Tag Archives: Cyberlaw

Technology, Privacy, And Data Security

Baseball Rivalry Takes the Low Road In Potential Data Hack

 
William Kellermann
June 16, 2015

Step aside Video-gate and Deflate-gate. Baseball inter-team rivalry has taken a new turn to the dark side. In the first known case of corporate espionage involving sports teams, the St. Louis Cardinals are under investigation for hacking the corporate network of the Houston Astros. The F.B.I. and Justice Department prosecutors are investigating whether one of the most successful teams in baseball over the past two decades hacked into internal networks of a rival team to steal closely guarded information about player personnel. Investigators have uncovered evidence that Cardinals officials broke into a network of the Houston Astros that housed special databases the team had built.

Of all teams to hack, why the Astros? The motive appears to be revenge executed by front-office employees against a former colleague. Astros general manager Jeff Luhnow was a highly successful executive with the Cardinals until 2011. At St. Louis, Luhnow built a computer network called Redbird housing databases of all the Cardinal’s baseball operations information, including scouting reports and player personnel information. Luhnow used the databases to create the best minor league system in baseball and engineer a “Moneyball” style re-tooling leading to the Cardinal’s 2011 World Series championship. After leaving to join the Astros, Luhnow created a similar program in Houston known as Ground Control. Under Luhnow, the Astros have accomplished a striking turn-around, now leading the American League West.

Continue reading Baseball Rivalry Takes the Low Road In Potential Data Hack

Technology, Privacy, And Data Security

How A Data Breach Led To A ‘Billboard Bomb’

 
William Kellermann
May 22, 2015

On Saturday, May 9, 2015 a bomb went off at a busy intersection of the affluent Atlanta suburb of Buckhead. Nobody was killed or physically injured, so you probably didn’t read or hear about it with your Sunday morning coffee. But both the FBI and Homeland Security are investigating the incident. The “bomb” has come to be known as the “Buckhead Billboard Bomb.” The incident reflects the ever-growing need for businesses large and small to pay attention to data security.

The Buckhead Billboard Bomb resulted when a hactivist group calling itself Assange Shuffle Collective accessed a web-connected digital billboard to display an obscene pornographic image to passers-by at the intersection of Peachtree and East Paces Ferry roads. The software running the billboard had no system security in place and, worse yet, a cyber-security expert had warned the company it was vulnerable. The billboard company responded “not interested…” to the expert’s offer to assist.

Continue reading How A Data Breach Led To A ‘Billboard Bomb’

Technology, Privacy, And Data Security

Two Federal Cybersecurity Bills Move Forward

 
Eric Junginger
April 23, 2015

At the White House Summit on Cybersecurity and Consumer Protection at Stanford University on February 13, 2015, President Obama called for a single national data breach standard and for improved information sharing about threats to America’s technology infrastructure between government and the private sector. In the past two months, Congress has responded with multiple bills to address these pressing issues.

First, the Data Security and Breach Notification Act of 2015 was passed by the House Energy and Commerce Committee on April 15, and was sent to the House floor. The Act would set a single national standard for data breach notification that would be enforced by the Federal Trade Commission (“FTC”) and the states’ attorneys general, and would preempt state data security and breach notification statutes. While the Act made it out of committee, the vote was along party lines, including a no vote from the Act’s Democratic co-sponsor.

Continue reading Two Federal Cybersecurity Bills Move Forward

Technology, Privacy, And Data Security

Feds Attempt To Preempt Conflicting State Laws On Data Breaches

 
Eric Junginger
April 8, 2015

Federal and state privacy and data security laws affect nearly every industry ranging from healthcare providers to financial institutions to start-ups. One federal bill that could bring clarity to varied state laws and regulations is the Data Security and Breach Notification Act of 2015 originally co-sponsored by Representatives Marsha Blackburn (R-TN) and Peter Welch (D-VT). If passed, it will change how companies, non-profit organizations, and common carriers handle data breach notifications from trying to comply with an uneven quilt of state laws to a single, enforceable, uniform standard.

There are two important provisions in this Act. First, this federal law would preempt all existing state data breach notification laws, providing a single uniform rule for what to do when a company discovers a data breach. Second, the rules for data breach notification are well defined for all companies. For example, the bill states what information a company will need to provide in its data breach notice, how notification should happen (even when some of the contact information for data breach victims is outdated), and when it should take place (not later than 30 days after the entity has investigated and secured its system).

Continue reading Feds Attempt To Preempt Conflicting State Laws On Data Breaches

Technology, Privacy, And Data Security

The Internet of Things: Expanding Everywhere And Growing Faster Daily

 
Merton Howard
March 12, 2015

Over the last week, I participated in three very different events featuring discussion about the growth of the Internet of Things (IOT).  The presentations confirmed that the IOT is expanding into all areas of our lives, at a rate faster than most can track. The first two instances were professional conferences about the IOT and legal risk.  Not surprisingly, the speakers raised many questions about liability, duty, and risk, but they provided few solutions.

The third presentation was more practical and inspiring.  The Marin School of Environmental Leadership’s Business Leader’s Breakfast featured Gordon Feller from Cisco Systems, who explained that connected devices play a crucial role in meeting sustainability goals for his company and its customers.  Cisco aims to build environmental sustainability into each business function and process through the use of information and communications technology designed to improve the world’s standard of living, use of resources, and energy efficiency, while delivering new value to customers and society.

Continue reading The Internet of Things: Expanding Everywhere And Growing Faster Daily

Technology, Privacy, And Data Security

Obama Brings Cybersecurity Plan To The Bay

 
Batya Forsyth
February 18, 2015

For those who have been following all the failed federal cybersecurity legislation during the last year, it should come as no surprise that President Obama’s Summit on Cybersecurity and Consumer Protection was a call to Congress to act. Not coincidentally, the Summit was held at Stanford University on Friday, February 13, 2015, exactly one year since the National Institute of Standards and Technologies published the first version of its Framework for Improving Critical Infrastructure Cybersecurity, and two years since President Obama Executive Order 13636, Improving Critical Infrastructure Cybersecurity, directing NIST to establish the Framework.

The Framework consists of scalable standards, guidelines, and practices to help owners and operators of critical infrastructure to manage cybersecurity-related risk.

Continue reading Obama Brings Cybersecurity Plan To The Bay

Technology, Privacy, And Data Security

The Internet of Things is Here — Are You Ready?

 
Chris Spiers
February 17, 2015

As we’ve been told, 2015 will be the year of the “Internet of Things.”  (Or was it 2013? Or 2014?)  For those not yet in the know, the Internet of Things (“IoT”) is a web of personal, household, and office devices that collect, share, and store data via an Internet connection.  After registering the device and connecting it to the Internet, users can access the device from their tablet or smartphone.

Currently, there are more than 1.9 billion devices connected through the IoT—a number that some estimate will grow to 9 billion by 2018.  Other projections estimate that by 2020, the global market for IoT devices and services will exceed $7 trillion.  This trend is not going unnoticed by the FTC.

Continue reading The Internet of Things is Here — Are You Ready?

Technology, Privacy, And Data Security

Court Defines Application of Telephone Act to Promotional Text Messages

 
Janie Thompson
November 4, 2014

Is that unwanted promotional text message coming from a human or a machine? It matters for purposes of the Telephone Consumer Protection Act.

In Marks v. Crunch San Diego, LLC, Case No. 14-cv-00348-BAS-BLM (S.D. Cal. Oct. 23, 2014), the United States District Court for the Southern District of California provided some guidance regarding the meaning of an Automated Telephone Dialing System (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).

Continue reading Court Defines Application of Telephone Act to Promotional Text Messages