Cybersecurity

Ed. note: This is the latest installment of the ATL Tech Interrogatories. This recurring feature will give notable tech leaders an opportunity to share insights and experiences about the legal technology industry.

Ajay Patel co-founded HighQ in 2001 and is CEO. He oversees HighQ’s global operations, strategy and client delivery. Ajay brings a solid experience in corporate strategy and business management, having previously held senior positions at Merrill Lynch and Morgan Stanley. Ajay is also a qualified Chartered Accountant, having gained his professional qualification in the London office of PricewaterhouseCoopers. Ajay holds a first class honours in Mathematics and Computer Science from the University of Manchester and a Masters degree in Management Information Systems from the London School of Economics.

1. What is the greatest technological challenge to the legal industry over the next 5 years?

double red triangle arrows Continue reading “The ATL Tech Interrogatories: 7 Questions With Ajay Patel From HighQ”

Ed. note: This is the latest installment of the ATL Tech Interrogatories. This recurring feature will give notable tech leaders an opportunity to share insights and experiences about the legal technology industry.

Drew Lewis serves as eDiscovery Counsel at Recommind. His unique experiences at Recommind coupled with prior experience as a commercial litigator handling all aspects of pretrial and trial practice allows Drew to bring practical solutions to lawyers who are struggling to understand the current and future role of technology in the practice and business of law. Drew continuously fights against inefficiencies in the law and encourages lawyers to shape their own future. Drew believes that the future of the law belongs to lawyers who broaden their world view and see there is much to learn from other disciplines. His goal is to help them not just survive, but thrive as the practice continues to evolve.

1. What is the greatest technological challenge to the legal industry over the next 5 years?

double red triangle arrows Continue reading “The ATL Tech Interrogatories: 7 Questions With Drew Lewis From Recommind”

Ed note: The Telecom Law Monitor is part of the LexBlog Network (LXBN). LXBN is the world’s largest network of professional blogs. With more than 8,000 authors, LXBN is the only media source featuring the latest lawyer-generated commentary on news and issues from around the globe.

The Senate is one step closer to a floor vote on cybersecurity legislation that would address information sharing between the private sector and the government. On July 8, the Senate Select Committee on Intelligence approved a contentious cybersecurity bill known as the Cyber Information Sharing Act (CISA).

The proposed legislation would remove legal barriers to allow private companies to share information regarding cyber-attacks “in real time” with other private companies and the government. Companies sharing information for cybersecurity purposes would be shielded from lawsuits by individuals against the company for sharing that data, regardless of terms of service contracts that may prevent such actions without a customer’s consent. In order to receive the liability protection, private entities would be required to submit information directly to the Department of Homeland Security, which could then share the information with other federal agencies as necessary to address the threat. Additionally, CISA would direct the federal government to share classified and unclassified information with the private sector.

CISA also includes several provisions to protect privacy, such as requiring that companies sharing information remove all personally identifiable data (e.g. names, addresses, and Social Security numbers). The Attorney General would be directed to write procedures to limit government use of cyber information received to “appropriate cyber purposes” and ensure that privacy protections are in place. A full synopsis from the Senate Committee Chair and co-sponsor of CISA, Dianne Feinstein (D-CA), is available here.

Adequate privacy protections have been a continuing sticking point for successful cybersecurity information sharing legislation. The Cyber Intelligence Sharing and Protection Act (CISPA) – the information sharing bill counterpart in the House of Representatives – faced strong privacy objections from civil liberties and public interest groups. When CISPA passed the House in 2013, the White House threated to veto the bill unless it included additional privacy protections.

Even with CISA’s added protections, many privacy groups oppose the bill. Similar to CISPA, these groups remain anxious that the legislation could encourage a company, such as Google, to turn over huge amounts of emails or other private data to the government in the name of cybersecurity. The groups fear that the National Security Agency and other government agencies could gain access to even more personal information through this legislation. Moreover, because CISA provides liability protections to companies sharing information, individuals would have little recourse in the event of abuse.

Whether CISA becomes law in 2014 will depend not only on how quickly it can pass a floor vote but also how easily the Senate bill can be reconciled with CISPA, the House counterpart passed last year. Though CISA passed the Senate committee with bi-partisan support, Senate Democrats are already wavering on support due to concerns of insufficient privacy protections. If CISA manages to pass the Senate, there is a chance the House and Senate can agree to a reconciled bill. Representative Mike Rogers (R., Mich.), chairman of the House Intelligence Committee and co-sponsor of CISPA, stated publicly that the committees were close to agreement on harmonizing their respective cyber threat information-sharing bills, and had narrowed down their difference to a few, discrete issues. However, with less than 15 legislative days before the August recess and all eyes focused on the upcoming mid-term elections in November, if this cybersecurity legislation has any hope of moving forward Congress will need to do something it rarely does: act quickly.

Ed note: This piece is from the official blog for the telecom practice of Kelley Drye & Warren LLP.

In the wake of a number of high-profile cybersecurity events — from the Heartbleed bug to the Target breach — cybersecurity has become a red-hot issue in Washington, D.C. Earlier this month, in a major address delivered at the American Enterprise Institute, Federal Communications Commission Chairman Tom Wheeler announced a new cybersecurity initiative to create a “new paradigm for cyber readiness” in the communications sector.

As described by Wheeler, the FCC’s cybersecurity initiative will be led by the private sector, with the Commission serving as a monitor and backstop in the event that the market-led approach fails. In particular, the FCC will “identify public goals, work with the affected stakeholders in the communications industry to achieve those goals, and let that experience inform whether there is any need for next steps.” Chairman Wheeler stressed that the new paradigm must be dynamic, more than simply new rules, and the Commission will rely on innovation by the private sector.

The Commission’s efforts will be guided by four principles, including commitments to:

1. preserving the qualities that have made the Internet an unprecedented platform for innovation and free expression, so that Internet freedom and openness is not sacrificed in the name of enhanced security;
2. privacy, i.e., enabling personal control of one’s own data and networks;
3. cross-sector coordination, e.g., among regulatory agencies; and
4. the multi-stakeholder approach to global Internet governance and an opposition to any efforts by international groups to impose Internet regulations that could restrict the free flow of information in the name of security.

Expect FCC staff actions to be organized around the following elements:

(1) Information Sharing and Situational Awareness. The Commission is looking into legal and practical barriers to effective sharing of information about cyber threats and vulnerabilities in the communications space. Specifically, the Chairman noted that “companies large and small within the Communications communications sector must implement privacy-protective mechanisms to report cyber threats to each other, and, where necessary, to government authorities.” Moreover, where a cyberattack causes degradations of service or outages, the Chairman stated that “the FCC and communications providers must develop efficient methods to communicate and address th[e] risks.” To that end, the Chairman noted that the FCC is actively engaged with private sector Information Sharing and Analysis Organizations, and with other federal agencies, to improve threat information sharing and situational awareness.

(2) Cybersecurity Risk Management and Best Practices. Noting the work of the Communications Security, Reliability and Interoperability Council (CSRIC) in developing voluntary cybersecurity standards, Chairman Wheeler called upon communications providers to work with the Commission to set the course for years to come regarding how companies in that sector communicate and manage risk internally, with their customers and business partners, and with the government. In addition, the Commission will be seeking information to measure the implementation and impact of the CSRIC standards.

(3) Investment in Innovation and Professional Development. Chairman Wheeler has asked the FCC Technological Advisory Council (“TAC”) to explore specific opportunities where “R&D activity beyond a single company might result in positive cybersecurity benefit for the entire industry.” Specifically, the FCC will “identify incentives, impediments, and opportunities for security innovations in the market for communications hardware, firmware and software.” Further, the FCC will work with NIST and academia to “understand the current state of professional standard and accountability,” as well as “where the FCC might positively contribute toward further professionalization of the workforce.”

This initiative could have significant impact on telecommunications and technology companies. Cybersecurity already is a top priority for CSRIC. A new working group was established within CSRIC and work is underway to update the industry’s cybersecurity best practices. The primary goal is to align the industry’s cybersecurity activities with the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework Version 1.0 released in February 2014. Industry members are encouraged to participate in the process. Based on the current timeline, CSRIC will vote to approve the new best practices in March 2015.

Kelley Drye & Warren’s attorneys recently presented a webinar discussing cybersecurity updates and considerations for the telecommunications and technology industries. To listen to a recording of The Cybersecurity Review webinar, please click here.

huronEd. note: This is the first installment of the ATL Tech Interrogatories. This recurring feature will give notable tech leaders an opportunity to share insights and experiences about the legal technology industry.

Jon Resnick, Managing Director at Huron Legal, is an accomplished senior sales and field operations leader with more than 15 years’ experience running successful sales, marketing and consulting organizations in the legal services arena. As Managing Director and Global Sales Leader for Huron Legal, Jon’s focus is on expanding the business, establishing consistent sales methodologies across the organization and bringing new operational sales disciplines to the growing business development group. In addition, Jon serves as a member of Huron Legal’s executive team and works closely with those leaders to ensure the sales organization is aligned in strategy with the multitude of services Huron Legal provides.

1. What is the greatest technological challenge to the legal industry over the next 5 years?

double red triangle arrows Continue reading “The ATL Tech Interrogatories: 7 Questions With Jon Resnick From Huron Legal”

Over the course of the past few years, law school personnel have found it especially difficult to keep their students’ personal information private. In April 2012, someone at Baylor Law School sent out an email containing a trove of admissions data — from names, to grades, to LSAT scores — to every student admitted to the Class of 2015. In March 2014, Loyola Law School in Los Angeles sent out an email with a heap of financial information for the entire graduating class — up to and including Social Security numbers and loan amounts — to some members of the Class of 2014.

Today, we’ve got another email screw-up for you, and this is one of the juiciest and most prestigious accidental data dumps we’ve seen yet. Someone at a T14 law school “inadvertently” sent out every piece of vital information possible about its clerkship applicants — from GPA, to class rank, to work experience, to recommenders, right down to where their girlfriends live — to everyone on its clerkship listserv.

If you’d like to see how you stack up against elite law students, now you can. We’ve got all the data…

Please note the UPDATES at the end of this post.

double red triangle arrows Continue reading “Oops! Top Law School Email Screw-Up Reveals Grades, Ranks Of All Clerkship Applicants”

Christina Gagnier

Cybersecurity is becoming an important issue for lawyers, whether you are a solo or working at a multinational law firm. When it is so easy and seamless from a workflow perspective to move to the cloud, many firms are pushing their operations and employees to this technology. There are many considerations to weigh when deciding to go from the file cabinet or local server to the cloud…

double red triangle arrows Continue reading “Episode 13: Taking Cybersecurity Seriously”

* Justice Scalia criticized law schools. Here come the butthurt law schools. [Legal Times]

* Cass Sunstein on Rand Paul’s real father — Richard Epstein. [New Republic via PrawfsBlawg]

* Irony alert: Rick Santorum endorsed the judge who just legalized gay marriage in Pennsylvania. [Slate]

* What do you know? Donald Sterling is a dick. [Los Angeles Times]

* A follow-up on a previous item: does this look like a law student kneed so hard he lost a testicle? [Barstool Sports]

* In a development that should shock no one, it turns out the Chinese hackers may have been turning their attention to infiltrating law firms “which hold valuable intellectual property for their clients but often lack the security defenses of a larger corporation.” [Bits / New York Times]

* Model suing hair salon for $1.5 million for ruining her career. That sounds funny, but the story is actually kind of horrifying. [New York Post]

* Are we looking at an M&A boom in 2014? Frank Aquila of S&C thinks so. After the jump… [Mimesis Law]

double red triangle arrows Continue reading “Non-Sequiturs: 05.21.14″

The thing about promoting security on the Internet is that it, ostensibly, is about protecting individuals from identity theft. Sure, there are other possible harms, such as lost commerce, but the threat of stolen personal information is the primary concern of most folks.

So allowing employers to require their employees to hand over social media passwords would seem, to a reasonable observer, to be the exact opposite of a policy that promotes cybersecurity.

But in the wacky world of the House of Representatives, the majority rejected a proposal that would have barred middle managers from impersonating employees online. Because….

double red triangle arrows Continue reading “Cybersecurity Bill Allows Employers To Seize Employee Facebook Passwords… Wait, What?”

Personal email accounts introduce possible threats to firm computers. A careless employee could open a trojan horse attachment and unleash a virus on the system. Even if the attack only infects the local drive, confidential information may be at risk.

This puts firms in a bind. Either invest time and energy teaching basic Internet skills to their employees — lessons like, “don’t open attachments from unknown email addresses” — that most of us learned when we still had Prodigy emails, or condescendingly cut off access to a modern necessity because the employees are too hopeless to understand the rules.

Yesterday, a major law firm chose the latter route…

double red triangle arrows Continue reading “You’ve Got (No) Mail! Major Law Firm Blocks Employee Email Access”

Page 1 of 212