Target to Pay $18.5M to States Over Data Breach; Inside Counsel, May 24, 2017

P.J. D'Annunuzio, Inside Counsel; 

Target to Pay $18.5M to States Over Data Breach

"Deterrence was a major theme brought up by many of the attorneys general who released statements about the agreement.

The $18.5 million settlement with the states, coupled with the $10 million consumer class action settlement approved last week, may seem like a drop in the bucket for a retail juggernaut like Target, but according to Lambiras, the deterrent effect lies in the residual legal and public relations costs companies incur following a data breach.

In a statement Tuesday, Connecticut Attorney General George Jepsen said the settlement should serve as a wake-up call to companies to tighten their data security. He also gave kudos to Target for working with authorities after the breach."

Boy, 11, hacks cyber-security audience to give lesson on 'weaponisation' of toys; Agence France-Presse via Guardian, May 16, 2017

Agence France-Presse via Guardian; 

Boy, 11, hacks cyber-security audience to give lesson on 'weaponisation' of toys

"“Most internet-connected things have a Bluetooth functionality ... I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” [Reuben Paul] told AFP later.

“IOT home appliances, things that can be used in our everyday lives, our cars, lights refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us.”

They could be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ GPS to find out where a person is, he said. More chillingly, a toy could say “meet me at this location and I will pick you up”, Reuben said."

A Twenty-First Century Framework for Digital Privacy; LAWFARE, May 15, 2017

Jeffrey Rosen, LAWFARE; 

A Twenty-First Century Framework for Digital Privacy

"Editor's note: This is a crosspost from the National Constitution Center's website. Video of the Center's event on digital privacy is available below...

Advances in technology raise numerous important (and difficult) legal questions:

• How can we strike the right balance between security and privacy in the digital age?
• How might we translate Fourth Amendment doctrine in light of technological advances and changing consumer expectations of privacy?
• What constitutional and statutory protections should there be for data stored in the Cloud, and under what circumstances and with what constraints should the government get access to it?
• Does the government have to tell consumers when it searches their email accounts or accesses their data?
• And whose law should govern access to data in our borderless world—a world where data is often stored on servers in other countries and can be transferred across borders at the snap of a finger?

The National Constitution Center, with the support of Microsoft, has assembled leading scholars and thought leaders to publish a series of five white papers, entitled A Twenty-First Century Framework for Digital Privacy.  We’ve asked these contributors to reflect on the challenges that new technologies pose to existing constitutional doctrine and statutory law and to propose solutions—doctrinal, legislative, and constitutional—that translate the Constitution and federal law in light of new technologies.  The overarching question we asked contributors to address is how best to balance privacy concerns against the need for security in the digital age.  These contributors represent diverse points of view and experiences and their papers reflect the Constitution Center’s commitment to presenting the best arguments on all sides of the constitutional issues at the center of American life."

The World Is Getting Hacked. Why Don’t We Do More to Stop It?; New York Times, May 13, 2017

Zeynep Tufekci, New York Times; 

The World Is Getting Hacked. Why Don’t We Do More to Stop It?

"There is also the thorny problem of finding money and resources to upgrade critical infrastructure without crippling it. Many institutions see information technology as an afterthought and are slow in upgrading and investing. Governments also do not prioritize software security. This is a sure road to disaster.

As a reminder of what is at stake, ambulances carrying sick children were diverted and heart patients turned away from surgery in Britain by the ransomware attack. Those hospitals may never get their data back. The last big worm like this, Conficker, infected millions of computers in almost 200 countries in 2008. We are much more dependent on software for critical functions today, and there is no guarantee there will be a kill switch next time."