When
I'm being honest, I must agree with this. Still, I'd hope senior
management's bonuses are reduced by the cost of any “settlement.”
Stewart
Baker writes:
…So, how much incentive for better security comes from the threat
of data breach liability? Some, but not much. As I’ve been
saying for a while, the actual damages from data breaches are pretty
modest in dollar terms, and the pattern of losses makes it very hard
to sustain a single class, something that forces up the cost of
litigation for the plaintiffs.
You can see this pattern in recent data breach settlements.
Read
more on WaPo The
Volokh Conspiracy.
For
my Ethical Hackers. Make sure your lawyer has a copy. (No mention
of North Korea)
Tallinn
Manual on the International Law Applicable to Cyber Warfare
NATO
Cooperative Cyber Defence Centre of Excellence: “The Tallinn Manual
on the International Law Applicable to Cyber Warfare, written at the
invitation of the Centre by an independent ‘International Group of
Experts’, is the result of a three-year effort to examine how
extant international legal norms apply to this ‘new’ form of
warfare. The Tallinn Manual pays particular attention to the jus
ad bellum, the international law governing the resort to force
by States as an instrument of their national policy, and the jus
in bello, the international law regulating the conduct of armed
conflict (also labelled the law of war, the law of armed conflict, or
international humanitarian law). Related bodies of international
law, such as the law of State responsibility, are dealt with in the
context of these topics. The Tallinn Manual is not an official
document, but instead an expression of the scholarly opinions of a
group of independent experts acting solely in their personal
capacity. It is not meant to represent the views of the Centre, our
Sponsoring Nations, or NATO; NATO doctrine; or the official position
of any organization or State that provided observers to the project.
The Tallinn Manual is available in both paper and electronic copies
from Cambridge
University Press (© Cambridge University Press 2013). We
have also made the book available for reading and research.”
Ethical
Hackers: Is this what your lawyers are telling you?
E-mail
warrant for all evidence of CFAA crimes violates Fourth Amendment,
court holds
By
Orin Kerr January 9
In a
recent case, United States v. Shah, 2015 WL 72118 (E.D.N.C.
Jan. 6, 2015), a district court ruled that a search warrant for an
e-mail account for all evidence of violations of the federal computer
hacking statute failed to comply with the Fourth Amendment because it
did not particularly describe the evidence to be seized.
…
According to the district court, however, the warrant was not
specific enough. From the opinion:
The provision [of the warrant] describing the documents “seized”
makes a general reference to “[a]ll information described above in
Section I that constitutes fruits, evidence, and instrumentalities of
Title 18, United States Code, Sections 1030 (Fraud and Related
Activity in Connection with Computers).” (Google Warrant, 6).
… A violation of the CFAA would not necessarily generate such
“distinctive evidence” as bank robbery or narcotics. Dickerson,
166 F.3d at 694. Nor would evidence necessarily be as distinctive as
that of child pornography, a type of crime more commonly targeted by
warrants for electronic information.
… Rather, a warrant authorizing collection of evidence of a CFAA
violation comes closer to warrants seeking to collect evidence
regarding violations of broad federal statutes prohibiting fraud or
conspiracy. In these cases, limitation by reference to the broad
statute fails to impose any real limitation.
A
Big Data downside? Law steps in where common sense fails.
If
you are not covered by specific laws you get no training. If you get
no training you see no reason not to do whatever you want with your
data. If you do whatever you want with your data, eventually you
will be covered by specific laws.
If
at first you don’t succeed, persist. And blog.
Jon
Baines writes:
Imagine, if you will, a public authority which decides to publish as
Open Data a spreadsheet of 6000 individual records of adults
receiving social services support. Each row tells us an individual
service user’s client group (e.g. “dementia” or “learning
disability”), age range (18-64, 65-84, 84 and over), the council
ward they live in, the service they’re receiving (e.g. “day care”
or “direct payment” or “home care”), their gender and their
ethnicity. If, by burrowing into that data, one could identify that
reveals that one, and only one, Bangladeshi man in the Blankety ward
aged 18-64 with a learning disability is in receipt of direct
payments, most data protection professionals (and many other people
besides) would recognise that this is an identifiable individual, if
not to you or me, then almost certainly to some of his neighbours or
family or acquaintances.
[…]
If these individuals are identifiable (and, trust me, these are only
two examples from hundreds, in many, many spreadsheets), then this is
their sensitive personal data which is being processed by the public
authority in question (which I am not identifying, for obvious
reasons). For the processing to be fair and lawful it needs a legal
basis, by the meeting of at least one of the conditions in Schedule
Two and one in Schedule
Three of the Data Protection Act 1998 (DPA).
And try as I might, I cannot find one which legitimises this
processing, not even in the 2000
Order which significantly added to the Schedule 3 conditions.
And this was why, when the datasets in question were drawn to my
attention, I flagged my concerns up with the public authority
Read
more on Information
Rights and Wrongs.
It’s
somewhat disturbing that Jon not only had to raise the issue, but the
lack of timely and effective responses he got is also concerning.
Although DataBreaches.net is a U.S. site, the exposure of personal
information anywhere is of concern, and we urge the Information
Commissioner’s Office to either get those data sets removed already
or explain why such
disclosure is lawful under U.K. law. [That
takes training. Bob]
For
my Data Management and Business Intelligence students.
Seldon
Predictive API makes Life Easier for Data Scientists
Seldon
will soon release an open-source
predictive API aiming to ease the demand on data scientists. The API
makes it easy to apply multiple algorithms which can recommend
content tailored to customers and offer app personalisation, as well
as many other powerful features.
…
"We help the world’s leading media and e-commerce companies
leverage cutting edge big
data technologies, machine
learning algorithms, and social data, to provide the most
intelligent solution for personalisation, recommendation and
targeting," Seldon’s
website says.
More
businesses are embracing the role of in-house data scientists as they
seek to differentiate themselves and provide a better end-user
experience through personalisation.
…
They are currently taking requests for their private
beta, planning a staged rollout in early 2015.
Convergence?
TV via Internet rather than Cable or Satellite, so why not give your
TV a dedicated PC?
Intel
Compute Stick Turns Any TV Into A Windows PC For Just $149
…
All it takes is a little stick, much like the
much-loved Google Chromecast. Meet the all-new Intel
Compute Stick.
The
Compute Stick is essentially a complete PC, but in the compact form
factor of a slightly large pen drive. It connects to a TV via HDMI,
but also has to be powered with a microUSB cord.
…
It will also be available with Linux, but that version will come
with 8GB of storage and 1GB RAM. That model will retail for $89,
Intel said.
For
my Students.
7
Insightful Infographics For Any Windows User
(Related)
Not as useful, but still interesting.
9
maps that explained the Internet in 2014
Washington
Post: “This was a big year for the Internet, from the U.S. debate
over net neutrality to proposals to shift control of the worldwide
Web to the global community. Here
are maps that can help you understand how the Internet worked and how
people used it in 2014.”
No comments:
Post a Comment