Entries Tagged "courts"

Page 15 of 30

Petition the U.S. Government to Force the TSA to Follow the Law

This is important:

In July 2011, a federal appeals court ruled that the Transportation Security Administration had to conduct a notice-and-comment rulemaking on its policy of using “Advanced Imaging Technology” for primary screening at airports. TSA was supposed to publish the policy in the Federal Register, take comments from the public, and justify its policy based on public input. The court told TSA to do all this “promptly.” A year later, TSA has not even started that public process. Defying the court, the TSA has not satisfied public concerns about privacy, about costs and delays, security weaknesses, and the potential health effects of these machines. If the government is going to “body-scan” Americans at U.S. airports, President Obama should force the TSA to begin the public process the court ordered.

The petition needed 150 signatures to go “public” on Whitehouse.gov (currently at 296), and needs 25,000 to require a response from the administration. You have to register before you can sign, but it’s a painless procedure. Basically, they’re checking that you have a valid e-mail address.

Everyone should sign it.

Posted on July 11, 2012 at 12:39 PMView Comments

Dance Moves As an Identifier

A burglar was identified by his dance moves, captured on security cameras:

“The 16-year-old juvenile suspect is known for his ‘swag,’ or signature dance move,” Heyse said, “and [he] does it in the hallways at school.” Presumably, although the report doesn’t make it clear, a classmate or teacher saw the video, recognized the distinctive swag and notified authorities.

But is swag admissible to identify a defendant? Assuming it really is unique or distinctive—and it looks that way from the clip, but I’m no swag expert—I’d say yes.

Posted on April 19, 2012 at 1:03 PMView Comments

The Effects of Data Breach Litigation

Empirical Analysis of Data Breach Litigation,” Sasha Romanosky, David Hoffman, and Alessandro Acquisti:

Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff’s chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement.

The full paper is available by using the one-click download button.

Posted on March 27, 2012 at 6:46 AMView Comments

U.S. Federal Court Rules that it Is Unconstitutional for the Police to Force Someone to Decrypt their Laptop

A U.S. Federal Court ruled that it is unconstitutional for the police to force someone to decrypt their laptop computer:

Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.

Here’s the actual decision. And another blog post.

Note that this a different case, and an opposite ruling, than this. Although the legal experts say that the rulings are not actually in conflict:

Also note that the court’s analysis isn’t inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion.

Posted on February 27, 2012 at 5:49 AMView Comments

What Happens When the Court Demands You Decrypt a Document and You Forget the Key?

Last month, a U.S. court demanded that a defendent surrender the encryption key to a laptop so the police could examine it. Now it seems that she’s forgotten the key.

What happens now? It seems as if this excuse would always be available to someone who doesn’t want the police to decrypt her files. On the other hand, it might be hard to realistically forget a key. It’s less credible for someone to say “I have no idea what my password is,” and more likely to say something like “it was the word ‘telephone’ with a zero for the o and then some number following—four digits, with a six in it—and then a punctuation mark like a period.” And then a brute-force password search could be targeted. I suppose someone could say “it was a random alphanumeric password created by an automatic program; I really have no idea,” but I’m not sure a judge would believe it.

Posted on February 13, 2012 at 5:20 AMView Comments

The Idaho Loophole

Brian C. Kalt (2005), “The Perfect Crime,” Georgetown Law Journal, Vol. 93, No. 2.

Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment’s Vicinage Clause. Although lesser criminal charges and civil liability still loom, the remaining possibility of criminals going free over a needless technical failure by Congress is difficult to stomach. No criminal defendant has ever broached the subject, let alone faced the numerous (though unconvincing) counterarguments. This shows that vicinage is not taken seriously by lawyers or judges. Still, Congress should close the Idaho loophole, not pretend it does not exist.

Posted on February 1, 2012 at 6:05 AMView Comments

An Interesting Software Liability Proposal

This proposal is worth thinking about.

Clause 1. If you deliver software with complete and buildable source code and a license that allows disabling any functionality or code by the licensee, then your liability is limited to a refund.

This clause addresses how to avoid liability: license your users to inspect and chop off any and all bits of your software they do not trust or do not want to run, and make it practical for them to do so.

The word disabling is chosen very carefully. This clause grants no permission to change or modify how the program works, only to disable the parts of it that the licensee does not want. There is also no requirement that the licensee actually look at the source code, only that it was received.

All other copyrights are still yours to control, and your license can contain any language and restriction you care to include, leaving the situation unchanged with respect to hardware locking, confidentiality, secrets, software piracy, magic numbers, etc. Free and open source software is obviously covered by this clause, and it does not change its legal situation in any way.

Clause 2. In any other case, you are liable for whatever damage your software causes when used normally.

If you do not want to accept the information sharing in Clause 1, you would fall under Clause 2 and have to live with normal product liability, just as manufacturers of cars, blenders, chainsaws, and hot coffee do.

Posted on September 23, 2011 at 5:22 AMView Comments

1 13 14 15 16 17 30

Sidebar photo of Bruce Schneier by Joe MacInnis.