Internet Lawyer Blog

Computers and computing activities play an increasingly integral role in daily life in America, affecting our financial activity, social interactions, and more. With an increased level of dependence on networked devices comes the risk of theft, or even attacks, on and through our computer networks. While the business community has already recognized the importance of cybersecurity, the government and legal system are finally responding in five key areas.

National security. The federal government has made cybersecurity a central feature of its national security strategy. Recognizing the risk of an attack on the nation's computer networks by a foreign power or sub-national group, the Department of Defense created a comprehensive strategy for cybersecurity (PDF file) in 2011. The strategy treats "cyberspace" as its own "operational domain," requiring specialized training and organization. The government has also taken steps to combat online theft, which can include not only monetary theft but theft of intellectual property and identity theft. The latter has become more and more sophisticated as thieves find ways to exploit personally identifiable information (PII) stored online.

Federal legislation. The Obama administration proposed legislation outlining ten points for cybersecurity protection. These generally included protection of the American people, the nation's infrastructure, and the federal government's networks and computer systems. Several bills pending in Congress address aspects of cybersecurity. The controversial Cyber Intelligence Sharing and Protection Act (CISPA), for example, allows sharing of data between companies and the National Security Agency in order to investigate and combat cybersecurity threats.

State legislation. Protection of government data, PII, and personal privacy have informed numerous state statutes enacted in the past ten years. California passed a law requiring notification of cybersecurity breaches in 2003, and forty-six other states and the District of Columbia followed suit. Laws requiring "reasonable" levels of security for protected information exist in at least ten states, and numerous states are enacting statutes protecting people from wiretapping and other monitoring of electronic activity.

Regulatory initiatives. Multiple regulatory agencies have addressed cybersecurity concerns through additional regulations, guidelines, and enforcement actions. The U.S. Security and Exchange Commission (SEC), for example, recently issued a new set of guidelines for publicly-traded companies. The guidelines address disclosure of cybersecurity breaches as a means of making information available to investors. The FBI, meanwhile, established a joint task force to investigate cyber threats.

Continue reading "Legal Developments and Trends in Cybersecurity for 2012" »

President Barack Obama is summoning top congressional Republicans and Democrats to a rare Sunday meeting at the White House to begin "hard bargaining" on a broad debt-reduction deal.

At the July 10 session Obama will make his latest bid to break a partisan impasse over whether to include cuts in entitlement programs and tax increases in an agreement. Both sides in the debate are signaling openness to compromise on each front.

See more here.

The White House will host a Twitter town hall with President Barack Obama on July 6. The president will answer questions submitted via Twitter, which limits messages to 140 characters. The town hall will focus on jobs and the economy, and a video feed of Obama's answers will be streamed online.

See www.twitter.com/salaratrizadeh for more information.

Earlier, a post on this blog noted the jurors in the corruption trial of former Governor Rod Blagojevich had informed the judge they had only reached a decision on two of the 24 charges in the case. Now, the news comes that the jurors have reached a final verdict: on one count only. Jurors have found Rod Blagojevich guilty on one count of lying to federal agents. The judge has decided to declare a mistrial on the remaining 23 counts.

Prosecutors have wasted no time in announcing that they intend to retry Blagojevich and his brother Robert on the other charges. As the Associated Press reported, one of the main charges as yet undecided is whether or not Blagojevich attempted to sell the senate seat vacated by President Obama. The presiding judge in the trial, James Zagel, has set a hearing for Aug. 26 to decide issues regarding the retrial.

The AP reported that the jurors looked wearier than they had during the trial. The single count verdict came after 14 days of deliberations. At one point, the jurors had informed Judge Zagel that they were deadlocked on as many as 11 of the charges. They had also informed the judge that they had reached agreement on two charges, but seemed to have lost their consensus along the way to the jury verdict.

The lone count on which Blagojevich was found guilty was for lying to federal agents when he told them he did not track his campaign contributions and kept a "'firewall' between campaigns and government work." The conviction carries a maximum sentence of up to five years in prison and a fine of $250,000.

During the corruption trial, Robert Blagojevich testified that his brother was "trying to politically work something to his benefit" regarding the handling of the Senate seat, but was thinking in terms of political horse-trading, not corruption, according to a report by CNN.

Visa Inc., the world's biggest payments network, fell as much as 5 percent after saying the U.S. Department of Justice may sue the company over a policy that bars merchants from charging extra to customers who pay with credit cards.

"The department has indicated that it is considering filing a civil lawsuit," Chief Executive Officer Joseph W. Saunders said yesterday in a conference call with analysts after San Francisco-based Visa reported fiscal third-quarter results. "We are currently engaged in constructive negotiations with the department to resolve its concerns as it relates to Visa without litigation or payment of monetary damages."

Visa, American Express Co. and Purchase, New York-based MasterCard Inc. disclosed in 2008 that the Justice Department was investigating the companies over so-called anti-surcharging policies and rules prohibiting merchants from "steering" customers to other forms of payment.

The Justice Department's antitrust division is "investigating whether certain credit-card network rules regarding merchants' treatment of various payment forms, including credit cards, are anticompetitive," spokeswoman Gina Talamona said in an e-mail. She declined to discuss specific companies.

Visa dropped $3.40, or 4.5 percent, to $71.78 at 1:04 p.m. in New York Stock Exchange composite trading after touching $71.40. MasterCard declined 1.7 percent and AmEx fell less than 1 percent.

'Regulatory Uncertainty'

The Dodd-Frank Act includes provisions that address some of the complaints raised by the Justice Department and a pending federal antitrust lawsuit brought by merchants against Visa and MasterCard. One of the rules pushed by U.S. Senator Richard Durbin, the Illinois Democrat and majority whip, will allow merchants to offer discounts for various forms of payment.

FBR Capital Markets analyst Scott Valentin cited "regulatory uncertainty" in lowering his forecast for Visa, saying the shares may climb to $96 within 12 months, down from $115.

"Management commentary lacked specifics regarding the impact of the Durbin amendment," Valentin said today in a note to clients. He continues to rate the shares "outperform."

The legislation and Saunders's comments may indicate that Visa also is working to avoid a trial by settling the merchants' lawsuit, said Jason Kupferberg, an analyst with UBS Securities LLC.

'Differential Pricing'

"The Durbin amendment has effectively legalized differential pricing for all tender types, which may address the anti-surcharging and anti-steering practices that the DOJ was examining," Kupferberg said in an interview.

It's too early to tell whether the legislation and a Justice Department lawsuit would lead to a settlement in the merchants' case, said K. Craig Wildfang, lead attorney for the plaintiffs.

"Having another government agency conclude that these things are anticompetitive -- it's been true around the world -- and to have the DOJ weigh in on this, would be, in the grand scheme of things, helpful to the private plaintiffs," Wildfang said in a telephone interview.

MasterCard, which is scheduled to report second-quarter results on Aug. 3, didn't address Visa's comments.

"We've been cooperating fully with the DOJ since they issued their civil investigative demand in October 2008," MasterCard spokesman James Issokson said in a telephone interview

Source: http://www.bloomberg.com

On January 22, 2010, the Supreme Court of the United States granted unlimited corporate spending on elections. The justices overturn a century of U.S. electoral law by a 5-4 vote. Millions of extra dollars are expected to start flowing from big business to Republican candidates.

Overturning a century-old restriction, the Supreme Court ruled Thursday that corporations may spend as much as they want to sway voters in federal elections.

In a landmark 5-4 decision, the court's conservative bloc said that corporations have the same right to free speech as individuals and, for that reason, the government may not stop corporations from spending to help their favored candidates.

The ruling -- which will presumably apply as well to labor unions and other organizations -- is likely to have an impact on this year's congressional elections. Many political analysts and election-law experts predict that millions of extra dollars will flood into this fall's contests, much of it benefiting Republican candidates.

President Obama called the ruling "a major victory for Big Oil, Wall Street banks, health-insurance companies and other powerful interests that marshal their power every day in Washington to drown out the voices of everyday Americans." He promised to seek "a forceful response to this decision" from Congress. Some Democrats talked about seeking legislation that would require corporations to get approval from their shareholders before spending money on politics.

See http://articles.latimes.com for more information

Redmond's top legal mouthpiece Brad Smith is calling on US lawmakers to overhaul rules on cloud computing, just as the company ramps up its efforts to belatedly step on other vendors' toes in that marketplace.

He asked Congress yesterday to legislate cloud computing, in a move to protect business and consumer information.

Smith's comments came on the same day that Microsoft inked a deal with cloud rival Intuit, and spun out a survey about the relevance of small businesses climbing on board the hosted services wagon.

Microsoft's top lawyer proposed a Cloud Computing Advancement Act in a speech at the Brookings Institute in Washington DC on Wednesday. He also penned an op ed piece for the Huffington Post.

"While the benefits of these new [cloud computing] technologies are clear - accessing data at your fingertips whenever and wherever you want - these benefits also come with challenges. The recent security breaches reported by Google last week once again make this abundantly clear," he opined.

Smith then crossed his fingers and prayed for a sprinkling of fairy dust. We need a safe and open cloud - a cloud that is protected from the efforts of thieves and hackers while also serving as an open source of information to all people around the world," he said.

The MS legal beagle then took on the role of rights advocate, by asking anyone who cared to listen if they understood online privacy law and what that meant for an individual's cloud-based data.

"Are you confident that your privacy is being protected? If you live in one country but your data is stored in another, whose laws govern?" he demanded to know. "These questions about privacy, security, and international sovereignty require immediate attention."

Microsoft, of course, has data centres dotted across the globe - holding exactly the sort of information Smith appears to be having sleepless nights about.

At the same time, Smith was keen to point out the validity of cloud computing - quite right too, given that Microsoft is finally making a play for all things fluffy.

But for customers to take Microsoft's efforts seriously, Smith thinks that the interwebulator needs to be better policed to keep the yobs out.

Clutching at straws

"The internet should not be a 'town square,' where anyone wandering the street can get a peek at what you are doing. But current law is not clear about how to deal with privacy concerns as they relate to the cloud. Users' privacy is something that businesses, governments, consumers, and other key stakeholders must seriously address," he said.

In effect, Microsoft wants some degree of consistency about how such a lockdown can be achieved across countries that have different regulatory concerns about how data and apps are hosted in the cloud.

Under Smith's proposed Cloud Computing Advancement Act, he has called on Congress to improve privacy protection and data access rules by strengthening the Electronic Communications Privacy Act.

Microsoft also wants to see the legislature of the US federal government overhaul the Computer Fraud and Abuse Act to hand police the tools to go after hackers and cut down instances of online-based crimes.

Add to that some "truth-in-cloud-computing principles", and a "pursuit of a new multilateral framework to address data access issues globally" and Microsoft pretty much has its very own manifesto on hosting info and apps on the web.

But its call to arms comes nearly a year after an Open Cloud Manifesto landed, led by old guard tech titan IBM.

At the time Microsoft snubbed any involvement in that particular "call to action for the worldwide cloud community".

The reality is that different software vendors have very different ideas about how online data should be regulated. Microsoft can lobby Congress all it likes, and may have some powerful people making the right sort of noises in there to do it, but the company still has to get in line and form a queue with its rivals.

Until all the disparate parties shake hands (never gonna happen), it's hard to foresee a happy-ever-after up in the clouds.

After all, back down on earth, software makers large and small bump heads all the time over how the industry should be shaped and governed. Why should Microsoft, or anyone else for that matter, expect cloud computing to get an easy ride?

Article By: Kelly Fiveash

Posted in IT Director, 21st January 2010 16:02 GMT

FTC BEGINS COMPREHENSIVE PRIVACY REVIEW THROUGH PUBLIC ROUNDTABLES

On December 7, 2009, the Federal Trade Commission (FTC) began the first of three public "Exploring Privacy" roundtables. To an extent, the FTC is at a similar stage as it was in 1989 when it held its conference on online profiling (now referred to as "behavioral targeting") that led to a recommendation to Congress for "legislation that would set forth a basic level of privacy protection for all visitors to consumer-oriented commercial Web sites with respect to profiling."[i] The recommendation was withdrawn under the Bush Administration to determine whether the newly established Network Advertising Initiative's (NAI) self-regulatory standards would prove sufficient.

In 2007, the FTC revisited this issue with its "behavioral targeting" workshop that led to the FTC proposing self-regulatory principles on behavioral targeting for the online advertising industry to adopt.[ii] The FTC's "suggested" principles were not warmly received by the industry. By 2009, however, the NAI and a coalition of major trade groups including the Interactive Advertising Bureau (IAB) each released proposed principles addressing behavioral advertising.[iii]

Congress is also focusing on this issue, and has held several hearings over the past two years. House Internet Sub-committee Chairman Boucher (D-VA) is expected to introduce a comprehensive privacy bill in early 2010 that will address behavioral targeting. Most think it is unlikely that such a bill will pass this Congress, but it could set the framework for debate in the next Congress which begins in 2011.

The December 7 privacy roundtable launched with Commissioner Pamela Jones-Harbour dismissing as "insufficient" industry efforts to provide notice and choice to consumers and expressing her belief that the nation "needs comprehensive privacy legislation". Newly appointed FTC Chairman Jon Leibowitz opened the conference by stressing that he was approaching this issue with an open mind while restating his belief that an opt-in standard was appropriate for behavioral targeting (i.e., advertiser or marketer must obtain consumer consent prior to creating an online profile based on past activity).

While the issues may be similar to what was discussed in 1989, its complexity had changed dramatically.

Chris Olsen, the Assistant Director of the FTC's Division on Privacy and Identity Protection, explained that the FTC would be "taking a look at a number of technologies and business practices,—including social networks, cloud computing, mobile, data broker relationships, and behavioral advertising,—and will assess both the benefits and risks of those practices." Olsen articulated a shift in the FTC's emphasis from how data is collected to how it is ultimately used and by whom. The FTC released a chart of the ecosphere for consumer data which illustrated the number of actors involved which has been accelerated by the advent of social media.

The panels of industry and consumer and privacy advocates elicited similar comments as with prior conferences, although industry representatives now conceded that some improvements were required but expressed hope that newly issued self-regulatory principles would avoid the need for regulatory action.

The next round table will be on January 28th at the University of California, Berkeley School of Law.

For more information go to http://www.ftc.gov/bcp/workshops/privacyroundtables.

Author: Bennet Kelley