Emmanuel Macron won France’s presidential election in a landslide. He defeated his opponent, Marine Le Pen, by more than thirty percentage points. Such a high margin might lead one to think that his victory was inevitable. But on the eve of the election, it did not seem that way.
On the Friday before the Sunday election, hackers released a trove of documents they had stolen from the Macron campaign.… More
Unmanned aerial vehicles, or “drones,” as they’re commonly called, touch on numerous hot-button cybersecurity issues. As devices connected to networks, they are important when considering the “internet of things.” As used by the government, they present surveillance concerns. Over the past decade, they have been increasingly used for military operations — although civilian drones now far outnumber military drones. (The FAA has estimated that by 2020,… More
Recently, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477, which aims to provide guidance and clarity to lawyers as
they consider what level of security to give communications with clients. (I was recently interviewed by Massachusetts Lawyers Weekly on this topic, and you can read the full article here; please note that the article is behind a paywall.)
The bottom line? … More
Presented by Foley Hoag LLP and PwC
A data breach is a business crisis. What should you do?
Learn first-hand as Foley Hoag LLP and PwC walk you through the practical and legal aspects of responding to a data security incident. From understanding how to be prepared to thinking through best practices, this webinar is designed to help you get a handle on an emergency that every business must confront.… More
The Federal Trade Commission (FTC) has been a critically important regulator of cybersecurity practices in the US, using its authority under Section 5 of the FTC Act to bring enforcement actions against companies for failing to protect their consumers’ private data. This past January, Trump appointed Republican Maureen Ohlhausen as the Commission’s new acting chairwoman. Here’s what you need to know about her approach to data security.… More
The Computer Fraud and Abuse Act, or CFAA, is the federal “anti-hacking” statute (or sometimes referred to as a “computer trespass” statute). In essence, the CFAA prohibits intentional unauthorized access into another computer, when such action directly accesses certain protected information or otherwise causes damage or loss. The CFAA provides for both criminal penalties and civil causes of action. The scope and meaning of access “without authorization”… More
Plaintiffs presenting a claim in federal court must have standing to sue, under Article III of the Constitution (as we have written about in the past). The Second Circuit recently entered an order reminding plaintiffs, defendants, and their attorneys just how difficult overcoming the standing hurdle can be for individuals suing in the wake of a data breach.
In Whalen v.… More
“Will the President sign it?” I asked in a recent post. As if in direct answer, the President issued the order the same day, May 11, 2017. The order is titled Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, and it appears to be identical to the recently leaked draft.
The order commissions a slew of reports from federal agencies.… More
First, the basic facts about the recent ransomware attack:
Those “in the know” in the cybersecurity world have been aware for more than a year of the threat posed by ransomware, a type of malware that locks victims’ access to their files until they pay a ransom. But discussion of the threat was mostly localized to cybersecurity professionals, blogs like this one, and various guidances released by federal agencies during 2016. But ransomware may just have entered the general public consciousness in a big way.… More
The saga of the cyber security executive order continues; a new draft surfaced just last week. The first draft leaked in January, shortly before the President was expected to sign a cyber-security order. He abruptly postponed. Another draft leaked in February, but the President didn’t sign that one either. Perhaps this latest draft is the final one. “Rumors had it,” Paul Rosenzweig writes,… More
Editor’s Note: Martha Coakley, Christopher Hart, and Emily Nash recently published an article in Today’s General Counsel entitled, “The Life Cycle of a Data Breach.” Here is a snippet:
A data breach can be an existential crisis for an unprepared business, and in the best case it’s likely to be expensive and disruptive. Treat data security as an integral part of the company risk profile,… More
The Department of Health and Human Services (HHS) will soon launch a healthcare focused cybersecurity initiative modeled on the Homeland Security Department’s National Cybersecurity and Communications Integration Center (NCCIC). Christopher Wlaschin, Chief Information Security Officer at HHS, announced this development at the 2017 ACT-IAC Health IT-Mobile Forum on April 20. According to Wlaschin, the new center, to be called the Health Cybersecurity and Communications Integration Center (HCCIC) would seek to reduce the extensive “noise” in the health care industry about cyber threats and to analyze and “deliver best practices and the two or three things that a small provider,… More
If you check your email this afternoon, you may see a message that someone you know is sharing something on Google Docs. You should verify that separately before opening, as there is a widespread phishing attempt going around using such an invitation. More