Information Technology Law is our Focus

phone icon(313) 575-7234
divider

Alerts


“Fake News” and Organizational Risk

/ 0 Comments

Inaccurate or misleading information on the Internet is nothing new, but the number of “fake news” sites and false or misleading articles being shared on social media has skyrocketed in recent months. Last week, an article that President Obama issued an executive order banning fake news sites was itself a fake news story.

Facebook started using third party fact checkers. Google News now employs labels indicating that posts have been “fact checked”.  This fact checking must be harmonized with First Amendment rights, including criticism and parody. There is also an individual responsibility for both professional and personal accounts. For example, Assistant Professor of Communications and Media at Merrimack College Melissa Zimdars has provided her students with a guide to help detect fake news sites.

The proliferation of fake news requires diligence. Organizational risks resulting from the surge in fake news include:

  • reliance on false or misleading information in making business or operational decisions
  • becoming an actual subject of a fake news story and
  • having your online advertisements appear on fake news sites

Read the Snopes article on the false fake news ban story here. Professor Zimdars’ guide for detecting fake news sites is available here. Contact us at Ossian Law P.C. regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

Litigating Use of Facial Recognition Data

/ 0 Comments

Social media and other apps use facial recognition technology in connection with their service offerings. Facebook’s “DeepFace” program automatically “tags” users thereby creating an ever-growing database of faces associated with users’ profiles, likes and other personal information. The technology boasts an accuracy rate of over 97%. Google Photos uses similar technology.

Both Facebook and Google are defending class action lawsuits over the collection and use of facial recognition data. Two cases, Rivera v. Google, Inc. and Weiss v. Google, Inc. are pending in federal court in Illinois, one of a handful of states prohibiting the use of biometric data without user consent and carrying potential fines up to $5000 per each violation. While Google is arguing that the law doesn’t apply to photographs, the courts have yet to rule.

A similar case against Facebook has been transferred from Illinois to California, where it survived a motion to dismiss by Facebook and remains pending in federal court. See the Rivera complaint here and the Weiss complaint here. More information on the Facebook biometric information privacy litigation is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

AI: Balancing Innovation with Consumer Protection

/ 0 Comments

Artificial intelligence, or AI, is broadly defined as a computerized system that can either think or act like a rational human. Examples of AI in action include Amazon.com’s personal assistant “Echo” and Uber’s autonomous cars. While the genesis of AI goes back over 70 years, recent technological advances and thousands of new and potential applications have brought AI to the forefront.

The goal of encouraging innovations in AI must be balanced with privacy concerns about what data is collected and how it may be used. During machine learning (one form of AI), the lack of human interaction may result in data subjects not receiving any disclosures about specific use, or even the very collection, of that data.

The White House recently released a report entitled “Preparing for the Future of Artificial Intelligence” that addresses these issues in depth. The report identifies applications of “AI for the public good” such as the VA using AI to predict medical complications and improve treatment of severe combat wounds. The report concludes that “broad regulation of AI research or practice would be inadvisable at this time” and recommends instead a more specific case-by-case approach.

The report is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

A Medical Device Hacking Warning

/ 0 Comments

Johnson & Johnson has issued a formal warning to over 110,000 patients that its Animas OneTouch Ping insulin pump, if left unencrypted, could be hacked and result in a potential overdose of insulin to a diabetic patient. This is the first time a medical device manufacturer has issued such a warning.

The company has stated that it is not aware of any actual hacking of the devices and that the risk itself is extremely low, given that the pump is not connected to the Internet and could only be hacked within a proximity of 25 feet. In addition to the warning, Johnson & Johnson also provided step-by-step advice to patients on how to protect their devices.

Given the proliferation of the Internet of Things, this warning may be just the first of many from manufacturers of medical and other types of smart and connected devices. Read more about the warning here. Contact us at Ossian Law regarding any information technology law matter.

Read More
separator

An Update on Data Breach Costs

/ 0 Comments

Kaspersky Labs has issued its annual report on “Measuring the Financial Impact of IT Security on Businesses” after surveying more than 4000 business representatives from 25 different countries. Some key findings of the report:

  • The cost of a single security incident for small to medium businesses averages over $86,000 and for large businesses over $860,000
  • In the past twelve months, thirty-eight percent of the businesses surveyed had experienced a virus or malware incident causing lost productivity
  • Thirty-six percent of responding businesses had experienced inappropriate use of IT resources by employees in the past year
  • The bulk of the cost for responding to a security incident comes in the form of additional internal staff wages, followed by lost business (for small to medium businesses) and damage to credit rating or increased insurance premiums (for large businesses)
  • The longer the business takes to react and respond to a security incident, the greater the financial impact will be

See an executive summary and obtain a copy of the report here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

Courts Examine Scope of Computer Fraud Act

/ 0 Comments

The federal Computer Fraud & Abuse Act (CFAA) was enacted in 1986 to target computer system hackers who either damage the system or take valuable information. The CFAA prohibits “unauthorized access to a protected computer to commit fraud or obtain something of value.” Having both criminal and civil penalties, the scope of the law has broadened over time. Two recent court decisions illustrate this wider scope.

In a July 5, 2016 opinion, a Ninth Circuit Court of Appeals panel upheld the criminal conviction of David Nosal, who was charged with conspiring with former co-workers to access proprietary data from their former firm through a “back door” instead of issued log-ins and passwords.

One week later, another Ninth Circuit panel upheld a lower court decision that Power Ventures, Inc. violated the CFAA by sending email and other electronic messages to Facebook users who had previously consented to receive such messages. According to the court, Facebook “expressly rescinded” its users’ permission when it sent Power Ventures a December 1, 2008 cease and desist letter to stop the campaign. Power Venture’s continued acts of contacting Facebook users after that date were held to be “without authorization”.

The Ninth Circuit’s United States v. Nosal opinion is available here and the Facebook v Power Ventures decision is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

“BYOD” Requires Management of Legal Risks

/ 0 Comments

Bring Your Own Device, or “BYOD”, continues to grow in popularity. As an example, over the past 18 months, the State of Michigan has quadrupled the number of employees using their own devices on the job. Michigan’s goal is to have 90% of employees on the program by the end of 2018.

Rolling out BYOD programs should include a device management program designed to address legal risks, including the security of sensitive data on personal devices, employees’ expectation of privacy, if any, and the retrieval of information necessary in litigation or similar proceedings.

A recent survey by Bitglass found that over 70 percent of organizations are employing BYOD but less than 15 percent have adopted a mobile application management solution (MAMS). The State of Michigan pays a monthly subscription fee for each of its workers using their own device to securely access their work data.

Get more information on Michigan’s BYOD program here and a summary of the April 2016 Bitglass survey here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

Free Apps and the Expectation of Privacy

/ 0 Comments

On July 6, 2016, the Michigan Supreme Court ruled that Peter Deacon, a user of Pandora’s free streaming music service, is not a “customer” under Michigan’s Video Rental Privacy Protection Act. Deacon is alleging that Pandora violated the act by sharing his name and musical preferences on Facebook.

The Court noted that Pandora offered a paid subscription model, but that Deacon did not avail himself of that model, instead choosing to utilize the service for free. Thus, Deacon did not rent or borrow anything from the streaming music service. The Michigan Supreme Court’s decision is consistent with a federal 11th Circuit appellate court decision last year holding that Cartoon Network’s sharing of a user’s video viewing habits collected via a free mobile app did not violate the federal Video Privacy Protection Act because downloading the free app not make him a “subscriber”.

Free online services and apps will cite these decisions if faced with similar federal or state law claims. Users of free streaming services and apps may have a hard time arguing that video privacy protection laws apply.

Access the Michigan Supreme Court’s decision here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

Which Sites Top the Online Trust Audit & Honor Roll?

/ 0 Comments

On June 14th, the Online Trust Alliance (OTA) issued its 2016 Online Trust Audit & Honor Roll. A self-described “benchmark analysis of businesses’ commitment to security, privacy and consumer protection”, the audit was the eighth consecutive effort by the OTA. Results included approximately 1,000 websites across various industries in the private and public sector.

Points were awarded for domain, brand and consumer protection, site, server and infrastructure security and privacy, transparency and disclosures. The highest achieving sectors were consumer services, FDIC top 100 banks and top 100 Internet retailers, while the lowest achieving sector was news and media sites.

And the overall top sites were: (1) Twitter, (2) HealthCare.gov, (3) Pinterest, (4) the White House, (5) Dropbox, (6) FileYourTaxes, (7) LifeLock, (8) Instagram, (9) 1040.com; and (10) Gap Inc. Among the many audit findings were that only four percent of sites honored consumers’ “Do Not Track” browser settings and 26% of sites were vulnerable to basic bot attacks.

The full OTA 2016 Online Trust Audit & Honor Roll is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator

Combating Online Hate Speech

/ 0 Comments

How long should a social media platform allow illegal hate speech to remain on its site before removing it? Unfortunately, social media has become a tool for terrorist groups and others to spread “the public incitement to violence or hatred directed against a group of persons or a member of such a group” according to the European Union Framework Decision on Combatting Racism and Xenophobia. The longer such a post remains online, the greater the likelihood that it will be shared or “go viral.”

On May 31st, the European Commission, along with Facebook, Twitter, YouTube and Microsoft, announced a code of conduct intended to combat the spread of online hate speech in Europe. Among other things, the code of conduct calls for platforms to remove illegal hate speech and remove or disable access to such content in less than 24 hours from its posting.

The European Commission’s press release on the code of conduct, including statements from representatives of Twitter, Google, Facebook and Microsoft, is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.

Read More
separator


separator