The Cybersecurity and Infrastructure Agency (CISA) has published an Alert confirming that Cisco has released security updates to its firewall platforms. The releases apply to Cisco’s ArcaneDoor zero-day vulnerabilities applicable to Cisco’s Adaptive Security Appliances devices and its Firepower Threat Defense software. The exploitation of CVE 2024-20353 and CVE-2024-20359 has been confirmed, and the identified vulnerabilities have been added to its Known Exploited Vulnerabilities Catalog. Cisco “strongly encourages users and administrators to apply the updates, hunt for any malicious activity ..read more

Increasingly, companies use AI to evaluate job applications and make interviewing or hiring decisions. However, government contractors who use artificial intelligence to evaluate job applications should ensure that the AI not only complies with anti-discrimination laws but also fulfills their contractual responsibilities. Federal contractors with contracts of $10,000 or more are subject to Executive Order 11246, which prohibits discrimination against job applicants and employees based on race, color, sex, sexual orientation, gender identity, religion, or national origin during the performance ..read more

This week we are pleased to have a guest post by Robinson+Cole Artificial Intelligence Team patent agent Daniel J. Lass and Counsel Kyle G. Hepner The U.S. Patent and Trademark Office (USPTO) issued guidance on the use of AI-based tools to prepare and prosecute patent and trademark applications. This announcement supplements the previous guidance issued in February. The application of existing rules governing the use of AI, including generative AI, before the USPTO entails several considerations and obligations for parties and practitioners. Computer tools, including those employing gener ..read more

Car manufacturer General Motors (GM) is the subject of litigation in Georgia by two New Jersey Chevy Bolt drivers who allege that GM collected data about their driving habits and behavior and disclosed it to third parties, including insurance companies, causing them to pay higher insurance rates and experience difficulty in obtaining reasonable premiums. They allege that they did not agree to the collection and disclosure and that it was a breach of contract and their privacy. The crux of the case alleges that GM collected their driving habits and behavior and then shared it with third parties ..read more

Cyber adversaries in China and Russia continue to be a formidable threat to U.S. based companies. In the past, scams might be detected because a word was misspelled or the context didn’t make sense. Now, with the help of young Western hackers, cyber adversaries in Russia will be able to use insider knowledge of language and behavioral customs to develop and deploy campaigns against U.S. companies. In a 60 Minutes segment aired this week, the federal government and cybersecurity specialists outline how they are seeing a new threat from Scattered Spider, a coalition of foreign and domestic hacke ..read more

DoorDash, Inc. recently settled with the California Attorney General for alleged violations of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). This is only the second public settlement with the California AG’s office for claims related to CCPA violations (the first was with Sephora in 2022). The AG’s complaint stated that DoorDash sold California consumers’ personal information (names, addresses, and transaction histories) as part of its participation in a couple of marketing co-ops that began in 2018. The sale of personal information is n ..read more

The U.S. government recently intervened in a False Claims Act qui tam case against Georgia Tech Research Corporation, Georgia Institute of Technology, and Georgia Tech Research Institute for violations of NIST 800-171 for failing to protect Controlled Unclassified Information (CUI). Long story short, the U.S. intervention means that the government is taking this case seriously, which means that the defendants have to take this case even more seriously. Defense contractors need to be intimately familiar with NIST 800-171, which applies to them through various regulations and through their contr ..read more

On April 15, 2024, the National Security Agency’s Artificial Intelligence Security Center published guidance on “Deploying AI Systems Securely,” together with CISA, the FBI, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the UK’s National Cyber Security Centre (a/k/a the Five Eyes). The Cybersecurity Information Sheet provides guidance for “best practices for deploying and operating externally developed artificial intelligence (AI) systems.” The guidance aims to: “Improve the confidentiality, integrity, and avai ..read more

The latest edition of the AI Index Report from Stanford University’s Human-Centered Artificial Intelligence Center provides a comprehensive look at artificial intelligence (AI) policy, regulation, and diversity trends across the globe. The number of AI-related regulations enacted by U.S. federal agencies like the FDA, EPA, and FCC has skyrocketed from just 1 in 2016 to 25 in 2023. This rapid increase signals how rapidly AI is being applied across different industries and sectors, requiring new governance frameworks. The regulations have focused on areas such as foreign trade/finance, health, c ..read more

Colorado Governor Jared Polis signed H.B. 24-01058 into law on Wednesday, April 17, 2024. The law amends the definition of personal information protected by the state’s privacy law to include protections for data generated by activity in the nervous system. The intent of the law is to require companies that collect, use, and disclose consumers’ neurodata to protect it as sensitive information, along with the other sensitive data elements included in the law. The law exempts neurodata that is collected by companies that must follow other privacy and security laws, including health care provider ..read more