Will
Security now have to wait for the lawyers to review the report? If
legal releases actionable (any?) items, does that break
confidentiality?
Capital
One Must Turn Over Mandiant’s Forensics Report
Jeremy
Kirk reports:
Capital One has been ordered by a federal judge to turn over the results of a digital forensics investigation into its 2019 data breach, which has been sought by plaintiffs in a class-action lawsuit.
The report could provide further insight into what went wrong in one of the most significant breaches of a financial institution in history.
Read
more on BankInfoSecurity.
This is a huge decision, as most entities have claimed that forensic
reports are covered by work product doctrine and should not be
discoverable. But in this case, the
court held that Capital One had not shown that the report was ordered
and requested specifically in response to the breach as a legal
expense.
[From
the article:
Capital
One has had a standing arrangement with FireEye's Mandiant forensics
unit since 2015, Anderson writes. In early 2019, Capital One paid
Mandiant a retainer that it classified as a business rather than
legal expense, he notes.
"Capital
One has not presented sufficient evidence to show that the incident
response service performed by Mandiant would not have been done in
substantially similar form even if there was no prospect of
litigation," Anderson writes.
Eventually,
we will all agree. (And pigs might fly)
Vermont
Updates its Data Breach Notification Law
As
the COVID-19 pandemic presses on, privacy and security matters
continue to be at the forefront for federal and state legislature.
We recently reported that Washington D.C. updated
its
data breach notification law. Now, the Vermont legislature also
amended its data breach notification law, with significant overhauls
including expansion of its definition of personal information, and
the narrowing of permissible circumstances under which substitute
notice may be applied. Bill S.110
amending
Vermont’s Security Breach Notice Act, V.S.A §§ 2330 & 2335,
b23-0215,
was signed into law by Governor Phil Scott, and will take effect July
1, 2020. In addition Bill S.110, creates a new duties and
prohibitions with respect to student privacy directed towards
educational technology services (similar to a law first enacted in
California, and later adopted by over 20 states).
Read
the key updates on Workplace
Privacy, Data Management & Security Report
To
be expected, I guess.
The
ACLU sues Clearview AI, calling the tool an 'unprecedented violation'
of privacy rights
The
American Civil Liberties Union is suing Clearview
AI,
the maker of a facial-recognition tool used by law enforcement
agencies across the country.
The
ACLU alleges that Clearview's technology runs afoul of the 2008
Illinois Biometric Information Privacy Act, according to the
complaint,
filed Thursday in the Circuit Court of Cook County, Illinois. It
alleges in a statement that the company is engaging in "unlawful,
privacy-destroying surveillance activities."
The
ACLU said in the complaint that it is bringing the suit "to put
a stop to its unlawful surreptitious capture and storage of millions
of Illinoisans' sensitive biometric identifiers." Several other
nonprofits, including the Chicago Alliance Against Sexual
Exploitation and Sex Workers Outreach Project Chicago, have also
signed onto the suit.
Clearview
dismissed the ACLU complaint as "absurd" when asked for
comment. According to its website,
Clearview's service "has been independently tested for accuracy
and evaluated for legal compliance by nationally recognized
authorities."
… If
a person posts an image to a public Instagram page, for example,
Clearview's
technology is capable of grabbing it,
and even if that person later changes their page to private or
deletes the photo altogether, the image will still show up in
Clearview's database. The tool can also scrape photos of a person
even if they were posted by someone else without that person's
knowledge.
Twitter,
Google,
Facebook and
other
tech companies have
sent Clearview cease and desist letters, saying the tool violates
their terms of service. Clearview has
said it
would address the tech companies' concerns, but also pushed back,
saying there is a First Amendment right to public information.
Hey!
It works in such bastions of freedom as Russia and China and North
Korea!
Trump
signs order that may impact how social media manage content
Washington
Post –
“President Trump on Thursday signed an executive order that could
open the door for the U.S. government to assume oversight of
political speech on the Internet, a broadside against Silicon Valley
that a wide array of critics derided as a threat to free speech. The
new directive seeks to change a federal law that has spared tech
companies from being sued or held liable for most posts, photos and
videos shared by users on their sites. Tech giants herald these
protections, known as Section
230,
as the bedrock of the Internet. But Trump repeatedly has argued they
allow Facebook, Google and Twitter to censor conservatives with
impunity — charges these companies deny… The order signed
Thursday encourages the Federal Communications Commission to rethink
the scope of Section 230 and when its liability protections apply.
The order also seeks to channel complaints about political bias to
the Federal Trade Commission, an agency that the White House has
asked to probe whether tech companies’ content-moderation policies
are in keeping with their pledges of neutrality. The order
additionally created a council in cooperation with state attorneys
general to probe allegations of censorship based on political views.
And it tasked federal agencies with reviewing their spending on
social media advertising. While Trump has threatened to penalize
tech companies for years, his signing of the order Thursday came in
response to a decision
by Twitter earlier in the week to
mark two of his erroneous tweets with fact-checking labels. The
small move set off a firestorm of tweets by the president threatening
social media companies with regulations and other punishments…”
Someone
in the White House should have heard of the Streisand Effect…
Trump
campaign attempts to remove satirical cartoon from online retailer
… “I
doubt anyone had even seen it yet on the site,” he said. “This
reveals that the Trump campaign has a system in place, trawling for
material they find objectionable. If it happened to me so quickly,
it likely has happened to others. How much other content has been
removed this way on Redbubble and other sites?”
The
world, she has changed.
States
Are Reopening, But Many Americans Say They Aren’t Rushing Back To
Normal Life
… In
a Morning
Consult poll conducted
May 12-15, only 23 percent of Americans said they were comfortable
going out to eat, going on vacation or going to a shopping mall —
and those were the activities that respondents were most
likely
to be comfortable with. Only 16 percent said they were comfortable
going to the movies, 14 percent going to an amusement park and 13
percent going to the gym. And another
Morning Consult poll,
from May 19-21, found that sports fans have come around to holding
games in empty stadiums if necessary, with 41 percent supporting a
crowdless return as soon as possible and 38 percent saying leagues
should wait until it’s safe for fans to attend before restarting.
That’s a stark change from April 3-5, when 70 percent of fans said
sports leagues should wait until it’s safe for spectators and only
16 percent favored a quicker return.
Also
useful for history buffs.
Great
Sets of Primary Source Documents for U.S. History Lessons
… The
Digital Public Library of America's Primary Source Sets organized
according to themes, eras, and events in United States history. The
DPLA primary source sets
include documents, drawings, maps, photographs, and film clips.
Each set is accompanied by a teaching guide. All of the sets can be
shared directly to Google Classroom. And each artifact that students
view in the sets is accompanied by some questions or points to ponder
while reviewing that artifact.
The
DPLA's
primary source sets provide
teachers and students with a convenient way to find primary source
documents.
No comments:
Post a Comment