Mark Rasch

Cyber Law Editor

Security Current


Zooming [In]Security

Posted on: 04 Jun 2020

With the COVID-19 Pandemic (remember the COVID-19 Pandemic?) workers were forced to find other means of communicating — including Zoom meetings. While there were a spate of high-profile security issues with respect to Zoom, including open and shared meetings, Zoombombing, sharing data with Facebook, and deliberately routing communications through China and the like, the principal…

Scraping By – California Court Limits Use of Computer Crime Statute for High Volume Scraping

Posted on: 27 Apr 2020

When you “access” a website, what are you authorized to do? And how would you know what is “authorized?” The federal Computer Fraud and Abuse Act, 18 USC 1030 makes it a crime to “access” a “computer” “without authorization,” and further makes it a crime to “exceed authorization” to access a computer. Courts and computer…

No Good Deed… Apple 2FA Case Dismissed by California Federal Court

Posted on: 10 Apr 2020

A few years ago, Apple began pushing “two-factor” authentication on its users.  Through an update in the Operating System, they began to require those who wanted to download and install software to, in addition to providing a password, use a separate out-of-band authentication mechanism. While such 2FA systems are not perfect, and those which rely…

Rogue One. U.K. Supermarket Chain Morrisons Not Liable For Data Breach By Internal Auditor, UK High Court Says

Posted on: 01 Apr 2020

Andrew Skelton was a senior auditor in the internal audit department of UK supermarket chain Morrisons. In July, 2013, Skelton was scolded by Morrisons for some minor misconduct. To get even, Skelton leaked payroll, banking and other data about 126,000 Morrisons employees first to an online accessible website, and then to several newspapers. The breach, forensics,…

Managing Risk in the Era of Pandemic

Posted on: 24 Mar 2020

Cyber Security is NOT about cybersecurity. It’s not about compliance with regulations. At the end of the day, cyber security is about identifying and managing risks. Risks associated with the use and misuse of technology. Risks associated with failing to protect data. Risks associated with doing too little. And risks associated with doing too much.…

DR/BCP – TL:DR – Preparing for the Wrong Disaster is Better than Not Preparing At All

Posted on: 23 Mar 2020

In the wake of the SARS CoViD-19 pandemic, news organizations have been interviewing so-called “preppers” – survivalists who have been preparing for some natural or man-made disaster by hoarding shelf-stabilized food, guns, underground bunkers, water, and backup electricity. The preppers are taking a victory lap essentially saying, “we told you so.” Not quite. You see,…

Data Security for Telecommuters

Posted on: 20 Mar 2020

The first day was like a snow day. Maybe sleep in late. Maybe handle a few hundred e-mails and phone calls. It was either very hectic, or very slow. It was anything but normal. By day three it has already gotten old. You’re not really into the telecommuting routine. You’re not quite “at home” but…

COVID-19 and the Spread of Personal Information

Posted on: 19 Mar 2020

Important News about COVID-19! That e-mail came from the Virginia EZ-Pass. In the past two weeks, if you are anything like me, you have been receiving hundreds of e-mails from vendors, suppliers, and third parties from Outback steak house to 1-800-CONTACTS telling you about their policies, plans or procedures for the coming zombie apocalypse that…

Data Privacy in the Era of COVID-19

Posted on: 16 Mar 2020

One of the most important things for employers, schools, universities, hospitals, and public places to do during the time of a pandemic is to determine (to some degree of certainty) which individuals are infected, which are contagious, and which are symptomatic. The concept of “social distancing” is enhanced if we can know who is contagious…

My CORONA (Virus) – How To Survive With IT

Posted on: 16 Mar 2020

In the wake of the COVID-19 pandemic companies are increasingly calling on employees to work from home. Hospitals, clinics, and doctor’s offices are preparing for massive infections, not only of patients but of healthcare workers. Colleges and Universities are sending students home en masse. Sporting events are considering playing in empty arenas. Airlines and other…