Articles Posted in Cyber Security Law

Americans value their privacy. It is considered a right. Americans especially value the right to privacy from government intrusions. The Constitution’s 4th Amendment, which requires probable cause for a warrant to search or seize a person’s belongings, has been interpreted to include this right to privacy. This Constitutional protection against unreasonable searches and seizures applies to governmental actions. But what about the actions of private companies? Can private companies search our stuff?

For private companies to be able to search our stuff, they generally get our permission. Many people don’t realize they’re giving permission for their computers and phones to be searched because the permission is couched in the fine print of the terms and conditions of the product they’re using. And to be able to use the product, the terms and conditions must be agreed to. For example, when someone sets up a new iPhone, accepting Apple’s terms and conditions is required for the phone to be used.

Included in Apple’s new terms and conditions for its iPhone will be a term allowing a program to search phones for child pornography. The program that will search iPhones for child pornography (called Child Sexually Abusive Material in Michigan) is called NeuralHash. This program will search the phone’s contents for hash values that indicate child pornography. Hash values are essentially digital fingerprints of files. NeuralHash will search hash values as opposed to actually viewing the files. If the hash values indicate child pornographic images as defined in the National Center for Missing and Exploited Children’s (NCMEC) database, NeuralHash will alert the NCMEC. From there, law enforcement could be alerted, a warrant obtained, the devices seized and searched, and criminal charges filed.

On May 8, 2021 Colonial Pipeline, an operator of a major gasoline pipeline based in Alpharetta, Georgia, fell victim to a major cyber-attack resulting in the shutdown of all its pipeline operations.   Colonial Pipeline currently supplies approximately 45% of the fuel supply to the US East Coast.  It is unknown at the present time how long the pipeline operations will be down, if they are down for an extended period this would likely affect the price of gasoline.

Colonial Pipeline was attacked by a ransomware threat.  Ransomware is a type of malware that will target data and hold it hostage until the demands of the hacker are met.  Sometimes ransomware can also lock down a system and block access to systems until demands are met.

Typically, the demands of the hacker are financial and will require the payment of a sum of money until the data is released or access to the systems is restored.  Colonial Pipeline has not released any details on the specifics behind their attack other than they were attacked by ransomware and are moving quickly to resolve the cyber-attack and restore operations.

Cyber-attacks in general are on the rise.  In 2020 we witnessed security breaches at Solarwinds, Twitter, and Marriott and many other businesses. But hackers are no longer just focusing on the big giants.  Today’s headlines include prominent law firms who are falling victim to cyber-attacks.  Recently, we saw Jones Day law firm on the defense of a cyber-attack.  Jones Day, who has many prominent clients including former President Donald Trump, had files stolen and posted on the dark web.  But Jones Day is not alone, many law firms lack strong cybersecurity programs, thus making them prime targets to cyber-attacks.

Today, bad actors continue to scope out new targets.  Law firms are an attractive target because of the sensitive data that they retain.  Many law firms have access to highly confidential corporate data in addition to sensitive individual personal data.   Law firms house highly sensitive information like financial data, corporate strategies, trade secrets, business transaction information, and other private information.  In all these cases, law firms have both a legal and ethical obligation to protect their client’s data.  As lawmakers attempt to enact legislation to protect consumer’s data, this ever changing legislative landscape is often difficult to maintain and implement.

Relying on in-house counsel or your IT department is not enough.  To ensure your law firm is ready for a data breach, it is critical to have a cybersecurity attorney on retainer.   IT security professionals are stretched thin.  Many outsourced IT resources have multiple clients that they service.  In an environment where we find a shortage of security expertise, recruitment and retainment of IT security staff is a challenge.  They are often difficult to find and if you are lucky to have a dedicated IT security professional, rarely do they understand the law.  State, local and sometimes international laws have specific legal requirements for the protection of private and privileged information, an IT team cannot manage on their own.

The Barone Defense Firm is pleased to announce that Orosia Adams has joined the Barone Defense Firm team!  Orosia is an accomplished and skilled lawyer with comprehensive experience in providing legal guidance to businesses and the individuals who own and run them.  Ms. Adams will be assisting the Firm in expanding their cannabis law practice, as well as developing related practice areas: cybersecurity and tax compliance.

Patrick Barone, the Firm’s founding partner and CEO, is enthusiastic about Ms. Adams’ role with the Barone Defense Firm, and said:

“Since its founding, the Barone Defense Firm has primarily focused on criminal defense litigation in Michigan’s state and federal Courts. Ms. Adams allows us to better serve our clients in other areas of law, including regulatory compliance and enforcement. She possesses broad industry knowledge and a unique set of skills and experiences and having her of counsel to the Firm will allow us to better serve future and existing clients.

Contact Information