A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff had pleaded a “real and immediate risk” of injury despite failing to allege that any unauthorized persons had even seen or accessed that information.
Tuesday, January 05, 2016
Again? Sony doesn't know what is going on?
PSN is down for gamers around the world (update: it’s back up)
… PlayStation Network is down, according to Sony Computer Entertainment America. The company has updated its status page to confirm the outage. This is preventing gamers on both PlayStation 4 and PlayStation 3 from loading up online multiplayer sessions in blockbusters like Destiny: The Taken King and Call of Duty: Black Ops III. It’s even causing issues with some players trying to log into primarily single-player experiences like Assassin’s Creed: Syndicate and Metal Gear Solid V: The Phantom Pain. On top of that, PlayStation owners are running into problems launching video apps, such as Hulu and Netflix.
… It’s also worth noting that while both PSN and Xbox Live.have gone offline a number of times over the last 12 months, cyberattackers had nothing to do with most of those incidents.
Unfortunate, unless you're a hacker.
Users Lax on Mobile Security: Survey
… According to the study (PDF), which had nearly 12,000 respondents from 27 countries, users are increasingly concerned about online threats, and many are looking install security software on their devices. Furthermore, the report reveals that consumers use more connected devices than before, with an average of 8 connected devices per household.
Them Dutch guys, they be pretty smart, you betcha.
Dutch Government Opposes Encryption Backdoors
… The government in the Netherlands believes authorities should seek new solutions to address the issues posed by the use of encryption during their investigations, but weakening encryption is not the answer. Dutch officials have pointed out that introducing a backdoor that would allow authorities to access encrypted data could also be abused by criminals, terrorists and foreign intelligence services, and it could have undesirable consequences.
For my Computer Security students.
Data Security and Breach Notification Legislation: Selected Legal Issues
by Sabrina I. Pacifici on Jan 4, 2016
CRS – Data Security and Breach Notification Legislation: Selected Legal Issues, Alissa M. Dolan, Legislative Attorney. December 28, 2015. “Recent data breaches at major U.S. retailers have placed a spotlight on concerns about the security of personal information stored in electronic form by corporations and other private entities. A data breach occurs when data containing sensitive personal information is lost, stolen, or accessed in an unauthorized manner, thereby causing a potential compromise of the confidentiality of the data. Existing federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), and the Gramm-Leach-Bliley Act, impose security and breach notification requirements on specific industries or types of data. Additionally, 47 states, the District of Columbia (D.C.), and three territories have enacted laws requiring breach notification, while at least 12 states have enacted data security laws, designed to reduce the likelihood of a data breach. Alabama, New Mexico, and South Dakota have not enacted breach notification laws.”
Some articles start me giggling before I read beyond the headline.
Can Robots Be Lawyers? Computers, Lawyers, and the Practice of Law
by Sabrina I. Pacifici on Jan 4, 2016
Remus, Dana and Levy, Frank S., Can Robots Be Lawyers? Computers, Lawyers, and the Practice of Law (December 30, 2015). Available at SSRN: http://ssrn.com/abstract=2701092 or http://dx.doi.org/10.2139/ssrn.2701092
“We assess frequently-advanced arguments that automation will soon replace much of the work currently performed by lawyers. Our assessment addresses three core weaknesses in the existing literature: (i) a failure to engage with technical details to appreciate the capacities and limits of existing and emerging software; (ii) an absence of data on how lawyers divide their time among various tasks, only some of which can be automated; and (iii) inadequate consideration of whether algorithmic performance of a task conforms to the values, ideals and challenges of the legal profession. Combining a detailed technical analysis with a unique data set on time allocation in large law firms, we estimate that automation has an impact on the demand for lawyers’ time that while measureable, is far less significant than popular accounts suggest. We then argue that the existing literature’s narrow focus on employment effects should be broadened to include the many ways in which computers are changing (as opposed to replacing) the work of lawyers. We show that the relevant evaluative and normative inquiries must begin with the ways in which computers perform various lawyering tasks differently than humans. These differences inform the desirability of automating various aspects of legal practice, while also shedding light on the core values of legal professionalism.”
The pendulum swings back. ...and I don't understand the logic.
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused – or even accessed. The incident, which had been reported to HHS in April 2014, appears on HHS’s breach tool under MDF’s name as the Business Associate. There is no indication in the breach tool that OCR has closed its investigation into that incident as of today’s date.
Unbeknownst to me, there was a lawsuit that followed the incident: Walker et al v. Boston Medical Center Corp. Not surprisingly, the defendants moved to dismiss for lack of standing. After all, there was no evidence the data had even been accessed, much less misused, and because… Clapper.
BMC must have gotten a real shock when the opinion was issued. Kevin M. McGinty of Mintz Levin explains:
Read more on Mintz Levin.
[From the article:
Although the Walker plaintiffs did not allege that their medical records had been accessed, or their personal information used, by any unauthorized person, the court’s holding indicates that the mere exposure of patient data to the potential to be accessed by unauthorized persons may still adequately plead an injury. In this case, the plaintiffs alleged facts that, if true “suggest[ed] a real risk of harm from the data breach at BMC” (internal quotations omitted) because BMC’s letter notifying the plaintiffs of the data breach supported an inference that “plaintiffs’ medical records were available to the public on the internet for some period of time and that there is a serious risk of disclosure.” Based on this inference, the court found it was reasonable to draw the further inference that the records “either were accessed or likely to be accessed by an unauthorized person.” This “general allegation of injury from the data breach” was sufficient to demonstrate standing.
Play with this a bit. Could be very interesting.
How The Internet* Talks
*Well, the mostly young and mostly male users of Reddit, anyway.
… To get a sense of the language used on Reddit, we parsed every comment from late 2007 through August 2015 and built the tool above, which enables you to search for a word or phrase to see how its popularity has changed over time.
The Rise of Visual Content Online
While the explosion of data and information has been a topic of considerable interest in recent years, another phenomenon has received comparably less attention: The explosion of visual content. To put this growth in perspective, it is estimated that 3.8 trillion photos were taken in all of human history until mid-2011, but 1 trillion photos were taken in 2015 alone. And that’s without counting the number of people making, viewing, or sharing videos [YouTube alone boasts over a billion users worldwide], Vines [40 million users], and gifs.