The UK cares about its citizens' privacy to the tune of a $229 million (US) fine of British Airways for a breach that disclosed information of approximately half a million customers. It's exciting -- a significant fine for a significant loss of data. I think GDPR will lead to improved security of information systems as companies scramble to avoid onerous fines and start to demand more from those who provide information security services and products. more
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
Michael Geist writes: "The bills contain a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers. The first prong mandates the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers." more
On April 30, 2016, ICT Ministers of the "G7 group" concluded their deliberations in the beautiful city of Takamatsu, Kagawa prefecture in Japan. After months of preparatory work and two full days of discussions, the ICT Ministers of the USA, UK, France, Italy, Japan, Canada and Germany plus the European Union issued a joint declaration that: recognizes our digitally connected world; commits to mutual goals and, once again; reaffirms the multistakeholder model for the governance issues facing the deployment, development and evolution of the global Internet. more
The Uniform Domain Name Dispute Resolution Policy (UDRP) limits parties' submissions to complaints and responses; accepting "further statements or documents" is discretionary with the Panel (Rule 12, Procedural Orders), although the Forum (in Supplemental Rule 7) but not WIPO provides for supplementing the record with the proviso that "[a]dditional submissions must not amend the Complaint or Response." For some panelists, Rule 7 contradicts the Policy. more
While having a backup plan is usually a good idea, it's often not an effective way to obtain someone else's domain name - at least not when Plan B consists of a company filing a UDRP complaint with the hope of getting a domain name to which it is not entitled and could not acquire via a negotiated purchase. "Plan B" as a derogatory way of describing an attempted domain name acquisition usually arises in the context of a domain name that is not protected by exclusive (or any) trademark rights, or where the complainant clearly could not prevail in a UDRP proceeding. more
Under the previous rules for the Uniform Domain Name Dispute Resolution Policy (UDRP), domain name registrants that had a complaint filed against them were supposed to be notified of the complaint by the trademark owner that filed it. Then, a revised set of UDRP rules that went into effect in 2015 eliminated the complainant's obligation to notify the respondent. Instead, the new rules only require the UDRP service provider (such as WIPO or the Forum) notify the respondent, presumably after the registrar has locked the domain name, preventing any transfers. more
Although filing fees in domain name disputes are usually paid for by the trademark owner that files a complaint, the Uniform Rapid Suspension System (URS) contains a little-noticed provision that, in large cases, requires the domain name registrant to pay a fee to defend itself. The so-called "Response Fee" is only required in URS cases that include 15 or more disputed domain names. more
U.S. authorities announced today that they have shut down one of the largest spam operations in the world, an extensive network with ties to Australia, New Zealand, India, China and the United States. The group, dubbed 'HerbalKing' by spam fighting organizations, had been active as far back as 2005 and became notorious as the number one worst spam gang on the Internet for much of 2007 and 2008 according to Spamhaus, a non-profit anti-spam research group. more
A 32-year-old Russia man was sentenced on Friday to 27 years in prison for computer hacking crimes that is reported to have caused over $169 million in damages to small businesses and financial institutions. more
There has been a significant focus over the past two years on the vulnerability and cyber threat risks faced for voting systems at the local level. That focus has typically been on State and local jurisdictions like cities, counties and towns, and resulted in the creation of the DHS Elections Infrastructure Information Sharing and Analysis Center (ISAC) to assist. However, there are other local governance entities at significant risk as well. more
Established in 1998 by the Global Anti-Counterfeiting Group (GACG), "World Anti Counterfeiting Day" is held annually in June to raise awareness of the international impacts of counterfeiting and piracy. According to the International Chamber of Commerce (ICC), the cost of counterfeiting is a $600 billion a year problem. MarkMonitor estimates the cost of online counterfeit trade at $200 billion annually. more
Time to brush the dust off your Computer II notebooks. Are voicemail, electronic fax, and call forwarding enhanced services or telecom services? Today's case: FTC v. American eVoice, Ltd... The FTC brought an action against Defendants claiming that they were engaged in cramming, adding unwanted voicemail, electronic fax, and call forwarding services to consumers bills to the tune of $70 million. more
Proceedings under the Uniform Domain Name Dispute Resolution Policy (UDRP) can be heard by either a one- or three-member panel. Here are eight important facts that every complainant (trademark owner) and respondent (domain name registrant) should consider when deciding whether to select one or three members... Either party - complainant or respondent - has an opportunity to select a three-member panel... more
The White House has expressed its full support on the need for permanent reauthorization of Section 702, created "to address an intelligence-collection gap that resulted from the evolution of technology in the years after FISA became law in 1978." more