Number of Industries Paying for Classified DHS Cyberthreat Tips Doubles

November 24, 2014 Administrator Leave a comment Security

The number of industries getting classified cyberthreat tips from DHS has doubled since July (NextGov, 20 Oct 2014) – Firms from half of the nation’s 16 key industries, including wastewater and banking, have paid for special technology to join a Department of Homeland Security program that shares classified cyberthreat intelligence, in hopes of protecting society from a catastrophic cyberattack. Participation in the Enhanced Cybersecurity Services initiative has more than doubled during the past few months. Through the voluntary program – previously exclusive to defense contractors – cleared Internet service providers feed nonpublic government information about threats into the anti-malware systems of critical sector networks. As of July, only three industries – energy, communications and defense – were using the service, according to an unfavorable DHS inspector general audit . Now, befitting National Cybersecurity Awareness Month, Homeland Security officials say the financial, water, chemical, information technology and transportation sectors also are receiving the threat indicators. Just two months ago, American Chemistry Council officials said they had never heard of the program . The service has been available since 2013.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/KROMKRATHOG

Nintendo Forces Agreement to Terms of Service By Killing Functions

November 20, 2014 Administrator Leave a comment Tech

If you don’t agree to the new Wii U EULA, Nintendo will kill-switch it (Cory Doctorow on BoingBoing, 18 Oct 2014) – When you bought your Wii U, it came with one set of terms-of-service; now they’ve changed, and if you don’t accept the changes, your Wii seizes up and won’t work. That’s not exactly what we think of when we hear the word “agreement.” Yet this is how Nintendo’s update to its end-user license agreement (EULA) for the Wii U works, as described by YouTube user “AMurder0fCrows” in this video. He didn’t like the terms of Nintendo’s updated EULA and refused to agree. He may have expected that, like users of the original Wii and other gaming consoles, he would have the option to refuse software or EULA updates and continue to use his device as he always had before. He might have to give up online access, or some new functionality, but that would be his choice. That’s a natural consumer expectation in the gaming context – but it didn’t apply this time. Instead, according to his video, the Wii U provides no option to decline the update, and blocks any attempt to access games or saved information by redirecting the user to the new EULA. The only way to regain the use of the device is to click “Agree.”

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/StuartMiles

Banks Auditing Law Firm Cybersecurity

November 14, 2014 Administrator Leave a comment Security

Law firms face cybersecurity audits by banking clients; are they a ‘weak link’? (ABA Journal, 27 Oct 2014) – Banks are increasingly scrutinizing their law firms’ cybersecurity efforts, including the law firms’ protection of confidential information released to vendors such as word-processing firms and print shops. The law firms are increasingly facing on-site technology audits by banks, even as the banks themselves face cybersecurity pressures from regulators, the Wall Street Journal (sub. req.) reports. Just last week, New York’s Department of Financial Services sent letters to dozens of banks asking about protections for information sent to third-party vendors such as law firms and accounting firms, according to a separate story by the Wall Street Journal (sub. req.). “Law firms increasingly are seen as potential weak links,” the Wall Street Journal says. “Clients often entrust them with everything from valuable trade secrets to market-moving details on mergers and acquisitions.” The story cites information from an American Bar Association technology survey that found 14 percent of the respondents had experienced some type of security breach or theft this year. But only 1 percent said the breach resulted in unauthorized access to sensitive client data. The Wall Street Journal spoke with Goodwin Procter’s chief information officer, Lorey Hoffman, who works with examiners sent by clients who want to know about data protection. The firm also hires its own auditors to check its cybersecurity. “It’s a lot more than just checking a box,” Hoffman said of the firm’s response to client security questions.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/renjithkrishnan

Florida Supreme Court Rules for Warrants in Real-Time Cell Location Tracking

November 13, 2014 Administrator Leave a comment Privacy

Florida Supreme Court rules warrants a must for real-time cell location tracking (SC Magazine, 20 Oct 2014) – In a ruling that Electronic Frontier Foundation (EFF) staff attorney Hanni Fakhoury believes will be “cited a lot by EFF” and other privacy advocates, the Florida Supreme Court has said that law enforcement agencies must have a warrant to obtain cell phone location information that they need to track a user’s location in real time. The decision by Florida’s highest court adds to the “growing chorus of courts” finding that location information is private, Fakhoury told SCMagazine.com Monday. The case, Tracey vs. Florida made its way to the Supreme Court after police obtained cell tower data from a provider without a warrant to track the movements in real time of suspected drug dealer Alvin Tracey and used that information to illicit a conviction from a criminal court. Officers “obtained an order authorizing the installation of a ‘pen register’ and ‘trap and trace device’ as to Tracey’s cell phone,” which records outgoing and incoming telephone numbers, respectively, the Florida Supreme Court decision noted. But later, without obtaining a warrant or providing additional “factual allegations,” the officers “used information provided by the cell phone service provider” under an earlier order. The information provided “included real time cell site location information given off by cell phones when calls are placed.” * * * Citing Fourth Amendment protections as well as Supreme Court precedent in several cases, including Katz v. United States , the Florida Supreme Court quashed the Fourth District Court ruling, noting that many of smartphone “are ubiquitous and have become virtual extensions of many of the people using them for all manner of necessary and personal matters,” which makes a “phone’s movements its owner’s movements, often into clearly protected areas.”

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/phanlop88

Google+ ‘Stories’ Automatically Curating User Photos

November 11, 2014 Administrator Leave a comment All, Privacy

Ask the Decoder: How are algorithms telling our stories for us? (Al Jazeera, 8 Oct 2014) – Jean Yang went on a big trip through Europe this summer, from Edinburgh, Scotland, to Dubrovnik, Croatia, to Oslo, Norway, and back. Like a good tourist, she took pictures on her phone, an Android, throughout her trip. When she returned home, she found a surprise package in her Google+ notifications: a neatly collated, summarized, annotated digital scrapbook titled “Trip.” Jean shared the album with me with this message: “ This is equally cool and creepy: Google made this scrapbook of my June travels based on a random selection of photos I took – and also its knowledge of where I was. It’s kind of nice to have this information organized automatically, but this is really trusting them with a lot of information. It would be funny if they took quotes from emails I sent during this time and put in quotes relevant to the places. “Oslo is so expensive! My second dinner of wonton soup cost 68 kroner.” I’m curious how they decide what to include.” When I spoke with Jean later, she was surprised in part because she didn’t know this feature existed. She was also a little taken aback by all the location information included, given that she hadn’t been using her roaming phone plan or data while abroad. So how did Google pull this together? And why did it leave Jean with mixed feelings? We looked into the program. Google introduced this scrapbooking feature in May, just before Jean’s trip. The company calls it Stories : “Your best photos are automatically chosen and arranged in a fun timeline to show the highlights of your trip or event.” There’s an example scrapbook here . * * *

Alert to Legal Privacy Implications in M&A Transactions

November 10, 2014 Administrator Leave a comment Security

Privacy and data security issues in M&A transactions (Paul Hastings, 3 Oct 2014) – Because the failure of a target company to meet its privacy and data security obligations can present a significant risk to the acquiring company, compliance with applicable laws should be an important consideration in merger and acquisition transactions. A potential purchaser should seek to understand the nature of the personal information the target collects and the privacy and data security issues relevant to that business. Through due diligence, the purchaser can gain an understanding of the target’s rights and obligations regarding the personal information it has collected, retained, used and disclosed. To assist in that process, this alert provides a checklist of potential privacy and data security issues that may be triggered in mergers and acquisitions.

 

From MIRLN Founder Vince Polley: [The ABA’s Cyberspace Law Committee is undertaking a project to develop “best-practices” for security planning during M&A events.]

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/supakitmod