World Information, Data & Cyber Security News & Legal Roundup

German cybersecurity agency prods users to ditch IE

Computerworld – Germany’s cybersecurity agency on Monday urged users to drop Internet Explorer (IE) and switch to a rival, like Chrome or Firefox, until Microsoft patches a new critical bug in its browser.

Democratic senators call for ‘cybersecurity’ executive order
CNET

Senators call for ‘cybersecurity’ executive order. This summer’s partisan sparring that derailed a federal cybersecurity law has resumed, with Democrats proposing an executive order and Republicans saying it would levy “more mandates.”

Cybersecurity scholarships to be offered
UPI.com

“The nation is in dire need of people who are capable of handling the cybersecurity challenges we face,” professor of computing and information sciences Xinming “Simon” Ou said. “We are lagging behind in the number of experts we have versus the threats.

Cybersecurity: Kay Bailey Hutchison condemns Obama’s ‘heavy handed …
Houston Chronicle (blog)

Amid escalating partisan rhetoric over the bipartisan goal of protecting U.S. computer systems from terrorist attacks, Texas Kay Bailey Hutchison criticized President Obama for a “heavy handed, regulatory regime” that would be created.

National Cyber Security Alliance Announces Theme for Data Privacy Day
The Herald | HeraldOnline.com

18, 2012 /PRNewswire-USNewswire/ — The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online and official coordinator of Data Privacy Day (DPD), today …

When it comes to cybersecurity law, where do we draw the line?
ZDNet

Over the past few years, the Obama administration and Congress have taken a variety of legislative runs at creating comprehensive cybersecurity law. See Also: How cybersecurity is like Star Trek’s transporter.

Cyber security biggest challenge for universal credit, says David Freud
ComputerWeekly.com

Cyber security is the biggest challenge for the government’s universal credit roll-out, welfare reform minister David Freud has told a select committee. Speaking to a select committee, pensions minister Ian Duncan Smith said government had consulted …

NetLib teams with CIS to fight cyber security
Mass High Tech

Neil Weicher wants to win the battle in cyber security. NetLib, a Stamford, Conn.-based provider of encryption software founded by Weicher, has partnered with the Center for Internet Security, a non-profit focused on cyber security readiness.

UK spy agency tests Britons’ cyber skills
Reuters

The Government Communications Headquarters (GCHQ) said those aged 16 or over and not already working in cyber security could apply to test their ability to guard a computer network but only 150 contestants at most would be eventually allowed.

Former FBI Cybersecurity Official Steven Chabinsky Thinks FBI is Doing Great …
ticklethewire.com

The FBI’s former top attorney for cybersecurity, Steven Chabinsky, who stepped down this month, thinks the FBI is doing a great job battling the problem, but told the Washington Post that the “federal government” has taken a “failed approach”.

FTC Publishes Guide to Help Mobile App Developers Observe Truth-in-Advertising, Privacy Principles

Sept. 5 2012:

From the FTc web site:

The Federal Trade Commission has published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC’s new publication, “Marketing Your Mobile App: Get It Right from the Start,” notes that there are general guidelines that all app developers should consider. They include:

Tell the Truth About What Your App Can Do. – “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises;

Disclose Key Information Clearly and Conspicuously. – “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”

Build Privacy Considerations in From the Start. – Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”

Offer Choices that are Easy to Find and Easy to Use. – “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”

Honor Your Privacy Promises. – “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers – like all other marketers – have to live up to those promises.”

Protect Kids’ Privacy. – “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”

Collect Sensitive Information Only with Consent. – Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.

Keep User Data Secure. – Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information.

The Impact of Social Media on Privacy is Unsettled

Illustration of Facebook mobile interface
Illustration of Facebook mobile interface (Photo credit: Wikipedia)

A recent New Jersey District Court case underscores the rise in tensions between employers and employees when it comes to Social Media Accounts. In Ehling v. Monmouth-Ocean Hospital Service Corp., the Court denied an employer’s motion to dismiss a former employee’s invasion of privacy claim that alleged a supervisor accessed the employee’s Facebook account. Ehling worked for Monmouth-Ocean Hospital Service Corporation (“MONOC”) and became Acting President of the local union for Professional Emergency Medical Services. Ehling alleged that MONOC began engaging in a pattern of retaliatory conduct against her eventually leading to termination of her employment.

Posting Limited to “Friends”

Ehling maintained an account on Facebook, but kept access to her wall post limited to Facebook “friends,” many of whom were coworkers, but none of whom were members of MONOC’s management. Ehling alleged that MONOC surreptitiously gained access to her Facebook account when a supervisor summoned a MONOC employee, who was a Facebook friend, and coerced, strong-armed, and/or threatened the employee to access his Facebook account in the supervisor’s presence for the purpose of viewing and copying Ehling’s posts.

Ehling alleged that MONOC then sent letters regarding a certain posting to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services as it was concerned that Plaintiff’s Facebook posting showed a disregard for patient safety. Ehling alleged the letters were malicious and meant to damage her professionally.

Accessing Wall Postings Alleged to be Common Law Invasion of Privacy

Ehling’s claim for common law invasion of privacy was premised on Defendants’ alleged unauthorized “access of her private Facebook postings” The Court denied MONOC’s motion to dismiss which argued that Ehliong did not have a reasonable expectation of privacy in her Facebook posting. The Court stated that Under New Jersey law, to state a claim for intrusion upon one’s seclusion or private affairs, a plaintiff must allege sufficient facts to demonstrate that (1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person. See Bisbee v. John C. Conover Agency Inc., 186 N.J. Super. 335, 339 (App. Div. 1982). “[E]xpectations of privacy are established by general social norms” and must be objectively reasonable – a plaintiff’s subjective belief that something is private is irrelevant. White, 344 N.J. Super. 211, 223 (Ch. Div. 2001).

The Impact of Social Media on Privacy is Unsettled

The Court went on to make further observations on the impact of Social Media on Privacy:

“Privacy in social networking is an emerging, but underdeveloped, area of case law. See Robert Sprague, Invasion of the Social Networks: Blurring the Line between Personal Life and the Employment Relationship, 50 U. Louisville L. Rev. 1, 13 (2011) (discussing the undefined legal boundary between public and private communications on social  networking websites).

No Reasonable Expectation of Privacy

There appears to be some consistency in the case law on the two ends of the privacy spectrum. On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view. See, e.g., United States v. Gines-Perez, 214 F.Supp.2d 205, 225 (D.P.R. 2002), rev’d on other grounds, 90 F. App’x 3 (1st Cir. 2004) (“[I]t it strikes the Court as obvious that a claim to privacy is unavailable to someone who places information on an indisputably, public medium, such as the Internet, without taking any measures to protect the information”); Yath v. Fairview Clinics, N.P., 767 N.W.2d 34, 44(Minn. Ct. App. 2009) (holding that privacy was lost when private information was posted on a publicly accessible Internet website and “[a]ccess to the publication was not restricted”).

Some Reasonable Expectation of Privacy

On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communications. See, e.g., Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (N.J. 2010) (employee could have reasonably expected that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private); Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F. Supp. 2d 548 (S.D.N.Y. 2008) (employee had a reasonable expectation of privacy in personal, password-protected e-mail messages stored on a third party’s server, although the employee had accessed that outside server while at work).

Legal Approaches Continue to Develop

The Court note that a consistent approach hasn’t yet developed. While most courts hold that a communication is not necessarily public just because it is accessible there is disagreement as to how far that theory extends. Some courts have adopted the rule that when one shares private information to one or more persons, there may still be a reasonable expectation that the recipients of the information will not disseminate it further. What is clear is that privacy determinations are made on a case-by-case basis, in light of all the facts presented.

Privacy Legal News Roundup

Trying to beat the heat? Peruse these top Privacy stories from around the web.

The Internet needs its own ‘declaration of independence’
Christian Science Monitor
A new ‘Declaration of Internet Freedom’ should spark a much-needed discussion about online rights and privacy.

Homeowners Bill of Rights passes in California
Examiner.com
According to Assembly Speaker John Perez (D-Los Angeles), the key provisions of the Homeowners Bill of Rights legislation include: “a requirement that a person or team of persons employed by a lender to be a single point of contact for the homeowner.

Facebook Joins California Mobile App Privacy Program
InformationWeek
California launched its mobile app privacy program in February 2012, just one day before the White House announced its proposed Consumer Privacy Bill of Rights. From the outset, the state announced that the six companies with the biggest mobile app …

How California’s New Homeowners’ Bill Of Rights Protects Against Wrongful Foreclosures.
ThinkProgress
The “Homeowners’ Bill of Rights,” pushed by state Attorney General Kamala Harris (D), aims to extend to the state level many of the protections ensured by the mortgage fraud settlement between six big banks and the federal government and states.

Descendants of the signers to read the Declaration of Independence on July 4
American Civil Liberties Union News and Information (blog)
“My professional career has been dedicated to advancing people’s rights and liberties as outlined in the Declaration and in the Constitution and its Bill of Rights,” said Murphy, the Director of the American Civil Liberties Union’s Washington …

Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
Network World
While the Constitution may not specifically state the right to privacy, the Bill of Rights most assuredly protects aspects of privacy. In 1965, the Supreme Court ruled 7-2 on the landmark case, Griswold v. Connecticut, and the Justices referenced the …

Cash-Strapped Consumer And Privacy Groups Petition Commerce Dept For Better Participation.
techPresident
That’s the department that’s organizing the workshops that are meant to convene all U.S. stakeholders to develop a code of conduct to implement the administration’s Privacy Bill of Rights. The first workshop is taking place inside the Beltway on July …

Why Kansas City is getting Internet 100 times faster than everyone else
Alaska Dispatch
Yesterday, an impressive coalition of companies and Internet and human rights activists endorsed a Declaration of Internet Freedom that aims to start a discussion about the basic principles that should underlie online access. Among the 20000 groups or …

Celebrate your independence: You have rights as a taxpayer
Savannah Morning News
Years after the War the Bill of Rights was drafted and 10 amendments were added to our Constitution. … Privacy and confidentiality: The IRS may not discuss any of the facts and information given to them with anyone except in accordance with the law.

Do you have information or data privacy and security concerns? Contact David Adler at Leavens, Strand, Glover & Adler for a free consultation.

Social Media & The Law: Recent Developments in Privacy, Security & Media

Statute Puts Online Libraries and Other Service Providers at Risk
Kansas City infoZine

A New Washington State Law Intends to Make Online Service Providers Criminally Liable For Online Postings. The Electronic Frontier Foundation (EFF) is representing the Internet Archive in order to block the enforcement of SB 6251, a law aimed at combating advertisements for underage sex workers but with vague and overbroad language that is squarely in conflict with federal law.

NLRB General Counsel Issues Further Guidance on Social Media
National Labor Relations Board (“NLRB”) is closely scrutinizing employer social media policies.

Legal issues in the media
Social Media Legal, Regulatory & Compliance: Risks & Issues Social Media Slideshare presentation.

Putting the Consumer Privacy Bill of Rights into Practice
Providing transparency in how consumer data is handled by mobile applications – this is the first topic for the National Telecommunications and Information…

US lawmakers propose digital bill of rights to safeguard privacy …
Two US lawmakers have proposed a digital bill of rights to safeguard consumer privacy rights and ensure internet freedom.

Stakeholders to Discuss Consumer Privacy Bill of Rights
The National Telecommunications and Information Administration (NTIA) will convene stakeholders July 12, 2012 in Washington, DC to develop a privacy code of conduct.

David M. Adler Speaking on Law & Social Data Panel at Chicago TechWeek 2012

Chicago is a new kind of technology hub, and the Techweek Conference is a new type of technology conference.

The Techweek 2012 Conference showcases the technology renaissance evolving in Chicago and the midwest. June 22-26, 2012

Law & Social Data
The past few years have witnessed an explosion of legal and regulatory activity involving social and other new media. This session will examine several key areas, including copyright, trademark and related intellectual property concerns; defamation, obscenity and related liability; false advertising and marketing restrictions; gaming; data privacy issues presented by social media; and impacts of social media on employees and the workplace. Attendees will learn how to identify legal risks and issues before they become full-scale emergencies and how to develop appropriate policies and guidelines covering social media activity.

Sunday June 24, 2012 3:00pm – 3:45pm @ 3 – 8 A/B (222 Merchandise Mart Plaza, Chicago, IL)

World Social Media Legal

Gartner Predicts Huge Rise in Monitoring of Employees’ Social Media Use
PCWorld

New technologies and services are enabling the growth in employee monitoring, but companies will need to closely manage their monitoring efforts for ethical and legal issues, Andrew Walls, research vice president at Gartner, wrote in the report.

The Legal Ambiguities of Social Media
Human Resource Executive Online

Employers continue to look for guidance on issues related to the evolving use of social media by employees. Creating an appropriate policy remains difficult, but the authors offer some expert advice that may help.

Social Media Changing the Face of Criminal Justice
HispanicBusiness.com

The Virginia State Bar tracks ethical issues concerning how attorneys communicate by and glean evidence from social media, said James McCauley, ethics counsel for the state bar.

DISH® Announces Topic for 2012 “Best in Class” eDiscovery Legal Research
Sacramento Bee

This year, law students will be challenged to address the question of “Under what standard should a court subject an employee’s non-business personal computing activities (eg, social media, documents stored on a personal computer, and/or personal email)?

The Case for Facebook
The Atlantic

Consider this a skeptic’s guide to the bull case for the social network. Facebook just had modern history’s worst IPO and it’s down again today by some percentage that will be quoted endlessly. Yet Facebook is still the world’s largest social media platform.
The Atlantic

Religious freedom issues at heart of HHS lawsuits, legal scholars say
Catholic News Service

(CNS) — The mass media have done the public a disservice by consistently referring to health reform law regulations so narrowly as the “contraceptive mandate,” because it leads people to think the regulations are a matter of interest only to Catholics.

Firms expected to cyberstalk for security
ZDNet Australia

The research and advisory organisation recently published a report into conducting digital surveillance ethically and legally, and found that 60 per cent of corporations will be monitoring social media channels for security breaches and incidents.

Most Corporations Will Spy On Employees By 2015: Research
TechWeekEurope UK

The majority of corporations are expected to monitor their employees’ social media interaction by 2015, suggests research by Gartner, published today. This practice could be increasingly adopted to prevent security breaches and incidents.

Russia’s VKontakte delays IPO after Facebook debacle
Reuters

By John Bowker | MOSCOW (Reuters) – Russian social network VKontakte says it won’t risk going ahead with its planned initial public offering fearing a repeat of the botched Facebook float which left US regulators red-faced.

Got a story? A Question? Please comment. Please follow me on Twitter here: @adlerlaw

Social Media World Legal News Roundup

The Government Would Like You to Write a ‘Social Media Will’
The Atlantic

This person will be responsible for closing your email addresses, social media profiles, and blogs after you are deceased. Sounds good, but legally it’s tricky territory.

Rights Groups: Asian Media Freedoms Under Fire
Voice of America

SEAPA says the key trend is that governments are shifting focus from traditional broadcast and print media to social media and online news. SEAPA Executive Director Gayathry Venkiteswaran said online news sites have become the most frequent target.

Liberia: Will Social Media Increase Civic Engagement?
Global Voices Online

CT: The growing usage of the internet and social media in Liberia is certainly a progressive trend. Having worked in Liberia, can you briefly tell us how the internet and social media are viewed by the cross sections of the Liberia population?

Global Voices Online MyCorporation Introduces New Social Media Product
Sacramento Bee

By MyCorporation CALABASAS, Calif., May 3, 2012 — /PRNewswire/ — Calabasas-based company MyCorporation is releasing a new social media product to benefit small businesses, MyCorpSocial.

Students’ racist tweets about Boston hockey game put schools in a bind
msnbc.com (blog)

Hordes of angry hockey fans – presumably Boston Bruins fans — unleashed a barrage of racist rants on Twitter and other social-networking sites after the Washington Capitals beat the defending champion Bruins a week ago Wednesday on an overtime goal.

Keep it private – your Facebook password should not be shared: Commissioner …
Canada NewsWire (press release)

Some of the issues covered in depth in the paper include: Build up a positive online social media profile. “It is absolutely crucial to remember that anything you post online may stay there forever, in one form or another, so think carefully.

Canadians encouraged to plan for online estates
CBC.ca
(CBC)

Canadian consumers are being encouraged to consider their online property, including social media accounts, when planning a will. A new report released earlier this week by the BMO Retirement Institute raises concerns.

SNOPA
Continued concern about employers asking applicants and employees for their passwords to social media sites has led to the introduction of a federal bill.

Your Money or Your Life: Mobile Marketing & Privacy (Part 1 of 3)

Free content is not without a cost.

As our lives have become more digitally enmeshed with content, immersive entertainment and devices, the economic bargain that makes it possible has gone largely unnoticed. Simply put, the collection, analysis and sharing of personal data is driving the digital economy. Mobile applications (Apps), digital content and entertainment – from TV shows to games – are available for “free” but subsidized by income from online ads that are customized using data about customers. Vendors, advertisers and platforms compete for “eyeballs” based, in part, on the quality of the information they possess about users to whom the ads are targeted.

Across this interconnected landscape of users, content providers and devices, the issue of online privacy has become a major talking point for app developers, marketers, consumers and legislators. Recently, a wide range of stakeholders, from large institutions to smaller developers, have been accused of mishandling personal data. As the volume of public debate has increased, legislators have introduced a raft privacy initiatives. The Obama administration has called for a Privacy Bill of Rights, an industry consortium of leading web sites and search engines has proposed its own privacy best practices and the Electronic Frontier Foundation has published a consumer-oriented Mobile User Privacy Bill of Rights.

Part 1 of this article looks at several recent and high-profile revelations about how personal information is collected and used, often without the user’s knowledge and consent. Part 2 discusses the legal risks faced by vendors that don’t take adequate precautions to protect consumer privacy and Part 3 concludes with strategies and tactics that help leverage the power of personalization while avoiding the pitfalls of privacy and data security.

1. The current state of information gathering

The scope of personal information gathered is unprecedented and largely unknown. For years, “free” web-based content has been available because of the implicit compromise between content providers and content consumers. Advances in technology have made it easier to track a user’s web browsing habits, mobile browsing habits, and even real-time geospatial location (check in apps and GPS). In the last few months, we have learned that some apps not only gather this mostly non-personally-identifiable data, but also upload a user’s address book contacts and even photos.

On Wednesday Feb. 2012, software Developer Arun Thampi “outed” Path, the purveyor of a self-titled journaling app, for sending users’ address book contents to the company. Path lets users share what they’re doing with a select group of friends and gives users the option to find friends on the app through contacts or other social networks. Thampi disclosed the clandestine data transfer in a blog post after discovering that his phone’s entire address book, including full names and e-mail addresses, was being sent to Path without his explicit consent. According to Path, this data was necessary to in order to quickly notify users when people they know join Path.

Not too long ago, Google earned itself a similar PR (and legal) black eye when it launched its social network, Google Buzz, in 2010 through its Gmail web-based email product. At launch, users were not informed that the identity of individuals they emailed most frequently would be made public by default. Google Buzz automatically disclosed the email addresses of a user’s contacts by default. Google settled with the FTC over allegations that Google used deceptive practices and violated its own privacy policies.

On Feb 17 2012, WSJ reported that Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked. The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.

A major topic for discussion just this week is the “Target Snafu.” As originally reported in the New York Times, Target used customer data and predictive analytics to determine that one of their customers was pregnant, and even her specific trimester. The girl’s father learned of the pregnancy when the retailer emailed her promotional material and coupons.

It used to take days or even weeks to gather, synthesize and extrapolate data about a customer’s buying habits and receptiveness to particular products or services. Now it takes milliseconds. A targeted ad can be sourced and served in the time it takes to hit “refresh” on a web browser. Companies are using massive amounts of data to predict what their customers are going to want next. More importantly, gathering that data is getting easier, cheaper and more ubiquitous as the source of that data moves from the desktop to mobile devices.

So where is the middle ground between privacy and targeted advertising? Is it spying simply because the user doesn’t know what data is being collected even though the user accepted a broad and ambiguous Terms of Use agreement? Is knowingly contributing data without boundaries sufficiently transparent?