Tag Archive for: legal

Gibson Dunn | Artificial Intelligence and Automated Systems Legal Update (1Q21)

/in


April 23, 2021

Click for PDF

Regulatory and policy developments during the first quarter of 2021 reflect a global tipping point toward serious regulation of artificial intelligence (“AI”) in the U.S. and European Union (“EU”), with far-reaching consequences for technology companies and government agencies.[1]   In late April 2021, the EU released its long-anticipated draft regulation for the use of AI, banning some “unacceptable” uses altogether and mandating strict guardrails such as documentary “proof” of safety and human oversight to ensure AI technology is “trustworthy.”

While these efforts to aggressively police the use of AI will surprise no one who has followed policy developments over the past several years, the EU is no longer alone in pushing for tougher oversight at this juncture.  As the United States’ national AI policy continues to take shape, it has thus far focused on ensuring international competitiveness and bolstering national security capabilities.  However, as the states move ahead with regulations seeking accountability for unfair or biased algorithms, it also appears that federal regulators—spearheaded by the Federal Trade Commission (“FTC”)—are positioning themselves as enforcers in the field of algorithmic fairness and bias.

Our 1Q21 Artificial Intelligence and Automated Systems Legal Update focuses on these critical regulatory efforts, and also examines other key developments within the U.S. and Europe that may be of interest to domestic and international companies alike.  As a result of several significant developments in April, and to avoid the need for multiple alerts, this 1Q21 update also include a number of matters from April, the beginning of 2Q21.

________________________

A.         U.S. National AI Strategy
B.         National Security & Trade
C.         Algorithmic Accountability & Consumer Safety
D.         FDA’s Action Plan for AI Medical Devices
E.         Intellectual Property Updates
F.         U.S. Regulators Seek Input on Use of AI in Financial Services

A.         EC Publishes Draft Legislation for…

Source…

The Evolution of Ransomwares (Hackers Now Target Internet Connected Chastity Belts, USTD’s Warning Against Ransom Payments and Legal Issues Victims Should Consider)

/in


“Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact”

– James Scott

Ransomware, What Am I?

Ransomwares are malicious software that blocks access of users from their own devices with a view to extort payment from their intended victims. Ransomware made its first debut as early as the 1980s when a number of computers used by participants of the 1989 World Health Organization’s AIDS conference became infected by a lockout virus.

Into 2000s – The Age of Extortion

By the turn of the century, the proliferation of the internet amplified the spread of ransomware. During this era, ransomware took the form of pop-ups with catastrophic error message instructing end users to download certain software (which turns out to be the trojan virus) in order to fix a problem. Users were inadvertently tricked into downloading the real virus when they click the ‘Fix Now’ button that usually accompanies/ed such pop-up messages.

Overtime, as ransomware attacks evolved and became more sophisticated, so did their ability to harm day to day lives of their victims. With more and more parts of our human existence having been digitized since the 1980s, massive ransomware attacks the likes of WannaCry is believed to have caused no less than US$4 Billion worth of economic losses to its victims.

2020: Ransomware Locks Internet Connected Chastity Belts

The lockdown of computers (which may cause inconvenience) is nothing compared to the lockdown/losing control over one’s own body.

Such fears were materialized recently when users of internet-connected chastity belts found themselves in an uncomfortable situation as hackers found a way to exploit the chastity belt’s application programming interface (“API”) and locked out the users from control over their devices. Such attacks are frightening as some users are reported to have been wearing such device at the time of the hack.

Once control over the device by a hacker is established, it was reported that users would receive a ransom message demanding payment of 0.02 Bitcoins (around US$750 at the time), failing which the chastity belt (if being…

Source…

TrickBot returns with campaign against legal and insurance firms

/in


Despite the security industry’s efforts to disrupt the TrickBot botnet, its operators are trying to revive it with new infection campaigns. The latest one, observed by researchers this month, targeted legal and insurance companies.

“In the most recent campaign we observed across our global Menlo Security cloud platform, we noticed the attackers used an interesting lure to get users to click and install the Trickbot malware on the endpoint,” security firm Menlo Security said in a report Friday. “This ongoing campaign that we identified exclusively targeted legal and insurance verticals in North America.”

TrickBot background

TrickBot has been plaguing companies and consumers since 2016, infecting over a million computers. In recent years it has come often into the spotlight because of its association with Ryuk, a highly sophisticated ransomware operation that has hit many organizations around the world.

TrickBot started out as a banking Trojan but evolved into a crimeware platform through which its operators sold access to infected computers to other hacker groups who wanted to distribute their own malware. One of those groups, and probably TrickBot’s biggest customer, is the gang behind Ryuk, which is why Ryuk infections are often preceded by a TrickBot infection.

In October, Microsoft used legal action to seize many of the domain names that were used to operate TrickBot command-and-control servers and then worked with other security vendors and ISPs to take control of them. By early November, no TrickBot command-and-control servers were still active, but researchers warned these attackers were resourceful and might try to rebuild the botnet.

The latest Trickbot campaign

The campaign detected by Menlo involved spam emails with a malicious URL that, if clicked, took users through a series of redirects to a page that posed as an automated notification for negligent driving. The page had a button to download the alleged photographic evidence, but in turn downloaded a zip archive with a malicious JavaScript file inside.

Source…

Legal recourse? Nissan balances competitive and security fallout from source code leak

/in


News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.

Nissan offerings associated with the leaked source code ran the gamut from Nissan North America mobile apps and Nissan’s internal core mobile library to some parts of the Nissan ASIST diagnostic tool and sales and marketing research tools and data. The Git server has since been taken offline, after data began to get shared on Telegram and hacking forums.

Based on discussions with intellectual property lawyers, Nissan may have some recourse in terms of filing injunctions and suing for damages under copyright, trade secrets and patent laws. To do so, the auto maker will have to expend a great deal of resources to track violators down and bring them to court. This assumes that the violators are in the United States and the company could take action under U.S. law.

Thomas Moga, a senior counsel and intellectual property attorney at Dykema, which has many automotive clients, said that according to the U.S. Copyright Office, laws protect original works of authorship “fixed in a tangible medium of expression.” Moga added that under that definition, source code can qualify for protection under the copyright laws.

“So it appears that Nissan owns a copyright in the source code and that it may well be in a position to bring an action against unauthorized users of its source code,” Moga said. “But it’s up to Nissan to pursue those actions; I think we can expect them to be very aggressive, as they should be.”

Jennifer DeTrani, general counsel and executive vice president of Nisos, added that Nissan could potentially file lawsuits as part of a legal strategy to repair the reputational damage from the leak, showing the public they are serious about protecting their vehicles. But legal remedies would not yield much.

“Collecting damages under copyright law assumes that there’s somebody with deep pockets to sue who would pay,” DeTrani said. “Any competent lawyer could get the…

Source…