Since September 7, 2017, Equifax, one of three credit rating agencies in the United States, has been dealing with the fallout from one of the largest (known) data breaches of personal information, putting 143 million Americans at risk from fraud and identity theft (roughly 44% of the U.S. population).
“Believe nothing you hear, and only one half that you see.” Edgar Alan Poe wrote those words over a century ago, yet if he were alive today he may opt for the darker: “Believe nothing you hear and nothing you see.” Over the past decade, advances in graphics technology have provided visual effects artists the ability to create fantastical new worlds on film and to populate those worlds with people, all with an astounding amount of realism. Of particular interest in this post is the ability of this technology to create realistic digital replicas of actors that can be manipulated like puppets to deliver new cinematic performances without the need for any further input from the actor—such as when the late Peter Cushing was digitally recreated in order to reprise the character of Grand Moff Tarkin in Rogue One: A Star Wars Story.
After counter-protests ended in tragedy, a small group of social media users took to Twitter to expose the identities of the white supremacists and neo-Nazis rallying in Charlottesville, Va. Since last Sunday, the @YesYoureRacist account has been calling on Twitter users to identify participants in the rally. Twitter users identified several white supremacists, including Cole White. Users revealed White’s name and place of residence and his employer reportedly fired him from his job at a restaurant in Berkeley, Calif. Several other employers fired employees identified online as attending the rally. In the wake of what will likely be just the latest incident where such behavior will be exhibited and subsequently called out on social media, it’s a good time to look at doxing and the legal environment in which it exists.
“Pleeeease?!” Buying a quick gift or giving in to your child’s pleas for a new toy is quickly becoming a more serious decision. In the age where toys can happily entertain kids by talking to them, the few precious moments those toys buy parents may not be without risk. It’s possible for anyone within an internet-connected toy’s Bluetooth range to connect to the toy and receive their audio recordings, while being up to 100 feet away. For example, in December 2015, VTech allegedly exposed the personal information of 6.4 million children, which included their names, genders and birthdays. Stealing a child’s personal information is, at the very least, concerning. However internet-connected toys come with an additional danger—localized hacking. Just look at Cayla, an internet-connected fashion doll manufactured and sold by Genesis Toys. My Friend Cayla answers fact-based questions, plays games, reads stories, and even solves math problems. Genesis uses third-party voice-recognition software by U.S.- based company, and the doll requires an iOS/Android application to use the software. The doll’s mobile application researches and supplies Cayla with factual answers to questions, but it also prompts children to set their physical location, parents’ names and school name.
Almost everyone (even my parents) has seen the Crying Michael Jordan meme popping up around the internet and social media. Crying Jordan has appeared in the standard meme form of photoshopped images and gifs but has also inspired Halloween masks and even customized Air Jordan sneakers. TMZ reports that Jordan doesn’t have a problem with it, as long as no one uses it to “promote their commercial interests.” But what if he changed his mind or someone started using it for commercial gain? Could Jordan protect himself against “unauthorized memeing”?
Did you know that your devices are following you and talking amongst themselves? Creepy, right? From ordering products from your smartphone that you added to your shopping cart on your laptop’s browser to streaming a movie from your smartphone that you didn’t finish watching on your desktop, our online and mobile devices have integrated themselves into our lives and taken liberties that may not be apparent to us.
Because celebrities closely guard their names and likenesses, lawsuits claiming high-dollar amounts for violations of those rights are not unusual. But a lawsuit for $2.2 billion dollars for a non-celebrity claiming a restaurant improperly co-opted her photograph for an ad campaign? That’s rare. At year’s end, just before the expiration of the statute of limitations, a Sacramento woman named Leah Caldwell sued Denver-based Chipotle Mexican Grill, the company’s photographer, and Chipotle’s chief executive officer in just such a suit. In doing so, Caldwell showed that you don’t have to be famous to think your face is worth a billion dollars. But is it?
On December 14, 2016, operators of online extramarital dating and social networking website AshleyMadison.com came to an agreement with the Federal Trade Commission, and several States, to settle FTC and related state charges that the website deceived consumers and failed to protect 36 million users’ account and profile information. As we discussed immediately following the July 2015 breach (and in several later posts) the data of some 36 million AshleyMadison.com accounts was posted online. It was reported by KrebsOnSecurity that the breach included the theft of user databases, financial records (including salary information), and other records from AshleyMadison, Cougar Life, and Established Men, three social networking web sites operated by the Toronto, Canada-based firm Avid Life Media, now known as Ruby Corp.
FriendFinder Networks is a company in the adult entertainment, social networking, and online dating space. Several databases from FriendFinder Networks web sites with more than 412 million accounts, including usernames, e-mails, and passwords, have been breached and leaked.
November reports of this data breach on The Verge, LeakedSource and TechCrunch, to name a few, describe it as of one of the largest security breaches of 2016, and possibly the largest breach to date, surpassing the breach of approximately 360 million Myspace usernames, passwords and e-mail addresses reported earlier this year.
Following up on our earlier post regarding the Era of Hashtag Surveillance, the FBI has published documents indicating that it intends to enter into a deal with a Twitter data miner, appropriately named Dataminr (and partially owned by Twitter), for access to its monitoring technology. Techcrunch reports that the FBI disclosed its intent to enter into a licensing agreement with Dataminr for access to Twitter’s “firehose” data stream. As opposed to the normal data streams that Twitter makes available to the public which only provide access to a fraction of the posts made to the site, the “firehose” stream contains all public posts made on Twitter and would essentially allow a user to search, in almost real-time, every post made to the service.
Internet & Social Media Law Blog