Articles Posted in Technology

Published on: | by

In recent years, we have all heard the expression before, but how does someone really “break the Internet?” Recently, an incident arose where a large network of electronic devices joined together resulting in a major interference with online businesses and services. Amazon, Netflix, and Yahoo, were hobbled temporarily due to various flaws in the Internet of Things. This flaw allowed individuals to create what’s known as a botnet, to launch a massive DDoS attack to effectively shut down services.  So, how would we prevent a similar incident from occurring? Should you be concerned about your smart devices? What about your websites and online services?

How did the Internet of Things become weaponized?

As it stands, the Internet of Things, which comprises of smart devices that connect online for the convenience of individuals, became weaponized against service providers, and created a “botnet.”  Effectively, some type of malware was downloaded onto these smart devices prompting them to send requests to certain websites. When these websites become overwhelmed by the requests, it resulted in websites crashing, or becoming generally unavailable to the users.  Here, one might wonder how, but the real answer was due to a lack of knowledge, training, and security. Unlike regular computers, tablets, and cellphones, smart devices do not always have the capability for security updates. With this, even for those devices that might be on a more secure network, the Internet of Things still entails those devices being connected online. This makes them vulnerable to more pinpointed attacks.  From there, the controller of the botnet can use the Internet of Things to launch the DDoS attack and crash a network.

Continue Reading ›

Published on: | by

As it stands, the Internet of Things can be a dangerous proposition. Due to various hacking techniques, like rubber ducks, pineapples, and pivoting, one must wonder, if it can be hacked into, and if so, then what can we do about it? What about cars, planes, trains, and power plants? To this point, the U.S. Government has launched the Cybersecurity National Action Plan or CNAP. The idea is to add more information and resources into the system, increasing the amount of resources to help build up cybersecurity and investing resources into security measures. So, what is the government doing with CNAP? How might this help a business? How might this help individuals?

What does CNAP do?

It’s a set of guidelines and goals that the Obama Administration has implemented to help build the cybersecurity network, protect against attacks on the Internet of Things, and the general national network as a whole. The first, and easiest way it plans to do this is through the 2017 budget, allocating approximately 19 billion dollars for cybersecurity, up by 35% from the previous year’s budget.  It also incorporates and promotes other existing goals and changes, such as the BuySecure Initiative requiring credit cards to incorporate smartchips, and making large businesses use the smartchip option rather than the traditional magnetic strip.  CNAP also incorporates other ideas, such as multifactor authentication, identity for Federal Government digital services, training for small businesses, and relaunching identitytheft.gov.  Therefore, it is less of a new initiative, but rather a continuation of previous actions.

Continue Reading ›

Published on: | by

Nowadays, we’re using the web for numerous purposes, including, but not limited to, online banking.  So, we should be able to protect our financial information. There are many options for hackers to gain access to financial information, and without the prerequisite security, financial information can be accessed by hackers.  The law outlines the rules for financial institutions, such as data protection, data sharing, data preservation, security breach notification, or insurance requirements.  Also, there are different standards when it comes to consumer and business bank accounts.  For example, businesses face different prerequisites that must be fulfilled prior to submitting a claim towards a financial institution.

How might hackers commit banking fraud?

Looking at how hackers may even access your financial information, there are a few tools that need to be highlighted. Among them are Pivoting, Rubber ducks, and Pineapples. While this perhaps sounds odd, the way they can work is terrifying. Pivoting is a process hackers can use to break into a computer system by accessing it through an already-compromised device. For example, a hacker may access a web server by gaining access to an email server within the same network.  These discrepancies can also occur between smart devices, which indicate a downside to the Internet of Things. Rubber ducks are special USB drives with small processors. They act as a “Trojan Horse” by downloading and re-uploading information quickly and autonomously without causing alerts. Pineapples, in comparison, are more likely to come across, but more difficult to avoid.  These are devices that “clone” Wi-Fi networks. They will function in the same way, allowing individuals to connect and access the web, but can also be used to access and hack data after someone is connected. Pineapples and Rubber ducks are dangerous because they can download “keyloggers” onto computers, which would record and transfer confidential information (e.g., passwords, financial data) to the hacker’s computer.

Continue Reading ›

Published on: | by

We’ve discussed the nature of this before, but the EU-US Privacy Shield has gone into full effect. This program essentially restricts the ability of U.S. commercial entities to do business in the European Union due to the ability of the U.S. government to use international businesses to improperly conduct surveillance on citizens within the European Union.  In response, the European Union removed the blanket ability of U.S. companies to do business with European Union members as part of the Safe Harbor provision. The Safe Harbor provision was loosely drafted in its self-certification, prompting the switch to the Privacy Shield today. As it stands now, this program is still in its fledgling stages, with registrations beginning on August 1, 2016.  These registrations begin with a murky area of international commerce. So, how could one join the privacy shield? Is your organization even be eligible? What might happen if an organization refuses to participate?

How can you join the Privacy Shield?

The Privacy Shield is open to any business that is subject to regulation by the Federal Trade Commission (FTC) or Department of Transportation (DOT).  In general, conducting business and affecting commerce would qualify entities under this regulation, although, there are some exceptions, such as, financial institutions, labor associations, and non-profit organizations that may not qualify.  After meeting the base qualifications, an entity may then “self-certify” by coming up with a plan that meets the basic requirements of the EU-US Privacy Shield.  This would include measures to protect the data of European customers and employees stationed in Europe, even after ending participation in the Privacy Shield.

Continue Reading ›

Published on: | by

The internet with its “remix culture” often appropriates images and videos to create new things. Yet, this also includes personal images. Be it “Bad Luck Brian,” “Overly Attached Girlfriend,” or some exploitable image, how could one protect his or her personal image from being remixed and exploited for a financial incentive?  This is also a question appearing outside of the internet in particular with book covers and music videos. How might one protect his or her own face and body? What is the best method of protecting one’s image?  Is this related to the right of privacy or right of publicity?

How could a person protect his/her own face and image?

Outside of simply preventing your image to be published online by avoiding social media, preventing photos to be taken, or spending your days behind a mask, the only way to protect your image comes up after an incident has occurred online.  The right over one’s own image can be boiled down to privacy claims with three main types of laws protecting it. First, the right to privacy. Second, is biometric privacy law.  Third, is the right of publicity. Of the three, biometric data is the newest with statutes in Illinois and Texas and minor provisions drafted in Iowa, Nebraska, North Carolina, Oregon, Wisconsin, Wyoming, and New York.  The idea of a biometric privacy law is that it creates a “privacy right” over an individual’s biometric features (e.g., fingerprint, retina, iris scans). Yet, ultimately this would only serve to protect one from larger entities.  To that point, the law in Texas lacks a private right of action but permits the State Attorney General to instigate legal action.

Continue Reading ›

Published on: | by

In the current news is another emerging technology, which is called Augmented Reality. In general, augmented reality (“AR”) uses technology to artificially create the reality a person experiences. For example, this could be a pair of glasses that shows a person’s contact information when his/her face is seen, or mobile apps, like Pokemon Go, which interact with your location and surroundings to create aspects of the game. Yes, Pokemon Go, the new mobile app juggernaut that has emerged into the market, is something that up to now, hasn’t taken place on such a massive scale. Yet, this new application has created unique legal questions. What can we do with this experience that encourages people to travel all over? How might one protect his/her property from players? Is there any way to stop Niantic, the creator of the game, from using your property in the game?

How does Pokemon Go work?

Before addressing the legal problems that arise from the game, it’s important to know how the game works. As stated before, Pokemon Go is a form of AR, using GPS data from the location to help generate the variety of creatures that can appear in a location.  In addition, certain locations and landmarks are coded to either give players items, or act as “goals” for them to capture for a team. There are small images on the markers, with titles and occasionally small descriptions. While many of these locations may be in public, or on publicly-accessible property, there are others that appear to be on privately owned or closed-off property.  While it appears that there are some deals with Niantic to add goals at the locations of real-world partners, however, it is not the norm.

Continue Reading ›

Published on: | by

In the current times, website design is a basic step for business operations. The design must be balanced, with attractive features and easy-to-use interface.  The user interaction has to be accounted for, the visit locations, how the website flows.  And with that, various user agreements are also in place to prevent liability for certain actions, or to impose restrictions on what an individual can do on the website.  So, how might this be enforced? What if there were difficulties in the website design that would render the clickwrap agreement invalid? How might this be decided?

What is a clickwrap agreement?

Now, as we’ve discussed before, a clickwrap agreement is a virtual agreement, made when a digital product is delivered online. This could be anything from a song over iTunes, or an eBook over Nook or Kindle. The idea behind this sort of agreement, differentiating it from a similar “browsewrap” agreement, is how the individual using the page does not need to explicitly assent to the agreement. This would be like a link that takes a user to a page with the full terms or a popup with the ability to assent, by clicking “I agree” or “I accept” the terms and conditions.

Continue Reading ›

Published on: | by

With the ever-increasing dominance of cameras in our society, we might never think to ask “can someone find me from a picture?”  How futuristic would it be, to snap a picture of someone’s face and see their social media? To use a face like a business card? While technology may not be at that point, the law seems to be ahead of the curve. Currently, there are two lawsuits regarding the “tagging” of a person’s image online through social media due to one state’s law protecting biometric privacy, and how that affects us in interstate commerce. So, what is this law? What are the details of the lawsuits? How might this affect interstate commerce in general?

What are the lawsuits about?

The law itself comes out of Illinois, prompted by biometric additions to payment systems. Biometric data itself is quite common. It could include an individuals’ face, voice, fingerprint, retina scan, or blood type.  Anything that comes from the individual’s body that is recorded could qualify. This would then be used to determine the person’s identity or recorded for their own use, like in a health-monitoring app. The law requires any entity that is collecting this type of information, both tell the individuals, and explicitly obtain their consent.

Continue Reading ›

Published on: | by

In the future, drones may be a commonplace since businesses are using drones for commercial purposes, and individuals are flying drones as a hobby. You may wonder about your privacy with all those eyes in the sky. Drones that can go about, without giving you a way to stop them. As shooting a drone out of the sky is generally frowned upon, what could you do to protect your privacy and your legal rights? With all that information on drones, what you can do, where you can fly, what about the laws that protect you from drones? What protects your privacy? What protects your business?

How to protect your privacy from drones?

In protecting privacy, there are a few aspects that have been mentioned earlier.  Namely the FAA requirements to register and display a drone’s registration. Following that, it is encouraged to report any improper use of a drone. Given that a drone’s registration number must be on the drone, it does mean if a drone is infringing on your privacy, then you can report it to local law enforcement agencies.

Continue Reading ›

Published on: | by

So far, we have discussed what licenses are necessary and how you will be using your drone. Surely, there can’t be more issues.  Well, not quite. Following the issuance of drone licenses, there are restrictions on where and when these drones can fly.  Be it for safety or for general security concerns, drones are not allowed in all national airspace. So, where can you fly? What sort of events and situations would cause the airspace to become restricted? Is there any way to fly without licensing or airspace restrictions?

Where can you fly?

This first aspect is an interesting one. When you fly, you are generally flying in the National Airspace. Be it from a blade of grass to the wild blue sky, that space is regulated by the Federal Aviation Administration.  However, not all of that space is available for drones. First, is the restriction on altitude, ranging your navigation to approximately 400 feet, and restrictions on piloting drones in certain areas, like sporting arenas, restricted airspace (e.g., Disneyland), heavily populated areas and airports. This is mainly due to security concerns, as it is measured by what damage a drone can do in those areas. For example, it is generally prohibited to fly model aircrafts within five miles of an airport without notifying the tower, to prevent any difficulties with takeoffs and landings.  In those cases, where a drone may be piloted, it’s generally with a letter of agreement with the airport, detailing the operator’s authorization.

Continue Reading ›