The Legal Aspects of Cyberspace Presented by: William Cook Wildman Harrold Allen & Dixon InfraGard Super Conference May 15, 2003

Presented by:

William Cook

Wildman Harrold Allen & Dixon

Bill Cook V-P, Chicago InfraGard Former Head of US DOJ Computer Crime Task Force; Counter-Espionage Coordinator and Counter-Terrorist Coordinator; DOJ FEMA Coordinator (Chicago) Professor of Internet & Web law at U. of Illinois and Supercomputer Center Lecturer at Purdue, John Marshall, Harvard, Yale & ITT Partner, Wildman Harrold 90 trials Intellectual property, Internet & Web law Panel Counsel, AIG NRC & NSF Committee on Critical Infrastructure Protection and the Law Member of Ill. A.G. E-Commerce Commission

V-P, Chicago InfraGard

Former Head of US DOJ Computer Crime Task Force; Counter-Espionage Coordinator and Counter-Terrorist Coordinator; DOJ FEMA Coordinator (Chicago)

Professor of Internet & Web law at U. of Illinois and Supercomputer Center

Lecturer at Purdue, John Marshall, Harvard, Yale & ITT

Partner, Wildman Harrold

90 trials

Intellectual property, Internet & Web law

Panel Counsel, AIG

NRC & NSF Committee on Critical Infrastructure Protection and the Law

Member of Ill. A.G. E-Commerce Commission

Cyber Investigations

February 7, 2003 NASA servers hacked hours after Columbia was lost 19 charged in identity theft that netted $7 million in tax refunds Alleged student hacker indicted in Massachusetts Names of AIDS, STD sufferers found on state surplus PC Korean group may sue Microsoft over Slammer virus NetEase sued for copyright infringement Feds pull suspicious .gov site Suspects arrested for TK worm; up to £5.5 million in damages Lawsuit filed over missing confidential information from Canadian data management company

NASA servers hacked hours after Columbia was lost

19 charged in identity theft that netted $7 million in tax refunds

Alleged student hacker indicted in Massachusetts

Names of AIDS, STD sufferers found on state surplus PC

Korean group may sue Microsoft over Slammer virus

NetEase sued for copyright infringement

Feds pull suspicious .gov site

Suspects arrested for TK worm; up to £5.5 million in damages

Lawsuit filed over missing confidential information from Canadian data management company

January 31, 2003 Slammer worm hobbles Internet; hits Continental Airlines, Bank of America Hacker steals personal information on 1,450 University of Kansas students Denial of service attack forces DALnet to shutdown Hacker insurance market boosted by cyberattacks eBay sued for alleged online slander Easyinternet cafe guilty of copyright infringement Personal data pirated from Russian phone files Music industry site hacked again FAA warns: more attacks coming

Slammer worm hobbles Internet; hits Continental Airlines, Bank of America

Hacker steals personal information on 1,450 University of Kansas students

Denial of service attack forces DALnet to shutdown

Hacker insurance market boosted by cyberattacks

eBay sued for alleged online slander

Easyinternet cafe guilty of copyright infringement

Personal data pirated from Russian phone files

Music industry site hacked again

FAA warns: more attacks coming

Institutional intrusion response based on Damage done Exposure created minus Perceived PR exposure

Damage done

Exposure created

minus

Perceived PR exposure

Institutional response based on Damages from Lost IP Lost private information Fraud on the e-commerce site System shut down Compliance with regulations Concern about litigation

Damages from

Lost IP

Lost private information

Fraud on the e-commerce site

System shut down

Compliance with regulations

Concern about litigation

Lost intellectual property

Loss of intellectual property: Disgruntled employees 85 to 90 % of all computer incidents are caused by insiders employees consultants business partners Most difficult to detect Most expensive to correct Highly vulnerable to weak institution policies

85 to 90 % of all computer incidents are caused by insiders

employees

consultants

business partners

Most difficult to detect

Most expensive to correct

Highly vulnerable to weak institution policies

Victim computer Web based access Industrial Espionage Consultant Former employee CFAA, T/S Laws & Trespass

Near North v. Cheley Currently pending Former employees that established Website intranet security for company Periodic remote access Major access through Web intranet $645,000 to resecure network Third party employer issues negligent hiring negligent supervision negligent retention CFAA, UASC, Fid. Duties &Trespass

Currently pending

Former employees that established Website intranet security for company

Periodic remote access

Major access through Web intranet

$645,000 to resecure network

Third party employer issues

negligent hiring

negligent supervision

negligent retention

Poor security dooms proprietary claim Weigh Systems v. Scales 3/7/02 Former employer sues competing former employer for trade secret theft Took customer lists, vendor lists, pricing information, software, marketing info Ruling for former employee Info on Internet No confidentiality agreements Passwords sometimes Hardcopies of protected data available Default passwords Passwords shared with customers

Former employer sues competing former employer for trade secret theft

Took customer lists, vendor lists, pricing information, software, marketing info

Ruling for former employee

Info on Internet

No confidentiality agreements

Passwords sometimes

Hardcopies of protected data available

Default passwords

Passwords shared with customers

Ford Motor Co. v. Lane , Mich. Fed. Ct. 1999 Information theft as “free speech” Old rule: thief and accomplish not immunized under 1st Amendment New concern: Trade secrets from employees hostile Website Proprietary markings Extortion attempt Prior restraint precludes stopping Website disclosure First Amendment over trade secrets Court crafts unrecorded copyright remedy

Old rule: thief and accomplish not immunized under 1st Amendment

New concern: Trade secrets from employees hostile Website

Proprietary markings

Extortion attempt

Prior restraint precludes stopping Website disclosure

First Amendment over trade secrets

Court crafts unrecorded copyright remedy

Victim Website Trusted 3rd Party Network System Copyrights: Scraper / robot search CFAA, UASC, Copyright &Trespass

Lost private information

Compromise of private information: BIA Indian trust fund case 12/5/2001 to date Website & Internet shutdown due to inadequate security Failure to comply with federal security regulations Privacy of records threatened (but not realized) Court ordered penetration tests Contempt of Court proceedings

Website & Internet shutdown due to inadequate security

Failure to comply with federal security regulations

Privacy of records threatened (but not realized)

Court ordered penetration tests

Contempt of Court proceedings

Stollenwack v. TriWest (Ariz. D.C. 1/30/2003) Federal class action lawsuit 562,000 military personnel, retirees & family files stolen from defense contractor Allege negligence, breach of contract and violation of Privacy Act Damages not specific

Federal class action lawsuit

562,000 military personnel, retirees & family files stolen from defense contractor

Allege negligence, breach of contract and violation of Privacy Act

Damages not specific

Clients of Merchant Law Group v. ISM Canada Feb. 3, 2003 Class action lawsuit Hard drive with 180,000 customers Ids lost by ISM Canada on January 16 Alleges violation of customer privacy and negligence in securing confidential information and notifying the public about the lost disk. The customers "have suffered significant loss and damages including personal injury and injury to their economic interests" The Saskatchewan government is considering its own lawsuit against ISM.

Class action lawsuit

Hard drive with 180,000 customers Ids lost by ISM Canada on January 16

Alleges violation of customer privacy and negligence in securing confidential information and notifying the public about the lost disk.

The customers "have suffered significant loss and damages including personal injury and injury to their economic interests"

The Saskatchewan government is considering its own lawsuit against ISM.

Compromise e-commerce site

Compromised e-commerce site Fake Websites ID theft Fake online payment systems (PayPal) TM violation

Fake Websites

ID theft

Fake online payment systems (PayPal)

TM violation

Damage recovery

Damage recovery Loss of intellectual property Investigation costs Remediation costs System updating Costs of outside forensic consultant Downtime related costs Rental on unused network systems Under employed employees Pecuniary damages, legal fees, court costs in certain cases (CFAA, UASC, Copyright)

Loss of intellectual property

Investigation costs

Remediation costs

System updating

Costs of outside forensic consultant

Downtime related costs

Rental on unused network systems

Under employed employees

Pecuniary damages, legal fees, court costs in certain cases (CFAA, UASC, Copyright)

Damage broader picture Vendor & customer actual loss Vendor & customer resulting loss (lost accounts) Downstream damage on other systems Resulting litigation

Vendor & customer actual loss

Vendor & customer resulting loss (lost accounts)

Downstream damage on other systems

Resulting litigation

System shutdown

Victim network E-mail & spam attacks: Hamadi CFAA & Trespass

Victim computer Trusted 3rd Party Network System Smurf attack CFAA, Trespass, Contract claims & Tort claims

Hacker Masters Bots (Zombie ) Victim System Contract & Tort Liability Here ? DDoS attack 2/2000 DOS attacks- Estimated Damages: $1.2B CFAA, Trespass, Contract claims & Tort claims

Concern about regulations

The National Strategy to Secure Cyberspace February 2003 Large enterprises are encouraged to evaluate the security of their networks that impact the security of the Nation’s critical infrastructure. Such evaluations might include: (1) conducting audits to ensure effectiveness and use of best practices; (2) developing continuity plans which consider offsite staff and equipment; and (3) participating in industry wide information sharing and best practices dissemination. Actions and Recommendations 3-4

Large enterprises are encouraged to evaluate the security of their networks that impact the security of the Nation’s critical infrastructure. Such evaluations might include: (1) conducting audits to ensure effectiveness and use of best practices; (2) developing continuity plans which consider offsite staff and equipment; and (3) participating in industry wide information sharing and best practices dissemination.

Concern about regulatory compliance ECPA (1986) CFAA (1986 & 1996) EEA (1996) HIPAA (1996) PPA COPPA (1999) GLB (2000) DMCA (2000) FCRA GPEA E-SIGN (2000) ADA OCC 7/2001 & 5/2000 EU DPA (1998) Commerce “Safe Harbor” State privacy laws Calif. Cyber-disclosure law (7/03)

ECPA (1986)

CFAA (1986 & 1996)

EEA (1996)

HIPAA (1996)

PPA

COPPA (1999)

GLB (2000)

DMCA (2000)

FCRA

GPEA

E-SIGN (2000)

ADA

OCC 7/2001 & 5/2000

EU DPA (1998)

Commerce “Safe Harbor”

State privacy laws

Calif. Cyber-disclosure law (7/03)

Concern about litigation

Not responding to changing threat: Apex Global v. Cyberpromotions AGIS contracted to be ISP for CyberPromotions Knew cyber was a spammer Cyber adds T-1 lines to handle traffic 30 day termination provision 9/26/97 massive “ping” attack AGIS terminates cyber immediately Court ruling

AGIS contracted to be ISP for CyberPromotions

Knew cyber was a spammer

Cyber adds T-1 lines to handle traffic

30 day termination provision

9/26/97 massive “ping” attack

AGIS terminates cyber immediately

Court ruling

The need for security standards Times and appropriate security change AGIS only attempted to use screening program and removed cyber AGIS did not hire a security expert or attempt to install a router Other ISP’s were able to mitigate retaliatory attacks by pingers - why not you? Cyberpromotions v. Apex Global Information Services

Times and appropriate security change

AGIS only attempted to use screening program and removed cyber

AGIS did not hire a security expert or attempt to install a router

Other ISP’s were able to mitigate retaliatory attacks by pingers - why not you?

Cyberpromotions v. Apex Global Information Services

Information Security Legal Audit Objective & subjective risk assessment Compliance evaluation ID regulations and relevant case law IP property protection Record retention Privacy requirements Investigations including e-mail monitoring Cryptographic controls Collection of evidence

Objective & subjective risk assessment

Compliance evaluation

ID regulations and relevant case law

IP property protection

Record retention

Privacy requirements

Investigations including e-mail monitoring

Cryptographic controls

Collection of evidence

Information Security Legal Audit, con’t Third party access controls and contracts Outsourcing contracts, includes Websites hosting, design, maintenance and electronic commerce requirements Licensing agreements

Third party access controls and contracts

Outsourcing contracts, includes Websites hosting, design, maintenance and electronic commerce requirements

Licensing agreements

Planning: proactive

Planning best practices 1 Create a comprehensive set of security policies. Take a security inventory. determine what you need to protect based on it’s worth to your organization what you need to protect it against Build an enforcement history Separate internal systems and networks by business function and secure each from each other Maintain a vigilant watch over threats, attack profiles, and countermeasures

Create a comprehensive set of security policies.

Take a security inventory.

determine what you need to protect based on it’s worth to your organization

what you need to protect it against

Build an enforcement history

Separate internal systems and networks by business function and secure each from each other

Maintain a vigilant watch over threats, attack profiles, and countermeasures

Planning best practices 2 Monitor all perimeter and critical business systems for attacks and security anomalies. Trust but verify; conduct periodic independent security reviews of key vendors, customers, part-time employee security standards. Court provable: Network control policy E-mail control & monitoring policy Hiring, supervising & discharge policies Privacy protection standards Regulatory compliance

Monitor all perimeter and critical business systems for attacks and security anomalies.

Trust but verify; conduct periodic independent security reviews of key vendors, customers, part-time employee security standards.

Court provable:

Network control policy

E-mail control & monitoring policy

Hiring, supervising & discharge policies

Privacy protection standards

Regulatory compliance

Planning best practices 3 Counter the insider threat access controls segregation of duties effective policy enforcement Consider Website practices re: Contracts for content and security (privacy) Reviewing posted materials Insure that privacy statements follow practices Don’t overstate privacy Determine what you will do with an “event” Prepare to recover damages and losses

Counter the insider threat

access controls

segregation of duties

effective policy enforcement

Consider Website practices re:

Contracts for content and security (privacy)

Reviewing posted materials

Insure that privacy statements follow practices

Don’t overstate privacy

Determine what you will do with an “event”

Prepare to recover damages and losses

Planning: incident response

Best practices after it happens. Meet with incident response team Identify the problem(s) specifically Inside or outside issue ID the system Determine if still underway or if vulnerability still exists Formulate an investigative plan preserve evidence, harvest data, analyze data, strategic searches, disk imaging & forensics Consider the need for outside help Consider the benefits of Attorney-Client protection Identify elements of proof required Get “buy in” from highest level

Meet with incident response team

Identify the problem(s) specifically

Inside or outside issue

ID the system

Determine if still underway or if vulnerability still exists

Formulate an investigative plan

preserve evidence, harvest data, analyze data, strategic searches, disk imaging & forensics

Consider the need for outside help

Consider the benefits of Attorney-Client protection

Identify elements of proof required

Get “buy in” from highest level

Best practices after it happens Preserve current evidence Determine applicable company policies Log files and audit trails Interview critical personnel Encrypted internal investigation Chat rooms & BBS Court ordered disclosures Proactive Determine & narrow investigative focus Keystroke monitoring Continue & monitor vulnerability Honey pot Assumed name e-mail to violator

Preserve current evidence

Determine applicable company policies

Log files and audit trails

Interview critical personnel

Encrypted internal investigation

Chat rooms & BBS

Court ordered disclosures

Proactive

Determine & narrow investigative focus

Keystroke monitoring

Continue & monitor vulnerability

Honey pot

Assumed name e-mail to violator

Best practices if an insider Define privacy expectations Obtain passwords Decrypt files When to interview Locate chat rooms & BBS Obtain laptop Obtain “office computer” at home Work fast, work very very fast

Define privacy expectations

Obtain passwords

Decrypt files

When to interview

Locate chat rooms & BBS

Obtain laptop

Obtain “office computer” at home

Work fast, work very very fast

Know the scope of computer forensics corporate systems private e-mail content on network private e-mail content on system files Counter-claim lawsuits by employees and former employees for illegal monitoring Proof of “reasonable grounds” at each step Penetration testing or not Data sharing with other companies versus anti-trust guidelines Prepare to defend yourself

Know the scope of computer forensics

corporate systems

private e-mail content on network

private e-mail content on system files

Counter-claim lawsuits by employees and former employees for illegal monitoring

Proof of “reasonable grounds” at each step

Penetration testing or not

Data sharing with other companies versus anti-trust guidelines

What do you do with the initial investigation? Three avenues Eat the loss Criminal referral Civil litigation

Three avenues

Eat the loss

Criminal referral

Civil litigation

Self examination before decision Due diligence standard of security met Appropriate network, NDA and employee agreements and policies in place Clean skirts Website disclosures Examine Website access Examine company initiatives Privacy rules complications

Due diligence standard of security met

Appropriate network, NDA and employee agreements and policies in place

Clean skirts

Website disclosures

Examine Website access

Examine company initiatives

Privacy rules complications

Criminal referral: good news Savings on civil litigation costs Sends a message Potential search warrant - immediate seizure Wiretap/datatap Law enforcement investigation Grand jury subpoena Trial subpoena Professional investigators: FBI, USSS or local law enforcement

Savings on civil litigation costs

Sends a message

Potential search warrant - immediate seizure

Wiretap/datatap

Law enforcement investigation

Grand jury subpoena

Trial subpoena

Professional investigators: FBI, USSS or local law enforcement

Criminal referral: bad news May request “open system” (honey pot) Law enforcement backlog Prosecutor’s backlog Employee downtime Loss of control No “no publicity” guarantee Complexity adds time Prosecution inclination to add victims if an outside attack Declination due to available civil remedy

May request “open system” (honey pot)

Law enforcement backlog

Prosecutor’s backlog

Employee downtime

Loss of control

No “no publicity” guarantee

Complexity adds time

Prosecution inclination to add victims if an outside attack

Declination due to available civil remedy

Civil litigation: good news Immediate action TRO Injunction Recovery of property Control retained Recovery of property through injunction Attorney-Client privilege covers inquiry Sophisticated forensic services for hire Real time response

Immediate action

TRO

Injunction

Recovery of property

Control retained

Recovery of property through injunction

Attorney-Client privilege covers inquiry

Sophisticated forensic services for hire

Real time response

Civil litigation: bad news Attorney’s fees billed hourly or with flat rate Discovery tedious

Attorney’s fees billed hourly or with flat rate

Discovery tedious

Contact information William J. Cook Freeborn & Peters, Suite 3000 311 S. Wacker Dr. Chicago, Il. 60601 312-360-6340 312-360-6575 [email_address]

William J. Cook

Freeborn & Peters, Suite 3000

311 S. Wacker Dr.

Chicago, Il. 60601

312-360-6340

312-360-6575

[email_address]

What do you do with the investigation? Three avenues Eat the loss (90% found breaches, 34% reported to FBI) Criminal referral Civil litigation

Three avenues

Eat the loss (90% found breaches, 34% reported to FBI)

Criminal referral

Civil litigation

Conducting the investigation. Meet with incident response team Identify the problem(s) specifically Inside or outside issue Determine if still underway or if vulnerability still exists Formulate an investigative plan Consider the need for outside help Consider the benefits of Attorney-Client protection Get “buy in” from highest level

Meet with incident response team

Identify the problem(s) specifically

Inside or outside issue

Determine if still underway or if vulnerability still exists

Formulate an investigative plan

Consider the need for outside help

Consider the benefits of Attorney-Client protection

Get “buy in” from highest level

Formulate investigative plan. Preserve current evidence Log files and audit trails Interview critical personnel Proactive Determine & narrow investigative focus Keystroke monitoring Continue and monitor vulnerability Honey pot Assumed name e-mail to violator Prepare to defend yourself & your actions

Preserve current evidence

Log files and audit trails

Interview critical personnel

Proactive

Determine & narrow investigative focus

Keystroke monitoring

Continue and monitor vulnerability

Honey pot

Assumed name e-mail to violator

Prepare to defend yourself & your actions

If an insider. Begin documenting investigation Determine company policies that apply Determine applicable state law Determine privacy expectation / search office space Monitor outgoing and incoming e-mail Look for ftp transmissions Keystroke monitoring

Begin documenting investigation

Determine company policies that apply

Determine applicable state law

Determine privacy expectation / search office space

Monitor outgoing and incoming e-mail

Look for ftp transmissions

Keystroke monitoring

If an insider. Obtain passwords Decrypt files When to interview Locate chat rooms & BBS Obtain laptop Obtain “office computer” at home

Obtain passwords

Decrypt files

When to interview

Locate chat rooms & BBS

Obtain laptop

Obtain “office computer” at home

How do you decide what to do with investigation? Damage done* Potential loss of business relationships* Potential for embarrassment Nature of offender Insider Competitor Hacker Potential for repeated attacks Strength of case Lack of defenses

Damage done*

Potential loss of business relationships*

Potential for embarrassment

Nature of offender

Insider

Competitor

Hacker

Potential for repeated attacks

Strength of case

Lack of defenses

How do you decide? Downstream liability / 3rd party liability DDOS Virus Loss of 3rd parties software or licensed info EEA exposure created by employee Dirty skirts Statutory reporting requirements O & D Liability issues Public relations problem Good corporate citizen

Downstream liability / 3rd party liability

DDOS

Virus

Loss of 3rd parties software or licensed info

EEA exposure created by employee

Dirty skirts

Statutory reporting requirements

O & D Liability issues

Public relations problem

Good corporate citizen

Definition of “damage or loss” will depend on nature of violation. CFAA ECPA EEA / trade secret theft RICO Access device fraud Copyright infringement TM infringement Defamation Statutory violation

CFAA

ECPA

EEA / trade secret theft

RICO

Access device fraud

Copyright infringement

TM infringement

Defamation

Statutory violation

e-Compliance (Alphabet Soup) ECPA (1986) CFAA (1986 & 1996) EEA (1996) HIPAA (1996) PPA COPPA (1999) GLB (2000) FTC OCC SEC DMCA (2000) CDA (1998) FCRA EU DPA (1998) Commerce “Safe Harbor” (1999) GPEA E-SIGN (2000) ADA OCC 7/2001

ECPA (1986)

CFAA (1986 & 1996)

EEA (1996)

HIPAA (1996)

PPA

COPPA (1999)

GLB (2000)

FTC

OCC

SEC

DMCA (2000)

CDA (1998)

FCRA

EU DPA (1998)

Commerce “Safe Harbor” (1999)

GPEA

E-SIGN (2000)

ADA

OCC 7/2001

Damage & Loss Calculations

Damage done “or loss suffered” CFAA Looking for $5,000 total Downstream damage done (exposure created) Cost of consultant and legal fees Loss from Sysop time changing passwords Loss from employee time reading unsolicited e-mail Marketing expenses to recover reputation

Looking for $5,000 total

Downstream damage done (exposure created)

Cost of consultant and legal fees

Loss from Sysop time changing passwords

Loss from employee time reading unsolicited e-mail

Marketing expenses to recover reputation

Damage done “or loss suffered” EEA &/or State Trade Secret claims Research & development value of T/S Book value of information License value of T/S Value to competitor Broader impact on company (bet the farm technology?)

Research & development value of T/S

Book value of information

License value of T/S

Value to competitor

Broader impact on company (bet the farm technology?)

Poor security dooms proprietary claim Weigh Systems v. Scales 3/7/02 Former employer sues competing former employer for trade secret theft Took customer lists, vendor lists, pricing information, software, marketing info Ruling for former employee Info on Internet No confidentiality agreements Passwords sometimes Hardcopies of protected data available Default passwords Passwords shared with customers

Former employer sues competing former employer for trade secret theft

Took customer lists, vendor lists, pricing information, software, marketing info

Ruling for former employee

Info on Internet

No confidentiality agreements

Passwords sometimes

Hardcopies of protected data available

Default passwords

Passwords shared with customers

Absence of a security standard: Apex v. Cyberpromotions AGIS contracted to be ISP for CyberPromotions 9/26/97 massive “ping” attack AGIS terminates cyber immediately Court sets standard; determines Times and appropriate security change Other ISP’s were able to intercept pingers Why not you? Competitors as witnesses

AGIS contracted to be ISP for CyberPromotions

9/26/97 massive “ping” attack

AGIS terminates cyber immediately

Court sets standard; determines

Times and appropriate security change

Other ISP’s were able to intercept pingers

Why not you?

Competitors as witnesses

What do you do with the investigation? Three avenues Eat the loss Criminal referral Civil litigation

Three avenues

Eat the loss

Criminal referral

Civil litigation

Criminal referral: good news Savings on civil litigation costs Sends a message Potential search warrant - immediate seizure Wiretap/datatap Law enforcement investigation Grand jury subpoena Trial subpoena Professional investigators: FBI, USSS or local law enforcement

Savings on civil litigation costs

Sends a message

Potential search warrant - immediate seizure

Wiretap/datatap

Law enforcement investigation

Grand jury subpoena

Trial subpoena

Professional investigators: FBI, USSS or local law enforcement

Criminal referral: bad news May request “open system” (honey pot) Law enforcement backlog Prosecutor’s backlog Employee downtime Loss of control No “no publicity” guarantee Complexity adds time Prosecution inclination to add victims if an outside attack Declination due to available civil remedy

May request “open system” (honey pot)

Law enforcement backlog

Prosecutor’s backlog

Employee downtime

Loss of control

No “no publicity” guarantee

Complexity adds time

Prosecution inclination to add victims if an outside attack

Declination due to available civil remedy

Civil litigation

Civil litigation: good news Immediate action TRO Injunction Recovery of property Control retained Recovery of property through injunction Attorney-Client privilege covers inquiry Sophisticated investigative services Real time response

Immediate action

TRO

Injunction

Recovery of property

Control retained

Recovery of property through injunction

Attorney-Client privilege covers inquiry

Sophisticated investigative services

Real time response

Civil litigation: bad news Attorney’s fees billed hourly or with flat rate Consultant fees Discovery tedious Option to stop

Attorney’s fees billed hourly or with flat rate

Consultant fees

Discovery tedious

Option to stop

Self examination before decision Due diligence standard of security met Appropriate network, NDA and employee agreements and policies in place Clean skirts Website disclosures Examine Website access Examine company initiatives Privacy rules complications

Due diligence standard of security met

Appropriate network, NDA and employee agreements and policies in place

Clean skirts

Website disclosures

Examine Website access

Examine company initiatives

Privacy rules complications

Website practices & the CFAA Prohibits unauthorized access of a computer, either by someone acting knowingly, or exceeding authorized access that was already granted

Prohibits unauthorized access of a computer, either by someone acting knowingly, or exceeding authorized access that was already granted

The new CFAA, Linking Practices & Trespass to Websites: Trespass by deep linking to Website - Ticketmaster Trespass by degrading use of another’s Website - eBay Trespass via e-mail - CompuServe (spam) & Hamidi (incoming e-mail to employees) Risk of loss: E-commerce Liability Exposures

Trespass by deep linking to Website - Ticketmaster

Trespass by degrading use of another’s Website - eBay

Trespass via e-mail - CompuServe (spam) & Hamidi (incoming e-mail to employees)

New hires & their former company’s information EEA Chat rooms Employee only Websites Discharged employees hiring & firing

New hires & their former company’s information

EEA

Chat rooms

Employee only Websites

Discharged employees

the insider Old rule: thief and accomplish not immunized under 1st Amendment New concern: Trade secrets from employees hostile Website Proprietary markings Extortion attempt Prior restraint precludes stopping Website disclosure First Amendment over trade secrets Court crafts unrecorded copyright remedy Ford Motor Co. v. Lane , Mich. Fed. Ct. 1999

Old rule: thief and accomplish not immunized under 1st Amendment

New concern: Trade secrets from employees hostile Website

Proprietary markings

Extortion attempt

Prior restraint precludes stopping Website disclosure

First Amendment over trade secrets

Court crafts unrecorded copyright remedy

Ford Motor Co. v. Lane , Mich. Fed. Ct. 1999

Counter-claim lawsuits by employees and former employees for illegal monitoring Proof of “reasonable grounds” at each step Penetration testing or not Data sharing with other companies versus anti-trust guidelines I nternal investigator liability

Counter-claim lawsuits by employees and former employees for illegal monitoring

Proof of “reasonable grounds” at each step

Penetration testing or not

Data sharing with other companies versus anti-trust guidelines

Cyber Security & Liability Practice Cyber liability risk exposure evaluated based upon security standard ISO/IE 17799, including regulatory and privacy compliance Incident response counseling Internal investigations HR policy evaluations E-commerce & Website liability exposure Civil litigation Law enforcement presentation

Cyber liability risk exposure evaluated based upon security standard ISO/IE 17799, including regulatory and privacy compliance

Incident response counseling

Internal investigations

HR policy evaluations

E-commerce & Website liability exposure

Civil litigation

Law enforcement presentation

Contact information William J. Cook Wildman Harrold Allen & Dixon 225 W. Wacker Dr. Chicago, Il. 60606-1229 312-201-2399 312-360-2555 F [email_address]

William J. Cook

Wildman Harrold Allen & Dixon

225 W. Wacker Dr.

Chicago, Il. 60606-1229

312-201-2399

312-360-2555 F

[email_address]