Saturday, July 16, 2016
Interesting. Is the date part of mandatory disclosure?
I almost have to admire this defense logic: if you don’t know when our breach occurred or can’t allege it, you can’t prove any claims as to whether something happened before or after the breach, so we get to walk away from the consolidated class action lawsuit…?
Law360 has more, if you have a subscription. But I was so curious that I actually acquired the filing from PACER (you can all chip in towards the $3.00 fee), and have uploaded the filing here (47 pp, pdf).
But here is the overview of the argument:
Most fundamentally, plaintiffs do not allege the date on which the breach occurred. Yet, they speculate that they suffered damages because of Experian’s “delay” in providing notice of the breach. But the absence of an alleged date of beach renders these claims infirm. After all, no one was injured by delayed notification if there was no delay in providing notice. Some plaintiffs assert that they were victims of identity theft or fraud, speculating that the attacker must have used the data it stole to commit such crimes. But because plaintiffs do not allege a date of breach, it is unclear whether these alleged injuries occurred before or after the breach. If they occurred before the breach, they could not possibly have been caused by the breach. Some of the plaintiffs’ claims are grounded in fraud, yet none are pleaded with the particularity required by Rule 9(b).
I thought the breach occurred in October, 2015?? Why wasn’t there anything on that in the complaint, or was there?
Another legal defense?
I was wondering how many lawsuits we might see by employees whose firms fell for phishing schemes involving W-2 data.
From what Law360 reports, HAECO employees did sue their employer, who’s arguing that the employees can’t sue for invasion of privacy because the employees had given their information to their employer willingly.
Okay, that defense makes sense, but then what could the employees sue their employer for? And the fact that your own employees are suing you, well…. maybe your incident response wasn’t as good as it could have been? Just wondering….
It’s kinda like leaving your wallet behind…
Seen on FourthAmendment.com:
Defendant fled a taxicab to avoid the fare but left his cell phone behind. The police used the phone to call 911 to capture his name, phone number, and other 911 information. This wasn’t a search, and it was governed by Smith, that information voluntarily turned over to another is not protected by a reasonable expectation of privacy. [The complete answer to that is that defendant didn’t turn over the information voluntarily; the police dialed 911 to make the call, and was that a seizure? The court botches this one by deciding it this way. Abandonment of the phone wasn’t even decided, and it clearly was the easier and more logical argument than attempting say there was a lack of a reasonable expectation of privacy without having to strain to make something up to sound profound.] State v. Hill, 2016 Ga. App. LEXIS 432 (July 13, 2016)
Read more on FourthAmendment.com, via Joe Cadillic.
And while we’re on the Fourth Amendment, do note this development in Congress, which I’m actually happy about: The Fourth Amendment Gets Its Own House Caucus to Demand Its Respect.
They just didn’t pay attention. They hired an Australian firm that the Chinese them bought – and no one noticed.
Bernard Keane and Asher Wolf write:
The ballots from the 2016 Australian election are being secured by a company owned by one of China’s most important security firms, with links deep inside the communist state’s vast surveillance system.
In 2014, the Australian Electoral Commission hired the company SecureMonitoring to provide “Security Alarm System Monitoring for AEC Warehouses and National Office”, for $360,000 over three years.
Read more on Crikey.
Perhaps my University’s Tech Support could help. They certainly have the ability to disrupt my classroom.
U.S. military has launched a new digital war against the Islamic State
An unprecedented Pentagon cyber-offensive against the Islamic State has gotten off to a slow start, officials said, frustrating Pentagon leaders and threatening to undermine efforts to counter the militant group’s sophisticated use of technology for recruiting, operations and propaganda.
The U.S. military’s new cyberwar, which strikes across networks at its communications systems and other infrastructure, is the first major, publicly declared use by any nation’s military of digital weapons that are more commonly associated with covert actions by intelligence services.
… But defense officials said the command is still working to put the right staff in place and has not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different than the nation-states Cybercom was created to fight.
In an effort to accelerate the pace of digital operations against the Islamic State, the Cybercom commander, Adm. Michael S. Rogers, created a unit in May headed by Lt. Gen. Edward Cardon that is tasked with developing digital weapons — fashioned from malware and other cyber-tools — that can intensify efforts to damage and destroy the Islamic State’s networks, computers and cellphones.
… scruffy insurgents aren’t the best target for high-tech weapons.”
The simple fact that the Pentagon has ordered its first major cyber-offensive campaign, and has acknowledged it publicly, is a milestone.
… Whenever the military undertakes a cyber-operation to disrupt a network, the intelligence community may risk losing an opportunity to monitor communications on that network. So military cybersecurity officials have worked to better coordinate their target selection and operations with intelligence officials.
For the Crypto chapter in the Computer Security class.
Use Tor? Riffle promises to protect your privacy even better
Privacy-minded people have long relied on Tor for anonymity online, but a new system from MIT promises better protection and faster performance.