Eduard Goodman of CyberScout writes: The history of proving one’s identity with official documentation dates back 600 years to the realm of King Henry V in England. Prior to that, your name and local reputation was pretty much all you needed to prove who you were. The Safe Conducts Act of 1414 created the first…
Category: Commentaries and Analyses
Humanitarian data breaches: the real scandal is our collective inaction
Nathaniel A. Raymond, Daniel P. Scarnecchia, and Stuart R. Campo write: The news that a platform used by at least 11 major operational NGOs and UN agencies may be relatively easy to breach, potentially exposing the personal, location, and demographic data of tens of thousands of highly vulnerable people, is deeply disturbing but not surprising….
Superseding indictment filed in Justin Shafer case
As anticipated, federal prosecutors have filed a superseding indictment in their case against dental integrator and vulnerability researcher Justin Shafer. For those in a rush, the TL;DR version is that they have basically transformed a bullshit two-count indictment into a bullshit three-count indictment. [For the benefit of law enforcement in Texas, that preceding sentence is…
When Employees Go Rogue: Are Employers Vicariously Liable for the Privacy Breaches of Their Employees?
Sara D.N. Babich of McCarthy Tétrault LLP has a commentary on employer liability for employee wrongdoing under Canadian law. Her analysis includes discussion of the recent UK decision in the Morrisons data breach case. Here’s how Babich’s article begins: Although there has not yet been a definitive answer to this question in Canada, based on recent…
Inside the Stanford Breach: Sexual Assault, Disciplinary and Financial Data Exposed
A series of cybersecurity vulnerabilities at Stanford University exposed thousands of sensitive files containing details of sexual assault investigations, disciplinary actions and more. The details of what happened—and why it should be an object lesson for higher education. A special three-part blog series. Craig A. Newman of Patterson Belknap writes: Part 1 In three separate…
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto reports: An attack on a single IV infusion pump or digital smart pen can be leveraged to a widespread breach that exposes patient records, according to a Spirent SecurityLabs researcher. Saurabh Harit, managing consultant with Spirent, will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat…