Wednesday, January 26, 2011

Why Corporate Counsel Should Lose Sleep Over the Federal Wiretap Act

The following is an excerpt from a long article which addresses several Federal Wiretap Act land mines in the corporate environment. 

One vulnerability, not fully explored, is the potential for employee lawsuits based on electronic eavesdropping (authorized or not) which the company failed to protect the employee against.

While not every employee can reasonably be expected to be a target of electronic surveillance, top executives and persons handling unusually valuable information could very well expect their employer to take reasonable security measures to protect them from being victimized.

One wiretap, undiscovered for just a day, could bring a judgment of $10,000.00, not to mention damages and attorneys' fees.

There are many other financial reasons quarterly Eavesdropping Detection Audits (TSCM) make good sense. The Federal Wiretap Act is just one of the reasons people don't think about very often.

via Philip Gordon, Corporate Counsel,
Once seen only in the shadows of the war against organized crime, the Federal Wiretap Act should now be moving steadily and rapidly toward the top of the corporate compliance checklist. Robust civil remedies, recent court decisions and technological developments have transformed the act's risk profile from a nonevent to a statute worthy of significant attention.

Although principally a criminal statute, the Federal Wiretap Act is unique among privacy laws in that it provides for substantial monetary damages without proof of actual harm.

Under the act, an aggrieved party can recover a minimum award of $10,000 or $100 per day of violation — whichever is greater, or, actual damages, plus punitive damages, attorneys' fees and costs. Comparing recent class action litigation involving security breaches with potential class actions involving the Federal Wiretap Act demonstrates the significantly pro-plaintiff aspect of this remedial scheme.

To date, the vast majority of security breach class actions have been dismissed, or resolved in the defendant's favor on summary judgment, because the plaintiff failed to plead or prove that the security breach at issue proximately caused any cognizable damage to class members.

By contrast, under the Federal Wiretap Act, proof that the violation proximately caused cognizable harm is unnecessary, and each individual plaintiff can recover a minimum of $10,000 even in the absence of actual damages. (more)
Philip L. Gordon is a shareholder in Littler Mendelson's Denver office, where he is the Chair of Littler's Privacy and Data Protection Practice Group.

Channel 5 Reports on New Phone Spyware

AL - This software has definitely spurred some debate between parents and their children. Parents love to know they can keep track of their son or daughter. Most teenagers are not too excited about it.

"It gives you as a parent the ability to protect your child, to walk beside them," explained Chase Chandler, the creator of this program. "Not that you're trying to maliciously spy in on your kids, because none of us as parents want to do that."

The program is called Big Daddy Spy, and it was released just a little over a month ago. Creator Chase Chandler admitted it was basically wiretapping, because it allows parents to "tap" into their children's phones without their knowledge. (more


No mention of the debate between spouses and other jealous consenting adults.
FX's hilarious animated spy satire, "Archer," is consistently wrong on multiple levels, which accounts for much of the reason it's consistently hilarious.

Equally important, though, "Archer" doesn't regard racist, sexist, ageist and just plain impolite jokes as an end in themselves.

The tasteless humor instead just flows naturally from the dysfunctional bunch of neurotics and misfits who populate the erratic spy agency ISIS.

Amid a blizzard of appalling dialogue, the viewer becomes genuinely interested in many of the characters. That's not to be confused with liking them, but even though they look and speak like toons, they come across as rather human. Except they're funnier than most humans, because they take full advantage of the fact that toons can say things humans cannot. (more)

Tuesday, January 25, 2011

Security Director Alert - Yet Another Printer Security Issue

Add one more device to the list of things you need to protect from hackers: The humble printer.

In two separate presentations scheduled for the Shmoocon hacking conference in Washington, D.C., next week, researchers will show how hackers can use printers to compromise a company's computer network. One presentation will reveal how poorly secured printers can even be grouped together to act as online storage for cybercriminals. (more)

Poltergeist Man Eavesdropping Case Slated for Trial

MI - A jury could decide the fate of a 36-year-old Midland parolee charged with hiding an eavesdropping device in his neighbor’s bedroom.
The word poltergeist actually means noisy ghost.

Paul A. Rivard faces is scheduled to go to trial Monday, March 14, in Circuit Judge Michael J. Beale’s courtroom. Rivard is charged with second-degree home invasion, larceny in a building, eavesdropping and aggravated stalking.

Investigators allege Rivard broke into his neighbor’s home several times between August and November, once hiding a baby monitor under a dresser, Bay City Times records show. Authorities also claim Rivard burned and buried clothing belonging to the neighbors, broke furniture and rearranged items inside the house, according to reports. (more)

In what country can you get a 15-year prison sentence for recording your public conversation with a law enforcement officer?

In Illinois, recording a conversation is a Class 1 felony unless all parties consent; just below the prison time you'd spend for murder

via Jason Mick - Daily Tech
 "We've often written on the disconnect between current laws and the reality of the digital age. When a person gets charged over a million dollars for pirating and sharing a few songs, and a robber stealing a dozen CDs might have to a pay a few hundred in fines, the system can seem incredibly flawed at times.

Another example of this disconnect that has recently been brought into sharp focus include laws that police are using to try to prosecute those that digitally record their actions. We already covered how police in some areas can arrest you, if you videotape or photograph them in a public or private setting. Well, in some areas they can arrest you for even recording an audio conversation.

Illinois is one of the states with the toughest laws against audiotaping a conversation between you and another party without their knowledge. The law [text] states that you can face up to 15 years in prison for committing the offense."  (more

Two real life examples... (more) (more)

Monday, January 24, 2011

"Bug-in-a-Book" project at the Spy Museum - January 30th

David Simpson says...
We all love spy gear, from the wacky Maxwell Smart rotary-dial shoephone to the grab bag of goodies Bond always so nonchalantly snares from Q. Thank you, MAKE, for Volume 16, the "Spy Tech" issue, which featured Mad Magazine's iconic Spy vs. Spy on the cover. In that issue, you can find my wireless "Bug-in-a-Book" project. The guts come from readily available Radio Shack components (a mini FM transmitter for listening to your iPod through the car stereo and a grandpa-tech amplified listener). 

Fast forward: I'll be leading that workshop at the Spy Museum January 30th.
The session will open with an "NCIS-like" briefing, laying out an impeding threat and mission, but I can't divulge the full details here. Let's just say that this whole thing was triggered by an encrypted message intercepted by an allied listening post off the coast of Algeria on one of the long wave frequencies known to be used by a US-based black market arms dealer and certain intermediaries representing a radical militant religious group targeting pro-western nations. Maybe by now it's becoming clearer; the well-being of the free world lies in the hands of the young makers that attend this workshop and the intelligence they're able to gather during surveillance using their field-made Bug-in-a-Book. (more)

Cell Phone Bugging Hack

Black Hat, Washington, DC - A European researcher today showed how bugs he has discovered in the baseband chipset firmware of iPhone and Android smartphones could be exploited to ultimately take control of these devices.

Ralf-Philipp Weinmann, a researcher at the University of Luxembourg, was poised here to demonstrate an exploit he created that turns on the auto-answer feature on the affected smartphones and then uses them as remote listening devices. But he was unable to get his demo to run live successfully, in part due to poor cellular reception in the hotel where the conference was held.

Despite the demo glitch, security experts say the research marks a new generation of smartphone hacking. (more)

Saturday, January 22, 2011

SpyCam Story #598 - The Tax Man Attacks

FL - On January 13, 2011, a jury awarded damages of $476,200.00 against Kenneth Wayne Ryals, a landlord who had serially spied on his young female tenants by means of a micro video camera hidden in a DVD player he provided with the rental. 

Mr. Ryals, who is an Internal Revenue Service agent, had confessed to the Davie Police Department that he had watched Plaintiff for his viewing pleasure... 

Further, despite the pendency of the lawsuit, Mr. Ryals willfully destroyed all the physical evidence in the case, eleven pieces of electronic equipment, including the spy cam that he had hidden in the plaintiffs bedroom...

The plaintiff filed the suit in hopes that her suit would appeal to Mr. Ryals conscience and encourage him to stop preying on young women like herself. Mr. Ryals, however, has never shown any remorse for his conduct. Within a week of his arrest by the Davie Police for video voyeurism on September 14, 2007, he was soliciting new female renters through the website Roommates.com. (more)

SpyCam Story #597 - Heart Doc Attack

NY - A doctor who hid a video camera in the bathroom of his Manhasset medical office has been sentenced to 45 days in jail.

Prosecutors say 56-year-old cardiologist Vincent Pacienza, of North Hills, installed the camera in an air purifier so he could spy on unsuspecting women. They say he watched the camera's video feed on a monitor hidden beneath his desk.

The camera was discovered after an employee saw an invoice from a surveillance equipment company and became suspicious. (more)
He probably bought it already assembled.

Massive eavesdropping in Bulgaria? You decide.

• Every third eavesdropping in Bulgaria illegal (more)

• Brussels Alarmed over Avalanche of Wiretaps in Bulgaria (more)

• It is not true millions of Bulgarians are being wiretapped: interior minister (more)

 

Friday, January 21, 2011

We give you justice! Even if it kills you.

S. Korea - The Supreme Court Thursday overturned a guilty verdict on the late Cho Bong-am (1898-1959), 52 years after the nation’s first progressive party leader was executed on charges of espionage by the government of then-President Syngman Rhee.

Cho, who created the Jinbo (progressive) Party in 1956, challenged President Rhee in a presidential election and was executed three years later for espionage charges.

The retrial came after the Truth and Reconciliation Commission concluded in September, 2007 that the original trial was clouded in mystery and the case should be retried. (more)

Continuing Education - NIS.org - Protecting Secrets

via their literature...
Keynote Address: Defending Against Cyber Threats in Dangerous Times
General Michael V. Hayden, Principal, Chertoff Group and former Director CIA, NSA

Top-notch education, security best practices and practical solutions you can take back to your office and implement right away. The conference is packed with informative sessions and practical workshops targeted to your specific needs so your time is always spent productively. For a complete list of speakers, topics, and schedule, go to: http://nsi.org/impact-agenda.html

What you will learn:
-- Step-by-step recommendations for improving your security program
-- Real world tips to prevent security breaches and deficiencies
-- How to ensure timely security clearance processing
-- How to defend against low-tech threats and social engineering
-- Vital intelligence about the latest collection techniques used by spies
-- Best practices for using JPAS, JCAVS and e-QIP
-- How to create a winning strategy for your awareness program
-- Practical countermeasures to defend against terrorism
-- Expert advice on how to avoid the biggest AIS security landmines
-- Best practices to implement NISPOM changes
-- Proven strategies for managing the human side of info security
-- Key steps for certification and accreditation of classified systems
-- How to manage risks to and from the mobile workforce
-- Practical, non-technical understanding of IT security threats
-- Valuable lessons learned from the security trenches

Espionagedottir in Iceland - Mysterious

Iceland - An unmarked computer found in a spare room of parliament, and connected directly to parliament's internet system, was most certainly planted there, a computer expert told the Grapevine. However, he says, the media has a few misconceptions about the matter.

The computer in question was found in a spare room shared by the Independence Party and The Movement last February. It was apparently connected directly to parliament's internet system.

The computer was disconnected and taken to the police. Any identifying serial numbers had been erased from the machine, nor were any fingerprints found, and its origins have not yet been traced. The police believed that the matter was the work of professionals. (more)

Backstory?
"The office had been used by substitute MPs from the Independence Party and The Movement, the Parliamentary group of Birgitta Jonsdottir, whose Twitter account was recently subpoenaed by US authorities. The Icelandic daily Morgunbladid, under the editorship of Mr David Oddsson, former Prime Minister and Central Bank chief, has suggested that this might be an operation run by Wikileaks. The reporter for the Reykjavik Grapevine, Mr Paul Nikolov is a former substitute MP, having taken seat in Parliament in 2007 and 2008." (more)

Prime Minister's Press Secretary Resigns over Phone Hacking

UK - After growing controversy over the role he played in the phone-hacking scandal as editor of Rupert Murdoch's News of The World newspaper, Andy Coulson has resigned as Prime Minister's press secretary, saying his role has become too high profile.

Coulson has come under increasing pressure in recent months, as police widen their investigation into the way the paper's reporters worked, following a succession of civil cases brought by stars including actress Sienna Miller and TV host Chris Tarrant. (more)