Year: 2015

Websites and apps breach children’s privacy

September 10, 2015 Abby Shulman Leave a comment Government, Privacy, Security

As the usage of apps and websites by kids increases, new conversations about children’s privacy must occur. The Global Privacy Enforcement Network (GPEN) did a recent study in which it found that of the 1,494 websites and apps samples, 41 percent compromised children’s privacy.

The data, collected form 29 protection regulators worldwide, found that 67 percent of the websites collected information from kids, and only 31 percent of sites had any controls to limit collection.

Many of the websites very popular with kids did have statements in their privacy policies indicating that the website was not intended for children. However, these websites generally did not have any further controls to prevent the collection of personal data. Of the total sample, 22 percent of sites had a category for kids to input phone numbers, and 23 percent had a place to upload photos or videos.

Furthermore, children’s information isn’t always contained on the original site. Kids were given the opportunity to be redirected to another site on 58 percent of sites; 50 percent of sites shared personal information with third parties.

Despite the holes in website security found, some websites did use recommended precautions like parental dashboards, pre-set avatars and usernames, just-in-time warnings before info is submitted, and chat filters.

Adam Stevens, the head of UK’s Information Commissioner’s Office, says that the ICO will be contacting problematic websites and apps, “making clear the changes we expect them to make. We wouldn’t rule out enforcement action in this area if required.”

Article via LegalTech News, September 3, 2015

Photo: Misi with a Phone via Balazs Koren [Creative Commons Attribution-NonCommercial-NoDerivs]

Responding to online complaints lands a lawyer an 18 month suspension

September 10, 2015 Astrid Countee Leave a comment Legal News, Online Dispute Resolution
 James C. Underhill Jr., an attorney in Colorado, has found himself in hot water after a fee dispute with clients went wrong.
A married couple that retained the lawyer’s services claimed that the fee collection that Mr. Underhill enforced was not what they had all verbally agreed to. When Mr. Underhill insisted on this new structure of payment, the couple left the lawyer and posted negative reviews for him on a review site.

Instead of taking it in stride, or countering the negative reviews with positive ones, Mr. Underhill struck back. As their lawyer, Mr. Underhill was privy to private conversations and information over the course of representing the couple. He used this information to publicly shame the couple in postings on the internet. He then sued the couple for defamation. When he lost his first suit, he waged a second one claiming that the couple had made other defamatory complaints about him on the internet.

This case(the full decision is posted at the end of the article here) has brought up how the law is affected by technology in a variety of ways. If a client had made a complaint 30 years ago, Mr. Underhill would have been able to expose attorney client information at the state bar. This has been allowed because attorneys must be able to protect their reputation. 30 years ago, this couple’s only way to lodge a complaint would have been by going to the state bar. Now, the result for Mr. Underhill is an 18 month suspension.

In these times, the internet offers a much quicker and more effective way of getting a complaint noticed. The law, unfortunately, has just not caught up with technology yet. In the meantime, lawyers will have to walk a fine line. They must recognize that although they will be judged in a more traditional setting, they have to operate in a world optimized for communication that the law is not able to regulate with the same veracity.

Article via AboveTheLaw, 8 September 2015

Photo: Night Work via Thomas Heylan[Creative Commons Attribution-NonCommercial-NoDerivs]

Internet of things and risky legal questions

September 9, 2015 Astrid Countee Leave a comment Privacy, Tech, Tech for Lawyers

The Internet of Things (IoT) is the next revolution in tech. It promises to take devices and connect them together via the internet. Once these devices live together in a network, they will then be able to communicate to each other, machine-to-machine. This level of complexity introduces a new level of legal risk.

As it is today, if something goes wrong with your appliance then you can report to the manufacturer about the faulty product. The Internet of Things will complicate this straightforward matter. In the future, it may be that all parties involved can be held accountable for a product failure. This includes not only the manufacturer, but the internet service provider, the web hosted servers, etc.

This brings up a related issue, user contracts. Due to the legal complications of connecting smart devices, will manufactures for the users to void their contract if their product is connected? At the heart of this concern is data. What will happen if there is a data or security breach? Products connected via Internet of Things will share data. In the event of an attack, who will be legally responsible for the data breach and the fallout?

“The privacy implications are potentially huge,”says Trey Hanbury , an attorney that was interviewed about the formation of Internet of Things ecosystem.

Juniper Research suggest that the internet of things will lead to a more robust security model precisely for this reason. The ideal model would be able to shut down part of the network where an attack is happening without effecting the devices connected to other parts of the network.

What is clear is that lawyers need to get ready for a new period of legal risk and uncertainty due to the IoT revolution. Companies are already heavily investing in building more connected devices. By the year 2020, there is expected to be an infrastructure running that will support a heavily connected world. It will be an exciting time to sort out how the next generation of security and liability will be legally accessed when property has gone digital.

 Article via LegalTechNews, 4 September 2015

Photo: Brooklyn Community Board via Bryan Bruchman[Creative Commons Attribution-NonCommercial-NoDerivs]

Tech companies settle antipoaching lawsuit

September 9, 2015 Shelby Bice Leave a comment Business, Collaborative Economy, Court, Justice

Antipoaching, the act of refusing to hire employees from a rival company, may not seem like the best business strategy for large tech companies like Google or Apple who are always capitalizing on the “next big thing”. However, a civil law suit was filed against several companies including Google, Apple, Adobe, and Intel for antipoaching and is now recently being settled for $415 million after movie studios Pixar and Lucasfilm and financial software company Intuit settled previously. The companies involved in the lawsuit were accused of agreeing to not hire certain employees from each other which allowed each company to retain employees they would rather not lose. While antipoaching does sometimes serve the best interests of the company as a whole, some employees looking to earn a higher salary or explore other opportunities outside their place of work feel that the antipoaching agreement hindered their abilities to move up in their fields. Earlier versions of the lawsuit also included allegations that the antipoaching agreement allowed companies to artificially keep salaries low.

Even though all of the companies involved in the lawsuit chose to settle, many of the companies continued to state that they believed they had done nothing wrong. A statement released to CNET from Adobe by one of their spokespeople explained that, “Adobe firmly believes that our recruiting policies have in no way diminished competition for talent in the marketplace…Nevertheless, we elected to settle this matter in order to avoid the uncertainties, cost, and distraction of litigation.” A similar statement was released by Intel back in January when the settlement was originally proposed.

Article via CNET, September 3, 2015

Photo: Google Headquarters – Mt View via Servizi Multimediali [Creative Commons Attribution-NonCommercial-NoDerivs]

Should law firms share information about cyber threats?

September 8, 2015 Shelby Bice Leave a comment Cybercrime, In the Law, Legal News, Tech for Lawyers

With law firms and their clients facing cyber threats more and more frequently, it makes sense that firms would want to come together and share what information they know about these threats in order that each firm can be better prepared to advise their clients. The Legal Services Information Sharing and Analysis Organization, or LS-ISAO for short, was formed to allow this kind of collaboration between firms. The new alliance is connected with a similar organization, the Financial Services Information Sharing and Analysis Organization, or FS-ISAO, which has been requiring private and public financial sectors to share information on cyber security and other threats since 1999. While LS-ISAO was formed after several law firms contacted the FS-ISAO, not all law firms are eager to join the alliance.

Although any law firms are educating their members on cyber threats or even have teams specifically dedicated to cybersecurity, most law firms guide their response to cyber threats based upon their clients’ opinions. For example, Chanley Howell, a member of the cybersecurity team at Foley & Lardner, isn’t very keen on becoming a part of the alliance, but explains, “If we start hearing clients recommend it, we’ll probably join.” Though it may seem counterintuitive for a cybersecurity team to put off joining an organization created to spread knowledge about cyber threats, Jeremiah Buckley, a founder member of Buckley Sandler who writes about cyber risk, argues that there are some potential drawbacks an organization that shares cybersecurity information so freely. Namely, if a law firm shares what they learned from a cyber threat with the alliance, even though everything is required to be anonymous, other firms could still determine which law firm was involved and then use that information to attack and discredit the firm. On the flip side, firms should be wary of information that is shared anonymously since there is no way to prove that the information is correct. Finally, firms are still competing with one another, and giving someone else a leg up may not always be in a firm’s best interests.

Even though there may be some issues associated with the new alliance, the Legal Services Information Sharing and Analysis Organization is still young. With time, according to the Vice President of Products and Services at the FS-ISAO, trust will develop between its members.

Article via Bloomberg BNA, August 21, 2015

Photo: Two People-Business Meeting via Stephen D [Creative Commons Attribution-NonCommercial-NoDerivs]

New regulations on cell-site simulators

September 7, 2015 Shelby Bice Leave a comment Government, Privacy, Tech

The Department of Justice has put stricter regulations on the use of cell-site simulators by requiring a warrant to be issued before one can be used, except in the case of “exigent” or “exceptional circumstances”, according to the CNN report covering the announcement. Cell-site simulators, which acquire locational data from cellphones by posing as cell towers, have not been regulated previously. The use of cell-site simulators have proven very helpful to law enforcement trying to locate kidnapping victims, terrorists, and other fugitives. While effective, these simulators also gather information about citizens who have not committed any crimes. This breach of privacy calls into question the ethics behind using cell-site simulators which in turn led to the announcement from the Department of Justice.

The new regulations have been praised as a step in the right direction for protecting citizen’s privacy after previous scandals of government agencies hiding their surveillance technology from the public. However, the Department of Justice’s announcement only applies to federal agencies, not local or state law enforcement. The staff attorney for the American Civil Liberties Union, Nathan Freed Wessler, stated that “Congress should act to pass more comprehensive legislation to ensure that Americans’ privacy is protected from these devices and other location tracking technologies” by including law enforcement agencies that purchased cell-site simulations with federal funding under the new regulations.

Articles via ABA Journal, September 4, 2015: CNN, September 3, 2015

Photo: Timelaps with Oneplus One Cellphone via Damien Thorne [Creative Commons Attribution-NonCommercial-NoDerivs]