Thursday, August 24, 2017

Unhealthy security.
Protenus has released its July Breach Barometer, with data supplied by  Here’s a snippet from their report:
July is the first month in 2017 to have hacking incidents outweigh insider breaches to patient data in both frequency and number of affected patient records.  While hacking accounted for almost half of total breach incidents this month, the severity and potential damage of insider threats to patient data should not be overlooked, with one incident going undetected for 14 years.

I’ll be very curious to see how my Indian students react.  (and if all my other students are jealous!)
India’s Supreme Court says privacy is a fundamental right in blow to government
In a blow to the Indian government’s efforts to roll out the world’s biggest biometric database on its billion citizens, India’s Supreme Court ruled Thursday that privacy was a fundamental right for people.
Over the past few years, the government has aggressively pushed to compile the database, known as Aadhar, by sending officials out to remote villages to take iris scans and fingerprints.  To ensure complete enrollment, the government this year put out several notices restricting access to essential government services for those not part of the system.  
The unanimous ruling by the nine-judge bench will have huge implications in a number of ongoing cases involving Aadhar, which means base or foundation in Hindi.
It could put an end to the government’s efforts of making enrollment mandatory.  It also guarantees privacy for Indian citizens as an intrinsic right — removing it could have had far reaching implications beyond biometric IDs for the daily lives of Indians such as the possible decriminalization of homosexuality.
    In court, government lawyers argued that the right of all citizens to a dignified life was more important than the elitist preoccupation with privacy.

(On the other hand).  
Joe Cadillic writes:
The TSA is winning the war on Americans minds as commuters are being tricked into giving away their rights without a fight.
The above video warns that facial recognition body scanners are coming to a train station near you…
Last week, the TSA Los Angeles Metropolitan Transportation Authority ‘voluntarily’ asked commuters to walk through facial recognition body scanners before being allowed to board a train.
Read more on MassPrivateI.

This technology is evolving and improving.  How long before a smartphone App can identify anyone you video? 
Wherever you go, your face exposes you. Facial recognition in combination with surveillance cameras is a powerful tool that can track your every step.
Search engines are becoming ever smarter in managing massive amounts of data.  Face search and facial recognition are just a few of many tools that target individuals.  All public data combined, they can quickly unravel what an individual has been up to.

Compare and contrast. 
Li, Tiffany and Bronfman, Jill and Zhou, Zhou, Saving Face: Unfolding the Screen of Chinese Privacy Law (August 2017). Journal of Law, Information, and Science (Forthcoming). Available at SSRN:
Privacy is often a subjective value, taking on meaning from specific social, historical, and cultural contexts.  Western privacy scholars have so far generally limited academic study to focus on Western ideals of privacy.  However, privacy – or some notion of it – can be found in almost every culture and every nation, including the growing economic powerhouse that is the People’s Republic of China.  Focusing on China as a case study of non-Western privacy norms is important today, given the rapid rise of the Chinese economy and its corresponding impact on worldwide cultural norms and law.  Simply put, it is naïve to believe that privacy law will develop in the near future without the influence of China.
   Given the long-arm reach of many nations’ privacy laws (particularly the EU’s current and proposed regulations), several signs indicate that China may follow the EU’s example in enforcing its privacy laws worldwide.  
   This paper will attempt to illuminate the state of privacy law in China, by evaluating current legal developments, exploring cultural and historical perceptions of privacy, and analyzing how China’s unique perceptions of privacy may influence the future development of new norms in China’s growing privacy regime.

What command turns it off? 
Margi Murphy reports:
If you own an Android phone, it’s likely that you’ve used Google’s Assistant, which is similar to Apple’s Siri.
Google says it only turns on and begins recording when you utter the words “OK Google”.
But a Sun investigation has found that the virtual assistant is a little hard of hearing.
In some cases, just saying “OK” in conversation prompted it to switch on your phone and record around 20 seconds of audio.
Read more on The Sun.
[From the article:
Once Google is done recording, it uploads the audio files to its computer servers - often dubbed "the cloud".
These files are accessible from absolutely anywhere in the world - as long as you have an internet connection.
That means any device that is signed into your personal Gmail or Google account can access the library of your deepest, darkest secrets.
So if you're on a laptop right now and signed into Gmail - you could have a listen.
[Step by step instructions follow.  Bob]

Lawyers 1, victims 0?  (Google victorious for a mere $8.5 million?)
Helen Christophi reports:
The Ninth Circuit agreed Tuesday that Google can settle privacy claims by giving $8.5 million to six nonprofit privacy organizations instead of class members, despite ties between the organizations, Google and class counsel.
The three-judge appeals panel found that U.S. District Judge Edward Davila did not abuse his discretion by approving the cy pres settlement, almost half of which went to the alma maters of class counsel, and another chunk to organizations to which Google regularly donates or which received Google settlement funds in the past.
Read more on Courthouse News.  EPIC’s comments on the opinion are not surprising:
A divided federal appeals court has upheld a decision that allows Google to continue consumer privacy violations by means of a collusive settlement.  Though the case concerns Google’s illegal disclosure of personal data from 129 million consumers, the settlement fails to compensate those consumers, does nothing to change Google’s business practices, and diverts funds to organizations that don’t protect consumer privacy.  The dissenting judge wrote that the settlement “raises a red flag” because “47% of the settlement fund is being donated to the alma maters of class counsel.”  EPIC twice urged the lower court to reject the settlement, arguing that it did nothing for class members and would allow Google to “continue to engage in the privacy-invading practice.”  EPIC has long urged courts to reject collusive settlements and has proposed objective criteria for courts to follow in class action cases.

The swing of the pendulum.  Again.
Eversheds Sutherland reports:
In a decision surely welcomed by the plaintiffs’ bar, the US Court of Appeals for the Ninth Circuit held, on August 15, 2017, that a putative class action plaintiff has Article III standing as long as the plaintiff alleges just slightly more than a mere statutory violation.  The case, Robins v. Spokeo, was on remand from the United States Supreme Court following that Court’s well-known May 2016 Spokeo v. Robins decision, which held that allegations of a statutory violation of the Fair Credit Reporting Act (FCRA), without more, did not confer standing.  A three-judge panel of the Ninth Circuit has now ruled that, as a matter of statutory interpretation, the FCRA procedures at issue were crafted to protect consumers’ “concrete” interest in accurate credit reporting about themselves, and that the plaintiff’s allegations of inaccurate credit reports could be deemed “a real harm” sufficient to confer standing.
Read more on JD Supra.

The bad news keeps coming for Wells Fargo.  A nearly $150 million settlement is pending for the fake-account scandal that roiled the bank last year, and a new scandal has emerged: Recently it has been alleged that thousands of customers were signed up for insurance without their knowledge.  A bevy of lawsuits is in the pipeline, and regulatory scrutiny is intensifying. Meanwhile, one of Well Fargo’s chief competitors, Bank of America, has been relatively scandal free, with impressive revenue and profit results for the first half of 2017.  What explains the divergence in the fortunes of two of the U.S.’s largest banks?
One possibility is the tone at the top.  For the past several years, Wells Fargo has been run by MBAs, while Bank of America’s CEO since 2010, Brian Moynihan, has a law degree from Notre Dame.  Might this difference in education influence how CEOs behave when it comes to setting a course and trimming corporate sails?  After all, there’s a subtle difference in how these two disciplines train people to understand and manage risks: Legal training focuses on the downside of particular actions, while business training may emphasize the upsides for shareholder value from risk taking.
   The most obvious impact a lawyer CEO might be expected to have is on the amount of litigation their company is involved in.  We looked at over 70,000 lawsuits filed against our sample of firms in federal courts during those 10 years.  We focused on nine common types of corporate litigation: antitrust, employment civil rights, contract, environmental, intellectual property, labor, personal injury, product liability, and securities.
The result was clear: Firms run by CEOs with legal expertise were associated with much less corporate litigation.  Compared with the average company, lawyer-run firms experienced 16% to 74% less litigation, depending on the litigation type.  Employment civil rights, antitrust, and securities lawsuits were reduced the most, while contract saw the smallest (but still significant) reduction with a lawyer CEO.  The results were economically meaningful, since the reduction was several fewer suits per year in some cases.

Dr. Google? 
Google search uses a medical quiz to help diagnose depression
Only half of Americans who face depression get help for it, and Google is determined to increase that percentage.  As of today, it's offering a medically validated, anonymous screening questionnaire for clinical depression if you search for information on the condition.  This won't definitively indicate that you're clinically depressed, to be clear, but it will give you useful information you can take to a doctor.

For my Digital Forensics students.  Possible project? 

Search tools & Techniques.

You mean Grammar is useful?  My students will be astonished!
Elementary English Grammar for Lawyers
by on
Campbell, Joseph Charles, Elementary English Grammar for Lawyers (July 30, 2017). Sydney Law School Research Paper No. 17/62. Available at SSRN:
“A lawyer interpreting a text whose meaning is disputed – whether a statute or some other document that has effect in public law, or a document like a contract or a will that has effect in private law – must be able to articulate why it is possible that the text has more than one meaning, and why one of those meanings is preferable to another.  An important aid for performing those tasks is the conceptual apparatus of English grammar.  This paper, written as an aid for students of legal interpretation, outlines some fundamentals of English grammar, and shows, via numerous examples, how the courts have used the language of grammar in solving problems of interpretation.”

No comments: