Friday, May 29, 2020


Will Security now have to wait for the lawyers to review the report? If legal releases actionable (any?) items, does that break confidentiality?
Capital One Must Turn Over Mandiant’s Forensics Report
Jeremy Kirk reports:
Capital One has been ordered by a federal judge to turn over the results of a digital forensics investigation into its 2019 data breach, which has been sought by plaintiffs in a class-action lawsuit.
The report could provide further insight into what went wrong in one of the most significant breaches of a financial institution in history.
Read more on BankInfoSecurity. This is a huge decision, as most entities have claimed that forensic reports are covered by work product doctrine and should not be discoverable. But in this case, the court held that Capital One had not shown that the report was ordered and requested specifically in response to the breach as a legal expense.
[From the article:
Capital One has had a standing arrangement with FireEye's Mandiant forensics unit since 2015, Anderson writes. In early 2019, Capital One paid Mandiant a retainer that it classified as a business rather than legal expense, he notes.
"Capital One has not presented sufficient evidence to show that the incident response service performed by Mandiant would not have been done in substantially similar form even if there was no prospect of litigation," Anderson writes.




Eventually, we will all agree. (And pigs might fly)
Vermont Updates its Data Breach Notification Law
As the COVID-19 pandemic presses on, privacy and security matters continue to be at the forefront for federal and state legislature. We recently reported that Washington D.C. updated its data breach notification law. Now, the Vermont legislature also amended its data breach notification law, with significant overhauls including expansion of its definition of personal information, and the narrowing of permissible circumstances under which substitute notice may be applied. Bill S.110 amending Vermont’s Security Breach Notice Act, V.S.A §§ 2330 & 2335, b23-0215, was signed into law by Governor Phil Scott, and will take effect July 1, 2020. In addition Bill S.110, creates a new duties and prohibitions with respect to student privacy directed towards educational technology services (similar to a law first enacted in California, and later adopted by over 20 states).




To be expected, I guess.
The ACLU sues Clearview AI, calling the tool an 'unprecedented violation' of privacy rights
The American Civil Liberties Union is suing Clearview AI, the maker of a facial-recognition tool used by law enforcement agencies across the country.
The ACLU alleges that Clearview's technology runs afoul of the 2008 Illinois Biometric Information Privacy Act, according to the complaint, filed Thursday in the Circuit Court of Cook County, Illinois. It alleges in a statement that the company is engaging in "unlawful, privacy-destroying surveillance activities."
The ACLU said in the complaint that it is bringing the suit "to put a stop to its unlawful surreptitious capture and storage of millions of Illinoisans' sensitive biometric identifiers." Several other nonprofits, including the Chicago Alliance Against Sexual Exploitation and Sex Workers Outreach Project Chicago, have also signed onto the suit.
Clearview dismissed the ACLU complaint as "absurd" when asked for comment. According to its website, Clearview's service "has been independently tested for accuracy and evaluated for legal compliance by nationally recognized authorities."
If a person posts an image to a public Instagram page, for example, Clearview's technology is capable of grabbing it, and even if that person later changes their page to private or deletes the photo altogether, the image will still show up in Clearview's database. The tool can also scrape photos of a person even if they were posted by someone else without that person's knowledge.
Twitter, Google, Facebook and other tech companies have sent Clearview cease and desist letters, saying the tool violates their terms of service. Clearview has said it would address the tech companies' concerns, but also pushed back, saying there is a First Amendment right to public information.




Hey! It works in such bastions of freedom as Russia and China and North Korea!
Trump signs order that may impact how social media manage content
Washington Post – “President Trump on Thursday signed an executive order that could open the door for the U.S. government to assume oversight of political speech on the Internet, a broadside against Silicon Valley that a wide array of critics derided as a threat to free speech. The new directive seeks to change a federal law that has spared tech companies from being sued or held liable for most posts, photos and videos shared by users on their sites. Tech giants herald these protections, known as Section 230, as the bedrock of the Internet. But Trump repeatedly has argued they allow Facebook, Google and Twitter to censor conservatives with impunity — charges these companies deny… The order signed Thursday encourages the Federal Communications Commission to rethink the scope of Section 230 and when its liability protections apply. The order also seeks to channel complaints about political bias to the Federal Trade Commission, an agency that the White House has asked to probe whether tech companies’ content-moderation policies are in keeping with their pledges of neutrality. The order additionally created a council in cooperation with state attorneys general to probe allegations of censorship based on political views. And it tasked federal agencies with reviewing their spending on social media advertising. While Trump has threatened to penalize tech companies for years, his signing of the order Thursday came in response to a decision by Twitter earlier in the week to mark two of his erroneous tweets with fact-checking labels. The small move set off a firestorm of tweets by the president threatening social media companies with regulations and other punishments…”




Someone in the White House should have heard of the Streisand Effect…
Trump campaign attempts to remove satirical cartoon from online retailer
… “I doubt anyone had even seen it yet on the site,” he said. “This reveals that the Trump campaign has a system in place, trawling for material they find objectionable. If it happened to me so quickly, it likely has happened to others. How much other content has been removed this way on Redbubble and other sites?”




The world, she has changed.
States Are Reopening, But Many Americans Say They Aren’t Rushing Back To Normal Life
In a Morning Consult poll conducted May 12-15, only 23 percent of Americans said they were comfortable going out to eat, going on vacation or going to a shopping mall — and those were the activities that respondents were most likely to be comfortable with. Only 16 percent said they were comfortable going to the movies, 14 percent going to an amusement park and 13 percent going to the gym. And another Morning Consult poll, from May 19-21, found that sports fans have come around to holding games in empty stadiums if necessary, with 41 percent supporting a crowdless return as soon as possible and 38 percent saying leagues should wait until it’s safe for fans to attend before restarting. That’s a stark change from April 3-5, when 70 percent of fans said sports leagues should wait until it’s safe for spectators and only 16 percent favored a quicker return.




Also useful for history buffs.
Great Sets of Primary Source Documents for U.S. History Lessons
The Digital Public Library of America's Primary Source Sets organized according to themes, eras, and events in United States history. The DPLA primary source sets include documents, drawings, maps, photographs, and film clips. Each set is accompanied by a teaching guide. All of the sets can be shared directly to Google Classroom. And each artifact that students view in the sets is accompanied by some questions or points to ponder while reviewing that artifact.
The DPLA's primary source sets provide teachers and students with a convenient way to find primary source documents.



No comments: