Tag Archives: security

Another State Passes Law to Protect Consumer Data

States are taking online consumer protection into their own hands given a perceived lack of sufficient protection at the federal level. Maine now has jumped in.

Indeed, Janet Mills, the Governor of Maine, just signed into law arguably one of the strongest privacy bills in the country. This law, called the Act to Protect the Privacy of Online Consumer Information and which goes into effect on July 1, prohibits internet service providers from using, selling, or distributing data from consumers without obtaining their consent. And, according to The Hill, this new state law bars internet service providers from refusing to serve consumers, penalizing consumers or offering them discounts to seek to gain their permission to sell their data.

Consumer Affairs and Privacy

This bold step by Maine follows in the footsteps of California, a state which passed a complicated online privacy law last year. That law has been both applauded by privacy activists and criticized in certain respects by the tech industry.

At first blush, the new Maine law may be even more robust than the California law. The Maine law is opt-in in nature, requiring explicit consent from consumers before internet service providers can sell their data. The California law is opt-out in effect, making consumers affirmatively request that their data not be sold.

So, what is the genesis of the Maine law? It seems patterned after a prior Federal Communications measure — a measure that was removed by the Trump administration in 2017. Perhaps it is because of this nullification that states are entering the fray to seek greater consumer protection.

This is reminiscent of when states passed laws dealing unsolicited commercial email before Congress enacted the Can-Spam Act at the federal level. It also is a reminder of the various state laws addressing data breach notifications.

Legislative Patchwork and Protection

The creation of a patchwork of different state laws is not necessarily ideal. It is difficult for internet service providers to know how to guide their practices, when their customers are located in various states with different laws.

When in doubt, in such a context, internet service providers arguably would be best served by honoring the dictates of the state with the most strict law on the books — to make sure that they are not violating any law. If they are complying with the strictest law, they then also should in compliance with more permissive laws in other states. (Internet service providers obviously should seek specific legal advice from skilled counsel).

A strict law in just one state, even a small state like Maine, can have a major impact when the federal government creates a void.

Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him atejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.

Executive Order Addresses Foreign Threats to U.S. Information and Communications Technology and Services Systems

On May 15, 2019, President Donald Trump signed Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain” (Federal Register Vol. 84. No. 96, page 22689-92).

Supported by various laws and regulations, the president determined that the United States’ information communication technology systems are increasingly under threat from “foreign adversaries,” defined as “any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.” These systems and services are targets for “malicious cyber-enabled actions, including economic and industrial espionage” as they “store and communicate vast amounts of sensitive information, facilitate the digital economy, and support critical infrastructure and vital emergency services.”

To read the full text of this Duane Morris Alert, please visit the firm website.

Emailgate — Here We Go Again!

Long before votes were cast for the 2016 Presidential election, this blogger discussed how Hillary Clinton’s government-related emails that were sent and received on private servers could become a thorn in her political side.

Why?

Because government records must be maintained as government records so, among other reasons, they can be open and available to public review. Indeed, laws like the Freedom of Information Act maintain that to have a vital and truly functioning democracy, those who govern must be accountable to the governed; the workings of government must be transparent pursuant to “sunshine” laws. Sunshine is the best disinfectant when it comes to government affairs. Continue reading Emailgate — Here We Go Again!

Politicians Seek Greater Online Consumer Privacy Protections

The Congressional mid-term elections are coming up. There is ample current discussion about whether the Republicans can hold onto majorities in both the Senate and the House of Representatives. Many Democrats believe that they have a strong chance of taking over as the majority party in the House, and some think that they may even take the Senate majority, but that latter potential achievement will be far more difficult, as many more Democrat Senators are up for reelection than Republican Senators.

If the Democrats take over as the majority party in the House, CNET reports that they plan to urge broad internet privacy protections. Representative Ro Khanna from Silicon Valley has drafted an “Internet Bill of Rights.” At this point, this document is not a bill, but instead puts forward ten principles that Khanna reportedly wants to become part of a comprehensive legislative package that could be considered by Congress in 2019.  Continue reading Politicians Seek Greater Online Consumer Privacy Protections

Email Is Not Dead; Gmail Rolls Out New Features

Long ago in internet time, email was hip and was the next big thing. No longer did we have to shove paper into fax machines to send relatively quick communications, nor did we have to wait for the paper to spit out from such noisy machines when receiving fast-breaking information. Instead, in paperless fashion, we could send and receive emails right from our own computers, and then laptops, tablets, and phones.

But technology continues to evolve. And as internet time went by, email no longer was cool, and by some was considered to be a dinosaur. Why? Because along came texts and the vast assortment of social media means of communication, like instant messaging, Snapchat, WhatsApp messages, Facebook posts, Twitter tweets, and the list goes on and on. And there were concerns about email hacks and lack of security.  Continue reading Email Is Not Dead; Gmail Rolls Out New Features

Internet Freedom and Security Statistics Across Countries

All countries are not the same when it comes to online freedom and security issues. This is borne out by recent statistics published by Richard Patterson of Comparitech.

When it comes to the amount of freedom offered by countries on the internet, a scale of 1 to 100 is implemented, with 1 being the absolute best possible, and with 100 being the worst. While the United States comes in with a relatively low score of 18, the US is not ranked the most free. Indeed, both Iceland and Estonia have a very low score of 6, with Canada next at 16, then the US at 18. Other relatively free countries include Germany at 19, Australia at 21, Japan at 22, the UK at 23, and South Africa and Italy both at 25.

Continue reading Internet Freedom and Security Statistics Across Countries

The Coming Tech Year

We made it through 2016. So, what’s in store in 2017 when it comes to hot tech issues? There are many hot issues, such as big data, intellectual property disputes, the sharing economy, and drones. But this blog covers the three potential biggest issues. Drum roll please — here we go!

1. Security — Cybercrime & Cyberwarfare

Hacking, hacking, hacking …

Security on the internet is the first and foremost tech issue for 2017.

Hacking is penetrating all sorts of systems. For example, individuals are vulnerable to cybercrime, as their personally identifiable information is stolen when companies are hacked.

And cyberwarfare appears to be here and now, and not just some speculation about the future. Indeed, the Senate is preparing at this moment to hold hearings about the implications of apparent Russian hacking that meddled in our recent presidential election.

This year likely will be dominated by efforts to combat threats to internet security.

Continue reading The Coming Tech Year

What the Recent Cyberattack Means and Ways Businesses Can Protect Themselves

The unprecedented cyberattack on October 21, 2016, which crippled many of the Internet’s most widely trafficked sites, should be a wakeup call for businesses about the potential for hackers to weaponize common Internet-enabled devices and cripple businesses.

What Happened?

The cyberattack was caused in part by malware directed to more than 10 million Internet-connected devices, including DVRs, thermostats and closed-circuit video cameras. It caused a distributed denial-of-service attack (i.e., service interruption) that hit in three waves. Dyn, an Internet services company that directs Internet traffic, reported that the attack hit all of its 18 data centers globally. Early reports show that the disruption may be responsible for up to $110 million in lost revenue and sales. Perhaps most troubling is that the group claiming responsibility said the attack is merely a dry run for much larger attacks.

Continue reading What the Recent Cyberattack Means and Ways Businesses Can Protect Themselves

The Eighth Circuit Gives Defendants New Ammunition Against Data Breach/Misuse Cases

Since the Supreme Court’s decision in Spokeo v. Robins, courts have begun to ratchet back prior decisions on the minimum standard to plead an injury sufficient to establish Article III standing. The recent Eighth Circuit opinion in Braitberg v. Charter Communications adds to the growing number of cases defendants will rely upon to get data breach cases dismissed at the pleadings stage. Braitberg addressed standing in the context of the retention, use, and protection of personally identifiable information. Although the case did not involve a data breach, its holding is however instructive when defending against such cases.

In Braitberg, plaintiff alleged that he was required to provide personally identifiable information to purchase cable services and that the cable provider improperly retained his information long after he cancelled the services in violation of the Cable Communications Policy Act (“CCPA”).

Prior to Spokeo, such claims would have been sufficient to establish Article III standing because the Eighth Circuit permitted the actual injury requirement to be satisfied solely by pleading that there was an invasion of a legal right that Congress created. The Supreme Court in Spokeo held that Article III standing requires a “concrete injury” even in the context of a statutory violation.

With the benefit of Spokeo’s guidance, the Eighth Circuit acknowledged that Spokeo superseded its prior precedent. Accordingly, the panel affirmed the district court’s dismissal of the complaint for lack of Article III standing and failure to state a claim. In doing so, the panel rejected arguments that CCPA created standing to sue where the defendant merely retained the data in violation of the statute with no other injury. It further rejected an economic argument that retention of the data deprived plaintiff of the full value of the services received from the company.

This decision is important for two reasons. First, the Eighth Circuit further narrowed the scope of allegations that will give rise to Article III standing in a post-Spokeo world. Second, in denying the economic argument, the court cut off an alternative avenue by which plaintiffs have successfully alleged harm.

How to Improve Your Computer Experience

It probably is fair to say that most of us are glued to our computers for a large part of each and every day. Accordingly, how can we improve our computer experience? A good start is to follow eight fairly simple tips, among a variety of other tips that also could be considered.

First, make sure periodically to restart your computer. A restart can cure computer sluggishness. We all have a need for speed, so reboot!

The second tip is not use your keyboard as a plate. You accidentally could spill something that could destroy your computer. Also, computer keyboards host all sorts of bacteria and thus are not sanitary. So, don’t compute where you eat! Continue reading How to Improve Your Computer Experience