Identity Crisis: Supreme Court Rules on ‘Identity Theft’ Penalty Enhancement
The Supreme Court attempted to define what it means to “use” without lawful authority “a means of identification” of another person ... Read More
Netflix: Is Password-Sharing a Crime?
On May 25, 2023 streaming content provider Netflix began enforcing its policy prohibiting the sharing of Netflix accounts even among family members who are not members of the same “household”—meaning living together in the same house. It was always Netflix’s policy to prohibit such account and password sharing—it’s just that ... Read More
A New Ransomware Scam: Fraud by the Incident Responders
In February 2018, Oxford Biomedica, a large biological research company in Oxford, UK, was hit by a ransomware attack. The hackers were demanding more than £300,000 in ransom. Oxford invoked its incident response plan and called in its team. One member of Oxford’s internal incident response team, Ashley Liles, had ... Read More
Are Internet Providers ‘Aiding and Abetting’ Crimes?
The internet was on tenterhooks over the question of whether the U.S. Supreme Court would find that online providers like Google, Facebook and others could continue to enjoy protection under the Communications Decency Act Section 230 for the statements and actions of users of their site. In particular, the Supreme ... Read More
Failure to Pay Ransom: Negligence?
Lehigh Valley Health Network is a health care network based in Allentown, Pennsylvania that serves the eastern and northeastern part of the state. On February 6, 2023, LVHN was hit with a combination ransomware/extortionware attack. Attackers from the hacker group ALPHV (aka BlackCat) obtained sensitive medical photographs of LVHN patients ... Read More
Federal Appellate Court Approves ‘Pretext’ Border Search
For almost nine years, Chinese national and U.S. resident Haitao Xiang had been employed by the Monsanto company in St. Louis, Missouri, as a research application engineer specializing in hyperspectral imaging technology. As with most jobs of this type, Xiang had signed a non-disclosure and confidentiality agreement with his employer, ... Read More
Federal Court Dismisses FTC Location Privacy Lawsuit
Geolocation data is among the most sensitive personal data. Marketers can use this data to determine what you are likely to buy, how much you are likely to spend and where you are likely to shop. The Federal Trade Commission (FTC) sued an online geolocation data broker for unfairly selling ... Read More
War, Hunh. Yeah. What is it Good For? Reducing Insurer Liability for Cyberattacks
A New Jersey court recently ruled that an insurer was not relieved from its obligation to pay for Merck’s losses after a Russian NotPetya cyberattack. The insurer claimed its ‘Act of War’ exclusion applied to the company’s cyberinsurance policy; the court disagreed. The rise of cyberattacks has led to a ... Read More
A CISO Employment Contract May Mean the Difference Between Success and Jail
On May 4, 2023, U.S. District Judge William Orrick sentenced former Uber CISO and former DOJ cybercrime prosecutor Joe Sullivan to three years of probation and 200 hours of community service for his role in concealing a massive data breach at Uber from the public and from the FTC. While ... Read More
Prosecutors Argue for 15 Months in Jail for Uber CISO
In a sentencing memorandum filed with a San Francisco federal court on April 27, 2023, prosecutors argued that Joe Sullivan—the former CISO of Uber and a former federal computer crimes prosecutor himself (with the same office)—should serve 15 months in federal prison for his role in the ride-sharing company’s concealment ... Read More