreneurs, Evidence, Facebook, Infringement, Internet, Law, Legislation, Litigation, Marketing, Media, Mobile, Privacy, Production, Regulation, Regulatory Compliance, SaaS, Security, Small Business, Social Media, Start-ups, Strategy, Technology, Trade Secrets, Trademarks

Whose Social Media Account Is It Anyway?

As a result of the rapid shift in marketing from unilateral one-to-many communications, to the multilateral, many-to-many or many-to-one conversations enabled by Social Media, employees and employers are struggling to manage accounts that are used for both work and personal purposes.

This new phenomenon has benefits, but it also creates a number of legal challenges. For employees, it may result in greater efficiency, more opportunities for authentic customers engagement and the ability to stay on top of the most current grands and business issues. For employers, it presents opportunity to reap substantial benefits from lower communications and customer support costs. For in-house counsel, it raises a host of legal and practical issues with few easy solutions and significant liability and regulatory risks.

First, there are hardware issues. Smartphones, tablets and other personal electronics often have social networking capabilities built in. in addition, they contain contain both personal and business data. Because these devices are always on and always connected, they are more than just personal property. They have become essential business tools. For both sides of the workplace equation, employers and employees must understand where the privacy lines fall between personal versus work-related information.

Second, there are data issues. Employers must balance their needs to monitor employee usage, employees’ privacy concerns, and the risk of liability for theft or exposure of data if a device is lost or stolen, or from lack of proper safeguards on account usage. For in-house counsel tasked with drafting policies to address these risks, , Prior to implementation of any policy, the legal team needs to educate front line employees and management on reasonable expectations of privacy and security and the harms that the organization seeks to prevent.

Lastly, recent cases such as the Cristou v. Beatport litigation, highlight the struggle to define and control the beginning and end of employee social media accounts, ownership and protection of intellectual property and the post termination risks that arise from the absence of appropriate policies.

As we prepare to start a new year, the time is ripe to establish security and privacy policies governing creation, maintenance and use of employees’ social media accounts for work functions. In-house counsel must lead the charge to educate, inform and train employees about privacy, security and evidence-recovery implications associated with use of social media.

cloud computing, Computing, cybersecurity, Data, data privacy, Internet, Law, Legislation, Privacy, Regulation, Regulatory Compliance, Security, Technology

HHS Office of Civil Rights (OCR) releases guidance for de-identification under the HIPAA Privacy Rule.

HHS has provided guidance about methods and approaches to achieve de- identification in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The guidance explains and answers questions regarding the two methods that can be used to satisfy the Privacy Rule‘s de-identification standard: Expert Determination and Safe Harbor1. This guidance is intended to assist covered entities to understand what is de-identification, the general process by which de- identified information is created, and the options available for performing de- identification.

Advertising, Cloud, cloud computing, Compliance, Computing, Content Development, cybersecurity, Data, data privacy, Entertainment, FTC, Internet, Law, Legislation, Litigation, Marketing, Media, Mobile, Monetizing Content, Privacy, Regulation, Regulatory Compliance, Security, Social Media, Technology

FTC Privacy Update: Recent Guidance and Settlements

Company Sanctioned for ” History Sniffing”

FTC Settlement Puts an End to “History Sniffing” by Online Advertising Network Charged With Deceptively Gathering Data on Consumers

You know the old adage, the Internet is forever. Well, so is your browsing history, apparently. On December 5, 2012, the FTC announced that an online advertising company agreed to settle Federal Trade Commission charges that it used “history sniffing” to secretly and illegally gather data from millions of consumers about their interest in sensitive medical and financial issues ranging from fertility and incontinence to debt relief and personal bankruptcy.

“Consumers searching the Internet shouldn’t have to worry about whether someone is going to go sniffing through the sensitive, personal details of their browsing history without their knowledge,” said FTC Chairman Jon Leibowitz. “This type of unscrupulous behavior undermines consumers’ confidence, and we won’t tolerate it.”

The defendant, Epic Marketplace shared information with a large advertising network that has a presence on 45,000 websites. Consumers who visited any of the network’s sites received a cookie, which stored information about their online practices including sites they visited and the ads they viewed. The cookies allowed Epic to serve consumers ads targeted to their interests, a practice known as online behavioral advertising.

Mobile Applications (Apps) Continue to Threaten Childrens’ Privacy

Kids’ Data Still Collected, Shared without Parents’ Knowledge, Consent

The Federal Trade Commission issued a new staff report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” [PDF here ] examining the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores. The report details the results of the FTC’s second survey of kids’ mobile apps.

The FTC first surveyed kids’ mobile apps in 2011. Since then there has been little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it. Many any of the apps examined included interactive features, such as connecting to social media, and sent information from the mobile device to ad networks, analytics companies, or other third parties, without disclosing these practices to parents.

Disturbingly, the shared information included login information across multiple sites, GPs location information and device ID information.

Authentication, Cloud, cloud computing, Compliance, Computing, Content Development, Copyright, Creative Content, cybersecurity, Data, data privacy, enterprise, Entrepreneurs, Infringement, Internet, Law, Litigation, Media, Mobile, Networks, Privacy, Regulation, Regulatory Compliance, SaaS, Security, Small Business, Social Media, Start-ups, Strategy, Technology

Three Key Factors That Small Business Owners Must Consider To Enhance Their Cybersecurity

By now most small business owners are aware that Cybersecurity is an issue. But, how much time and capital should be spent on cybersecurity protection? This article discusses three key factors that should play into that decision.

Factor #1 Awareness.

According to some experts, the biggest problem that small business owners face is simply awareness of the risk. This includes awareness by employees as well.

Most data leaks and other security incidents are caused by employees who are either unaware of security protocols or indifferent to them. Regardless of the level of security in your data center or the strength of encrypted communications, the weakest link will almost always be the human beings interacting with the network.

To address this risk, small business owners need to focus on training and awareness for employees. However, company management is usually focused on sales and customer service. Further, owners often lack the time and expertise needed to properly assess security risks. Companies in any industry should look to partner with a third-party security firm to asses risks and develop appropriate training.

Factor #2 Employee Training.

Training is the first line of defense against cyber threats. This training needs to include the entire company, and should cover three key areas: (a) proper password management on all company services and devices, including clear procedures for new and departing employees, as well as day-to-day usage; (b) clear guidelines for the sharing of information with remote employees, partners and third parties; and (c) a plan for monitoring usage and privileges to the company’s digital assets.

Employee training needs to account for how the public will access your company’s products or services. For example, what if a hacker got into a system by pretending to be another user? By rolling out new features slowly, its easier to identify and fix security loopholes.

All stakeholders need awareness of: (a) the type of information you’re transmitting (e.g. payment information), (b) the visibility of information you’re transmitting (e.g. highly-publicized public launch vs. a quiet rollout of some new software), and (c) the level of security inherent in the transmission (e.g. encrypted emails and documents shared via a secure server or data shared publicly through public networks and via social media sites.

Factor #3 Vigilance (Monitoring).

For some companies everything is available and accessed online. Since online relationships are built upon trust, it is critical that the company actively monitor the security and transparency of this relationship. Many tools are available to measure and respond to risk factors and gauge likelihood of an impact to help determine the level of investment required. Resources can be assigned to anything with high likelihood and high impact.

For example, monitoring potentially fraudulent user accounts has an immediate commercial benefit as well as reducing risk.

Unfortunately, a common misconception is that putting up basic defenses like firewalls will protect security vulnerabilities. However, after reinforcing your Cybersecurity defense, the focus should shift to monitoring and alerting. In many cases, this may require up-front investments to enable tracking and alerting to irregularities in network and data activity. Fortunately, in the event of a breach or a loss of data, this monitoring information will be the key factor in addressing the problem and pinpointing the issue. Managers, employees and business partners need to understand that Cybersecurity is an ongoing process. Awareness, training and monitoring will go a long way toward enhancing a small business’ Cybersecurity preparedness.

About the Author:

David M. Adler, Esq. is a partner in the Chicago office of Leavens, Strand, Glover & Adler, LLC, a boutique intellectual property and entertainment law firm in Chicago, Illinois whose mission is providing businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value. The practice is organized around five major substantive areas of law: Intellectual Property Law, Commercial & Finance Law, Entertainment & Media Law, Corporate Law and Contract Law.

Advertising, Branding, Cloud, Compliance, Computing, Content Development, Copyright, Creative Content, Data, Entertainment, Entrepreneurs, Infringement, Internet, Law, Legislation, Litigation, Marketing, Media, Monetizing Content, Platforms, Regulatory Compliance, Social Media, Technology, Video

Act Of Uploading Photos To Web Site Is Sufficient to Assign Copyrights

website is down (Photo credit: Sean MacEntee)

In today’s business world, web sites are no longer simply a static online presence. Today’s web sites are highly interactive and often make use of content (photos, text, images, videos, etc.) that have bee uploaded by visitors and registered users. With the speed of search engines, social networking platforms and mobile computing technologies, any online problem can quickly have far reaching effects well beyond the initial issue.

In order to ensure that web site operators may make as broad a use of this content as possible and that these web sites do not violate the rights of those whose content has been uploaded, many web site have Terms of Use that contain intellectual property licenses, assignments and indemnifications.

A recent federal District Court in Maryland examined whether the mere act of uploading photographs to a website met the requirements of forming a valid electronic contract sufficient to assign copyrights in the photographs under Section 204(a) of the Copyright Act, which requires assignments to be in writing and signed by the assignor.

In Metro. Reg’l Info. Sys., Inc. v. Am. Home Realty Network, Inc., No. 12-cv-00954 (D. Md. Nov. 13, 2012) the defendant argued plaintiff could not state a claim for infringement on the photographs because the assignments of these photographs to plaintiff were void. Defendant argued that the web site Terms of Use Agreement (“TOU”) and the electronic process in which subscribers assigned copyrights in the photographs to plaintiff did not comply with Section 204(a) of the Copyright Act. The Court disagreed.

The Court first looked at Section 204(a). That section provides that “[a] transfer of copyright ownership, other than by operation of law, is not valid unless an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or such owner’s duly authorized agent.” 17 U.S.C. § 204(a). The Court then turned to the Electronic Signatures in Global and National Commerce Act (“E-SIGN”), 15 U.S.C. §§ 7001 et seq., to reject defendant’s argument that the assignments were invalid. E-SIGN provides, in relevant part:

“[n]otwithstanding any statute, regulation, or other rule of law . . . with respect to any transaction in or affecting interstate or foreign commerce–
(1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and

(2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.

15 U.S.C. § 7001(a).

“The term ‘electronic signature’ means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” Id. § 7006(5). The Court concluded that the TOU was clear in its terms and that the electronic process by which subscribers assigned the copyrights in the photographs met E-SIGN and Section 204(a) requirements. Accordingly, the Court held that the assignments were not invalid as a matter of law.

censorship, Cloud, cloud computing, Compliance, Computing, Criminal Law, cybersecurity, Data, data privacy, Internet, Law, Legislation, Media, Privacy, Regulation, Regulatory Compliance, Security, Social Media, Technology

Adlerlaw’s International Cyber Security Legal News

Experts: State Needs Long-Term Cyber Security Plan
WLTX.com

By TIM SMITH — The Greenville News. A month after state officials learned of a massive data breach at the Department of Revenue, officials are still discussing what security measures to take to protect all of the state’s computer systems.

How Obama’s reelection may spur work on cybersecurity in the United States
The Next Web (blog)

Now that the President’s electoral and popular vote victories are in the books, their various ramifications are still being felt. One key element of the addition of four more years to the President’s legacy is the issue of cybersecurity.

Israel’s HLS 2012 Event Highlights Cyber Security Innovations
Defense Update

The Cyber Security panel taking place in Tel-Aviv this week at the HLS 2012 event is attracting considerable interest on the backdrop of the recent revelations of massive Iranian cyber attacks crippling the networks of Aramco Oil Company in Saudi Arabia.

Cyber security facility launched
Alpena News
YPSILANTI, Mich. (AP) — Michigan Gov. Rick Snyder has announced the opening of a facility designed to help electronic security professionals detect and prevent cyber threats and attacks.

Evolving Cyber Crooks Waiting For That Click
The Borneo Post
On the final day of the three-day Cyber Security Awareness campaign, Mohd Izuddin bin Hj Md Hussin, Learning Solution Specialist from Tech One Global, who delivered a public talk on ‘Protect your Computer, Your Family and Yourself’ at Times Square.

Is Obama’s Cybersecurity Executive Order Imminent?
Of course, there remains the chance that Congress will pass some version of a cybersecurity bill before the president can issue his edict.

Related articles

Share this:

Related articles

Share this:

Related articles

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: