A couple of years ago, a guy named Paul Ceglia sued Mark Zuckerberg and Facebook, claiming that he was entitled to a 50% share of that company. You may not have heard about Ceglia’s suit as there wasn’t an Oscar-winning movie made about it. The basis for his action was a contract that he claimed to have, from 2003, in which Zuckerberg made him such a promise, a contract that Facebook denied the existence (or the validity) of.

Now, you know it’s a bad sign when your attorneys leave your side, especially in a case that – potentially – is worth billions of dollars. But Celgia went through lawyers pretty quickly. He has already been censured and sanctioned repeatedly for stalling the discovery process and failing to produce requested documents, and last week things took a turn for the (even) worse. From FindLaw:

Federal officials charged Ceglia with mail and wire fraud for his actions in the lawsuit against Facebook. They claim he doctored the contact between himself and Zuckerberg, and created fake emails to use as evidence at trial.

Investigators claim they found the original contract in a search of Ceglia’s hard drive. That contract allegedly makes no reference to Facebook.

He got eDiscovery’d! The WSJ has the full complaint against Ceglia, and he could face up to 40 years in jail if convicted. And to cap it all, yesterday, another of his attorneys moved to withdraw from the case “for personal reasons“.

Following the South Park-emulating gamer who brought havoc to the World of Warcraft recently, another popular video game has been hit by hackers with cheat codes, that has led to the permanent deaths of other users’ characters. The game this time is Gearbox Software’s Borderlands 2, which debuted to outstanding reviews last month. Ars Technica can tell you what happened:

The sabotage campaign… could be enabled by modifying a setting known as “IsBadassModeSaveGame” included in Borderlands 2. It’s disabled by default, but users who modify their Xbox systems can turn it on, allowing them to enter what’s known as “badass mode.” Increasing the impact of the attack, Xbox systems will enable the mode when they encounter other modified systems, causing the campaign to spread wider than it would otherwise.

“In a nutshell, once your character is in ‘badass’ mode, playing [with] other people will force their characters into this mode too,” the writer of one follow-up post claimed. “Hence the ‘virus’ explanation—as with a cold or the flu in real life, you can spread it to other people before noticing the symptoms, and without any evil intent. They in turn can spread it on to others.”

Until a fix is developed and distributed, Gearbox recommends playing only against trusted individuals, and diligently saving your work. No word yet about the people whose characters – and presumably their hours of game time – have been killed off.

Today’s massive security breach comes to us from South Carolina, where hackers using an overseas IP address broke into the state Department of Revenue’s website, and obtained up to 3.6 million social security numbers and 387,000 credit and debit card numbers.  Though only 4% of the bank account information is believed to have been unencrypted, that’s still 16,000 unsecured bank account numbers. None of the social security numbers were encrypted either.

The state has advised anyone who filed a South Carolina tax return since 1998 to urgently check their statuses, and has offered to pay for credit monitoring. In a news conference yesterday, Governor Nikki Haley defended having so much unencrypted social security information on the state’s computers.

“The industry standard is most Social Security numbers are not encrypted. A lot of banks don’t encrypt,” Haley said. “It’s very complicated. It’s very cumbersome. There’s a lot of numbers involved with it.”

Gov. Haley also had some tough words for whoever was behind this attack:

 ”This is not a good day for South Carolina,” Governor Nikki Haley said at a news conference in the state capital of Columbia. “I want this person slammed against the wall,” she said of the hacker.

“I want to get this person and make sure he can never do this to anybody or any state again,” Haley said “I want that man just brutalized.”

The election is one week away, and over the weekend, the New York Times reported on a development that hasn’t been getting much attention amid all this other coverage. Like Mastercard and Verizon before them, it looks like both major political parties are keeping tabs on who visits their sites. From the Times:

One of the hallmarks of this campaign is the use of increasingly sophisticated — but not always accurate — data-mining techniques to customize ads for voters based on the digital trails they leave as they visit Internet sites.

It is a practice pioneered by online retailers who work with third-party information resellers to create detailed portraits of consumers, all the better to show them relevant marketing pitches…

Now, in the election’s final weeks, both presidential campaigns have drastically increased their use of such third-party surveillance engines, according to Evidon, a company that helps businesses and consumers monitor and control third-party tracking software.

Over the month of September, Evidon identified 76 different tracking programs on barackobama.com — two more trackers than it found on Best Buy’s Web site — compared with 53 in May. It found 40 different trackers on mittromney.com last month, compared with 25 in May.

So again, people’s browsing habits are being stored somewhere, along with their political beliefs. All the tracking companies that spoke to the Times insisted that information was anonymous, or aggregated, or not sold to third parties, but they would say that, wouldn’t they? Privacy advocates are concerned that these third-party advertisers have well-developed profiles of individuals, and only the advertisers’ word that these profiles are anonymous. Mother Jones’ Tim Murphy describes the process very well in the above video, and describes how, at least, neither party is as creepy as Target.

As a fun extra detail, you may recall that the EU has very strict rules about cookies, so if someone in London visits the candidates’ sites, and starts being tracked, is there an EU privacy violation going on?

You know how if you purchase a CD, you’re well within your rights to take that CD to your computer, convert it to some sort of digital file format, and then put those music files on your iPod. That practice is called space-shifting. By the same token, it should arguably be fine if you buy a DVD, and then convert it a format that you can play on your iPad, right? You’ve been meaning to watch that ‘The Wire’ box set, and you have some long flights and longer layovers coming up. It shouldn’t be a problem to covert the material you already legally own into a more useful format. Even Congressman Darrell Issa thinks so, as he told Redditors earlier this year:

You can in fact make personal copies for your own use. A good example would be ripping a DVD so you can play it on your iPad. That use is not prohibited. The MPAA always takes the view that your rights are limited, but for non-commercial use, making a digital copy like you suggest is a-okay.

Turns out, it is NOT okay to rip DVDs to digital file formats. Public Knowledge requested an exemption from the U.S. Copyright Office, which would allow such a permission, but last week, their request was denied. “Furthermore, the Register and the Librarian explained that they were unconvinced that space shifting was fair use at all.”

So that’s something to keep in mind. Valid copyright protection, or outdated legal relic that’s out of step with contemporary technology? You decide.

Just three weeks ago, we told you about the Michigan man whose privacy case against streaming radio site Pandora was thrown out. As you may recall, the plaintiff was arguing that by reprinting his songs to his other social media accounts, Pandora was violating a 20-year old law about videotape privacy.

Well, today MediaPost reports that the same plaintiff is not giving up just yet, and has vowed to take his case to federal court. There’s not a lot more info just yet, but this article does use the phrase ”sensitive listening records”, which makes it sound like the plaintiff had some seriously guilty pleasures that he DID not want disclosed. Is he likely to succeed in the 9th Circuit, after being dismissed from state court? Possibly. Hulu is still facing a case based on the same (outdated) legislation, so the door could yet be open. It still strikes me as a big deal over what seems like minimal, if any, harm.

Here’s a fun story from late last week. Rob Manuel is the co-founder of b3ta, a popular British website, which was called a “puerile digital arts community” by The Guardian. It’s not unlike Reddit, in the sense that its readership often get the site into hot water, but it has more of a sense of fun and doesn’t seem to take itself too seriously. Anyway, as Manuel explains on his blog, he was bored one day, so he deleted all his friends and tried to exclusively befriend all the other Rob Manuels on there. He saw it as “digital narcism [sic] writ large.”

Facebook didn’t see the funny side, and disabled Manuel’s account. And the best part? To reinstate his account, he has to verify his identity, by showing a passport or driver’s license, as you can see from his screengrab above. In his words: “But I need to give Facebook my passport or driving licence? Haha, that’s not going to happen.”

As observed in more colorful language on his blog, this is an interesting new detail in the social network’s operation. I’m sure there are plenty of users who willingly verify themselves and provide the documentation that Facebook is asking for. Which means, yes, Facebook must have a saved database of people’s ID’s. How do you feel about that?

Here’s a round up of all the cyberthings to be terrified of this weekend. It’s the Halloween Special edition of ‘This Week in Malware’, so it’s recommended that you listen to ‘Monster Mash‘ as you read these.

Firstly, Defense Secretary Leon Panetta doubled down on his recent warning of an imminent “cyber Pearl Harbor‘, by calling cyberspace the “battlefront of the future“, and warning that international cyber thugs could “go after our grid, our power grid, our financial systems, our government systems, and virtually paralyze this country.”

As if to prove his point, we learned that spammers have been manipulating URLS with .gov domains. So people think they’re visiting a government-sanctioned website, and may be more inclined to enter personal information, but it’s all a big fat fake. Be careful out there!

As you may have heard, there was a Presidential debate on Monday night, and for the first time, cybersecurity got a mention. No, I mean literally a mention. As in one mention. Tech bloggers aren’t impressed. Some sort of cybersecurity executive order is due soon, but social networks will not be affected by it.

A new iPad Mini was announced recently, mostly to shrugs, but don’t worry: there are still creeps who target people looking for all the latest gadgets. Scammers have been working on fake news sites and fake shopping sites, promising news or even discounts on the iPad Mini, and again taking advantage of less vigilant internet users.

Finally, this week’s big story involves oil company Saudi Aramco, supposedly “the world’s most valuable company”, which suffered a massive cyberattack recently. On a Muslim high holiday – when nobody would have been monitoring the computers, hackers did some significant damage. As the NYT reports:

a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

Yikes. And once again: Yikes. No official word as to who was behind this attack, but the U.S. seems pretty certain that it was Iran.

Have a great weekend!

We’ve talked about the Stored Communications Act (“SCA”) a couple of times before, and a recent opinion from the Honorable David J. Waxse in Kansas hit on the SCA in the context of a pair of search warrants directed at Yahoo! and UnityFax.  The warrants came about as a result of government efforts to obtain (among other things) the contents of email and facsimile communications related to a spam campaign by an alleged fraudster.  Judge Waxse’s opinion is notable as it hits two important technology law issues: (1) do users have a reasonable expectation of privacy in their electronic communications, and (2)  what is the Fourth Amendment particularity standard in the context of email searches?  More below the jump.

» Read the rest of this entry «

As we mentioned in our last post, the U.S. Center for Copyright Information has developed a six-strikes program, which is due to begin before the end of the year. The goal is to make things harder for file-sharers through a series of warnings. I’ll let the CCI explain its measures:

Educational alerts will come first, followed by acknowledgement alerts that require the recipients to let their ISP know they have received the notices. For accounts where alleged infringing activity continues, enhanced alerts that contain “mitigation measures” will follow.  These mitigation measures will vary by ISP and range from requiring the subscriber to review educational materials, to a temporary slow-down of Internet access speed.   However, termination of a consumer’s Internet service is not a part of any ISP’s Copyright Alert System program. Contrary to many erroneous reports, this is not a “six-strikes-and-you’re-out” system that would result in termination.  There’s no “strikeout” in this program.

Unlike its French equivalent, there are no criminal penalties, just a gradual disruption in service. According to leaked documents obtained by TorrentFreak, an addition sanction would be the blocking of various “frequently visited” websites until an educational course is completed. According to those documents, AT&T is due to commence with this program on November 28th. The program has an educational focus, but it leaves the door open for copyright owners to go after serial downloaders.

But what about people who may find themselves falsely accused, people who, like the poor Frenchman, declare themselves “totally incapable of downloading anything“? In those instances, the accused can pay $35 to appeal, and if they are successful, they will be refunded that $35. So you won’t necessarily be punished for having an unprotected wireless network.

Overall, this scheme seems to be fairly harmless; hardcore pirates will doubtless find ways around it, but it may well educate low-level, infrequent downloaders. The potential punishments don’t sound too severe, though, so we will see the effectiveness of these measures.