Mr. Locke explained that the motivation for this initiative is “[b]ecause of the vital role the Internet plays in driving innovation throughout the economy, the Department has made it a top priority to ensure that the Internet remains open for innovation while promoting an environment respectful of individual privacy expectations.”
Further, the Commerce Department is seeking public comment from all Internet stakeholders through a Notice of Inquiry (NOI) published in the Federal Register. One question the Department seeks to answer is “whether current privacy laws serve consumer interests and fundamental democratic values.”
Please contact me about offering insight on this topic or joining in the submission of a comment pursuant to the NOI. Your suggestions would be greatly appreciated. Thanks.
A number of my blog posts have discussed the importance of having an employee policy applicable to social media – think Facebook, LinkedIn and MySpace. These posts have generally discussed specific risks that employers are exposed to as a result of the increased use of social media by employees. Click here (Another Reason for Employers to be Wary of Social Media – Unfair and Deceptive Acts) and here (Digital Security Report: Social Networking Sites Expand Risks for Employers) for representative posts.
I recently ran across a phenomenal video, Social Media Revolution, that brilliantly puts into perspective the significance of social media (a big thanks to Wizard Media’s Jimena Cortes for sharing this video).
Also, a recent study tries to quantify the impact social media has on employers. The study by the Network Box (article discussing the report is available here) notes that 6.8% of all business internet traffic going to Facebook. This means that approximately 7 times out of 100, the site visited by an employee at an average business is Facebook.
There is no single best approach for managing social media risks. Similarly, there is no single best approach for leveraging the opportunities presented by social media. It is important, however, to take a broad view so that you can operate in full awareness of the risks and opportunities in determining what role social media will play when it comes to your business and employees. With such an awareness, the risks can be managed to best serve your commercial endeavors.
Click here and sign up for the Client Alerts (right column) and select the HR 2.0 Alert, to receive updates on Social Media and other employment matters, including a free Social Media Employee Policy .
Concerns that U.S. business organizations are losing the digital arms race, a/k/a cyber-warfare, are widely reported. Among those raising concerns is Amit Yoran. He was appointed director of the US-CERT and National Cyber Security Division of the Department of Homeland Security, and also acted as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA. He is presently the CEO of NetWitness and serves as a commissioner on the CSIS Commission on Cyber Security for the 44th Presidency and numerous other industry advisory bodies. In short, this guy might know a thing or two about the digital challenges U.S. business organizations are facing and what can be done.
And in fact, Mr. Yoran was interviewed by eWeek.com about these subjects and provided insight as to what steps business organizations can take to, at least, minimize the chance of being on the losing side of the cyber-war. Click here to be taken to the video clip. It is short but informative.
The E-Discovery Team (courtesy of Mr. Losey) reported that the Qualcomm Order concerning whether six attorneys would be personally sanctioned for discovery misconduct relating to their defense of their corporate client came down (click here for Mr. Losey’s post). Here is a link to the April 2, 2010 Order. If you’re short on time, read the image that accompanies this post – it reaches the same conclusion.
For those that have not followed or forgotten about this e-discovery saga, it arose out of an order sanctioning Qualcomm and a number of its outside attorneys for failing to produce tens of thousands of relevant and responsive documents during its patent suit against Broadcom.
These documents also consisted of emails and documents that undercut Qualcomm’s position at trial (I hate it when the facts get in the way). Taking a page from the Watergate playbook, Qualcomm then attempted to cover up these documents after they emerged at a critical point in the trial. But at the end of the day, Qualcomm was ordered to pay Broadcom $8,568,633.24 and found that six attorneys personally contributed to what the Court described as a “monumental discovery violation.” See Qualcomm Inc. v. Broadcom Corp. 2008 WL 66932, 13 (S.D.Cal. 2008).
Around March 2008, the case was remanded to the Magistrate Judge for additional consideration and, specifically, to provide the sanctioned attorneys an opportunity to defend their actions. With the benefit of this second-go-around, the finding that these attorneys contributed to a “monumental discovery violation” might have been a little harsh. Or in the words of the Court’s Order declining to hold those six attorneys responsible:
There still is no doubt in this Court’s mind that this massive discovery failure resulted from significant mistakes, oversights, and miscommunication on the part of both outside counsel and Qualcomm employees. The new facts and evidence presented to this Court during the remand proceedings revealed ineffective and problematic interactions between Qualcomm employees and most of the Responding Attorneys during the pretrial litigation, including the commission of a number of critical errors. However, it also revealed that the Responding Attorneys made significant efforts to comply with their discovery obligations. After considering all of the new facts, the Court declines to sanction any of the Responding Attorneys.
While the Qualcomm attorneys were eventually exonerated (although, this may be a quintessential Pyrrhic victory for the attorneys and law firm involved – see this article) it is likely that this case will continue to be the equivalent of “Kaiser Soze” for the legal community, i.e., “a spooky story” told as a reminder of what could happen to an attorneys who doesn’t comply with his or her ethical and legal obligations. Right … what could happen ….
In any event, the “major errors”highlighted by the magistrate’s April Order are instructive for both in-house and outside counsel. The first “fundamental problem” was “an incredible breakdown in communication,” which “contributed to all of the other failures.” Other specific failures recognized by the court included a failure to present evidence establishing that any attorney (in-house or outside counsel) explained the legal issues to the appropriate employees or discussed collection procedures; the failure to obtain sufficient information to understand the relevant computer systems; and the failure of any attorney to take on a supervisory responsibility for verifying that the necessary discovery was conducted.
Among the cyber-crime victims coming forward is a law firm that filed suit against the Chinese government (Click here for the full story from Wired’s Threat Level). In fact, the Wired article notes that “If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it.” The types of threats that such law firms and other companies face are called Advanced Persistent Threats (APT). An APT attack is distinctive in that they are rarely detected by antivirus and intrusion programs. Further, these attacks are espionage focused. In other words, APT hackers attempt to take business intelligence, e.g., files, e-mails, etc., rather than financial or customer data, which serves as a precursor for identity theft. For an in depth, yet very readable discussion about APT attacks, click here (also a Dark Reading post).
Equally dangerous as APT hackers or other cyber-criminals is the current or former rogue employee. For example, a federal grand jury recently indicted a former employee of the Transportation Security Administration (TSA) for trying to corrupt a database of terrorism suspects in an inside job that many within the information security industry say is a stark reminder of how important it is to track insider access to sensitive data stores. (click here for the full story originally posted at Dark Reading. ).
The preceding FBI report and stories illustrate that business organizations should assume that an attempt will be made to compromise their IT infrastructure. I’ve talked with various IT security professionals about what are the appropriate steps to prevent APT or other cyber-attacks. Unfortunately, the general and unsatisfying response has been to the effect of if someone wants in bad enough and has the resources, they will get into your network. The sophistication and resources of some of the high-profile of cyber-victims (Google, Marathon Oil, ExxonMobil, and ConocoPhillips, to name a few), would seem to confirm this conclusion.
And many remedies available to business organizations are only available after the fact (Click here for prior post discussing theft of business assets and Computer Fraud and Abuse Act). But when it comes to discharging employees, low-tech and common sense go a long way in preventing near disasters like that allegedly committed by the former TSA employee: Make sure your termination process first removes all access to sensitive information, databases, e-mail, etc., and then terminate the individual – not the other way around. Such steps are especially important when the employee has administrative rights to the IT infrastructure.