Australia Looking To Compel Electronic Message Decryption.

Last week, Reuters and other sources reported that the Australian government has proposed laws that would compel companies to provide access to encrypted information. Obviously, asking for such data is conditional upon taking all the proper legal steps.   A Growing Demand Governments the world over have been clamoring for access to encrypted data for […] read more

Target Settles With 47 Attorneys General Over 2013 Hack.

One of the biggest hacks in history was the Target credit hack of winter 2013, which affected approximately 60 million people. Four years later, Target is finally putting the situation behind, settling legal action brought to it by 47 states. The amount: $18.5 million. This does not include the many millions the Minnesota-based retailer paid […] read more

Global Malware Emergency Shows Why Backdoors Are Dangerous.

The big data security news this week is, of course, the WannaCry ransomware situation that reared its head last Friday, continued to grow over the weekend, and threatened to really become something had it not been for a serendipity: a kill-switch, possibly a mistake, baked into the malware. Many organizations and traditional news outlets have […] read more

Sextortion Case Treads A Well-Worn Path: Are Passwords Protected Under the Fifth?.

A case of “sextortion” – blackmailing someone over naked footage (digital footage, more specifically, to reflect the times we live in) – between Instagram celebs has again dredged up the decidedly non-superfluous legal quagmire that’s been repeatedly visited since at least 2009: Is forcing a defendant to spit out his or her password a violation […] read more

HIPAA/HITECH Doesn’t Require You To Be Perfect, But It Does Expect You To Follow The Rules.

A couple of recent Department of Health and Human Services (HHS) legal settlements emphasize paperwork over security, showing that a healthcare entity’s approach to safeguarding data must be holistic: yes, you need to use encryption, and lock doors, and hide screens from potential medical data peeping-toms…but you also need to make sure that you’ve followed […] read more

WikiLeaks Shows That Encryption Works, Even Against Spooks.

Last week, the world saw another bombshell announcement from WikiLeaks. Per their tweets and resulting confidential data dump, it was readily apparent that the CIA had amassed techniques for breaking into many kinds of digital devices imaginable: smartphones and computers, yes, but also things connected to the internet, like smart TVs (perhaps they’ve looked into […] read more

Children’s Medical Center of Dallas Pays $3.2 Million To Settle HIPAA Violations.

The Children’s Medical Center of Dallas (Children’s) recently settled with the US Department of Health and Human Services (HHS) over multiple failures to encrypt sensitive data in mobile devices. The settlement – $3.2 million dollars – is quite the figure, as is the timeline involved: It looks like an investigation could have been started as […] read more

UK Encryption: Royal & Sun Alliance Insurance Fined £150,000 For Stolen Hard Drive.

The UK’s Information Commissioner’s Office (ICO) has fined an insurance company, Royal & Sun Alliance (RSA), a total of £150,000 for the theft of an external storage device with information on nearly 60,000 clients (and credit card details for 20,000 people).   Stolen From a Locked Room Unlike your run-of-the-mill hard drive theft cases, there […] read more

iPhone Encryption: FL Appeals Judge Says “OK” to Compel Password.

A new iPhone encryption case is making the headlines. Unlike many of the controversial ones to date, I think it can safely be said that in this case, the courts were right in compelling the suspect to unlock his smartphone.   Up-Skirt Videos A voyeur – we’ll call him John Doe, although his name was […] read more