May 7, 2013
According to a PwC report released last week, fewer Canadian tech startups are looking for buyers in order to exit the market, choosing instead to find ways to reach their next growth stage and generate revenue in Canada.
Lehigh Valley Business
CyOptics, once a startup that received funding and help from Ben Franklin, is just one success story, according to Laura S. Eppler, director of marketing for Ben Franklin Northeastern Pennsylvania.
At first glance you might not think there is much in common between the film industry and tech startups. I’m here to tell you differently. Both industries have their own set of challenges, whether you’re starting out, or refining your craft/company.
Wall Street Journal (blog)
Tech watchers once considered the database market pretty stagnant, at least in terms of new technology and new entrants. Suddenly it is anything but that, with Clustrix a prime example.
Leaders of the Chicago startup community released figures Friday regarding the city’s start-up growth coinciding with the first anniversary of 1871, one of the city’s start-up incubators. “Over the last year, the tech community has really come together.
The Next Web
Rumors about the move have been circulating since late last month and follows the announcement that Ben Finkel is also involved at Jelly as Christopher Isaac “Biz” Stone’s fellow co-founder and Chief Technology Officer.
Business Times (subscription)
Thermal management solutions for lithium-ion batteries are also exactly what Gcorelab, a local clean tech startup, specialises in. Gcorelab is developing what it calls a “small liquid-based thermal management system” for electric vehicles.
Tech in Asia
Gai When you’ve been co-founder and CEO of Snapture Labs, held the same titles at CardMunch, Inc. and are currently founder and chief ambassador at World Startup Report, you tend to attract attention when you enter the tech and startup community.
Tech Startup Develops Two-Click Checkout. – Yahoo! Finance
Finance: ALBUQUERQUE, N.M., May 2, 2013 /PRNewswire/ — Tech start-up @ Pay released its first public Application Programming Interface (API) today.
Silicon Valley based high tech start up in the Golf business, developing a cool product, is looking to expand its team in different disciplines including R&D.
AUSTIN, Texas — A divided House vote provides momentum for Texas employees who wish to shield personal text messages, email passwords under a bill backed by Democratic State Rep. Hellen Giddings and given preliminary approval Thursday.
Proponents say Texas workers need the same social media protections provided in several other states. The bill prohibits employers from asking job applicants or employees for passwords to access their Facebook, Twitter or other personal accounts. Opponents argue it will provide “safe harbor” for employees to steal proprietary information at the workplace through their personal accounts.
No specific penalties are spelled out for employers who would violate the law.
The Texas law is another reminder of the ongoing evolution of Social Media law and regulation as legislators and private businesses struggle to understand how these technologies affect everyone’s rights, obligations and remedies.
If you or your business is concerned about social media legal and regulatory compliance, contact David Adler at Leavens, Strand, Glover & Adler. 866-734-2568 email@example.com.
Tagged: email, employe, employer, Facebook, Privacy, security, Social media, Texas, Twitter, Workplace
VIDEO: The Evolving Insider Threat- Dawn Cappelli, Randy Trzeciak of CMU’s Insider Threat Center
This video from RSA Conference 2013 discusses:
- Who typically commits insider crimes – and how;
- How employees are being victimized from outside;
- Why our critical infrastructure is at heightened risk.
Even if you are an employer using standard commercial verification measures, you should be cautious about misuse of any information by employees, managers and contractors. Accordingly, you should be careful with training and education and not on only newly-hired employees. Further, plan on how login credential and access to sensitive information will be handled and/or turned over when training or when terminating, suspending, withholding pay, lowering pay, or taking any other adverse action against an employee.
Tagged: Carnegie Mellon University, CERT, Employees, exploits, fraud, Insider Threat Center, Intellectual property, managers, research, Risk, sabotage, theft
On February 22, 2013, the FTC announced a settlement with HTC America over charges that HTC failed to use adequate “security by design” in millions of consumer mobile devices. As a result, the company is required to patch vulnerabilities on the devices which include #Smartphones and #Tablets. The settlement, the first action involving a mobile device manufacturer and the new “Privacy By Design” guidelines, sheds some light on the legal risks for mobile device manufacturers and, to some extent, mobile application developers.
The FTC alleged that HTC failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk. The resulting vulnerabilities posed risks to sensitive functionality, including the possibility that malware could send text messages, record audio, and install additional malware onto a consumer’s device.
Here are four key take-aways for mobile device manufacturers and application developers from the FTC’s complaint:
- provide your engineering (programming) staff with security training
- review or test your software on mobile devices for potential security vulnerabilities
- follow well-known and commonly accepted secure coding practices
- establish a process for receiving and addressing vulnerability reports from third parties
Smartphones and tablets are powerful, popular, and continue to find their ways into our personal and business lives. New mobile apps hit the market each day. In this fast-moving era of entrepreneurship and creativity, mobile device and app developers need to keep up with evolving privacy and security. Apps and mobile devices that tap into consumer data — including contact information, photos, and location to name a few — pose a heightened risk to digital snoops, data breaches, and real-world thieves.
Please contact us if you are interested in learning how to evaluate your mobile security and privacy risk or to help develop a “Privacy By Design” approach mobile app security.
Please comment, tweet and forward!
- FTC moves against mobile device makers over security (networkworld.com)
- AT&T to usher in split-personality mobile devices (reviews.cnet.com)
Tagged: "Privacy By Design" guidelines, developers, device, Federal Trade Commission, FTC, HTC, HTC Corporation, legal risks, manufacturer, Mobile, mobile application, Mobile device, Smartphone, Tablet computer, Vulnerability (computing)
Three Things I Learned About Personal Cybersecurity At RSAConference That You Should Be Doing Right Now
February 28, 2013
I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.
One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.
Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.
Here are the three things I learned about how you can protect yourself and others in your organization.
First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.
TIP NO. 1: Use a private, obscure email address for your more sensitive information.
Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.
TIP NO. 2: Back Up your digital life, early and often.
Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.
Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.
TIP NO. 3: Whenever possible enable two-factor authentication.
Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.
Please comment and follow!
- Twitter looks to add two-factor authentication to stop password hacks (arstechnica.com)
Tagged: Authentication, CloudFlare, Cyber, cybersecurity, Facebook, Google+, Hackers (film), Matthew Prince, Privacy, Risk, security, trust, Two-factor authentication, User (computing), ZoneAlarm
February 19, 2013
I will be speaking at Affiliate Management Days SF 2013 (April 16-17, 2013) on the topic of “Managing Risk: Legal Issues for Merchants & Affiliate Managers.”
Affiliate marketing is one of the most cost-effective techniques for monetizing web site traffic and driving sales. Unfortunately, it has a reputation for high risk. While the industry is unlikely to ever be risk-free, it is possible to manage risk by: (1) understanding how techniques like behavioral and contextual targeting affect consumers, affiliates and merchants, (2) understanding the legal and regulatory environment, (3) understating risks involved with prospective marketing partners, (4) using and maintaining proper contracts that allocate risk and provide appropriate indemnifications, and (5) keeping informed about the changes in technology, marketing practices and the regulatory environment. Attendees will learn how to identify these issues and develop policies and procedures to keep informed about the current technology, marketing strategies and regulatory compliance.
Topics covered include:
- Behavioral/Contextual Advertising
- Regulatory/Industry Compliance : FTC Guides & Enforcement Actions
- CAN-SPAM compliance
- IP Law: Rules governing use of others™ Trademarks/Keywords, Right of Publicity/Endorsement Issues.
- Identifying, protecting against, and disputing accusations of Click-Fraud
- Bad Affiliate Programs: Cheating and Stealing from Affiliates (earnblogger.com)
Tagged: Affiliate marketing, Affiliate Program, April 16-17 2013, Business, Marketing, Network affiliate, Online Opportunities, Opportunities
January 31, 2013
Entertainment Law News & Events
Entertainment Law Initiative Luncheon Set For Feb. 8 | GRAMMY.com
The GRAMMY Foundation announced today that the keynote discussion at the 15th Annual Entertainment Law Initiative Luncheon & Scholarship Presentation
Colorado IP and entertainment lawyer David Ratner forms ‘Creative …
‘Creative Law Network,’ a Denver-based law firm, will focus on small to mid-size businesses and artists.
Florida Bar Hosts Entertainment Law Event | Billboard
NEW YORK–The Florida Bar Assn.’s Entertainment Arts and Sports Law Section will host its sixth annual legal symposium on music, film and TV on March 26.
UNH Law to debut sports and entertainment law institute
The University of New Hampshire’s School of Law will open a Sports and Entertainment Law Institute next fall, giving students the opportunity to focus their studies for a law career in either field.
Entertainment lawyer Mike Novak dies
The Macomb Daily
For nearly three decades, Mike Novak’s name was synonymous with entertainment in the Detroit area. During his career the Troy-based attorney, a resident of Grosse Pointe Shores, represented the likes of artists such as Bob Seger and Kid Rock.
Use a Law Degree to Enter Environmental or Entertainment Fields
U.S. News & World Report (blog)
If you have a question about law school, E-mail me for a chance to be featured next month. This week, I will address questions from readers about pursuing environmental and entertainment law.
Fashion Law News
Minnetonka’s Trademark Suit Against Target Tip-Toes Away http://t.co/sF6vtszP via @FemmeLegale
VIDEO: First Ever Northern California Fashion Law Panel Produced …
First Ever Northern California Fashion Law Panel
Following the Dress Code: Fundamentals of Fashion Law with BK …
February 13th – 6:00-8:00pm 2 MCLE Credits (Professional Practice) 123 Remsen Street, BrooklyModerator: Allegra Selvaggio, Esq.
About The Author
David M. Adler, Esq. is a 2012 Illinois SuperLawyer, author, educator, entrepreneur and partner with Leavens, Strand, Glover & Adler, LLC, a boutique law firm in Chicago, Illinois created with a specific mission: provide businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value.
Tagged: Copyright, education, Entertainment Law, Fashion Law, Intellectual property, Trademark
December 23, 2012
As a result of the rapid shift in marketing from unilateral one-to-many communications, to the multilateral, many-to-many or many-to-one conversations enabled by Social Media, employees and employers are struggling to manage accounts that are used for both work and personal purposes.
This new phenomenon has benefits, but it also creates a number of legal challenges. For employees, it may result in greater efficiency, more opportunities for authentic customers engagement and the ability to stay on top of the most current grands and business issues. For employers, it presents opportunity to reap substantial benefits from lower communications and customer support costs. For in-house counsel, it raises a host of legal and practical issues with few easy solutions and significant liability and regulatory risks.
First, there are hardware issues. Smartphones, tablets and other personal electronics often have social networking capabilities built in. in addition, they contain contain both personal and business data. Because these devices are always on and always connected, they are more than just personal property. They have become essential business tools. For both sides of the workplace equation, employers and employees must understand where the privacy lines fall between personal versus work-related information.
Second, there are data issues. Employers must balance their needs to monitor employee usage, employees’ privacy concerns, and the risk of liability for theft or exposure of data if a device is lost or stolen, or from lack of proper safeguards on account usage. For in-house counsel tasked with drafting policies to address these risks, , Prior to implementation of any policy, the legal team needs to educate front line employees and management on reasonable expectations of privacy and security and the harms that the organization seeks to prevent.
Lastly, recent cases such as the Cristou v. Beatport litigation, highlight the struggle to define and control the beginning and end of employee social media accounts, ownership and protection of intellectual property and the post termination risks that arise from the absence of appropriate policies.
As we prepare to start a new year, the time is ripe to establish security and privacy policies governing creation, maintenance and use of employees’ social media accounts for work functions. In-house counsel must lead the charge to educate, inform and train employees about privacy, security and evidence-recovery implications associated with use of social media.
Tagged: accounts, attorney, Business, BYOD, Communications, counsel, employee, employer, in-house, infosec, Law, Lawyer, Legal, Marketing, media, Mobile, policies, policy, Privacy, regulation, security, social, Workplace
HHS Office of Civil Rights (OCR) releases guidance for de-identification under the HIPAA Privacy Rule.
December 13, 2012
HHS has provided guidance about methods and approaches to achieve de- identification in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The guidance explains and answers questions regarding the two methods that can be used to satisfy the Privacy Rule‘s de-identification standard: Expert Determination and Safe Harbor1. This guidance is intended to assist covered entities to understand what is de-identification, the general process by which de- identified information is created, and the options available for performing de- identification.
Tagged: de-identification, guidance, health, HHS, HIPPA, information, OCR, personally identifiable information, PII, Privacy, regulation
December 11, 2012
Company Sanctioned for ” History Sniffing”
FTC Settlement Puts an End to “History Sniffing” by Online Advertising Network Charged With Deceptively Gathering Data on Consumers
You know the old adage, the Internet is forever. Well, so is your browsing history, apparently. On December 5, 2012, the FTC announced that an online advertising company agreed to settle Federal Trade Commission charges that it used “history sniffing” to secretly and illegally gather data from millions of consumers about their interest in sensitive medical and financial issues ranging from fertility and incontinence to debt relief and personal bankruptcy.
“Consumers searching the Internet shouldn’t have to worry about whether someone is going to go sniffing through the sensitive, personal details of their browsing history without their knowledge,” said FTC Chairman Jon Leibowitz. “This type of unscrupulous behavior undermines consumers’ confidence, and we won’t tolerate it.”
The defendant, Epic Marketplace shared information with a large advertising network that has a presence on 45,000 websites. Consumers who visited any of the network’s sites received a cookie, which stored information about their online practices including sites they visited and the ads they viewed. The cookies allowed Epic to serve consumers ads targeted to their interests, a practice known as online behavioral advertising.
Kids’ Data Still Collected, Shared without Parents’ Knowledge, Consent
The Federal Trade Commission issued a new staff report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” [PDF here ] examining the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores. The report details the results of the FTC’s second survey of kids’ mobile apps.
The FTC first surveyed kids’ mobile apps in 2011. Since then there has been little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it. Many any of the apps examined included interactive features, such as connecting to social media, and sent information from the mobile device to ad networks, analytics companies, or other third parties, without disclosing these practices to parents.
Disturbingly, the shared information included login information across multiple sites, GPs location information and device ID information.
Tagged: Children, Mobile Apps, Privacy, security