Archive for May, 2017

Bipartisan Bill Introduced in Senate that Seeks to Prevent Attacks on American Cyber-Networks

Friday, May 19th, 2017

Democratic Senator Brain Schatz of Hawaii and Republican Senator Ron Johnson of Wisconsin have introduced the “Protecting Our Ability to Counter Hacking Act of 2017,” also known as the “PATCH Act of 2017” in the U.S. Senate Homeland Security and Governmental Affairs Committee, following the recent “WannaCry” ransomware attack, with the intention of requiring government agencies to submit any security holes in software products they discover for independent review in order to determine any vulnerabilities that need to be secured, as reported by HealthCare IT News and Reuters.  According to HealthCare IT News, the PATCH Act of 2017 is supported by Republican Senator Senator Corey Gardner of Colorado, Democratic Representative Ted. Lieu of California, and Republican Blake Farenthold of Texas, as well as McAfee, Mozilla, The Information Technology and Innovation Foundation, and New America’s Open Technology Institute.

The text of the PATCH Act of 2017 is available for viewing here.

The bill would require the establishment of a Vulnerability Equities Review Board comprised of permanent members, ad hoc members, and National Security Council members who are neither of the above, if approved by the President and requested by the Board.  The permanent members would include the following:

  • Secretary of Homeland Security or the designee of the Secretary, who shall be chair of the Board;
  • Director of the Federal Bureau of Investigation or the designee of the Director;
  • Director of National Intelligence or the designee of the Director;
  • Director of the Central Intelligence Agency or the designee of the Director; and
  • Secretary of Commerce or the designee of the Secretary.

The Ad Hoc Members would include:

  • Secretary of State, or the designee of the Secretary, if the Board considers the matter under the jurisdiction of the Secretary;
  • Secretary of the Treasury, or the designee of the Secretary, if the Board considers the matter under the jurisdiction of the Secretary;
  • Secretary of Energy, or the designee of the Secretary, if the Board considers the matter under the jurisdiction of the Secretary; and
  • Federal Trade Commission (“FTC”), or the designee of the Commission, if the Board considers the matter as relating the the FTC.

The purpose of the Board would be to establish policies relating to “whether, when, how, to whom, and to what degree information about a vulnerability that is not publicly known should be shared or released” by government to a non-government entity and the process by which such information should be shared or released to a non-governmental entity. In other words, as Reuters reported, the bill is intended an attempt to put the process “into civilian control” and remove such decisions from the purview of the National Security Agency (“NSA”).

According to reporting by ThreatPost, this bill codifies the process that the White House has long claimed to have in place to evaluate information on security vulnerabilities, but in fact rarely actually has utilized.  According to Threat Post, in the particular case of the WannaCry attack, the NSA did in fact tip off Microsoft of the security issue, which allowed Microsoft to make the patch available to customers in advance of the attack.

While the WannaCry attack was initially reported only to have hit Windows machines, according to reports by ThreatPost, it is now known that medical devices and industrial control systems have also been hit by the attack, including equipment used in medical radiology facilities.

Reuters is reporting today that, for victims who have not paid the ransom and/or recovered their files, French Researchers have developed a last resort workaround, which will successfully unlock the encryption key for files hit by the attack in certain conditions.  According to Reuters, Europol has stated on Twitter that its European Cybercrime Centre has tested this tool and confirmed it will successfully recover data in some circumstances.  The technical details of this tool can be accessed through the Reuters article.

image_pdfimage_print

Bipartisan Bill Introduced in Senate that Seeks to Prevent Attacks on American Cyber-Networks

Friday, May 19th, 2017

The “PATCH Act of 2017” has just been introduced in the Senate, which would require government agencies to submit security holes in software products they identify for independent review in order to determine any vulnerabilities that need to be addressed.  For more information on the bill, please check out the Silicon Valley Software Law Blog posting on the story:

http://www.siliconvalleysoftwarelaw.com/bipartisan-bill-introduced-in-senate-that-seeks-to-prevent-attacks-of-american-cyber-networks/.

image_pdfimage_print

BiPartisan Bill Introduced in Senate that Seeks to Prevent Attacks on American Cyber-Networks

Friday, May 19th, 2017

The “Protecting Our Ability to Counter Hacking Act of 2017”  or “PATCH Act of 2017” has just been introduced in the Senate.  For more background on the bill, please check out this Silicon Valley Software Law Blog post:

http://www.siliconvalleysoftwarelaw.com/bipartisan-bill-introduced-in-senate-that-seeks-to-prevent-attacks-of-american-cyber-networks/

image_pdfimage_print

Negotiating the Purchase of SaaS Company Assets: Key Problems to Consider in Any Deal

Wednesday, May 10th, 2017

If you are like many SaaS companies I see, if you are approached with an asset purchase that interests you, you will be in a hurry to get the deal closed.  However, before you move forward, you should want to give the deal serious consideration.  What are some of the concerns you should have?  The Silicon Valley Software Law Blog addresses these issues in the following blog post:http://www.siliconvalleysoftwarelaw.com/negotiating-the-purchase-of-saas-company-assets-key-problems-to-anticipate-in-any-deal/

 

image_pdfimage_print

Investigation Reportedly Launched by Department of Justice into Uber’s Use of “Greyball” Software

Saturday, May 6th, 2017

The Department of Justice has launched an investigation into Uber’s use of the Greyball software program.  For more information on the investigation, please check out the following Silicon Valley Software Law Blog posting on the story:

http://www.siliconvalleysoftwarelaw.com/investigation-reportedly-launched-by-department-of-justice-into-ubers-use-of-greyball-software/

image_pdfimage_print

Common Software Fee Drafting Problems and How to Fix Them

Wednesday, May 3rd, 2017

A common problem in software and SaaS agreements is that the fee terms in the contract make no sense.  Why is this the case and how do you fix the terms?  The Silicon Valley Software Law Blog addresses this issue in the following posting:

http://www.siliconvalleysoftwarelaw.com/common-software-agreement-fee-drafting-problems-and-how-to-fix-them/

image_pdfimage_print

Does Your Customer Software License or SaaS Agreement Leave Your Company Vulnerable to a Dispute Over Implementation?

Monday, May 1st, 2017

If your company is like most in the software space, your product requires some sort of initial set-up and configuration for customers that in an enterprise scenario can require a significant investment of time and resources.  However, many software contracts are silent regarding what is involved in this initial phase of a business relationship, which results in many disputes.  The Silicon Valley Software Law Blog discusses this issue in the following blogpost:

http://www.siliconvalleysoftwarelaw.com/does-your-customer-software-license-or-saas-agreement-leave-your-software-company-vulnerable-to-a-legal-dispute-over-implementation/

image_pdfimage_print
image_pdfimage_print

| The Prinz Law Office | Silicon Valley Office Address •84 W. Santa Clara St., Suite 788, San Jose, CA 95113 • Firm Mailing Address: 117 Bernal Rd., Suite 70-110, San Jose, CA 95119 •408.884.2854 | Orange County 949.284.6884 | San Diego ▪619.881.0424 | Tel: 1.800.884.2124 | Sitemap

  • Web Development by Axis Media

    Portions of this website may include what may be considered ATTORNEY ADVERTISING in some states. Please note that any discussion on this website of prior results does not guarantee similar outcomes

  • Call Prinz Law Office Now

    Protected by Security by CleanTalk