Most people are clueless about cybersecurity. Apparently that list doesn’t include Eric Schneiderman.
The OCC’s most recent report on current key risks should be read by all banks, regardless of size or regulator, as a road map in preparing for the next examination.
Take our quiz and test your knowledge of one of the most crucial aspects of legal tech: Ediscovery.
Adding to the banks’ compliance obligations, effective immediately, banks chartered or licensed in New York will now face an updated cybersecurity examination process, Superintendent of the Department of Financial Services (DFS) Benjamin M. Lawsky announced in a memorandum.
Securing cyberspace is a daunting task. The national security component of that dynamic cannot be overlooked either.
While President Obama was right about the consequences of heeding terrorist whims, he may have been wrong about whose responsibility it was to bear the burden of not heeding those whims.
He worked for a president who liked to get blowjobs; now Boies defends a film studio joking about them.
Alarms are going off around the Internet with an apparent increase of ransomware which “immediately makes its presence known by encrypting files and demanding payment for the keys to unlock them.”
Captainamerica1* Finally something with bipartisan support. Nazis are bad. [Lowering the Bar]
* 80 year old law student graduates. We would say he’ll literally being paying this off for the rest of his life, but… England. [Legal Cheek]
* Elie was in the paper today! [New York Daily News]
* Yesterday we had a partner admitting law firms are targets for hackers. Maybe those hackers should take on the geniuses at Sony. [Gawker]
My Journey From Biglaw to SmallLaw
More Bad Cybersecurity News – Top-Tier Malware Regin Used for Spying Since 2008
Morning Docket: 12.04.14
* Looking for a cool job? Here’s one. Seriously, this looks like a great gig for someone looking to get into altLaw. [Diligence Engine]
* Biglaw runs up big bills. Really big bills. [Last Honest Lawyer]
* Blast from the past: patent pendency in 1993. [Patently O]
For about the 40th time in the last five years, Kinney Recruiting’s got a team flying to Hong Kong for visits with clients and candidates. Please feel free to reach out to Evan and Robert at email@example.com and set up a meeting with them if you would like to discuss your career and the market.
Symantec reported the discovery of new malware named Regin whose main purpose “is intelligence gathering and it has been implicated in data collection operations against government organizations, infrastructure operators, businesses, academics, and private individuals.” On November 24, 2014 Symantec issued a report entitled “Regin: Top-tier espionage tool enables stealthy surveillance” which is a “back door-type Trojan, …a complex piece of malware whose structure displays a degree of technical competence rarely seen” which has “been used in systematic spying campaigns against a range of international targets since at least 2008.”
* As we’ve addressed, the grand jury declined to indict the officer in the police-cause homicide — per the medical examiner — of Eric Garner. [New York Times]
* This is a good time to remember Eric Garner was killed for the horrible crime of selling loosies, a product that developed a black market in NYC in response to rising cigarette taxes. Evading cigarette taxes should be a crime. But, like, a “here’s your $50 ticket” crime, not the death penalty. [Huffington Post]
* An anonymous Georgetown law student has filed suit against the school and one of its instructors, Rabbi Barry Freundel, for “luring her to the bath as part of her studies at the school.” And who didn’t have that lesson in Civ Pro? [Washington Post]
* Another in the continuing series looking back on a decade of Chief Justice Roberts. This time looking back at the slow and steady drive to curtail women’s rights. [Constitutional Accountability Center]
* The Bar Association of San Francisco is hosting an event next Tuesday featuring Chief Judge Alex Kozinski entitled: The Wizard of Koz. Um, may not be the best time to use to “Cos” sound in a title. But that aside, it promises to be an interesting event if you’re in the area. [San Francisco Bar]
* Brian Finch of Pillsbury Winthrop talks cyberattacks and admits what everyone else wants to deny: law firms are a weak link in cybersecurity. [Bloomberg TV]
From reliable surveys and less dependable anecdotes in most major markets, including the UK and the US, opinions point to the almost inevitable expansion of BYOD – Bring Your Own Device – as a cost-saving model for employers. Mobile device providers assure company decision-makers that direct savings will flow by avoiding the cost of purchasing handsets and absorbing service plan fees.
Kaspersky identifies that Darkhotel is a group of attackers that “seems to know in advance when these individuals will arrive and depart from their high-end hotels. So, the attackers lay in wait until these travelers arrive and connect to the Internet.”
The Obama Administration’s handling of cyber and data security was recently brought into question due to two distinct security incidents. On the same day that a former Administration official received a subpoena related to the security of a government-run website, it was confirmed that hackers had targeted an unclassified computer network used by senior White House staff.
On Tuesday, October 28, House Science, Space and Technology Committee Chairman Lamar Smith (R-TX) and Oversight Subcommittee Chairman Paul Broun (R-GA) issued a subpoena to former U.S. Chief Technology Officer Todd Park. The subpoena compels Mr. Park to appear before the Subcommittee on Oversight to answer questions regarding his role in developing and evaluating the operations and security of HealthCare.gov, the website set up for the federal health insurance exchange created by the Affordable Care Act. Recently, it was reported that HealthCare.gov had been hacked back in July 2014. Federal officials confirmed that hackers broke into part of the website and were able to upload malicious software. However, no evidence was found that consumers’ personal data were taken.
* Morgan Lewis approves the Bingham deal, with 227 of the roughly 300 Bingham partners moving over as full partners. Morgan Lewis is calling it a “mass lateral move,” which is the nice way of telling the remaining 70+ partners (and whatever associates and staffers they don’t care to include) to enjoy early retirement. [American Lawyer; WSJ Law Blog]
* A follow up report on the horrific story of the lawyers accused of stabbing a managing partner and his wife. [Washington Post]
* Justice Scalia realizes that strict constructionists are just jerks. [The Onion]
* When the title of the story uses the phrase “super-drunk judge”… [Seattle Post-Intelligencer]
* Judge Posner took a detour into Jewish theology, apparently based on scholarly research from “Google” and “Wikipedia.” In his defense though, he thought he was citing the well-known Hebrew texts of “Elgoog” and “Aidepikiw.” [The Jewish Daily Forward]
* It may sound like a terrible horror movie, but “Darkhotel” is actually a campaign of cyberattacks against business executives logging in from their high-end hotels. [Internet, Information Technology & e-Discovery Blog]
* Um, Florida State may care so much about their (number 3) football team they gloss over criminal activity. And this article is NOT about Jameis Winston. [New York Times]
* Linda Greenhouse. Damn. “In decades of court-watching, I have struggled — sometimes it has seemed against all odds — to maintain the belief that the Supreme Court really is a court and not just a collection of politicians in robes. This past week, I’ve found myself struggling against the impulse to say two words: I surrender.” [New York Times]
* If you’re in L.A. tonight, check out the 6th Annual Justice Jam, celebrating “A Tradition of Advocacy” at 5:30 p.m. at La Plaza De Cultura y Artes. The event benefits Community Lawyers, Inc., an organization working to promote access to affordable legal services for low- and moderate-income individuals. [Community Lawyers, Inc.]
There can be little debate that electronically stored information (“ESI”) has altered the landscape of discovery in civil litigation. The number of devices that transmit or store electronic data as well as the volume of data in existence have increased exponentially in recent years. The rules and underlying principles governing discovery in civil litigation, however, remain largely unchanged. In light of the voluminous available data and the myriad of methods for storing and accessing such data, attorneys should examine their normal practice of gathering information responsive to discovery requests and subject to disclosure, especially when ESI is involved, so they do not fun afoul of their obligations under Rule 26(g).
Significant Case Developments
P.F. Chang’s Seeks Dismissal of Data Breach Class Actions, Arguing the Existence of an Express Contract and Lack of Damages Preclude Claims
Lewert v. P.F. Chang’s China Bistro, Inc., No. 1:14-cv-04787 (N.D. Ill.).
As we described in July and September, P.F. Chang’s was hit with three putative class actions following its announcement of a point-of-sale data breach. On August 29, P.F. Chang’s moved for dismissal of the first two cases, now consolidated in the Northern District of Illinois. In their complaints, plaintiffs John Lewert and Lucas Kosner alleged that by failing to safeguard customer information, P.F. Chang’s breached an implied contract and violated consumer protection laws. The plaintiffs did not bring a breach of express contract claim. P.F. Chang’s argues that the plaintiffs acknowledge the existence of an express contract by alleging that “a portion of the services [they] purchased” at P.F. Chang’s was “compliance with industry-standard measures” for data security and that they were “deprived of the full monetary value of [their] transaction.”
“Cyber liability insurance” is often used to describe a range of insurance policies, in the same way that the word cyber is used to describe a broad range of information security related tools, processes and services. Everyone is talking about the need for “stand alone” cyber liability insurance policies. These stand-alone cyber liability insurance policies basically cover expenses related to the management of a breach, e.g, the investigation, remediation, notification and credit checking. However, cyber liability coverage is also found in some existing insurance policies, including kidnap and ransom and professional liability coverage. There may also be some limited coverage through a crime policy if electronic theft is added to that policy.