Category Archives: Cyber Laws

The Internet of Things and the FTC – Don’t Be the Test Case

Kevin Ashton, an expert on digital innovation, stated 15 years ago that, “If we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.”  We are a lot closer to that reality now than when Mr. Ashton first wrote those words. As most people know by now, the Internet of Things is the ever-more-present future in which everyday objects …

[ CONTINUE READING ]

Apple’s DOJ Battle Scratches the Surface of Encryption Debate

By now you are likely aware of Apple’s ongoing battle with the Justice Department over the scope of the All Writs Act and its resistance of a federal court’s order compelling Apple to create special software that would unlock the iPhone used by Syed Rizwan Farook, one of the assailants in a mass shooting in San Bernardino, California. If you haven’t kept up with the story, an excellent walk through of where things stand may be found here. Apple’s case is generating a great deal of public debate over the amount of privacy a person may come to expect when …

[ CONTINUE READING ]

The Case of the Monkey Selfie

Here’s the story: back in 2011, this monkey gets hold of a photographer’s camera (there are multiple versions of how the monkey actually got the camera, so we will just state the fact we do know for certain – it ended up with the camera) and starts snapping pics of itself. The owner of the camera, David Slater, claims a copyright in the resulting photos and demands that Wikipedia take them down. So, who owns the pic? The owner of the camera, or the photographer (regardless of species) who actually took the picture? Copyright 101 – the creator of the …

[ CONTINUE READING ]

Bitcoin and the Changing Legal Landscape

If your business is contemplating doing something with digital currencies (meaning virtual currencies, like Bitcoin, Ripple, Ethereum, etc.), you need a plan. First, consider how and where your business will use digital currencies. Second, know what laws and regulations apply. Third, implement a compliance plan to ensure your business doesn’t run afoul of the law. Fourth, stick to your plan. This fourth step can be difficult to follow, particularly if your business is a startup trying to quickly establish itself and gain a foothold in the fast-paced, evolving online marketplace. You may think implementing a compliance plan will cost you …

[ CONTINUE READING ]

Clearing Up Confusion Over the Modified HIPAA Privacy Rule

The Department of Health and Human Services issued a final rule under the Health Insurance Portability and Accountability Act of 1996, which will go into effect on February 5, 2016. HHS published the final rule in tandem with President Obama’s recently announced executive actions to reduce gun violence. The final rule expressly permits certain covered entities under HIPAA to disclose limited demographic and other information to the National Instant Criminal Background Check System (NICS), or to an entity that is designated by the State to report to the NICS (or which collects information for this reporting). The covered entities are …

[ CONTINUE READING ]

Congress Acts to Ban Gag Clauses in Consumer Contracts

There is not a lot that all members of the U.S. Senate can agree on these days, but protecting the ability of consumers to write reviews of businesses is apparently an issue on which there is unanimity. First some background. From Yelp, to TripAdvisor, to Angie’s List, no one can deny the impact “ratings” websites have had on businesses (including lawyers). It is often the first – and sometimes the last – place consumers go before making a purchasing decision. For this reason, businesses have a long history of attempting to prevent consumers from posting potentially negative reviews on ratings …

[ CONTINUE READING ]

CISA Gives Leeway in Network Monitoring, But Not Without Risk

As we wrote last week, The Cybersecurity Act of 2015 – better known to some as the Cybersecurity Information Sharing Act of 2015 – was signed into law in December 2015. Privacy advocates had decried CISA in its original form as weakening privacy protections in regard to Internet traffic. When Congress slipped a revised version of CISA into a gigantic omnibus spending bill for the President’s up or down approval, some claimed the revised bill “stripped out even more of its remaining privacy protections.” At the most general level, CISA is intended to make it unequivocally legal for Federal and …

[ CONTINUE READING ]

The Cybersecurity Information Sharing Act of 2015

Protecting the Public from Cyber Threats or Unwanted Surveillance? On December 18, 2015, President Barack Obama signed the much reported omnibus spending bill, which keeps the government running for another year. The controversial Cybersecurity Information Sharing Act of 2015 (“CISA”) was included as a rider to the omnibus spending bill. CISA seeks to create a voluntary cyber threat information sharing process between industry and the federal government. CISA requires that the Department of Homeland Security (“DHS”) develop a process for the federal government to accept cyber threat information from any entity and ensure that appropriate federal entities (i.e., the FBI …

[ CONTINUE READING ]

FCC Latest Federal Agency to Chime in on Data Security

In 2015, the Federal Communications Commission joined the chorus of federal agencies seeking to declare its power when it comes to data breaches. In April, the agency made its first foray into the field by way of a consent decree with a major communications provider. In July, the FCC inked another consent decree, this time with TerraCom, Inc., and YourTel America, Inc., based on alleged failures to protect personally identifiable information. Both of these actions resulted in stiff monetary penalties, the imposition of stringent compliance programs, and years of audits. And the FCC’s policing efforts in regard to consumer privacy …

[ CONTINUE READING ]

Cybersecurity Developments at the SEC

In September 2015, the Securities and Exchange Commission took two separate but significant actions related to cybersecurity in the securities industry. Because they occurred so close together, the actions had some people wondering whether they were linked, suggesting an imminent increase in enforcement actions by the agency. Both actions are important, not only to securities firms in particular, but to anyone interested in understanding the agency’s viewpoint when it comes to cybersecurity. But, when viewed in context, the SEC’s recent actions do not appear to signal any meaningful shift in agency behavior. Notwithstanding, they should serve as a reminder to …

[ CONTINUE READING ]