The $42 Billion Tweet

The AP feed was hacked by the Syrian Electronic Army, a group of activists and hackers who claim to be supporters of the Syrian President Bashar al-Assad. The group posted a tweet claiming that ‘explosions’ had been set off in the White House and that Barack Obama had been injured. AP employees immediately responded by correcting the tweet and temporarily suspending the AP Twitter account.
Despite AP’s quick response, the impact of the hack was felt in the financial world as the resulting Wall Street panic from the hacks caused a brief stock market crash. The stock market dropped by around $42 billion in a matter of minutes after the hack. This represented a fall of some 15%.  Stocks recovered quickly once AP had regained control of its account, but this incident shows how easily the financial market can be affected by poor password protection on social media sites.
Twitter hacks of large organisations are becoming increasingly common. Recent victims include Burger King and Jeep. Burger King’s official Twitter account was hacked in February; the hackers took control of the site, changed the Burger King avatar to the McDonald’s logo, and made an announcement that Burger King had been taken over by McDonald’s. Burger King temporarily disabled the site and rectified the changes, though this did little to lower the embarrassment for the company.
Jeep’s Twitter account was hacked just one day after the Burger King hack, with similar alterations made to the account. The hackers announced that Jeep had been bought by Cadillac and featured a model of the Cadillac ATS on the account. Ironically, Jeep had tweeted about the Burger King hack only a few minutes, emphasising the importance of online security. McDonald’s and Cadillac both deny any involvement in the hacks.
These recent hacks demonstrate the serious security risk posed by inadequate password protection. Increasing password strength using a mixture of numbers, lower and upper case letters, and non-alphabetic characters can reduce this risk, as can limiting the amount of people to whom the password is made available.

Hackers are turning their attention to the less securely defended IT systems operated by SMEs

Cybercriminals don’t target only major corporations with six-figure profits, a recent report from Symantec has found. In fact, as a group SMEs are more vulnerable than large businesses to cyber-attacks.

Symantec’s report states that SMEs are frequently the victims of targeted attacks; businesses with fewer than 250 employees accounted for 31% of all targeted attacks in 2012. These attacks consist of purpose-built malicious codes which are distributed to individual businesses, and SMEs are at a particular risk because unlike large corporations, they often do not have adequate anti-virus programmes to block these attacks.The report found that attackers also ‘use SMEs as springboards…against larger organisations’ with which the SMEs have business relationships. While SMEs have lower resources than large businesses, they still have valuable assets such as intellectual property and information about customers and clients, and these are the types of assets that cybercriminals exploit in targeted attacks. Symantec’s report also notes that a significant reason for the scale of cybercrime aimed at SMEs is the lack of knowledge among SMEs about their vulnerability to attacks.

The report put forward several recommendations for both SMEs and consumers to secure their systems and protect themselves from cybercrime. One of the most important of these was informing SMEs of the risks posed by cybercrime, since ‘small size and relative anonymity are not defences against the most sophisticated attacks.’ Symantec also recommended that SMEs install ‘mutually supportive defensive systems’ to prevent cyber-attacks taking place – these include regularly updates firewalls, anti-virus systems, intrusion protection systems, data loss protection software, and web security appliances. Raising employee awareness of how cybercrime takes place, and how it can be prevented, was another of Symantec’s recommendations. The report found that attackers are focussing on employees in sales and in research and development roles, implying that ‘attackers are casting a wider net and targeting less senior positions…in order to gain access to companies.’

Mark Zuckerberg did say that he wanted to punch any Facebook competitor “in the face really hard”

The dispute over the term ‘Timeline’ is set to go to full trial in the U.S. after Facebook was unable to have the case dismissed at first instance.
The dispute arose between social media giant Facebook and Timelines Inc., a Chicago-based website which allows users to compile chronologies of historical and personal events. Timelines Inc. claimed that Facebook’s use of the ‘Timeline’ trademark has led to confusion among its users and this has subsequently affected the company financially. The company registered the ‘Timeline’ trademark in 2010.
Facebook brought in the ‘Timeline’ feature to its user pages in September 2011, and Timelines Inc. brought action against Facebook for trademark infringement when the new feature was introduced to the public. Facebook claimed fair use of the ‘Timeline’ term and counter-sued, claiming that Timeline Inc.’s registered marks were not distinctive enough to warrant protection, and requested a cancellation of the registrations. Timelines Inc. further claimed that Facebook took steps to deliberately mislead the public, in that users who searched for Timeline Inc.’s Facebook page would be redirected to Facebook’s informational page about the Timeline feature.

On 1st April U.S. District Judge John W. Darrah rejected Facebook’s argument, stating that the term ‘Timeline’ is not generic because it had acquired a specific meaning associated with Timeline Inc. The judge noted that Timelines Inc. has millions of dollars invested in the company and over one thousand active users on its website, and that Facebook itself has fought legal battles over trademarked terms such as ‘poke’ and ‘like.’ Judge Darrah also rejected Facebook’s claim of fair use, since there were ‘genuine issues of material fact’ regarding Facebook’s use of the term ‘Timeline’ in good faith; evidence showed that Facebook had been aware that the ‘Timeline’ trademark was already registered but introduced the feature regardless. In relation to the issue of good faith, the judge also noted the rather bizarre statement made by Facebook’s creator and CEO, Mark Zuckerberg, that he ‘wanted to punch anyone who tried to compete with [Facebook] in the face really hard.’ The result of the ruling means that the case will be decided by jury. Timelines Inc. is suing for damages equivalent to the advertising revenue Facebook has gained through its Timeline feature. The trial date is set for April 22nd.

The UK ICO joins the rest of Europe in investigating whether Google complies with Data Protection Legislation

The UK Information Commissioner’s Office (” ICO”) has launched an investigation against Google in order to determine whether Google’s privacy policy complies with the Data Protection Act. The move follows an initial investigation by French data protection agency CNIL on behalf of the Article 29 Working Party, of which the ICO is a member.

Since then, similar investigations have been launched by other European countries – namely Germany, Italy, Spain and the Netherlands, as well as the UK – after concerns were raised by data protection regulators that the search engine’s privacy policy did not comply with national legislation. The regulators repeatedly brought their concerns to Google after the search engine changed its privacy policy in 2012, but Google has so far refused to amend its policy, resulting in the current investigation.

Google’s privacy policy, which came into effect on 1st March 2012 and from which users cannot opt out, allows Google to collect and store information about its users across all of its products and services, such as YouTube, Google Play, Gmail and Google+. The linked data policy has raised criticisms from numerous organisations as well as from data protection regulators. The main complaint against Google’s privacy policy is that it is unclear how Google stores and uses the collected data and is thus a threat to user privacy. There are also concerns that this lack of clarity could allow users details to be shared with third parties without users’ knowledge.

The search engine giant has defended its privacy policy, arguing that collecting and combining data on its users provides ‘a simpler, more effective service’ and improves the user experience. Critics, however, have claimed that the reason behind the privacy policy is to develop better targeted advertising, and that Google is more concerned with advertising revenue than user protection.

If the investigations find that Google’ privacy policy has breached national legislation on data protection, the company could find itself facing six-figure fines from each of the individual data protection agencies. The ICO alone could levy a fine of up to £500,000, and the CNIL could impose a fine of up to €300,000. While these fines would be not significant in comparison to the profit generated by Google, the regulators could also take action to impose restrictions on Google within the EU. This could potentially lead to restrictions on Google’s ability operate and to collect data within the EU, which would be highly damaging not only to Google’s sales but also to its reputation.

Make sure you have deep pockets before you let the kids play games on your iPad….

An increasing number of parents are bringing complaints to Apple about purchases made on iPads and iPhones by their children without their consent. There are many games and apps which are free to download but which charge for in-app extras and accessories, such as virtual currency and game pieces. These additional features seem to be the cause of the vast sums of money being spent by minors without their parents’ knowledge. Some may feel that parents should take responsibility for their child’s excessive online spending. This certainly seems to be Apple’s position on the matter; many parents have complained to the technology giant but have not received refunds for purchases made by their children without their knowledge. Apple insists that they are not to blame because the rules regarding in-app purchases are stated within the terms and conditions of the games, to which parents must agree when downloading the apps. The company has argued that because the terms and conditions create a contractual relationship between themselves and the parents, the in-app purchases are not voidable and there is no obligation to provide a refund.

Unsurprisingly, many parents disagree with this view and some have brought legal action against Apple to try and recover their money, although with varying degrees of success. A recent case involved a 13-year-old who made in-app purchases of £3,700; Apple has refused to grant a refund and the boy could potentially face criminal charges for fraudulent purchases. Another case involved an eight year-old boy who spent nearly £1000 on in-app purchases. His parents were also refused a refund. However, in a landmark U.S. class-action settlement Apple has agreed to refund up to $100 million (£66 million) to the parents of children who made unauthorised in-app purchases. This refund was given because at the time the class-action suit was brought, Apple did not require a password entry for every in-app purchase. This made it easier for children to make purchases without their parents’ knowledge. Unfortunately for U.K. parents, the class action is only relevant to the territory in which it was filed (i.e. the U.S.) and so will not be of much help in bringing legal claims for in-app purchases made without their consent.

Reports of the demise of the music industry due to illegal downloading may have been greatly exaggerated….

Contrary to popular opinion, web piracy isn’t having a detrimental effect on download sales made by the music industry. This is quite surprising, especially since some sources from within the music industry claim hat as many as 95% of music downloads are illegal.
A report by made by the Institute for Prospective Technological Studies found that despite the copyright infringement involved in illegal downloading, ‘there is unlikely to be much harm done on digital music revenues’ as a result of web piracy. In fact, the study also found that legal download purchases would actually be around 2% lower without the availability of illegal downloading. Good news for any who feel pangs of guilt over their own illegal downloads.

Not everyone is happy with the report, however. The IFPI, an international music industry organisation, has objected to the report, criticising the report’s findings as ‘disconnected from commercial reality.’ The organisation claims that the conclusion that legal music downloads are not affected by piracy ‘cannot be logical’ – though this seems somewhat contradictory with their own 2012 report, which found that digital album sales grew by 23% globally in 2011 despite the prevalence of online piracy

Google can now add Spain to France, the UK and much of the EU who have investigated its practices….

Google, has added to its troubles in Europe, with the Spanish Data Protection Agency (“AEPD”) its latest adversary, added to a long list of other state including the UK and France who were angered by Google’s accessing of private WiFi networks by its StreetView cars . The clash has come between the more liberal approach to freedom of expression adopted in the US, compared with the increasing  importance European countries place on privacy.

This particular case involves a man who previously had to auction his belongings due to a failure to pay social security bills . When he Googled his name an article about this appeared high up in the search results and he complained to the AEPD. The AEPD, whilst recognising that the information was lawful and true requested that Google remove the post. Google refused to remove the post and subsequently the AEPD  took them to court which ruled in their favour, however Google is now appealing this decision in the European Court of Justice (“ECJ”).

If the AEPD are successful it will mean a massive change on the responsibility pinned on search engines. Google’s claim is that it is not a publisher it merely indexes the information online. Newspapers as the publishers are therefore under a responsibility to take down any articles which they chose to publish; they are however protected by freedom of expression so long as the articles are not based on false or defamatory information. If Google were to be held responsible for monitoring this information then they will in effect be treated like a publisher in absence of the freedom of expression protection given to newspapers. This would result in search engines having a much higher level of control over the information we can access and will mean that they have the power of censoring information online. This would appear contrary to the right to freedom of expression.

If Google are successful then this will mean that the right to freedom of expression will have outweighed the right to privacy and the related ‘right to be forgotten’ in this context. This will result in search engines maintaining the right to index all information made available to the public by publishers. This means that when people find themselves in situations like this the only way for them to get the information removed will be to request that the publisher of the article removes the information. This is not an isolated case, it appears that there are many examples of claims like this being brought against Google in Spain, and therefore the decision of the ECJ will have a vast effect over future outcomes including the ongoing EU negotiations on the new EU Data Protection rules.

Not really the sort of person you would want as a Facebook Friend then…..

Online bullying is a modern day phenomenon which has been aided by the increasing number of social networking sites. Facebook has come up top in a recent survey investigating where ‘trolling’ is most prevalent, claiming 87% of the reported abuse. What may be a surprise to some people is that the category of people victimised most is 19 year old boys. The report showed that 65% of bullying among teenagers occurred online and what is more worrying is that 34% said that it lasted more than a month.
Facebook have defended their site claiming they have a strict policy do not to tolerate bullying.

There are many measures in place to deal with it, for instance users can block others and report abuse, the site maintains that they take such reports seriously and can remove threats quickly. Despite this the majority of teenagers do not make use of the protection in place with 60% never having reported the problem. Part of the difficulty therefore lies with teenagers lack of faith in gaining support, many of them felt that nothing would be done and only 17% felt comfortable telling their parents about the problem.

Although the report names Facebook as the most common social network for trolling there was evidence of abuse linked to other social networking sites with twitter coming in second with 19% of abuse. In an earlier report almost a third of people claimed to know someone who has been subject to abuse and one in ten has experienced it themselves. The report also interestingly showed that 2% of the public admitted to sending abusive messages to strangers on the internet. This shows that trolls don’t always have a strong motive or personal connection to the victims; they may just simply do it because they feel they can get away with it. A unique aspect of the internet is that it enables people to remain anonymous or set up fake accounts so they don’t fear getting caught.
Knowthenet have a section dedicated to advising those who find themselves victims of trolling. In order to overcome the problem victims need to start seeking support and make use of precautions in place on individual social networking sites.

Just how long will this keep going for?

Like the Star Wars series which now looks set to run and run with new episodes and spin offs filling multiplexes for the next decade, the Apple v Samsung disputes just keep on running and running.

Apple and Samsung have been feuding over Intellectual property rights all over the world
since 2010. Samsungs level of success has been measurably lower than Apple who were
successfully awarded $1.05 billion damages in the US for patent infringement. This decision
has however since been recalculated by the courts. The judge ruled in Samsungs favour
slashing the amount of damages to be paid by 40%. This is a massive decrease which
reduces the award by $450.5 and symbolises a remarkable victory for Samsung.

The judge said that the reason for this decision was that in the previous judgement the jury
had relied upon ‘impermissible legal theory.’ The jury were instructed at the time of the trial
to discount the information given by one witness as it could not be relied upon. The judge
ruled that in calculating the amount of compensation the jury had ignored this instruction as
the size of the sum awarded clearly reflected the unreliable information.

There has also been another battle going on between the pair but this time in the UK where
Apple have secured another successful claim against Samsung who were claiming that
Apple were infringing their technology which allows phones to send and receive data via 3G
networks. The technology was covered under three different patents owned by Samsung
however the court ruled that these patents were invalid and therefore could not be relied
upon. This means that the technology in question was not protected by a valid patent and
therefore Samsung will not be entitled to any form of damages.

Significant privacy issues will be created in Google Glass goes viral…

Google Glass is the most hotly anticipated new arrival in “wearable computing” – which experts predict will become pervasive. In the past 50 years we have moved from “mainframe” computers that needed their own rooms to ones that fit in a pocket; any smartphone nowadays has as much raw computing power as a top-of-the-line laptop from 10 years ago.

The next stage is computers that fit on to your body, and Google’s idea is that you need only speak to operate it. The videos that the company has put online – and the demonstrations by Sergey Brin, Google’s co-founder, who has been driving these imaginative leaps – suggest you can whirl your child around by their arms, say: “OK, Glass, take video!” and capture the moment. (To activate Glass you need to tilt your head, or touch the side, and then say, “OK Glass, record a video” or “OK Glass take a picture”.) The only other way to get that point of view is to strap a camera to your head. Brin has already appeared on stage at a TED conference wearing his Glass glasses (will we call them Glasses?) and looking vaguely like a space pirate. He has described ordinary smartphones as “emasculating” (invoking quite a lot of puzzlement and dictionary-checking: yup, it still means what you thought). And yet people are already beginning to fret about the social implications of Glass (as it’s quickly becoming known). The first, and most obvious, is the question of privacy. The second is: how will we behave in groups when the distraction of the internet is only an eye movement away?

David Yee, the chief technology officer at a company called Editorially, tweeted on this point the other day: “There’s a young man wearing Google Glasses at this restaurant, which, until just now, used to be my favourite spot.”

Yee’s worry was that the young person might be filming everything and uploading it to Google’s servers (and a Google+ page). Which just feels creepy. It’s not a trivial concern. Joshua Topolsky, an American technology journalist who is one of the few to have tried out Google Glass – at Google’s invitation – discovered this directly. He wore them to Starbucks, accompanied by a film crew. The film crew were asked to stop filming. “But I kept the Glass’s video recorder going, all the way through.”

Still, you might think, where’s the harm? The thing is, though: this is Google, not Fred’s Amazing Spectacles Company. This is the company that has repeatedly breached the boundaries of what we think is “private”. From Google Buzz (where it created a “social network” from peoples’ email lists, forgetting that sometimes deadly enemies have mutual friends; it was bound over for 20 years by the US’s Federal Trade Commission) and the rows over Street View pictures, to the intentional snaffling of wi-fi data while collecting those pictures (a $25,000 fine from the US Federal Communications Commission for obstructing its investigation there).

And that’s before you get to criticism in Europe over its attitude to data protection (information commissioners grumbled last October that its unification of its separate privacy policies meant “uncontrolled” use of personal data without an individual’s clear consent.

For Google, “privacy” means “what you’ve agreed to”, and that is slightly different from the privacy we’ve become used to over time. So how comfortable – or uneasy – should we feel about the possibility that what we’re doing in a public or semi-public place (or even somewhere private) might get slurped up and assimilated by Google? You can guess what would happen the first time you put on Glass: there would be a huge scroll of legal boilerplate with “Agree” at the end. And, impatient and uncaring as ever, you would click on it with little regard for what you were getting yourself, and others, in to. Can a child properly consent to filming or being filmed? Is an adult, who happens to be visible in a camera’s peripheral vision in a bar, consenting? And who owns – and what happens to – that data?

Oliver Stokes, principal design innovator at PDD, which helps clients such as LG, Vodafone and Fujitsu design products, says Yee’s restaurant scenario is “concerning”. “The idea that you could inadvertently become part of somebody else’s data collection – that could be quite alarming. And Google has become the company which knows where you are and what you’re looking for. Now it’s going to be able to compute what it is you’re looking at.”

That, he points out, could be hugely useful. “Supermarkets and packaging companies spend lots of money trying to work out which packages you look at first on a shelf. Potentially, through Google Glass, they would be capturing that data as standard. That would be quite powerful – to be able to say why people buy things.”

Of course, the benefits wouldn’t accrue to the wearer. Google would sell the data (suitably anonymised, of course). And your smartphone already provides a huge amount of detail about you. Song Chaoming, a researcher at Northeastern University in Boston, has been analysing mobile phone records (including which base stations the phone connects to) and has developed an algorithm that can predict – with, he says, 93% accuracy – where its owner is at any time of the day (by triangulating from the strengths of the base station signals; that’s part of how your smartphone is able to show where you are on an onscreen map). He analysed the records of 50,000 people; the accuracy was never below 80%.

via Google Glass: is it a threat to our privacy? | Technology | The Guardian.