If you become incapacitated and cannot make healthcare decisions, who makes those decisions? Such an event can be extremely stressful without the added stress of trying to determine “what mom or dad would want?” Who makes decisions when you are incapacitated? How do you express your wishes? How do…
Equifax Data Breach
On 7 September 2017, Equifax announced a data breach of 143 million Equifax customers involving the compromise of names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. A subset of victims, apparently, also had credit card numbers and “dispute documents” compromised.
Pennsylvania Court’s ‘Cest la Vie’ View of Data Breach Damages
The Pennsylvania Superior Court recently held in Dittman v. UPMC, that employees cannot sue employers after a data breach involving the employer’s computer systems even if the employee’s sensitive, personal information such as names, birth dates, social security numbers, tax information, addresses, salaries, and bank information…
FAA Finally Requires Drone UAS Registration
The FAA now requires registration and labeling of all outdoor drones (unmanned aircraft systems or UAS) by February 19, 2016. According to the FAA UAS Website, electronic registration is available for hobbyists, as defined by law, fro drones weighing less than 55 lbs. and paper registration must…
Pirker Decision Fails: Drones Subject to FAA Rules
As predicted, the NTSB reversed an earlier administrative law decision in Pirker and held that drones (UAS) are aircraft according to law and thus subject to FAA regulation. The FAA accused Pirker of “reckless operation of an aircraft” and imposed a civil fine of $10,000. The FAA alleged that…
Is PCI Compliance Enough?
CIO Magazine recently ran an insightful article about PCI compliance. The article emphasizes that PCI “compliance” is a credit card industry minimum set of standards to protect data and to minimize data breaches. However, as the numerous data breaches…
Texas Bar Opinion 642 and Today’s Legal Profession
In May 2014, the Texas Bar Association’s Professional Ethics Committee released Opinion 642 barring law firms from using the title “officer” or “principal” in non-lawyer job titles such as Chief Information Officer. Shockingly, the opinion unleashed a howl of protest from lawyers—even…
Cybersecurity Resolution Adopted
The American Bar Association (ABA) adopted a startling resolution on cybersecurity at its August 2014 meeting. The ABA resolution urges all businesses, law firms, government agencies, and organizations to take cybersecurity seriously and to conduct regular reviews of security posture. But, the most import aspect of the resolution is,…
Droning On: Drone Aircraft Activists’ Arguments Unravel
On June 23, 2014, the FAA issued a Federal Register Notice for the operation of model aircraft (drone) aircraft. The Notice repeats the long-standing rules regarding operating model aircraft and addresses the new rules mandated by Congress—ironically, Rules necessitated by…
The Next Battleground for Data Breaches…Shareholder Lawsuits?
Companies ill-prepared for data breaches and failing to take reasonable steps to secure data and computer systems face increasing and serious risks to the business. Specifically, companies, officers, and boards must start taking data and computer-systems security seriously or risk shareholder lawsuits. Shareholder Lawsuits for Data Breaches In two…
Commercial Drones Pose Confirmed Dangers?
Drone aircraft crashes and personal injury may no longer be speculation. In Australia, a triathlete was apparently struck by a drone aircraft after radio interference destabilized the drone. See, e.g., Australian triathlete injured after drone crash, BBCNews (Apr.7, 2014). Even military…
Not So Fast…Commercial Drone Legality Still Remains Unclear
On 6 March 2014, in FAA v. Pirker, a NTSB Administrative Law Judge dismissed the first complaint brought by the FAA against the operator of a commercial drone for reckless operation of an aircraft. While some claim that this opinion means that the commercial drones are absolutely legal, serious…
A Fair Approach to Drone Regulation
Drone manufacturers and would-be manufacturers paint a picture of skies filled with drones—unmanned aircraft (and other machines). Media and advocacy groups cite First Amendment rights to the use of drones. Police seek drones despite prohibitions by federal and state constitutions. But, serious issues related to safety (what happens when…
Federal Appellate Court Affirms Warrant Required for GPS Tracking
UPDATE: Government attorneys continue to press for warrantless searches in GPS cases and significant, and unconstitutional, expansion of the so-called Good Faith Doctrine. On December 12, 2013, a majority of the Third Circuit agreed to re-hear the matter en banc and vacated the earlier, October 22, 2013, opinion. The information below still deals with the vacated opinion.
Warrant Necessary to Obtain Cell Phone Tracking Data
The New Jersey Supreme Court held that government agents must obtain a warrant, supported by probable cause and issued by a neutral judicial authority, before obtaining cell phone tracking data (unless exceptional, exigent circumstances apply). State vs. Earls, A-53-11 (N.J. Sup. Ct., Jul. 18, 2013)(slip opinion).
Part 2: Could “Undeletable” Cookies Be a Felony in Pennsylvania?
Pennsylvania has a new (2010, P.L. 855, No. 86) Consumer Protection Against Computer Spyware Act (73 P.S. 2330.1–2330.9, and 2330.19). The apparent aim of the Act is to prevent software from being deceptively installed on a user’s computer and compromising personally identifiable information.
CAPTCHA Turing Test Defeated: Ramifications for Legal Community
While debates on the use of machine learning algorithms in e-discovery continue (for example, so called “predictive coding”), the recent defeat of CAPTCHA signals a growing maturity in machine learning capabilities with direct applicability to the legal community.
Pennsylvania Case Addresses Authenticating Text Messages
On 16 September 2011, the Pennsylvania Superior Court in Comm. v. Koch, 2011 PA Super 201 (Sept. 16, 2011) (slip-opinion) re-emphasized
“authentication of electronic communications, like documents, requires more than mere confirmation that the number or address belonged to a particular person. Circumstantial evidence, which tends to corroborate the identity of the sender, is required.”
Navigating the Fog of Cloud Computing: An Unofficial Supplement to The Pennsylvania Lawyer Article
Attorney Brown compiled some of his most recent articles and blog posts related to cloud computing. If you read the recent article, “Navigating the Fog of Cloud Computing” in The Pennsylvania Lawyer, these articles might also be of interest for lawyers.
Could “Undeletable” Cookies Be a Felony in Pennsylvania?
Could “Undeletable” Cookies, Zombie Cookies, Flash Cookies, “Super-cookies” or Malcookies Be a Felony in Pennsylvania?
Insidious web tracking. “Undeletable” cookies. Zombie cookies. Malcookies.[FN1] Flash cookies. Euphemistically termed “super-cookies.” Web cookie viruses. No matter what term is applied, the distribution of the code that delivers these technologies and the use of the technology by companies arguably might be felonies in Pennsylvania.
An Unofficial Quick Guide to Installing a VeriSign Digital ID (S/MIME Certificate) for Lawyers
Installing an email encryption S/MIME (SMIME) certificate on Mozilla Thunderbird and Mozilla Firefox is simple. However, the instructions provided by Verisign (as of August 2011) do not appear to address newer versions of Mozilla products (circa 5.0+) and can be frustrating for a novice user.
Cloud Nines: Understanding Accessibility Versus Availability in Cloud Computing for Lawyers
Cloud computing, by definition, relies on networks as well as servers, software, and related items. The lawyer, thus, should understand the important distinction between cloud provider promises of service availability (uptime) and network accessibility when considering the use of cloud computing.
Pennsylvania Court Opinion Implicates Authentication of Social Media Evidence
A recent Commonwealth Court decision, Chapman v. Unemployment Compensation Board of Review 20 A.3d 603 (Pa. Commw. Ct. 2011), illustrates 1) the growing presence of social media evidence and 2) the potential for social media authentication issues in legal matters —including in administrative law matters.[FN1] Authentication of social media evidence is an emerging issue.
New, Active-controller Hard Drive Technologies Pose Challenges and Benefits
Toshiba plans a new line of hard drives that self-encrypt data and automatically wipe the drive (delete data) if the drive is removed. [FN1] A smart controller embedded in the hard drive provides the self-encryption and wiping capabilities. These new technologies pose potential challenges to lawyers (e-Discovery and digital forensics) and may provide benefits such as additional data encryption options to protect client data.
Cloud Computing: Who Holds the Encryption Keys? [And Why It May Matter to Lawyers]
General cloud-provider statements simply indicating that the cloud-based data is encrypted might not be adequate protection for a lawyer’s data. The lawyer should also know 1) when the data is encrypted and 2) who holds the encryption key(s). (See my prior article entitled Storing Files in the Cloud: Storage-as-a-Service for Lawyers—Encryption.)