It's a target that
eventually offers personal information on hundreds of millions of
Americans. Are they surprised to learn it's a target?
The Chicago Tribune
reports:
U.S.
authorities are investigating a series of cybersecurity incidents
targeting the HealthCare.gov website at the center of President
Obama’s healthcare law, a U.S. homeland security official told
Congress on Wednesday.
Roberta
Stempfley, acting assistant secretary of the Department of Homeland
Security’s Office of Cybersecurity and Communications, said her
department was aware of “about 16″ reports from the Department of
Health and Human Services – which is responsible for implementing
the healthcare law – on cybersecurity incidents related to the
website.
Testifying
before the House of Representatives Homeland Security Committee,
Stempfley also said officials were aware of an unsuccessful attempt
by hackers to organize a “denial of service” attack to overwhelm
and take down the website.
Read more on the
Chicago
Tribune.
If it's an elected
official, all bets are off.
From
FourthAmendment.com, we learn:
Montana
has a constitutional right to privacy and right to know. The Montana
Supreme Court concludes that lower level employees disciplined for
viewing pornography on city time on city computers had a reasonable
expectation of privacy not to be publicly disclosed, and disclosure
of their identities was not in the public interest. [That
alone should be sufficient. Bob] The Fourth Amendment
reasonable expectation of privacy analogy was not apt because of the
state privacy protection. Billings
Gazette v. City of Billings, 2013 MT 334, 2013 Mont. LEXIS 455
(November 8, 2013)*:
Read an excerpt from
the ruling on FourthAmendment.com
The deck is truly
stacked, thinking thoughtful thoughts won't help?
Orin writes:
DOJ
has filed
its brief in the Lavabit appeal before the Fourth Circuit. I
blogged
at length on Lavabit’s brief, so I thought I would offer a few
thoughts on DOJ’s brief:
1)
In general, it’s a solid brief. It’s going to be extremely
unpopular in the IANAL computer nerd world, obviously, but it’s
mostly pretty solid on the law.
2)
DOJ brings up some provocative facts not found in the Lavabit brief
that are not going to help Lavabit before the Fourth Circuit judges.
Read more on The
Volokh Conspiracy, while I ponder whether Orin includes me in the
“IANAL computer nerd” reference.
Interesting idea: legal
justification!
Google, Microsoft, and
LinkedIn are requesting oral argument on their motion to be able to
be more transparent with users about government requests for user
information.
Indeed, they seem to
have really come
out swinging in response to the government’s September 30th
response and declaration, which were submitted ex parte and
in camera, with the plaintiffs only getting a highly
redacted version of the response.
The tech giants are
asking the court to strike all the redacted sections, or in the
alternative, to give them greater access to the material so they are
fighting this on a level playing field. In their
argument, they note that there must be a legal justification for the
government to prohibit providers from sharing the data they have
already been entrusted with (i.e., the number of orders), and the
government has failed to provide that legal justification in the
redacted materials available to them.
Something strange here.
Granted the defendants exposed the data, but were they specifically
targeted or were the police looking at ALL P2P traffic? The article
suggests the latter...
Jaikumar Vijayan
reports:
There can be no expectation of privacy in data exposed to the
Internet over a peer-to-peer file-sharing network, a federal judge in
Vermont ruled in a case involving three individuals charged with
possession of child pornography.
The
three men had argued that police illegally gathered information from
their computers using an automated P2P search tool
and then used that information to obtain probable cause warrants for
searching their computers. Each of the defendants was later charged
with possession of child pornography based on evidence seized from
their computers.
Read more on
Computerworld.
[From the article:
The defendants
contended that the initial use of the automated P2P search tool to
gather information on the contents of their computers, constituted a
warrantless search of their systems. They maintained that police
violated Fourth Amendment provisions against unreasonable search by
looking at private files on each of their systems using the P2P
search tool.
They also argued that
several of the statements made by investigators to show probable
cause for the search warrants were based on incorrect information.
In a 39-page ruling
released Friday, District Court Judge Christina Reiss denied the
motion to suppress and held that the defendants had essentially given
up privacy claims by making the data publicly
available on the Internet over a P2P network.
"The evidence
overwhelmingly demonstrates that the only information accessed was
made publicly available by the IP address or the software it was
using," Reiss wrote. "Accordingly, either intentionally or
inadvertently, through the use of peer-to-peer file sharing software,
Defendants exposed to the public the information they now claim was
private."
The ruling is similar
to ones reached by other courts in disputes involving documents
exposed on the Internet via peer-to-peer networks. Courts in the
11th Circuit, 10th Circuit and 8th Circuit have all held that there
can be no expectation of privacy if the contents of a computer can be
accessed freely over the public Internet via a file sharing network.
Interesting. So if
(hypothetically) someone did something slightly evil and it was
traced back to a certain computer law professor, he could show harm.
If thousands of victims have their life savings threatened, they
can't?
KATU reports from
Clackamas County, Oregon:
A
woman who fought to clear her name after her identity was stolen and
she was arrested for crimes she did not commit won a lawsuit against
the county and has been awarded over $100,000 in damages.
Kimberly
Fossen’s story began nearly a decade ago when she lost her purse.
She was quick to cancel her credit cards and get new identification,
but another woman took her identity and racked up arrests under her
name in Miami-Dade and Broward counties in Florida.
Read more on KATU.
Over the years, I’ve
read a number of reports of ID theft victims being arrested for
crimes they did not commit, despite their best efforts to notify
everyone of their victim status and/or despite obtaining
documentation to show law enforcement that they are an innocent
victim. It’s nice to see law enforcement held accountable for not
doing their due diligence before arresting and holding an ID theft
victim.
Follow-up to Tuesday's
blog post, where they claimed the network wasn't being used.
Following up on a
concerning report out of Seattle this week, Brendan Kiley and Matt
Fikse-Verkerk report:
The
Seattle Police Department just announced that it has begun the
process of deactivating its wireless mesh network, a
powerful tool for sending vast amounts of data that also has powerful
surveillance potential. In theory, the network (built by a
California-based company called Aruba Networks) could track and
indefinitely log the movements of any wireless device with a MAC
address (phones, laptops, tablets) that moves through its coverage
area.
The
possibility of a police department creating a historical digital map
of the city, or using such a system for real-time locating of
individuals, without governmental or civilian oversight has some
serious implications.
The
mesh network, as
The Stranger reported this week, was quietly purchased
with grant money from the Department of Homeland Security and whisked
through the Seattle City Council without any serious process of
review and approval.
But,
SPD spokesperson Sgt. Sean Whitcomb said this evening, “The
wireless mesh network will be deactivated until city council approves
a draft policy and until there’s an opportunity for vigorous
public debate.” Chief Jim Pugel gave the order to begin
the deactivation process today.
Read more on The
Stranger.
After all that effort,
this is what they came up with?
FAA
Releases Drone Roadmap, Privacy Not Required for Test Sites
by Sabrina
I. Pacifici on November 13, 2013
EPIC – “In a press
release, the Federal Aviation Administration announced the
“roadmap”
for the integration of drones into domestic airspace. After
considering numerous public comments on the privacy impact of aerial
drones, the FAA proposed a regulation
that requires test site operators to develop privacy policies but
does not require any specific baseline privacy protections. The
FAA rulemaking came about in response to an extensive
petition submitted by EPIC, broadly supported by civil liberties
organizations and the general public. EPIC urged
the agency to require adherence to the Fair Information Practices,
disclosure of data collection and minimization practices, and
independent audits. For more information, see EPIC:
Domestic Unmanned Aerial Vehicles (UAVs) and Drones.”
So, they want to return
to using dial-up modems on the hard wired phone system?
Report
– Telecoms plan shielded European Internet
by Sabrina
I. Pacifici on November 13, 2013
Via Deutsche
Welle: ”Deutsche Telekom says the scandal over US
and British eavesdropping has prompted German providers to
contemplate an inner-German or inner-European Internet. Data would
no longer be routed and stored via other continents. Germany’s
state-backed Telekom confirmed on Sunday that German providers were
discussing an Internet confined within Europe’s “Schengen”
countries. One project code-named “Clean Pipe” would help firms
to fend off industrial spies and hackers. Schengen is the Luxembourg
border town where in 1985 EU nations initiated a visa-free zone that
now encompasses 26 European countries but excludes Britain. A
Telekom spokesman told the German news agency DPA that talks were
taking place with “diverse, likely partners.” The project would
be unveiled on Monday at an information technology (IT) conference in
Bonn. According to the news magazine Der Spiegel, Telekom managers
see fewer technical setup problems than IT experts had at first
anticipated. Germany already has a project entitled “E-Mail made
in Germany” in which Telekom, United Internet and Freenet handle
messages inside
the national border.”
A question for my
lawyer friends. If I can show you cases with a high probability of a
large settlement, would you send the victims appropriately
threatening letters? Oh, wait, the RIAA already has law firms that
do that.
Lawyering
in the Shadow of Data
by Sabrina
I. Pacifici on November 13, 2013
Lawyering
in the Shadow of Data, Drury D. Stevenson - South
Texas College of Law; Nicholas J. Wagoner - South
Texas College of Law Alumni. September 12, 2013
“Attorney bargaining
has traditionally taken place in the shadow of trial, as litigants
alter their pretrial behavior — including their willingness to
negotiate a settlement — based on perceptions of likely outcomes at
trial and anticipated litigation costs. Lawyers practicing in the
shadow of trial have, in turn, traditionally formed their perception
of the likely outcome at trial based on their knowledge of case
precedents, intuition, and previous interactions with the presiding
judge and opposing counsel in similar cases. Today, however,
technology for leveraging legal data is moving the practice of law
into the shadow of the trends and patterns observable in aggregated
litigation data. In this Article, we describe the tools that are
facilitating this paradigm shift, and examine how lawyers are using
them to forecast litigation outcomes and reduce bargaining costs. We
also explore some of the risks associated with lawyering in the
shadow of data and offer guidance to lawyers for leveraging these
tools to improve their practice. Our discussion pushes beyond the
cartoonish image of big data as a mechanical fortuneteller that tells
lawyers who will win or lose a case, supposedly eliminating research
or deliberation. We also debunk the alarmist clichés about
newfangled technologies eliminating jobs. Demand for lawyers capable
of effectively practicing law in the shadow of data will continue to
increase, as the legal profession catches up to the data-centric
approach found in other industries. Ultimately, this Article paints
a portrait of what big data really means for attorneys, and provides
a framework for exploring the theoretical implications of practicing
law in the era of big data.”
Making research easier?
64
Federal Courts Now Publish Opinions on FDsys
by Sabrina
I. Pacifici on November 13, 2013
News release: “A
project providing free online access to federal court opinions has
expanded to include 64 courts. The federal Judiciary and the
Government Printing Office partner through the GPO’s Federal
Digital System, FDsys,
to provide public access to more than 750,000 opinions, many dating
back to 2004. The Judicial
Conference approved national implementation of the project in
September 2012, expanding participation from the original 29
courts. FDsys currently contains opinions from 8 appellate courts,
20 district courts, and 35 bankruptcy courts. Federal court opinions
are one of the most heavily used collections on FDsys, with millions
of retrievals each month. Opinions are pulled nightly from the
courts’ Case
Management/Electronic Case Files (CM/ECF) systems and sent to the
GPO, where they are posted on the FDsys website. Collections on
FDsys are divided into appellate, district or bankruptcy court
opinions and are text-searchable across courts. FDsys also allows
embedded animation and audio – an innovation previously only
available with opinions posted on a court’s own website or on the
Public
Access to Court Electronic Records (PACER). While the public
already can view federal court opinions for free on PACER, the FDSys
project presents just another way to make court-related information
more accessible to the public.”
No comments:
Post a Comment