So, you think that a corporate cyberattack has nothing to do with you? If so, think again. Indeed, to the extent you own stock or securities, the value of your holdings could be at risk in the event of a cyberattack. I’ve said it before and I’ll say it again: Cybersecurity is an economic issue. See here.

Take, for example, Intel (INTC). In the “Risks” section of its 2009 10-K, the company disclosed in a tersely worded statement that its networks had been the victims of “sophisticated” attacks. Kudos to Intel for making this disclosure, which predated the October 2011 publication of the SEC Guidance addressing public companies’ cyber risks and exposures (discussed here and elsewhere, including in the March 2012 edition of the Advisen Cyber Journal. Please feel free to contact me for details on how to obtain this must-read issue and subscribe. Advisen has done a masterful job, as it does with all of its publications). As will be discussed in my next post, a significant number of public companies still have not complied with their cyber risk and cyber exposure reporting “obligations” under the SEC Guidance.

As to Intel, the subject 10-K listed several noteworthy risks. The most intriguing stated that “We may be subject to intellectual property theft or misuse, which could result in third-party claims and harm our business and results of operations.” Intel’s disclosure continued that “[w]e regularly face attempts by others to gain unauthorized access through the Internet to our information technology systems by, for example, masquerading as authorized users or surreptitious introduction of software….These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful.”

The adverse economic impact of a cyber-related disclosure is not theoretical, either. Indeed, in the immediate wake of the News Corp./News of the World cell phone hacking scandal in mid-2011, News Corp’s market cap reportedly fell by over 15%, valued at approximately $7 billion, in less than a week. Not surprisingly, News Corp was sued shortly thereafter in a series of securities fraud class actions, which remain pending.

While cyber risks and exposures may or may not have an impact on a stock’s trading price, their potential impact can not be ignored. Google (GOOG) is another example. As previously discussed here, Google has been the subject of cyberattacks which it claims were precipitated by the Chinese government. The import of this development can not be understated, as it created tensions between the U.S. and Chinese governments and even made it into Intel’s SEC filing. For private citizens, however, perhaps the greatest implication of the Google cyberintrusions is the arguable effect that they had on Google’s price per share. On January 12, 2010, when the intrusion was publicly disclosed, Google shares fell 1.7% to $590.48. By April 25, 2010 Google’s shares were trading at $544.99, another roughly 8% price drop. Can these losses be directly linked to the breach of Google’s security systems? Put differently, can a possible link be dismissed? That’s for shareholders and others to decide.

So, what does this all mean? At a minimum, it suggests that the economic implications of a cyber event can be wide ranging, from the simple cost of fixing a security gap to a major hit to a brands’ reputation (remember News of the World? After 168 years of tremendous success globally, it ceased publishing on July 10, 2011 as a direct result of the hacking scandal), all the way to claims arising from the theft of consumer’s personal and financial information. Such an intrusion into the systems of retailer T.J. Maxx (TJX) lead TJX to settle with regulators, states, consumers and others and set a settlement/remediation reserve of over $100 million.

In the end, it is clear that just as consumers need to be vigilant about monitoring their personal and financial information to protect themselves from identity theft and the like, investors too must regularly track their holdings to protect their portfolios and assets. As to the companies whose information and systems are at risk, the need for both D&O and cyber insurance is patently obvious, and is as important as the protection of their intellectual property, consumer information and other non-public data. Risk management, information protection and insurance go hand in hand. And we’re here to make sure everyone recognizes the correlation.

   Send article as PDF   

The following article, written by my colleague Nicole Moody, first appeared in the Chicago Daily Law Bulletin. Thanks to Nicole for allowing us to republish it here.

Rick Bortnick

Many of us have been there. Sipping our morning coffee, signing into our Facebook accounts, waiting to see what notifications will greet us. We are intrigued to see that we have a friend request.  Who could it be? An acquaintance from the past? A new colleague who we met at work? Whoever it is, we know that by accepting the request we will be granted access into this individual’s life and will know more about them in five minutes than we would know in a lifetime of small talk.

Due to the use of usernames and passwords, there is a belief that information shared on Facebook is confidential unless publicly shared. However, courts around the country are now addressing just how private this information really is.

In cases nationwide, litigants are asking courts to grant unfettered access to other parties’ Facebook or other social media accounts. Inevitably, in the age of status updates and hashtags, poking and friending, the lines between public and private information have become blurred. This trend has become increasingly prevalent in the insurance industry as insurance companies have realized the usefulness of social media in litigation. 

Read the rest of this entry »

The ABA has issued a formal ethics opinion that provides guidance to lawyers whose clients use an employer’s email account to send or receive email from counsel.  In Formal Opinion 11-459, the Standing Committee on Ethics and Professional Responsibility urges lawyers to warn their clients that the confidentiality of electronic communications may be jeopardized if the employer or other third party, such as a hotel or library, has the potential to access email or other correspondence hosted on the third party’s computer system.

When clients use an employer’s computer, smartphone or other telecommunications device, or an employer’s email account, the employer may be able to obtain access to the communications and take advantage of that opportunity in various contexts, such as when the client is engaged in an employment dispute or when the employer is responding to a subpoena or document discovery in litigation.

Read the rest of this entry »

A: They are some of the Google Search Terms that have brought readers to our site this week.  

A list of this week’s Top Google Search Terms leading to Cyberinquirer, and some other cute cyber-related gags that have qualified for our “Weekend Funnies” post, are set out below. I was flattered to see my name appear on the search list unaccompanied by terms like “lawyer” or “cyber geek” or “unhygenic”.  Here’s the list: Read the rest of this entry »

We wrote to Google and asked what information was required to subpoena Gmail in order to determine the identity of an email customer. Google’s response is below:

Dear Ms. Pengelley:

The information requested relates to services offered by Google Inc., a U.S. company organized and operating in the U.S., and governed by U.S. laws.  As such, we ask that your request be directed to Google Inc. – Attn: Legal Department, and communicated through the proper legal channel.  Please direct further communications to Google Inc. – Attn: Legal Department – at 1600 Amphitheatre Parkway, Mountain View, California, 94043, US, Fax: + 1 650.469.0622, or by email at lis-global@google.com.

Read the rest of this entry »

Google, Facebook, Twitter, Foursquare—millions of Americans, including myself, depend on these cyber sites as their gateway to information and communication in the outside world.  What we may not realize, or choose to ignore for convenience’s sake, is that this gateway lies on a two-way street. The information that we seek using websites such as Google and what we communicate on Facebook and Twitter provide companies with vital data to better market their products to us.  This use of information is referred to as “data mining. ”

An example of data mining can be seen in the advertisements that pop up on the side of your Facebook home page.  Such ads are often relevant to the information posted on your “Profile” page, such as advertisements promoting products from your college alma mater. 

At the outset, data mining seems like a win-win situation for both the consumer and the seller—the consumer is marketed with a product in which they are seemingly interested and the company has utilized its advertising budget in an informed, cost-effective manner.  At the same time, however, the threat of an invasion of privacy is real and has the attention of members of Congress and federal officials to create legislation regulating the way in which, and the extent to which, our personal information is shared with third parties. 

Read the rest of this entry »

Within the last week, two separate intellectual property search engines were launched, each of which has the potential to significantly palliate searches for patents, trademarks and other IP. http://www.wipo.int/wipogold/en/

Specifically, on June 1, 2010, the World Intellectual Property Organization (“WIPO”) introduced a free online public resource, “WIPO GOLD”  which aims to facilitate universal access to IP information. It promises “quick and easy access to a broad collection of searchable IP data and tools relating to, for example, technology, brands, domain names, designs, statistics, WIPO standards, IP classification systems and IP laws and treaties..” The site also includes a helpful translation option, should users wish to search results in a language other than the default, English. The news report can be viewed here: http://www.wipo.int/pressroom/en/articles/2010/article_0018.html

Meanwhile, the United States Patent and Trademark Office (USPTO) separately announced on June 2, 2010 that it has entered into a “no-cost, two-year agreement with Google to make bulk electronic patent and trademark public data available to the public in bulk form.” Under the agreement, USPTO will provide Google with “existing bulk, electronic files, which Google will host without modification for the public free of charge.” Examples of searchable items include: patent grants and applications; trademark applications and Trial and Appeal Board (TTAB) proceedings; and patent classification information. The USPTO and Google also will work together to make additional data available in the future, such as patent and trademark file histories and related data, the office said. The bulk data can be accessed at http://www.google.com/googlebooks/uspto.html.

In other words, as technology moves forward, so too does the ability to research and guard intellectual property ownership and interests… at least in the Western Hemisphere and other WIPO member countries. Now, if only the remainder of the world could come together to unify owners’ capabilities to globally protect their IP rights.

   Send article as PDF   

A man and a lion were arguing about who was best, each one seeking evidence in support of his claim. They came to a tombstone on which a man was shown in the act of strangling a lion, and the man offered this picture as evidence. The lion replied, “It was a man who painted this; if a lion had painted it, you would instead see a lion strangling a man. But let’s look at some real evidence instead.” The lion then brought the man to the amphitheater and showed him so he could see with his own eyes just how a lion strangles a man. The lion then concluded, “A pretty picture is not proof: Facts are the only real evidence!”

The moral of the story has indeed changed since the times of Aesop, at least in today’s courtroom. Social networking websites such as Facebook, MySpace, and Twitter invite attorneys and their clients into a lion’s den of pictures and postings, creating a haven for evidentiary consequences that can be unexpected obstacles if attorneys are unprepared to counter them.

INTRODUCTION

With claims such as “Facebook is a great place to keep in touch with friends,” “Using Twitter is going to change the way you [stay] in touch,” and “MySpace lets you meet your friends’ friends,” social networking websites are, admittedly, enticing. This article surveys recent evidentiary issues involving these sites across multiple practice areas and counsels how to avoid some of the adverse rulings discussed herein.

Read the rest of this entry »

Jurors are not supposed to look at media coverage of the case during a trial since their verdicts are supposed to based on the evidence presented in a trial, rather than media reports. But can they really resist taking a sneak peek on the Internet?

In February of 2010, the U.K.’s Ministry of Justice released a very interesting report, titled “Are Juries Fair?“, by Professor Cheryl Thomas.  Among other things, the study examined jurors’ use of the Internet to look up information about their cases in both long, high profile cases and standard cases lasting less than two weeks, with little media coverage. The report found:

• All jurors who looked for information about their case during the trial looked for it on the Internet, as opposed to television, newspapers or some other source. (Well, okay, so this one wasn’t exactly a big surprise…).

• More jurors said they “saw” information on the Internet than admitted to “looking for it” on the Internet. Since they were doing something that a  judge should have told them that they were not supposed to do, this may explain why jurors were more likely to say the saw reports on the Internet than said they looked for it. (See? Lawyers aren’t the only people in the courtroom who resort to semantics….). But just what are the figures?

Read the rest of this entry »

As recognized below in Pamela’s post discussing whether the loss of computer data is “property damage” in the eye of tort law, the issues surrounding cyber/tech/privacy liability and the attendant insurance coverages are not the exclusive province of the United States or U.S. courts.

To the contrary, virtually every country worldwide is increasingly faced with the problem of having to deal with the hard social and legal issues presented by a rapidly evolving cyber world.  So too, policyholders and the insurers who typically grant worldwide coverage under their policies must recognize that the risks faced are not exclusive to the U.S. or our Canadian cousins. The risks are global in nature and policyholders and insurers alike need to stay current with what’s happening outside our cocoon of the Western Hemisphere.

I am certain every reader is aware of the socio-political dispute whereby Google has threatened to withdraw from China amid claims that the Chinese government has hacked into Google’s and other third-parties’ databases, spied on Google email accounts, and tightened blocks on tens of thousands of internet sites, including Facebook, Twitter and YouTube. U.S. Secretary of State Hillary Clinton has spoken on the subject, advocating that companies such as Google refuse to support “politically motivated censorship.” Secretary Clinton also accused China, Tunisia and Uzbekistan of boosting censorship and called on Beijing to investigate the recent cyber attacks on Google and others. (On a side note, just last week, Europe’s principal security and human rights watchdog accused Turkey of blocking 3700 internet sites for “arbitrary and political reasons.”).

Read the rest of this entry »

Remember the good ol’ days of the Commodore 64, back when fluorescent colors were fashionable and “Computer, earl grey…hot” was to boldly go where no one has gone before?

Well, those days are now behind us, and unless you’re one of the stubborn few who still use a phone line to dial into “those newfangled internets”, you have probably heard of Google’s new search by site application, “Google Goggles”.

On Monday, Google announced the launch of a new search engine that allows users to perform an internet search simply by submitting a photograph. Instead of using words, you can take a picture of an object with your camera phone: Google will attempt to recognize the object, and return relevant search results to you. The experimental search-by-sight feature, called Google Goggles, has a database of billions of images that informs its analysis of what’s been uploaded. Vic Gondotra, Google’s vice president of engineering, has said: “It is our goal to be able to identify any image. It represents our earliest efforts in the field of computer vision. You can take a picture of an item, use that picture of whatever you take as the query.” The application is still in a very early stage of development, however, and works best with objects, books, album covers, artwork, landmarks, places, and logos. You can view Google’s video of the application below:

Read the rest of this entry »

Personal information and data can be captured and aggregated in the most unlikely of ways. Take, for example, television viewing habits.

In the past, data aggregators such as A.C. Neilson have used a variety of techniques to measure television audiences’ viewing habits in order to assemble ratings and assist networks and advertisers in identifying viewership and demographic rankings. It began with people compiling viewing information in journals. As technology progressed, Neilson and other data aggregators used “black boxes” attached to televisions to compile the all-important viewership and demographic information. Some people equated these activities to a form of “Big Brother” watching over us, but in virtually all cases, the “Neilson families” did so willingly and were compensated for their voluntary participation.

Just as everything else, we have now progressed well beyond the activities of yesteryear.  The latest news on the viewership and demographic aggregation front comes from Google, which has announced that it is teaming up with TiVo, the digital video recording company, to assist advertisers in measuring how and when their ads are viewed by consumers.  As most people know, TiVo and its progeny allow viewers to “fast forward” through commercials so that they can view only the content they elect to watch. While a boon to viewers who hate commercials, this capability frustrates advertisers who pay tens of thousands if not tens of millions of dollars to television and cable networks to promote their services and products.  According to Google, this new service is an attempt to re-create its AdWords and AdSense models on the small screen.

The hitch is that most TiVo users typically catch the beginning or end of a commercial or other unwanted programming as they attempt to watch their selected shows.  Only the most prolific of remote controllers can precisely fast forward their recorded programming to view only what they want and not what they don’t want. Having now had TiVo for 7-1/2 years, I still suffer the fate of imperfect fast forwarding and consequent rewinding.  I just can’t totally avoid those pesky commercials, no matter how hard I try.  And believe me, I try.

Google is of the view that even that momentary viewership of the undesirable commercials, while not a full ad impression, is meaningful to advertisers.  Thus, it plans to use “anonymous second-by-second DVR viewing data” to track how viewers see ads placed through Google TV Ads and to assemble data on viewers’ television habits.

So, what can we as TiVo users do about it?  Google has not yet announced if viewers can “opt-out” of this service.  If that option is not available, then the only options seem to be that we participate as willing or unwilling (and uncompensated) participants, or give up our TiVo.  Needless to say, that latter option is not realistic.  I love my TiVo.  I won’t give it up.  But at what cost?  The price of my privacy, it seems.

   Send article as PDF   

A building materials company and its owner have appealed a $12.6 million verdict against them, alleging that a juror posted messages on Twitter.com during the trial that show he’s biased against them.

The motion seeking a new trial was filed Thursday on behalf of Russell Wright and his company, Stoam Holdings. It claims juror Johnathan Powell sent eight messages — or “tweets” — to the micro-blogging Web site via his cellular phone. According to the motion, one posting listed the company’s Web address and read in part: “oh and nobody buy Stoam. Its bad mojo and they’ll probably cease to Exist, now that their wallet is 12m lighter.” Another described what “Juror Jonathan” did today: “I just gave away TWELVE MILLION DOLLARS of somebody else’s money.” You can view Johnathan’s twiittering at this LINK.

In his motion, filed in Washington County Circuit Court in Fayetteville, lawyer Drew Ledbetter wrote that the messages show Powell “was predisposed toward giving a verdict that would impress his audience.” Powell, of Fayetteville, told The Associated Press on Friday that Wright and his lawyers are “just grasping at straws at this point.”

“I didn’t really do anything wrong, so it’s kind of crazy that they’re trying to use this to get the case thrown out,” Powell said. “I understand where they’re coming from, they lost over $12 million.”

The jury awarded the money Feb. 26 to Mark Deihl and William Nystrom, two northwest Arkansas men who invested in Wright’s company. The company sold a building material called Stoam that it claims combines the insulation qualities of foam with the strength of steel. Deihl’s attorney, Greg Brown, called the venture “nothing more than a Ponzi scheme.”

Brown said he doubts a new trial will be granted. He said Arkansas law requires defendants to prove that outside information entered the jury room and corrupted a verdict — not that information from the jury room made its way out.

Powell, a 29-year-old manager at a Wal-Mart photo lab, said he tried to talk to the judge Friday about what happened, but was turned away. He seemed a little shocked at what kind of power the 140-character messages on Twitter can carry. “I’m kind of surprised so many people have contacted me,” he said.

SOURCE: http://www.cellular-news.com/story/36506.php?source=rss

   Send article as PDF