Annual review of social media policies may not address regulatory risks, says expert (Out-Law.com, 14 July 2014) – Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses that only conduct a review of social media strategy once a year may be exposing themselves to legal risks. “There have been a number of recent changes to the law and the way that regulators are approaching the law as well as number of forthcoming changes that highlight the need for companies to conduct a more regular review of their social media use than just annually,” Scanlon said. “For instance, enforcement action by the Financial Conduct Authority last month indicates the approach the regulator is willing to take against financial services companies that breach rules on financial promotions. Rulings by the Court of Justice of the EU have also raised the prospect of firms having to think more carefully about how they process personal data, even if published elsewhere. Both of these examples raise compliance issues in a social media setting,” he said. Scanlon also pointed to changes to defamation laws in England and Wales which came into force earlier this year as an issue that could impact on social media use, and further identified existing copyright and communication laws , as well as advertising and consumer protection rules , that must be adhered to by companies publishing on social media. “There are many issues that organisations must be aware could affect them as a result of engaging with customers via social media,” Scanlon said. “Most organisations will likely be aware of their basic obligations, such as those to do with data protection and defamation, but there are some legal changes that may go unnoticed unless there are regular reviews of social media strategy scheduled.”

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

 

Flawed oversight Board report endorses general warrants (EFF, 1 July 2014) – The Privacy and Civil Liberties Oversight Board (PCLOB) issued a legally flawed and factually incomplete report late Tuesday that endorses Section 702 surveillance. Hiding behind the “complexity” of the technology, it gives short shrift to the very serious privacy concerns that the surveillance has rightly raised for millions of Americans. The board also deferred considering whether the surveillance infringed the privacy of many millions more foreigners abroad. The board skips over the essential privacy problem with the 702 “upstream” program: that the government has access to or is acquiring nearly all communications that travel over the Internet. The board focuses only on the government’s methods for searching and filtering out unwanted information. This ignores the fact that the government is collecting and searching through the content of millions of emails, social networking posts, and other Internet communications, steps that occur before the PCLOB analysis starts. This content collection is the centerpiece of EFF’s Jewel v. NSA case, a lawsuit battling government spying filed back in 2008. The board’s constitutional analysis is also flawed. The Fourth Amendment requires a warrant for searching the content of communication. Under Section 702, the government searches through content without a warrant. Nevertheless, PCLOB’s analysis incorrectly assumes that no warrant is required. The report simply says that it “takes no position” on an exception to the warrant requirement when the government seeks foreign intelligence. The Supreme Court has never found this exception. PCLOB findings rely heavily on the existence of government procedures. But, as Chief Justice Roberts recently noted: “the Founders did not fight a revolution to gain the right to government agency protocols.” Justice Roberts’ thoughts are on point when it comes to NSA spying-mass collection is a general warrant that cannot be cured by government’s procedures. The PCLOB’s proposed reforms for Section 702 are an anemic set of recommendations that will do little to stop excessive surveillance. For example, rather than rein in government communications searches, the PCLOB simply asks the NSA to study the issue. The PCLOB report provides the public with much needed information about how the 702 program works. But the legal analysis is incorrect and the report fails to offer effective reforms.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

What your cell phone can’t tell the police (The New Yorker, 26 June 2014) – On May 28th, Lisa Marie Roberts, of Portland, Oregon, was released from prison after serving nine and a half years for a murder she didn’t commit. A key piece of overturned evidence was cell-phone records that allegedly put her at the scene. Roberts pleaded guilty to manslaughter in 2004, after her court-appointed attorney persuaded her that she had no hope of acquittal. The state’s attorney had told him that phone records had put Roberts at the scene of the crime, and, to her lawyer, that was almost as damning as DNA. But he was wrong, as are many other attorneys, prosecutors, judges, and juries, who overestimate the precision of cell-phone location records. Rather than pinpoint a suspect’s whereabouts, cell-tower records can put someone within an area of several hundred square miles or, in a congested urban area, several square miles. Yet years of prosecutions and plea bargains have been based on a misunderstanding of how cell networks operate. No one knows how often this occurs, but each year police make more than a million requests for cell-phone records. “We think the whole paradigm is absolutely flawed at every level, and shouldn’t be used in the courtroom,” Michael Cherry, the C.E.O. of Cherry Biometrics, a consulting firm in Falls Church, Virginia, told me. “This whole thing is junk science, a farce.” The paradigm is the assumption that, when you make a call on your cell phone, it automatically routes to the nearest cell tower, and that by capturing those records police can determine where you made a call-and thus where you were-at a particular time. That, he explained, is not how the system works. When you hit “send” on your cell phone, a complicated series of events takes place that is governed by algorithms and proprietary software, not just by the location of the cell tower. First, your cell phone sends out a radio-frequency signal to the towers within a radius of up to roughly twenty miles-or fewer, in urban areas-depending on the topography and atmospheric conditions.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/nokhoog_buchachon.

US oil & gas industry establishes information sharing center (InfoSecurity, 26 June 2014) – As part of a voluntary effort, the oil and natural gas industry is launching the Oil and Natural Gas Information Sharing and Analysis Center ( ONG-ISAC ), dedicated to protecting critical energy infrastructure from computer-based attacks. The ONG-ISAC will serve as a unified, central reservoir of cyber intelligence and a virtual pipeline that facilitates the secure sharing of vetted, actionable and timely cyber intelligence to members. “Cyber-based attacks are one of the fastest-growing threats to America’s infrastructure,” said David Frazier, chairman of the ONG-ISAC, in a statement. “ONG-ISAC will help our industry to quickly identify and respond to threats against refineries, pipelines and other distribution systems that serve US consumers and businesses. It also will provide industry participants a secure way to share information and stay connected with law enforcement agencies.” An industry-owned and operated organization, the ONG-ISAC will facilitate the exchange of information, evaluate risks, and provide up-to-date security guidance to US companies. Participants can submit incidents either anonymously or with attribution via a secure web portal; circulate information on threats and vulnerabilities among ONG-ISAC members, other ISACs, vendors and the US government; provide industry participants with access to cybersecurity experts; alert participants of cyber-threats deemed ‘urgent’ or ‘elevated’ in near real-time, within 60 minutes; coordinate industry-wide responses to computer-based attacks; and ensure compliance with all antitrust and federal disclosure guidelines.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/sheelamohan.

US privacy panel backs NSA’s Internet tapping (NYT, 2 July 2014) – The federal privacy board that sharply criticized the collection of the phone records of Americans by the National Security Agency has come to a starkly different conclusion about the agency’s exploitation of Internet connections in the United States to monitor foreigners communicating with one another abroad. That program, according to the Privacy and Civil Liberties Oversight Board, is largely in compliance with both the Constitution and a surveillance law that Congress passed six years ago. [T]he most recent report, adopted by the board on Wednesday, deals with what the agency calls “702 collection,” a reference to Section 702 of the Foreign Intelligence Surveillance Act, which was amended in 2008 after The New York Times revealed a program of warrantless wiretapping that the Bush administration started after the Sept. 11, 2001, attacks. “The Section 702 program has enabled the government to acquire a greater range of foreign intelligence than it otherwise would have been able to obtain – and to do so quickly and effectively,” the report said. While it found little value in the bulk collection of Americans’ telephone data, the board said that the 702 program, aimed at foreigners, “has proven valuable in the government’s efforts to combat terrorism as well as in other areas of foreign intelligence.” The program is also used to track nuclear proliferation and to monitor the calls and emails of foreign governments and their leaders. The report concluded that “monitoring terrorist networks under Section 702 has enabled the government to learn how they operate, and to understand their priorities, strategies and tactics.” In a sign of the Obama administration’s relief about the report’s conclusion, it was praised by James R. Clapper Jr., the director of national intelligence, who refused to talk publicly about the 702 programs before the Snowden disclosures. Mr. Clapper cited a section of the report that said the board was “impressed with the rigor of the government’s efforts to ensure that it acquires only those communications it is authorized to collect, and that it targets only those persons it is authorized to target.”

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Freelart.

Suing file-sharers doesn’t work, lawyers warn (TorrentFreak, 13 July 2015) – For more than a decade copyright holders and the U.S. Government have been trying to find the silver bullet to beat piracy. This week the American Bar Association joined the discussion with a 113-page white paper . With their “call for action” the lawyers encourage Congress to draft new anti-piracy legislation and promote voluntary agreements between stakeholders. Among the options on the table is the filing of lawsuits against individual file-sharers, something the RIAA did extensively in the past. Interestingly, the lawyers advise against this option as it’s unlikely to have an impact on current piracy rates. According to the lawyers these type of lawsuits are also financially ineffective, oftentimes costing more than they bring in. In addition, they can create bad PR for the copyright holders involved. “While it is technically possible for trademark and copyright owners to proceed with civil litigation against the consuming public who […] engage in illegal file sharing, campaigns like this have been expensive, do not yield significant financial returns, and can cause a public relations problem for the plaintiff in addressing its consuming public,” the lawyers write. [ Polley : see RIAA story below in “ Looking Back ”]

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.