Archive for June, 2011
- A survey of IT practitioners conducted by the Ponemon Institute and Juniper Networks suggests that cyber attacks have recently become more harsh and recurrent. At least 90% of the IT practitioners surveyed claimed that they had experienced one or more cyber breaches within the last year, and 89% of these respondents could not identify the source of these breaches. Interestingly, employee mobile devices and laptop computers have been recognized as the top devices used in the unleashing of cyber attacks against a company. This survey suggests that ordinary network security methods are inadequate and companies need to make enhancements in order to prevent such cyber crimes.
- According to nextgov.com, Tuesday’s Senate Banking Committee hearing on cybersecurity in the financial sector, showed the senate’s critical attitude toward institution’s negligence in informing its customers of security breaches they experience in a timely manner. Although waiting to release sensitive information regarding security breaches may prove to be beneficial to the federal agents involved in these investigations, customers should be notified as soon as possible so they can take action to safeguard themselves from future attacks. In response to the increased number of attacks, the White House has presented legislative language that would require national notification of a security breach to the government and affected customers within 60 days of discovering a cyber attack. The seriousness of these cyber threats has forced government officials to set forth a new legislative race on cybersecurity related laws.
- The government itself is also not immune from these cyber attacks, as suggested by the recent attacks on the IMF, Senate, and CIA. The group responsible for many of these attacks, Lulz Security, has teamed up with Anonymous, another team of computer hackers, to begin a cyber war against governments and companies around the world, which they call “Operation Anti-Security.” According to a New York Times article, both groups have been interacting frequently via Twitter. Also via Twitter, Lulzsec has offered to help Sega in tracking down the hackers responsible for its recent cyber security breach. Although the group was deemed responsible for cyber attacks against Sony and Nintendo, its Twitter post showcased their loyalty to Sega’s Dreamcast system. The Sega breach compromised personal information of 1.3 million customers, including email addresses, passwords and birth dates. While financial information was safe, Sega Pass has been shutdown since the breach for security and investigation purposes and customers were promptly notified. The use of social networks, like Twitter, as a means of communication between hackers raises many questions surrounding the role of social media in security breaches. The unexpected shutdown of Netflix this Father’s Day left many believing that it was another cyber attack (see article on ibtimes.com). However, Netflix has not officially indicated the cause of the temporary outage. The frequency and severity of recent cyber crimes has left the world in a frenzy and upon the occurrence of any technological failure, people are not hesitant to suspect yet another cyber attack.
- Lulz Security also successfully attacked an Arizona police website, releasing about a half a gigabyte of data, including dozens of internal documents it alleges are related to border control and other law enforcement activities, over the Internet. The computer hackers oppose a tough anti-immigration law in Arizona. Its headline was “Chinga La Migra,” Spanish for a more profane way of saying “Screw the Immigration Service.”
Priya S. Amin contributed to this post.
For sources, read:
U.S. Supreme Court Shields U.S. Business from a Potentially Lethal Bullet – Wal-mart Stores v. Dukes
As a follow–up to our March 29, 2011 blog post, “Will the United States Supreme Court Declare an Open Season for Class Actions Against Business? – Wal-mart v. Dukes,” concerning the then-pending United States Supreme Court case, Wal-mart Stores, Inc. v. Dukes, Betty, et al., 10-277, we are happy to report that the Supreme Court yesterday reversed the Ninth Circuit Court of Appeals decision, and held that class certification was not appropriate. In Wal-mart, plaintiffs wanted the Court to affirm certification of a “nationwide class action consisting of all current and former female employees of Wal-Mart Stores, Inc., estimated at the time to comprise at least 1.5 million women.” Petition for a Writ of Certiorari, 2010 WL 3355820, *1 (U.S. 2010). Despite the fact that class members in Wal-mart would seek billions of dollars in back pay, the Ninth Circuit found plaintiffs’ monetary claims were not “‘superior in strength’” to the injunctive claims, and could be certified under Rule 23(b)(2). Petition for a Writ of Certiorari, 2010 WL 3355820 at *5 (citations omitted). The Ninth Circuit’s approach essentially allowed the plaintiffs to by-pass the more demanding requirements of F.R.C.P. 23(b)(3), which “‘imposes strict requirements of predominance, superiority and manageability…’” Id. at 9-10(citations omitted).
Justice Scalia authored the Court’s opinion which held that certification was improper, because 1) plaintiffs could not meet the commonality requirement of F.R.C.P. 23(a)(2), and 2) plaintiffs’ back pay – monetary claims could not be certified under F.R.C.P. 23(b)(2), “at least where (as here) the monetary relief is not incidental to the injunctive or declaratory relief.” Slip Op. at 20. The Supreme Court recognized the limited purpose of class actions and reiterated that “class action is ‘an exception to the usual rule that litigation is conducted by and on behalf of the individual named parties only.’” (citing Califano v. Yamasaki, 442 U. S. 682, 700–701 (1979)). Slip Op. at 8. By recognizing that class action practice is the exception not the rule, the Supreme Court closed the litigation floodgates that could have resulted had it agreed with the Ninth Circuit’s approach.
A general overview of the protections granted by federal trademark registration in the Apple, Inc. v Amazon.com, Inc. lawsuit and the elements of a federal trademark infringement suit are provided in “Apple v. Amazon.com – The War For “App” Dominance Advances,” which was published in the May 31st issue of Bloomberg’s Technology Law Report (and online on May 24th).
According to Tuesday’s report in the Wall Street Journal, a cyber attack (i.e., a targeted computer or network breach) directed at the U.S. or its interests may constitute an “act of war” that could justify a response that involves traditional military force. Recent cyber attacks on the U.S. government’s own systems and other governments’ and businesses’ systems have placed the issue front and center and resulted in a more detailed government plan to address such an attack.
The official position on this issue is designed, in part, to deter cyber attacks against major U.S. computer systems. Details surrounding this new cyber strategy remain vague. Under what grounds would a cyber attack allow for the U.S. to use military action? What action would the U.S. be entitled to take if the attack were initiated by a hacker unassociated with a country’s government? We may learn more as unclassified portions of the U.S. government’s cyber strategy are expected to be released to the public next month.
To learn more about U.S. federal and state governments’ efforts to combat cyber attacks, read “A Primer on Cybercrimes In The United States and Efforts to Combat Cybercriminals – 50 State and Federal Cyber Law and Proposed Legislation Survey,” published by the Virginia Journal of Law and Technology (University of Virginia School of Law, Spring 2011) available here.
For similar news reports, read:
- Google reveals Gmail hacking, says likely from China, Reuters, June 2, 2011
- NY Rep. Weiner hires lawyer after alleged Twitter hacking, Reuters, May 31, 2011.
Priya S. Amin contributed to this post.