Month: March 2015

Private Investigator Pleads Guilty to Hiring Hacker

March 27, 2015 Administrator Leave a comment Criminal Law

Investigator admits guilt in hiring of a hacker (NYT, 6 March 2015) – A private investigator who has done work for small New York City law firms that specialize in personal injury and medical malpractice litigation pleaded guilty on Friday in federal court in Manhattan to one charge of conspiracy in hiring a hacker to help with his investigation. The guilty plea, by Eric Saldarriaga, an investigator from Queens, stems from an inquiry by federal prosecutors and the Federal Bureau of Investigation into the so-called hacker-for-hire business. Mr. Saldarriaga entered his plea before Judge Richard J. Sullivan of Federal District Court in Manhattan. In the court proceeding and a five-page “criminal information” charge, the clients of Mr. Saldarriaga were not identified. The charge said Mr. Saldarriaga, 41, operated under the alias “Emmanuela Gelpi” in seeking out the services of hackers to help him gain “unauthorized access” to at least 60 email accounts. The investigation of Mr. Saldarriaga and his company, Iona Research and Security Services, could now turn attention onto some of his clients, assuming they were aware he was hiring hackers to break into email accounts. In a posting on an older Yahoo message board used by private investigators, Mr. Saldarriaga said his company did work for about 20 law firms. Last month, federal prosecutors in San Francisco, in an unrelated case, announced the indictment of two private investigators and two computer hackers on charges that they had illegally entered email and Skype accounts to gather information for matters they were working on for clients. Some of the illegally gathered information was intended to support a lawsuit, authorities said. In that case, there has been no indication that the private investigators were working on behalf of a particular law firm.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/jesadaphorn

Lawyers Must Master Cybersecurity Risk Management According to Study

March 20, 2015 Administrator Leave a comment Legal News

New study provides cybersecurity insights for corporate counsel (Hogan Lovells, 24 Feb 2015) – A recently-released research study published by Indiana University’s Bloomington School of Law highlights the rising importance of cybersecurity law and provides current insights on the role lawyers are playing to help protect companies from cyber threats. The study, entitled “ The Emergence of Cybersecurity Law ,” is based on a survey of corporate law departments as well as interviews conducted with lawyers, consultants, and academic experts. The report finds that although companies increasingly recognize the importance of cybersecurity, few are fully prepared to face the challenge. Substantial numbers of corporate leaders lack confidence in their organizations’ level of preparedness-in part the result of a shortfall of cybersecurity literacy within organizations. While cybersecurity may once have been the domain of IT professionals, companies now recognize that having legal and other disciplines engaged is also necessary. The implication is that lawyers must master the patchwork of legal issues and regulations relevant to cybersecurity risk management, while developing sufficient technical vocabulary to ask the right questions of their IT counterparts. Despite the accelerating frequency of cybersecurity incidents, the report finds that companies still too often turn to lawyers only as a reactive measure rather than as part of a proactive process. To help companies protect their employees and customers from cyber threats, the report recommends that corporate counsel follow a 10-point cybersecurity agenda first proposed in 2012 by Hogan Lovells Partner Harriet Pearson: * * *

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/StuartMiles

Blogger Receives Damages for False Copyright Infringement Takedown Notice

March 19, 2015 Administrator Leave a comment Copyright

Court awards first-ever damages for false copyright infringement takedown notice (Steptoe, 12 March 2015) – The U.S. District Court for the Northern District of California, in Automattic Inc. v. Nick Steiner , has awarded total damages of $25,084 to a blogger and the operator of blogging platform WordPress.com for “lost work and time” spent responding to a fraudulent takedown notice for copyright infringement. This appears to be the first time a court has awarded such damages under the Digital Millennium Copyright Act, given the difficulty of demonstrating that such false claims are knowingly made.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/StuartMiles

Two Legal Cases to Define Open Source Regulation

March 18, 2015 Administrator Leave a comment IP

How 2 legal cases may decide the future of Open Source software (CIO, 6 March 2015) – The days of open source software free lunches are rapidly coming to an end, and that means enterprises that fail to stick to the terms of open source licenses can expect to be sued. That’s the stark warning from Mark Radcliffe, a licensing expert and partner at law firm DLA Piper. “We are entering a different era for open source, shifting from a special universe where people were cooperative and collaborative to a more hard-nosed commercial one,” he explains. “Now people are applying the same criteria for the enforcement of their open source software rights as for proprietary software, and looking at how they can use them strategically in their business.” Radcliffe says this shift is only just beginning, but for evidence he points to the case of Versata v. Ameriprise. In summary, Versata’s proprietary software product, Distribution Channel Management (DCM), used an open source XML parsing utility that was licensed under GPLv2 from a company called XimpleWare. (XimpleWare also offers its utility with a commercial license to companies that don’t want to be subject to an open source license, but Versata did not use that commercial license.) The problem came when Versata licensed its DCM software to financial services company Ameriprise, and subsequently sued Ameriprise for allowing a subcontractor to decompile Versata’s software—a move Versata contended was a breach of license. Ameriprise then countersued. Because Versata’s software included open source software licensed under the GPLv2 and was a derivative work, Ameriprise alleged, the whole of Versata’s DCM product came under the GPLv2 license, and therefore Ameriprise or its subcontractor could decompile and modify the software at will. It turns out that the text of the GPLv2 license, the required copyright notices and a copy of the source code—all of which should normally be included with GPLv2 software—had been stripped out of the open source portion of DCM somewhere along the line, Radcliffe says. It is not clear who did it or why, or whether it was done inadvertently. “The point is that Versata did not appear to have a process for managing open source software. They ignored it, and their contracts were not set up for it,” he says. Radcliffe recommends that companies have an internal process for managing open source software—not just from internal developers, but also from software that comes with acquisitions or from consultants.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/nuttakit

Law Firms and Wall Street Team Up on Online Security

March 16, 2015 Administrator Leave a comment Security

Wall St. and law firms plan cooperative body to bolster online security (NYT, 23 Feb 2015) – The threat of ever-larger online attacks is bringing together Wall Street banks and the big law firms that do work for them in an alliance that could result in some sharing of basic information about digital security issues. For nearly a year, banks and law firms have discussed setting up a legal group that would be affiliated with the banking industry’s main forum for sharing information about threats from hackers, online criminals and even nation states – the Financial Services Information Sharing and Analysis Center . Several people briefed on those discussions said those talks would most likely lead to the establishment of such a group by the end of the year, a recognition that hackers are increasingly focusing on big law firms to glean information about their corporate clients. Law enforcement agencies have long been concerned about the vulnerability of United States law firms to online attacks because they are seen by hackers and nations bent on corporate espionage as a rich repository of company secrets, business strategies and intellectual property. But attacks on law firms often go unreported because the firms are private and not subject to the same kind of data-breach reporting requirements as public companies that handle sensitive consumer information. Over the last several months, Mandiant, the security firm that is a division of FireEye, has been advising a half-dozen law firms that were the subject of a breach, said a person briefed on the matter who spoke on the condition of anonymity. Mandiant, during a recent presentation at a legal conference, said many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations. The law firm group under consideration would be set up as an organization to share and analyze information and would permit firms to share anonymously information about hackings and threats on computer networks in much the same way that bank and brokerage firms share similar information with the financial services group. And while the two groups would not necessarily share information with each other, the law firms would have access to some of the resources of the financial center, which has existed since 1999 and is one of the better-funded industry threat-sharing organizations. [ Polley : I’m helping the ABA assess whether/how it might facilitate similar ISAC-like activities; we fear that most firms (other than the very largest) wouldn’t grok the value-proposition. Reactions?]

 

Provided by MIRLN

Photo courtesy of Creative Commons: https://www.flickr.com/photos/albertocarrasco