BACKGROUND:

 

SPEECH –

An example of “public speech”, in this context, would be an open and notorious change to one’s LinkedIn profile, such as adding a project, an interest, or a competency and skill; and then positively choosing to publicize these profile changes to one’s network.

 

WHISPER –

An example of a “public whisper”, in this context, would be changing one’s skills or communication preferences to show openness to career opportunities, thereby letting recruiters know that one might be interested in opportunities; willingly sharing one’s LinkedIn profile with potential recruiters; or making a public speech as above, but then “specifically” choosing to not announce this profile change to one’s network or to members of the general public.

 

LINKEDIN

LinkedIn    (“LinkedIn”) is a very widely-used networking site that allows users to choose between making such public speech and public whispers, in their settings preferences.

 

hiQ

hiQ Labs, Inc. (“hiQ”), is a data analytics entity that has developed and deployed automated “bots” that can access public speech and that last definitional element of a public whisper[1] (hushed or stealthy profile changes) on LinkedIn in a Skill Mapper, allegedly not always in accordance with LinkedIn user-selected visibility preferences,[2] and then further share, publicize or sell the results whether in the raw or aggregated formats to its own customer base of interested employers and parties and persons attempting to contact such job-seeking, job-interested, and passively job interested LinkedIn users.

 

“Companies like LinkedIn, Twitter and Facebook view scraping of the data generated by their users not just as theft – they sometimes charge to license data (to higher level business users) – but a violation of their users’ privacy, because some information can be limited so not all users can view it”[3] [additional words in parentheses].

 

Understandably, LinkedIn, “which charges recruiters, salespeople and job hunters for higher levels of access to profile data”,[4] issued a 3-page cease-and-desist letter to hiQ on May 23, 2017,[5] advising the recipient that it was in violation of the LinkedIn user agreement with those behaviours, notifying  the recipient that additional security precautions had been implemented to prevent any recurrence, demanding that the recipient delete and destroy all such “improperly obtained material” in its possession or custody or control, and putting the recipient on notice that any further such behaviour would be in violation of applicable state and federal laws, with citation to a leading 2015 case in that jurisdiction of the United States federal District Court for the Northern District of California (USDC, NDCA), in which the court had barred similar “website data scraping” conduct.[6]

 

hiQ promptly filed for a Temporary Restraining Order (TRO) in California federal court (USDC, NDCA),[7] to bar any actual application of that cease-and-desist language pending ultimate determination of the underlying matters in a court of competent jurisdiction.  And so it was, that on Monday, August 14, 2017, the court granted hiQ its TRO.[8]

 

 

ANALYSIS:

 

CRAIGSLIST

In the case that LinkedIn cited within its cease-and-desist letter to hiQ, Craigslist, Inc., had filed a Complaint against the defendant, but the defendant had not timely answered.  As a result, Craigslist then applied for and was granted, a Default Judgement.[9]  According to the ruling, a certain Brian Niessen, a Craigslist user, had answered a Craigslist advertisement posted by another Craigslist user, for a “Skilled Hacker at Scraping Web Content”.[10]  Niessen had described himself as a hacker, and professed that he was already scraping several thousand websites, including “[c]raigslist, Twitter, Groupon, Zagat, and others.”[11]  3taps then entered into a business relationship with Niessen to continue his scraping, for them, which Craigslist stated was in violation of its terms of use (TOU) and constituted a breach of contract because Niessen, as a registered Craigslist user, had agreed to the TOU on several occasions.[12]

 

“The TOU prohibit, among other things, “[a]ny copying, aggregation, display, distribution, performance or derivative use of craigslist or any content posted on craigslist whether done directly or through intermediaries, […]”[13]

 

Craigslist did secure injunctions against the Niessen co-defendants, including Lovely, PadMapper, and 3taps.[14]  However, Niessen – named along with those co-defendants in the Amended Complaint with its 17 Claims for Relief,[15] was somewhat more elusive; as he was first difficult to effectively serve with the Complaint, and then after being served, he failed to provide an answer within the specified time.[16]  As a result, the Clerk of Court first entered a Notice of Default against Niessen, and then Craigslist made Motion for a Default Judgement against Niessen, which the court granted.[17]

 

 

LINKEDIN –

LinkedIn had sought a response by May 31, 2017 to its cease-and-desist letter of May 23, 2017.[18]  However, hiQ filed its Complaint for Declaratory and Injunctive relief against LinkedIn on June 7, 2017.[19]  In summary, with the first paragraph of the Introduction for same, hiQ writes:

 

“This is an action for declaratory relief under the Declaratory Judgment Act, 28 U.S.C. § 2201 and 2202, and for injunctive relief under California law.  hiQ seeks a declaration from the Court that hiQ has not violated and will not violate federal or state law by accessing and copying wholly public information from LinkedIn’s website.  hiQ further seeks injunctive relief preventing LinkedIn from misusing the law to destroy hiQ’s business, and give itself a competitive advantage through unlawful and unfair business practices and suppression of California Constitutional free speech fair guarantees.  hiQ also seeks damages to the extent applicable.”[20]

 

hiQ did promptly and appropriately seek and retain counsel to engage in discussions with LinkedIn upon receipt of the cease-and-desist letter, in order to better understand LinkedIn’s position and seek an accommodative solution to their serious differences.[21]  LinkedIn argued through counsel that it was protecting the interests of its users and seeking to remedy violations of state and federal laws; and hiQ argued through counsel that not only did LinkedIn lack any proprietary interests in the posted data, which was still owned by its users, but that LinkedIn was therefore attempting to “pervert the purpose of the laws at issue by using them to destroy putative competitors, engage in unlawful and unfair business practices and suppress the free speech rights of California citizens and businesses.”[22]

 

On May 30, 2017, hiQ then sent its own letter to LinkedIn seeking the ongoing interim website access that would allow it to persist as a going concern – because “complying with LinkedIn’s demands would essentially destroy hiQ’s business”,[23] while continuing discussions towards “a mutually amicable resolution” of their impasse.  However, on receiving no response, hiQ filed its Complaint for declaratory and injunctive relief.[24]

 

 

HIQ –

The parties entered into a standstill agreement that preserved hiQ’s access to the public LinkedIn data, and agreed to convert hiQ’s original motion into one for a preliminary injunction, after the court had heard the initial party arguments on the hiQ complaint on July 27, 2017.[25]  In California federal District Court, “[a] plaintiff seeking a preliminary injunction must establish that he is likely to succeed on the merits, that he is likely to suffer irreparable harm in the absence of preliminary relief, that the balance of equities tips in his favor, and that an injunction is in the public interest.[26]  Within the United States Court of Appeals for the Ninth Circuit, which lays-down controlling precedent for United States Federal District Courts in California and several other states and territories,[27] there is a sliding scale for the standard of proof on these elements; which means “a stronger showing of one element may offset a weaker showing of another.”[28]

 

The court also grappled, inter alia, with the language of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030,[29] which prohibits and sanctions unauthorized (whether lacking authorization ab initio or with authorization later revoked), or improperly elevated or improperly applied access to a computer or computer system, because although the LinkedIn profiles were public, they rested on one or more private servers, which were computers.[30]  However, as the court finally opined, “[…] hiQ has, at the very least, raised serious questions as to applicability of the CFAA to its conduct.[31]

 

“The CFAA must be interpreted in its historical context, mindful of Congress’ purpose. The CFAA was not intended to police traffic to publicly available websites on the Internet – the Internet did not exist in 1984. The CFAA was intended instead to deal with “hacking” or “trespass” onto private, often password-protected mainframe computers.”[32]

 

With regard to hiQ‘s claims that the LinkedIn conduct had violated applicable California free speech laws, the court was more circumspect.  hiQ had cited to Robins v. Pruneyard Shopping Ctr.,[33] a case involving attempts to curtail political speech in a privately-owned shopping mall, to analogize that the LinkedIn site was a public forum akin to a shopping mall with guaranteed free access, free speech, and free association, because “[…] the state’s guarantee of free expression may take precedence over the rights of private property owners to exclude people from their property.”[34]

 

The court was very loathe to start traveling down this most slippery of slopes, stating that: no court had, as yet, extended Pruneyard to the internet in so complete a manner; unlike a shopping mall, the Internet had no single controlling authority; there may result significant repercussions on the capacity of social media hosts to curate posted materials in such a public forum; and there was a lingering question as to whether the same rules would apply to the websites of small, medium, and large entities, alike.[35]  The court therefore concluded, that “[i]n light of the potentially sweeping implications discussed above and the lack of any more direct authority, the Court cannot conclude that hiQ has at this juncture raised “serious questions” that LinkedIn’s conduct violates its constitutional rights under the California Constitution.[36]

 

On the balance, the court agreed that hiQ had raised enough of a question as to whether LinkedIn’s actions against it had violated the provisions of California’s Unfair Competition Law (UCL)[37] by “leveraging its power in the professional networking market for an anticompetitive purpose”;[38] disagreed that hiQ had either claimed to be a third-party beneficiary of LinkedIn’s promise to its users that they could control the publicity of their profiles, or shown that a third-party could assert such a claim of promissory estoppel in the first instance;[39] and agreed that the public interest favoured a granting of hiQ’s injunction, because “[i]t is likely that those who opt for the public view setting expect their public profile will be subject to searches, date (sic) mining, aggregation, and analysis.”[40]

 

 

CONCLUSION:

 

Of note, regarding all of its claims and especially the estoppel claim, hiQ had also argued that LinkedIn had long acquiesced to its usage of the website and publicly available user data in this way; including attending hiQ conferences where the host thoroughly explained its methodology and business model, and even gave at least one LinkedIn employee an award.[41]  Indeed, some industry commentators have opined that LinkedIn has merely had a change in policy subsequent to its acquisition by Facebook which the courts should not enjoin, and they foresee several other negative repercussions from the outcome of this case if hiQ prevails, and they expect LinkedIn to appeal the District Court ruling.[42]  However, there are also several strong voices supporting hiQ that see negative repercussions if LinkedIn prevails.[43]

 

Suffice it so say that for now, LinkedIn has been Ordered to withdraw its cease and desist letters to hiQ, and stop blocking hiQ, both with immediate effect from the August 14, 2017 date of the Order of Edward M. Chen, United States District Judge.[44]

 

We await LinkedIn’s appeal,[45] if any, but in the interim …… all who so do, are advised to publicly shout, and to publicly whisper, with caution, because they never know who might be cataloguing their words – and where those words that they own might land; (or more specifically, land the originator of those very words) in this Gig e-conomy[46] that exemplifies the gentle admonition that “sharing is daring!

 

 

*********************************************************************

 

Author:

Ekundayo George is a lawyer and sociologist.  He is a keen student of organizational and micro-organizational behavior and has gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services and Public Finance, Public Procurement, Healthcare and Public Pensions, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.

 

Of note, Mr. George has now worked at the municipal government, provincial government, and federal government levels in Canada, as well as at the municipal government, state government, and federal government levels in the United States.  He is also a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and enjoys complex systems analysis in legal, technological, and societal milieux.

 

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

 

 

[1] See Infra note 7 at Introduction, ¶2.  hiQ does specifically state in its Complaint, that: “hiQ does not analyze the private sections of LinkedIn, such as profile information that is only visible when you are signed-in as a member, or member private data that is visible only when you are “connected” to a member. Rather, the information that is at issue here is wholly public information visible to anyone with an internet connection.”  But See HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 6.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>…

“LinkedIn maintains that […] while the information that hiQ seeks to collect is publicly viewable, the posting of changes to a profile may raise the risk that a current employee may be rated as having a higher risk of flight under Keeper even though the employee chose the Do Not Broadcast setting. hiQ could also make data from users available even after those users have removed it from their profiles or deleted their profiles altogether. LinkedIn argues that both it and its users therefore face substantial harm absent an injunction; if hiQ is able to continue its data collection unabated, LinkedIn members’ privacy may be compromised, and the company will suffer a corresponding loss of consumer trust and confidence” [emphasis added].

[2] Id. at Introduction, ¶5.  On this point, hiQ writes to specify LinkedIn’s 5 levels of profile visibility preference, and emphasize its own limited access to and use of same:

“LinkedIn members can choose to (1) keep their profile information private; (2) share only with their direct connections; (3) share with connections within three degrees of separation; (4) allow access only to other signed-in LinkedIn members, or (5) allow access to everyone, even members of the general public who may have no LinkedIn account and who can access the information without signing in or using any password. It is only this fifth category of information – wholly public profiles – that is at issue here: hiQ only accesses the profiles that LinkedIn members have made available to the general public.”

[3] Thomas Lee.  LinkedIn, HiQ Spat Presents Big Questions for Freedom, Innovation.  Published July 8, 2017 on sfchronicle.com.  Web: <http://www.sfchronicle.com/business/article/LinkedIn-HiQ-spat-presents-big-questions-for-11274133.php#comments>

[4] Ibid.

[5] LinkedIn Corporation.  RE: Demand to Immediately Cease and Desist Unauthorized Data Scraping and other Violations of LinkedIn’s User Agreement.  Letter dated May 23, 2017.  Web: <https://static.reuters.com/resources/media/editorial/20170620/hiqvlinkedin–ceaseanddesist.pdf>

[6] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[7] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017).  COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF. Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[8] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[9] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[10] Id. at 2.

[11] Ibid.

[12] Id. at 3.

[13] Id. at 2.

[14] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 3.  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[15] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. November 20, 2012).  First Amended Complaint.

Web: <http://www.3taps.com/images/pics/430_Amended Compalint .pdf>

[16] Supra note 14 at 3.

[17] Ibid.

[18] LinkedIn Corporation.  RE: Demand to Immediately Cease and Desist Unauthorized Data Scraping and other Violations of LinkedIn’s User Agreement.  Letter dated May 23, 2017.  Web: <https://static.reuters.com/resources/media/editorial/20170620/hiqvlinkedin–ceaseanddesist.pdf>

[19] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017). COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF.  Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[20] Id. at Introduction, ¶1.

[21] Id. at ¶¶27-8.

[22] Id. at ¶28.

[23] Id. at ¶¶34, 38, 46.

[24] Id. at ¶29.

[25] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 3.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>…

[26] Id. at 4.

[27] The United States Court of Appeals for the Ninth Circuit covers Alaska, Arizona, California, Guam, Hawaii, Idaho, Montana, Nevada, the Northern Mariana Islands, Oregon, and Washington state.  See generally Geographical Boundaries of United States Courts of Appeals and United States District Courts.  Online: <https://www.supremecourt.gov/about/Circuit Map.pdf>

[28] Supra note 25 at 4.

[29] Congress of the United States, United States Code18 USC 1030: Fraud and related activity in connection with computers.  Title 18: Crimes and Criminal Procedure; Part I: Crimes; Chapter 47: Fraud and False Statements. Web: <uscode.house.gov/browse/prelim@title18/part1/chapter47&edition=prelim>

[30] Supra note 25 at 10.

[31] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 16.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[32] Id. at 10.

[33] See Robins v. Pruneyard Shopping Ctr., 23 Cal. 3d 899, 905 (1979).

[34] Supra note 31 at 18

[35] Id. at 19.

[36] Id. at 20-21.

[37] See Unfair Competition Law (UCL), Cal. Bus. & Prof. Code §17200 et seq.

[38] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 21.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[39] Id. at 23.

[40] Id. at 24.

[41] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017). COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF. Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA), at ¶7.  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[42] See generally Tristan Greene.  The future of your data could rest in the outcome of LinkedIn vs HiQ case.  Posted August 24, 2017 on thenextweb.com.  Web: <https://thenextweb.com/insider/2017/08/24/hiq-is-the-david-to-linkedins-goliath-in-legal-battle-over-user-data/#.tnw_Q1Tn05Hv>…

[43] Id.

[44] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 21.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[45]  – Reserved

[46] For a general overview of the Gig e-conomy and its monopoly potential, see e.g. Ekundayo George.  Monopolies and Market Dominance in the “GIG” e-conomy: What Might These Look Like / Are We There Yet?  Published July 16, 2017 on ogalaws.wordpress.com.  Web: <https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/>

Advertisements

PREAMBLE:

In this data-driven world, we approached data from a complex systems perspective and assigned 5 data domains or “faces” as follows: Form Factors, Applications, Categories, End-Users, and Scale.  In Part 1 – Form Factors,[1] we identified some of the data devices through which data impacts upon us, and we impact upon the data.  In Part 2 – Applications,[2] we looked at the tools we use to collect, collate, and manipulate that data.  Now, in Part 3, we look at some of the different “Categories” of this Data.

ANALYSIS:

Categories.

These are the different ways in which we describe, define, and otherwise compartmentalize our data, in order to make it more malleable, manageable, and ultimately intelligible.

Level 2 (management): At this level, we have placed just two options: (i) an Externalized one for aggregation and analytics; and (ii) an Internalized one for commoditization and consumption.  In the first category, we have the original “Big Data” as collected, which is then aggregated and analyzed in various ways, by person and/or by machine.  It is the end-product in pieces, predictions and prognostications, or printouts, which is then packaged into more manageable morsels for the ultimate consumer.  That ultimate consumer can be any or all of a business, an individual or group, or a government or government agency.

Level 3 (security): As our focus is on the categories of data in a general sense, this “security” level will differ somewhat in its focus on the base-level “non-controls” or “intentional security lapses” that can now generally apply to data in three different spheres.  These, collectively termed “EULA3” or “EULA Cubed“,[3] are: (i) End-User Legal Authority; (ii) End-user License Autonomy; and (iii) End-User Leveraged Ability.  The first refers to the copyright exemption-like authority now permitting many end-users to further customize and develop commercial off-the-shelf software, such as screensavers, skins, avatars, and general gaming applications.[4]  The second refers to the various degrees of autonomy from traditional and restrictive use and geographic licensing that some consumers have, by using unlocked data devices – whether lawfully or not so lawfully unlocked.  This can range from having data devices function to reach data from geographic locations where they would not otherwise have been functioning; through number or service portability and the freedom it provides from multi-year service contracts with single providers; to opting-out of otherwise automated software updates and pre-sale software bundling.[5]  The third refers to the enhanced data-centric abilities that end-users now have as a result of the interconnected nature of data and the many faces of data.[6]  With the increasing expanse and depth of social media and apps for almost anything thinkable and unthinkable, there is no longer really any such thing as “use only as recommended”, because many future uses (Applications) of today’s data devices (Form Factors) – and of the data itself, are yet to be set-down or even known, and whether or not lawful where or when so ultimately used.

Level 4 (provenance): On this level, there are four categories for the origin of the data.  These are Social, Business, Personal and Government.  (i) Social as a source category, can include anything and everything ever put online.  (ii) Business as a source category, can include any and all personally identifiable, preference, contact information, and other data (personal data) voluntarily or involuntarily provided to a business by a consumer, or by another business.  Some restrictions on resale and usage, or transfer by and between internal divisions may apply, as per the entity’s Privacy Policy.  However, there can be exemptions for certain categories of data; additional concessions and goodies, such as rebates and special offers can be provided to customers who give the data custodian company carte blanche with regard to their provided data; and, of course, there are those instances where things go wrong or misplaced, or when careless business moves and messy business bankruptcies lead to provided data finding its way into dumpsters,[7] pawn shops,[8] second-hand and auctioned goods,[9] and to provided data being otherwise exposed through data breaches.[10]  (iii) Personal as a source category, may include spoken or written communications, non-verbal cues, and the contents of a lost wallet, purse, form factor, or mass storage device.  Finally, (iv) government as a source category, encompasses all the information that a government has (or could possibly have) on the individual or the business within its jurisdiction (or data-reach), for whatever reason, and from whatever other or intermediary origin point.

Level 5 (attack surfaces): As with the prior data domains covered – Form Factors and Applications – there are myriad, overlapping, and ever-multiplying attack vectors.  Here, we will merely identify the five transitional steps as attack surfaces within data categorization, where attacks may occur.  These are, at: (i) creation, collection, and collation; (ii) tokenization, encryption, and manipulation; (iii) storage and access; (iv) transmission and transportation (whether actual or virtual); and (v) disposal and destruction.[11]

Level 6 (aggregation): Finally, and just as with Applications, all Data “Categories” levels can be found and aggregated across the same 6 spaces as identified for Applications.  These are: (i) Cloud API; (ii) Datacenter; (iii) In-house server; (iv) workgroup; (v) single system desktop or laptop, social media, or gaming console/application; and (vi) mobile, to include tablet, smartphone, and wearable-tech.

CONCLUSION:

The depth and breadth of Data as a complex system continue to be enhanced by the interactions of its five Domains, and of the many faces therein. Having now considered Form Factors, Applications, and Categories, our next and penultimate installment will consider the “End-Users” Data Domain.[12]

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in legal, technological, and societal milieux.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors).  Published on ogalaws.wordpress.com, November 1, 2013.  Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[2] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 2 – Applications).  Published on ogalaws.wordpress.com, December 27, 2013.  Online: >https://ogalaws.wordpress.com/2013/12/27/the-100-faces-of-data-a-5-part-complex-systems-study-part-2-applications/<

[3] Ekundayo George.  Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers (at section z:  “End-User Legal Authority/ License Autonomy/ Leveraged Ability (EULA3, or cubed)”).  Posted on ogalaws.com, March 16, 2013.  Web: >https://ogalaws.wordpress.com/tag/end-user-leveraged-ability/<

[4] Id.

[5] Id.

[6] Id.

[7] Chris Saldana, Reporter.  Dumpster Full of Personal Information Discovered.  Posted on 8newsnow.com, September 18, 2007.  Online: >http://www.8newsnow.com/Global/story.asp?S=7091061&nav=168XJuYl<

[8] Danielle Walker, Reporter. Doctor’s stolen laptop found at pawn shop; data of 652 patients exposed.  Posted on scmagazine.com, April 1, 2013.   Online: >http://www.scmagazine.com/doctors-stolen-laptop-found-at-pawn-shop-data-of-652-patients-exposed/article/286812/<

[9] Joe Willis, Regional Chief Reporter.  Workers’ personal information found in cabinet sold at auction.  Posted on thenorthernecho.co.uk, August 5, 2013.  Online: >http://www.thenorthernecho.co.uk/news/10589828.County_Durham_workers__personal_information_found_in_cabinet_sold_to_Spennymoor_man_at_Newcastle_auction/?ref=nt<

[10] Sean Sposito.  Data breaches: It’s likely to happen to you. Published on theglobeandmail.com, January 28, 2014.  Online: >http://www.theglobeandmail.com/report-on-business/international-business/data-breaches-its-likely-to-happen-to-you/article16558877/?page=all<

[11] The 3 customary data state categorizations of: (A) Data at rest; (B) Data in use; and (C) Data in motion, are too limited for the purposes of our schema, and any comprehensive implementation of a Data Loss Prevention (DLP) regime.

[12] See Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 4 – End-Users)Posted on ogalaws.wordpress.com, April 9, 2014.   Online: >http://www.ogalaws.wordpress.com/2014/04/09/the-100-faces-of-data-a-5-part-complex-systems-study-part-4-end-users-2/<

PREAMBLE:

We live today, in a data-driven world, full of data-driven economies (with projection and attempted matching of demand and supply); data-driven goods (with just-in-time components, and trends); data-driven services (customer preferences, and promotions); and even data-driven data – such as with supervisory control and data acquisition (SCADA), network functions virtualization (NFV), software-defined networking (SDN), and a host of analytics functionalities.  With so much data at stake, in play, and even getting in the way of people and other data, we should at the very least, try to gain a better understanding of it.  What is it, where does it come from, how do we use and interact with it, and what visible and invisible impacts does it now have (or might it later have), on us as individuals, on our societies and groups, on our behaviour and interactions, and on our individual and collective futures?

INTRODUCTION:

Let us consider “data” from a complex systems perspective.  We adopt a business perspective, excluding the individual one which would make the model unwieldy.  So, to begin, we single-out and assign 5 Data Domains: Form Factors, Applications, Categories, End-Users, and Scale; using the mnemonic of “faces”.

In order to visualize this conception, each of these 5 “faces” is placed in the order of their above presentation looking-out in 5 directions as emanating from about a central point labeled “DATA”.  Each of these 5 is also set on the flat top of an equilateral pyramid that radiates outward to occupy an arc of 72 degrees.  The total of 72 degrees as multiplied by 5, fills the entire 360 degrees of allocable area as emanating from that central “Data” point.  Hence, there are actually 5 separate and distinct pyramids growing out of that Data.  By the way, despite this visualized introduction, we won’t get too technical.

With the flat top of the pyramid being the source, each pyramid is further divided into 6 levels, with each level having increasingly more elements as one moves further out from the central point of origin.  The first level has that single element on the flat-top; the second has two; the third has three; the fourth has four; the fifth has five; and the sixth has six.

Adding the totals of 2 through 6 (in elements per level) within each pyramid, yields 20.  Multiplying this 20 by the 5 Domains, gives 100, thereby creating those 100 Faces of Data, for which the study is named.

ANALYSIS:

We shall now consider the 5 Data Domains in their “faces” order of appearance under this model, which differs from the logical “cafes” sequencing.

Form Factors.

These are the tools with which we gain access to data.

Level 2 (security): In the simplest bifurcation at this level (security), these are wired and wireless, with each needing different approaches, tools, and standards to ensure and maintain their security, availability or uptime, and ongoing reliability as fit for the intended purpose.[1]  The former (wired), would be anything in a home or office environment that was tethered, such as a desktop or laptop on the wired LAN, whilst the latter (wireless), would encompass anything from a laptop connecting by means of a wireless router, through to a smartphone or tablet with WI-FI access (or Li-Fi access),[2] or any wearable, implantable or near-field communication (NFC) device pulling, pushing, or both pulling and pushing data.

Level 3 (provenance): The variety of available form factors is further enhanced at this level, where they are divisible into customer-configured, commercial and-off-the-shelf (COTS) or unknown, and custom-configured.  Items in the last category are or have been, or are capable of being configured for optimum functionality, security, and ease of administration including in-house or outsourced mobile device management (MDM) by a responsible system administrator, such as with a company-issued form factor.  The first (customer-configured) category is known by the system administrator to be or have been configured by the customer (employee) or client (third-party accessing a company website or subsystem), such as with devices they own in their own names; which may or may not be capable of transformation or migration to the third category in a Bring Your Own Device (BYOD)-type scenario.  The second (COTS) category, is those form factors of which the responsible system administrator has no knowledge, or that are commercial and off-the shelf and possibly not even configured at the most basic level.  These would include jail-broken devices, those running pirated and illegal software, and those belonging to or co-opted by, rogue operators and networks with proven or potential malicious intent.

Level 4 (management): On this level, there is a category for identity and access management (IAM), a category holding management “controls for risk, encryption, and security technique” (CREST), and two categories for regulatory compliance.  Regulatory Compliance (generic) includes privacy and Intellectual Property Rights (IPR) regimes, which, although they may differ somewhat across jurisdictions, tend to follow similar lines of reasoning.  Regulatory Compliance (specific) includes subnational, national, and transnational rules, and any industry-specific codes to which the business must adhere; such as the federal Health Insurance Portability and Accountability Act (HIPAA) governing covered entities in the United States of America’s healthcare industry and all Business Associates involved with them; the Payment Card Industry Data Security Standards (PCI-DSS) for the global financial services industry to the extent that its members do business with or through the United States; and transnational rules and accords for banking (BASEL III), countering transnational crime (Anti-Money-laundering), and when applicable, any sanctions applied by a national body (nation state), a regional grouping (such as the European Union), or a global collective, such as the United Nations Organization (UN).

Level 5 (attack surfaces): The available attack vectors are myriad and constantly evolving, as they range from social engineering, through exploiting little known or common software vulnerabilities for “man in the middle” spoofing and “zero-day-vulnerability” phishing attacks, to advanced persistent threats such as distributed denial of service (DDOS), SQL-injection, and the full panoply of malware payloads for keylogging, botnetting, and data exfiltration on a massive scale.[3]  Our concern here is on the vulnerable areas, that soft underbelly of the form factor as an attack surfaces that remains under-or un-protected far too often.  For the individual owner, the form factor attack surface would include the solely-owned real device, and the single-user virtual device or service.[4]  For the business owner, this would be the business-owned device.  And finally, for the business non-owner, this would include the business-leased real device, and the business-leased virtual device or service; which fully implicates and encapsulates the cloud space.  Each of these attack surfaces represents its own known and unknown vulnerabilities that ideally require active governance and running adaptation[5] to responsibly manage.

Level 6 (aggregation): Businesses should consider six categories of relevant form factor aggregation on their owned and leased devices.  For businesses specifically, the two categories would be: Business to Business (B2B), and Business to Consumer (B2C) sales and marketing, and also the device and customer servicing that follow business and consumer trends and prevailing practices.  For governments, specifically, the two categories would be: in aid of current regulatory activities, and in aid of future service planning and preparation – as knowing which form factors are likely to be most in use aids in network capacity planning and regulation.  Businesses should also be aware that criminals and criminal groups also try to aggregate the form factors of and as used by businesses, for purposes of planning and conducting exploit campaigns, and also for purposes of monetization on their exploit campaigns as planned, while still live and underway, or as recently suspended for a time or fully concluded.

TABULATION:

Level

*Standard Name

Form Factors

Applications

Categories

End-Users

Scale

 

 

 

 

 

 

 

1

domain

form factors

applications

categories

end users

spaces

2

*MPS

MPS

MPS

MPS

MPS

MPS

3

MPS

MPS

MPS

MPS

MPS

MPS

4

MPS

MPS

MPS

MPS

MPS

MPS

5

attack surfaces

attack surfaces

attack surfaces

attack surfaces

attack surfaces

attack surfaces

6

aggregation

level

aggregation

level

aggregation

level

aggregation

level

aggregation

level

aggregation

level

 

 

 

 

 

 

 

MPS stands for management, provenance (or origin), and security.  The 5 Domains vary as to the level on which each of these applies.  However, the lack of cross-level comparison is restricted to these three levels, alone.  In the rest of the tabulation, direct parallels between levels can be more easily made.

CONCLUSION:

The relationship of data to form factors is clearly broad and deep, as these 20 distinct points show.  When considering that each of these above 20 faces in the Form Factors Data Domain can combine with and interact with each and every one of the other 80 faces across the other four Data Domains identified, one begins to understand how this is a complex system in the most classic sense of that term.

In the next installment, we will look at the “Applications” Data Domain.[6]

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in the legal, technological, and societal milieu.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] There was a time when senior management in many large businesses did not take Information Security /Cybersecurity advisories as seriously as they should have.  Today, however, with fines and penalties for preventable privacy breaches running into the millions (before individual lawsuits), and the potential for the loss of millions of records on the loss of a single flash drive or portable hard drive, that story has changed.  However, it cannot hurt to remind everyone to simply “cube the B” when planning for security, so that it sticks.  This stands for ensuring Buy-in at all levels with regard to security policies and rules – especially with senior management; which should be followed by Budgeting accordingly, so that IT can secure the human, material, and financial resources to do its job and do it well without constantly having to justify more funding; and following Best Practices in the industry or the art when it comes to security forecasting, planning, drafting, implementing, and reviewing.  See e.g. Ekundayo George.  Individual (allegedly) Wreaks Havoc with Former Employer – Another Teachable Moment in Infosec.  Posted on ogalaws.com, May 16, 2013.  Web: >https://ogalaws.wordpress.com/2013/05/16/individual-allegedly-wreaks-havoc-with-former-employer-another-teachable-moment-in-infosec-2/<

[2] Nick Heath, in European Technology.  Researchers break speed record for transmitting data using light bulbs.  Published on techrepublik.com, October 29, 2013.  Web: >http://www.techrepublic.com/blog/european-technology/researchers-break-speed-record-for-transmitting-data-using-lightbulbs/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531<

[3] For a brief overview of a recently-discovered, critical browser–specific attack vector, see Iain Thomson.  Big browser builders scramble to fix cross-platform zero-day flaw.  Published on theregister.co.uk, June 13, 2013.  Web: >http://www.theregister.co.uk/2013/06/13/cross_platform_browser_flaw_in_wild/<

[4] “Service” as here used, includes the entire “as a service” category, whether SaaS, PaaS, IaaS, or otherwise.

[5] For one prediction of the likely steps needed to maintain protection across an ever-expanding Attack Surface, See Patrick Lambert, in IT Security.  Growing attack surfaces require new security model.  Published in techrepublic.com, January 15, 2013.  Web: >http://www.techrepublic.com/blog/it-security/growing-attack-surfaces-require-new-security-model/<

[6] See Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 2 – Applications).  Published on ogalaws.wordpress.com, December 27, 2013. Online: >https://ogalaws.wordpress.com/2013/12/27/the-100-faces-of-data-a-5-part-complex-systems-study-part-2-applications/<

Having practiced law in the United States and still keeping a discerning eye on the occasional changes in U.S. National Security and other laws, I wrote, quite some time ago,[1] that it was important for anyone and everyone migrating to a cloud platform or not even “thinking” they used one, to be aware of such things as where their data stood, slept, or transited.  Now, it seems that more Canadians are aware of the need for this, with a recent article in the Ottawa Citizen newspaper drawing attention to the “near-open-access” to any and all data on U.S. servers,[2] no matter who the owner is, or where in the world they physically sit,[3] or are legally domiciled.[4]  If something is already comfortably in your own pocket where you can sense it and hear it jingle-jangle as you walk and talk, then only in the most extraordinary circumstances will someone ask you not to adjust it or look at it at your leisure, and actually have you comply.

 

I still believe that the Cloud “is” a positive development and that it “can” be a productive platform – especially in terms of backup and redundancy, or in disasters and emergency situations, as was recently proposed in New Jersey.[5]  However, this worthy end-state can only be reached, when:

(a)    Properly governed by the appropriate regulators in a more globally cooperative fashion;[6]

(b)   Used with eyes wide open by both vendors and clients, and with proper regard to their rights and duties regarding third parties;

(c)    Balanced with enterprise, agency, and personal best practices, and insurance coverage appropriate to the data, users, risks[7] and regulations, and custodians;

(d)   Legal counsel sufficiently aware of the Cloud’s advantages and disadvantages to advise you, can draft or review your Cloud Services Agreements, or negotiate them from the outset, if the latter option is actually made available to you by the Vendor;

(e)    Industry Vendors agree to some degree of stabilization and standardization, and a modicum of synchronization in exigent situations that adequately respects local laws;

(f)    Companies in that space, begin – in addition to the current rules on breach disclosure, notification, and remediation – to be more open in educating the public on some of the potential Cloud hazards, as well as on the potential benefits of the many and evolving cloud-based offerings now available, including: SaaS ~ Software as a Service (tools for processing, analysis, accounting, CRM, and back-office functions); UaaS ~ Utilities as a Service (providing video, audio, and gaming on demand); PaaS ~ Platforms as a Service (for email, online backup, or desktops-on-demand); and IaaS ~ Infrastructure as a Service (tools for collaboration, integration, and visualization).

 

As a work in progress the Cloud space is not a perfect thing, but it “is” a growing and increasingly popular and pervasive one, and it should now be obvious that those who do not even “think” they need to know about the Cloud, should actually be paying the most attention to its growth and diffusion into more and more facets of their work, lives, and free- or down-time.

************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.). Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

 


[1] See Ekundayo George.  To Cloud or Not to Cloud: What are Some of the Current, Most Pertinent Pros and Cons? Text at points (c) and (d) under “Disadvantages (potential)”.  Published on ogalaws.com, December 28, 2011.  Online: >https://ogalaws.wordpress.com/2011/12/28/to-cloud-or-not-to-cloud-what-are-some-of-the-current-most-pertinent-pros-and-cons/<

[2] Ian Macleod, The Ottawa Citizen.  Cloud computing law puts Canadian users at risk of snooping by American spies.  Published on ottawacitizen.com, February 2, 2013.  Online: >http://www.ottawacitizen.com/business/Cloud+computing+puts+Canadian+users+risk+snooping+American/7907562/story.html<

[3] The Telegraph.  US authorities can spy on the iCloud without a warrant.  Published on telegraph.com, January 30, 2013.  Online: >http://www.telegraph.co.uk/technology/news/9836715/US-authorities-can-spy-on-the-iCloud-without-a-warrant.html<

[4] Of course, some people have proclaimed that increasing encryption is the answer to protecting one’s privacy online.  However, considering the facts that: (i) the United States (although not the only place where they are made) puts severe restrictions on the export of certain technologies including those for encryption; (ii) it is commonly known in the security and technology fields that certain nations have an ability to “pre-etch” backdoors into their chips; (iii) external attacks may be targeted at specific hardware, software, or “usage/speech” by means of little known vulnerabilities, through the growing family of tools that now includes Stuxnet, Duqu, Flame, and Gauss, as well as the “Anonymous” entity, and others now in existence or still as yet unknown; and (iv) certain promoters of greater encryption have tended to receive greater regulatory attention …. this may be a little hard.

[5] Katie Eder.  Experts consider how to address communications challenges ahead of next Sandy.  Published on njbiz.com, February 5, 2013.  Online:  >http://www.njbiz.com/article/20130205/NJBIZ01/130209911/Experts-consider-how-to-address-communications-challenges-ahead-of-next-Sandy<

[6] David Kravets.  Internet Safe From Globalized Censorship as UN Treaty Fails.  Published on wired.com, December 14, 2012.  Online: >http://www.wired.com/threatlevel/2012/12/united-nations-internet/< Many naysayers had predicted that the goal of this conference was UN-domination of the internet, but its failure might have actually been due to the reluctance or outright refusal of certain nations, to submit to limits on extraterritorial surveillance.

[7] Terry Collins and Anne D’Innocenzio, The Associated Press.  Twitter hackers nab data on 250,000 accounts.  Published on ottawacitizen.com, February 2, 2013.  Online: >http://www.ottawacitizen.com/business/Twitter+hackers+data+accounts/7911027/story.html

%d bloggers like this: