I almost have to admire this defense logic: if you don’t
know when our breach occurred or can’t allege it, you can’t prove any claims as
to whether something happened before or after the breach, so we get to walk
away from the consolidated class action lawsuit…?
Law360
has more, if you have a subscription. But
I was so curious that I actually acquired the filing from PACER (you can all
chip in towards the $3.00 fee), and have uploaded the filing here (47 pp, pdf).
But here is the overview of the argument:
Most fundamentally, plaintiffs do
not allege the date on which the breach occurred. Yet, they speculate that they suffered damages
because of Experian’s “delay” in providing notice of the breach. But the absence of an alleged date of beach
renders these claims infirm. After all, no one was injured by delayed notification
if there was no delay in providing notice. Some plaintiffs assert that they were victims
of identity theft or fraud, speculating that the attacker must have used the
data it stole to commit such crimes. But
because plaintiffs do not allege a date of breach, it is unclear whether these
alleged injuries occurred before or after the breach. If they occurred before the breach, they could
not possibly have been caused by the breach. Some of the plaintiffs’ claims are grounded in
fraud, yet none are pleaded with the particularity required by Rule 9(b).
I thought the breach occurred in October, 2015?? Why wasn’t there anything on that in the
complaint, or was there?
Another legal defense?
I was wondering how many lawsuits we might see by
employees whose firms
fell for phishing schemes involving W-2 data.
From what Law360 reports,
HAECO employees did sue their employer, who’s arguing that the employees can’t
sue for invasion of privacy because the employees had given their information
to their employer willingly.
Okay, that defense makes sense, but then what could the
employees sue their employer for? And
the fact that your own employees are suing you, well…. maybe your incident
response wasn’t as good as it could have been? Just wondering….
It’s kinda like leaving your wallet behind…
Seen on FourthAmendment.com:
Defendant fled a taxicab to avoid
the fare but left his cell phone behind. The police used the phone to call 911 to
capture his name, phone number, and other 911 information. This wasn’t a search, and it was governed by
Smith, that information voluntarily turned over to another is not protected by
a reasonable expectation of privacy. [The complete answer to that is that defendant
didn’t turn over the information voluntarily; the police dialed 911 to make the
call, and was that a seizure? The court
botches this one by deciding it this way. Abandonment of the phone wasn’t even decided,
and it clearly was the easier and more logical argument than attempting say
there was a lack of a reasonable expectation of privacy without having to
strain to make something up to sound profound.]
State
v. Hill, 2016 Ga. App. LEXIS 432 (July 13, 2016)
Read more on FourthAmendment.com,
via Joe Cadillic.
And while we’re on the Fourth Amendment, do note this
development in Congress, which I’m actually happy about: The
Fourth Amendment Gets Its Own House Caucus to Demand Its Respect.
They just didn’t pay attention. They hired an Australian firm that the
Chinese them bought – and no one noticed.
Bernard Keane and Asher Wolf write:
The ballots from the 2016
Australian election are being secured by a company owned by one of China’s most
important security firms, with links deep inside the communist state’s vast
surveillance system.
In 2014, the Australian
Electoral Commission hired the company SecureMonitoring to provide “Security
Alarm System Monitoring for AEC Warehouses and National Office”, for $360,000
over three years.
Read more on Crikey.
Perhaps my University’s Tech Support could help. They certainly have the ability to disrupt my
classroom.
U.S. military has launched a new digital war against the
Islamic State
An unprecedented Pentagon cyber-offensive against the
Islamic State has gotten off to a slow start, officials said, frustrating
Pentagon leaders and threatening to undermine efforts to counter the militant
group’s sophisticated use of technology for recruiting, operations and
propaganda.
The U.S. military’s new cyberwar, which strikes across
networks at its communications systems and other infrastructure, is the first major, publicly declared use by any nation’s
military of digital weapons that are more commonly associated with
covert actions by intelligence services.
… But defense
officials said the command is still working to put the right staff in place and
has not yet developed a full suite of malware and other tools tailored to
attack an adversary dramatically different than the nation-states Cybercom was
created to fight.
In an effort to accelerate the pace of digital operations
against the Islamic State, the Cybercom commander, Adm. Michael S. Rogers,
created a unit in May headed by Lt. Gen. Edward Cardon that is tasked with
developing digital weapons — fashioned from malware and other cyber-tools —
that can intensify efforts to damage and destroy the Islamic State’s networks,
computers and cellphones.
… scruffy insurgents aren’t the best target for
high-tech weapons.”
The simple fact that the Pentagon has ordered its first
major cyber-offensive campaign, and has acknowledged it publicly, is a
milestone.
… Whenever the military undertakes a
cyber-operation to disrupt a network, the intelligence community may risk
losing an opportunity to monitor communications on that network. So military
cybersecurity officials have worked to better coordinate their target selection
and operations with intelligence officials.
For the Crypto chapter in the Computer Security
class.
Use Tor? Riffle promises to protect your privacy even better
Privacy-minded people have long relied on Tor
for anonymity online, but a new system from MIT promises better protection and
faster performance.
No comments:
Post a Comment