Wednesday, March 14, 2018

Are we secretly at war? How do we tell random criminal breaches from organized state sponsored attacks? (Have we drawn a line in the sand?)
This sounds serious. Zack Hale reports:
The Port of Longview was recently victimized by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors.
The FBI notified the port of the attack on Feb. 1, according to an internal memo obtained Monday by The Daily News.
However, the FBI told the port additional details about the attack are “classified,” according to the memo.
Investigators traced the attack to internet service provider addresses in Russia, Liberia and Kazakhstan, according to the memo.
Read more on TDN.
As a matter of opinion, I am tired of seeing entities engage law firms so that they can decline to reveal details and shield them as “privileged.” There needs to be an exception for matters of significant public concern, and a foreign attack on a port should qualify for needing public disclosure. Or at least a Congressional investigation and inquiry – if we had a Congress that could actually investigate anything without turning things into a partisan circus.

Not the kind of “First” you want to be remembered for…
J. Robert MacAneney of Carlton Fields writes:
On March 5, Yahoo, Inc. (“Yahoo”) announced a proposed settlement in In re Yahoo Inc. Securities Litigation, which was filed in U.S. District Court in San Francisco. The $80 million proposed settlement relates to a securities class litigation stemming from Yahoo’s 2013 and 2014 data breaches. While many elements of the Yahoo securities class action may be factually unique, the settlement is a milestone because it is the first significant securities fraud settlement from a cybersecurity breach.
Read more on JDSupra.

A problem with archives.
The Quest for a Universal Translator for Old, Obsolete Computer Files
“…The digital world continues to expand and mutate in all sorts of ways that will orphan and otherwise impair file formats and programs—from ones long forgotten to ones that work just fine today but carry no guarantees against obsolescence. Instead of a patchwork of one-off solutions, perhaps there’s a better way to keep old software running smoothly—a simpler process for summoning the past on demand. A team at the Yale University Library is trying to build one. Digital archivists deal with least two broad categories of artifacts. There are analog objects or documents scanned into a second, digital life—digitized maps, for instance, or scanned photos. The other objects are natives of the digital world. These files can include everything from a simple compressed image to a game on a CD-ROM to a CAD design for a skyscraper. The relentless march of new versions and new platforms makes obsolescence a constant presence, from as soon as digital objects are conceived…”

This may help me explain ‘harm’ to my students.
In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their legal claims are viable. Plaintiffs have argued that data breaches create a risk of future injury, such as identity theft, fraud, or damaged reputations, and that breaches cause them to experience anxiety about this risk. Courts have been reaching wildly inconsistent conclusions on the issue of harm, with most courts dismissing data-breach lawsuits for failure to allege harm. A sound and principled approach to harm has yet to emerge.
In the past five years, the U.S. Supreme Court has contributed to the confusion. In 2013, the Court, in Clapper v. Amnesty International, concluded that fear and anxiety about surveillance—and the cost of taking measures to protect against it—were too speculative to satisfy the “injury in fact” requirement to warrant standing. This past term, the U.S. Supreme Court stated in Spokeo v. Robins that “intangible” injury, including the “risk” of injury, could be sufficient to establish harm. When does an increased risk of future injury and anxiety constitute harm? The answer remains unclear. Little progress has been made to harmonize this troubled body of law, and there is no coherent theory or approach.
In this Article, we examine why courts have struggled to conceptualize harms caused by data breaches. The difficulty largely stems from the fact that data-breach harms are intangible, risk-oriented, and diffuse. Harms with these characteristics need not confound courts; the judicial system has been recognizing intangible, risk-oriented, and diffuse injuries in other areas of law. We argue that courts are far too dismissive of certain forms of data-breach harm and can and should find cognizable harms. We demonstrate how courts can assess risk and anxiety in a concrete and coherent way, drawing upon existing legal precedent.
Solove, D.J. and Citron, D.K. Risk and Anxiety: A Theory of Data-Breach Harms. Texas Law Review. March, 2018, 96:737. Download here.

I kinda thought they were already doing this. Do you think they actually expected customers to walk into their stores?
Why Luxury Brands Are Racing to Embrace E-commerce
Farfetch is on the cusp of accomplishing something rare in the world of luxury retail: It potentially could become one of the few luxury tech “unicorns” with an upcoming $5 billion IPO. The lofty valuation marks a remarkable turn for an industry that had long been resistant to selling online, fearful that the internet’s mass access would damage luxury brands’ exclusivity. But now luxury fashion houses from Louis Vuitton to Chanel and Gucci have been racing to embrace digital, whether it is partnering with multi-brand sites like Farfetch, developing their own platforms or both.
The pivot to digital makes sense: Online sales are expected to drive future growth in the luxury goods market, making up 25% of the market by 2025 up from an estimated 9% last year, according to a 2017 report from Bain & Co. That means sales from offline stores will shrink to 75% of the total from 91%. Such projections serve as a wake-up call to luxury brands that have long relied on partners such as department stores — and their own boutiques — to sell products. But traditional retailers are struggling and more customers are becoming comfortable buying luxury goods online.

Apparently this is how you ‘campaign’ in Russia. “Vote for me or else?”
Putin enemy found dead in London eight days after Skripal poisoning, as counter-terror police launch investigation
Counter-terrorism police have opened an investigation into the “unexplained” death on British soil of an arch enemy of Vladimir Putin, just eight days after the nerve gas assassination attempt on a Russian double agent.
Nikolai Glushkov, 68, the right-hand man of the deceased oligarch Boris Berezovsky, Mr Putin’s one-time fiercest rival, was found dead at his London home on Monday.
A Russian media source said Glushkov, the former boss of the state airline Aeroflot, who said he feared he was on a Kremlin hit-list, was found with “strangulation marks” on his neck.

Resources for my undergrads…
Look for scholarships with Free Graduate School Scholarship Search
Sallie Mae- “Learn why scholarships—free money that you don’t have to pay back—are important and how to search for them to help you pay for graduate school…. Getting started is easy; students register free of charge, fill out a profile that can be updated at any time, and start searching. The tool responds with matches that identify relevant scholarships and their award amounts, application requirements, and deadlines. In addition, Graduate School Scholarship Search automatically will send updates when it identifies new matches.”

For our Python students.

None of the social media giants have offered guidance, as far as I know.

No comments: