Amid all of the publicity and media attention of the December cyberattack on Sony Pictures Entertainment, a cyber-intrusion on a German steel mill received comparably scant notice. Unlike the Sony hack, however, it highlighted an important and disturbing trend in cyber warfare. Detailed in a German government report released in December, the hacking of the German steel mill signified the second confirmed instance in which a wholly digital attack resulted in the physical destruction of equipment. By initially gaining access to the plant’s business network, the intruders were able to successfully make their way to the production network and access the controls of the plant’s equipment. They were able to control the system to such a degree that a blast furnace could not be properly shut down, resulting in “massive” damage.
According to Wired’s coverage of the incident, much information about the attack is not detailed in the report, including the name of the steel mill, exactly when it happened, and how long the hackers were in the network before the destruction occurred. The report does relay that the hackers apparently had advanced knowledge, not only of conventional IT security, but of the applied industrial controls and the mill’s production processes.
The incident highlights what is possible with the increasingly prevalent networked nature of physical real-world systems, from critical infrastructure networks like electric grids and water treatment systems, to simple and increasingly networked household and personal items in the growing Internet-of-Things (IoT). Continue reading
OccupyTheBookstore, a Chrome browser add-on from Texts.com, has become the subject of legal threats from Follett Higher Education Group, one of the largest college textbook retailers in the U.S. Textbook price comparison tools are not new, with websites like Chegg and SlugBooks, compiling textbook prices from retailers, university bookstores, and online retailers on their own websites. What makes OccupyTheBookstore unique is that it is provided directly to the user as a downloadable plug-in and works immediately on top of a user’s browser to show cheaper options for print and digital rentals while the user browses a bookstore’s website.
The fact that the user is given the option to employ an immediate filter on top of Follett-affiliated websites rankled the company and prompted it to threaten Texts.com with legal action. According to an email from Follett to Texts.com’s founders obtained by the Wall Street Journal, the add-on “effectively chang[es] the presentation of the information on the screen.” Texts.com has not backed down. In an interview with Red and Black, University of Georgia’s student newspaper, Texts.com says that it “determined that we are totally within our rights to manipulate information in the client’s browser. As it’s opt-in and doesn’t touch the bookstore servers at all….” Continue reading
The hack of Sony Pictures Entertainment placed Sony Entertainment Pictures in the spotlight for the last two months of 2015, highlighting the company’s lax security protocols and placing international focus on the recently released James Franco/Seth Rogan comedy “The Interview”. For the uninitiated, a group calling themselves the “Guardians of Peace” (with the unfortunate acronym “GOP”) hacked into the Sony’s computer systems, gaining unauthorized access to a treasure trove of sensitive data, including: social security numbers of over 47,000 celebrities, freelancers, and Sony employees; several unreleased movie titles that were later released to file-sharing websites; and corporate files including email correspondence, film budgets and passport/visa information for movie casts and crew. The data breach appeared to be supported by North Korea, which denied responsibility. While the United States National Security Agency directly blamed North Korea for the attack, other industry insiders claim North Korea had nothing to do with the attack. Continue reading
Trademark law is designed to protect consumers from confusion as to the sources of products or services. Strong trademarks are those that are distinctive – that is, they are capable of identifying the source of a particular good. At the other end of the trademark spectrum are generic marks. These marks are incapable of functioning as trademarks because they have come to be identified by the relevant purchasing public as common names for the goods or services with which they are associated. A finding that a mark has become or is generic means that it has lost (or has never had) the ability to identify the source of a product or service, and thus cannot function as a trademark. For this reason, a finding that a potential mark is “generic” presents a serious problem to a trademark application because it means that a mark has become synonymous in the public’s mind with a particular product or service as opposed to its source.
Dr. Earth, a California organic gardening company, learned this lesson after a lengthy legal battle in which its trademark application for PROBIOTIC was ultimately denied by the U.S. District Court for the Eastern District of Virginia. Dr. Earth sought to register the word PROBIOTIC for fertilizers. The U.S. Patent and Trademark Office (PTO) Examiner initially refused registration, stating that the term was generic in connection with fertilizer, and that at most, the term was merely descriptive and had not acquired a secondary meaning. Merely descriptive marks are similar to generic marks and are considered “weak” marks because they simply convey information about a function, characteristic, or purpose of the goods or services. As Jeffrey Davidson states in his IP Registration and Enforcement blog, “[d]escriptive terms by their very nature apply to all goods of a particular type, and therefore do not identify any single source.” Nonetheless, merely descriptive marks can become distinctive of a source by achieving “secondary meaning.” Daniel A. Tysver, of the comprehensive Bitlaw Legal Resource, notes that if evidence such as long term use or large amounts of advertising and publicity can show that a mark has achieved this “‘second meaning’” (the first meaning being the generally understood meaning of the term or phrase), a protectable trademark is developed.” Continue reading
The rideshare and taxi service Uber has had a very public and turbulent end to 2014. From privacy abuse allegations and Congressional scrutiny, to public protests and all-out bans in certain countries, the San Francisco-based, mobile-app-focused company has managed to retain its valuation of $40 billion. The company, which provides its service in 45 countries and over 200 cities, ran into trouble after a Buzzfeed report detailed November 14th remarks by the company’s Senior Vice President Emil Micahel who spoke of his desire to dig up dirt on the personal lives of journalists critical of the company. In particular was the intent to spread the personal details of one Sarah Lacey, editor of the Silicon Valley website PandoDaily. The Buzzfeed report also detailed the examination of private travel records of a reporter by an Uber executive. The combination of the aggressively toned nature of the comments and the willingness of the company to access user’s personal data gave rise to the November trending hashtag #Ubergate. Continue reading
Google & Europe’s Right to Be Forgotten
A recent round of court decisions has forced Google, the internationally known search behemoth, to shrink its search index, instead of expanding on it. This past May, a ruling by the Luxembourg-based Court of Justice of the European Union (CJEU) required Google to provide a means by which citizens of the EU could request the search provider to delete information collected on individuals where the search result(s) “appear to be inadequate, irrelevant or no longer relevant or excessive in the light of the time that had elapsed. Continue reading
Will the ECJ Kill the Privacy Safe Harbor for Facebook, Google and All Others?
Christie Barakat reports in SocialTimes that the ECJ, the European Court of Justice, will review the compatibility of the EU-US Safe Harbor with Europe’s Charter of Fundamental Rights.
The Safe Harbor is a legal convention under which US companies doing business in Europe may permissibly transfer the personal information of EU residents outside of the EU zone. To qualify, the Safe Harbor requires that American companies commit to certain protections of that data in their processing and sharing practices, including stringent commitments on security of data. The Safe Harbor is a self-certification process rather than a license or regulatory ruling process. Although a little bit dated, see Henry Farrell’s nice primer on the Safe Harbor, here.
Barakat quotes from Farrell’s Washington Post blog, “Monkey Cage”, covering the immediate issue, which involves an Irish resident who sued Facebook in Ireland claiming that Facebook’s Safe Harbor self-certification status could not meet European Constitution standards for privacy protection due to Edward Snowden’s revelations of US government snooping of foreigners’ personal data. As Farrell blogged in the Post, “the judge has presented the case to the ECJ in a way that seems designed to get the higher court to rule that the Safe Harbor is incompatible with European human rights standards, and hence invalid.”
Farrell describes the likely outcome of the ECJ’s review as “very hard to say”, at best. Continue reading
In April 2014, the United Nations (UN) Committee on the Rights of Persons with Disabilities adopted its General Comment No 2 on the issue of Accessibility, which applies to member States within the UN that have signed the treaty. The General Comment to the Convention on the Rights of Persons with Disabilities (CRPD) seeks to provide guidance to all relevant stakeholders, such as states and international organizations, on how to ensure accessibility for persons with disabilities. The treaty serves as the first of its kind to address access to information and communication technologies (ICT) for users with disabilities, and may now serve as a basis for State parties to reinforce and regulate national legislative frameworks.
Notably the CRPD, Article 9, paragraph 13 places particular onus on public and private actors regarding ICT. “The focus is no longer on legal personality and the public or private nature of… information and communication, and services. As long as goods, products and services are open or provided to the public, they must be accessible to all, regardless of whether they are owned and/or provided by a public authority or a private enterprise.” This public and private distinction is a first of its kind. Prior regulations placed the requirements for accessible ICT solely on public or government entities. These entities were essentially held to be established in some way for the public good, and therefore had a right to be accessible to the public audience. The shift in language which now includes “all products and services open or provided to the public” places such accessibility requirements on private industry as well, and will set the tone for implementation of such standards by UN treaty members to the CRDP. Continue reading