Commentary: Healthcare must embrace new ISO cloud privacy standard

Julie Anderson by Julie Anderson, AG Strategy Group
Monday, April 27, 2015

A new international privacy standard for cloud providers — ISO 27018 — brings an effective means to better protect health data. The privacy standard mirrors some of HIPAA’s tenets while providing an all-important third-party audit mechanism.

What EC v. Google means for US government users

Karen Evans by Karen Evans, KE&T Partners
Friday, April 24, 2015

While the Commission’s case is directed at Google’s conduct in the consumer market, it is important to consider the significant implications this has for enterprise users globally in both the public and private sectors. The EC’s decision reinforces the necessity that customers must educate themselves on the data-use terms of their cloud providers and craft their contracts accordingly.

A booster shot for cloud privacy standards?

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, April 22, 2015

A 2013 update to HIPAA’s privacy standards put greater restrictions on profit-making uses of PHI but did not go far enough. With the update, cloud providers have the option of adopting stronger voluntary privacy standards. Released in August 2014, the ISO/IEC code of practice (known formally as 27018) outlines standards for how providers of public cloud services should handle personally identifiable information). Though there is some overlap with HIPAA, the ISO/IEC code of practice draws several important distinctions:

Is Android a threat to privacy?

Jeff Gould by Jeff Gould,
Friday, April 17, 2015

This week the European Commission took not one but two momentous actions against Google. The first  was the filing of formal antitrust charges accusing Google of abuse of dominance in online search. The second, was the launch of an investigation into Google’s practice of forcing mobile device manufacturers to use its purportedly open source Android operating system in only the way that Google prefers. Android of course is the world’s most widely used operating system, with a rapidly growing user base that now numbers more than one billion. While we usually think of it as something for consumers, Android devices are also used in countless enterprises, schools and government agencies. It’s worth taking a look at what the EU’s Android investigation means for those users.

European Commission: Google's Conduct Infringes on Antitrust Rules

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Wednesday, April 15, 2015

Illegally abusing market position in Internet search is intertwined with data collection, usage, and privacy issues because in order to receive the most relevant search results to a search query a search engine must be able to access and process voluminous amounts of data very quickly. For years, 90% to 96% of Google’s revenue has come from advertising which means it is dependent upon being able to obtain massive amounts of personal information at a low cost to feed its behavioral advertising machine. Data dominance also appears to be a growing concern of the EC. For example, Commissioner Vestager recently stated that she’s studying the U.S.’s “stringent approach to dealing with personal data as a means to payment” in its review of deals. This appears to signal that regulators are beginning to understand that personal and corporate data issues are intertwined with antitrust matters.

Updating Global Cyber Law Enforcement

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Monday, April 06, 2015

The world's cyber network is growing exponentially. As it grows, criminality and malfeasance have followed. But law enforcement is, unfortunately, still mired in a nation-based system of police cooperation - the Mutual Legal Assistance Treaty process - that has not kept up with the pace of the new domain. It is as if the police were using a 1930s Ford to chase a 2015 Tesla. Unless the MLAT process is updated and modernized, law enforcement will remain hopelessly behind, mired in the past.

Don’t let America be boxed in by its own computers

General Michael Hayden by General Michael Hayden, Chertoff Group
Friday, April 03, 2015

In a perverse way, as the saying goes, what goes around comes around. Precedents we set will be followed — or exploited — by others in an economic system that becomes more globalized and hence more interdependent by the day. Already others point to U.S. activities to justify their own, often nefarious, efforts. Witness the Chinese trying to create moral and legal equivalency between legitimate U.S. intelligence and their massive theft of intellectual property, or their placement of newly minted restrictions on U.S. IT firms. One wonders what the Russias and Chinas of the world will demand if U.S.-based firms are forbidden to create encryption schemes inaccessible to themselves or the government. Beyond the realm of speculation, the Chinese company Alibaba has announced plans to open a cloud data center in the United States. How will we feel when a Chinese court orders Alibaba to send data on Americans back to China, citing our own behavior as justification?

How the U.S. and EU Can Find a Path Forward After Snowden

Jeff Gould by Jeff Gould,
Friday, April 03, 2015

The seemingly endless stream of revelations from Edward Snowden about the surveillance activities of U.S. intelligence agencies have put the EU in a bind. Despite the occasional dark suspicions of American officials and media that the goal of EU policy is to hobble American power and influence, the truth is quite different. But today, the EU needs America’s help in shoring up a strategic relationship that is vital to both sides.

Why State and Local Law Enforcement Should Be Part of the MLAT Reform Process

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Wednesday, March 25, 2015

MLATs are formal agreements between countries establishing procedures for requesting evidence stored outside the requesting country’s jurisdiction. Historically, in many time-sensitive cases, law enforcement agencies officials exchanged information informally and private companies cooperated without formal legal process. But with increasing overseas attention to privacy rights and concerns about secret, unilateral data collection by national governments against other countries’ citizens, companies increasingly are refusing to cooperate informally and governments are retaliating for unfair “spying” on their citizens. State and local law enforcement agencies (LEAs) should care about this problem not only because of its potential impact on the general ability of the U.S. to take down international terror and other criminal organizations, but because, in our increasingly interconnected world, what once could have been treated largely as “local” cases, such as cyber fraud and child pornography now require retrieval of evidence from overseas, and even basic crimes without any obvious cyber component will require evidence stored overseas.

Alibaba And The Cognitive Dissonance Of American Data Policy

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Wednesday, March 25, 2015

The issue is put in stark relief by the recent announcement from Alibaba, the Chinese technology company that plans to open up a new data center in Silicon Valley. From a business perspective, the decision makes perfect sense. The center will allow Alibaba to expand one of its product lines — cloud services for businesses — into the American market. It portends an effort by Alibaba to go head-to-head with other cloud service providers, like Amazon, that lease computing systems to businesses. Where, before, Alibaba’s clientele was almost exclusively Chinese, the new data center is part of an effort to become more multinational. And that will give American law enforcement heartburn. Because if they don’t want to be intellectual hypocrites, they are going to be obliged to acknowledge that Alibaba’s entry into the American market also means that the Chinese government will have direct access to American data – because the U.S. government says the exact same thing about American companies operating in China. And that can’t be a comfortable conclusion. The most notable example of this legal theory is a case pending in New York. In December 2013, Microsoft, received a warrant issued by a magistrate in the Southern District of New York that ordered the company to turn over information relating to a user whose data was stored at the company’s Dublin, Ireland, data center.