joeross.me Profile Photo

joeross.me

Civil litigation lawyer. Interested in the collision of law & tech policy. Prone to geekery.

Bloomberg

    United Airlines Tumbles After Social-Media Storm Goes Global

    United Airlines Tumbles After Social-Media Storm Goes Global

    Justin Bachman and Linly Lin reporting at Bloomberg Markets:

    United Chief Executive Officer Oscar Munoz apologized on Monday for “having to re-accommodate these customers.” The airline is conducting a review and seeks to resolve the matter with the man who was dragged off the airplane, Munoz said in an emailed statement. In a subsequent message to employees, the CEO called the passenger “disruptive” and “belligerent.”

    This debacle is still unfolding but will clearly end up in PR textbooks.

    Secret Cameras Record Baltimore’s Every Move From Above

    Secret Cameras Record Baltimore’s Every Move From Above

    Pritchett had no idea that as he spoke, a small Cessna airplane equipped with a sophisticated array of cameras was circling Baltimore at roughly the same altitude as the massing clouds. The plane’s wide-angle cameras captured an area of roughly 30 square miles and continuously transmitted real-time images to analysts on the ground. The footage from the plane was instantly archived and stored on massive hard drives, allowing analysts to review it weeks later if necessary.

    It must be the NSA or the CIA or the FBI, right? They must have a warrant, right? They must be deleting the video after a certain period of time, right?

    Wrong.

    It’s the Baltimore Police Department. The article and accompanying video clarify the motivation of the company providing the technology and the service to BPD. Founder Ross McNutt says he hopes technology like his will have a deterrent effect on crime in cities where its deployment is disclosed. That’s a good goal but it’s not the BPD or the company’s founder I’m worried about.

    Anything on a hard drive that isn’t air gapped is vulnerable to exfiltration by hackers. That includes a massive digital video recorder covering an entire city for an indeterminate amount of time.

    Scary stuff.

    Some policy thoughts on corporate "revenge hacking"

    Michael Riley and Jordan Robertson, reporting a fascinating story at Bloomberg:

    In the U.S., companies are prohibited by the 30-year-old Computer Fraud and Abuse Act from gaining unauthorized access to computers or overloading them with digital demands, even to stop an ongoing attack.

    The act exempts intelligence and law-enforcement activities, allowing the government to respond more aggressively than private-sector firms. There’s little indication, though, that military and intelligence agencies have used their most powerful tools to shut down attacks on businesses, as the U.S. has attempted to address foreign-based hacking through diplomacy and the courts.

    Diplomacy and the courts are clearly inadequate channels for preventing, halting or discouraging foreign-based hacking.

    The question, then, is whether the U.S. government will use its broader “revenge” authority under the CFA to defend not only itself but private U.S. companies. This method would be problematic from a funding perspective, and may cause diplomatic friction.

    Alternatively, the CFA could be amended to allow “proportional responses” by private U.S. companies to foreign-based hacking. This method would be problematic from oversight and transparency perspectives, subjecting revenge hacking to market dynamics and the “black box” in which companies conduct so much of their business (especially when they’re privately held).

    Yes, companies often have to deal with reporting requirements in the aftermath of a major data breach, but they don’t have to disclose any countermeasures under any current state or federal notification regime I can find.

    Perhaps the best solution would involve some hybrid of these. For example, a department of government investigators and hackers could be assigned in small groups to companies facing imminent or ongoing foreign-based hacking.

    They could embed into the companies like journalists sometimes embed into military units, assisting the company in its response and pulling the trigger on revenge hacks, insulating the company from CFA immunity.

    The hybrid method minimizes government expense, maximizes company involvement and allows for the use of transparency laws such as the Freedom of Information Act by journalists and policy analysts to peek inside the black box.

    I’m obviously not going to come up with a perfect solution in a short blog post, but it’s worth thinking about.

    Image by the author

    Google fighting National Security Letter

    Google fighting National Security Letter

    The letters, issued by federal authorities investigating national security concerns, prohibit recipients from disclosing that they have received them, let alone what they’re asking for. The Judge in Google’s case1 struck down the law’s gag order provision as violative of the First Amendment, but has stayed the effect of that decision while the government pursues an appeal.

    I should note that I essentially paraphrased the Wikipedia article for that second sentence, as my knowledge of NSLs is limited. I look forward to reading more on them, and I’m glad to see a company with the clout and caliber of attorneys that Google has questioning the legality of the NSL framework.

    At first glance, it may seem odd that a company that siphons so much data about its users would be so protective of it when the government is asking for it.

    But it makes sense for Google to defend user information: it needs that information to make its advertising products more relevant, Many accept the trade of having their documents and emails scanned and anonymized by Google in exchange for exceptional and free services. If Google fails to protect that information from surveillance via legal tools of questionable constitutionality, the balance of that trade may tip too far for many users.

    Thus, this is one of those rare cases where corporate goals and user concerns are aligned.

    1. The caption for the case in question is In Re Google Inc.’s Petition to Set Aside Legal Process, 13-80063, U.S. District Court, Northern District of California (San Francisco) 

    Panetta Ties Delay of Aid in Mali to Legal Questions

    Panetta Ties Delay of Aid in Mali to Legal Questions

    As I learned in that international law class I took last semester (for which, in case you were wondering, I earned a very respectable grade), there are Administration lawyers working feverishly behind every such move to ensure that we’re complying with international law, or that we have defensible reasons why we are not so compliant.

    Apple Maps lead fired

    Apple Maps lead fired

    Richard Williamson is his name, and shipping a less-than-perfect mapping application on the iPhone 5 was his game, until, as Bloomberg's Adam Satariano reports, Senior Vice President Eddy Cue fired him.

    As an aside, I really like that Bloomberg lists both the reporter’s and the editor’s name and email address at the bottom of stories. More publications should do that.

    FBI examining HP/Autonomy accounting debacle

    FBI examining HP/Autonomy accounting debacle

    HP’s got ninety-nine problems, but a recently-acquired pattern recognition company with possibly-dishonest accounting practices ain’t…

    …oh, nevermind.

    Pandora suing ASCAP for lower licensing fees

    Pandora suing ASCAP for lower licensing fees

    Don Jeffrey of Bloomberg:

    Pandora also claims that it’s entitled to lower rates because some large music publishers have announced they are withdrawing new media rights from Ascap and negotiating licensing fees directly with Web radio services.

    The times, they are a-changin’.