DOJ Announces Project Focused on Admissibility of Forensic Evidence

This morning, the U.S. Department of Justice (DOJ) announced an initiative aimed at “examining and strengthening forensic science.” Presumably, the initiative will impact how the DOJ approaches digital forensic evidence in criminal prosecutions.

Deputy Attorney General Rod J. Rosenstein made the announcement at the International Association for Identification’s (IAI) conference in Atlanta, Georgia. The IAI has a standing committee devoted to digital evidence.

The DOJ noted in its announcement that it is “fully committed to strengthening forensic science and its use in the courtroom,” despite what it characterizes as “efforts by some to reject reliable and admissible forensic evidence.” The DOJ will develop a “Uniform Language for Testimony and Reports . . . to help guide examiner testimony” as well as a “testimony monitoring program.”

As a first step, the DOJ is now conducting a “needs assessment . . . to understand the various challenges that the forensic science practitioner . . . faces in terms of backlog, personnel, equipment, education and training.”

The DOJ press release is available here. The DOJ’s  “Backgrounder on Forensic Science Advances” is available here.

Hackers Could Target Airports, Planes, Satellites, Ships, Cars, and Trains

Cybersecurity for critical infrastructure continues to be of concern, including the transportation sector. A new study by ABI Research concludes that although the transportation sector continues to increase spending on cybersecurity year over year, the rapid digitization of airports, aircraft, trains, ships, and cars puts this sector at risk.

The study mentions that poor cybersecurity is being applied to operational and control systems in the transportation sector, including engine and flight control systems, electronic positioning systems, logistical systems, communications systems, and navigational systems, and because many of them use off-the-shelf software and connect to the Internet via Wi-Fi or cellular networks, they are susceptible to hacking and intrusion. Continue Reading

Students 16 and Over: Check Out CyberStart!

Students 16 and over who live in Virginia, Michigan, Iowa, Hawaii, Nevada, Delaware and Rhode Island—you may be eligible to participate in a new cybersecurity skills program called CyberStart. You have to have access to the Internet and a computer to participate.

CyberStart is “a forward-thinking skills program designed to supply specialist cyber security education to young people across the U.S. Using a suite of online challenges, tools and games it aims to inspire the next generation of cyber security professionals whilst identifying the best and most talented young Americans.”

Registration is open until August 4th, and you have to qualify first before you can participate in the full program, so act quickly.  The registration link is here.

Women’s Health Care Group Notifies 300,000 About Ransomware Attack

Women’s Health Care Group of Pennsylvania has notified approximately 300,000 patients that their protected health information has been compromised by a ransomware attack.

Although the ransomware became active on May 16, 2017, an investigation into the attack showed that the intruders had access to the Group’s system since January of 2017. The intruders may have had access to patients’ names, Social Security numbers, birthdates, pregnancy history, lab results, insurance information, and diagnoses. Once the ransomware was discovered, the information was restored through use of the Group’s back-up system.

OCR Releases “Improved Web Tool” for Breach Reporting

The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals to navigate the breach reporting website so they can find information relating to data breaches, and allows organizations to report a data breach with more ease.

The tool is also designed to provide guidance to the health care industry on the most recent threats, and how data breaches are resolved by the OCR, “which can help industry improve the security posture of their organizations.” Continue Reading

North Carolina Introduces New Drone Bills

North Carolina Governor, Roy Cooper, signed two bills this week to regulate the use of unmanned aerial systems (UAS or drones). First, House Bill 337 revises existing state drone law to make that existing state drone law applicable to model aircraft. House Bill 128 prohibits drone use near prisons –with the term “near” being defined as a horizontal distance of 500 feet or a vertical distance of 250 feet. Both of these bills will go into effect on December 1, 2017. North Carolina hopes to show the country that it is ready and willing to do business in the UAS industry, and hopefully draw more of this industry to the state. In particular, House Bill 337’s expansion to model aircraft clears up the ambiguity in the old law. If a hobbyist used a drone to take photographs, the legality of the action was unclear, but now the playing field will be leveled out; North Carolina’s state drone law will apply to both commercial and non-commercial drone use. Of course, the other bill, House Bill 128, seeks to lessen the ability of those with nefarious intentions to carry out contraband drops into prison yards using drones; however, even with a new law out there, those with bad intentions are necessarily prevented from carry them out. North Carolina will simply join the many other states who have prison-specific drone regulations

Contraband Drone Crashes Near Prison in Washington State

Last week, a drone carrying 16 individual bags of marijuana, cell phones and chargers, two bags of tobacco, and 31 oxycodone pills crashed into the ground near the Washington State Prison yard.

A corrections department spokeswoman, Joan Heath, said that the drone crashed into the ground near the prison around 10:45 p.m. Drones carrying contraband into prison yards has been a growing problem. It is the newest way that inmates can get contraband into the prison to sell to other prisoners for a significant profit. For the most part, prison administrators only know that a drone has come and gone because pieces of packages dropped from the sky are found stuck in the prison yard fences or on the ground near the prison yard. Continue Reading

Part 107 Waivers: Does Your Waiver Stand a Chance?

The Federal Aviation Administration’s (FAA) Part 107 waiver process for the operation of unmanned aerial systems (UAS or drones) in certain restricted airspace or beyond the limitations of the Part 107 UAS regulations, was originally designed to streamline approval. However, for many drone operators who have had their Part 107 waivers denied, the process can often be mysterious and frustrating.  And the FAA’s public database of all approved Part 107 waivers, while useful, does not include denied waivers, which could be key for many operators in determining what information is necessary and what safety processes are desired by the FAA in order to obtain an approval.

In a recent report, the FAA’s denials were reviewed and analyzed. The information was obtained through a Freedom of Information Act (FOIA) request by Drone360. Drone360 received access to 1,656 denied waivers that were submitted over 247 days. Continue Reading

FTC Approves Modifications to TRUSTe’s COPPA Safe Harbor Program

The Federal Trade Commission (FTC) approved TRUSTe’s proposed modifications to their Children’s Online Privacy Protection Act (COPPA) safe harbor program this week.

COPPA requires, among other things, that commercial website and mobile app operators that knowingly collect personal information from children under age 13 post comprehensive privacy policies on their websites and in their mobile apps, notify parents and guardians of the website’s or mobile app’s information practices, and obtain parental consent before collecting, using or disclosing any personal information from children under age 13. However, COPPA includes a ‘safe harbor’ provision whereby industry groups may seek approval from the FTC to create self-regulatory guidelines that implement “the same or great protections for children” as those in COPPA. Website and mobile app operators that participate in FTC-approved safe harbor programs are subject to the review and disciplinary procedures provided in the safe harbor guidelines in lieu of an FTC’s formal investigation or enforcement. Continue Reading

Privacy Tip #99 – If you are an IoT Fanatic, this App is for You

Last January, the Federal Trade Commission (FTC) launched the IoT Home Inspector Challenge, a contest that requested participants to come up with a tool that would identify security issues that are caused by out-of-date software in IoT devices to better educate and protect consumers about the security vulnerabilities of IoT devices.

To remind you of all of the “things” that may be connected to the Internet, we have previously flagged the security risks of IoT things, including dolls, toys, security systems, refrigerators, cars, stoves, coffee makers, washing machines, and even aquariums.  Anything connected to the Internet can be hacked and accessed and manipulated.

The FTC recently announced the winner of the IoT Home Inspector Challenge—Steve Castle—who developed a mobile app called “IoT Watchdog.” IoT Watchdog scans an individual’s Wi-Fi and Bluetooth networks to assemble a list of IoT devices for the individual, identifies those devices that have out-of-date software or other vulnerabilities, and provides instructions to the user about how to update the software or fix the vulnerability.

Now that’s a great idea. Congratulations to Steve Castle for helping us all better protect our IoT devices and thereby protect our privacy from malicious actors.

LexBlog