Categories & Search

Category: Global/Transborder Privacy

Government Warns of New Cyber Threats Targeting U.S. Businesses

The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and businesses.  These hackers target vulnerabilities in virtual private networks (VPNs), which organizations use to allow remote network access.  Once the hackers gain access through a VPN, they export data, sell access to the network, and have the ability to install ransomware.  This is just the latest example of criminals exploiting vulnerabilities associated with the current remote working environment.

Go

COVID-19 Cyber Risks Continue to Grow

As we previously detailed, the coronavirus pandemic has expanded opportunities for nefarious actors to exploit the digital vulnerabilities of individuals, local governments, industries, organizations, and essential services as they rapidly adapt to the public health crisis. Recent reports have confirmed that attacks and cyber scams associated with the pandemic are in fact on the rise.

Go

Microsoft Joins Government’s Request to Render Fight over Access to Data Stored Abroad Moot

Yesterday, we reported that the Department of Justice has asked the U.S. Supreme Court to remand its dispute with Microsoft Corp. concerning access to customer emails stored abroad to the U.S. Court of Appeals for the Second Circuit with instructions to dismiss it as moot.  The government argued that the newly enacted “CLOUD” Act clarifies prior law and makes clear that information stored abroad can, under certain circumstances, be subject to a domestic warrant.  The government added that it obtained a new warrant for Microsoft to turn over the requested information in the days following the CLOUD Act’s passage.

Go

Government Urges High Court to Moot Microsoft Email Case

We’ve written several times about the landmark dispute between the U.S. government and Microsoft Corp. over access to a customer’s emails stored in Ireland. Now, a month after the U.S. Supreme Court heard oral argument on the government’s appeal, the Justice Department has asked the Court to remand the case to the U.S. Court of Appeals for the Second Circuit with instructions to dismiss it as moot.

Go

Justice Department Accuses Google of “Alarming” Tactics in Fight over SCA Search Warrant

The ongoing dispute between the government and Google concerning the company’s refusal to hand over customer data stored on foreign servers has taken an odd twist.  Now, the Justice Department is demanding that Google be sanctioned for not abiding by the court’s most recent decision—ordering it to produce data associated with 22 email accounts—and calling Google’s conduct “a willful and contemptuous disregard of various court orders.”  The case is In the Matter of the Search of Content that Is Stored at Premises Controlled by Google, No. 16-mc-80263 (N.D. Cal.).

Go

Judge Sides with Government over Google in the Latest Battle Rematch over the Territorial Reach of the SCA

Another federal judge has rejected the U.S. Court of Appeals for the Second Circuit’s interpretation of the Stored Communications Act (SCA), and has ordered Google to hand over customer email traffic—wherever located—to U.S. law enforcement.  More than a year ago, the Second Circuit held that Microsoft Corp. was not required to produce customer emails stored on foreign servers in response to an SCA warrant.  Since then, the Second Circuit’s ruling has been rejected by three different federal courts around the country.

Go

Digital Divide Deepens: Tech Community Backs Second Circuit in Clash with Magistrates over Reach of U.S. Warrants

The technology community took aim at a recent federal magistrate’s ruling that ordered Google Inc. to comply with search warrants seeking customer emails stored on servers abroad, calling the decision “an impermissible extraterritorial application of U.S. law.” In rejecting a recent federal appeals court decision in a similar case in favor of Microsoft Corp., U.S. Magistrate Thomas J. Reuter in Philadelphia ruled that transferring emails from a foreign server to the U.S. was not tantamount to a seizure beyond American borders. The technology companies urged the court to reject the “fiction that such a foreign search and seizure is a domestic act….”

Go

Ajit Pai and the FCC’s Role in ISP Privacy Regulation under President Trump

On January 23, 2017, President Donald Trump named Ajit Pai as Chairman of the Federal Communications Commission (FCC).  In his previous role as the senior Republican on the FCC under President Barack Obama, Mr. Pai was an outspoken critic of the agency’s decision to assert jurisdiction over Internet Service Providers (“ISPs”) and its rules governing broadband privacy.  Pai’s appointment suggests that significant changes may be on the horizon.

Go

Second Circuit Court of Appeals Denies Rehearing in Microsoft Case

Back in December 2013, a U.S. magistrate issued a seemingly routine warrant in a narcotics case demanding that Microsoft turn over messages from a customer’s email account that resided on a server in Ireland.  That warrant, which issued under a 1986 law called the Stored Communications Act (“SCA”), 18 U.S.C. § 2703, is still being debated today.

Go

Wake-Up Call: Law Firms in the Cybersecurity Crosshairs

Last week marked the first time a U.S. law firm was publicly named in a class action data security lawsuit.  Originally filed in April 2016, the class action complaint in Shore v. Johnson & Bell, Ltd., 16-cv-4363 (N.D. Ill.), was unsealed last week after months of back-and-forth over whether the alleged security flaws had been patched.  The complaint accuses Johnson & Bell, a mid-sized Chicago firm, of “systematically exposing confidential client information and storing client data without adequate security.”  The lawsuit makes no claim that any client information has been stolen or misused.  Even so, the filing of this complaint amplifies the risks already facing law firms – including reputational – at a time when data security is a top concern for law firms and their clients.

Go

China’s Controversial New Cybersecurity Law

Earlier today, the Chinese government in Beijing approved a sweeping new cybersecurity law aimed at centralizing control over computer networks operating within China’s borders.  An unofficial English translation of the newly-enacted law is available here

Go

International Cyber Recommendations for the Financial Market: Collaboration is the Name of the Game

On June 29, 2016, the Bank for International Settlements’ (BIS) Committee on Payments and Market Infrastructures (CPMI) and the Board of the International Organization of Securities Commissions (IOSCO) issued “Guidance on cyber resilience for financial market infrastructures” (Cyber Guidance), the first set of concrete recommendations following the 2012 CPMI-IOSCO Principles for Financial Market Infrastructure (PFMI). 

Go

US Regulators Investigate Chinese Steelmakers for Hacking Trade Secrets

The U.S. International Trade Commission (“ITC”) last week launched an investigation into United States Steel Corporation’s (“U.S. Steel”) complaint that Chinese hackers stole trade secret information—including proprietary methods for making lightweight steel—on behalf of Chinese steel producers.

Go

European Parliament: Proposed Privacy Shield Must Be Strengthened

We have previously written about the ongoing debate regarding the proposed EU-U.S. Privacy Shield.  The European Parliament has now added its voice to those who say that the current proposal is inadequate.

Go

What’s Next for the EU-U.S. Privacy Shield?

With European regulators continuing to debate the current proposal for the EU-U.S. Privacy Shield, the fate of the new trans-Atlantic data framework is becoming murkier by the day.  Rapprochement may still be a possibility, but over the past week, we have seen parties on both sides preparing for an extended fight.  The Privacy Shield is one of the most significant issues in global cybersecurity today.

Go

Federal Appeals Court Set to Issue One of the Most Important Privacy Rulings in a Generation

For months, the technology and business communities have been waiting anxiously for a Federal appeals court ruling on whether American companies can be forced to turn over customer information to U.S. law enforcement when that information is stored on servers abroad.  It’s the result of a legal appeal filed last year by Microsoft Corporation that was argued before the U.S. Court of Appeals for the Second Circuit more than seven months ago.

Go

EU Regulators Decline to Support Privacy Shield Agreement

In the latest twist in the ongoing saga of the EU-U.S. Privacy Shield data transfer agreement, EU data protection authorities (commonly known as the Article 29 Working Party) stated on Wednesday that it would not affirm the adequacy of the Privacy Shield deal.

Go

Government Seeks Civil Forfeiture of Funds Stolen in Business E-Mail Fraud

On April 14, 2016, the U.S. Attorney for the Southern District of New York filed a civil forfeiture action seeking to recover nearly $100 million stolen from an unidentified U.S. company through a form of wire fraud or Automated Clearing House (“ACH”) fraud.

Go

Lessons from the Bangladesh Central Bank Heist

By now, you’ve probably heard about the massive cyber attack that hit Bangladesh’s central bank last month, resulting in the loss of $81 million through fraudulent transfers to accounts in the Philippines.  Although the size and scale of this cyber heist was unprecedented, cybercrime targeting ACH (Automated Clearing House) financial transactions is nothing new.  Financially motivated hackers regularly target ACH systems.

Go

U.S. v. Microsoft - What you need to know about one of the most important privacy cases of the decade

The U.S. Court of Appeals for the Second Circuit has in its hands one of the most closely-watched privacy cases in recent memory. U.S. v. Microsoft addresses an issue of critical importance to U.S. businesses — whether companies must comply with orders from the U.S. government to turn over electronic data, even when that data is stored on a server outside of the U.S. A ruling is expected any day. 

Go

EU Commission and United States Agree on New “Privacy Shield” for Trans-Atlantic Data Flow

U.S. and European Commission officials announced on Tuesday that they have reached an agreement in principle on a new EU-U.S. Privacy Shield to permit the flow of data between Europe and the United States.  The new deal follows on the heels of reports Monday evening that U.S. and European officials were continuing to negotiate a replacement for the now-defunct Safe Harbor Framework, after officials failed to reach an agreement by the January 31st deadline.

Go

U.S. and European Officials Fail to Reach Agreement for New Data Transfer Deal

American and European officials failed to meet the January 31st deadline for a new agreement on the transfer of data between the United States and Europe, disappointing hopes that the two sides would broker a deal to replace the now-invalidated U.S.-EU Safe Harbor Framework.

Go

Safe Harbor Framework For Data Transfers Between U.S. and EU Invalidated

Earlier today, the Court of Justice of the European Union (CJEU) issued a decision in Maximillian Schrems v Data Protection Commissioner, declaring invalid the EU-U.S. Safe Harbor framework that provided a mechanism for businesses to transfer personal data of European citizens to the United States. 

Go

Experian Data Breach: Regulatory War or Peace?

Following yesterday’s news that Experian Plc, the world’s largest consumer credit monitoring firm, suffered a massive data breach, exposing the personal information of some 15 million people, the post-breach fall out has already started.  The Connecticut Attorney General’s office has announced that is launching an investigation into the breach.  

Go

Department of Homeland Security: “The C-Suite and Cybersecurity”

Federal and state cybersecurity agencies teamed up last week for a two-day summit focused on the evolving nature of cybersecurity threats to New Jersey businesses.  The event was sponsored by the U.S. Department of Homeland Security’s (“DHS”) Critical Infrastructure Cybersecurity Voluntary Program and The New Jersey Office of Homeland Security and Preparedness.

Go

Second Circuit Hears Argument in Microsoft Appeal: How Far Does a U.S. Warrant Reach?

In a 90-minute hearing earlier today, Microsoft Corp. asked the Second Circuit Court of Appeals to reverse a district court decision forcing the technology giant to turn over customer email traffic residing on a server in Ireland. American companies with data centers located outside the U.S., as well as privacy advocates and media organizations are closely watching this case.  During the argument, the Court acknowledged that the “implications of its ruling would be broad.”

Go

Upcoming Oral Argument in US v. Microsoft: Does a U.S. Warrant Apply to Email Stored on a Foreign Server?

On September 9th, the Second Circuit Court of Appeals will hear a case with global business, technology, and legal implications. The case, United States v. Microsoft, presents a deceptively simple question: What’s a multinational company to do when it receives a U.S. court order to turn over customer emails that are stored on a server in a foreign country and that may be subject to different data privacy laws?

Go

Welcome to Our Blog

We are pleased to announce the launch of Data Security Law Blog, Patterson Belknap’s newest resource for the latest news, analysis and thought leadership in the critical area of privacy and cybersecurity law.

Go