France wants to ban use of Tor network for public wi-fi

In the wake of the recent terrorist attacks in Paris, French law enforcement is considering banning public wi-fi. According to leaked documents by the French Ministry of the Interior, law enforcement wants to secure the Tor network when a state of emergency is declared by banning the use of the public wi-fi all together. The French newspaper La Monde  is said to have leaked the documents.

The city of Paris currently has over 300 locations that are serviced by public wi-fi and the Tor network. French law enforcement believes that public networks makes it harder to catch suspected terrorists who might be using the network to communicate to each other. The Tor network allows anonymity online and has also been used as a secure network for a drug marketplace. It is currently unclear if the Tor network was used during the Paris attacks and French law enforcement authorities are cautious about its possible use for ISIS communication in the future.

Blocking the Tor network completely would present a challenge for the French government. China is the only country that blocks Tor outright. To achieve this, the Chinese government has to block public entry nodes to the Tor network. In addition, China has to lookout for secret entry nodes. Unlike China, France promotes online freedom for its citizens. Therefore blocking the Tor network would infringe on the rights of French citizens. Since French law enforcement does not know if blocking Tor will have an effect on the ability for terrorist groups to communicate, it is a big risk. Encrypted social media chat apps like WhatsApp, in theory, are easier ways for terrorist groups to communicate without worrying about interference from the government.

The debate over privacy and national security seems to have just gotten started. New legislation that includes these stipulations may be presented to the French Parliament as early as January 2016. 

Article via Mashable, 8 December 2015

Photo: Paris November 2015 via Roberto Maldeno [Creative Commons Attribution-NonCommercial-NoDerivs]


Lawyers should wipe smartphones after use

Lawyers, like everyone else, have been quick to adapt to use of smartphones for business use. Having a little computer in your  pocket that is attached to the internet makes it easy for lawyers to reach and respond to clients and keep up with industry news. Law firms have become dependent on this technology and as a result smartphones have become a ubiquitous device. Since the time of the reign of blackberry, lawyers have been handed smartphones for company use on a regular basis.

But what is happening to these phones once the firms are done with them? More specifically, what is happening to all the client data that is collected on these phones while they were in use? Large firms usually have an enterprise solution for handling old smartphones. But it is less likely that the same is the case with smaller firms.

A recent study by the Blanco Technology Group revealed that data is sometimes left behind on second hand devices. They found that one-third of discarded smartphones had residual data left on them. Of the mobile devices with residual data, over half was left there after an attempted deletion. This means that even for those who were trying to protect their data by deleting it, they were unsuccessful and did not realize it.

For lawyers, this type of liability can make the stakes much higher. Possibly leaving confidential client information on a device can be extremely detrimental. This means that law firms, large and small, will need to take extra steps to make sure that their mobile devices are wiped clean. This includes not just smartphones, but also tablets and hard drives as well.

Lawyers will need to upgrade their tech savvy to make sure that their data and their clients stay safe.

Article via Above The Law, 8 October 2015

Photo: The iphone 4 via Jorge Quinteros [Creative Commons Attribution-NonCommercial-NoDerivs]


Websites and apps breach children’s privacy

As the usage of apps and websites by kids increases, new conversations about children’s privacy must occur. The Global Privacy Enforcement Network (GPEN) did a recent study in which it found that of the 1,494 websites and apps samples, 41 percent compromised children’s privacy.

The data, collected form 29 protection regulators worldwide, found that 67 percent of the websites collected information from kids, and only 31 percent of sites had any controls to limit collection.

Many of the websites very popular with kids did have statements in their privacy policies indicating that the website was not intended for children. However, these websites generally did not have any further controls to prevent the collection of personal data. Of the total sample, 22 percent of sites had a category for kids to input phone numbers, and 23 percent had a place to upload photos or videos.

Furthermore, children’s information isn’t always contained on the original site. Kids were given the opportunity to be redirected to another site on 58 percent of sites; 50 percent of sites shared personal information with third parties.

Despite the holes in website security found, some websites did use recommended precautions like parental dashboards, pre-set avatars and usernames, just-in-time warnings before info is submitted, and chat filters.

Adam Stevens, the head of UK’s Information Commissioner’s Office, says that the ICO will be contacting problematic websites and apps, “making clear the changes we expect them to make. We wouldn’t rule out enforcement action in this area if required.”

Article via LegalTech News, September 3, 2015

Photo: Misi with a Phone via Balazs Koren [Creative Commons Attribution-NonCommercial-NoDerivs]


Internet of things and risky legal questions

The Internet of Things (IoT) is the next revolution in tech. It promises to take devices and connect them together via the internet. Once these devices live together in a network, they will then be able to communicate to each other, machine-to-machine. This level of complexity introduces a new level of legal risk.

As it is today, if something goes wrong with your appliance then you can report to the manufacturer about the faulty product. The Internet of Things will complicate this straightforward matter. In the future, it may be that all parties involved can be held accountable for a product failure. This includes not only the manufacturer, but the internet service provider, the web hosted servers, etc.

This brings up a related issue, user contracts. Due to the legal complications of connecting smart devices, will manufactures for the users to void their contract if their product is connected? At the heart of this concern is data. What will happen if there is a data or security breach? Products connected via Internet of Things will share data. In the event of an attack, who will be legally responsible for the data breach and the fallout?

“The privacy implications are potentially huge,”says Trey Hanbury , an attorney that was interviewed about the formation of Internet of Things ecosystem.

Juniper Research suggest that the internet of things will lead to a more robust security model precisely for this reason. The ideal model would be able to shut down part of the network where an attack is happening without effecting the devices connected to other parts of the network.

What is clear is that lawyers need to get ready for a new period of legal risk and uncertainty due to the IoT revolution. Companies are already heavily investing in building more connected devices. By the year 2020, there is expected to be an infrastructure running that will support a heavily connected world. It will be an exciting time to sort out how the next generation of security and liability will be legally accessed when property has gone digital.

 Article via LegalTechNews, 4 September 2015

Photo: Brooklyn Community Board via Bryan Bruchman[Creative Commons Attribution-NonCommercial-NoDerivs]


Microsoft case calls into question what internet privacy entails

As more and more content ranging from emails to personal information is being stored virtually in the cloud, questions about who should be able to access this content and how they must obtain the information are starting to arise. Currently, Microsoft has challenged the ability of the US government to obtain information stored in one of their data centers located abroad. If the information was stored in a physical form, the United States would have to work in cooperation with the government of the country in which the information is stored. However, the law is not as black and white concerning digital files. Executive Vice President and General Counsel of Microsoft Brad Smith states that is the responsibility of not only tech companies but also Congress to start setting precedents for laws regarding internet privacy so citizens can trust and understand digitally-storing files.

Smith also states that views on who has ownership of digital files may need to be altered. He explains that companies providing online storage have no more ownership of the files than the post office has of the content of a letter that is being mailed. Congress will also have to decide whether physical borders between countries continue to exist in the virtual world. Though the technicalities and concerns about internet privacy may seem confusing, Smith reassures tech users that measures are already being implemented that relieve citizens of having to worry about their privacy being violated even if they don’t understand all the ins and outs of cloud storage.

Article via Above the LawAugust 18, 2015

Photo DSC_6005 via Judson Weinsheimer [Creative Commons Attribution-NonCommercial-NoDerivs]