Internet & Online Privacy - Legal Technology - Technologist
Technologist - The FindLaw Legal Technology Blog

Recently in Internet & Online Privacy Category

For a few weeks now, 11,000 gigabytes of information stolen from Sony by as-yet unknown hackers have been floating around the Internet. The eclectic data range from private, racially tinged jokes emailed between producer Scott Rudin and Sony exec Amy Pascal about President Obama's favorite movies, to ideas for ludicrous sequels (like a "21 Jump Street"/"Men in Black" crossover), to whole copies of finished, but unreleased, films.

Well, Sony's pretty sick of hearing about it. To that end, they've decided to hire attorney David Boies to make some legal threats via demand letters.

Earlier this week, Owen Williams of The Next Web found his Apple iCloud account locked. Williams was smart and enabled two-factor authentication on his account after reading the sad story of Wired's Mat Honan, whose Apple and Google accounts were hacked through a social engineering trick in which the attackers got his password reset over the phone.

Williams, unfortunately, couldn't access his iCloud account because he'd forgotten the recovery code. Does this mean we should all dismiss two-factor authentication?

Our network crashed on Monday. And the cause won't surprise anyone: somebody opened an email containing a virus.

It strains the mind to imagine how anyone could be that naive nowadays -- you're really going to believe an email from an unknown sender with an attachment containing "important documens" [sic]. And yet, someone did. And someone else did. And before we knew it, the entire network was down and an hour's worth of productivity was lost.

We're pretty sure we can pick out fake emails, but here are a few signs for those of you who are a little less experienced:

One of the biggest annoyances on the Internet are those anti-spam, anti-bot CAPTCHAs -- the little scrambled text puzzles you have to fill out on forms to verify that you are a human. Maybe you're registering to leave a comment on a blog, or trying to buy a ticket to a sporting event, or even logging in to your email.

Instead, you see this: "Type the text"... But we can't read the text because it is horribly disfigured to make life harder for robots. Unfortunately, bots have long since reached the point where they can crack the codes while humans squint, mistype, mutter curse words, and leave your site without contacting you.

Google introduced a better solution this week: the "No CAPTCHA reCAPTCHA," which we'll refer to as "checkboxes and kittens."

That annoying comment might be more than spam telling visitors how to solve their intimacy issues, or how to make easy money at home. Instead, it may be malicious code that could hijack your site, lock you out completely, and even take over your server as a whole -- a nightmare for larger companies that store more than a simple webpage on their servers.

Fortunately, the bug, discovered by Finnish IT security company Klikki Oy, was reported to WordPress months before being made public, and security patches are already being automatically (no pun intended) deployed. The bug affects an estimated 86 percent of WordPress sites (those running any unpatched version of WordPress 3 -- version 4.0, which was released in September, are not affected). The exploit uses text input fields, such as the enabled-by-default blog comments feature, to deploy malicious code.

On Monday, we learned that Emil Michael, senior vice president of business at Uber, said at a dinner party that he planned to spend "a million dollars" to hire researchers to investigate and harass reporters who wrote stories critical of Uber.

The tone of Michael's statements, as reported by BuzzFeed's Ben Smith, is pretty clear: "They'd look into 'your personal lives, your families,'" he said, implying Uber would spend money to embarrass and expose journalists for the crime of doing their jobs.

Now comes a bizarre twist.

At an unknown time in probably Q1 next year, at an unknown price, the Apple Watch is coming. The Apple Watch promises, among other things, a centralized way to track all your health statistics. That's got some ears perking up, from e-discovery experts to, now, the FTC.

Citing two anonymous sources, Reuters reported yesterday that Apple and the FTC were in talks over the privacy of all that juicy health data the Apple Watch will undoubtedly collect. In closed-door meetings, the FTC has allegedly asked for assurances that third parties or marketers won't be able to access a user's health data.

Officially, Apple has strong privacy protections in place. Its App Store submission guidelines for apps using the HealthKit API don't allow apps to store health information in iCloud or use health information for advertising purposes.

In case you missed it, President Barack Obama has issued a statement (and accompanying video!) outlining his hope for an "open Internet" and actually using the words "net neutrality" several times.

The statement is notable in that there's no hedging and no weasel language: It's a hortatory policy statement calling on the FCC not only to implement the "net neutrality" that its advocates -- and not its opponents -- have sought, but to go further and "reclassify consumer broadband service under Title II of the Telecommunications Act." (There should be a [sic] after this; he really means the Communications Act of 1934.)

It's no secret that the FBI doesn't much like your encryption. Its director, James Comey, has said as much. It's lobbied Congress to force device manufacturers to put "backdoors" into technology so the FBI can get inside. (Although, if you're Comey, you'd call that a "front door.")

In its unparalleled quest to know what you ate for breakfast without checking your Instagram profile, the FBI wants to be able to hack any computer, anytime, anywhere.

I have to admit: The idea of fingerprint unlocking is pretty damn appealing. Passcodes? Too much work. Like, four digits worth of work. And those little swipey gesture things you can do on Android? They work, I suppose, but it's so hard to get those correct without looking when driving.

Plus, you can't crack a fingerprint. You can crack a passcode.

However, a judge in Virginia just complicated the equation a bit with a simple reminder of legal precedent: A fingerprint isn't constitutionally protected, but a passcode is. This means that police need a warrant to search your phone (thanks, SCOTUS) but even if they get one, they may not be able to get past the lock screen.