In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency partners issued an Alert to operators of industrial control systems and small-scale operational technology systems in North America and Europe on mitigation techniques for cyber operations to prevent a compromise of industrial control systems, including “Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.” The Alert, entitled “Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity”, outlines the ongoing threat posed by pro-Russia hacktivists conc ..read more

Last month, Nebraska passed the Nebraska Data Privacy Act (NDPA), making it the latest state to enact comprehensive privacy legislation. Nebraska joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, New Hampshire, Kentucky, and Maryland. The law will take effect on January 1, 2025. The NDPA applies to entities that conduct business in Nebraska or produce products or services consumed by Nebraska residents and that process or sell personal data of Nebraska residents. Similar to other state consumer privacy laws ..read more

On May 1, 2024, the Federal Trade Commission (FTC) announced a settlement with InMarket Media (InMarket), a digital marketing and data aggregator, to resolve the FTC’s allegations that InMarket “unlawfully collected and used consumers’ location data for advertising and marketing.” The complaint filed by the FTC against InMarket alleged that InMarket collects and aggregates location information about consumers from different sources, including its apps and other third-party apps, then aggregates the location data with other publicly available data to determine consumers’ behavior for targeted a ..read more

The Cybersecurity and Infrastructure Agency (CISA) has published an Alert confirming that Cisco has released security updates to its firewall platforms. The releases apply to Cisco’s ArcaneDoor zero-day vulnerabilities applicable to Cisco’s Adaptive Security Appliances devices and its Firepower Threat Defense software. The exploitation of CVE 2024-20353 and CVE-2024-20359 has been confirmed, and the identified vulnerabilities have been added to its Known Exploited Vulnerabilities Catalog. Cisco “strongly encourages users and administrators to apply the updates, hunt for any malicious activity ..read more

Increasingly, companies use AI to evaluate job applications and make interviewing or hiring decisions. However, government contractors who use artificial intelligence to evaluate job applications should ensure that the AI not only complies with anti-discrimination laws but also fulfills their contractual responsibilities. Federal contractors with contracts of $10,000 or more are subject to Executive Order 11246, which prohibits discrimination against job applicants and employees based on race, color, sex, sexual orientation, gender identity, religion, or national origin during the performance ..read more

This week we are pleased to have a guest post by Robinson+Cole Artificial Intelligence Team patent agent Daniel J. Lass and Counsel Kyle G. Hepner The U.S. Patent and Trademark Office (USPTO) issued guidance on the use of AI-based tools to prepare and prosecute patent and trademark applications. This announcement supplements the previous guidance issued in February. The application of existing rules governing the use of AI, including generative AI, before the USPTO entails several considerations and obligations for parties and practitioners. Computer tools, including those employing gener ..read more

Car manufacturer General Motors (GM) is the subject of litigation in Georgia by two New Jersey Chevy Bolt drivers who allege that GM collected data about their driving habits and behavior and disclosed it to third parties, including insurance companies, causing them to pay higher insurance rates and experience difficulty in obtaining reasonable premiums. They allege that they did not agree to the collection and disclosure and that it was a breach of contract and their privacy. The crux of the case alleges that GM collected their driving habits and behavior and then shared it with third parties ..read more

Cyber adversaries in China and Russia continue to be a formidable threat to U.S. based companies. In the past, scams might be detected because a word was misspelled or the context didn’t make sense. Now, with the help of young Western hackers, cyber adversaries in Russia will be able to use insider knowledge of language and behavioral customs to develop and deploy campaigns against U.S. companies. In a 60 Minutes segment aired this week, the federal government and cybersecurity specialists outline how they are seeing a new threat from Scattered Spider, a coalition of foreign and domestic hacke ..read more

DoorDash, Inc. recently settled with the California Attorney General for alleged violations of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). This is only the second public settlement with the California AG’s office for claims related to CCPA violations (the first was with Sephora in 2022). The AG’s complaint stated that DoorDash sold California consumers’ personal information (names, addresses, and transaction histories) as part of its participation in a couple of marketing co-ops that began in 2018. The sale of personal information is n ..read more

The U.S. government recently intervened in a False Claims Act qui tam case against Georgia Tech Research Corporation, Georgia Institute of Technology, and Georgia Tech Research Institute for violations of NIST 800-171 for failing to protect Controlled Unclassified Information (CUI). Long story short, the U.S. intervention means that the government is taking this case seriously, which means that the defendants have to take this case even more seriously. Defense contractors need to be intimately familiar with NIST 800-171, which applies to them through various regulations and through their contr ..read more