Month: June 2019

I saw a picture on The Cyber Security Hub‘s LinkedIn page that said:

“There is no cloud, it’s just someone else’s computer.”

There were some great points made in the comments under that picture about whether that is an accurate statement. For me, it is an oversimplification that, while generally true, may not be completely helpful. This is just like saying that your office belongs to the landlord simply because you are leasing the space from them. While you expect to have privacy and security in your leased space, ultimately the contents are yours and you are still trusting that the owner/property manager of that space will respect that and meet their obligations to maintain it. You still need to do your part to that end as well—like locking the door on your way out.

One of the most important ways you can protect yourself when using the cloud or leasing office space is with the contract you sign. Make sure that the contract is not only protecting the landlord, but serving to protect you and/or your business. Make sure your cloud service agreements are tailored to protect your interests. You may not want to enforce them all the time and enforcing some provisions may prove difficult, but you put yourself in the best position to protect yourself by doing so.

For an assignment in the graduate certificate program on cybersecurity I’m doing at UNLV, I was asked to respond to the following prompt:

The year is 2039 and you are getting ready to retire from a management position.  Describe some of the technology and innovations now being used in the prevention, response and recovery of cyberattacks.

This gave me the opportunity to imagine one (extreme?) way things could play out over the next 20 years. Here’s my response (note that it was written before Libra was announced or that would probably be part of the response as well):

As I step down from management, I’m pleased to report that the Company is in the best position it has ever been with regard to cybersecurity.  Thanks in large part to UNWISE (United Nations World Identification Security Exchange) we have not had any significant breaches in the last five years.  As you may recall, UNWISE came about in 2029 in part as a response to the Black Friday Offensive of 2026 coordinated by the cybercriminal hacking syndicate known as the AFANG gang. Following a pre-Thanksgiving coordinated breach of Apple, Facebook, Amazon, Netflix, and Google, using zero day vulnerabilities, the AFANG gang wreaked havoc and made headlines while a smaller hacker group, believed to have been state-sponsored, took advantage of footholds gained through APTs in several financial institutions to execute a time bomb virus on the morning of Black Friday.  After shoppers made the frantic rush through the stores to grab their doorbusters, the first signs of the attack showed up as payment systems rejected every transaction. It was estimated that $30 billion in damages were experienced worldwide as a result of that breach.  That fateful Black Friday lead to major changes not just in the cybersecurity realm, but also in the socio-economic landscape of the world.  The Black Friday Offensive resulted in the financial industry moving to a blockchain based system based on Bitcoin that avoided the pitfalls of relying on central ledgers.  With each transaction being recorded at multiple blockchain nodes, there is no longer the possibility for a group of hackers to wipe out the entire system. With the financial industry leading the way, the AFANG companies and retail sector were anxious to come up with a better security system.

That clamor for a solution resulted in many different techniques being developed and implemented, some of which we still see in use today.  For example, subcutaneous NFC implants capable of acting as a key for two-factor authentication was widely proposed and adopted by some industries (like the medical industry due to its ease in tracking patients, etc), but did not gain full support by a large portion of the population who believed the implants to be the mark of the beast foretold by the Bible. 

As political bodies tend to do, it took some time before there was any agreement about what could be done to improve worldwide cybersecurity.  The official UN resolution creating UNWISE was precipitated by a North Korean defector who revealed that North Korea had obtained access to among other things, the DOD’s cloud, as well as mountains of DNA data from 23andMe and Ancestry.com to be able to take advantage of the implementation of biometric solutions in cybersecurity.  After forensic investigations confirmed the defector’s report, the UN Security Council decided that the only real way to securely maintain data would be by identifying every person on Earth using biometrics, DNA, and government assigned identification numbers.  UNWISE was proposed and a protocol was setup for establishing a ledger of the population of the world with as much information as possible about each citizen.  When the EU, known for their protection of privacy in the 2010s, jumped on board, a large portion of the member states were quick to follow and ratify the resolution.  By 2035, 175 of the member states were committed at least in part to participating in the exchange.  

With the exchange, it has become easier than ever to authenticate who is accessing data.  Forensic investigations make it easy to narrow down who had access and caused the problem.  While the system is not perfect, it seems to be doing its jobs.  Taking into account the death rate and some other factors, it is estimated that the ledger will contain some data on at least 99% of the world’s population by 2050.  

Of course this was all made possible with the help of quantum computing, AI, and Elon Musk.  Not only did Musk fund the founding of neural link computing, but his company’s foray into space exploration made it possible for the use of cold storage for data on Mars using special satellites not accessible from anywhere but the LC3 (lunar communications command center).  Now, while breaches are fewer and farther between, we can simply recover data by retrieving backups through that system.  

All in all, I believe we are on the right track with regard to cybersecurity.  If you would have told me 20 years ago that there would be a ledger with the information about all the world’s citizens used to prevent cyber attacks and that we retrieve our backups from Mars via the moon, I would have said you were crazy, but here we are.  I look forward to hearing what developments you all make over the next 20 years as I enjoy my retirement on the beaches of Maui.

Business Insider has an article up about a bill that would require big tech companies to disclose to their users the value of each individual user’s information. Have you ever wondered how valuable the data that Facebook, Google, and others collect about you is to them? Have you ever thought about why those same companies are so willing to provide you so many “free” services. I suspect that no one really knows the exact cost/benefit for each user of these services, but most everyone would agree that users and their data have value. Keep that in mind the next time you deal with the security of your personal data and take the extra step to keep it secure. Whether you think about it or not, your data has value!

Nevada governor Steve Sisolak recent signed Senate Bill 220 (“SB 220”) into law. It is a new Nevada privacy law that gives consumers the right to opt out of having their personal information sold. You can read more details about it here in this piece I wrote with Jeffrey Dennis. In short, this new law goes into effect on October 1, 2019, and requires compliance from most businesses in Nevada that have a website and collect information from consumers. If you fall into this category, you need to start considering now how you will comply to avoid fines and penalties. We have a 90-day plan to help your business get in compliance with this law and the California Consumer Privacy Act (“CCPA”) which has key parts going into effect on January 1, 2020. Feel free to reach out if you have questions about either of these laws.

#SB220 #Privacy #Nevadabusiness

Today the world got a first glimpse at the future of online payments–or at least the future as envisioned by Facebook–with the release of a white paper on Libra. Libra is intended to be a simple global currency built on blockchain. There are many articles detailing what Libra might mean to the world of finance. I won’t repeat those here, but will just note that there appears to be some significant buy-in from a lot of major players. That means Libra is going to be something we hear a lot about before it launches in early 2020. Only time will tell if it will do what Facebook hopes, but one thing for sure is that the world of cryptocurrency is going to be getting a lot of attention now.

The digital age is transforming the world as we know it. New technologies are popping up everyday and replacing old ways of doing things. The constant changes are eliminating redundancies which means industries and people have to adapt. While it is well known that the legal profession is typically slow to adopt new technologies and solutions, lawyers will continue to play an important role in government, business, and society.

Check out this article by Erik P.M. Vermuelen at Hackernoon.com called “The Rise of Lawyers in a Digital World.”

#cyberlaw #lawyers

Earlier this year, a massive data breach known as Collection #1 came to light. Here’s a link to what I wrote about the breach and how you can determine if your account has been compromised by going to haveibeenpwned.com. Regardless of whether your information was breached, let this serve as a friendly reminder to change your password!

#databreach #collection1

If you haven’t yet heard of Magecart, it’s time you do. Head over to darkreading.com to view the article I wrote about Magecart. Magecart is an online credit card skimmer which has been employed by several groups over the last few years to steal an outrageous amount of credit card information. This article will introduce you to what you need to know about Magecart.

#cyberlaw #magecart