Unsung Cyber Hero Adventures

On June 4, 2020, Steven Teppler and I (Joe Rosenbaum) were guests of Gary Berman, host of “Unsung Cyber Hero Adventures”.  You can watch the entire interview “The Judicial System & Cybersecurity” and many more on his “Unsung Cyber Hero Adventures” TV Network!

There is also a comic series and you can find out more by looking at  The CyberHero Adventures: Defenders of the Digital Universe.  The comic series, the streaming interview series and much more are all the brainchild of Gary L. Berman, a career marketing consultant and entrepreneur whose company – and the families it supported – fell victim to a prolonged series of insider cyber attacks.  Feeling powerless, Gary decided to educate himself about cybersecurity, attending conferences, listening to podcasts and learning from the real heroes, the cybersecurity experts in law enforcement, government, education, and business.

Crisis Management at the Intersection of Marketing, Privacy, Security and Reputation

For those of you interested and available, on Thursday, April 23rd at 1 PM ET, Joe Rosenbaum, NY Partner at Rimon Law and chair of Rimon’s Global Alliance will be conducting a one hour seminar entitled Crisis Management at the Intersection of Marketing, Privacy, Security and Reputation touching on some of the current issues in marketing, privacy, public relations, cybersecurity & reputation management arising from the COVID-19 pandemic.

While the issues raised may well apply in many crisis situations, now, more than ever, as increased numbers of people are working, schooling and playing at home or at other remote locations, the value of online and mobile advertising and promotions has increased substantially. At the same time, the amounts of information being made available by people scrambling for information, trying to keep up with breaking news, and signing up for online, digital services and information, present legal challenges for compliance with both old and newly enacted privacy and data protection regulation. Not coincidentally, online and mobile scammers are seeking to capitalize on the growing number of inexperienced web surfing consumers and cyber criminals are using the opportunity to capture valuable personally identifiable as a result of lax or relaxed security measures. The inaccurate perception that strong security may be an obstacle to utility or speed and simply the increased number of inexperienced users accessing the Internet, provide fertile ground for exploitation. What you should know? What you can do? What you should be telling your clients and employees? What can we all do to help?

To register simply go to REGISTER: Crisis Management at the Intersection of Marketing, Privacy, Security and Reputation

The course is open to lawyers and non-lawyers, is approved for New York bar members who are eligible for 1 CLE credit per course through NY’s Approved Jurisdiction Policy and approved by the California State Bar for 1 hour of CLE credit.  Most other states recognize CA accredited courses and if you would like credit in any other state, please check your local state bar’s regulations.

California Consumer Privacy Act (CCPA)

Although amended twice (September 13th and October 11th of 2018) after its initial passage by the California State Legislature and being signed into law by Governor Jerry Brown in June of 2018, the California Consumer Privacy Act (California Civil Code Section 1798.100) (“CCPA”) becomes effective with the new year (January 1, 2020).

Although it is intended to protect and afford California residents with certain rights (in some areas, greater or somewhat different than the European Union’s General Data Protection Directive 2016/679), it affects non-profit entities that do business in California, and that collect personal information of consumers and either has annual gross revenues over $25 million OR buys or sells personal data of 50,000 or more consumers/households OR earns over half its annual revenue from selling consumer personal information.

If your organization fits into any of those categories, you are required to establish, put into place and maintain reasonable security procedures and practices to protect consumer data and to afford California residents the right to know what personal data is being collected about them; to know whether and to whom the consumer’s personal data is sold or disclosed; to refuse to permit the sale of their personal data; to access their personal information; and to ask you to delete personal information collected from them.  The law also prohibits discrimination against any consumer for exercising any of their privacy rights under the CCPA.

While many business have been busily amending their agreements with suppliers, service providers and likely have been presented updated and revised contracts with “CCPA” amendments in order to ensure those in the chain of collection, storage, handling, distribution and use are in compliance, if you do any business in or with California residents, don’t forget to update your privacy policies and any terms of use that apply to your websites, e-commerce and online/mobile presence generally.  Those sites, even those that do not require any registration or input directly from consumers, almost certainly will be collecting information that is covered by the broad definition of “personal information” under the CCPA.

If you would like to know more about the CCPA or have any questions about this post, don’t hesitate to contact me Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work.

 

First Joint Consultations May Foreshadow Effectiveness of Privacy Shield

–  Stephen Díaz, Partner, Rimon, P.C. &  Claudio Palmieri, Of  Counsel Rimon, P.C. (Principal, Studio Legale Palmieri –Rimôn Italia)

On October 6, 2015, the Court of Justice of the European Union invalidated the so-called “Safe Harbor” that previously governed data transfers between the U.S. and the EU (Case C-362/14 – Maximillian Schrems v. Data Protection Commissioner, 6 October 2015).

As you already know if you read our Legal Bytes’ posting in May concerning the US-EU Data Transfer Privacy Shield, personal data cannot be transferred to from the EU to a non-European Union/European Economic Area country, unless that country can ensure “adequate levels of protection” for such personal data. While the European Commission had identified a number of countries that met the ‘adequate protection’ test, the United States was not one of them and without the Safe Harbor understandings, transatlantic exchanges of data – both for commercial and national security reasons – were at risk of being non-compliant with EU regulations!  In an attempt to temporarily address the data transfer issues, the EU and the U.S. proposed a new framework for exchanges of personal data for commercial purposes, known as the EU-U.S. Privacy Shield (“Privacy Shield”) which was formally launched on July 12, 2016.

Further complicating matters, a new EU General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.    In furtherance of a formal and more permanent agreement under the Privacy Shield and in contemplation of the new regulations, representatives of the U.S. and the EU have announced they will meet in Washington, DC during the week of September 18, 2017, for the first Annual Review of the Privacy Shield.  In advance of the meeting, the EU’s official Working Group (WP 29) sent the European Commission their recommendations and consistent with previous pronouncements, they believe the meeting should focus on enforcement of rights and obligations, as well as changes in U.S. law since the adoption of the Privacy Shield.  WP29 recommended discussions focus on these issue and that any formal agreement must deal with both commercial, as well as law enforcement and national security access.

These concerns and considerations are explored in more detail in our full Client Alert: No Certainty in Future of Privacy Shield as Transatlantic Consultations Set to Begin and it is clear that the September consultations may well be an indication of whether the Privacy Shield will prove an adequate regulatory regime for the transatlantic transfer of personal data and whether meaningful progress is likely in the current environment.

If you would like more information, a better understanding or need guidance regarding compliance with these regulations, contact Stephen Díaz Gavin, a Rimon Law Partner based in Washington, DC or Claudio Palmieri is of counsel to Rimon, P.C. and the principal of Studio Legale Palmieri –Rimôn Italia in Rome, Italy. Of course you can always contact me, Joe Rosenbaum, or any of the lawyers at Rimon with whom you regularly work.

 

The Paradox of Illumination

I first heard about the paradox of illumination from Lee Loevinger, an extraordinary gentleman I was privileged to know professionally.  Lee was a multi-faceted, multi-talented, thought-provoking lawyer whose sage advice and stimulating ideas continue to resonate with those honored to have known him, and everyone else wise enough to read his work and the words he left behind.

In a nutshell, the paradox of illumination is extraordinarily complex, but simple to describe.  Much like Albert Einstein who, when asked about his theory of relativity and the notion that time is not constant, described it in personal terms: if a man is at dinner for 10 minutes with a beautiful woman, it seems like a fleeting instant; but sit on a burning hot stove for 10 minutes and it seems like an eternity :).

The paradox of illumination can similarly be described on a personal level.  Sit in completely dark room.  Really.  Completely dark.  What can you see?  Nothing.  You know little about your surroundings and can only sense your own body – in fact, you don’t even know how far your surroundings extend beyond your immediate sensations.

Now light a match.  The circle of illumination allows you to see a little of what is around you – but the perimeter and beyond are still dark.  Now light a candle.  The circle of what you can see illuminated by the light is larger than before, but the size of the perimeter beyond which you cannot see is also a lot larger than before.  The larger the light, the larger the area of illumination, but larger by far is the perimeter beyond which we know nothing.

The more we can see and the more we know and understand about the world around us, the larger the amount becomes that we don’t know.  In other words, as the circle of our knowledge grows, so does the amount of knowledge we cannot see and don’t know.  The paradox of illumination is the paradox of knowledge.  Perhaps that is why Michelangelo, when he was more than 87 years old, still said, “Ancora Imparo” (I am still learning).

Dear WikiLeaks, Here We Come. Sincerely, The Wall Street Journal.

The Wall Street Journal just announced it has established a secure mechanism that allows “newsworthy” materials to be uploaded to its separate, but internal, secure servers. The new service, Safehouse, is a logical outgrowth of the age-old newsgathering function. That noted, one can only imagine everyone scratching their heads saying, “What took you so long?” considering the international notoriety garnered by the most visible recent leak-gathering organization, WikiLeaks.

Legal Bytes was certainly not alone in highlighting the WikiLeaks phenomenon (see IMHO – Wiki Wiki True to Its Meaning), so it’s a bit surprising that traditional news organizations had not previously moved aggressively into the digital technology age with their news-gathering activities. That said, kudos to the industry for opting to enter the digital age on the input side of the process and create competition in this arena, just as competition among journalists has existed for centuries.

The presumption is the WSJ upload process will be secure and apparently anonymous – the accumulation of anonymous and pseudonymous tips, leaks and leads has long been part of every investigative reporter’s and journalist’s job. Other news organizations are also rumored to be working on similar services, although not having done an investigation myself, others perhaps may have already launched. The WSJ service will reportedly provide encrypted digital file transmissions and, according to the Safehouse website, will seek to minimize the amount of technical information (read that to mean, traceable information) that the service receives on its servers.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

IMHO – Wiki Wiki True to Its Meaning

According to Tech Terms, “wiki” comes from the Hawaiian phrase “wiki wiki,” which means “super fast.” I guess if you have thousands of users launching denial of service attacks (see below) against targeted web sites – well “super fast” spells super trouble. Which has prompted me to write this article “IMHO” (in my humble opinion) – IMHO being a social media nod to the kewl gnu SMS lingo.

So, doesn’t it seem as if this WikiLeaks thing has gotten out of hand? Now in fairness, in my view there are intelligent points being made on both sides of the issues – national security is important; so is freedom of the press and speech. There are also rights and responsibilities on both sides of the issues – private censorship is not something that sits well with those of us who value the right to hear and voice differing opinions and thoughts; yet using a “free speech” argument to allow someone to scream fire in a crowded theatre – even when none exists – can cause harm to innocent people and is, again in my view, irresponsible, if not illegal.

So if you have been following this Wikileaks issue, you already know about the leak of U.S. diplomatic cables by or through WikiLeaks, and unless you have been living under a rock, you have also noticed the arrest of WikiLeaks founder, Julian Assange. All of this has resulted in a dramatic and well-publicized series of “cyber attacks” from “hacktivists” primarily using a disruptive technique known as “denial of service attacks.”

Curiously, the arrest of Mr. Assange in London has nothing to do with the current controversy over confidential and sensitive material that is giving rise to the tensions across the Internet. Mr. Assange’s legal problems stem from an international warrant issued by Sweden, where he is accused of rape, molestation and unlawful coercion by two women in connection with sexual encounters he reportedly had while he was in Sweden last summer. Mr. Assange apparently confirmed the encounters, he has denied the allegations of assault, and he has not yet been formally charged in either of the women’s cases.

The disruptions on the Internet and outcry against his treatment (or the treatment of his company) are not about his personal problems, but rather have taken on a life of their own as a poster child for the principle of “information needs to be free.” Somehow, WikiLeaks has become a symbol, a rallying cry, for the cause of free speech and information transparency, being championed by activists around the world, the activities of some of whom has allegedly already resulted in:

  • The Swedish government website http://regeringsen.se was offline for several hours, and arms of the Swedish postal service, the websites of Swedish prosecutors, and at least one lawyer, were the targets of attacks.
  • Both MasterCard and Visa, whose banking and financial institution members stopped accepting payment transactions in support of either WikiLeaks or Mr. Assange’s defense, were subject to attack (e.g., reportedly Visa’s website and MasterCard’s “secure code” system was affected – in the case of MasterCard, apparently preventing some online transactions from being processed for several hours.
  • Just today we read of allegations and reports that Sarah Palin’s credit card information and the website of her political action committee were hacked because she referred to Mr. Assange on ABC News yesterday as “an anti-American operative with blood on his hands,” and U.S. Senator Lieberman’s website was impaired and anonymous SPAM faxes sent to the Senator’s office after he called for an investigation of The New York Times, which had published articles with details of the diplomatic cables leaked by WikiLeaks.

As Mr. Spock, the iconic “Star Trek” character played by Leonard Nimoy, might have remarked well into the future: “Fascinating!” Well the future is now.

So what should you do? First you should read my partner, Douglas J. Wood’s recent opinion piece on Corporate Counsel, entitled “Say Hello to the World’s New Sovereign Nations: Facebook, Google and RIM.”  (subscription required) When you finish, head straight to YouTube and watch the clip (my title) “There’s a War Out There” from the incredibly prescient motion picture “Sneakers,” with Ben Kingsley and Robert Redford. You might also grab a copy of An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths, by Glenn Reynolds. Oh, and in case anyone is thinking about my Legal Bytes post more than a year ago, entitled FTC (Revised) Endorsement Guides Go Into Effect, rest assured I have no interest (other than intellectual) in either my partner’s publication, the motion picture production, or the book or publishing company noted.

It is likely, some of the “attacks” may lead to criminal prosecution or civil litigation, or both. It is also likely that companies and governments may rethink their security and dependence on digital technology, as well as their activities and responses to events such as these. Protests of this nature, irrespective of one’s view or one’s “side,” are now occurring on a scale, orchestrated by individuals dispersed throughout the globe, in a manner that might make taking to the streets or holding passive sit-ins or hunger strikes in the halls of legislative bodies passé. Further, the effects of such activities on innocent people should not be underestimated. While the United States holds dear the Constitutional rights of free speech and freedom of the press, that does not include the right to create panic or harm or injury to others. There is a line between voicing one’s support and opinion, freely heard in the blogosphere, and illegal conduct that damages persons and property.

So after reading this and the references cited, ask yourself the following question: Is this a technology problem? A political problem? A national security problem? A public relations problem? A legal problem? It is probably worth noting, since my partner Doug Wood mentioned it after reading a draft, that the freedoms of speech and the press (and assembly, etc.) that are embedded in the U.S. Constitution are not the norm around the world. We often lose sight of the fact that these rights (and the passion and zealousness with which we cherish them and defend them) are not the global norm – yet. But, technology has enabled activities and communication unimaginable in the past. It can be a force for good or bad – sometimes both. Now comes the revolution? Fascinating! But that’s just my opinion.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

When Pressing Suits, Judges Tell Jurors Neither Social Nor Media is OK

A few months ago, Legal Bytes reported some important developments and judicial rulings concerning social media and freedom of the press in the United States (see, Freedom of the Press = Freedom to Tweet). But lest you be lulled into a false sense of security, freedom of the press only applies to the ‘press’ and not to jurors.

You have all seen the motion picture and television courtroom scenes played out numerous times. Evidence is admitted or not admissible. The jury is admonished to disregard certain remarks or testimony as inadmissible or irrelevant. Jurors are told they must reach a verdict on only the evidence that is allowable during the trial – nothing else. Now decades ago, a jury was told not to watch accounts of a case on television, or to listen to such on the radio, or to read newspaper articles about the case. Juries could be sequestered – squirreled away out of sight and, theoretically, out of harmful evidence’s way – until the verdict was rendered and justice done.

But today, with a mobile phone, PDA or any one of literally hundreds of devices – some no larger than a credit card – one can ‘tweet’ (www.Twitter.com), one can post to your or someone else’s wall (www.Facebook.com), one can upload photos (www.flickr.com) or videos (www.YouTube.com) or post to one’s own blog (www.LegalBytes.com). All from the convenience of the palm of your hand, purse or jacket pocket. One can also surf, search, ask and obtain answers across the web, almost instantaneously, with the press of a few buttons or the wave of one’s fingers across a touch screen. The interactive two-way communication and searches for independent information is at odds with our jury system that limits the juror’s knowledge base for decision-making purposes to what’s in her or his head when they walk in along with the evidence that is presented and deemed admissible by the court. Everything else is off limits – at least for administering justice. Although not the subject of this two-part blog posting, Legal Bytes has also covered the growing issue of whether a mindless application of disqualification criteria makes sense simply because you have a ‘friend’ or someone is ‘following’ you among the other thousands or millions of individuals on some social media platform (See, Florida Judges Can’t Have Friends).

But now back to our story. Just this past December, the Judicial Conference Committee on Court Administration and Case Management issued its “Proposed Model Jury Instructions – The Use of Electronic Technology to Conduct Research on or Communicate about a Case”. I know this will surprise you, but the basic do’s and don’ts they proposed are:

  • Thou shalt not undertake any independent research, use any outside reference works, dictionaries, surf the web, or use any digital or other means to try and get information about the case or anything related to the case.
  • Thou shalt not communicate with anyone about the case – anyone – not even other jurors. No mobile phones, email, Blackberry, iPhone, SMS text messaging, tweets, blogging, chat rooms or social media platforms. None, nada, zilch, zero, null, never. Period.
  • Thou shalt decide the case solely on the admissible evidence presented in the courtroom.

Sound familiar? While many of us recognize there are sophisticated rules and regulations established to ensure evidence is presented in a fair manner, consistent with the system of justice – protecting the rights of the accused and the accuser, the plaintiff and the defendant – jurors often are curious – curious about questions that aren’t asked or answered during the course of a trial. In motion pictures or television, we get to go behind the scenes. We can often see what the jury cannot. But real juries may not appreciate, under the constraints of a particular case, why some information is simply not available to them, some questions not permissible, some witnesses never called and some answers never provided. It’s far too tempting to try and find out and with today’s digital technology – well, it’s not that hard to do so – sometimes even believing one can escape detection when doing so.

So stay tuned. In the next installment of this post, Legal Bytes will take you on a brief tour of some court decisions over the last few years, starting from simple emails and online surfing by jurors, to jurors who post blogs in the middle of jury deliberations, to tweets before, during and after multimillion dollar civil trials. Yes, we even have jurors communicating to each other on Facebook during a trial. You just can’t make this up.

While the next installment is pending, if you need to know more – how social media can help or hurt your company in litigation – remember that Rimon has teams of litigators who not only know digital (e-)discovery, forensic evidence, security and other technology applicable to legal proceedings, but also know social media – increasingly relevant, for good or bad, in dispute proceedings. Need us to press your suit and avoid being taken to the cleaners? Contact me, Joseph I. Rosenbaum or any Rimon attorney with whom you regularly work and stay tuned for Part II – Jurors Behave, or We’ll Throw the Facebook at You!

Freedom of the Press = Freedom to Tweet

Twitter keeps hitting the newswires—in this instance, in a matter involving freedom of the press. You might have heard from time to time, especially in high-profile or emotionally charged cases, about judges who have used their power to control proceedings by restricting the use of certain communications equipment and mechanisms from within their courtrooms (e.g., use of mobile phones, video recording equipment, etc.).

From Pennsylvania comes an order from a Dauphin County judge refusing to bar reporters from sending Tweets during the course of a public and high-profile trial. In response to a motion by the defendants counsel, Judge Lewis, in a brief order, noted that “. . . to impose the proposed restriction would be premature and that the restriction itself is overly broad.”

In this particular case, the defendants were concerned that reporters, using Twitter inside the courtroom, would broadcast witnesses testimony, which could then be read or seen by other witnesses who were yet to testify. While refusing to ban Twitter to reporters, the judge did order the witnesses to avoid reading or listening to reports concerning the trial.

As icing on the cake, our own Rimon lawyers, Tom McGough, Mark Tamburri and Tom Pohl, won the order on behalf of the Associated Press and Pittsburgh Post-Gazette. Yes, Virginia, there is a place for social media in jurisprudence.

If you remember, Twitter was also the subject of some controversy in Pittsburgh during the G20 Summit last year. In that case, involving freedom of speech, police in Pittsburgh arrested a man who was using Twitter to send messages about the movements of police officers as protests were unfolding. Although the police sought to charge the man with aiding an illegal protest, the man was broadcasting what was easily visible in plain sight.

While commercial cases often involve money or intellectual property rights, or rights of publicity or privacy, cases are emerging that involve fundamental Constitutional rights. The law will need to move quickly into the digital and social media age in order to keep up. Some courts and judges are doing just that!

Need to know more? Contact me, Joseph I. Rosenbaum, or any Rimon attorney with whom you regularly work.

Privacy: FTC Announces the First in a Series of Public Roundtables

Earlier today the Federal Trade Commission announced details of the first of a series of Public Roundtables being held to deal with continuing efforts to examine, evaluate and determine if, and to what extent, regulation may be needed in connection with consumer privacy. In its announcement, the FTC specifically cites its intention to review privacy practices related to social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers and third-party applications.

The FTC’s announcement acknowledges the beneficial uses of information and technological innovation, while seeking to balance those against the need to protect consumer privacy. The first full-day session will be held Monday, December 7, 2009, at the FTC Conference Center at 601 New Jersey Avenue, N.W., Washington, D.C., and no registration is required. Those who cannot attend in person are welcome to go to FTC.gov and will be able to view the proceedings as a webcast.

The FTC has invited individuals and organizations to participate and/or to suggest topics. To participate, your request can be submitted directly to the FTC by email sent to privacyroundtable@ftc.gov on or before October 30th, and comments surrounding the issues to be discussed can be submitted on or before November 6th. The FTC has prepared a list of specific questions it intends to use in opening the dialog at this first in its series of public roundtable discussions and has invited written comments, as well as research submissions. Details can be found at the Privacy Roundtable Workshop page of the FTC’s website. Comments can be mailed to the FTC, or you can check the FTC website for instructions as to submitting comments electronically. Of course, Rimon stands ready to assist clients in preparing comments or providing representation, and if we can be of assistance, don’t hesitate to contact us. If you need to know more, please feel free to call me or the Rimon attorney with whom you regularly work.