ACC Focus on the New Jersey Chapter - May 9, 2011 (Print All Articles)

President's Message

Spring is here. 

We have two big events coming for our members and sponsors. The first is the Spring Dinner on May 12. We are having this popular annual event at a brand new place called The Grove in Cedar Grove. Why not be one of the first to see this great new venue. 

The second event is our annual Golf Outing on June 21st at the Knoll West course in Parsippany.  Come on out for a great day.

We look forward to seeing you at one or both events.

Happy Spring,
Evan 

A Little Bird Says That the FTC Finalized the Twitter Privacy-Breach Settlement, Google Got “Buzzed,” Ashton Kutcher Got Twitter-Punk’d & Your E-Mail Address May Have Been Stolen

Robert J. McGuire
Some Reminders That Your “Private” Web Activity May Not Be Private After All

In March 2011, the five Commissioners of the Federal Trade Commission (FTC) unanimously voted to finalize a settlement with the social networking site, Twitter, regarding the FTC’s charge that defects in Twitter’s security measures had permitted hackers to gain administrative control over the site on two occasions in 2009.  The hackers were able to access non-public user information and tweets that consumers had designated as private.  The hackers also had the ability to send out phony tweets from any account. 

To gain access on the first occasion, the hackers used a “brute force hacking tool,” which tries various combinations of words or numbers from a preset “library” of terms and phrases until a valid password is entered.  To gain access the second time, the hackers apparently used a much more basic and disquieting method – they simply guessed correctly an administrator’s password.  The accounts to which the hackers had theoretical access ranged from then-President-elect Barack Obama to Kim Kardashian. (Ms. Kardashian recently claimed that her Twitter account had actually been hacked in February 2011, blocking her from logging into her Twitter account from her home computer.)  The FTC’s draft complaint against Twitter stated that a phony tweet had been sent from President-Elect Obama’s account, offering his followers a chance to win $500 in free gasoline.  The Complaint also claimed that at least one false tweet was sent from the account of Fox News.

The Federal Trade Commission Act (FTC Act), 15 U.S.C. § 41 et seq., empowers the FTC to take certain actions to promote consumer protection and to curb harmful anti-competitive business practices. The claims against Twitter were based on the FTC’s power under Section 5 of the FTC Act, 15 U.S.C. § 45, which states that “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful” and permits the FTC to investigate and prevent such practices. If the FTC investigates a business and concludes that unlawful conduct has occurred, the FTC may: (1) seek the business’s voluntarily compliance, (2) file an administrative complaint; or (3) initiate litigation in the federal courts.  Section 5 also permits the FTC to impose civil penalties for knowing violations of FTC rules or for violation of a consent order between a business and the FTC.  See 15 U.S.C. § 45(l) and (m).  Under recent changes to the applicable regulations, the FTC may impose civil penalties up to $16,000 for each knowing violations of Section 5 or each failure to comply with a final consent order regarding alleged violations of that section.  See 16 CFR § 1.98   

In this case, the FTC charged that Twitter “deceived consumers and put their privacy at risk by failing to safeguard their personal information” in violation of Section 5(a) of the FTC Act.  The FTC had reached a preliminary settlement with Twitter in June 2010. This final settlement is a “consent agreement,” meaning that, in entering the settlement, Twitter did not admit that it had violated any laws. Under the settlement, Twitter will be barred for twenty years from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.” Twitter also must establish and maintain a comprehensive information security program “reasonably designed to protect the security, privacy, confidentiality, and integrity of nonpublic information.”  Twitter must also ensure that any service providers it employs maintain appropriate data security safeguards.  Further, it must designate one of more employees to coordinate and be accountable for the company’s information security program. Twitter’s security measures will be assessed by an independent auditor every other year for 10 years. The FTC may fine Twitter up to $16,000 for every violation of the consent agreement.  (The FTC’s final decision and order)  

The settlement was finalized shortly after another high-profile incident of alleged Twitter account hacking on March 3, 2011 – this one featuring Ashton Kutcher, one of the first celebrities to exploit Twitter as a promotional tool (he has over six million Twitter followers) and himself known for his celebrity-prank television show Punk’d.  On that date, the following tweet was posted from Kutcher’s feed: “Ashton, you’ve been Punk’d.  This account is not secure.  Dude, where’s my SSL?”  (“SSL” is short for “Secure Sockets Layer,” a security technology that establishes an encrypted link between a web server and a browser and that ensures the privacy of data passed between a web server and browsers.)  
 

At the end of March, the FTC also reached a landmark settlement with Google with respect to Google’s social networking site, Google Buzz, after the FTC accused Google of engaging in “deceptive tactics” and breach of user privacy because the site made available information regarding users’ most frequently-used contacts.  The FTC did not impose a fine, but Google agreed to institute a “comprehensive privacy program;” to undergo regular, independent privacy audits once every two years for the next 20 years; and to secure users’ "affirmative consent" before making any future changes in Google’s practices regarding the sharing of users’ personal data with third parties.

Another massive security breach was revealed on April Fools Day, when Epsilon, an e-mail marketing firm that serves numerous high-profile companies (including Target, Best Buy, TiVo, the Home Shopping Network, Hilton Hotels, Marriott for its “Marriott Rewards” program, and Walgreens), revealed that the names and e-mail addresses of many of customers of the companies who used Epsilon’s had been hacked. The Epsilon incident should be of particular concern to anyone who conducts online commerce with one of Epsilon’s clients and uses a “weak” password (those of you who use “password” or “12345678” as your password, this means you).  In light of this data breach, consumers should be especially vigilant and skeptical of any communication that requests that the user provide personal financial or identifying information, even if that communication seemingly comes from a legitimate business. 

The lesson to be taken from these recent news items is one that has often been repeated of late – consider carefully what you transmit electronically, where you do it, and how you do it.     

Rob McGuire is Counsel to the firm of Sterns & Weinroth in Trenton, New Jersey. His practice includes commercial and products liability litigation, professional liability defense, insurance coverage, and data security and privacy issues.  

New York Enacts In-House Counsel Registration Rule

Lee Braem

New York finally recognizes in-house counsel.

Joining New Jersey, Pennsylvania, and most States, New York has finally enacted special in-house licensing rules.  Under the rules, a counsel working for a corporation or other business in the State, who does not have a plenary law license from New York, will need to register to avoid engaging in the unauthorized practice of law.  The new Rules, codified as 22 NYCRR Part 522, took effect on April 20th.  

As with most other in-house licensing schemes, the in-house counsel applicant must be admitted in at least one other state, be in good standing, and submit all required proof of eligibility.  A registered in-house counsel would still need to be admitted pro hac for appearances before any tribunal, must pay the biennial registration fee of $375, and must meet the State's legal CLE requirements.  

Uncovered: HP’s In-house Counsel Training Program

Susan Hackett
An in-depth look into Hewlett-Packard’s post-law school training program.

The Association of Corporate Counsel "ACC" has launched a four-part monthly blog series on training legal talent titled, “Uncovered: HP’s In-house Counsel Training Program.” This is the third blog series hosted on ACC’s Blog, In-house ACCess (www.inhouseaccess.com), as part of the ACC Value Challenge initiative to reconnect the cost of legal services with value.

“Uncovered,” provides an in-depth look into Hewlett-Packard’s post-law school training program, including information on how HP integrates their new hires into the legal team as well as including perspectives from those counsel who participated in the program. 

You can read the first installment of this four-part series online. 

This series will address the following topics:

• Blog Post I                          Recruiting & Training Our New Hires                       Thurs, May 5
• Blog Post II                         Integration into the HP Legal Team                        Thurs, June 2 
• Blog Post III                        New Hire Views                                                        Thurs, July 7
• Blog Post IV                        New Hire Views                                                        Thurs, August 4 

We hope you'll check it out and we encourage you to join in the discussion. Comments and observations are welcome! Enjoy and thank you all.

Our New Members

NJCCA has passed the symbolic 1,200th member, here are some of our most recent new members. 

Members Notes

Short notes of interest to and about our members
Brief notes for and about members

 

Member Notes is our monthly vehicle for members to share professional and personal information with other members of the NJCCA.  If you have a new position, a new title, or have recieved a professional (or other) award, published a book or article, or have any other similar information you would like to share with the membership, please send a note directly to Giuliano Chicco, NJCCA Newletter Editor, at GChicco1@verizon.net.

 

Tuesday, May 10, 2011
Woodbridge Hilton, Iselin, NJ
8 a.m. to 11 a.m.
Continental Breakfast: 8 a.m.
Program: 8:30 a.m. to 10:30 a.m.

A free program, offered by Greenbaum, Rowe, Smith & Davis LLP, three experienced trial attorneys will discuss innovative methods and critical junctures to help you achieve better litigation results while containing costs. Among the topics they will address are:

• Accurately defining litigation goals and setting effective strategy
• How to establish communication and reporting procedures to accomplish your strategy
• Re-evaluation of litigation goals and strategies at critical junctures
• Innovative methods to staff litigation for cost minimization
• How to position the case so that settlement becomes a possibility
• Alternative Fee Arrangements: What works and why

Complimentary Registration

Upcoming NJCCA Events

Register today for these relevant and insightful events.