Adsense HTML

Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Giving the Government Power to Disrupt

The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 has been subject to criticism   It allows the government to hack into computers of people they think are bad people.  Could innocent bystanders be impacted, just like when Microsoft did protective hacking about 8 years ago?  See  https://www.csoonline.com/article/2449572/microsoft-hammers-no-ip-collateral-damage-includes-hacking-teams-legal-malware.html

Details of the Bill are here:

https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/surveillance-legislation-amendment-identify-and-disrupt-bill-2020

The Law Council has released a 150 page criticism of the Bill.


APRA's cybersecurity strategy

APRA is stepping up its focus on CPS234 in 2021.  This is not a surprise.  The Australian government has a strong focus on cybersecurity (and Defence, and foreign influence).

https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

UK Financial Regulator Publishes Insights from the Cyber Coordination Groups

A UK financial regulator has published a report regarding cybersecurity risks.

"CCG members also noted the development of cloud security as an emerging risk area, and that data held in cloud environments should be encrypted and protected by appropriate intrusion detection/prevention controls. In some cases, it may be advisable to include “kill switch” technology, which allows for immediate disconnection to manage the risk of a cyber attack having a more widespread impact."

See
https://www.ropesgray.com/en/newsroom/alerts/2020/03/UK-Financial-Conduct-Authority-Publishes-Insights-from-the-Cyber-Coordination-Groups

Consequential Loss After Hacking Decision from the USA

An interesting decision from the United States (11th Circuit appeals court) in Silvertop Systems -- decision here.

There is an interesting discussion of consequential loss, that starts at the heading "LMT's Counterclaim for Breach of Contract"

Facts were these:

·         Supplier (Silverpop) provided an email marketing service.  Customers loaded up email addresses and Supplier would send out mass emails in a form specified by the customer to addresses on the list.
·         Hackers got into the Supplier’s system and got access to several customer’s marketing lists, including LMT’s list.
·         The contract between Silverpop and LMT had a confidentiality clause (obligation to protect the list against unauthorised disclosure to third parties) and an exclusion of consequential loss.
·         Amongst the claims and counterclaims, was a claim from LMT that Silverpop had breached the confidentiality obligation and that the damage suffered by LMT was the sale value of the marketing list, which they said was now worthless.

This is what the court decided – assuming it was correct that the value of the marketing list was now zero, that was a consequential loss.  The court discussed the difference between general damages and consequential damages (which is remarkably similar to the old English decision of Hadley v Baxendale).  The direct loss which would have been recoverable by LMT if there had been a breach of the confidentiality obligation was the loss of the value of the service (but that is not what LMT claimed).

How should damages be assessed for privacy and cybersecurity breaches

Listen to this podcast where I discuss how damages should be assessed in privacy and cybersecurity lawsuits. The Lawyers Weekly Show host J...