Pete recommends – weekly highlights on cyber security issues – March 4 2018

Subject: U.S. Supreme Court wrestles with Microsoft data privacy fight
Source: Reuters via Yahoo

Globally dominant American tech companies have expressed concern that customers will go elsewhere if they think the U.S. government’s reach extends to data centers all around the world without changes being made to the law. Microsoft, which has 100 data centers in 40 countries, was the first American company to challenge a domestic search warrant seeking data held outside the United States. The Microsoft customer whose emails were sought told the company he was based in Ireland when he signed up for his account.

Subject: How Students Cheat in a High-Tech World
Source: The Chronicle of Higher Education

Cheating has become increasingly complex, with students in the United States going online to find surrogates in other countries to do their work for them. This collection of nine articles prepares educators for new challenges in stemming a tide of deception.

Subject: wins a new client in USAJobs, the government’s central job board
Source: FedScoop

Those applying for civil service jobs through the central federal hiring site USAJobs will now sign in using It’s a win for the government single sign-on project created by 18F and the U.S. Digital Service. USAJobs is the portal’s fifth and biggest use case to date. USAJobs Program Manager Michelle Earley cited’s security as a decisive element in its favor. “A major reason USAJobs will be transitioning to is because it uses two-factor authentication, which will give users an extra layer of security to help protect their USAJobs profile against password compromises,” Earley said in a statement. Outside of USAJobs, is currently used by the U.S. Customs and Border Protection for its jobs site, its Trusted Traveler Program and its Outlying Area Reporting Stations app. is also in use by a USDS internal tool.

One of the key benefits of is that it is a single sign-on solution, which means that users can use the same email address and password to sign into any government website. This value, however, only becomes truly meaningful as a critical mass of agencies begin to use on their websites.

Subject: Google Says It’s Received 2.4 Million Takedown Requests Under EU’s ‘Right to Be Forgotten Laws Laws
Source: Gizmodo

Google has now been complying with the European Union’s controversial “right to be forgotten” laws, which the European Court of Justice first ruled applied to search engines in 2014, for three years. On Monday, the search giant released an updated version of its annual Transparency Report, which discloses how many and what kind of requests Google has received to delist pages from results and in how many instances the company complied. According to the report, it looks like the company is being asked to remove content an awful lot. From 2014-2017, it received approximately 2.4 million requests—though it only complied with 43 percent of them. About a third of the takedown requests pertained to individuals who wanted personal information like directories or social media histories scrubbed from the web, while an additional 20 percent covered an individual’s legal history (i.e., being mentioned in crime reports or on government pages).

Subject: Can first responders counter fake news?
Source: FCW – The Business of Federal Technology
[also references a weather-related incident]

In addition to fires, floods, active shooters and other natural and man-made crises, first responders often must deal with misinformation about breaking events polluting social media and putting people at risk. A federal advisory group based at the Department of Homeland Security’s Science and Technology Directorate has been studying the problem of fake news as it pertains to first responders. A report approved Feb. 22 by a working group of the Homeland Security Science and Technology Advisory Committee lays out best practices for using and monitoring Twitter, Facebook and other social media platforms during an ongoing disaster or event. The Social Media Working Group for Emergency Services and Disaster Management report noted that bad actors with malicious agendas often use hashtags and other links to divert social media traffic toward advertising or coordinated social media phishing scams.

Sometimes, according to the report, even well-intentioned social media posts wind up misleading people. It mentions a Facebook post about the 2015 Nepal earthquake that asked for help for a village that was devastated in the event. That village, however, had been helped by a non-governmental organization before the post went out. The post reached 350,000 people around the world in just a few days on, but the need was no longer there and the social sharing wound up wasting time and resources.

Subject: Laws on Recording Conversations in All 50 States
Source: Matthiesen, Wickert & Lehrer, S.C. via BeSpacific

Laws on Recording Conversations in All 50 States
See also related reference from last June via Quartz – As Comey shows, documenting conversations with your boss can be smart – “Careful documentation of meetings via notes and memos is part of the FBI’s culture (via NYT), but there are sound reasons for ordinary workers to at least consider doing the same when we talk to our bosses. Taking notes—or better, recording conversations in states where its legal—is sound practice for employees who feel their managers are doing something inappropriate…

Subject: Personal Injury Cases: Know the Costs; When It’s Worth Hiring a Lawyer
Source: MoneyNing

As someone navigating this territory for the first time, I’m learning about the differences between lawyer’s fees and expenses, settlement stages, and the like. It’s not fun, and it can get very confusing. While I’m not offering expert legal advice, I’d like to shed some light on the process from a financial perspective.

Posted in: Cyberlaw, Cybersecurity