On September 25, 2012, the Federal Trade Commission announced a settlement with seven rent-to-own companies that secretly installed software on rented computers, clandestinely collected information, took pictures of consumers in their homes (WTF?!) and tracked these consumers’ locations.
If you haven’t vomited on your computer from the sickening outrage, you can read the FTC press release here.
Software design firm DesignerWare, LLC licensed software to rent-to-own stores ostensibly to help them track and recover rented computers. The software collected the data that enabled rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase, to track the location of rented computers without consumers’ knowledge
According to the FTC, the software enabled remote computer disabling if it was stolen, or if the renter failed to make payments. It included an add-on purportedly to help stores locate rented computers and collect late payments. Alarmingly, the software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.
When activated, the nefarious feature logged key strokes, captured screen shots and took photographs using a computer’s webcam, according to the FTC. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.
“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC. “The FTC orders today will put an end to their cyber spying.”
“There is no justification for spying on customers. These tactics are offensive invasions of personal privacy,” said Illinois Attorney General Lisa Madigan.
26 2012 4:39 p.m. MDT. Summary. With the help of a $3 million grant from the U.S. Department of Labor, officials at Utah Valley University are working to meet the demand for workers trained in information technology and cybersecurity.
Cyber-security contest in RI opens to students
Boston.com
PROVIDENCE, R.I. (AP) — Students interested in the field of cyber-security are being urged to enter the state’s third Cyber Foundations Competition. U.S. Rep. Jim Langevin (LAN’-jih-vin), who is co-chair of the Cybersecurity Caucus in Congress, says.
Government said to be making larger strides in cybersecurity
FCW.com
Michael Daniel, special assistant to the president and cybersecurity coordinator at the NSC, highlighted progress in a number of initiatives including short-term, medium-term and long-term plans. “Right now cyberspace seems to favor the intruder…”
Verizon Joins Cybersecurity Group
Personal Liberty Digest
GAITHERSBURG, Md. (UPI) — Communications company Verizon has joined the Lockheed Martin Cyber Security Alliance to counter cybertreats to U.S. information technology infrastructure.
Media Advisory: Minister Toews to Make Announcement Related to Cyber
U.S. Politics Today
MISSISSAUGA, ONTARIO — (Marketwire) — 09/26/12 — The Honourable Vic Toews, Minister of Public Safety, will launch Cyber Security Awareness Month. He will be joined by Michael Kaiser, Executive Director of the U.S. National Cyber Security Alliance.
Lieberman pushes Obama to issue cybersecurity executive order
Daily Caller
Lieberman was the lead co-sponsor of the failed Cybersecurity Act of 2012, a controversial bill that sought to give the federal government regulatory control over the cybersecurity standards of water, power and utility companies.
White House said to plan EO on cybersecurity
ABS CBN News
SAN FRANCISCO – The White House is preparing to direct federal agencies to develop voluntary cybersecurity guidelines for owners of power, water and other critical infrastructure facilities, according to people who said they had seen recent drafts.
Northrop Buys M5 Network Security – Analyst Blog
NASDAQ
Northrop Grumman Corporation ( NOC ) has closed the acquisition of M5 Network Security Pty Ltd. for an undisclosed amount. Canberra, Australia-based, M5 Network Security Pty Ltd. provides cyber security and secure mobile communications products and …
Official Reaffirms US DOD Commitment to Cybersecurity
defpro
The U.S. Defense Department remains vigilant and committed to cybersecurity, especially since its cyber operations present a target for hackers, a senior Pentagon official said here Sept.
Computerworld – Germany’s cybersecurity agency on Monday urged users to drop Internet Explorer (IE) and switch to a rival, like Chrome or Firefox, until Microsoft patches a new critical bug in its browser.
Senators call for ‘cybersecurity’ executive order. This summer’s partisan sparring that derailed a federal cybersecurity law has resumed, with Democrats proposing an executive order and Republicans saying it would levy “more mandates.”
“The nation is in dire need of people who are capable of handling the cybersecurity challenges we face,” professor of computing and information sciences Xinming “Simon” Ou said. “We are lagging behind in the number of experts we have versus the threats.
Amid escalating partisan rhetoric over the bipartisan goal of protecting U.S. computer systems from terrorist attacks, Texas Kay Bailey Hutchison criticized President Obama for a “heavy handed, regulatory regime” that would be created.
18, 2012 /PRNewswire-USNewswire/ — The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online and official coordinator of Data Privacy Day (DPD), today …
Over the past few years, the Obama administration and Congress have taken a variety of legislative runs at creating comprehensive cybersecurity law. See Also: How cybersecurity is like Star Trek’s transporter.
Cyber security is the biggest challenge for the government’s universal credit roll-out, welfare reform minister David Freud has told a select committee. Speaking to a select committee, pensions minister Ian Duncan Smith said government had consulted …
Neil Weicher wants to win the battle in cyber security. NetLib, a Stamford, Conn.-based provider of encryption software founded by Weicher, has partnered with the Center for Internet Security, a non-profit focused on cyber security readiness.
The Government Communications Headquarters (GCHQ) said those aged 16 or over and not already working in cyber security could apply to test their ability to guard a computer network but only 150 contestants at most would be eventually allowed.
The FBI’s former top attorney for cybersecurity, Steven Chabinsky, who stepped down this month, thinks the FBI is doing a great job battling the problem, but told the Washington Post that the “federal government” has taken a “failed approach”.
The Federal Trade Commission has published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC’s new publication, “Marketing Your Mobile App: Get It Right from the Start,” notes that there are general guidelines that all app developers should consider. They include:
Tell the Truth About What Your App Can Do. – “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises;
Disclose Key Information Clearly and Conspicuously. – “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”
Build Privacy Considerations in From the Start. – Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”
Offer Choices that are Easy to Find and Easy to Use. – “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”
Honor Your Privacy Promises. – “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers – like all other marketers – have to live up to those promises.”
Protect Kids’ Privacy. – “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”
Collect Sensitive Information Only with Consent. – Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.
Keep User Data Secure. – Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information.
Illustration of Facebook mobile interface (Photo credit: Wikipedia)
A recent New Jersey District Court case underscores the rise in tensions between employers and employees when it comes to Social Media Accounts. In Ehling v. Monmouth-Ocean Hospital Service Corp., the Court denied an employer’s motion to dismiss a former employee’s invasion of privacy claim that alleged a supervisor accessed the employee’s Facebook account. Ehling worked for Monmouth-Ocean Hospital Service Corporation (“MONOC”) and became Acting President of the local union for Professional Emergency Medical Services. Ehling alleged that MONOC began engaging in a pattern of retaliatory conduct against her eventually leading to termination of her employment.
Posting Limited to “Friends”
Ehling maintained an account on Facebook, but kept access to her wall post limited to Facebook “friends,” many of whom were coworkers, but none of whom were members of MONOC’s management. Ehling alleged that MONOC surreptitiously gained access to her Facebook account when a supervisor summoned a MONOC employee, who was a Facebook friend, and coerced, strong-armed, and/or threatened the employee to access his Facebook account in the supervisor’s presence for the purpose of viewing and copying Ehling’s posts.
Ehling alleged that MONOC then sent letters regarding a certain posting to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services as it was concerned that Plaintiff’s Facebook posting showed a disregard for patient safety. Ehling alleged the letters were malicious and meant to damage her professionally.
Ehling’s claim for common law invasion of privacy was premised on Defendants’ alleged unauthorized “access of her private Facebook postings” The Court denied MONOC’s motion to dismiss which argued that Ehliong did not have a reasonable expectation of privacy in her Facebook posting. The Court stated that Under New Jersey law, to state a claim for intrusion upon one’s seclusion or private affairs, a plaintiff must allege sufficient facts to demonstrate that (1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person. See Bisbee v. John C. Conover Agency Inc., 186 N.J. Super. 335, 339 (App. Div. 1982). “[E]xpectations of privacy are established by general social norms” and must be objectively reasonable – a plaintiff’s subjective belief that something is private is irrelevant. White, 344 N.J. Super. 211, 223 (Ch. Div. 2001).
The Impact of Social Media on Privacy is Unsettled
The Court went on to make further observations on the impact of Social Media on Privacy:
“Privacy in social networking is an emerging, but underdeveloped, area of case law. See Robert Sprague, Invasion of the Social Networks: Blurring the Line between Personal Life and the Employment Relationship, 50 U. Louisville L. Rev. 1, 13 (2011) (discussing the undefined legal boundary between public and private communications on social networking websites).
There appears to be some consistency in the case law on the two ends of the privacy spectrum. On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view. See, e.g., United States v. Gines-Perez, 214 F.Supp.2d 205, 225 (D.P.R. 2002), rev’d on other grounds, 90 F. App’x 3 (1st Cir. 2004) (“[I]t it strikes the Court as obvious that a claim to privacy is unavailable to someone who places information on an indisputably, public medium, such as the Internet, without taking any measures to protect the information”); Yath v. Fairview Clinics, N.P., 767 N.W.2d 34, 44(Minn. Ct. App. 2009) (holding that privacy was lost when private information was posted on a publicly accessible Internet website and “[a]ccess to the publication was not restricted”).
Some Reasonable Expectation of Privacy
On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communications. See, e.g., Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (N.J. 2010) (employee could have reasonably expected that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private); Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F. Supp. 2d 548 (S.D.N.Y. 2008) (employee had a reasonable expectation of privacy in personal, password-protected e-mail messages stored on a third party’s server, although the employee had accessed that outside server while at work).
Legal Approaches Continue to Develop
The Court note that a consistent approach hasn’t yet developed. While most courts hold that a communication is not necessarily public just because it is accessible there is disagreement as to how far that theory extends. Some courts have adopted the rule that when one shares private information to one or more persons, there may still be a reasonable expectation that the recipients of the information will not disseminate it further. What is clear is that privacy determinations are made on a case-by-case basis, in light of all the facts presented.
Cybersecurity, the subject of this month’s Minnesota International Center’s “Great Decisions” dialogue, is a hot topic in the Beltway, Silicon Valley and on Wall Street. It’s also an important subject in Foggy Bottom and Turtle Bay.
Cybersecurity News Roundup: MyAgent Trojan; Virus Infects Saudi Oil Giant; and Pro-Censorship Hackers. This week’s IT security news roundup features stories on the newly discovered MyAgent Trojan; malware that forced a Saudi Oil Giant to shut down.
Congress is now in recess. But before its members left town, back on Friday, Aug. 3, they rejected a bipartisan bill that would have established optional “cybersecurity” standards for the computer systems that operate the country’s power grids, dams.
Will Obama use the Dream Act model of bypassing Congress to advance his cybersecurity agenda? Obama’s counterterrorism adviser John Brennan hints that such an order could come [see Cat Out of Bag on Infosec Regulation?].
When the Waldo Canyon fire roared closer to Colorado Springs on June 26, Jeff Beauprez, president and CEO of Colorado Networks, started getting frantic phone calls from businesses along the Garden of the Gods Road corridor.
Today’s cars have grown vulnerable to the threat of computer viruses or hackers — security researchers have even shown how to remotely unlock a vehicle or start a car’s engine using simple text messages. But a group of U.S. students who attended the …
Senate Republicans recently blocked cybersecurity legislation, but the issue might be revived by the White House, a federal law enforcement official told the Law Enforcement Examiner on Monday.
Stephanie Daman, CEO at the Cyber Security Challenge UK, said the cyber camp concept is something completely new for this year’s Challenge: “It represents a great opportunity for our expert sponsors to work closely with a group of young talent.”
Harford Community College will receive $74000 to put toward its work with the Regional Cybersecurity Education Initiative. HCC, University of Delaware and Delaware Technical and Community College formed the education initiative with industry partners …
The lobby shop is advocating for the Schaumburg, Ill.-based telecommunications company on “[i]ssues related to public safety/D block spectrum; issues related to cybersecurity; issues related to tax reform legislation,”
The official Microsoft Security Blog provides in-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance.
The Cybersecurity Blame Game Continues
The stalling, bickering, almost-breakthrough, and eventual demise of cybersecurity legislation in the United States Senate was a sad thing to watch.
Although courts have called the Internet “one large catalyst for rumor, innuendo, and misinformation,” nevertheless, it provides large amounts of evidence that may be relevant to litigation matters. Increasingly, courts are facing presentation of, and challenges to, data preserved from various websites. According to a survey conducted by the X1ediscovery blog, there are over 320 published cases involving social media/web data in the first half of 2012.
Evidentiary authentication of web-based data, whether it’s Internet site data available through browsers, or social media data derived from APIs or user credentials, presents challenges. Given the growing importance of social media posts and data, businesses should be prepared to offer foundational evidence to authenticate any posts that are vital to a case.
Authentication of social media and web data is a relatively novel issue for many courts. Courts have been extremely strict in applying foundation requirements due to the ease of creating a profile or posting while masquerading as someone else. Therefore it is important to go beyond the surface of a social media profile or a post to provide the foundation necessary to authenticate what he evidence for use in court.
Regardless of the type of data, it must be authenticated in all cases. The authentication standard is found in Federal Rule of Evidence 901(a), “The requirement of authentication … is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).
The foundational requirement of authentication is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims. See US v. Tank, 200 F. 3d 627, 630 (9th Circuit 2000) (citing Fed.R.Evid. 901(a)). This burden is met when “sufficient proof has been introduced so that a reasonable juror could find in favor of authenticity.” This burden was met where the producer of chat room web logs explained how he created the logs with his computer and stated that the printouts appeared to be accurate representations. Additionally, the government established the connection between the defendant and the chat room log printouts based on IP addresses.
Clearly, there is an emerging trend in the use of social media and web data as evidence. As the use of this type of evidence increases, so too will the consistency and predictability of the foundational matters required by courts. Thus, businesses are well advised to include web collection and social media support in the investigation process so they are prepared to offer the necessary foundational evidence to authenticate any social media posts that may be vital to a case.
PRNewswire via COMTEX/ — MutualMind, an award-winning social media technology developer based in Dallas, Texas, announced an agreement today with LexisNexis, a leading provider of legal content and technology solutions.
While consumer brands have embraced Facebook as a key tool in building deeper customer engagement, the biggest social network largely remains terra incognita in the legal world. The sector has certainly harnessed professional networking sites.
Legal action could be taken against people in Bahrain, who incite violence and spread sectarianism on social media, said a top official. The initiative comes as a new code of honour for social media users is set to be launched by the Bahrain Bloc.
An overwhelming majority of investigators using social media for investigative purposes are “self taught,” according to a new survey of 1200 Federal, state, and local law enforcement professionals.
That’s but one of the many conclusions found in a comprehensive new survey — conducted in a partnership between PoliceOne and LexisNexis Risk Solutions — focused on the impact of social media on law enforcement in criminal investigations. Among the …
The State of Maryland already has passed a law forbidding employers from asking job candidates for their passwords to Facebook and other social media sites, and California is considering a similar law. 01fgSCREEN2.jpg View full size · The Society for …
With an understanding of some of the relevant issues, employers can implement meaningful and reasonable policies and guidelines for employees and respond appropriately and legally to social media issues that arise. Below are a few of the discrete issues …
The trick for us is trying to provide legally correct information, in such a way that is easy to understand, to the American public so that investors truly understand their options with retirement savings.” “Internet, the online experience and social media are the 21st Century.”
Below are methodologies and metrics for determining the ROI of these specific social media use cases. The metrics roll up to three major categories of benefits: revenue impact, operational efficiencies, and legal and compliance risk avoidance.
David M. Adler, Esq. is an attorney, author, educator, entrepreneur and partner with Leavens, Strand, Glover & Adler, LLC, a boutique law firm in Chicago, Illinois created with a specific mission: provide businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value.
We meet this challenge by providing legal counsel on issues related to creation, protection and commercialization of intangible assets, our comprehensive understating of the relevant law, our team of seasoned professionals and our client service philosophy.
By using a hosted version of 17a-4’s DataParser for Social Media schools, financial institutions, government agencies and other regulated institutions can now avail themselves of this free option to capture social media public profiles and other web content into their email archive. (PRWEB) July 24, 2012 … Most regulated institutions have archival systems in place to support the monitoring of textual content, the retention of the data, and the facilities to run legal holds and e-Discovery productions.
July 22, 2012 – Social media agency Maximize Social Media LLC announced its social media marketing program today for personal injury attorneys, providing needed support to law firms nationwide.
Join us after work on 1 August at the Vibe Hotel in Sydney’s Milsons Point to hear from super connector Iggy Pintado, Switched On Media’s head of social media Hannah Law, and Amelia Zaina, director of Small Business Services at American Express.
So if she had just toned it down a bit, perhaps suggesting that younger people shouldn’t be ruled out for their youth, or that age and experience are different qualifiers in the context of social media, I might actually agree with her. What I believe, firmly, is that the 25-year-old should not be excluded from leadership.
Quote start The ConnectedCOPS Awards were created with the intent of recognizing the great work being done with social media in six categories, by individual sworn officers and law enforcement agencies.
A 2011 survey of 800 law-enforcement agencies conducted by the International Association of Chiefs of Police found that 88 percent of the agencies used social media, mostly for investigations. Almost half of those agencies have a social media policy.
LexisNexis® Risk Solutions today announced the results of a comprehensive survey focused on the impact of social media on law enforcement.
SOCIAL MEDIA AND CYBERSECURITY Workplace Diversity, Social Media Implications, Cybersecurity
CHICAGO, July 19, 2012 — Ensuring a diverse and inclusive workplace, the implications of social media on law practice and privacy, cybersecurity, and access.
Ping® by AdlerLaw A Legal Blog 