Articles Posted in Government

Published on: | by

On June 4, 2015, four million current and former federal employees were informed that China-based hackers were suspected of gaining access to and compromising their personally identifiable information (PII) via a breach of government computer networks. The scope of the attack has allowed it to be described as one of the largest governmental data thefts.

What actions have been taken since the attack?

Directly after the attack, the administration decided to expand the National Security Agency’s internet traffic surveillance, especially in regards to international hackers.  The FBI is currently investigating the attack by looking into the threats posed to the public and private sectors. The Office of Personnel Management (OPM) reported that federal employees will be appropriately notified and given access to credit reports, credit monitoring, identity theft insurance, and recovery services. The OPM is responsible for collecting and processing security clearance forms, which were accessed in the breach. It is possible that the hackers have access to the personal and professional references of the victims. Because of the breadth of the data held by the OPM, the agency is telling individuals to monitor and report unusual activities.

Continue Reading ›

Published on: | by

On May 26, 2015, the Internal Revenue Service (“IRS”) announced that criminals illegally accessed data to retrieve the past tax returns of approximately 100,000 individuals through the IRS website. The criminals managed to use social security numbers, birth dates, street addresses, and “out of wallet” data (e.g., person’s first car, high school mascot.)

How was the personal information accessed?

During the months of February to May, attackers attempted to get access to tax information over 200,000 times through the IRS “Get Transcript” online application, which allows for viewing information from previous returns. The criminals managed to go through many steps of an authentication process to view these previous returns, exploiting data from breaches in the past. Recent breaches of companies like Target, Home Depot, JP Morgan Chase, Sony, and Anthem have allowed for personal information to be easily accessible to hackers. In addition, it is possible for identity thieves to get basic answers to security questions from individuals’ social media accounts and search databases. The IRS proceeded to send $50 million in refunds before detecting the criminal activity.

Continue Reading ›

Published on: | by

As of March 25, 2015, the Securities and Exchange Commission (“SEC”) adopted new rules to update and expand Regulation A. Regulation A+ will allow companies to gain access to funds through crowdfunding. These new rules are mandated by Title IV of the Jumpstart Our Business Startups (JOBS) Act.

What will the new rules do?

The update and expansion of Regulation A to Regulation A+ will allow smaller companies to sell up to $50 million of securities in a 12-month period.  These exemptions, however, are subject to eligibility, disclosure, and reporting requirements. The new rules have created a more effective way to raise capital while attracting and protecting investors. Non-accredited investors will be allowed to annually invest up to ten percent of their income or net worth, depending on which amount is greater. Before the new rules came out, only accredited investors were able to invest in startups through equity crowdfunding. The final rules are referred to as Regulation A+ and are provided in two tiers of offerings based on amount of security offerings over a 12-month period. Both are subject to the same basic requirements and eligibility limits, but differ in registration and qualification offerings.

Continue Reading ›

Published on: | by

In recent times, the non-consensual publishing of private images online has been a topic of debate among lawmakers. Since our last article discussing revenge porn, there have been new laws passed and proposed that show state governments’ increasing pushback against posters of revenge porn and their facilitators. More and more states are passing laws that address cyberstalking, cyberharassment, and similar offenses leading to a wide array of people prosecuted for revenge porn.

What is the new California law?

On October 1, 2013, Senate Bill 255 (“SB 255”) took effect and was codified in California Penal Code § 647(j)(4). On January 1, 2015, a new amendment to this section went into effect specifying that a defendant is liable if he/she should have known that the subject of the photo did not consent to having his/her picture published online. An amendment to California Civil Code § 1708.85, also came into effect recently in order to allow victims of revenge porn to sue for civil damages. Now, revenge porn posters and hosts may be held liable, both criminally and civilly, in California. In fact, a recent California case caused quite a stir when the operator of a website, who allowed third-party posting of revenge porn, was sentenced to 18 years in prison for identity theft and extortion. So, with the new civil code amendment, this form of prosecution should be more available to victims.

Continue Reading ›

Published on: | by

In 2011, Congress proposed two relatively similar bills—House of Representatives’ Stop Online Piracy Act (SOPA) and Senate’s Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA)—that legislators and lobbyists hailed as providing important protections against piracy and counterfeiting online. Yet, this apparently strong support was quickly withdrawn when a massive online protest in January 2012 sparked intense and ultimately fatal opposition to the bills.

Despite the strong public disapproval and lack of Congressional support, in July 2014 the Intellectual Property Law (IPL) Section of the ABA issued a white paper proposing that Congress enact legislation allowing essentially the same private copyright infringement suits against allegedly infringing foreign websites as those provided for in SOPA and PIPA, and suggesting that those protections be extended to trademarks as well.

How Does the ABA’s Proposal Differ From Previously Rejected Legislation?

Continue Reading ›

Published on: | by

The recreational use of drones, or unmanned aerial vehicles (UAV), has become increasingly popular in the United States. While such use has gone largely unregulated due to the unlikeliness that these drones will obstruct air traffic, commercial and governmental use of drones—especially larger drones—has sparked safety and privacy concerns leading to attempts at regulation.

What Are the Major Concerns?

With respect to public safety, the primary concern is that drones will collide or otherwise interfere with other aircraft, particularly when flown in congested airspace such airports. The Federal Aviation Administration (FAA) legitimized this concern by admitting the difficulty in policing drone use since they are typically undetectable by radar. Even assuming drone violations were detectable, it would be nearly impossible to track down the device or, more importantly, its operator. In addition, the inability to fully monitor drone use has caused public concern over personal privacy and accountability for breaches.

Continue Reading ›

Published on: | by

The recent cyberattack on Anthem, Inc., one of the largest health insurance companies in the United States, illustrates the persistence and severity of the risk of data breaches. On February 4, 2015, Anthem confirmed that one of its databases had been hacked. The data breach exposed personal information of approximately 80 million Anthem customers and employees—including names, birthdays, member health ID and Social Security numbers, street addresses, telephone numbers, e-mail addresses, and employment information—potentially the most damaging cyberattack to date on a health insurer.

Noting a pattern of medical data thefts from health insurers by foreign intelligence organizations, the FBI concluded that the attack was likely the work of Chinese hackers attempting to gain access to the networks of defense contractors and government workers. Moreover, while hackers have targeted healthcare providers, similar attacks on companies like Target, Sony, JP Morgan Chase, and Home Depot, signify the risk to all types of businesses.

One obvious implication for businesses that fall victim to these attacks—beyond negative press—is the exposure to liability for the resulting invasion on individuals’ privacy. For instance, individuals have already begun filing class action lawsuits for this particular breach, asserting that Anthem should be held responsible given its inadequate security measures—namely, its failure to employ encryption to prevent unauthorized access to their personal information.

Continue Reading ›

Published on: | by

Net neutrality refers to the principle that Internet service providers and governments should treat all Internet traffic equally, regardless of the source. Among other implications, net neutrality includes the idea that a website should not be given the option to pay an Internet service provider a premium to speed up its connection at the expense of slowing down the connections for other, non-paying websites. While this concept may seem fair enough, it is more of an ideal than a reflection of reality.

What Are the Applicable Regulations?

Under the Telecommunications Act of 1996, the Federal Communications Commission (FCC) is authorized to regulate “telecommunications services” as common carriers, like public utilities, while “information services” are exempt from utility-like regulation. Historically, broadband Internet service providers have been classified as “information services,” and thus the FCC has not been allowed to regulate the Internet with certain rules that it may legally impose on businesses classified as “telecommunication services.”

Continue Reading ›

Published on: | by

The Internet of Things (“IoT”) is the next evolution and is making a remarkable impact on technology and our way of life. In fact, the availability of an omnipresent network connectivity has fostered the widespread use of smart devices.

Devices are now able to communicate with each other through embedded sensors that are linked by wired and wireless networks. For example, they include thermostats, automobiles, or pills that permit a physician to monitor the patient’s health.

Technology has allowed us to detect and monitor changes in the physical status of connected devices (e.g., RFID, sensors) in real-time. Technology advancements allow networks and objects they connect to become more intelligent. The factors that are currently driving growth, include, development of smart cities, smart cars, and smart homes, enhanced connectivity infrastructures, and a connected cultures.

Continue Reading ›

Published on: | by

Electronic discovery (a/k/a “eDiscovery”) is the process of identifying, locating, preserving, collecting, preparing, reviewing, and producing electronically stored information in the context of the legal process. Electronically stored information (“ESI”) includes anything that can be stored in electronic form on a computer or other media device. A computer is defined as “an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions (e.g., desktop, laptop, smart phones, tablets, CDs, DVDs, flash drives, backup tapes, voice mail, servers, and access control systems).

What Are the Issues That Arise During Electronic Discovery?

The following issues may arise during the course of electronic discovery:  First, the attorney-client privilege and work-product doctrine play a key role.  The attorney-client privilege protects the confidentiality of communications between an attorney and his/her client.  The work-product doctrine prevents a party from discovering documents that are prepared in anticipation of litigation.

Continue Reading ›