Law Office of Seaton M. Daly III, P.L.L.C.

Legal Counsel for Emerging Businesses
Home     About Us     Practice Areas     Blog & Events     Contact Us     Site Map      
Events      
The Emerging Business Advocate
 
By: Seaton M. Daly III
 
The Law Office of Seaton M. Daly III, P.L.L.C., in an effort to address the myriad of legal issues confronted by Emerging Businesses in today's corporate landscape, has created this blog to highlight relevant issues business executives are confronted with on a daily basis.
  
 
 
December 09

60 Government and Private Industry Security Professionals Present Report on Cyber-Security
 
John Markoff, of The New York Times, reported today that a government and technology industry panel on cyber-security is recommending that the federal government end its reliance on passwords and enforce "strong authentication."  The Report is a strong indictment of government and private industry's efforts to secure cyber-space by detailing a laundry list of serious break-ins to government and private sector computers, and the recommendation, by the commission, for the appointment of a cyber-security czar reporting to the President.  The group argues that cyber-security is one of the most significant national security threats and that it can no longer be relagated to CTO's and CIO's.
 
Mr. Tom Kellerman, VP for Secuirty Awareness at Core Security Technologies, and a member of the commission, stated that "[t]he laissez-faire approach to cyber-security has failed."  The Report suggests that new laws and regulations, concerning cyberspace, be adopted, and that the proposed regulations include new standards for critical infrastructure providers, like the finance and energy industries, as well as new federal product acquisition rules to force more secure products.  What the report fails to emphasize, and should be considered, is the demand that corporations and government entities need to also do a better job of changing their culture within the organization to prevent breaches of information.  This includes training, and advising of the latest updates to laws and regulations, and the adoptiong of uniform policies and procedures, specifically outlined for the organization.  Microsoft and Verizon have both presented cyber-security reports that conclude "social" causes are a bigger threat to an entity than "technical" causes.  This is one of the many reasons why cyber-security is a problem for the entire organization to deal with, and not just the technology folks.
 
However, there is a fundamental problem with adding more laws to address cyber-security - how are we going to enforce the new laws when existing laws are barely enforced?  Some laws (like HIPAA) do not allow for a private right of action, and other laws stretch our regulatory agencies so thin anyways, that they are forced to pick-and-choose their "battles."  Therefore, unless the laws provide from some sort of remedy outside of law enforcement, the limits of the laws may never be fully realized.
 
To read more about this news article, please click here:  Panel Offers Ways to Bolster Security in Cyberspace
 


2:13 PM GMT  |  Read comments(0)

November 25

Starbucks loses 97,000 Employees Personal Identifiable Information

 

Corporate cyber-security is the elephant in the room that most business entities don’t want to talk about, because the amount of vulnerabilities, in regards to mission-critical data, can be too overwhelming for the organization to deal with.  And yet, with that said, news outlets, like the Seattle P-I, are increasingly reporting on breaches of cyber-security.  When I read about situations occurring at Starbucks, in regards to lost laptops, or Intel, where a employee software engineer downloaded $1 billion worth of proprietary trade secrets while simultaneously being employed at AMD, I have to question whether those organizations trade practices and policies, as it relates to corporate cyber-security, are proceduralized at all levels within the organization, or whether it is just something left to the guise of the IT Department (after all the term “cyber” relates to technology, right?). 

 

Social behaviors of employees, within the corporate landscape, are a major contributor in making theft of mission-critical data the most lucrative form of crime now (it’s more profitable than the international drug trade).  Corporations need to do a better job of changing their corporate cultural behaviors towards information protection, or they will end up being subjected to class action litigation, regulatory fines, or both.  Is it right, or even fair, to through the CTO or IT Administrator under the bus, because some salesperson left their computer in the car?  Should that person’s manager be held accountable?  If more corporations create cyber-security programs that are enforced by a core group of individuals, across various job functionalities, then ownership, responsibility, and accountability for the cyber-policies will become more widely practiced by all employees.  This will also enable the corporation to defend its practices in front of a judge, regulator, jury, or general public at-large.  It goes a long way in creating a sympathetic impression.   Waiting 2 months to disclose the fact that information was missing, is not a very acceptable trade practice for a Fortune 500 company, who hires lawyers at a rate much larger than mine.

 

Stealing information does not require any technical skill or know-how.  To quote Albert Einstein, “Only two things are infinite, the universe and human stupidity, I’m not sure about the former.”
 
To view the Starbucks story, please click here:  Missing Laptop Puts Starbucks Workers' Data At Risk
 


1:11 PM GMT  |  Read comments(0)

November 18

Expanding Your Business Internationally? Beware of Privacy Laws!
 
The prospect of expanding a business into strategically aligned international markets can create a multitude of challenges and unexpected problems that need to be managed before market entry is attempted.  One of these "challenges" an international business will confront is, how to deal with the various privacy laws established by host foreign countries.  Privacy protection standards in Europe, for example, often carry a higher obligation, on the part of the business, to protect the employee, client, and general public's private information, than in the United States.  Member States of the European Union have repeatedly tried to harmonize the varying laws, amongst each other, by creating more uniformed standards throughout the whole EU, and privacy laws are no exception.
 
The best example of how European privacy laws can constrict the growth of a business on its continent is the case of Google, Inc.  Nearly five years after it was welcomed, with open arms, to build offices and employ people in Ireland, Switzerland, Russia, Denmark, and Poland, Google has found its growth stunted by the web of privacy laws which govern many of those, and other, countries.  Kevin J. O'Brien, of The New York Times, wrote an article about this topic, and reports on how Google has been forced to delay plans for product rollouts and new services because privacy statutes prohibit the unauthorized use of "personal images or property."  Google has entered into talks with data proteciton advisors of the EU Commission in Brussels, Belgium, to address how they will comply with privacy laws throughout the EU.  Google believes that eventually everything will work out, and that they will be able to offer new services to Europeans that are already being introduced in other markets.
 
To read the full article, please click here:  Privacy Laws Trip Up Google's Expansion in Parts of Europe
 


11:10 AM GMT  |  Read comments(0)

November 07

Microsoft's Security Intelligence Report Released on Monday
 
Microsoft released its Security Intelligence Report on Monday, November 3, 2008, a fifth such report of its kind by the software giant.  The study said that a majority of information loss was as a result of human error, such as lost laptops or stolen IT equipment (47.5%).  Social engineering attacks, in which the text of an e-mail, for example, persuades the reader to open an attachment that installs malicious code, also remain a high threat to businesses.  The report also indicated that software vulnerabilities in operating systems are down, but the trend is more towards application-type software.  George Stathakopoulos stated that Microsoft is going to work closely with those types of software firms to create a united front against individuals who are trying to unleash malicious code on users without their knowledge.
 
To read the entire report, please click here:  Microsoft Security Intelligence Report
 


11:49 AM GMT  |  Read comments(0)

$1 billion in trade secrets stolen from Intel, Corporation
 
Jordan Robertson, of The Associated Press, reported today that a former engineer of Intel, Corp., has been charged in Massachusetts for illegally downloading more than a dozen confidential documents, worth about $1 billion, from Intel's computer system in CA, during a 4-day stretch in June.  All of this was accomplished while the engineer, Biswamohan Pani, worked for the chip manufacturer's main rival, Advanced Micro Devices, Inc.  Pani had told his supervisors at Intel that he was considering working for a hedge fund, but in reality was on the payroll of both companies.  The supervisors did not investigate the validity of Pani's claim.
 
Prosecutors have said that AMD had no knowledge of Pani's actions, but the information downloaded is worth about $1 billion and includes information on research and development costs, and methods for designing microprocessors.  Intel owns about 80% of the microprocessor market in the world, with AMD owning the rest.  Pani had planned to use the information to advance his career as an engineer, and said that he meant no harm to Intel.
 
This is the latest incident in what companies need to do when managing information protection within the organization.  As much as we want to trust our employees, and believe that they are well-intentioned individuals, the fact remains, that proceduralized regimens need to be in place in order to ensure things like this do not occur.  Had Intel simply investigated Pani's claim that he was going to work for a hedge fund, while still under its employ, then they may have prevented the release of this highly proprietary information.
 
To read more about this article, please click here: Former Employee Allegedly Stole $1 billion in Intel Trade Secrets
 


10:57 AM GMT  |  Read comments(0)