Home Tags Injunction

Tag: injunction

Appeals court: Uber engineer can’t plead the 5th

A court showdown over an injunction looms, and it’s not looking good for Uber.

Mobile industry loses its bid to stop Berkeley’s cellphone warning law

9th Circuit: local law actually “complements and reinforces” federal law, policy.

Judge orders Uber to search servers, work harder to find Waymo’s...

"In 42 years, I've never seen a record this strong. You are up against it."

Secretly recorded Planned Parenthood tapes barred from publication

Two activists criminally charged with allegedly violating privacy of people filmed.

ISPs to block set-top boxes that illegally live-stream soccer matches

Premier League wins court injunction requiring server-level blocking.

ZeniMax files injunction to stop Oculus from selling VR headsets [Updated]

But legal expert says an injunction is an uphill climb following civil verdict.

UK fails to gag press over ID of ex-spy at center...

EnlargeSpencer Platt/Getty Images reader comments 48 Share this story His name is now scribbled all over the Web, and the ex-MI6 man who is alleged to have compiled a dossier containing unsubstantiated and lurid claims about US President-elect Donald Trump is reportedly in hiding. However, despite the details being readily available online, the UK's ministry of defence—following a long-standing practice—politely requested the British press to carefully consider the potential consequences of disclosing the individual's name.
In a letter to editors and publishers, retired RAF Air Vice-Marshal Andrew Vallance, who holds the post of defence and security media advisory secretariat, said on Wednesday: In view of media stories alleging that a former SIS [secret intelligence service; MI6] officer was the source of the information which allegedly compromises president-elect Donald Trump, would you and your journalists please seek my advice before making public that name. The guidance was given through fear that revealing the identity of the ex-MI6 man "could assist terrorist or other hostile organisations." Nonetheless, the BBC and other major British news organisations have disclosed details of the individual, whose name and current directorship at a London-based private security firm was initially published in the US press and heavily shared on social media. But such a decision by the BBC and others is a stark departure from the past when publications and broadcasters that received a so-called D-notice (defence notice), later replaced by a DA-notice (defence advisory notice), would often fall into line with the MoD's request in a very British spirit of collaboration. Enlarge / Google quit the D-notice committee in response to the Snowden revelations. NOVA/PBS The D-notice first came into play in 1912, two years before World War I broke out, when Whitehall mandarins decided that an organisation should be created that addressed matters of national interest. Members of the press were included on the advisory panel, and they remain so to this day. However, the makeup has changed a little: the likes of Google representatives have sat on the committee, for example, though, the US ad giant withdrew its voluntary support in light of Edward Snowden's damning disclosures about the NSA. Historically, publishers and editors have largely responded in kind to the frightfully polite requests from the MoD. Members of the committee have long argued that it doesn't amount to censorship from the British government, instead insisting that they are simply exercising restraint with stories that may, on reflection, damage national security.

But Vallance and his predecessors can only gently nudge the press to consider the sensitive material they have in their possession before publishing it. Where disputes arise between the government and publications, Vallance works independently as a go-between to "help resolve disagreement about what should be disclosed" before any legal action is taken against the press to suppress information by way of a court injunction. But today, the relevance of the D-notice—as it continually tends to be described—seems to be slowly ossifying, and we can see this from the decision by the likes of the BBC to publish the name of the ex-spy at the centre of the uncorroborated Trump dossier story, which claims that Russia has compromising information about the president-elect. In 2015, in acknowledgement that it was becoming increasingly difficult to put a lid on sensitive information being shared online, the UK government renamed the DA-notice to the Defence and Security Media Advisory (DSMA)—a system which currently costs £250,000 a year to run.

The inclusion of the word "security" is perhaps there to try to make it crystal clear to the media that supposedly risky disclosures endanger not only military and spook-types, but also British citizens. But, while it continues to try to sign up more digital and social media representatives, the DSMA committee has admitted that there is "no obvious answer" to the challenges presented by the Web.
It has previously argued that the "mainstream media" remains the superior source for news, regardless of gossipy tittle-tattle—no matter how inflammatory or lacking in reality—that is shared online.

Events in recent months, though, seem to suggest that the line is more blurred than ever before because it is far less clear who is setting the news agenda. We're in for a long four years if the answer turns out to be Trump's Twitter account. This post originated on Ars Technica UK

D-Link sucks so much at Internet of Suckage security – US...

Router biz sued by Uncle Sam for hardcoded passwords, exploitable bugs and more America's trade watchdog is suing D-Link, alleging the router and camera vendor failed to implement basic security protections in its gear. The FTC said that its complaint was based on D-Link's failure to take "reasonable steps" to secure its products, putting the privacy of citizens everywhere at risk as a result. "Hackers are increasingly targeting consumer routers and IP cameras – and the consequences for consumers can include device compromise and exposure of their sensitive personal information," said FTC Consumer Protection Bureau director Jessica Rich. "When manufacturers tell consumers that their equipment is secure, it's critical that they take the necessary steps to make sure that's true." Among the transgressions the FTC cites in its legal complaint [PDF] are: This despite D-Link advertising its products as having "advanced security" protections and using secure connection protocols. As a result, the FTC says, D-Link illegally misrepresented its products and put the privacy of its customers at risk. The FTC also notes the danger D-Link's security lapses presented to people who were not their customers, as the poorly-secured routers and cameras presented prime targets for hackers looking to build IoT botnets. The suit alleges six violations of the FTC Act of 1914: one count of unfairness and five counts of misrepresentation for security event response policy, router promotional material, router GUI, IP camera promotional material, and IP camera GUI. The complaint seeks costs and damages as well as an injunction to further penalize D-Link should it continue to violate the FTC Act. In a statement, the hardware maker said: "D-Link denies the allegations outlined in the complaint and is taking steps to defend the action. The security of our products and protection of our customers private data is always our top priority." ® Sponsored: Customer Identity and Access Management

To Airbnb’s chagrin, judge allows San Francisco rental law to stand

EnlargeMARTIN BUREAU/AFP/Getty Images reader comments 35 Share this story A federal judge in San Francisco has put the brakes on Airbnb’s efforts to halt a new local law that would require the company to verify listings that have been registered with the city first. If the ruling is upheld on the likely appeal, it may pave the way for similar regulations of the short-term housing market in other cities. Last month, Airbnb and San Francisco lawyers appeared before US District Judge James Donato to argue Airbnb’s motion for a preliminary injunction, which he denied on Tuesday. As Ars reported previously, the new 2016 San Francisco law expands upon a previous ordinance that Airbnb itself helped initially draft.

That ordinance requires hosts to have registration numbers from the city and pay a $50 fee for the privilege. The San Francisco law also requires that listings on sites like Airbnb clearly publish this new registration number, and the law holds both the host and the "platform" (Airbnb) potentially civilly and criminally liable for non-compliance.

Among other potential penalties, Airbnb or other platforms could be forced to pay $1,000 each time such a site processes a booking from an unlicensed host. During last month's hearing, Airbnb focused on its legal argument that it was protected primarily under Section 230 of the Communications Decency Act.

This law protects "computer service" providers from being found liable for speech made by its users. But Judge Donato didn’t agree.

As he wrote: But the Ordinance does not threaten the liability plaintiffs fear.

As the text and plain meaning of the Ordinance demonstrate, it in no way treats plaintiffs as the publishers or speakers of the rental listings provided by hosts.
It does not regulate what can or cannot be said or posted in the listings.
It creates no obligation on plaintiffs’ part to monitor, edit, withdraw or block the content supplied by hosts.

To the contrary, as San Francisco has emphasized in its briefs and at oral argument, plaintiffs are perfectly free to publish any listing they get from a host and to collect fees for doing so—whether the unit is lawfully registered or not—without threat of prosecution or penalty under the Ordinance.

Dkt. No. 57 at 9; Dkt. No. 72 at 25:20-24.

The Ordinance holds plaintiffs liable only for their own conduct, namely for providing, and collecting a fee for, Booking Services in connection with an unregistered unit. The two sides will again appear before the judge on November 17 to discuss lingering issues with how, exactly, the new law will be enforced.

Lawyers file fake lawsuits to de-index online negative reviews, suit says

EnlargeUrich Baumgartgen via Getty Images reader comments 3 Share this story Two California lawyers are being accused of filing "sham lawsuits" in a wide-ranging conspiracy to get Google and other search engines to de-index negative reviews about their clients.

As the case (PDF) brought by a group called Consumer Opinion states: The other conspirators engaged attorneys Mark W. Lapham ("Lapham") and Owen T. Mascott (“Mascott”) to file sham lawsuits either by the subjects of the negative reviews or by corporations that had no interest in the allegedly defamatory statements, against a defendant who most certainly was not the party that published the allegedly defamatory statements, and the parties immediately stipulated to a judgment of injunctive relief, so the conspirators could provide the order to Google and other search engines, thus achieving the goal of deindexing all pages containing negative reviews. Consumer Opinion runs pissedconsumer.com, and the group says these lawyers essentially manipulated California's legal system by conducting a "rather brilliant but incredibly unethical" scheme to make negative reviews on the site essentially disappear from search results.

The suit asks a federal judge to "discipline them for those misdeeds." The suit notes a complex web of reputation companies and fake or "stooge" defendants working together.

According to the lawsuit, it works like this: the attorneys sue the "stooge" authors of negative reviews—allegedly defamatory reviews that are published on the pissedconsumer.com site.

But these lawsuit defendants didn't actually write the review, and the suits immediately settle.

The judgements are then used to get Yahoo, Google, and Bing to erase negative reviews from search results.

The suit alleges that a Florida attorney, the subject of some 59 negative reviews on pissedconsumer.com, was among the beneficiaries of the alleged scheme. The lawsuit points out six similarly worded defamation lawsuits lodged in Contra Costa County, just east of San Francisco.

The suits are filed, according to the lawsuit, because pissedconsumer.com won't remove the reviews from its website. "The scam is not all that complicated," Marc Randazza, Consumer Opinion's attorney, wrote in the lawsuit. Mascott did not immediately respond for comment.

The answering machine for Lapham was full, so Ars could not leave a message. This isn't the first time we've seen these type of allegedly fake lawsuits try to game search results, according to Paul Alan Levy of Public Citizen and Eugene Volokh of the Volokh Conspiracy. The duo has concluded there are at least 25 cases nationwide with what they call a "suspicious profile." "Of these 25-odd cases, 15 give the addresses of the defendants—but a private investigator hired by Professor Volokh (Giles Miller of Lynx Insights & Investigations) couldn’t find a single one of the ostensible defendants at the ostensible address," they wrote. Levy and Volokh pointed out that search engines, when presented with a court order, "can't really know if the injunction was issued against the actual author of the supposed defamation—or against a real person at all."

Comcast customers sue over fees that push price above advertised rate

Alyson Hurtreader comments 75 Share this story A proposed class-action lawsuit accuses Comcast of falsely advertising low prices and then using poorly disclosed fees to increase the amount paid by cable TV customers. Comcast's "Broadcast TV Fee" has increased from $1.50 a month to $6.50 since 2014, while its "Regional Sports Fee" has gone from $1 to $4.50 since 2015, according to the complaint filed last week in US District Court in Northern California (PDF). These fees are in addition to the advertised rates. "Comcast’s fraud pervades the entire life cycle of the customer," the complaint says. "First, Comcast conceals and misrepresents the fees in its advertising and in its communications with prospective customers. Second, Comcast commits billing fraud by subtracting the invented fees from the top-line service price in its bills and instead hiding and disguising the charges elsewhere in the bill. Third, to any customers who question Comcast about the bogus charges, Comcast staff and agents explicitly lie by stating that the Broadcast TV Fee and the Regional Sports Fee are government-related fees or taxes over which Comcast has no control." Comcast also recently told customers that it would start charging a $2 "Voice Technology Fee" in January 2017, according to DSLReports, but references to the new fee seem to have been removed from Comcast's website. Even signing a multi-year contract for a fixed monthly rate does not protect customers from fee increases, the lawsuit says. "By increasing these fees in the middle of the contract term, Comcast has found a way to secretly and repeatedly increase the monthly price it charges for its channel packages despite its promise to charge a flat rate for one or two years," the complaint said. The proposed class action has eight plaintiffs in California, Washington, New Jersey, Illinois, Colorado, Florida, and Ohio, all of whom exercised their rights to opt out of Comcast's arbitration clause. They allege breach of contract, unjust enrichment, and violation of consumer protection laws in their states of residence. The plaintiffs seek a court order certifying the class; an injunction preventing Comcast from continuing with the alleged deception; and monetary damages including "disgorgement of all profits and unjust enrichment that Comcast obtained as a result of its misconduct as alleged." Comcast hasn't filed a response in court yet, but it provided a statement to Ars today, saying, "We have been working to make it easier for customers to understand what they’re paying for, which is why we list the Broadcast TV and Regional Sports fee separately on the bill and include disclaimers about them in our advertising. It’s also worth noting that the complaint itself demonstrates that these fees are disclosed and that they’re not part of promotional pricing.” The fees are related to the amount Comcast pays broadcasters and programmers to carry TV channels. Comcast's website says the Broadcast TV Fee "recovers a portion of the costs of retransmitting broadcast television signals," while the Regional Sports Network Fee "recovers a portion of the costs of distributing regional sports networks to customers receiving our Digital Starter and Xfinity TV 450 Latino tiers of service." Comcast has blamed rising TV prices on its payments to programmers, saying in 2014, "Our programming costs have increased by over 130 percent over the past 10 years while our consumer pricing has increased at about half that rate." The proposed class action says that advertising materials often "buried [the Broadcast TV fee] in fine print (where it was listed only by name and never defined) in a sentence which included government-related taxes and fees that may be charged." The complaint provides screenshots of Comcast's online ordering system, demonstrating that the displayed monthly totals don't include the additional fees: Enlarge "Comcast’s statement that 'This is the base monthly total of all recurring charges for the services you have selected' is a lie," the complaint says. "Comcast intentionally omits the recurring and invented monthly Broadcast TV Fee and Regional Sports Fee from the 'Monthly Total' even though those fees are in fact additional 'recurring charges for the services you have selected' (then totaling $4.25/month in Sacramento, California) above and beyond the promised flat rate price of $89.99/month." Another screenshot of the final order submission page prominently states the monthly charge as $89.99 a month without saying what the extra fees will cost: The complaint also includes the text of customer support chat transcripts in which customer representatives describe the fees as "taxes." A Comcast residential services agreement quoted in the complaint lumps extra costs to consumers in with "governmental or quasi-governmental taxes, fees, or assessments." "Comcast is intentionally deceiving its customers, and committing massive billing fraud, by hiding and misrepresenting the bogus Broadcast TV Fee and Regional Sports Fee in its bills in order to avoid being caught raising prices on its customers and breaching its agreements with them," the complaint said. In a separate matter, the FCC last week fined Comcast $2.3 million for billing customers for services and equipment they never requested. In February, six Democratic US senators criticized Comcast and other providers for charging erroneous fees, such as cable modem rental fees billed to customers who bought their own modems.

You’ve been hacked. What are you liable for?

'It won't happen to me...' but best be prepared Hacking is big news and we’re all susceptible.
In the UK, hackers could face jail time under the Computer Misuse Act, but the question on many businesses’ minds will be where the liability lies if they are hacked. The list of successful mega breaches continues to grow; extra-marital affairs site Ashley Madison hit the headlines last summer when data was exposed about its 37 million users, although it appeared many of those were fake accounts.

Earlier this year, Yahoo! revealed the numbers behind its 2014 data breach – 500 million user account credentials were stolen. In 2016, the SWIFT financial payments system was hacked, and this came after another group using the same approach stole $81m from the Bangladesh central bank.

Even the US central bank, the Federal Reserve, detected more than 50 cyber breaches between 2011 and 2015, according to cybersecurity reports obtained through a freedom of information request. Regulator fine Telecoms company TalkTalk has the dubious honour of having received the largest fine ever imposed by the Information Commissioner’s Office – £400,000 – for a cyber attack which allowed access to customer data “with ease”.

The ICO’s investigation revealed that Talk Talk could have prevented the attack by taking simple basic steps to protect customer information. The TalkTalk fine is far lighter than the £3m fine issued by the then-FSA in 2009 for not having adequate systems and controls to protect customers’ confidential information. But even that fine seems small compared to the new fines on the way under GDPR.
In general, failing to take appropriate measures could lead to a fine the higher of €10m or 2 per cent of an undertaking’s total worldwide annual turnover.
If coupled with other data breaches, these figures could be doubled to €20m and 4 per cent. One of the difficulties facing organisations is that data protection legislation is vague when it comes to specifying the standards of protection required.

The Data Protection Directive and the UK Data Protection Act both require the data controller to “implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access”. This concept is carried over to the new EU General Data Protection Regulation, which will be enforced throughout the EU – yes, including the UK – from May 2018.
In fact, it also requires the controller to build in data protection by design and by default. What does this actually mean though? What measures are appropriate? Well, the ICO has not yet stipulated a particular minimum threshold for protection, but it generally penalises organisations that suffer the loss of unencrypted laptops and mobile devices.

The GDPR itself suggests pseudonymisation and data minimisation as part of a data controller's approach to protection. While the vagueness in the legislation might mean businesses aren’t clear on what they have to do, it also means the law doesn’t have to be constantly updated to specify the latest industry standards on data security.

Besides, every CISO I’ve spoken to has a clear understanding of what measures are appropriate, and it’s just whether they can persuade the CFO to allocate the budget for it. Espionage In March of 2016, a Chinese businessman pleaded guilty to conspiracy to hack computer networks of US defence contractors holding information about the Stealth Bomber, which he was claimed to have passed to the Chinese government. If you operate in the defence industry, you are likely to have made various promises to the government under the Official Secrets Act or the US and other national equivalents. You will probably have a fairly good idea of what is expected of you, so we need not go into detail here, save to reiterate that breaches could amount to jail time. Business failure While state-sponsored hacking does happen, it seems most breaches are actually the result of either criminal activity or "kids messing around".

The Chinese government might not be after your business secrets, but your competitor might.

According to a Secure Works report published earlier this year, hacking a competitor could be as cheap as $500 per mailbox. You should attempt to quantify how much it would cost your business if you are unable to prevent others from seeing your customer database or your price list. Or in the worst-case scenario, all your business data is scrambled. Love or hate Coca Cola and KFC, their businesses are based on keeping their recipes secret and out of the public domain.
If their recipes leak out, it could destroy their business. Why pay a premium for use of information if you can use it for free and develop a competitive product? Lawsuits While it’s unlikely you will get compensation from someone who hacks your data, you might have to pay out to your customer or supplier for any losses they sustain as a result. Every commercial and technology agreement I draft, whether I’m acting for a supplier or a customer, has a clause clarifying that both sides will protect confidential information.

This usually acts as a reminder of the general law of confidentiality, but the greater the perceived value of the information in question, the more the clause will supplement that with extra detail.

At the least it will say a party will use information disclosed to it only for the purposes of the agreement and will disclose it only to those people who need to know it and for the purposes of the agreement. A more robust clause might require the parties to get individual employees or subcontractors to execute a confidentiality undertaking.
Some clauses will say a party will protect the other’s confidential information to the same standard as it protects its own and, in any event, no less than a reasonable standard.
It will often have an acknowledgement that if the confidentiality obligation is breached, compensation would not be an adequate remedy and that a court injunction would be vital to protect confidentiality – although compensation will often be payable too though, if it is too late for an injunction. Finally, many agreements contain an indemnity for breach of data protection or confidentiality obligations. Some business partners will undertake a data security audit of your business to ensure you have adequate measures in place.
Some will rely upon a warranty that you comply with ISO 27001 or some other data standard. At the least, it will turn upon whether you took a reasonable standard of care under the circumstances.

There will be no point relying upon a force majeure exception – an event beyond your reasonable control – if you should have taken stronger security measures.
In its criticism of TalkTalk, the Information Commissioner effectively issued a harsh warning to other organisations: “Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.

TalkTalk should and could have done more to safeguard its customer information.
It did not and we have taken action.” It is worth taking note of two recent court rulings (although neither involved hacking).
In October of 2016, the High Court granted an injunction preventing the misuse of confidential information obtained under customer-supplier relationship relating to the production of edible infused oils.
In June this year, in the culmination of a long-running dispute over misuse of confidential information, the Court of Appeal upheld a judgment that a business rival set up by ex-employees had to pay $485,000 compensation for developing a competitive mosquito net product indirectly using confidential information. Reputation damage and loss of customers Ultimately, if your customers desert you because you have lost their confidence after a data breach, this might be more costly than regulatory fines and legal action.

TalkTalk admitted to losing 101,000 customers and £60m due to the hack.

The fine they received from the ICO pales in comparison against this level of loss and is higher even than the new fines under the GDPR. It won’t happen to me Many businesses are convinced it won’t happen to them. Kevin Mitnick, arguably the world’s most famous hacker and now a trusted security consultant, commented recently that 80 per cent of US businesses have been hacked – many not even aware of it – and HR and sales departments are the most often hacked because they are the least computer security aware. It is clear to me that affordable data breach fines will be phased out under GDPR, and Brexit is unlikely to change that.

Also, businesses have a clear remedy for a breach of confidence.
It might be time for you to reassess your data security and your confidentiality obligations. ®