Uber Hack – Don’t Tell Anyone!

It’s been revealed that Uber’s database has been hacked, with the personal information of more than 57 million users and drivers worldwide compromised. That’s a big number, but we are becoming increasingly numb to this kind of revelation, with all the cyber-leaks now making the news. What was the more astounding aspect of this particular incident is the fact it has taken Uber over a year to reveal the security breach – with the attack taking place in October 2016.

Uber says that the hackers were able to download files containing information including the names and driver’s licence numbers of 600,000 drivers in the US, as well as the names, email addresses and phone numbers of millions of users worldwide.

Although Uber has now taken steps to notify the drivers affected by the hack, it’s reported that at the time of the breach, the company paid the hackers USD100,000 to delete the stolen data, and not reveal the breach.

In a statement, Uber CEO Dara Khosrowshani admitted that he became aware of the “inappropriate access [of] user data stored on a third-party cloud-based service” late last year, and that steps were taken to secure the data, and shut down further unauthorised access. However, Mr Khosrowshani noted he has no excuse as to why the massive breach is only being made public now.

For their roles in the cover-up, Uber chief security officer Joe Sullivan and his deputy have been ousted, while Uber says it’s taking “several actions”, including consulting the former general counsel of the US’ National Security Agency to prevent a future data breach.

This post was written by Cameron Abbott & Allison Wallace of K & L Gates.,Copyright 2017
For more legal analysis, go to The National Law Review

Elder Abuse: Are Granny Cams a Solution, a Compliance Burden, or Both?

In Minnesota, 97% of the 25,226 allegations of elder abuse (neglect, physical abuse, unexplained serious injuries and thefts) in state-licensed senior facilities in 2016 were never investigated. This prompted Minnesota Governor, Mark Dayton, to announce plans last week to form a task force to find out why. As one might expect, Minnesota is not alone. A studypublished in 2011 found that an estimated 260,000 (1 in 13) older adults in New York had been victims of one form of abuse or another during a 12-month period between 2008 and 2009, with “a dramatic gap” between elder abuse events reported and the number of cases referred to formal elder abuse services. Clearly, states are struggling to protect a vulnerable and growing group of residents from abuse. Technologies such as hidden cameras may help to address the problem, but their use raises privacy, security, compliance, and other concerns.

With governmental agencies apparently lacking the resources to identify, investigate, and respond to mounting cases of elder abuse in the long-term care services industry, and the number of persons in need of long-term care services on the rise, this problem is likely to get worse before it gets better. According to a 2016 CDC report concerning users of long-term care services, more than 9 million people in the United States receive regulated long-term care services. These numbers are only expected to increase. The Family Caregiver Alliance reports that

by 2050, the number of individuals using paid long-term care services in any setting (e.g., at home, residential care such as assisted living, or skilled nursing facilities) will likely double from the 13 million using services in 2000, to 27 million people.

However, technologies such as hidden cameras are making it easier for families and others to step in and help protect their loved ones. In fact, some states are implementing measures to leverage these technologies to help address the problem of elder abuse. For example, New Jersey’s Attorney General recently expanded the “Safe Care Cam” program which lends cameras and memory cards to Garden State residents who suspect their loved ones may be victims of abuse by an in-home caregiver.

Common known as “granny cams,” these easy-to-hide devices which can record video and sometimes audio are being strategically placed in nursing homes, long-term care, and residential care facilities. For example, the “Charge Cam” (pictured above) is designed to look like and actually function as a plug used to charge smartphone devices. Once plugged in, it is able to record eight hours of video and sound. For a nursing home resident’s family concerned about the treatment of the resident, use of a “Charge Cam” or similar device could be a very helpful way of getting answers to their suspicions of abuse. However, for the unsuspecting nursing home or other residential or long-term care facility, as well as for the well-meaning family members, the use of these devices can pose a number of issues and potential risks. Here are just some questions that should be considered:

  • Is there a state law that specifically addresses “granny cams”? Note that at least five states (Illinois, New Mexico, Oklahoma, Texas, and Washington) have laws specifically addressing the use of cameras in this context. In Illinois, for example, the resident and the resident’s roommate must consent to the camera, and notice must be posted outside the resident’s room to alert those entering the room about the recording.
  • Is consent required from all of the parties to conversations that are recorded by the device?
  • Do the HIPAA privacy and security regulations apply to the video and audio recordings that contain individually identifiable health information of the resident or other residents whose information is captured in the video or audio recorded?
  • How do the features of the device, such as camera placement and zoom capabilities, affect the analysis of the issues raised above?
  • How can the validity of a recording be confirmed?
  • What effects will there be on employee recruiting and employee retention?
  • If the organization permits the device to be installed, what rights and obligations does it have with respect to the scope, content, security, preservation, and other aspects of the recording?

Just as body cameras for police are viewed by some as a way to help address concerns over police brutality allegations, some believe granny cams can serve as a deterrent to abuse of residents at long-term care and similar facilities. However, families and facilities have to consider these technologies carefully.

This post was written by Joseph J. Lazzarotti  of Jackson Lewis P.C. © 2017
For more legal analysis, go to The National Law Review 

Automotive Supplier Industry Experts Convene in Detroit and Share 2018 Outlook

The Original Equipment Suppliers Association (OESA) held its 19th Annual Conference this week in suburban Detroit under the theme:  “The Industry’s New Landscape.”  And while much of the day was devoted to autonomous vehicle developments and the potential negative impacts on the industry’s North American competitiveness that would result from substantial changes to NAFTA, the afternoon session included a robust discussion of today’s strong market in North America and the more guarded outlook for 2018 and beyond.

 During this session, Mike Jackson, Executive Director of Strategy and Research for the OESA moderated a panel called “Cycle Dynamics:  The Industry Outlook Panel,” comprised of a leading automotive forecaster, a leading Wall Street analyst and the lead economist for one of the world’s largest OEMs.  While the panel remained fairly optimistic about the near term, the longer term theme was that the automotive industry is cyclical and the next down cycle is SOMEWHERE OUT THERE …

The panelists included Dr. G. Mustafa Mohatarem, Chief Economist, General Motors; John Murphy, Managing Director, U.S. Autos Equity Research, Bank of America Merrill Lynch; and Michael Robinet, Managing Director, Automotive Advisory Services, IHS Markit.

Dr. Mohatarem began with a very optimistic evaluation of the global economy, referring to our current condition as a “global synchronous expansion.”  Not only is the U.S. economy strong, but China’s growth has exceeded recent expectations, the EU has experienced a mini-boom after dodging a debt crisis, India continues to grow steadily and Russia and Brazil’s recessions have ended.  He noted that the current U.S. production rate is 17.4 -17.5 million units for 2017, a healthy market if not quite as healthy as last year.  On the cautionary side, he noted a potentially more hawkish bent to Fed policy and a significant labor shortage that will continue to dog the U.S. automotive industry.  On the whole though, he noted: “this is a very favorable time for the global automotive industry.”

Mike Robinet summed up current supplier sentiment as follows:  suppliers see the demand and the market opportunities out there, but there will be a lot of disruptors that can derail them.  These disruptors include the impact of “ACES” (AutonomousConnectedElectrifiedand Shared), the emergence of “Super Tier 1’s” who may dominate the future landscape with their integration capabilities (leaving other suppliers behind potentially), shifting trade winds, indecision about U.S. regulatory policy including CAFÉ standards, and an acceleration of the planning cycle that creates execution risk.  He noted that the cadence of model changes has kept the supply base on its toes this year, as has the adjustment to the continuing decline in sedan sales (which was viewed by the panel as a continuing trend into the future).  Will the internal combustion engine disappear soon?  According to Robinet, 95% of the vehicles in North America will have an engine on board by 2025.  Places like China will see a faster adoption of EVs during this period, he noted, including as a result of government policies promoting them. He ended by cautioning suppliers not to focus too much on the “nirvana” of Level 5 autonomy, but rather to focus on the movement to Level 3 and 4 in the shorter term and try to find there place in those realms.

John Murphy, more bullish in recent times, conceded that he has “moderated his outlook a bit.”  Murphy noted that leasing is helping support current demand, but worries about the upcoming impacts on the used car market as those vehicles come off lease (which he referred to as a “tsunami” that will hit in 2018 and beyond).  He noted that vehicle pricing is also starting to moderate (unrelated to just mix), and that the CUV market is getting very crowded.  He described three “Big Bangs” that will shape the industry in the future:  The increase in the Efficiency of Travel (cost per mile), the impact of Autonomous Mobility On Demand on the ease and cost of travel, and the increase in Speed of Travel.  Only the latter will provide a material economic stimulus – the first two will provide only a marginal or moderate stimulus – but all three Big Bangs will significantly impact the automotive industry.   But, before these Big Bangs reach their full impact, Murphy sees a downturn within the next two years taking U.S. volume down below the 14 million unit level (compared to the miserable 9 million level reached during the Great Recession).  During the Q&A session that followed, Murphy noted that he expects EV penetration in the U.S. to reach 10% by 2025 (slightly more optimistic than Mike Robinet’s prediction).  He also noted his perception that we are not experiencing an auto technology valuation bubble despite the recent eye-popping valuations in this space (no irrational exuberance here!).

On the whole, the panel’s 2018 and beyond outlook is for an automotive supply industry in North America that continues to be good, with significant challenges and disruptors that must be overcome by those automotive suppliers who will flourish in the long term.

This post was written by Steven H. Hilfinger of Foley & Lardner LLP., © 2017

5 Business Communication Etiquette Pet Peeves

I frequently work with my children to help them understand the importance of good table manners – elbows off the table, how to set a table, which fork to use, how to hold a fork and knife (and properly use them), which glass to drink from, and to never chew with their mouths open. Let’s just say it is a work in progress.

While these lessons seem obvious, you would be surprised how frequently we get requests for etiquette training for lawyers. But it’s a fact that how we present ourselves has a significant impact on our brand. If you are seated next to a lawyer who slurps his soup, uses the wrong fork and drinks from your water glass, how likely are you to hire him?

Like our table manners, our communication etiquette sometimes needs attention, too. After all, good relationships begin with good communication. As a communications professional, here are my five biggest communication pet peeves:

  1. Email Signatures: It is a best practice to include your telephone number in your email signature, even on the reply. In this day and age, a majority of our business is conducted without ever hearing someone’s voice. Sometimes, though, actually talking is the best way to communicate, and it is terribly frustrating to have to go digging through old emails, files and even paper notebooks to find a phone number.

If your law firm doesn’t already have a standard email signature protocol, now is the time to institute it. Use it as a way to market your law firm, being mindful not to overwhelm readers with too many ways to reach you. If you are including a graphic, make sure recipients can view it on a mobile device and that it does not make an email too large to open. Your clients will thank you!

  1. Grammar & Spelling: They’re/their, who’s/whose, you’re/your, it’s/its. Learn it, live it, love it. Sure, we all can make mistakes when using our smartphones and blame them on autocorrect, but there are some basic grammar rules that we as legal industry professionals should know.

In addition, try to tighten up your sentences. For example, “I thought I would connect with Jane to discuss,” can be rewritten as “I am going to call Jane to discuss,” or “Jane and I are going to discuss.” To put it concisely, be direct.

And take the time to ensure that you do not have any spelling errors. Readers will automatically assume the worst of you – and your intellect – if you misspell words. Spellcheck is not always accurate, so proofread your work. If you are not a great proofreader yourself, enlist the help of a colleague or a professional proofreader before you send documents to clients. With emails, take a few extra seconds before clicking send.

  1. Limit the Word “Just”: In the spirit of being direct, I want to share my dislike of the word “just.” Improper use of the word often weakens what you are communicating and implies an unspoken apology. I am certainly guilty of using it and am consciously trying to eliminate it from my vocabulary. For example, “I am just following up” suggests that I am sorry to bother you but have something that I think is important to say. “I just have to say” implies that what you have to say is somehow a side note.

Try eliminating the word “just” when you are asking someone to do something for you as well. “Can you just…” minimizes a person’s contributions. Count how many times you use the word “just” in a day, and see if eliminating it helps you become a stronger communicator.

  1. “At Your Earliest Convenience”: Be careful with this term because, when used the wrong way, it makes you seem lazy and unengaged. It is perfectly fine to ask someone to respond at their earliest convenience, but how do you feel when I tell you that I will call you back at my earliest convenience? Probably like I will get to you after I drink my coffee and check social media. For most law firm marketers, your “clients” are the attorneys in your firm. They are your most important asset. Make them feel that way, and avoid telling them that you will do something when it is convenient for you. Try “as soon as possible” instead. It feels much better!

  2. Emphasize Sparingly: When I receive an email that is filled with bold, underlined and all-caps words, I FEEL LIKE I AM BEING YELLED AT and that whatever isn’t emphasized probably isn’t important! Think about what you are emphasizing. Is it really crucial? As a general rule of thumb, focus on headers and deadlines to make sure that all of the content of your email is properly read and understood. Then think about using the signature at the bottom of the email to give the person a way to call to confirm.

All of the ways we present ourselves and communicate – both directly and indirectly – impact our personal brands. Making yourself available and easy to communicate with will boost your personal brand, make people feel good about doing business with you, and hopefully drive more business.

This post was written by Stephanie Kantor Holtzman of Jaffe Associates.,© Copyright 2008-2017
For more legal analysis, go to The National Law Review

Can They Really Do That?

Effective October 18, 2017, the U.S. Department of Homeland Security (DHS), U.S. Citizenship & Immigration Services (USCIS), Immigration & Customs Enforcement (ICE), Customs & Border Protection (CBP), Index, and National File Tracking System of Records, implemented new or modified uses of information maintained on individuals as they pass through the immigration process.

The new regulation updates the categories of individuals covered, to include: individuals acting as legal guardians or designated representatives in immigration proceedings involving an individual who is physically or developmentally disabled or severely mentally impaired (when authorized); Civil Surgeons who conduct and certify medical examinations for immigration benefits; law enforcement officers who certify a benefit requestor’s cooperation in the investigation or prosecution of a criminal activity; and interpreters.

It also expands the categories of records to include: country of nationality; country of residence; the USCIS Online Account Number; social media handles, aliases, associated identifiable information, and search results; and EOIR and BIA proceedings information.

The new regulation also includes updated record source categories to include: publicly available information obtained from the internet; public records; public institutions; interviewees; commercial data providers; and information With this latest expansion of data allowed to be collected, it begs the question: How does one protect sensitive data housed on electronic devices? In addition to inspecting all persons, baggage and merchandise at a port-of-entry, CBP does indeed have the authority to search electronic devices too. CBP’s stance is that consent is not required for such a search. This position is supported by the U.S. Supreme Court, which has determined that such border searches constitute reasonable searches; and therefore, do not run afoul of the Fourth Amendment.

Despite this broad license afforded CBP at the port-of-entry, CBP’s authority is checked somewhat in that such searches do not include information located solely in the cloud. Information subject to search must be physically stored on the device in order to be accessible at the port-of-entry. Additionally, examination of attorney-client privileged communications contained on electronic devices first requires CBP’s consultation with Associate/Assistant Chief Counsel of the U.S. Attorney’s Office.

So what may one do to prevent seizure of an electronic device or avoid disclosure of confidential data to CBP during a border search? The New York and Canadian Bar Associations have compiled the following recommendations:

  • Consider carrying a temporary or travel laptop cleansed of sensitive local documents and information. Access data through a VPN connection or cloud-based warehousing.
  • Consider carrying temporary mobile devices stripped of contacts and other confidential information. Have calls forwarded from your office number to the unpublished mobile number when traveling.
  • Back up data and shut down your electronic device well before reaching the inspection area to eliminate access to Random Access Memory.

  • Use an alternate account to hold sensitive information. Apply strong encryption and complex passwords.

  • Partition and encrypt the hard drive.

  • Protect the data port.
  • Clean your electronic device(s) following return.
  • Wipe smartphones remotely.

This post was written by Jennifer Cory of Womble Bond Dickinson (US) LLP All Rights Reserved.,Copyright © 2017
For more Immigration legal analysis, go to The National Law Review

Citing Failure to Cooperate, Court Orders Use of Specific Keyword Search Terms

United States v. New Mexico State Univ., No. 1:16-cv-00911-JAP-LF, 2017 WL 4386358 (D.N.M. Sept. 29, 2017)

In this pay discrimination case, the Court addressed Defendants’ motion for a protective order precluding further searching for responsive documents. Citing defense counsel’s failure to “adequately confer” before performing the initial searches, “which resulted in searches that were inadequate to reveal all responsive documents,” the Court concluded that “which searches will be conducted is left to the Court” and went on to order Defendants to conduct additional searches with specific terms, many of which were proposed by the plaintiff.

Plaintiff alleged that Defendants payed a female employee less than they were paying her male counterparts, despite similar responsibilities in the track and field program, and sought, broadly speaking, production of documents reflecting communications regarding her compensation; production of documents regarding her complaints concerning pay; and production of documents regarding any other complaints of pay discrimination made by other coaches, trainers, etc. Without adequately cooperating with the plaintiff, Defendants performed “more than 20” keyword searches and produced “more than 14,000 pages of documents.”  When Plaintiff indicated concern regarding the adequacy of Defendants’ searching, the parties were unable to resolve their dispute and Defendants ultimately moved for a protective order. Defendants argued that the discovery sought was not proportional to the needs of the case, noting the efforts already undertaken.  Plaintiff disagreed.

Indicating that this case presented “the question of how parties should search and produce [ESI] in response to discovery requests,” the Court reminded the parties that “[t]he best solution in the entire area of electronic discovery is cooperation among counsel” and that “[c]ooperation prevents lawyers designing keyword searches ‘in the dark, by the seat of the pants,’ without adequate discussion with each other to determine which words would yield the most responsive results.” In the present case, the Court concluded that the failure to confer resulted in inadequate searches and, acknowledging Plaintiff’s argument that “[Defendant] alone is responsible for its illogical choices in constructing searches” indicated that, “which searches will be conducted is left to the Court.”

As promised, the Court went on to discuss the three disputed discovery requests and identified specific search terms and custodians to be searched, many of which were proposed by the plaintiff. The Court also instructed the parties to work together to the extent necessary, if the non-responsive documents returned were too voluminous, for example.

The Court ended the opinion by returning to the topic of cooperation:

Electronic discovery requires cooperation between opposing counsel and transparency in all aspects of preservation and production of ESI. Moreover, where counsel are using keyword searches for retrieval of ESI, they at a minimum must carefully craft the appropriate keywords, with input from the ESI’s custodians as to the words and abbreviations they use, and the proposed methodology must be quality control tested to assure accuracy in retrieval and elimination of “false positives.” It is time that the Bar—even those lawyers who did not come of age in the computer era—understand this.

[Citation omitted.]

A copy of the Court’s order is available here.

This post was written by the Electronic Discovery at KL Gates of K & L Gates., Copyright 2017
For more legal analysis go to The National Law Review

FTC Provides Guidance to Social Media Influencers in Live Twitter Chat

Influencer marketing is the popular practice of using individuals with large social media audiences—known as “influencers”—to advertise products and services through their social media accounts. The Federal Trade Commission (FTC) has made it clear that influencers must clearly and conspicuously disclose their relationships to brands when promoting or endorsing products through social media. To emphasize this point, the FTC sent letters to 90 influencers and marketers earlier this year reminding them of their obligation to make appropriate disclosures on ads. The FTC has also provided Endorsement Guides with answers to frequently asked questions from advertisers, ad agencies, bloggers, and others.

Most recently the FTC hosted a live Twitter chat to answer questions and provide guidance on influencer marketing. The FTC covered a number of topics during the chat, from the use of the hashtag “#ad” as a disclosure to built-in disclosure tools on popular social media platforms. Key takeaways from the Twitter chat are:

  • Using “#ad” is a sufficient disclosure, as long as it is hard to miss in the post.

  • Even if an influencer posts from abroad, U.S. law still applies if it is reasonably foreseeable that the posts will affect U.S. consumers.

  • Built-in tools such as the “Paid” tag on Facebook and “includes paid promotion” mark on YouTube are not sufficient to disclose that a post is an ad.

  • For Snapchat and Instagram posts, the FTC suggests superimposing a disclosure over the images. For a series of images, a disclosure on the first image may be sufficient, as long as it stands out, and viewers have time to see it.

The Twitter chat followed shortly after the FTC announced its first settlement with two social media influencers, Trevor Martin and Thomas Cassell, for endorsing the online gambling service CSGO Lotto without disclosing that they were the owners of the company, as well as paying other well-known social media influencers to promote the company without requiring them to disclose the payments in their posts.

Click here to read a transcript of the questions and the FTC’s responses during the official Twitter chat.

This post was written by Edward J. McAndrewPhilip N. YannellaKim Phan & Roshni Patel of Ballard Spahr LLP Copyright ©
For more legal analysis go to The National Law Review