Category

Computer Crimes

21 December 2017

Northern District of California Enjoins LinkedIn from Preventing Scraping of Public User Profiles

In a decision that may have profound implications for social media companies, the big data industry and website terms of use everywhere, Judge Edward Chen of the Northern District of California granted hiQ Labs’ motion for preliminary injunction on August 14, 2017, enjoining LinkedIn from “preventing hiQ’s access, copying, or use of public profiles on LinkedIn’s website.” hiQ Labs, Inc. v. LinkedIn Corporation (N.D. Cal. No. 3:17-cv-03301-EMC). The case is on appeal and will be heard by the Ninth Circuit in 2018. (more…)

SHARE
EmailPrintShare
04 May 2016

FBI Issues Guidance on Ransomware Response

On April 29, 2016, the FBI published an alert regarding “Incidents of Ransomware on the Rise.”

The piece provides FBI guidance on how to protect organizations, as well as the FBI’s recommendation not to pay the ransom (though in practice, they have acknowledged that it may be necessary to do so if no backup is available for essential data).

(more…)

SHARE
EmailPrintShare
02 May 2016

Defend Trade Secrets Act Offers a New Response to Cyber Intrusions

Companies may soon have a new way to respond to hacking.  On Wednesday, April 27, the House passed the Defend Trade Secrets Act (“DTSA”) by a vote of 410-2. The bill has already been approved by the Senate and has the Obama administration’s support, which means little stands in the way of DTSA becoming law within the next week.

(more…)

SHARE
EmailPrintShare
10 February 2016

President Takes Action On Cybersecurity

President Obama today unveiled a “Cybersecurity National Action Plan.” The administration’s proposed budget includes $19 billion for cybersecurity spending, $3 billion of which will be devoted to updating agency systems. The plan includes the creation of a Federal Chief Information Security Officer to guide the implementation of increased security across the federal government and reside within the Office of Management and Budget. President Obama also issued two executive orders. The first establishes the Commission on Enhancing National Cybersecurity within the Department of Commerce to be composed of technology, national security, and business leaders. The Commission is charged with developing by December 1, 2016 “detailed recommendations to strengthen cybersecurity in both the public and private sectors.” The second requires the establishment of a Senior Agency Official for Privacy at each agency and creates the Federal Privacy Council as “the principal interagency forum to improve the Government privacy practices of agencies and entities acting on their behalf.” The OMB Director will be chair of the Federal Privacy Council, which will have the focus of coordinating internal agency policies.

(more…)

SHARE
EmailPrintShare
07 January 2016

Patient Access and Medicare Protection Act

On December 28, 2015, President Obama signed into law S. 2425, the Patient Access and Medicare Protection Act (the “Act”).  In addition to provisions intended to ensure that Medicare reimbursement policies promote continued access to certain durable medical equipment, like wheelchair accessories, the Act includes provisions that affect adoption of Health Information Technology (“HIT”) and those that provide greater protection against medical identity theft.  Specifically, the Act recognizes various categories of hardship exceptions from meaningful use requirements for the 2015 reporting period and strengthens the penalties associated with medical identity theft.

(more…)

SHARE
EmailPrintShare
06 January 2016

OFAC issues Cyber-Related Sanctions Regulations

In the aftermath of the cyber attack on the Office of Personnel Management and the significant loss of corporate intellectual property, the U.S. government has announced new tools to respond to and to deter such harmful attacks.  On December 31, 2015, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued new U.S. Cyber-Related Sanctions Regulations, set forth in 31 C.F.R. § 578 (“Cyber-Related Sanctions Regulations”).  The Cyber-Related Sanctions Regulations are designed to implement Executive Order 13694, which targets perpetrators of malicious cyber-activities (e.g., hacking and Distributed Denial of Service (DDoS) attacks) as well as those who support such activities and certain recipients and users of stolen trade secrets.  For a more detailed discussion of E.O. 13694, which was issued by President Obama on April 1, 2015, see our previous alert.

(more…)

SHARE
EmailPrintShare
17 November 2015

FCC Enforcement Bureau Issues First Privacy Enforcement Order Against a Cable Operator

On November 5, 2015, the Federal Communications Commission (“FCC” or “Commission”) issued its first ever privacy or data security enforcement order against a cable provider, Cox Communications, Inc. (“Cox”). The order adopted a consent decree entered into with the company, fining the company $595,000 for the breach. The order sets out that in August 2014, a hacker used social engineering tactics, or “pretexting,” to impersonate someone from Cox’s information technology department in a phishing scheme to successfully convince a Cox contractor to enter an account ID and password into a fake website which the hackers controlled. Without multi-factor authentication in place for the targeted systems, the hacker and an accomplice were able to use those captured credentials to obtain the personal information and /or Customer Proprietary Network Information (“CPNI”) of 54 current and seven former customers. Cox notified the FBI of the breach, but did not notify the FCC through the Commission’s breach-reporting portal.

(more…)

SHARE
EmailPrintShare
09 November 2015

Senate Passes Cybersecurity Legislation, Differences to be Worked Out with House Bills

On October 27, 2015, the Senate passed S. 754, the Cybersecurity Information Sharing Act (“CISA”), with bi-partisan support. Although some raised privacy concerns, CISA received backing from the Administration and support from many industry participants. The Senate bill must be reconciled with similar bills in the House (H.R. 1560 and H.R. 1731) before a conference version is produced. This process may be contentious as privacy advocates seek to strengthen protections for personal information, and Senator Richard Burr, Chairman of the Senate Intelligence Committee and co-sponsor of CISA, indicated that the conferencing process is unlikely to produce a resolution before January 2016.

(more…)

SHARE
EmailPrintShare
14 September 2015

PLI Issues Cybersecurity Treatise

The Practising Legal Institute has published “Cybersecurity: A Practical Guide to the Law of Cyber Risk,”  a treatise edited by Ed McNicholas and Vivek Mohan of Sidley Austin LLP.   This “Sidley on Cybersecurity” treatise sets out in a clear and readable manner the complex legal framework for cybersecurity in the United States.  We hope that it will be a practical legal guide for in-house attorneys, IT leaders, senior executives, and corporate directors concerned about cybersecurity risk.

(more…)

SHARE
EmailPrintShare
09 September 2015

Financial Regulators Continue Focus on Cybersecurity; CFTC joins the Chorus

Cybersecurity attacks have increasingly garnered significant attention this summer—and financial regulators are taking notice and taking action. Earlier in August, the Securities and Exchange Commission (“SEC”) announced the indictment of nine players in a major hacking ring. The ring was designed to obtain corporate announcements prior to their public release, to give purchasers of the illegally obtained information an edge in securities trading. The attack combined old-school securities fraud with new-school cybercrime, and served as a reminder of financial markets’ potential vulnerabilities from the ingenuity of cybercriminals.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator