In 2017, there are few words that make companies – and their counsel – shudder more than “data breach.” Recent high-profile breaches and the resulting litigation have shown that breaches can be embarrassing, harmful to a company’s brand, and extremely expensive to handle – both in terms of response costs and, potentially, damages paid to the affected individuals, third parties, and regulators. As headline-grabbing security incidents increasingly become a fact of life, litigators need to develop familiarity with the issues associated with data breaches so they can be prepared to walk their clients through the aftermath. This is the first in a series of blog posts about what commercial litigators need to know about data breaches.
After Congress handed President Trump legislation Tuesday that would wipe away landmark privacy protections for Internet users, we received a lot of reader questions about what happens next. The legislation makes it easier for Internet providers, such as AT&T and Verizon, to collect and sell information such as your Web browsing history and app usage. But let’s get into the details: You wanted to know whether the measure could help the government dig up dirt on people. You asked how to protect your privacy. And some of you even asked if it would be possible to buy up the online browsing histories of Trump or members of Congress.
No, you won’t really be able to buy up President Trump’s browser history
A federal appeals court in Washington, D.C. heard arguments today in a major data breach suit. The faulty security practices of Carefirst, a health insurer, allowed hackers to obtain the personal information of more than 1,100,000 customers. But a lower court dismissed the case because the judge believed that consumers must suffer actual identity theft before before filing a lawsuit. EPIC’s amicus brief explained that the judge misunderstood the law and confused the harm consumers eventually suffer with the failure of companies to uphold obligations to safeguard the data they choose to collect. The appellate judges today voiced similar doubts about the lower court’s decision, suggesting that consumers don’t have to wait until their identity is stolen to bring a lawsuit. One judge compared the case to a person putting down her driver’s license to rent a Segway, only to have it stolen from the rental company. EPIC regularly files briefs defending the privacy rights of consumers.
The content in this post was found at https://epic.org/2017/03/dc-circuit-hears-arguments-in-.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.
A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them.
The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
“Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways,” Rafael Scheel, the security consultant who publicly demonstrated the attack, told Ars. “Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.”
Recent Comments