Tuesday, September 18, 2007

Cyber Criminals Becoming More Professional


[Source: Symantec Corporation]

Cyber crime is turning into a professional business, according to Symantec’s latest Internet Security Threat Report. The report, which outlines activity from Jan. 1, 2007 through June 30, 2007, indicates phishing scammers are using more professional attack methods. More attackers are being driven by fortune, the report indicates, instead of fame. Rather than seeking out individual targets, the report indicates today’s cyber criminals are waiting for their victims to come to them with 61 percent of all vulnerabilities disclosed in Web applications. Using business-like practices, credit cards were the most commonly advertised commodity on underground economy servers, comprising 22 percent of all advertisements. In addition, with online gaming one of the most popular Internet activities, malicious code that attempted to steal account information for online games made up 5 percent of the top 50 malicious code samples.

Monday, September 17, 2007

Criticism, Comment?


link
Baltimore Business Journal - September 17, 2007

Subpoena Power

Aggressive discovery tactics with e-mail could mark you a 'busy body'
by Matthew A.S. Esworthy

Attorneys are often reminded that the subpoena is a powerful tool that must not be abused.

Yet litigators are also taught to leave no stone unturned. The latter imperative often trumps the former as some attorneys routinely issue broad "scorched earth" subpoenas for fear of missing critical evidence.

Such aggressive discovery tactics are common when the object of discovery is e-mail. A personal or business e-mail account offers a well-organized and voluminous trove of information about the account holder's activities. A diligent attorney may feel that the more e-mail he can access, the better prepared he will be.

In this electronic age, it has become common for attorneys to request that the adverse party produce any and all e-mail correspondence in their care, custody, or control relating to the litigation. Often this request leads to the familiar response that "there are no responsive documents."

So what is one to do? Some have decided to issue a subpoena duces tecum to the third-party custodian of the adverse party's e-mail accounts (i.e., Yahoo! or Google), essentially circumventing the account holder.

From the subpoenaing attorney's perspective, this is bad fortune disguised as good, as a recent decision from the U.S. Court of Appeals for the Ninth Circuit illustrates. The case of Theofel v. Farey-Jones is a compelling and little-noticed warning against issuing such subpoenas to third-party e-mail service providers.

The tale of woe arose from actions taken by counsel in a separate lawsuit between Alwyn Farey-Jones and the officers of a company called Integrated Capital Associates Inc. (ICA). During the discovery process, Farey-Jones's attorney subpoenaed the company's Internet service provider, Netgate, requesting all e-mails ever sent or received by anyone at ICA.

After raising an informal objection, Netgate eventually provided access to 339 e-mail messages, the majority of which were private, personal, and unrelated to the litigation.

Farey-Jones and his attorney read the correspondence without notifying opposing counsel. When ICA learned of this, it asked the court to quash the subpoena and sanction Farey-Jones.

The magistrate judge did so, faulting Farey-Jones for issuing a "massively overbroad" and "patently unlawful" subpoena that violated the Federal Rules of Civil Procedure, which insist that attorneys "take reasonable steps to avoid imposing undue burden or expense" on those they subpoena. The magistrate judge hit Farey-Jones and his attorney with more than $9,000 in sanctions.

The punishment did not end there. The ICA employees whose e-mail had been compromised filed a civil lawsuit against Farey-Jones and his attorney, claiming they had violated three federal statutes: the Stored Communications Act, the Computer Fraud and Abuse Act, and the Wiretap Act.

The District Court dismissed the claims, but the Ninth Circuit reversed with regard to the first two of these three laws, paying special attention to the Stored Communications Act.

Why should Farey-Jones and his lawyer be civilly liable for reviewing e-mail produced only after receiving Netgate's permission to do so? The operative word under the Stored Communications Act is authorization, specifically the authorization of the individual who uses the e-mail account, and not that of the third-party custodian.

Theofel considers this question in light of the common law of trespass. Just as a "busy body" who gains access to a house by posing as a meter reader is a trespasser, so too are Farey-Jones and his attorney liable for gaining access to protected e-mail with an improper subpoena.

"The subpoena's falsity transformed the access from a bona fide state-sanctioned inspection into private snooping," the court wrote.

Interestingly, Netgate is protected in this instance by a safe harbor provision in the Stored Communications Act that exempts third-party service providers from liability. An employer that turns over employee correspondence from the company's e-mail system would likewise be protected.

The subpoenaing attorney, however, is fully exposed. Theofel cautions lawyers preparing to subpoena a third-party for an account-holder's e-mail; once you serve the subpoena, you are rolling the dice, not only for yourself, but for your client.

Inasmuch, this particular subpoena is best left unserved.

Matthew A.S. Esworthy, a trial attorney at Shapiro Sher Guinot & Sandler, can be reached at mase@shapirosher.com.

Wednesday, September 12, 2007

$6000 Reward


link
Knowledge Networks pays $300,000 to settle internal copyright complaint
Firm's marketing group distributed press packets to employees containing newspaper and magazine articles under copyright

By Grant Gross, IDG News Service
August 16, 2007

Analyst firm Knowledge Networks has agreed to pay $300,000 to settle a complaint that it distributed news articles to its employees without permission of the copyright owners, a trade group announced Thursday.

The Knowledge Networks settlement is the first under the Software & Information Industry Association's Corporate Content Anti-Piracy Program, launched in October.

Knowledge Networks' marketing group had been distributing press packets to some employees on a regular basis, the SIIA said. Those packets contained articles under copyright and owned by SIIA members such as the Associated Press, United Press International, and publishing company Reed Elsevier, the trade group said.

SIIA litigation counsel Scott Bain called Knowledge Networks a "reputable company that made a very costly mistake." One of SIIA's goals for the settlement is to deter copyright infringement and educate other companies about the need for compliance programs, he said. . . .