enforcement

Anonymous exposes cybercrime investigator’s Gmail, voicemail

November 22, 2011 By Global EDD Group Leave a Comment

On Friday, a group of hackers operating under the banner of Anonymous’ Operation AntiSec published the private e-mails of a California Department of Justice investigator. The hackers posted the entirety of the 38,000 e-mails in a Gmail account that appears to belong to Alfredo “Fred” Baclagan, a California Department of Justice special agent supervisor in charge of computer crime investigations, to a hidden site on Tor, as well as to a torrent listed on The Pirate Bay. They also posted what they claim is Baclagan’s personal address and phone number.

The effort is part of an ongoing attack on law enforcement as part of a response to law enforcement’s activities surrounding the Occupy Wall Street protests. Operation AntiSec began as a “joint” effort between Anonymous and LulzSec in June as a protest against government monitoring and censorship of the Internet. The targeting of the FBI and other law enforcement increased after the July arrest of alleged LulzSec members for denial of service attacks on Visa over cutting off payment processing for Wikileaks.

Update: In a Twitter message to Ars Technica, Anonymous member @AnonyOps said that the attacks on law enforcement members “also has to do w/ FBI’s targeting of anons, re: imprisoned during opPayback and others.” Operation Payback included the distributed denial of service attack on Visa, Mastercard and PayPal after the companies bowed to political pressure and cut off contribution processing to Wikileaks.

The e-mails included a substantial number of posts from the archives of the International Association of Computer Investigative Specialists’ private discussion list, where investigators discussed computer forensic methods. A series of e-mails posted by Anonymous include the reaction of IACIS members to a teaser post of threads from the list to the Twitter account of Sabu, a well-known Anonymous hacker, and an e-mail from Baclagan’s hacked Google account rickrolling the list. The IACIS site is currently down for maintenance, apparently as a result of the disclosures.

via Anonymous exposes cybercrime investigator’s Gmail, voicemail.

Filed Under: Tech Bytes Tagged With: enforcement, gmail, law, law enforcement, Operation

SEC Breaks Enforcement Record, Begins Tracking FCPA Separately – Corruption Currents – WSJ

November 10, 2011 By Global EDD Group Leave a Comment

The U.S. Securities and Exchange Commission filed a record of 735 enforcement actions in the last fiscal year, and broke out violations of foreign bribery law for the first time.The record number of enforcement actions, however, netted a slight decrease in disgorgement and penalties paid in the past fiscal year over the year before. In fiscal year 2011, which ended Sept. 30, the SEC collected $2.81 billion in disgorgement and penalties, down from $2.85 billion in fiscal 2010.Notably, the SEC broke out enforcement statistics for the first time for violations of the Foreign Corrupt Practices Act, which bars bribing foreign officials for business purposes. The SEC recorded 20 enforcement actions in fiscal year 2011.

via SEC Breaks Enforcement Record, Begins Tracking FCPA Separately – Corruption Currents – WSJ.

Filed Under: From The News Tagged With: Breaks, bribery law, corrupt practices act, corruption, disgorgement, enforcement, SEC, securities and exchange commission

Global Data Privacy in a Networked World (Graham Greenleaf) | SSRN

November 8, 2011 By Global EDD Group Leave a Comment

Abstract:

This article analyses the global growth of data privacy (‘data protection’) laws over 40 years from a number of perspectives. After outlining the extent of global expansion, the influence of international agreements concerning privacy is identified as one reason for their relative consistency and stability. The nature of United States exceptionalism is discussed briefly, as is the failing APEC alternative. The fundamental elements of data privacy principles, and data privacy enforcement, as seen through these agreements and national legislation, is summarized. The points on which the European Union is proposing to strengthen both principles and enforcement are noted. The extent to which these principles and enforcement mechanisms can cope with the new challenges of a networked world are illustrated through two examples: social networking systems (SNS) and cloud computing.

Bennett and Raab (2006), in the most systematic global review of data privacy regulation, presented their ‘main research question’ as whether there was a ‘race to the bottom’, a ‘race to the top’, or something else, in the global development of data privacy protection. They correctly caution that the existence and formal strength of a data privacy law is only one factor by which we should measure data privacy protection in a country, and two other key dimensions are the effectiveness of enforcement and the extent of surveillance (discussed below). Therefore, globally, there is more than one race to the top or bottom. They concluded that the most plausible future scenario (the Bennett-Raab thesis) was ‘an incoherent and fragmented patchwork’, ‘a more chaotic future of periodic and unpredictable victories for the privacy value’. So Bennett and Raab found some ‘upward’ global trajectory influenced significantly by the EU Directive, but sufficiently weak in the mid-2000s that the countervailing weakness of the APEC approach was enough to make the future quite unpredictable.

Half a decade later, it can be argued that there is now a clearer ‘upward’ global trajectory than Bennett and Raab found, provided we keep clear that we are only talking about the existence and formal strength of data privacy laws, not the other factors. The article shows that by mid-2011 there are 27 data privacy laws outside Europe (as many as there are EU member states), and a handful of further Bills expected to be enacted soon. Of course, the number of data privacy laws can only be part of the measure, but in Africa, Latin America and even in Asia the European Directive has become the single most significant influence on the content of those laws, and leads to them embodying a relatively high standard of data protection principles. The lower standards of the APEC Privacy Framework have not served to ‘slow or even reverse’ this trend as Bennett and Raab and others (myself included) feared. A handful of new data privacy laws across the globe each year, with EU-influenced privacy principles, and revisions of some existing weaker laws to strengthen them, does not constitute a ‘race’ in most uses of the term, but nor does it any longer look like such a ‘halting and meandering walk’ as Bennett and Raab found. It may not be a race, but data privacy laws do have a global trajectory, namely expansion at an increasing rate with principles more commonly influenced by the EU Directive than any other source.

But as Bennett and Raab conclude, there is not one race to the top or bottom that we must consider. It is better to say that the various dimensions on which we must measure the health of privacy as a value, including data privacy principles, their enforcement, and surveillance practices. These dimensions, as they say, differ from place to place and time to time, and are not readily ‘balanced’ into one overall measure. Nevertheless, considered solely on the dimension of the global spread of EU-like data privacy laws, the Bennett-Raab thesis no longer appears correct. On the other dimensions of effective enforcement and limiting surveillance, there are no obvious global trajectories which could give rise to similar optimism.

download @ Global Data Privacy in a Networked World by Graham Greenleaf :: SSRN.

Filed Under: From The News Tagged With: APEC, enforcement, Graham Greenleaf, privacy enforcement, protection, race

A new landscape for competition enforcement: new challenges via e-discovery? | Gregory P. Bufithis, Esq. – JDSupra

October 31, 2011 By Global EDD Group Leave a Comment

Almost a month before the adoption of a package of measures improving the system of competition enforcement in Europe, we attended the 15th Annual Competition Conference presented by the International Bar Association Antitrust Committee … and what better place than in Florence, Italy.

The IBA conference is one of those rare settings where you can discuss current developments in merger law and enforcement, the next steps in antitrust litigation, and the challenges posed by the growing internationalisation of cartel investigations.

And the speakers and attendees are the major players in the field. Joaquin Almunia, EU Commission Competition Commissioner, gave the keynote speach with subsequent presenters including U.S. Federal Trade Commissioner Edith Ramirez, Andreas Mundt who is President of the Bundeskartellamt in Bonn, and Sharis Pozen, Acting Assistant Attorney General, U.S. Department of Justice Antitrust Division.

Please see full article below for more information.

via A new landscape for competition enforcement: new challenges via e-discovery? | Gregory P. Bufithis, Esq. – JDSupra.

Filed Under: From The News Tagged With: adoption, assistant attorney general, Association, Committee, department of justice antitrust division, enforcement, JDSupra, joaquin almunia, justice antitrust division

U.S. Requests for Google User Data Spike 29 Percent in Six Months | Threat Level | Wired.com

October 25, 2011 By Global EDD Group Leave a Comment

The number of U.S. government requests for data on Google users for use in criminal investigations rose 29 percent in the last six months, according to data released by the search giant Monday.

U.S. government agencies sent Google 5,950 criminal investigation requests for data on Google users and services from Jan. 1 to June 30, 2011, an average of 31 a day. That’s compared to 4,601 requests from July 1 to Dec. 31, 2010, the company reported Tuesday in an update to its unique transparency tool.

Google says it complied in whole or part with 93% of such requests, which can include court orders, grand jury subpoenas and other legal instruments.

For the first time, Google’s transparency report includes the number of users and accounts affected by such requests — in this case, 11,057.

The search and software giant also received 92 requests to remove data from its services, including YouTube. The requests collectively asked for 757 individual pieces of content be removed. Google says it complied fully or partially with 63 percent of the requests. The company noted it received a request from law enforcement to take down a video showing police brutality and another for videos allegedly defaming law enforcement officials. Google did not comply with either.

via U.S. Requests for Google User Data Spike 29 Percent in Six Months | Threat Level | Wired.com.

Filed Under: From The News Tagged With: enforcement, google users, grand jury subpoenas, law, law enforcement officials, number, threat, user

U.S. Attorney Durkan: Protecting Yourself and Your Business against Cybercrime « USDOJ: Justice Blog

October 19, 2011 By Global EDD Group Leave a Comment

Critical to cracking this sophisticated scheme, which is alleged to have victimized more than 50 area businesses, was the fact that companies came forward to report the crimes. Because of that reporting, members of the U.S. Secret Service Electronic Crimes Task Force were able to connect the dots on what looked like unrelated incidents. As part of the public education around protecting business and personal networks , the U.S. Attorney and law enforcement provided tips to protect against being a victim:

Businesses should review their wireless encryption and confirm that they are using the appropriate level of encryption (WPA2 Personal or WPA Enterprise).
Businesses should keep a record of all laptop computers and ensure that any computers with remote access are encrypted. Any missing laptop computers should have passwords and credentials replaced immediately.
Businesses should be aware of hacking that can occur from physical access to the server room as well as from external hacking.
Employees should never click past security certificate warning screens and should notify their IT staff immediately.
Managers should be aware of “watercooler” talk among employees that may indicate a breach has occurred. This includes numerous employees complaining of fraud on personal accounts.
Businesses should ensure that they have a security response plan prepared in the event that some kind of incident does occur.
If you notice suspicious activity, contact your local law enforcement. You can make a referral to the U.S. Secret Service Electronic Crimes Task Force or other law enforcement agencies through the Justice Department’s portal: www.cybercrime.gov/reporting.htm.

via U.S. Attorney Durkan: Protecting Yourself and Your Business against Cybercrime « USDOJ: Justice Blog.

Filed Under: From The News, Tech Bytes Tagged With: Electronic, enforcement, enterprise businesses, law, law enforcement agencies, Protecting, service

Bribery law breaches can cost U.S. firms dearly | Business Insurance

October 18, 2011 By Global EDD Group Leave a Comment

As global expansion among mid-market companies and the federal government’s enforcement of the Foreign Corrupt Practices Act trend upwards, experts say now is the time for executives and their employees to educate themselves on the law’s finer points.

Helping executives at midsize firms address people risks, such as benefits, workers comp and professional liability; property and liability risks, including insurance and loss control; and operational growth risks such as M&A and product development.

Enacted in 1977 to combat bribery among U.S. companies doing business overseas, the law essentially prohibits firms and their representatives from paying any operative of a foreign government in exchange for contracts, unfair business advantages or other considerations.

The U.S. Department of Justice’s enforcement of the law has increased 300% in the past 10 years, rising to 24 such enforcement actions in 2010. The U.S. Chamber of Commerce has made it a high priority to try to win changes in the law. Other business groups also have criticized on the law saying it puts U.S. companies at a competitive disadvantage in markets where bribery or other conduct prohibited by the law is customary.

While publicly traded companies are held to a stricter standard—including bookkeeping and internal control documentation—experts said smaller and midsize private companies and nonprofits should expect just as much scrutiny from federal regulators as their larger counterparts.

Criminal penalties for violation of the FCPA can carry fines of up to $2 million for companies and $100,000 for individuals—not to mention jail time—or, under the Alternative Fines Act, up to twice the cash value of the benefit sought in making the bribe or other corrupt payment. The government also can impose civil fines of up $10,000 per employee convicted of violating the anti-bribery law.

via Bribery law breaches can cost U.S. firms dearly | Business Insurance.

Filed Under: From The News Tagged With: bribery law, control, enforcement, expansion, FCPA, law, trend

Assistant Attorney General Lanny Breuer Speaks on the Importance of IP Crime Enforcement « USDOJ: Justice Blog

September 28, 2011 By Global EDD Group Leave a Comment

Earlier this month, Assistant Attorney General Lanny A. Breuer of the Criminal Division represented the U.S Department of Justice as a keynote speaker at the 5th International Law Enforcement Intellectual Property (IP) Crime Conference in Madrid, hosted by INTERPOL, EUROPOL, and the Cuerpo Nacional de Policia. Breuer joined China, Ghana, Nigeria, Canada, Chile, Sweden and other countries to discuss solution-driven proposals to IP crime enforcement at the conference, which brought together more than 400 law enforcement and customs personnel from more than 50 countries.

Criminals manufacture and distribute counterfeit and pirated goods across the globe. While advances in technology bring our world closer together, those same advances allow those who would commit intellectual property crimes to operate globally without ever needing to leave their homes.

Assistant Attorney General Breuer spoke about the importance of devoting time and effort toward IP crime and raising global awareness about its harmful consequences:

“Counterfeit pharmaceuticals, counterfeit automotive and defense-industry parts, and other counterfeit consumer products can cause serious harm to people and endanger their lives; and . . . companies whose trade secrets are stolen or whose goods are counterfeited may be forced to downsize or go out of business, costing individuals their jobs. Nevertheless, the public perception at times persists that IP crime is victimless. It is therefore one of our important duties here this week to spread the message about the significant, and very real, costs of IP crime.”

via Assistant Attorney General Lanny Breuer Speaks on the Importance of IP Crime Enforcement « USDOJ: Justice Blog.

Filed Under: From The News, Tech Bytes Tagged With: Assistant, assistant attorney general, counterfeit, enforcement, lanny breuer, property, property crimes, speaker

Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly

September 22, 2011 By Global EDD Group Leave a Comment

The time has come to empower frontline law enforcement officers to make better decisions when seizing digital evidence, says forensic analyst Andrew Sheldon.

The number of computer forensic specialists is growing, but there will never be enough to cope with the demand, he told the SANS European Digital Forensics and Incident Response Summit in London.

The proliferation of digital devices, combined with growing storage capacities on those devices, is increasing the number of potential crime scenes at an exponential rate each year, he said.

The backlog of cases requiring forensic analysis is currently around 46 weeks.

The problem, said Sheldon, is that there are many more people seizing evidence and referring it for forensic investigation than there are people to do the analysis.

This is exacerbated by the fact that there is a high proportion of unnecessary examinations because frontline officers do not have the skills or knowledge to be more selective.

One way of improving the situation, he said, is to give frontline officers the tools and support they need to make better decisions about forensic evidence.

The way law enforcement deals with forensic evidence needs to go down the same road as dealing with drink-driving by introducing the equivalent of the breathalyser.

via Law enforcement needs to get smart about collecting digital evidence, says forensic analyst – 9/21/2011 – Computer Weekly.

Filed Under: Tech Bytes Tagged With: analyst, andrew sheldon, breathalyser, digital evidence, enforcement, evidence, forensic specialists, frontline, SANS, storage capacities