Image representing CloudFlare as depicted in C...

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

 

The Tech industry is nothing without acronyms. Here comes cCommerce (e.g. Cloud Commerce) an obvious outgrowth of eCommerce. As companies move more aspects of their business to the “cloud,” beyond their own data storage, such as customer data and transaction processing, it is imperative to implement best practices to minimize risks and ensure customer trust.

Fourth Circuit Court of Appeals Reverses Summary Judgment for Google in Rosetta Stone’s AdWordsLawsuit

Image representing Google as depicted in Crunc...

Image via CrunchBase

For Trademark lawyers and brand owners, Google’s AdWords program has engendered no small amount of debate. Many companies have tried, unsuccessfully, to hold Google liable for keyword advertising triggered when a brand-owner’s competitor buys keyword advertisements under the AdWords program by purchasing the brand-owner’s trademarks as keywords. Rosetta Stone’s lawsuit is no different.

However, what is different this time is that Google will have to defend at trial its program of selling companies’ well-known trademarks to the highest bidder. In the widely watched ruling, the Court reinstated most of Rosetta Stone’s claims relating to infringement and dilution.

On the claim of direct trademark infringement, the Court found that there was evidence in the record to create a question of fact as to whether “a reasonable trier of fact could find that Google intended to cause confusion in that it acted with the knowledge that confusion was very likely to result.” Google’s own internal studies suggested that it was likely confusion would result from the use of third-party trademarks.

On the claim of  contributory infringement, the appeals court stated that the district court had improperly shifted the burden from Google to Rosetta Stone on the issue of whether Google allowed known infringers and counterfeiters to bid on Rosetta Stone’s trademarks as keywords

On the claim of trademark dilution, the appellate court reversed the district courts approval of Google’s “fair use” defense finding that the district court had not addressed Google’s good faith, and wrongly placed the burden of proof on Rosetta Stone, when the it was Google that was the party asserting fair use as  a defense.

Lastly, the appeals court addressed the functionality doctrine which is the use of a product design considered necessary by the nature of the product itself. Such aspects of the product design are not protectable and others are free to use it.  The court of appeals stated “[t]he functionality doctrine simply does not apply in these circumstances,” since Rosetta Stone’s trademarks were not a “functional” feature of its software.

You can read the opinion here.

  • Calls for voluntary online Do Not Track system
  • Calls on Congress to pass general privacy legislation
  • White House has called for privacy bill of rights

In 2011, the Federal Trade Commission slapped Google and Facebook for violating their own privacy policies, forcing both to submit to years of privacy audits. In February, 2012 , the Obama administration issued a blueprint for a “Consumer Privacy Bill of Rights.” The FTC, the main government agency responsible for protecting privacy, called Monday for legislation that would give consumers access to information collected about them by data brokers similar to the rights they now have to review information amassed by credit reporting agencies.

The FTC’s report comes a little over a month after the White House released its privacy bill of rights that called on companies to be more transparent about privacy and grant consumers greater access to their data but that stopped short of backing an explicit “do not track” rule. The Federal Trade Commission’s 57-page privacy report consisted of a set of “best practices” that the Internet industry is expected to follow — or face sanctions. The report mirrors many of the provisions of the “Consumer Privacy Bill of Rights” released by the White House and represents the first serious efforts at striking a balance in online consumer privacy protection related to web usage.

Critics contend the framework is not as extensive as the White House Consumer Privacy Bill of Rights announced back in February. That already made provision for “Do Not Track” technology, with Google, Yahoo!, Microsoft and AOL – together responsible for almost 90-percent of behavioral advertising – already opting in. Privacy advocates have slammed the new” guidelines, arguing that the proposed system for ensuring online data security fails to take advantage of existing authority and relies too much on self-regulation of the online industry. The new framework “mistakenly endorses self-regulation and ‘notice and choice,’” the Electronic Privacy Information Center claims, ”and fails to explain why it has not used its current Section 5 authority to better safeguard the interests of consumers.”

For those of us who try to immerse ourselves in technology and more recently, Social Media, the new “kid on the block” seems to be Pinterest. According to their site, “Pinterest lets you organize and share all the beautiful things you find on the web. People use pinboards to plan their weddings, decorate their homes, and organize their favorite recipes. Best of all, you can browse pinboards created by other people. Browsing pinboards is a fun way to discover new things and get inspiration from people who share your interests.”

Not surprisingly, Pinterest is receiving a lot of coverage on B2B and B2C blogs that provide guidance on the how and why Pinterest can be used by business. The next logical question for me is should Lawyers use Pinterest? if so, how?

Should Lawyers Use Pinterest?

The answer to the first question is simple: Yes, if it is useful to you. Pinterest is a social bulletin board allowing users to “pin”, or save, useful information. It leverages social networks and enables users to track, organize and share products or other content discovered online.  The site allows users to subdivide content by category such as travel, books or food. Finally, axiomatic of all social media is the interaction, allowing friends to follow and view your boards and comment on the items that you’ve posted, or re-pin them on their own boards.

How Can Lawyers Use Pinterest?

The answer to the second question is less simple:

Pinterest

Image by stevegarfield via Flickr

Simply put, Pinterest is an image content curation site where one can create “boards” to which they can add images and comments around a common theme. What’s really interesting is that once one begins using Pinterest, this pen up a whole new way to dialogue with people. Users will “re-pin” your items and it creates an opportunity to contact the user and ask what it about your content that prompted them to re-pin it.

While I am still new to Pinterest, I see it as another valuable social media tool to engage and interact with people. My Pinterest page can be found here.

Follow

Get every new post delivered to your Inbox.

Join 3,228 other followers

%d bloggers like this: