The British island territory of Bermuda legalized same-sex marriage on Friday after a long legal battle. Two men, Bermudian Winston Godwin and his Canadian partner, Greg DeRoche, took their case to the Supreme Court after Bermuda’s Registrar-General declined their application to marry on the island. A crowded courtroom broke into applause when the judge ruled in in their favor, The Royal Gazette reported.
The couple contended that Bermuda’s Human Rights Act protected their right to marry. “The ruling today is more than me and pieces of paper; it’s more than any of that, it is what it means for Bermuda moving forward,” Godwin said. This is a big step in the right direction, he continued, with more to be done on LGBT issues. “People are going to have their opinions about this and that is OK,” said Godwin. “I am not here to change people’s opinions or how they think. I just want them to respect me and my relationship and my marriage that will happen here.”
The law goes into effect immediately. Godwin said he and DeRoche will resubmit their marriage application to the Registrar-General “within days.” The common law definition of marriage as the voluntary union for life of one man and one woman, and its reflection in existing matrimonial law “are inconsistent with the provisions of the Human Rights Act as they constitute deliberate different treatment on the basis of sexual orientation,” Judge Charles-Etta Simmons said in her ruling. “In so doing the common law discriminates against same-sex couples by excluding them from marriage and more broadly speaking the institution of marriage,” she said. “On the facts of this case the applicants were discriminated against on the basis of their sexual orientation when the Registrar refused to process their notice of intended marriage.”
The pro-LGBT group Bermuda Rainbow Alliance praised the judge’s decision, calling the ruling a victory for “a brave young couple willing to fight for their love” and “all same-gender loving people in Bermuda.” “Today, history has been made and love has won,” the group said in a statement. The pro-marriage group Preserve Marriage in Bermuda criticized the ruling. “Today a single judge, Justice Charles-Etta Simmons, of the Supreme Court of Bermuda has decided to redefine the institution of marriage,” the marriage group said in a statement. “By imposing this judgment, the court has ruled against many in the community of Bermuda.” Bermuda voters overwhelmingly rejected same-sex “marriage” in a referendum last June 69 percent to 31 percent. The vote was null, however, since some three percent less than the required 50 percent of registered voters took part in the referendum.
Read More : lifesitenews.com/news/bermudas-supreme-court-forces-gay-marriage-into-law
The ghosts of dead economists and a century-old decision that many consider to be judicial activism at its worst hovered over the U.S. Supreme Court today as the justices heard arguments about whether a New York law prohibiting surcharges for credit-card purchases is unconstitutional. Justice Stephen Breyer did a lot of the talking in Expressions Hair Design v. Schneiderman, repeatedly expressing concern that by dragging constitutional questions into a fight over a state pricing law the court might open the door to a new wave of judicial interference in economic regulations. The court most famously did so with its 1905 decision Lochner v. N.Y., striking down a New York law limiting bakers to a 60-hour work week as violation of the 14th Amendment liberty of contract. Lochner ultimately wilted before the wave of state and federal economic regulations that accelerated in the New Deal and generations of law students have learned to regard it as an anomaly, although libertarians have tried to rehabilitate it in recent years.
“We are diving headlong into an area called price regulation,” Breyer said at one point. “The word I fear begins with an L and ends with an R; it’s called Lochner.” The merchants challenging New York’s law say it prohibits them from describing a higher price for credit-card purchases as a “surcharge,” even though they can offer a discount for cash. The two are identical in economic terms, but New York defends its law as reflecting the irrational belief of some consumers that a discount is preferable to a surcharge. Credit-card companies, not surprisingly, support the ban on “surcharges.” Justice Elena Kagan seemed to agree with New York, saying the law doesn’t implicate freedom of speech in any way. The law prohibits the practice of charging a higher price for credit, but not what merchants call it.
“I can imagine ways in which you might say that this is restricting speech, but that’s not it,” Kagan said. The enforcement history in New York suggests something more, however. Investigators for state and local prosecutors conducted sweeps in which they called about pricing and arrested merchants when they slipped up and failed to call a discount for cash by its proper name. One gas station operator was busted because his clerk described a nickel discount for cash as “paying more” for credit.
Read More : forbes.com/sites/danielfisher/2017/01/10/supreme-court-puzzles-over-speech-implications-of-ny-law-banning-surcharges-for-credit/#618c78f226d6
Dar es Salaam — The High Court (Land Division) has dismissed an application by Chadema chairman Freeman Mbowe in which he opposed being removed from a city centre NHC building. Judge Sivangilwa Mwangesi reached the decision yesterday after he was satisfied that Mr Mbowe was legally evicted. However, Mr Mbowe’s advocate Peter Kibatala was not happy with the decision and expressed intention to appeal at the Court of Appeal.
According to him, they already filed a notice of appeal at the Land Division seeking to be provided with judgment and proceeding so as to file revision at the High Court. Along with the notice of appeal, Mr Kibatala also said that they have filed an application for injunction restraining NHC and its auctioneers not to sell the properties pending determination of the revision by the Court of Appeal. On September 1, National Housing Corporation (NHC) auctioneers attached properties in the building that houses popular Bilicanas Club and Free Media Limited, the publisher of Tanzania Daima newspaper, both owned by Mr Mbowe following an occupancy dispute between the two sides. Mr Mbowe through his advocate, Mr Kibatala, filed the application at the Court seeking among other things, the court to order NHC and Foster Auctioneers and General Traders to restore him to the property.
According to Mr Kibatala, his client was illegally evicted from the building because the auctioneer sent by NHC was not registered and hence not recognised by the Registrar of the Court. Mr Kibatala further submitted that the law was not followed during the eviction because his client was not served with a notice.
I’m walking down the street the other day somewhere in California, and I stumble across an Audi A4 with an Illinois license plate that has black writing on it. Now, I can’t be sure of much in this fast-changing planet we call home, but I can be sure of this: Illinois license plates have red writing, typically stamped directly on top of Abraham Lincoln’s nose. The license plate also has an unusual format that ends with the letters “WT.” What does WT stand for? Work Truck? Wiggle Taxonomy? Waving Tutu? Wild Turkey? This situation irked me enough that I decided to take a picture of it. Then I did what any normal, rational person would do when they see something that makes them curious: I forgot about it for like six months. So last month I’m going through my pictures, and I notice the Wiggle Taxonomy license plate among them. And at that moment, I committed to solving the mystery once and for all by doing what any serious, professional, highly qualified journalist would do: I began poring over Illinois state statutes, stopping only for lunch, dinner, and the occasional break for rocking out to Jimmy Eat World songs with my stuffed capybara.
No, I’m just kidding. What I actually did was, I Googled it. I do have a stuffed capybara, though. Here’s what I learned: that mysterious “WT” code on the license plate I saw? It does not stand for Wild Turkey, or Whirling Taliban, or Walking Turtles. It stands for Window Tint. This is a special license plate for window tint.
What exactly is a special license plate for window tint? I will let the Illinois state statute do the talking, as it very clearly states in Section 12, Row 6, Seats 3 and 4, on the third base side:
A person owning and operating a motor vehicle, who is determined by a physician licensed to practice medicine and is afflicted with or suffers from medical disease such as systemic or discoid lupus erythematosus, disseminated superficial actinic porokeratosis or albinism, which would require that person to be shielded from the direct rays of the sun is entitled to operate said vehicle with tinted windows. This exception also applies to a vehicle used in transporting a person when the person resides at the same address as the registered owner and the person is afflicted with or suffering from a qualifying medical condition”. However, no exemption from the requirements of subsection (a-5) shall be granted for any condition, such as light sensitivity, for which protection from the direct rays of the sun can be adequately obtained by the use of sunglasses or other eye protective devices.
For those of you who do not wish to spend your time on Jalopnik reading statutes from a place where the local prison population primarily consists of former governors, allow me to paraphrase: the window tint license plate is issued to people who have a medical condition that requires them to be shielded from the direct rays of the sun. However, the statute very clearly says that the plate is not for people who have simple “light sensitivity,” which can be solved with “the use of sunglasses or other eye protective devices.” I imagine this is much in the same way that a disabled license plate is not for people who have minor disabilities, such as too much back hair, or bad breath, or they’re 28 years old and they have a capybara stuffed animal. And indeed, the Audi I saw with the Window Tint license plates had extremely tinted windows; windows so tinted that they may have actually been painted metal. This would not surprise me, as I suspect Audi charges more for “transparent windows,” as part of the same $2,400 Convenience Package that includes round tires.
Now, for those of you reading this from outside North America, you might be wondering why any of this exists: window tint laws. Exceptions to window tint laws. License plates with Abraham Lincoln’s face on them. Well, the answer is that window tint is a very divisive issue here in this part of the world. This is because police officers believe heavily tinted windows to be a huge safety hazard, in the sense that they greatly diminish visibility, and also tinted windows make it hard for an officer to see how many people are in a vehicle, or whether not they’re reaching for a weapon during a traffic stop. On the flip side of the argument, a large contingent of 19-year-olds support tinted windows because “they look cool.” Personally, I’m not a big fan of window tint on my own vehicles, because it reduces my visibility at night. I am, however, for Illinois’ special license plate, because I believe it’s an interesting way to accommodate a disability. In fact, I think the program should expand. For example: I would qualify for an “RC” license plate, which of course would alert officers to the fact that the driver might be Rocking out to Jimmy Eat World with a stuffed Capybara.
Read More : Jalopnik.com/illinois-issues-a-special-license-plate-for-legal-windo-1771775231
In Oregon, authorities are planning to implement a new rule that would cap individual serving sizes of infused edibles at 5 mg THC, or half that of Washington and Colorado. Currently there are no potency limits for Oregon edibles, though they’re only available to state-registered medical patients. The measure is scheduled to go into effect on Oct. 1. Regulators explain the change not as an attack on the industry but as a push to curb the horror stories of young children coming into emergency rooms after mistakenly ingesting edibles. The new limits, they say, are actually aimed at helping the new market succeed. “Everybody’s aware that all eyes are on us,” said André Ourso, manager of the Oregon Medical Marijuana Program. As the statewide experiment unfolds, it’s no secret U.S. and international governments are watching keenly. “It’s a frontier,” Ourso said. “It really is something new, and I think everybody wants to do it right and not make mistakes going forward.” Oregon’s new rule would limit retail edibles to 5 mg THC per serving for things like cookies and chocolates. An entire package could contain no more than 50 mg. Medical products would have higher limits, up to 100 mg per package. While Colorado and Washington have had years of regulatory opportunities, “this is pretty much our first real regulatory crack at rulemaking,” Ourso explained. “Setting lower limits, it allows us to look at things in a more cautious public health manner.” He stressed that the lower limits don’t mean Oregon regulators are opposed to cannabis. “We don’t want to decimate an entire industry; that’s not our goal,” he said. “We want to have a well-regulated industry, just like any other.” The proposal is winning hesitant buy-in from some producers and dispensary operators. While business owners aren’t necessarily in favor of the proposed rules, they said, they understand the unique position legal cannabis still occupies. “I think obviously they’re coming from a public safety standpoint, and we get it,” said Oregon cannabis entrepreneur Brent Kenyon, founder of Southern Oregon Alternative Medicine dispensaries and maker of the 400-mg-THC Chocowanna Bar, which would be prohibited under the new state rule. A big piece of the industry’s buy-in seems to come from the sense that authorities in Oregon are genuinely on board with cannabis. When there’s a rub, Kenyon said, he’s seen the Oregon Liquor Control Commission, which also regulates cannabis, revise rules in response to feedback from both the industry and the public. “They’ve done a great job of reaching out to everyone,” Kenyon said. “The state of Oregon doesn’t want to squish commerce.” If trust can go a long way in getting stakeholders on the same page, though, a misunderstanding can make for disaster. In Colorado, a recent legislative push to limit the potency of all cannabis products drew the ire of many in the industry. Michael Elliot, executive director of the Denver-ased Marijuana Industry Group, described the measure in a Denver Post op-ed as “an attempt to make pot illegal.” The proposal would’ve capped THC in all cannabis and cannabis products — including concentrates — at 15 percent. That’s lower than the current state average of 17.1 percent THC for raw flower, and it’s drastically below the average concentrate potency of 62.1 percent. The Colorado lawmaker who introduced the legislation, Rep. Kathleen Conti (R-Littleton), said in an interview that the proposal came in response to a lack of scientific research into the safety of high-THC cannabis. She also said it’s her opinion that too many in Colorado have adopted the opinion that “if it’s legal, it can’t hurt you.”
“We don’t know that to be true,” she said.
Critics, however, said the ignorance cut both ways. The manner in which the bill was written, they argued, suggested Conti and her staff didn’t adequately understand cannabis. “I don’t think a lot of thought was put into the proposals,” Mark Slaugh, executive director of the Cannabis Business Alliance, told the Denver Post as the measure was being considered. “This bill threatens to wipe out most infused product manufacturers, and its language is unclear what to do with edibles.” Growers would have to destroy common strains with higher THC levels, they complained, and even carefully cultivated cannabis could come in above the cap, depending on growing conditions. And ultimately if consumers couldn’t obtain their favorite products legally, critics warned, they’d likely turn to the black market. The 15-percent limit barely fell short in committee, by a 6–5 vote, but lawmakers have promised to return to the issue next year. In the meantime, both sides are gearing up to battle over a bill introduced last week, HB 1436, that would prohibit infused edibles that “resemble the form of a human, animal, or fruit” because they are “shaped in a manner to entice a child.”
Regulation or Education?
There are good reasons to question caps on cannabis potency. But it’s also fair to say that edibles earn cannabis a lot of bad press when people, whether children or just rookie consumers, accidentally eat too much. New York Times columnist Maureen Dowd is an infamous example; she ate a whole cannabis-infused candy bar without realizing it contained 16 servings. Even officials who favor cannabis have started to rethink edibles. In Aspen, Colo., Sheriff Joe DiSalvo admits he’s struggling with how to regulate products like cookies and candy, which he worries might appeal to kids. County commissioners have asked DiSalvo to provide a recommendation as to whether Aspen should ban all edibles except for those in pill form, a decision the sheriff said he’s still considering. “It goes back to, for me, what is the real point of a cookie or a gummy when you can get it delivered in a different way?” he said. “I don’t know why you need to have in this other form when you could swallow it and be done with it.” He acknowledged a lot of the terrible stories he hears are anecdotal. “I wonder about that myself sometimes,” he said. But because he worries horror stories cause harm to the industry, he said a ban on edibles might be the way to go. “Is cookies and candies equivalent to putting a smiley face on a bottle of Jack Daniels and making it appeal to a kid?” he asked. “When it comes to children and use, we’re all concerned about that.” How does he feel about a cap on overall cannabis potency in Colorado? “I would fight it to the death. I don’t see a lot of accidental ingestion with flower.”
An Oklahoma state law that helps fund schools, passed 23 years ago, was never implemented, and now 48 school districts are seeking action from the Oklahoma State Supreme Court. The lawsuit is filed on behalf of the school district and names Oklahoma State Superintendent Joy Hofmeister, Treasurer Ken Miller and the Oklahoma Tax Commission as defendants. Every school district across the state has been given the wrong amount of money every year since 1991, the lawsuit alleges, a charge former State Superintendent Janet Barresi confirmed in 2014.
More than 150 districts are being short-changed funds, a group called Oklahoma Schools for Fair Funding said Monday. Just under 50 are participating in legal action, including Oklahoma City Public Schools. The law was intended to give districts extra money when taxes over a certain level. That money would go to local districts instead of the state. But that law was never implemented. The cap on property taxes has resulted in districts not getting the right amount of money now for some 20 years. And the fix means some districts will lose money, while some will gain.
The lawsuit seeks the defendants to “fufill its statutory duty” to determine the amount of money owed districts from 1991 until this year, “as a result of the [Department of Education’s] acknowledged failure to follow the plain language of” Oklahoma law. It started with Ponca City superintendent Dr. David Pennington some 10 years ago, as he struggled to figure out why his calculations of how much his district should get—always came up short. In a press conference announcing the lawsuit, Pennington said his district is estimated to have lost $14 million.
Should the Illinois legal smoking age increase from 18 to 21?
A proposal by Sen. John G. Mulroe, D-Chicago, would do just that. Mulroe, surrounded by public health advocates, pitched the idea Thursday in a news conference. He said the change would serve the public well for several reasons, among them:
– Smoking is deadly, and the proof’s available on every pack of cigarettes in the form of a warning from the U.S. surgeon general. – Smoking is expensive to the individual. A two-pack a-day habit in some areas (notably Chicago) can run a person24 a day or more than8,700 a year, Mulroe said. – Smoking is expensive to the state. The senator and public health advocates said5 billion annually is spent in Illinois treating smoking-related illnesses, and2 billion of that comes from taxpayer-supported Medicaid funds. – Raising the legal age for the purchase and possession of tobacco is a research-proven way to cut use among young people. Mulroe said research also shows that if people make it to 21 without smoking, they likely never start.
Mulroe said he’s not targeting smokers, many of whom have told him they support raising the legal age. “The smokers tell me, ‘It’s a good bill, John,'” and when he asks why, they respond, “I wish I’d never started smoking.” “They can’t quit,” Mulroe said. “The addiction makes them powerless.” People who don’t smoke or don’t object to smoking shouldn’t shrug off the issue as none of their concern, said Kathy Drea of the American Lung Association in Illinois. “Two billion dollars of the Illinois state budget is spent treating Medicaid recipients with tobacco-related diseases,” Drea said. “That cost alone is one of the main, right reasons this bill should be passed,” she said. “Illinois should be doing everything it possibly can to reduce tobacco use and the associated disease, death and cost.”
Anthony Fisher of Reason.com, a branch of the libertarian Reason Foundation, said not everyone agrees.
While Mulroe and supporters make some valid points, the change in law the senator proposes “restricts the personal liberties of adults, which people who are above the age of 18 are, period,” Fisher said.
“They can be charged as adults under the law, they can fight and die for their country, and they are required to pay taxes. They’re adults, and they are entitled to make their own decisions, even if they are ill-advised decisions like taking up cigarette smoking,” he said.
Fisher acknowledged the public-health cost of smoking is “a fair and valid point.””But if we’re going to go there, let’s go further — let’s make it so that nobody under 21 can purchase sugar,” he said.
“That will make it hard for people to develop the sugar habit, (and) it will make it harder for people to develop diabetes,” he argued. “Let’s just never stop,” he said. “Let’s just never stop using the public good as an excuse to curb people’s choices. We can go on forever with this.”
Fisher said he doesn’t smoke and doesn’t think people should, but “we’d actually be a freer and more tolerant society if we allow people to make those choices and not turn everything into a potential crime under civil and criminal codes.” Mulroe’s legislation, Senate Bill 3011, would apply to the sale, purchase and possession of all tobacco products, as well as electronic cigarettes. If passed, it would provide business penalties for retailers who sell tobacco products to anyone younger than 21 and make it a petty offense for anyone under 21 to be in possession.
Read More : huffingtonpost.com/reboot-illinois/should-the-legal-smoking_b_9292860.html
Google Inc. denied it reached a “sweetheart deal” with British tax authorities as a dispute continued over the 130 million-pound ($185 million) settlement, which was called a victory by the U.K. Treasury and dismissed as “derisory” by opposition lawmakers. U.K. Business Secretary Sajid Javid separately said the agreement “wasn’t a glorious moment” and he shares “the sense of unfairness” felt by small businesses that are unable to use the tools available to multinational corporations to keep their taxes low. “Work needs to be done” to ensure they pay the correct share, he said. “It’s not a sweetheart deal, it’s a settlement with HMRC,” Peter Barron, Google’s U.K. head of communications, told BBC TV’s Andrew Marr Show on Sunday, referring to Her Majesty’s Revenue and Customs. “Government puts the laws in place, HMRC enforces the laws and we follow the laws. If the laws change, of course we would follow them.”
Google parent Alphabet Inc. agreed to pay tax going back 2005 after talks with U.K. tax authorities, while across Europe the company was criticized for using innovative tools to keep its tax rates low. HMRC has been faulted for not securing more money after reports that France and Italy are demanding higher settlements from the Mountain View, California-based company. The U.K. agreement was announced Jan. 23. Separately, the Sunday Times reported that six of the 10 biggest companies in the benchmark London Stock Exchange index, including Royal Dutch Shell Plc, SABMiller Plc and AstraZeneca Plc, paid no U.K. corporation tax for 2014. The companies told the newspaper that losses, minimal revenue in the U.K. revenue and expiring drug patents meant the company didn’t have to pay the taxes.
Javid defended the context of the U.K. deal, which Chancellor of the Exchequer George Osborne described as “a victory” for the government. It has been criticized by lawmakers, including Conservative Mayor of London Boris Johnson and the opposition Labour Party, which said the company’s effective tax rate was as low as 3 percent.
“It wasn’t a glorious moment when people look at these issues, but it is important to talk about what the government is doing,” Javid said on Marr’s program. “The government has taken a huge amount of action to try and deal with just this kind of problem.” The U.K. has closed more than 40 tax loopholes, signed information exchange deals with other countries and pressed for changes in international rules, Javid said, and that work needs to continue. The Google deal will help in the drive to change companies’ attitude to taxation, he said. “The way in which it was a success is that it helps change behavior,” he said. “It’s clear to me that when other companies look at this and they see that HMRC, no matter how long it takes, will not give up, they will come after you if they feel you’re not paying your fair share in taxes.”
Read more : bloomberg.com/news/articles/2016-01-31/google-defends-u-k-tax-accord-as-legal-not-sweetheart-deal-
Penetration (pen) testing is a valuable way to determine how resistant an organization’s digital infrastructure is to outsider attack. What better way to check a network’s security than giving scary-smart individuals permission to hack it. The authors of this SANS Institute paper about pen testing — Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Siles, and Steve Mancini — make an interesting point, saying, “The main thing that separates a penetration tester from an attacker is permission. The penetration tester will have permission from the owner of the computing resources that are being tested.”
What exactly does permission mean?
Employing an outside party to attack an organization’s network while the organization continues normal operation is the only realistic way to test. However, it introduces certain challenges. Enough that Michael R. Overly, a Partner and Intellectual Property Lawyer with Foley and Lardner LLP, urges caution when negotiating the contract for a security audit involving pen testing. If you are wondering what a lawyer knows about pen testing, Overly is not your normal attorney. He has a slew of security certifications including CISA, CIPP, CISSP, ISSMP, and CRISC, has written about information security, and is recognized by peers for his information-security mettle.
Considerations for organizations requesting a pen test
Here are the precautions and considerations Overly suggests in this National Law Review post for companies seeking a security audit. The organization requesting a security audit should consider having the auditor represented by legal counsel: Doing so will afford the organization an opportunity to protect the audit and its results with attorney-client privilege and under the attorney work product doctrine. Overly also suggests, “Ask to review the report in draft form to make any changes before it is placed in the final form.” Treat the audit agreement as a professional services engagement: Ensure the work is clearly detailed in a well-drafted statement of work and that all costs are identified. Overly warns, “Beware of ‘scope creep’: new services that are added as the project progresses. Allowing creep may add significant costs and may not be protected by stipulations in the contract.” Think carefully before permitting unannounced penetration tests: At least some coordination should be given to ensure the operation of critical systems is not disrupted during key operating hours or month-end processing. Do not permit the audit agreement to create more risk than it is intended to resolve: This means ensuring the auditor assumes an appropriate level of responsibility. Overly offers the following reasons why this is important:
– Audit agreements normally do not include sufficient language regarding obligations of the pen tester concerning information security and confidentiality.
– The auditor will have access to sensitive data and details of how the organization secures its systems. That means strong security and confidentiality obligations, plus a level of liability that ensures the pen tester will comply with those obligations.
Overly further cautions, “Beware of auditors who are unwilling to provide reasonable protection for sensitive information.” Review language in the agreement permitting the auditor to remove data for off-site review: If such activity is permitted, the agreement should make clear the following:
-The data cannot be made available outside the country (unless specific controls are employed).
-The auditor cannot remove personally-identifiable data that may be subject to specific laws or regulations without first committing to be bound by those laws and regulations.
-The auditor cannot take possession of credit-card information unless there is an express need for possession, and the auditing company and or pen tester are fully compliant with the Payment Card Industry Data Security Standard.
Overly advises, “It is far better, however, to prohibit the pen tester from removing such data in the first place, given its sensitivity.”
Considerations for security auditors
Mark Rasch, in his SecurityCurrent column Legal Issues in Penetration Testing, looks at the implications a security auditor faces when performing a penetration test. First up, is recognizing that computer crime laws such as 18 USC 1030 come into play. Rasch writes, “18 USC 1030 makes it a crime to access or attempt to access a computer or computer network without authorization or in excess of authorization. What constitutes ‘authorization’ and who can authorize such access can quickly get muddy.” “So the lesson learned here is that penetration testing, even when authorized, can result in a host of legal trouble,” continues Rash. “The pen tester should obtain a ‘get out of jail free’ card from the customer, specifically indicating not only that the pen testing is authorized, but also indicating that the customer has the legal authority to authorize the pen test.” Rash offers the following suggestions of what else should be in the contract:
-Indicate what the auditor will do (and will not do) and the range of IP addresses, subnets, computers, networks, or devices that will be the subject of the pen test.
-If a software review is being asked for, ensure the copyright to the software permits reverse engineering or code review.
-If a pen tester is to test a network in the cloud, permission must be obtained from the cloud provider.
Rash spent considerable energy speaking to the likelihood of auditors bumping into sensitive data. “A successful pen test can result in the pen tester getting into a computer or computer network that they should not have had the ability to access,” he writes. “Also, it may include accessing data or databases that contain sensitive personal information, credit-card information, personally identifiable information (PII) or Private Health Information (PHI).”
Next, Rash introduces the following must ask questions when sensitive data is involved:
– Is the access to the information by the pen tester a “breach” of the database which must be reported?
– Must the pen tester sign a “Business Associate Agreement” agreeing to protect the data they just accessed?
During an email conversation, Overly brought up a not often thought about consequence regarding sensitive data. “The party conducting the test will gain highly sensitive information regarding the other party’s security measures,” he writes. “If that information were to be revealed to third parties, it could permit a hacker to compromise the tested systems.” Like most things, the actual work almost seems easier than all the paperwork and planning that must happen before a penetration test even begins. However, a well-worn cliche seems to apply here: “Better to be safe than sorry.”
Read More : techrepublic.com/article/dont-let-a-penetration-test-land-you-in-legal-hot-water/
As a media law scholar and practicing media lawyer, I field all manner of questions every week—from students, journalists, editors, and others. Whether I’m speaking generally to a non-client or giving specific legal advice to a client, I’ve noticed that the questions fall into three broad categories:
Can I use that? Can I say that? Can I do that?
Within each category, some issues come up more than others. They’re the greatest hits, so to speak, and I’m going to begin sampling that album with you here—starting with the category Can I use that? Future stories will explore the other two categories. Keep in mind that I’m a lawyer, not your lawyer (unless I actually am your lawyer), and these comments shouldn’t be construed as legal advice.
How to obtain a copyright
Can I use that? questions are typically copyright questions. First, freelancers want to know how to obtain a copyright in something they created. This is sort of the inverse of Can I use that? The person wants to know how to control the way others use her work. So, assuming a work is copyrightable in the first place (some things, like facts and short phrases, are not), it’s copyrighted upon creation. Generally, the copyright is owned by whoever created the work. But if it’s created in the course of employment, it’s usually considered a “work for hire” and owned by the employer. The New York Times, for example, owns the copyright in articles written by its employees. Among freelancers, copyright ownership depends on the rights articulated in their contracts. It’s not uncommon for freelancers and their publications to share copyrights in some way. Now, even though a work is copyrighted upon creation, it’s prudent for the owner to register the work with the US Copyright Office. Registration puts the world on notice of the copyright, and allows the owner to enforce the right in court. Plus, the federal copyright statute entitles the owner to statutory damages if she registers the work before infringement or within three months of the work’s publication. That’s helpful because it means the owner doesn’t have to prove actual losses in an enforcement suit. And, although this isn’t required to obtain a copyright, I usually advise my clients—especially the photojournalists—to place a copyright notice on each of their works. To be most effective, it should include the owner’s name, the year the work was created, and the copyright symbol. Why do I give that advice? If the client needs to enforce her copyright in court, notice takes away the defendant’s ability to claim that he innocently infringed, a defense that can mitigate the owner’s damages.
Lots of people ask me about fair use, the doctrine that allows you to use a copyrighted work without permission. First, understand that the goal of copyright law is not only to protect the rights of people who create content but also “to promote the progress of science and useful arts,” according to the Constitution. Allowing creators to enforce their copyrights in all cases would frustrate the latter, so the courts and Congress adopted the fair use doctrine to allow uses of copyrighted works that would benefit society. I spend my time in this area disabusing people of misconceptions—that you can sample up to 10 seconds of an audio recording, or copy up to three paragraphs of a book, or use whatever you want as long as it’s newsworthy or included in a news report. In reality, there are no such bright-line rules. To determine whether a use is fair, a court considers four factors. The first is the purpose and character of the use (chiefly whether it’s for criticism, comment, news reporting, teaching, or research, all of which favor fair use). The second is the nature of the copyrighted work itself (whether, say, it was unpublished, which is entitled to greater protection). The third is the amount and substantiality of the portion used in relation to the work as a whole (the more of the original work used, the more likely it’s an infringement). And the fourth is the effect of the use on the market for, or value of, the copyrighted work (uses that supplant the original work in the marketplace are unlikely to be fair). No single factor is determinative, and notably the fact that something is newsworthy, or used in a news report, does not automatically make its use fair. That’s probably where I spend the most time educating people. Using a copyrighted work for a news report will be considered as part of factor one, but that does not end the analysis—the court will go on to consider the other factors, and if they don’t favor fair use, then your use won’t be protected.
Linking and embedding
The last major Can I use that? issue is linking. As we surf the Web, we rely greatly on links to navigate from page to page—to look up related content. And news organizations increasingly are using links to provide access to their source material. But what if you post something that links to copyrighted or infringing content? Are you liable under prevailing copyright rules? Different types of linking present different copyright issues, and the law is not entirely settled here—so I’ll hit the two most important points that (for the most part) are settled. First, “deep linking” is what most of us think of when we think of linking. It means placing a link on your site that leads to a page on another site. Doing that, generally, does not constitute copyright infringement—even if the other site is hosting copyrighted or infringing content. Second, “inline linking” is what most of us call embedding. It means placing a line of HTML code in your site so it displays content directly from another site (e.g., embedding a tweet in a news story). That does not, generally, infringe any copyright because no copy of the embedded content has been made—the inline link is simply a piece of code that represents the content as it exists on the originating site. Moreover, most third-party platforms, like Twitter, include in their terms of service a provision that says the user permits others to embed his or her content. Which raises a related issue: Embedding copyrighted content may be okay, but screenshotting it and posting the screenshot is not. That’s basically the electronic equivalent of making a copy of the work, putting it squarely in the crosshairs of copyright law. So, if you find content on social media and want to use it (e.g., in an online news story), embedding is the safest way to do it—not screenshotting.
Read More : cjr.org/united_states_project/journalist_legal_questions.php