The Legal Implications of BYOD: In Government Agencies

*Image extracted from Google

The Legal Implications of BYOD

 *Article extracted from Solutions for State and Local Government 

Experts discuss the legal pitfalls of public-sector agencies allowing employees to use personal computing devices for work. 

BY BRIAN HEATON / OCTOBER 7, 2013

Let’s face it — public-sector employees are likely using their personal mobile devices for government business, even if they're not supposed to. So what should be your first move when considering a formal BYOD program? Call a lawyer.

While it’s easy to allow devices onto a public-sector agency’s network, handling the fallout from lost or stolen smartphones could be a bigger headache than you think. Sure, you may be able to remotely wipe data, but there are privacy issues that may challenge even the clearest BYOD policy.

RELATED

·         Industry Perspective: State and Local Government Can Lead the Mobility Movement

·         Usage Policies Key to Successful Mobile Device Adoption

According to experts, there’s little case law established in the courts regarding BYOD, particularly in the public sector. So while you can draft a policy that permits an agency to access, track and wipe a device, a BYOD program can still expose a government to legal action in an extreme situation.

Attorney Alix Rubin, principal of Alix Rubin Law in New Jersey, said the main difference between the public and private sector is that employees in the private sector have a right to free speech. And while that doesn’t give public-sector workers the right to disclose confidential government information, an agency has to be extremely careful to segregate private and public information on a device.

Although it can be difficult to do, Rubin advised that public-sector employers deploy whatever technology is available to separate information and monitor only government data. Applications exist to partition storage in mobile devices for email, but they aren’t a perfect solution, as items like photos and text messages can be co-mingled.

Tony Busseri, CEO of Route1 Inc., a digital security and identity management provider, said there’s no technology out there today that can guarantee that every bit of governmental data on a device can be stored in one area. That could spell trouble if a device is wiped and personal data gets erased.

“We know whether it be privacy laws or other laws and regulations that surround this subject, it’s a touchy matter,” Busseri said. “I’m not going to go into First Amendment law or things like that, but when government walks into our personal territory, there can be a very dramatic response to it.”

Portage County, Ohio, is considering a BYOD policy for county employees. Like many public-sector agencies around the country, Portage County is looking at how to support BYOD without clear guidance on how to proceed.

Portage County CIO Brian Kelley felt one of two of the biggest issues concerning BYOD policies are public records requests and e-discovery. Kelley explained that even though a device is personal, if it’s being used for government work, it’s subject to e-discovery, which could potentially expose personal data.

Lee Neubecker, president of Forensicon, a computer forensics firm based in Chicago, agreed. He said that if for some reason discovery in a legal process required searching personal devices used for work, keyword searches might turn up unrelated content that is highly personal in nature, bringing privacy rights into question.

Although it varies whether or not data such as text messages are admissible in a court of law, Neubecker added that parties to litigation are typically allowed to look and see what facts are on various documents and electronic devices.

For example, if a person accidentally sends an email from his Gmail account instead of his government email application and it’s on a personal device he is using for work, that email constitutes a government communication. The same could theoretically apply to photos, call logs and other data generated or received by an employee.

If an employee felt that material exposed on his device was personal, he could sue the agency. The uncertainty surrounding a public agency’s liability by having a BYOD program can be frustrating to technologists who want to keep up with the times and keep employees happy.

“As CIOs in government and IT leaders, we’re faced with either quickly permitting BYOD to happen within our organizations, or we’re obstructionists to it happening,” said Kelley.

Kelley also pointed out that device support is still a gray area for BYOD. If an employee’s device gets infected with malware or is lost, and the employee can’t do his or her job because of it, whose responsibility is it to clean or replace the device? Even if the responsibilities are clearly denoted in a BYOD policy, there could be legal challenges given the lack of case law on the topic.

PROTECT YOURSELF

So what’s the solution? Unfortunately there’s no be-all, end-all fix to the legal risks associated with BYOD programs.

Busseri recommended government employers look into technology that allows employees to use their own mobile devices to review information, but not allow storage of that government data on the device. If a program is instituted that way, you get away from the legal issues in favor of data security.

“From my perspective, you use a technology that never brings that data onto the device,” Busseri said. “It doesn’t mean you can’t use the device to look at it and manipulate it, but there’s no technical reason that if I want to use a mobile device, the data has to come to it.”

But a carefully worded policy document may help reduce the likelihood of a lawsuit if a disgruntled employee isn’t happy with the way government data is being handled on his or her device. Case law on BYOD issues may be scarce, but policies should be drafted based on what exists on similar issues, such as electronic communication, invasion of privacy and First Amendment law.

Rubin said if segregating data on a device is cost-prohibitive, then agencies should craft a search-access agreement in its BYOD policy that clearly states that the government entity will not intentionally look at personal data. The policy should also include a financial disclaimer that the public-sector entity isn’t purchasing any device or upgrading it, or paying for service, unless they’ve agreed to do that.

She added that agency BYOD policies should require employees to password protect their personal devices that are used for government business and give those passwords to the employer. Although the latter might not be popular with people, Rubin felt it was an important step for governments to protect critical information contained on devices.

“Even a good policy doesn’t prevent you from getting sued, but at least it gives you a good defense,” Rubin said.

 *Finally a chance to po

Google Buys Boston Dynamics - Maker of Big Dog, Cheetah, PETMAN, WildCat, Atlas - a humanoid robot

*Images extracted from Google

Google buys Boston Dynamics, maker of spectacular and terrifying robots

By Josh Lowensohn on December 14, 2013 01:27 am Email @Josh

*Article extracted from THE VERGE

Google has acquired robotics engineering company Boston Dynamics, best known for its line of quadrupeds with funny gaits and often mind-blowing capabilities. Products that the firm has demonstrated in recent years include BigDog, a motorized robot that can handle ice and snow, the 29 mile-per-hour Cheetah, and an eerily convincing humanoid known as PETMAN. News of the deal was reported on Friday by The New York Times, which says that the Massachusetts-based company's role in future Google projects is currently unclear.

MAKERS OF THE BIGDOG ROBOT

Specific details about the price and terms of the deal are currently unknown, though Google told the NYT that existing contracts — including a $10.8 million contract inked earlier this year with the US Defense Advanced Research Projects Agency (DARPA) — would be honored. Despite the DARPA deal, Google says it doesn't plan to become a military contractor "on its own," according to the Times.

Boston Dynamics began as a spinoff from the Massachusetts Institute of Technology in 1992, and quickly started working on projects for the military. Besides BigDog, that includes Cheetah, an animal-like robot developed to run at high speeds, which was followed up by a more versatile model called WildCat. It's also worked on Atlas, a humanoid robot designed to work outdoors.

In a tweet, Google's Andy Rubin — who formerly ran Google's Android division — said the "future is looking awesome."

Rubin earlier this month told NYT that his next big project at Google was to pursue a lifelong love of real robots, something that will be separate from the company's secretive Google X lab best known for "moonshot" projects like balloon-powered internet and self-driving cars. In the meantime, Google's quietly picked up seven different robot companies and hired robotics experts, placing teams in Palo Alto and Japan.

Here's a link to the video of Boston Dynamics' Big Dog that can lift and toss...

Wow is all I can say about this news! Amazon will have drones in the air and Google will have Big Dogs anywhere they want to go since that's what a Big Dog does... This news will make me post to the blog for sure! 

Ten Things To Consider When Developing An Enterprise BYOD Security Policy

*Images extracted from Google

Ten Things To Consider When Developing An Enterprise BYOD Security Policy

*Article extracted from Dark Reading

Is there a safe way to let employees access corporate data from their own mobile devices? Here are some things to think about

Debra Donston,Miller, Contributing Writer 
Dark Reading

September 15, 2013

[The following is excerpted from "Ten Things to Consider When Developing BYOD Policy," a new report posted this week on Dark Reading's Mobile Security Tech Center.]

BYOD, or bring-your-own-device, is a trend that is not going away. In InformationWeek's 2013 State of Mobile Security report, based on a survey of 424 business technology professionals, 68% of respondents said their mobility policy allows employees to use personal mobile for work, with 20% saying they are developing such a policy.

In fact, BYOD can hardly be called a trend anymore: The model is here to stay in the enterprise, and it's expanding to include all manner of employee-owned technology (including bring your own apps, bring your own private clouds and bring your own WLANs). Organizations, therefore, must do more than just bless the concept; they must proactively set out guidelines that tell users what they can and cannot do, and that describe the role IT will and will not play in the management, support and security of employee-owned devices.

"In today's always-connected society, organizations can no longer let mobile device adoption in the workplace simply run its course," says Steve Durbin, global VP of the nonprofit Information Security Forum.

"By putting the right usage policies in place, businesses can benefit from the returns that mobile devices can bring to the workplace while limiting exposure to potential security risks," Durbin says. "If executed poorly, a personal device strategy in the workplace could face unintentional leaks due to a loss of boundaries between work and personal data and more business information being held in an unprotected manner on consumer devices."

One of the biggest challenges with BYOD is the ambiguity that often surrounds the concept, especially when it comes to security. For example, when the employee owns the device, who owns the data on the device when it's being used to access corporate networks and data? To what extent can IT dictate the level of security an employee-owned device must have?

These are just a few of the questions organizations are dealing with, which is all the more reason for companies to develop a firm policy, says Forrester analyst Christian Kane, whose research is focused on desktop and mobile strategies, including BYOD.

"The biggest reason [to develop BYOD policy] is that there is so much gray area in this topic," says Kane. "Many companies have built their mobile strategies around the fact that they owned the devices and could dictate what happens on them. So a big part of having a BYOD policy in place really has to do with things that are ambiguous: What can I do and what can't I do? What's the right kind of usage, and how does the company feel about that?"

Research from the SANS Institute indicates a bit of a Catch-22 when it comes to BYOD policy: The complexities of BYOD increase the need for policy, but BYOD complexity makes it challenging to develop policy.

"With such complex issues to address, it's no wonder that 50% of survey respondents either don't have policies to support BYOD devices or they depend on the user to comply with corporate policy for securing these personally owned devices," the March 2012 SANS report "SANS Mobility/BYOD Security Survey" states. "Only 41% feel strongly that they have policies to support BYOD, of which 17% are standalone policies and 24% are integrated as an aspect to their overall security policies.”

To find out more about what enterprises are doing to facilitate BYOD -- and for the full list of 10 points to consider when writing your own policy -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

A Comment from me: 

My world has been spinning so fast that I have had to put Technically Legal on the back burner. I read many a great articles that would be great to post to the blog; however, it hasn't worked out that way. Either I get busy with work, volunteering at Legal Aid or do not have access to the internet because of where I’m located for work/volunteer jobs. When I do remember to post about it is 10 pm at night and I am or should be asleep from a long day and I don’t have the energy to do it. Bear with me as I go through this transition. I am still looking for a position in the legal analyst field and have decided to teach once again to bring in cash flow as I keep interviewing for jobs. It’s definitely rough out there in regards to looking for a job. No matter how drop-dead gorgeous my resume looks, if I am in the top 3 of the list of narrowed down potential candidates, or how smashing I think the interview was, I am up against some of the best. I know to keep knocking on doors, asking for interviews and campaigning for the job I really want which leaves me little time for Technically Legal. 

Will Your Sensitive Data Make Front Page News?

As headlines continue to bring privacy and network security into the boardroom, companies are suffering severe financial, legal, and reputational consequences if their information assets are compromised. When an incident occurs, will the company be ready to respond?

    Does the company have a rapid response plan and has it identified the risks involved? 
    What happens when the regulators get involved? 
Learn from our panel who have worked on over 100+ cases involving data incident response. This CLE presentation will walk you through the complexities involved with a data incident and provide you with five points to take back to your organizations.

This CLE presentation includes Q&A at the end of each session and a networking cocktail. 

• When

• Thursday, November 21, 2013
  3:00 PM - 6:00 PM
  Central Time

• Add to Calendar

• Where

• Hotel Palomar
  5300 E. Mockingbird Ln.
  Dallas, Texas 75206

• Get Driving Directions
• Get Weather

• Planner

• Anna Burciaga
  
  

*I apologize for such incredibly late notice but I only got the email today about the CLE tomorrow! If you find yourself with time to spare tomorrow and end up attending please message me and let me know how it went. Wish I could be there but my schedule won't allow it. 

FYI

Texas Lawyer will be co-hosting an afternoon CLE followed by cocktails entitled Snowmaggedon: Will Your Sensitive Data Make Front Page News?

<http://www.cvent.com/d/d4qk30> on Thursday, November 21 at the Palomar Hotel in Dallas. This CLE program is geared to in-house counsel and will walk you through the complexities involved with data incident while providing you with five points to take back to your organization. This event is 1.50 hours of CLE.

Panel Members:

·         Eric Fisch, information securities officer, Texas Capital Bank

·         Erin Fonté, shareholder, Cox Smith Matthews

·         Bill Hardin, director, Navigant

·         Rachel Simon, assistant vice president, Financial Lines | AIG Property Casualty

Todd Lester, Managing Director, Navigant (Moderator)

There is no cost to attend. To register, simply reply to this e-mail with your contact information.  Feel free to invite your corporate executives in your company.

Hope to see you there!

Dalila Macias
Marketing AssistantTexas Lawyer

1999 Bryan St., Suite 825 | Dallas, TX 75201
T: 214-744-7708 | F: 214-741-2325

JL Turner Reception

 

Pre-law Pipeline Initiative Networking Reception

You are cordially invited to attend our 1^st Annual Pre-law Pipeline Initiative, “Becoming an Attorney” Networking Reception at the Belo Mansion from 4:30 pm to 6:30 pm on November 5, 2013.  

The Mentoring Committee of the J.L. Turner Legal Association is hosting an all day event for students interested in becoming attorneys. Our high school attendees participate on the Mock Trial teams at Skyline and Townview and college attendees are involved in the pre-law societies at Wiley, Jarvis Christian and Paul Quinn. The Morning Session includes but is not limited to Admissions Panels and Test Preparations followed by lunch wherein Senator Royce West and Dean Royal Furgeson of the UNT-Dallas College of Law will address the students. During the Afternoon Session the college students will tour law firms, courts, and the Northwest Legal Aid Society.  The event will conclude with the Networking Reception at the Belo Mansion.

We especially want you to attend the Networking Reception as this is a tremendous opportunity to relate to the college students on an informal basis. Most of these students are the first in their families to either attend college and/or law school. For many this will also be the first time that they will have an opportunity to share with someone who has already accomplished their goals and aspirations.  We therefore strongly encourage both lawyers and law students to support our initiative by attending this Networking Reception. In so doing this event will be a great success.

Please RSVP to Honorable Winifred Cannon at Winifred@wcannonlawoffice.com on or before November 3, 2013.

Thanking you all in advance on the behalf of the JLTLA Mentoring Committee (David Patin, Keron Wright and Winifred Cannon).

 

 

 

Data Locations, Format and Review

*Image Extracted from Google

 

Fed.R.Civ.P. 16, 26, 33, 34. 37, 45 and T.R.C.P 

Say what?

When it comes to accessing the electronic data you need from the opposing party in a civil suit it’s important to know what to do! I have linked the Fed.R.Civ.P. title of this blog to the Standing Order of the Honorable Frank D. Whitney. It is the basis on which Texas has built its guidelines for accessing electronically stored information for civil suits. I have also incorporated more of my notes from the Technology Summit 2013 at the Belo Mansion in Dallas, Texas in hopes it gives you good ideas on "What to Do When" trying to paddle your way through the deep end that is electronic discovery.

 

"Change is the law of life. And those who look only to the past or present are certain to miss the future." John F. Kennedy

 

From my notes at the conference... Good suggestions to consider...

 

Let the custodian of the data tell you where it is located. You want to break up your search for data by custodian and date. Know who the key players were in regards to the information you are requesting and when you believe it happened.

Know if parts of the data you need are located on a home/personal computer. (We will get into work product shortly)

I have a stared point from the conference and it’s a list of things we as data locators need to do:

Be a frenamy!

Be prepared!

Is it in compliance with T.R.C.P. Electronic Discovery or Fed.R.Civ.P. 26?

T.R.C.P.

The conditions imposed by the Court for obtaining access to another party’s hard drive were taken directly from the Federal Rules of Civil Procedure and federal caselaw addressing electronic discovery.

            The Court stated that even if the requesting party makes this showing, courts should not permit the requesting party itself to access the opponent’s hard drive, but rather, should grant access only to a qualified expert. But the Court admonished that, as under the Federal Rules, courts are “generally discouraged” from ordering forensic examinations of another party’s hard drives because such examinations are “particularly invasive.”

            Further incorporating the Federal Rules on this issue, the Court stated that, before serving requests for electronic information, parties and their attorneys should discuss potential issues related to electronic discovery, similar to the conference requirement under Federal Rule of Civil Procedure 26(f)(3).

            The Court also summarized the procedure for obtaining electronic discovery under the Texas Rules of Civil Procedure:

1. The party seeking electronic discovery must make a specific request for that information (e.g., specifically request deleted emails and not just emails or documents);

2. The responding party must then produce any responsive electronic information that is reasonably available in the ordinary course of business;

3. If the responding party cannot retrieve responsive electronic information through reasonable efforts, the responding party must object on those grounds;

4. The parties should make reasonable efforts to resolve the dispute without court intervention;

5. If the parties are unable to resolve the dispute, and court intervention is sought by either party, the responding party must demonstrate that the requested electronic information is not reasonably available because of undue burden or cost;

6. Even if the responding party proves that the electronic information is not reasonably available, the requesting party may still obtain the information by showing that the benefits of production outweigh the burden imposed on the responding party;

7. If the requesting party meets its burden of showing that the benefits outweigh the burden on the responding party, the court may order production, but must protect sensitive information and employ the least intrusive means;

8. The requesting party must pay the reasonable expenses of any extraordinary steps required to retrieve and produce electronic information; and

9. Courts should not grant the requesting party direct access to the responding party’s electronic storage devices and should be extremely cautious to avoid undue intrusion.[1]

When collecting data good things to agree to according to the conference:

            1) Exclusion

            2) Limitations

            3) Format

IM’s and Voicemails are data you will want to avoid collecting

It was stated, at the conference, that a document is copied on average 19 times! With the mounds of data you have to comb through it seems ridiculous so, limit what you need to 1 copy.

We still search for documents with "search terms" but what is changing our old ways fast is Technology Assisted Review (Again, we will touch on this topic down the road) It’s a great idea to ask your vendor how they perform searches in the databases you are asking them to look in.

My notes say that 73% of the money a client spends is in data review so, reign in the review!

I have this stared in my notes as well and it’s a good one.   

            *Never agree to search terms!

The theme throughout my notes has been PLAN! PLAN! PLAN!

I think we will leave it at this and next post will be about Calling the Plays…

 

 

---

[1] http://www.tklaw.com/files/Publication/a638a6d4-98f0-4147-95a7-563304d5f8a5/Presentation/PublicationAttachment/a7568d0c-be32-440f-a2b3-02e409e16dc7/TK%20Client%20Alert%20Texas%20Supreme%20Court%20E-Discovery.pdf

 

Big Data Dos and Don'ts

*Image extracted from Gooogle



Data Diving and the Dos and Don’ts

What is it? There was much discussion on this topic at this year’s Technology Summit 2013 at The Belo Mansion in Dallas held by Texas Lawyers. In a review of my notes from the seminar, I realized it didn’t quite explain what it is so I turned to Google and I came up with an article from my former employers CSC or Computer Sciences Corporation.  It is a few years old which had me a bit concerned but when I read it I knew I had to share it with you. Also… Make sure to check out my Do’s and Don’ts for Big Data at the bottom of the article and the last sentence is the most important one of this whole post… Enjoy and remember…

Thomas Jefferson said “Do you want to know who you are? Don't ask. Act! Action will delineate and define you.”

 

Big Data: DivingInto the Deluge

by Chris Sapardanis

Two years ago there were probably as many definitions of cloud computing floating around as there were reality shows on cable TV. Everyone knew it was the latest evolution of technology, but few had a clear understanding of how it worked or how important it could become for their business. Well, times have changed.

Cloud is maturing rapidly. At the IDC Directions 2011 conference in San Jose, Calif., Senior Vice President and Chief Analyst Frank Gens offered that 80 percent of new enterprise apps developed in 2011 will be distributed via the cloud, and by 2014, 30 percent of enterprise application spending will be on the cloud. But just as the market gets hot on cloud, the IT services industry is already abuzz about the next “big” thing: Big Data.

Today’s burgeoning Big Data movement is fueled by the social media revolution, billions of Internet users, and the increasing connectedness of our digital world. And just as hard to come by as definitions were in the early days of cloud, is nailing down exact figures on the amount of data being generated in the world and where it’s headed.

Gens says there will be 1.8 zettabytes (one zettabyte being one billion terabytes) of data stored in 2011, up 47 percent year-over-year, and that will grow to seven zettabytes in 2014. Another estimate by IDC and EMC predicts that by 2020 the “Digital Universe” will be 44 times bigger than it was in 2009¹.

But beyond the numbers, what exactly is Big Data, where’s it coming from, and why should anyone care? Organizations like CSC’s Leading Edge Forum (LEF) are working to answer these questions.

Exploring an emerging market

Our LEF provides CSC employees and clients with access to a powerful knowledge base and global network of innovative thought leaders. LEF members work to spot key emerging business and technology trends, and identify specific practices for exploiting those trends for business advantage.

“When innovations are emerging in the market, we too need some time to understand what’s being said, and what it means to our business and customers,” says Paul Gustafson, LEF director of Technology Programs. “Two years ago with cloud, everyone was doing it, no one was doing it, and it took us four volumes of research to sufficiently unpack and repack what we believed the cloud world was all about.”

It’s happening again with Big Data, but the term itself isn’t new.

People have been talking about Big Data for a while. Organizations such as NASA, NOAA (the National Oceanic and Atmospheric Administration), financial services companies, and healthcare entities have been grappling with the “data deluge” for years. Many times, they’ve looked to CSC for solutions. For example, one of CSC’s Chairman’s Award projects developed one of the world’s largest healthcare data warehouses that certainly could carry the label of “Big Data.”

However, this new data isn’t referred to as “big” just because of size. “It’s diversity of data; it’s complexity of data; it’s new ways to organize and manage the data; and it’s the new connections inherent in data,” Gustafson explains. “Some of that may be big, but it doesn’t all mean big.”

The emerging market of Big Data is about organizations tuning into new data arrangements that are more connected with their own propositions in an effort to discover new insights. This topic has inspired the LEF’s latest research and a report due later this year called “Data rEvolution.”

The report says no industry is exempt from the challenges or opportunities of the Data rEvolution. Even the U.S. government has called for all its agencies to have a “Big Data” strategy².

The LEF’s research reveals progress across many fields as organizations seek to derive meaning from data. The report says data is increasingly driving our actions, whether for discovering more about the world around us, making financial decisions, or understanding customer behavior for better target marketing.

Dos and Don’ts of Big Data

Do

Do have a knowledge map

Do know the people in charge

Do go to the people who created the data

Do go to the custodians of the data

Do dress the same as the person you are interviewing

Don’t

DON’T go to IT

DON’T SEND AN ATTORNEY! People get nervous when they have to talk to an attorney! *Send your Paralegal… someone like me!