Tag Archive for Legal

| May 28, 2011
Comments Off on Michigan Troopers Downloading Phone Data Without Warrants?

Michigan Troopers Downloading Phone Data Without Warrants?

Think about this while you are driving around this Memorial Day weekend. – The American Civil Liberties Union of Michigan claims that for several years now Michigan State Police have been using portable devices that allow them to secretly extract personal information from cell phones In an article on Help Net Security the ACLU says that the troopers have used the devices on cell phones of people pulled over for minor traffic infractions as well as people suspected of a crime.

The article says most of the devices used are from CelleBrite and can extract a great number of data from most cell phones, including contacts, text messages, deleted text messages, call history, pictures, audio and video recordings, memory file dumps, and more. GeekOSystems says the Cellebrite UFED Physical Pro Scanner (cut-sheet), were tested by the U.S Department of Justice. The DOJ reported the device was capable of pulling all photos and video from an Apple (AAPL) iPhone in under a minute and a half. Cellebrite says their devices also can extract, “existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags.” It can also extract your highly incriminating ringtones. These devices can also get around password protection, and work on over 3,000 cellphone models according to the website.

Cellebrite UFED Physical Pro ScannerThe ACLU is concerned that the MSP is using these devices to conduct warrantless searches without consent or a search warrant in violation of the 4th Amendment of the U.S. Constitution. Help Net Security reports that the ACLU of Michigan has been requesting information about MSP’s use of these devices for nearly three years by filing Freedom of Information Act requests to the Michigan State Police. The ACLU wants the troopers to reveal the data it collected, but it has had no luck so far. The article indicates that the MSP is stonewalling the ACLU’s Freedom of Information (FOIA) requests resulting in possible court action.

Following those accusations, the Michigan State Police posted their side of the story in an official statement published on its website according to another Help Net Security article. The MSP says it has, “fulfilled at least one ACLU FOIA request on this issue …” The web-posting also claims that devices that the MSP has in its possession can’t extract data without the officer actually having the owner’s mobile device in his hand and they claim the scanners are properly used, “The DEDs (data extraction devices) are not being used to extract citizens’ personal information during routine traffic stops,” it explains. “The MSP only uses the DEDs if a search warrant is obtained or if the person possessing the mobile device gives consent.”

rb-

Wonder why the government keeps trying to make talking on a cell phone while driving a primary offense? Could it be so the government has an excuse to stop people and collect their personal data? The last sentence from the MSP is particularly chilling since people are strongly encouraged to cooperate with the police even when they know they did nothing criminal. Warrantless searches violate the protection against unreasonable search and seizure guaranteed by the 4th Amendment of the U.S. Constitution.

Secure motoring in Michigan!

What do you think?

Does anyone care about privacy anymore?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| July 25, 2010
Comments Off on More Dell Hardware Woes

More Dell Hardware Woes

– Updated 10-08-10 – Dell has settled the lawsuit which claimed the computer manufacturer hid computer defects. The New York Times reports that Dell settled the suit (09-23-2010) brought by Advanced Internet Technologies in Federal District Court in North Carolina. The terms of the tentative settlement were not disclosed.

In the NYT article, Clarence E. Briggs III, chief executive for Advanced Internet, in Fayetteville, NC, declined to comment about the settlement, as did his lawyer. David S. Frink, a spokesman for Dell, in Round Rock, TX, told the NYT “settling the matter is better and more cost-effective for the company than taking the case to trial.”

– Updated 08-15-10 – The New York Times is reporting that Advanced Internet Technologies (A.I.T) is accusing Dell of withholding evidence in their lawsuit, including e-mails among its top executives including Michael Dell, in a filing made Thursday. According to the NYT, A.I.T. filed a motion in Federal District Court in North Carolina asserting that Dell had deliberately violated a court order by failing to produce documents written by its executives, including the company’s chief executive and founder, Michael S. Dell.

In its filing, A.I.T. asserted that Dell had provided only a snippet of the communications among top executives about the faulty computer problems. The NYT says A.I.T. argued that Dell must have had more high-level communications than a “talking points” memorandum sent to Mr. Dell and Kevin Rollins, then the chief executive.

Larry E. Daniel, a digital forensics expert, has filed an affidavit in the case, stating that the handful of messages Dell provided appeared altered and incomplete according to the NYT article. Mr. Daniel suggested that Dell should provide access to the underlying e-mail files rather than cutting and pasting text.

More Dell Hardware WoesHuman error is to blame for the latest Dell hardware gaffe. PCWorld is reporting that a sequence of errors led to Dell’s delivery of motherboards with malware.  On 7-21-10, Dell said that some replacement motherboards for PowerEdge servers may have contained the W32.Spybot worm in flash storage. The malware issue affected a limited number of replacement motherboards in four servers, the PowerEdge R310, R410, R510, and T410 models, according to an email from Forrest Norrod, vice president and general manager of server platforms at the Round Rock, Texas firm.

A sequence of human errors

Dell logoThe company confirmed on 7-21-10  it is in the process of overhauling its testing procedures to resolve issues before sending hardware to customers. “There was a sequence of human errors that led to the issue, That being said, we have identified and implemented 16 additional process steps to make sure this doesn’t happen again,” said Dell spokesperson Jim Hahn.

Hahn did not provide more details to PCWorld on the steps being added to track and resolve such issues. But he said that all affected motherboards had been removed from the service supply chain. Dell is quick to point out that current anti-virus software with updated signatures would flag the malware’s presence and users would have to be running an unpatched version of Windows 2008 or an earlier version of the OS to be vulnerable.

PCWorld cites a Dell quality management specialist who wrote in an e-mail that the code was accidentally introduced during the manufacturing process of the server motherboards. “This flash is the one that holds your BIOS and it can be updated online. If proper security precautions are not in place, the flash chip is every bit as capable of containing a piece of malware as is the hard-disk drive,” according to Jim Handy, director at Objective Analysis, a semiconductor research company in PCWorld.

Simha Sethumadhavan, assistant professor of computer science at Columbia University told PCWorld that this incident shows how hardware, either flash or a processor if hacked, can be used as a way to transmit malware. “All software runs on the hardware. If the processor is hacked then it can subvert all software countermeasures. Since hardware is the root of trust, attacks on hardware are potentially more dangerous.”

Other Recent Dell issues include:

  • According to the New York Times, Dell is being sued for shipping at least 11.8 million OptiPlex computers from May 2003 to July 2005 that were at risk of failing because of the faulty capacitors. A study by Dell found that OptiPlex computers affected by the bad capacitors were expected to cause problems up to 97 percent of the time over a three-year period, according to the lawsuit.  Making problems worse, Dell replaced faulty motherboards with other faulty motherboards. The NYT points out that Dell employees went out of their way to hide these problems. In one e-mail exchange, a Dell worker states, “We need to avoid all language indicating the boards were bad or had ‘issues’ per our discussion this morning.” In other documents, Dell salespeople were told, “Don’t bring this to customer’s attention proactively” and “Emphasize uncertainty.”
  • 2010 Dell announced it was setting aside a $100 million reserve for the first quarter of fiscal 2011, related to a potential settlement with the U.S. Securities and Exchange Commission. The SEC began investigating Dell in 2005 over accusations of misleading auditors and fabricating financial information, which allowed the company to exaggerate its performance. Dell has already restated some of its financial results reported before 2007. it is reported that founder and CEO Michael Dell faces a separate fine totaling $4 million. “Accuracy and completeness are the touchstones of public company disclosure under the federal securities laws,” said SEC enforcement director Robert Khuzami. “Michael Dell and other senior Dell executives fell short of that standard repeatedly over many years, and today they are held accountable.”
  • 2010 Dell announced that the company and chairman and CEO, Michael Dell, have proposed settlements to the staff of the US Securities and Exchange Commission (SEC) over claims of illegal accounting practices. It is reported that the original case and investigation dates back to 2006 when Dell employees misled auditors and manipulated results to meet performance targets.
  • 2010 A federal appeals court reinstated a class-action lawsuit accusing Dell of selling defective notebook computers. The lawsuit alleges that Dell Inspiron notebooks bought between July 2004 and January 2005 had inadequate cooling systems, power supplies, and motherboards which caused the notebooks to shut down without warning, fail to boot up or deteriorate too quickly. (Reuters)
  • 2009 The New York Times and IDC confirmed that Acer overtook Dell as the Number 2 PC maker during the third quarter of 2009.
  • In 2008 A New York judge concluded that Dell engaged in repeated false and deceptive advertising of its promotional credit financing and warranties according to the New York Times.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| April 8, 2010
Comments Off on Update Email Policy

Update Email Policy

Update Email PolicyA court case coming out of New Jersey could impact most firms’ privacy and security practices according to an article on DarkReading. The New Jersey Supreme Court recently ruled in Stengart v. Loving Care Agency, Inc., 408 N.J.Super. 54, 973 A.2d 390 (Superior Ct., A.D. 2009) that an employer can not read email messages sent via a third-party email service provider, even if the emails are accessed during work hours from a company PC.

The court found the company’s policy on email use to be vague, noting it allows “occasional personal use.” “The policy does not address personal accounts at all,” the decision said. “The policy does not warn employees that the contents of such emails are stored on a hard drive and can be forensically retrieved.”

The ruling written by Chief Justice Stuart Rabner in part states that the employee could, “reasonably expect that emails she exchanged with her attorney on her personal, password-protected, web-based email account, accessed on a company laptop, would remain private.” Rabner continues that the employee, “Plainly took steps to protect the privacy of those emails and shield them from her employer. She used a personal, password protected email account instead of her company email address and did not save the account’s password on her computer.

The law firm of Jackson Lewis provides a legal overview of the case on their blog, The Workplace Privacy Data Management and Security Report recommends that employers consider modifying their existing electronic communication policies to include:

  • Clear notice that personal, web-based emails accessed using company networks and stored on company networks or company computers can be monitored and reviewed by the company (of course, care should be taken here to avoid concerns under the Electronic Communications Privacy Act and the Stored Communications Act);
  • Definitions of the specific technologies and devices to which the policies apply;
  • Warnings that web-based, personal e-mail can be stored on the hard drive of a computer and forensically accessed;
  • No ambiguities about personal use.

Rb-

I am no lawyer, be sure to consult your attorney about this and all legal issues, in my opinion, this ruling is new law-making. The new laws are applicable only in New Jersey for now. However, unless the U.S. Supreme Court overturns this new law it will be the starting point for all other ligation. Firms should begin reviewing and updating their technology policies to protect themselves from this new law.

An interpretation of the ruling suggests that employees have to be specifically warned that it is possible to forensically retrieve data from the firm’s computers. In this ruling, the Court found, “the Policy does not warn that the contents of personal, web-based e-mails are stored on a hard drive and can be forensically retrieved and read.”

Sounds like another shot in the arm for the content filtering firms.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| April 25, 2009
Comments Off on Wi-Fi Settlement to Cost Billions

Wi-Fi Settlement to Cost Billions

Wi-Fi Settlement to Cost BillionsAustralia’s national science agency, the Commonwealth Scientific and Industrial Research Organization (CSIRO) has won its Wi-Fi patent troll case. They confirmed (4-22-09) that the patent cases heard in the Eastern District Court of Texas as concluded “successfully.” CSIRO sued most of the tech world over its claim of inventing the technology behind Wi-Fi Wireless Local Area Networks (WLANs).

Australia's Commonwealth Scientific and Industrial Research OrganizationCSIRO claims to have patented core elements of the technology used in 802.11a and 802.11g wireless devices. “CSIRO has negotiated settlement with each of the 14 companies involved in four concurrent litigation cases,” the agency said in a statement. “The commercial terms of the settlements with these companies will remain confidential.

Wi-Fi patent claim

The CSIRO first applied for the US patent in 1993. It was awarded US patent number 5,487,069, entitled “Wireless LAN” on 23 January 1996. The patent describes a “peer-to-peer wireless LAN” that can operate in the kind of multi-path environment created by radio echoes in typical office buildings. It includes three ways to get high-speed transmission despite the hostile conditions in an office environment. First, they describe transmitting over a relatively large number of parallel sub-channels within the available bandwidth so that each channel has a low bit rate. Second, the patent describes transmitting data in small packets with forward error correction (FEC) and using interleaving. These concepts are all featured in descriptions of the 802.11 physical layer CISRO claims to have patented core elements of the technology used in 802.11a, 802.11g, and 802.11n wireless devices.

negotiated settlementCSIRO has previously said that its patent allowed speed increases up to a factor of five over previous WLANs. They claimed to have, “offered licenses on reasonable and non-discriminatory terms to major suppliers as soon as they started selling devices which used the CSIRO technology.

However, troubles began following the Cisco (CSCO) acquisition of Radiata from Macquarie University. The university had carried out for the purpose of commercializing CSIRO’s technology. Now CSIRO claims the work forms a key part of commonly used Wi-Fi products

The CSIRO filed Wi-Fi patent infringement suits against 3Com, Accton (2345), ASUS (2357), Belkin, D-Link (DLINK), Fujitsu (6702), Marvell (MRVL), (manufacturers of Apple’s (AAPL) iPod), Nintendo (7978), SMC and Toshiba (TOSBF). Several large technology vendors bit back – with  Apple, Dell (DELL), HP (HPQ), Intel (INTC), Microsoft (MSFT), and Netgear (NTGR) bringing cases against CSIRO in trying to have the patent invalidated.

In June 2007, the CSIRO won a case in the U.S. Federal Court against Japanese manufacturer Buffalo Technologies. This win is the basis the firm has used to demand royalties from a broader set of manufacturers that market Wi-Fi equipment.

As the case has played out in the last few weeks in and out of the Texas court, CSIRO struck individual deals with its adversary’s including; Dell, Fujitsu, HP, Intel, and Microsoft

HP was the first to settle on 04-02-09. CSIRO spokesperson Huw Morgan said, “CSIRO can confirm that a settlement has been reached with Hewlett-Packard Company in relation to the wireless patent case.” Mr. Morgan continued  in the Sydney Morning Herald, “There will be no further comment at this time due to confidentiality and ongoing litigation.

Fujitsu logoFujitsu Computer Systems Corp. was dismissed by the Court with prejudice in the first court-approved settlement to emerge in the case on April 8. The terms of the settlement remain confidential.

PC manufacturer Asus and Microsoft separately settled their lawsuits with the CSIRO on 04-14-09 terms of the settlement were not disclosed. CSIRO had accused Microsoft of wrongfully using its patent. Microsoft was seeking a ruling of non-infringement for the wireless technology included in the Xbox video-game system.

Microsoft logoIntel and Dell also settled on 04-19-09 for undisclosed and confidential terms.

Accton Technology Corp., SMC Networks, Belkin Corp. and Belkin International, Inc., D-Link Systems, Inc., Netgear, Inc., Nintendo of America, Inc., Toshiba America Information Systems, Inc., and 3Com Corp., announced on 4-20-09 that they had reached a settlement with CSIRO.

Cisco and its Linksys division aren’t on CSIRO’s list. Cisco agreed to patent terms when it acquired an Australian network authentication firm a few years ago. Apple dropped out in December 2006.

Dr. Alex Zelinsky, director of the CSIRO ICT Center confirmed that all CSIRO opponents had chosen to settle the wireless case. CSIRO deputy chief of operations Mike Whelan said that the terms of the settlement would remain strictly confidential. Dr. Zelinsky speculated to ITNews, however, that the payoff could be worth upwards from $100 million up to a billion dollars and keep royalty payment flowing into the agency for up to a decade.

Timeline

  • November 1993: CSIRO lodges a US patent for the invention of a wireless LAN.
  • January 1996: US patent 5,487,069 is issued to CSIRO.
  • 1997: CSIRO and Macquarie University form Radiata, a company established for the purposes of commercializing the patent.
  • 2001: Cisco Systems acquires Radiata for $295 million.
  • 2003: CSIRO engages in patent licensing discussions with several manufacturers, none of which agree to pay licensing fees.
  • February 2005: CSIRO lodges a suit against Buffalo Technology for alleged patent violation in the Eastern District of Texas Court as a test case for its patent.
  • May 2005: Two groups of industry heavyweights — including Dell and Intel, and Microsoft, HP, and Netgear, lodge lawsuits against CSIRO seeking to overturn its patent.
  • November 2006: CSIRO has its patent upheld by the Eastern District of Texas Court in its case against Buffalo Technology.
  • September 2006: CSIRO counter-sues the industry parties attempting to overturn its patent, claiming these companies infringe on its patents.
  • September 2007: CSIRO refuses to offer any amnesty to IEEE members that infringe on its patent.
  • April 02, 2009, HP settles suit.
  • April 13, 2009, Microsoft settles suit
  • All other firms settle the suit on April 20, 2009.

rb-

If your installation includes Aruba, Meru, or Trapeze, you can hope that CISRO goes back to developing Wearable Instrument Shirts or Airhockey Over a Distance, and not squeezing more revenue for the taxpayers of Australia out of this initial victory by going after all the other Wi-Fi vendors.  If upheld, CSIRO will collect what it has often described as a small royalty on all devices containing Wi-Fi.

The cases are:

  • Intel Corp. v. Commonwealth Scientific and Industrial Research Organization, 06cv551
  • Microsoft Corp. v. Commonwealth Scientific and Industrial Research Organization, 06cv549, U.S. District Court, Eastern District of Texas (Tyler)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: wi-fi | Tags: , , , , , , , , , , , , , , , , , , ,
  Recent Entries »