Alarms are going off around the Internet with an apparent increase of ransomware which “immediately makes its presence known by encrypting files and demanding payment for the keys to unlock them.”
One of our key law firm clients has referred us to one of their important clients in the US, Europe and China – a leading global technology supplier for the auto industry – in order to handle their search for a new Asia General Counsel and Asia Chief Compliance Officer. Kinney is exclusively handling this in-house search.
Captainamerica1* Finally something with bipartisan support. Nazis are bad. [Lowering the Bar]
* 80 year old law student graduates. We would say he’ll literally being paying this off for the rest of his life, but… England. [Legal Cheek]
* Elie was in the paper today! [New York Daily News]
* Yesterday we had a partner admitting law firms are targets for hackers. Maybe those hackers should take on the geniuses at Sony. [Gawker]
My Journey From Biglaw to SmallLaw
More Bad Cybersecurity News – Top-Tier Malware Regin Used for Spying Since 2008
Morning Docket: 12.04.14
* Looking for a cool job? Here’s one. Seriously, this looks like a great gig for someone looking to get into altLaw. [Diligence Engine]
* Biglaw runs up big bills. Really big bills. [Last Honest Lawyer]
* Blast from the past: patent pendency in 1993. [Patently O]
Symantec reported the discovery of new malware named Regin whose main purpose “is intelligence gathering and it has been implicated in data collection operations against government organizations, infrastructure operators, businesses, academics, and private individuals.” On November 24, 2014 Symantec issued a report entitled “Regin: Top-tier espionage tool enables stealthy surveillance” which is a “back door-type Trojan, …a complex piece of malware whose structure displays a degree of technical competence rarely seen” which has “been used in systematic spying campaigns against a range of international targets since at least 2008.”
* As we’ve addressed, the grand jury declined to indict the officer in the police-cause homicide — per the medical examiner — of Eric Garner. [New York Times]
* This is a good time to remember Eric Garner was killed for the horrible crime of selling loosies, a product that developed a black market in NYC in response to rising cigarette taxes. Evading cigarette taxes should be a crime. But, like, a “here’s your $50 ticket” crime, not the death penalty. [Huffington Post]
* An anonymous Georgetown law student has filed suit against the school and one of its instructors, Rabbi Barry Freundel, for “luring her to the bath as part of her studies at the school.” And who didn’t have that lesson in Civ Pro? [Washington Post]
* Another in the continuing series looking back on a decade of Chief Justice Roberts. This time looking back at the slow and steady drive to curtail women’s rights. [Constitutional Accountability Center]
* The Bar Association of San Francisco is hosting an event next Tuesday featuring Chief Judge Alex Kozinski entitled: The Wizard of Koz. Um, may not be the best time to use to “Cos” sound in a title. But that aside, it promises to be an interesting event if you’re in the area. [San Francisco Bar]
* Brian Finch of Pillsbury Winthrop talks cyberattacks and admits what everyone else wants to deny: law firms are a weak link in cybersecurity. [Bloomberg TV]
From reliable surveys and less dependable anecdotes in most major markets, including the UK and the US, opinions point to the almost inevitable expansion of BYOD – Bring Your Own Device – as a cost-saving model for employers. Mobile device providers assure company decision-makers that direct savings will flow by avoiding the cost of purchasing handsets and absorbing service plan fees.
Kaspersky identifies that Darkhotel is a group of attackers that “seems to know in advance when these individuals will arrive and depart from their high-end hotels. So, the attackers lay in wait until these travelers arrive and connect to the Internet.”
The Obama Administration’s handling of cyber and data security was recently brought into question due to two distinct security incidents. On the same day that a former Administration official received a subpoena related to the security of a government-run website, it was confirmed that hackers had targeted an unclassified computer network used by senior White House staff.
On Tuesday, October 28, House Science, Space and Technology Committee Chairman Lamar Smith (R-TX) and Oversight Subcommittee Chairman Paul Broun (R-GA) issued a subpoena to former U.S. Chief Technology Officer Todd Park. The subpoena compels Mr. Park to appear before the Subcommittee on Oversight to answer questions regarding his role in developing and evaluating the operations and security of HealthCare.gov, the website set up for the federal health insurance exchange created by the Affordable Care Act. Recently, it was reported that HealthCare.gov had been hacked back in July 2014. Federal officials confirmed that hackers broke into part of the website and were able to upload malicious software. However, no evidence was found that consumers’ personal data were taken.
* Morgan Lewis approves the Bingham deal, with 227 of the roughly 300 Bingham partners moving over as full partners. Morgan Lewis is calling it a “mass lateral move,” which is the nice way of telling the remaining 70+ partners (and whatever associates and staffers they don’t care to include) to enjoy early retirement. [American Lawyer; WSJ Law Blog]
* A follow up report on the horrific story of the lawyers accused of stabbing a managing partner and his wife. [Washington Post]
* Justice Scalia realizes that strict constructionists are just jerks. [The Onion]
* When the title of the story uses the phrase “super-drunk judge”… [Seattle Post-Intelligencer]
* Judge Posner took a detour into Jewish theology, apparently based on scholarly research from “Google” and “Wikipedia.” In his defense though, he thought he was citing the well-known Hebrew texts of “Elgoog” and “Aidepikiw.” [The Jewish Daily Forward]
* It may sound like a terrible horror movie, but “Darkhotel” is actually a campaign of cyberattacks against business executives logging in from their high-end hotels. [Internet, Information Technology & e-Discovery Blog]
* Um, Florida State may care so much about their (number 3) football team they gloss over criminal activity. And this article is NOT about Jameis Winston. [New York Times]
* Linda Greenhouse. Damn. “In decades of court-watching, I have struggled — sometimes it has seemed against all odds — to maintain the belief that the Supreme Court really is a court and not just a collection of politicians in robes. This past week, I’ve found myself struggling against the impulse to say two words: I surrender.” [New York Times]
* If you’re in L.A. tonight, check out the 6th Annual Justice Jam, celebrating “A Tradition of Advocacy” at 5:30 p.m. at La Plaza De Cultura y Artes. The event benefits Community Lawyers, Inc., an organization working to promote access to affordable legal services for low- and moderate-income individuals. [Community Lawyers, Inc.]
What’s next in eDiscovery? In this On Demand webinar, Recommind explores how predictive coding has evolved, and how prioritized review helps with fact-finding and legal problem solving. Watch this in-depth webinar to learn how advanced analytics and machine learning are powering litigation strategy as well as efficiency.
There can be little debate that electronically stored information (“ESI”) has altered the landscape of discovery in civil litigation. The number of devices that transmit or store electronic data as well as the volume of data in existence have increased exponentially in recent years. The rules and underlying principles governing discovery in civil litigation, however, remain largely unchanged. In light of the voluminous available data and the myriad of methods for storing and accessing such data, attorneys should examine their normal practice of gathering information responsive to discovery requests and subject to disclosure, especially when ESI is involved, so they do not fun afoul of their obligations under Rule 26(g).
Significant Case Developments
P.F. Chang’s Seeks Dismissal of Data Breach Class Actions, Arguing the Existence of an Express Contract and Lack of Damages Preclude Claims
Lewert v. P.F. Chang’s China Bistro, Inc., No. 1:14-cv-04787 (N.D. Ill.).
As we described in July and September, P.F. Chang’s was hit with three putative class actions following its announcement of a point-of-sale data breach. On August 29, P.F. Chang’s moved for dismissal of the first two cases, now consolidated in the Northern District of Illinois. In their complaints, plaintiffs John Lewert and Lucas Kosner alleged that by failing to safeguard customer information, P.F. Chang’s breached an implied contract and violated consumer protection laws. The plaintiffs did not bring a breach of express contract claim. P.F. Chang’s argues that the plaintiffs acknowledge the existence of an express contract by alleging that “a portion of the services [they] purchased” at P.F. Chang’s was “compliance with industry-standard measures” for data security and that they were “deprived of the full monetary value of [their] transaction.”
“Cyber liability insurance” is often used to describe a range of insurance policies, in the same way that the word cyber is used to describe a broad range of information security related tools, processes and services. Everyone is talking about the need for “stand alone” cyber liability insurance policies. These stand-alone cyber liability insurance policies basically cover expenses related to the management of a breach, e.g, the investigation, remediation, notification and credit checking. However, cyber liability coverage is also found in some existing insurance policies, including kidnap and ransom and professional liability coverage. There may also be some limited coverage through a crime policy if electronic theft is added to that policy.
You are general counsel to a company, and your CEO steps into your office, clutching his iPhone in one hand and wiping sweat from his brow with the other, and tells you that a compromising photograph of him was stolen from his phone and posted online. You start thinking not if, but when, shareholders will discover this embarrassment, how much it will cost the company and what legal action to take.
Since the plaintiff did not a file a lawsuit against John Doe, the Texas trial court had no jurisdiction to allow the plaintiff to take the deposition of “Trooper,” an anonymous blogger who launched on on-line attack on the CEO of a company who lives in Houston.
What lessons can lawyers learn from this unfortunate episode?