The Indispensability of Cyber Counterintelligence

You already know what a threat hacking and data breaches are to your business, right? Good. In that case, you will appreciate the following post from my friends at SpearTip about cyber counterintelligence. Here’s a little teaser:

If your organization is not yet retaining a provider that specializes in this technique, referred to as “Cyber Counterintelligence”, you may be significantly behind in the ever-challenging battle to indemnify yourself against catastrophic cyber breeches.

The Indispensability of Cyber Counterintelligence

Presentation: Helping Businesses Prepare for Computer Fraud and Data Breaches

Last night I had the wonderful opportunity to present to IMA – The Association of Accountants and Financial Professionals in Business on the topic of Helping Businesses Prepare for Computer Fraud and Data Breaches. Here are the presentation slides.

I was really impressed with the quality of this event on many levels — these folks really put on first class meetings so, for those of you who are accountants or financial professionals, I would encourage you to check them out. The facilities were great, the people were great, the food was great and it’s amazing how insightful and inquisitive a group can be when wine is served! Seriously, if you spend much time presenting to groups, you can tell when an audience is interested and paying attention or when they’d rather be some place else — this group was focused and their questions showed it. It was a real pleasure for me. The icing on the cake, however, was at the end when I was told that the organization would make an honorarium to my favorite charity — Cure JM of course! Much thanks!

Social Media Law: Video Presentation for Social Media Breakfast

The full video of my recent presentation on social media law is now available!

On August 30, 2012, I made a presentation to Social Media Breakfast Dallas titled Social Media Law: It is Real and, Yes, It Can Impact Your Business. The presentation was about social media law and how it relates to businesses using social media. The presentation was professionally videoed by Jason (@jcroftmagic) and the great people at Magic Production Group (@magicprogroup) and they did a fantastic job on the production! The full video presentation is embedded on both Vimeo and YouTube below and you can also access it by clicking on the links for Vimeo and YouTube. As always, please feel free to contact me if you would like to discuss these issues any further! Shawn Tuma: @shawnetuma / stuma@brittontuma.com / 214.726.2808.

<p><a href=”http://vimeo.com/49071894″>Shawn Tuma – Social Media Law</a> from <a href=”http://vimeo.com/magicvideoinc”>Magic Production Group</a> on <a href=”http://vimeo.com”>Vimeo</a&gt;.</p>

Is a “Like” Protected Speech? Is It Different Than Giving “The Finger”?

I was recently asked my thoughts on the “Facebook ‘Like’ Case” on this blog’s Facebook Page and I decided that I would share my thoughts here as well given that this is such a burning issue in social media law. The short answer: I believe it was wrong for the court to find that a “Like” is not protected speech.

Here is the simplest reason I know to demonstrate why:

Image

Now for the explanation!

The case we are talking about is Bland v. Roberts, 4:11cv45 (E.D. Va. Apr. 24, 2012) (click on the link for the opinion). There are a lot of issues in this case about which I do not profess to have any particular expertise but, the issue that has garnered the most attention is whether a “Like” can be considered “protected speech”. This issue has received a lot of attention and I am not really going out on a limb here because I agree with most of the commentators.

The essence of the case is as follows: Bland was an employee of the Hampton Sheriffs Office, Roberts was the Sheriff, and when Roberts was running for re-election, Bland supported his opponent (Adams) and had “Liked” Adams’ Facebook page. Wanna guess what happened next? Yep – Roberts was re-elected and decided to clean house. Bland sued claiming that his “Like” of Adams’ Facebook page was protected speech.

The Court did not agree and found the “LIke” was not protected speech because it did not make an actual statement:

It is the Court’s conclusion that merely “liking” a Facebook page is insufficient speech to merit constitutional protection. In cases where courts have found that constitutional speech protections extended to Facebook posts, actual statements existed within the record.

*   *   *

These illustrative cases differ markedly from the case at hand in one crucial way: Both Gresham and Mattingly involved actual statements. No such statements exist in this case. Simply liking a Facebook page is insufficient. It is not the kind of substantive statement that has previously warranted constitutional protection. The Court will not attempt to infer the actual content of Carter’s posts from one click of a button on Adams’ Facebook page. For the Court to assume that the Plaintiffs made some specific statement without evidence of such statements is improper. Facebook posts can be considered matters of public concern; however, the Court does not believe Plaintiffs Carter and McCoy have alleged sufficient speech to garner First Amendment protection.

In my opinion a “Like”, like many other forms of expression (verbal and non-verbal) is considered speech and I believe the judge got this wrong and will be overturned on appeal. In the case Hackbart v. City of Pittsburgh, 2:07cv157 (W.D. Penn. 2009), the court found that “giving the finger” a/k/a “flipping the bird” to a police officer was protected speech under the First Amendment. While Hackbart was only a district court opinion, the authority upon which it relied was solid — the United States Supreme Court in Texas v. Johnson, 491 U.S. 397 (1989) — the case that held the non-verbal conduct of burning an American flag was protected speech. So the question is, if it non-verbal expressive conduct of burning a flag or giving the finger is protected speech, why isn’t a “Like“?

On Facebook, you can give a “Like” by virtually pressing the “thumbs up” icon — is that really much different than non-virtually giving the iconic “middle finger up” gesture?

Have You Ever Wondered What A Social Media Lawyer Does?

Readers of this blog will recall that last week I delivered a to Social Media Breakfast titled Social Media Law: It Is Real and Yes, Can Really Impact Your Business. The slides from that presentation are posted HERE and we expect to have the full video of the presentation posted soon. Ok, enough about me!

Today I read a fantastic blog post by Ryan Garcia (@SoMeDellLawyer) on the SoMeLaw Thoughts blog titled What The Heck Does A Social Media Lawyer Do Anyway?  Ryan is a social media attorney with Dell and he answers the question of what a social media lawyer does. He will be teaching a course on Social Media Law next Spring at the University of Texas. Ryan provides a unique insight into social media law from the perspective of someone who is inside a company and looking at this revolutionary new means of communication from the inside out — where most of us “outside counsel” have a different perspective of looking at these things from the outside in. Outside or inside, one thing you can bet, we both have a tremendous interest in #socialmedialaw #somelaw #smlaw #socialmedia #law or any other clever hashtag you can think of to describe it!

One of the things that really caught my attention about Ryan’s post is where he describes the 12 content modules for the class he will be teaching, which contain several of the subject areas that I breakdown when I give my presentations. The 12 modules Ryan uses are as follows:

  1. Social Media Overview and Categorizing Legal Risks
  2. Limiting Legal Risks: Terms and Conditions, Social Media Policies
  3. Corporate Social Media
  4. Copyright
  5. Privacy
  6. Marketing
  7. Contests and Promotions
  8. Employment
  9. Rights of Publicity
  10. Free Speech
  11. Legal Ethics
  12. Brand Damage and the Role of Attorneys

Go check out Ryan’s POST and take a look at my most recent SLIDES — and you should have a great overview of what issues we are dealing with in social media law. Ryan was kind enough to offer for me to pimp some links to my blog and slides on his post so I thought I’d return the favor — so give Ryan a shout-out and tell him thanks for being such a good guy!

Key Points of New California Data Breach Law – A Model for Others?

California Route Marker

Image via Wikipedia

California’s prior data breach law was the first in the nation and turned out to be a model that other states used for their own data breach laws. Whether the new law will have that same effect remains to be seen but, just in case, here is the 30,000 feet view of what it does:

A copy of the new statute, SB 24, essentially does the following:

  • Applies to anyone in California that owns or licenses computer data containing non-public personal information (last name + first name or initial + SS#, DL#, ID#, acct, debit, access #s, medical info, or health ins info)
  • Applies upon discovery or notification of a data breach of “unencrypted personal information”
  • Requires notice (written/electronic/posting) in the most expedient time possible and without unreasonable delay
  • Requires that data breach notifications specifically contain
    • general description of the incident
    • type of information breached
    • time of the breach, and
    • toll-free telephone numbers and addresses of the major credit reporting agencies in California
    • whether notification was delayed because of law enforcement
  • Requires data holders to send a copy of the notice to the Attorney General if the breach affects more than 500 people in California
  • (and a few more pages of details I didn’t cover)

Most of this information was taken from a nice article was written by Tanya Forsheit of InfoLawGroup entitled California Amends Data Breach Law – For Real This Time. Go check it out, this could be a model for things to come!

comScore Lawsuit and that Pesky Loss Requirement of the Computer Fraud and Abuse Act

A jurisdictional threshold to bringing a civil Computer Fraud and Abuse Act claim is that the plaintiffs satisfy the $5,000 loss requirement–generally only costs constitute a loss–not economic damages or violated privacy rights. If you were at the Continuing Legal Education seminar I presented this past Monday, you’ve already heard this, right?

You also heard me say that this loss requirement confuses lawyers and judges alike, right? (hint: check out slide 25 at the right of the screen).

Now take a look at Paragraphs 110 – 112 of the Class Action Complaint in Harris v. comScore that was filed yesterday:

110.   As a result, Defendant’s conduct has caused a loss to one or more persons during any one-year period aggregating at least $5,000 in value in real economic damages.

111.   Plaintiffs and the Classes expended time, money and resources to investigate and remove comScore’s tracking software from his computer.

112.   Plaintiffs and Classes members [sic] have additionally suffered loss by reason of these violations, including, without limitation, violation of the right of privacy.

Do you remember when, during the presentation, I asked what you would always make sure to do if you were the lawyer advising a client considering bringing a civil CFAA claim? (hint: check out slide 31). Did they get it right?

Now you be the judge. Let’s say Comscore files a Motion to Dismiss the Computer Fraud and Abuse Act claim for failure to meet the jurisdictional threshold to bring a civil claim. Do you dismiss the CFAA claim or not? If you find that comScore has adequately pled a loss, which of the allegations suffice and which do not?