DOCSLIB.ORG

Czwartacki, John S. EOP/OMB" <John.S

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Czwartacki, John S. EOP/OMB From: Czwartacki, John S. EOP/OMB <[email protected]> To: Czwartacki, John (Detailee)(CFPB) </o-cfpbexc/ou-exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=czwartacki, john201> Cc: Bcc: Subject: Fwd: [EXTERNAL] Reuters: Exclusive U.S. consumer protection official puts Equifax probe on ice sources Date: Mon Feb 05 2018 07:54:40 EST Attachments: Sent from my Phone Begin forwarded message: From: "Shah. Raj S. EOP/WHO' (b)(6) Date: February 5,2018 at 6:29:57 AM EST To: "Czwartacki, John S. EOP/OMB" <[email protected]<mailto:John.S. [email protected]>> Cc: "Kennedy, Adam R. EOP/WHO' (b)(6) (b)(6) Subject: Fwd: [EXTERNAL] Reuters: Exclusive: U.S. consumer protection official puts Equifax probe on ice - sources A version of this referred to CFPB is ok? The GEPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. "The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these," he said. Sent from my Phone Begin forwarded message: From: Comms Alert <[email protected]<mailto:[email protected]» Date: February 5,2018 at 6:22:27 AM EST To: undisclosed-recipients:; Subject: [EXTERNAL] Reuters: Exclusive: U.S consumer protection official puts Equifax probe on ice - sources Exclusive: U.S. consumer protection official puts Equifax probe on ice - sources Reuters Patrick Rucker February 5.2018 - 1:14 AM >https://www.reuters.com/article/us-usa-equifax-cfpb/exclusive-u-s-consumer-protection-official-puts- equifax-probe-on-ice-sources-idUSKBN1FPOIZ< WASHINGTON (Reuters) - Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax Inc failed to protect the personal data of millions of consumers, according to people familiar with the matter. epic.org EPIC-18-02-09-CFPB-FOIA-20180322-Production 000001 Equifax (EFX.N) said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe. But Cordray resigned in November and was replaced by Mulvaney, President Donald Trump's budget chief The CFPB effort against Equifax has sputtered since then, said several government and industry sources, raising questions about how Mulvaney will police a data-warehousing industry that has enormous sway over how much consumers pay to borrow money. The CFPB has the tools to examine a data breach like Equifax, said John Czwartacki, a spokesman, but the agency is not permitted to acknowledge an open investigation. "The bureau has the desire, expertise, and know-how in-house to vigorously pursue hypothetical matters such as these." he said. Three sources say, though, Mulvaney, the new CFPB chief, has not ordered subpoenas against Equifax or sought sworn testimony from executives, routine steps when launching a full-scale probe. Meanwhile the CFPB has shelved plans for on-the-ground tests of how Equifax protects data, an idea backed by Cord ray. The CFPB also recently rebuffed bank regulators at the Federal Reserve, Federal Deposit Insurance Corp and Office of the Comptroller of the Currency when they offered to help with on-site exams of credit bureaus, said two sources familiar with the matter. Equifax has said it is under investigation by every state attorney general and faces more than 240 class action lawsuits. The Federal Trade Commission is examining the breach and the company may face financial penalties. The last time the FTC penalized a major credit bureau was in 2012, a $393,000 settlement with Equifax. In contrast. the CFPB fined credit bureaus more than $25 million just last year for over-marketing its monitoring services, which generated monthly fees. The FTC confirmed in September it was investigating Equifax but a spokesman declined further comment. Credit bureaus like Equifax, TransUnion and Experian collect and store personal information on scores of millions of consumers. Banks and other lenders rely on the information to track how consumers spend money and manage debt, then use it to decide what interest rate to charge for loans. The Equifax breach exposed vulnerabilities in how the companies keep data safe. It also highlighted how credit bureaus exist in a regulatory gray zone where they are partly regulated by several agencies. Under Cordray, the CFPB and FTC agreed to work together on the Equifax inquiry, sources said. But while the agencies have similar powers to investigate, only the FTC has issued a subpoena. And while Cordray had asked bank regulators to join in fresh cyber security exams of the bureaus, last month the CFPB told the regulators that no on-site exams were planned, so their help was not needed, said three officials, who declined to be identified because they were not authorized to speak publicly. The banking regulators declined to comment, and the credit bureaus declined to comment on their dealings with regulators. But TransUnion said the CFPB has no authority to examine the company over cyber security concerns. "We believe that it is clear that the CFPB was not given legal authority to supervise any financial institutions with respect to cybersecurity,'' the company said in a statement. epic.org EPIC-18-02-09-CFPB-FOIA-20180322-Production 000002 The CFPB has come under sustained attack from Republicans during the seven years of its existence. Mulvaney put a hold on much agency work when he took over in November. and said it would last at least 30 days to give him a chance to understand the job. epic.org EPIC-18-02-09-CFPB-FOIA-20180322-Production 000003 From: CFPBPress </o=cfpbexc/ou=exchange administrative group (fydiboh(23spdlt)/cn=recipients/cn=press> To: Blankenstein, Eric (Detailee)(CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=blankenstein, ericOfe>; Chea, Keo (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=keo.chea>; Czwartacki. John (Detailee)(CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=czwartacki, john201>; Doyle, Emma (Detailee)(CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=king doyle, emma4a7>; Ellis, Elizabeth (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=elizabeth.brennan>; Fulton, Kate (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=kate.fulton>; Galicia, Catherine (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=catherine.galicia>; Gilford, Samuel (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=samuel.gilford>; Greenwood, Sheila (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=greenwood, sheila (cfpb)89a>; Hand, Delicia (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=delicia.hand>; Howard, Jennifer (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=jennifer.howard>; Johnson, Brian (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=johnson, brian843>; Martinez, Zixta (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=zixta.martinez>; Mayorga, David (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=david.mayorga>; Parker Rose, Cheryl (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=cheryl.rose>; Slemrod, Jonathan (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=slemrod, jonathan (cfpb)ef5>; Smith, Daniel (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=daniel.smith>; Sutton, Kirsten (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=mork. kirsten7c6>; Welcher, Anthony (CFPB) </o=cfpbexc/ou=exchange administrative group (fydibohf23spdlt)/cn=recipients/cn=welcher, anthony51c> Cc: Bcc: Subject: [PRESS] Politico: Senate Democrats 'deeply troubled' Equifax is going unpunished Date: Thu Feb 08 2018 13:44:36 EST Attachments: Senate Democrats 'deeply troubled' Equifax is going unpunished By Martin Matishak epic.org EPIC-18-02-09-CFPB-FOIA-20180322-Production 000004 February 8,2018 Thirty-one Senate Democrats are demanding to know if Consumer Financial Protection Bureau is slow- walking its investigation into last years colossal Equifax data breach The group — led by Sen. Brian Schatz — sent a letter today to Office of Management and Budget Director Mick Mulvaney, who is temporarily overseeing the CFPB, saying they are "deeply troubled" by reports this week that Mulvaney has scaled back the agency's probe into the hack that exposed the sensitive personal information of more than 145 millions Americans. "While we are aware of reports that the Federal Trade Commission (FTC) may be taking the lead in investigating Equifax's failure to maintain adequate data security standards, the CFPB still has a duty to investigate the harm to consumers and whether other federal consumer financial laws have been violated," wrote the group, which includes the top Democrats on the Senate's Finance, Banking, Armed Services. Budget committees. Lawmakers "respectfully asked Mulvaney to say whether the CFPB investigation has been stopped and who ordered
Load more

Recommended publications
  • UNITED STATES DISTRICT COURT NORTHERN DISTRICT of GEORGIA ATLANTA DIVISION in Re
    Case 1:17-md-02800-TWT Document 739 Filed 07/22/19 Page 1 of 7 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION MDL Docket No. 2800 In re: Equifax Inc. Customer No. 1:17-md-2800-TWT Data Security Breach Litigation CONSUMER ACTIONS Chief Judge Thomas W. Thrash, Jr. PLAINTIFFS’ MOTION TO DIRECT NOTICE OF PROPOSED SETTLEMENT TO THE CLASS Plaintiffs move for entry of an order directing notice of the proposed class action settlement the parties to this action have reached and scheduling a hearing to approve final approval of the settlement. Plaintiffs are simultaneously filing a supporting memorandum of law and its accompanying exhibits, which include the Settlement Agreement. For the reasons set forth in that memorandum, Plaintiffs respectfully request grant the Court enter the proposed order that is attached as an exhibit to this motion. The proposed order has been approved by both Plaintiffs and Defendants. For ease of reference, the capitalized terms in this motion and the accompanying memorandum have the meaning set forth in the Settlement Agreement. Case 1:17-md-02800-TWT Document 739 Filed 07/22/19 Page 2 of 7 Respectfully submitted this 22nd day of July, 2019. /s/ Kenneth S. Canfield Kenneth S. Canfield Ga Bar No. 107744 DOFFERMYRE SHIELDS CANFIELD & KNOWLES, LLC 1355 Peachtree Street, N.E. Suite 1725 Atlanta, Georgia 30309 Tel. 404.881.8900 [email protected] /s/ Amy E. Keller Amy E. Keller DICELLO LEVITT GUTZLER LLC Ten North Dearborn Street Eleventh Floor Chicago, Illinois 60602 Tel. 312.214.7900 [email protected] /s/ Norman E.
    [Show full text]
  • Where Data Privacy and CFPB Are Headed Under Biden
    Portfolio Media. Inc. | 111 West 19th Street, 5th Floor | New York, NY 10011 | www.law360.com Phone: +1 646 783 7100 | Fax: +1 646 783 7161 | [email protected] Where Data Privacy And CFPB Are Headed Under Biden By Alexander Southwell, Ryan Bergsieker and Sarah Erickson (November 24, 2020, 1:03 PM EST) President-elect Joe Biden has signaled that robust consumer protections will be a major focus of his policy agenda in what is anticipated to be a dramatic shift from the deregulatory policies of the Trump administration. In this article, we preview the incoming administration's anticipated consumer protection agenda in two areas: data privacy and consumer financial protection. We also consider what, if any, impact this policy shift is likely to have on state-level enforcement. Assuming that Republicans retain control of the Senate, and with a divided Alexander Southwell Congress consumed at least in the short term with negotiations over COVID-19 relief, we expect to see an initial focus of the Biden administration on pursuing its policy agenda through increased enforcement and regulatory activity. That said, both the Biden administration and key members of Congress are focused on identifying common ground for potential bipartisan legislation.[1] Data privacy is one area that is likely to see bipartisan legislative efforts. Policymakers on both sides of the aisle have recognized the need for federal privacy legislation, and though the parties continue to disagree over key details, they may face heightened pressure to act in light of California's recent passage of the Ryan Bergsieker California Privacy Rights Act, which imposes additional privacy obligations on businesses scrambling to comply with the California Consumer Privacy Act that went into effect earlier this year.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Mick Mulvaney Is the Acting Director of the CFPB for Now
    Mick Mulvaney is the Acting Director of the CFPB For Now On Friday, November 24, 2017, the former Director of the Consumer Financial Protection Bureau (CFPB), Richard Cordray, appointed his chief of staff, Leandra English, as the Deputy Director of the agency. Cordray thereafter resigned from his post. That same day, President Trump appointed the Director of the Office of Management and Budget, Mick Mulvaney, to the position of Director of the CFPB. On Sunday, November 26, 2017, English filed a lawsuit seeking an emergency temporary restraining order (TRO). English asked the court to rule that once Cordray resigned, she, as the deputy director, became the acting director pursuant to the Dodd-Frank Reform Act’s rules on succession. According to her complaint, the deputy director serves as the acting director in the absence or unavailability of the director, until such time as the president appoints and the senate confirms a new director. English asked the court to prevent the president from appointing an acting director other than as provided for by the Reform Act. Several current and former Congressional Democrats submitted an amicus brief in favor of English. The president’s response argued that the Vacancies Reform Act (VRA) gave him the authority to appoint Mulvaney. President Trump’s response pointed to a case in which the Ninth Circuit recently applied the VRA to an independent agency with its own default succession statute, the National Labor Relations Board, in Hooks v. Kitsap Tenant Support Servs., Inc., 816 F.3d 550 (9th Cir. 2016). The Department of Justice and the CFPB’s own general counsel also agreed that President Trump had lawfully designated Mulvaney as the acting director of the CFPB.
    [Show full text]
  • The Future of the Internet (For PDF)
    TODAYS PREDICTIONS FOR TOMORROWS INTERNET JOSH PYORRE (SECURITY RESEARCHER) ▸ Cisco Umbrella ▸ NASA ▸ Mandiant THE WORLD IS A MAGICAL PLACE THE INTERNET IN THE 70’S THE INTERNET IN THE 70’S SMALL MAPPING OF ASN’S TO THEIR IPS TO GET A SENSE OF SCALE INTERNET SIZES TODAY INTERNET SIZES TODAY POODLE OCTOBER 14, 2014 BUG IN SSL VERSION 3.0 MITM 256 SSL 3.0 REQUESTS < 1 BYTE ENCRYPTED DATA HEARTBLEED APRIL 7, 2014 BUG IN OPENSSL BUFFER OVER-READ CLIENTS AND SERVERS POST DATA IN USER REQUESTS SESSION COOKIES/PASSWORDS PRIVATE KEYS YAHOO, IMGUR, STACK OVERFLOW, DUCKDUCKGO, PINTREST, REDDIT, AKAMAI, GITHUB, AMAZON WEB SERVICES, INTERNET ARCHIVE, SOUNDCLOUD, TUMBLR, STRIPE, ARS TECHNICA, SPARKFUN, PREZI, SOURCEFORGE, BITBUCKET, FREENODE, WIKIPEDIA, WUNDERLIST, LASTPASS AND A LOT MORE REVERSE HEARTBLEED AFFECTS MILLIONS OF APPS CAN READ CLIENT MEMORY HP SERVER APPS, FILEMAKER, LIBREOFFICE, LOGMEIN, MCAFEE, MSSQL, ORACLE PRODUCTS, PRIMAVERA, WINSCP, VMWARE PRODUCTS, DEBIAN, REDHAT, LINUX MINT, UBUNTU, CENTOS, ORACLE LINUX, AMAZON LINUX, ANDROID, AIRPORT BASE STATIONS, CISCO IOS, JUNIPER FIRMWARE, IPCOP, PFSENSE, DD-WRT ROUTER FIRMWARE, WESTERN DIGITAL DRIVE FIRMWARE… AND A LOT MORE SHELLSHOCK SEPT 14, 2014 BASH IS USED IN INTERNET-FACING SERVICES CGI WEB SERVERS OPENSSH SERVERS DHCP CLIENTS BASH IS USED IN INTERNET-FACING SERVICES PROCESSES REQUESTS ATTACKER CAN SEND EXTRA DATA SECURE HASHING ALGORITHM 3B260F397C573ED923919A968A59AC6B2E13B52D = I HOPE THIS PRESENTATION ISN'T BORING SHA-1 ▸ Dates back to 1995 ▸ Known to be vulnerable to theoretical
    [Show full text]
  • Effective Crisis Response Communication and Data Breaches: a Comparative Analysis of Corporate Reputational Crises
    Michael Schonheit s2135485 Master’s Thesis 02/10/2020 Effective Crisis Response Communication and Data Breaches: a comparative analysis of corporate reputational crises Master’s Thesis Crisis and Security Management Table of Contents 1 1 Introduction 2 Literature Review 2.1 Placing data breaches within the cybersecurity discourse 6 2.2 Paradigm Shift: From Prevention to Mitigation 10 2.3 Data breach by Hacking: A Taxonomy of Risk Categories 12 2.4 Economic and reputational Impact on organizations 15 2.5 Theoretical and empirical communication models for data breaches 16 3 Theoretical Framework 3.1 Organizational Crises: An introduction to framing and perceived responsibility 21 3.2 Attribution Theory and SCCT 23 3.3 Crisis Types and Communication Response Strategies 24 3.4 Intensifying Factors: Crisis Severity, Crisis History, Relationship Performance 25 3.5 Communication Response Strategies 27 3.6 SCCT Recommendations and Data Breaches 30 3.7 SCCT and PR Data Breaches by Hacking 32 4 Methodology 4.1 Operationalizing SCCT in the Context of Data Breaches 35 4.2 Stock Analysis and News Tracking: Assessing cases on varying degrees of reputation recovery 36 4.3 Refining the Case Selection Framework and the Analysis Process 40 4.4 Intra-periodic Analysis and Inter-periodic Analysis 43 5 Analysis 5.1 Narrowing the Scope: Building the Comparative Case Study 44 5.2 Statistical Recovery: Stock and Revenue Analysis 49 5.3 News Media Tracking and Reputation Index Scores 58 6 Discussion 6.1 Intra-periodic Analysis: Assessing Organizational Responses 72 6.2 Inter-periodic analysis: Verifying the Initial Propositions 74 7 Conclusions 77 8 Appendix 79 9 Bibliography 79 1.
    [Show full text]
  • 1:17−Cv−02534−TJK
    Case 1:17-cv-02534-TJK Document 49 Filed 01/12/18 Page 1 of 120 APPEAL,TYPE−D U.S. District Court District of Columbia (Washington, DC) CIVIL DOCKET FOR CASE #: 1:17−cv−02534−TJK ENGLISH v. TRUMP et al Date Filed: 11/26/2017 Assigned to: Judge Timothy J. Kelly Jury Demand: None Cause: 28:2201 Declaratory Judgment Nature of Suit: 890 Other Statutory Actions Jurisdiction: U.S. Government Defendant Plaintiff LEANDRA ENGLISH represented by Deepak Gupta Deputy Director and Acting Director, GUPTA WESSLER PLLC Consumer Financial Protection Bureau 1900 L Sreet, NW Suite 312 Washington, DC 20036 (202) 888−1741 Email: [email protected] LEAD ATTORNEY ATTORNEY TO BE NOTICED Daniel Townsend GUPTA WESSLER PLLC 1900 L Street NW Suite 312 Washington, DC 20036 202−888−1741 Fax: 202−888−7792 PRO HAC VICE ATTORNEY TO BE NOTICED Joshua Matz GUPTA WESSLER PLLC 1900 L Sreet, NW Suite 312 Washington, DC 20036 202−888−1741 Fax: 202−888−7792 PRO HAC VICE ATTORNEY TO BE NOTICED Rachel S. Bloomekatz GUPTA WESSLER PLLC 1148 Neil Avenue Columbus, OH 43201 202−888−1741 Fax: 202−888−7792 PRO HAC VICE ATTORNEY TO BE NOTICED 1 Case 1:17-cv-02534-TJK Document 49 Filed 01/12/18 Page 2 of 120 V. Defendant DONALD JOHN TRUMP represented by Brett A. Shumate in his official capacity as President of the U.S. Department of Justice United States of America Civil − Federal Programs Branch 950 Pennsylvania Ave. Washington, DC 20530 202−514−2331 Email: [email protected] LEAD ATTORNEY ATTORNEY TO BE NOTICED Matthew Joseph Berns U.S.
    [Show full text]
  • MBM GO Invite-Events For
    Calendar of Events Arte String Ensemble Landau Murphy, Jr. Nov. 16, 10:30am, Center Court Nov. 17, 2pm-4:30pm, Center Court Join us for an unforgettable performance by one of the area’s most The Winner of NBC’s hit television show America’s Got Talent, will talented musical ensembles. perform for the first time at Meadowbrook Mall with a FREE concert. Through his rise to fame, his message to fans has always been to never give up and dream big. Landau will be available after the performance to meet attendees, pose for photographs, and sign autographs. All events are subject to change or cancellation without notice due to Ribbon Cutting Celebration celebrity’s schedule. Arrive early! Meeting time with the celebrity is not guaranteed, and the line to meet celebrity may close prior to the anticipated appearance time so celebrity Nov. 16, 11am, Center Court may depart promptly at 4:30pm, if necessary. Be our guest as we officially cut the ribbon and celebrate the new look and feel of Meadowbrook Mall. Enjoy our latest additions including new flooring, skylights, soft seating areas and a new The Amazing Spider-Man outside dining area. Celebrate with us for a weekend full of entertainment, giveaways Nov. 17, 2pm-6pm, Elder-Beerman Court and celebrity appearances! Don’t miss the Renovation Rain fireworks show on Everyone’s favorite wall crawling superhero will make an appearance Saturday at 9pm. Presented by Pyrotechnics by Presutti, Inc. at Meadowbrook Mall. Meet the amazing Spider-Man! Bring your camera and arrive early! Miss West Virginia, Miranda Harrison ™ & © 2013 Marvel & Subs.
    [Show full text]
  • UPDATE: Who's the Boss at the CFPB?
    Legal Sidebari UPDATE: Who’s the Boss at the CFPB? Valerie C. Brannon Legislative Attorney Jared P. Cole Legislative Attorney January 11, 2018 Update: On January 10, 2018, the U.S. District Court for the District of Columbia denied Leandra English’s request for a preliminary injunction, ruling that the Federal Vacancies Reform Act (Vacancies Act) authorized the President to appoint Mick Mulvaney to serve as the Acting Director of the CFPB. Since the Sidebar below was originally published, English filed an amended complaint and moved for a preliminary injunction on substantially similar grounds to those described below. In rejecting her motion, the district court held that because the provision of the Dodd-Frank Act that authorizes the Deputy Director to serve as the Acting Director when the Director is absent or unavailable did not expressly displace the Vacancies Act, the Vacancies Act remained available and authorized the President to fill the position. English had also argued that even if the Vacancies Act generally would allow the President to appoint an Acting Director, because Mulvaney is also the head of the Office of Management and Budget, an agency housed directly under the White House, he may not head an independent agency like the CFPB. But the judge rejected this argument, noting that no such restriction could be found in the text of the Dodd-Frank Act. The district court ultimately denied the request for a preliminary injunction because English had failed to show either a likelihood of success on the merits or that she would suffer irreparable injury absent relief.
    [Show full text]
  • Software Bug Bounties and Legal Risks to Security Researchers Robin Hamper
    Software bug bounties and legal risks to security researchers Robin Hamper (Student #: 3191917) A thesis in fulfilment of the requirements for the degree of Masters of Law by Research Page 2 of 178 Rob Hamper. Faculty of Law. Masters by Research Thesis. COPYRIGHT STATEMENT ‘I hereby grant the University of New South Wales or its agents a non-exclusive licence to archive and to make available (including to members of the public) my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known. I acknowledge that I retain all intellectual property rights which subsist in my thesis or dissertation, such as copyright and patent rights, subject to applicable law. I also retain the right to use all or part of my thesis or dissertation in future works (such as articles or books).’ ‘For any substantial portions of copyright material used in this thesis, written permission for use has been obtained, or the copyright material is removed from the final public version of the thesis.’ Signed ……………………………………………........................... Date …………………………………………….............................. AUTHENTICITY STATEMENT ‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis.’ Signed ……………………………………………........................... Date …………………………………………….............................. Thesis/Dissertation Sheet Surname/Family Name : Hamper Given Name/s : Robin Abbreviation for degree as give in the University calendar : Masters of Laws by Research Faculty : Law School : Thesis Title : Software bug bounties and the legal risks to security researchers Abstract 350 words maximum: (PLEASE TYPE) This thesis examines some of the contractual legal risks to which security researchers are exposed in disclosing software vulnerabilities, under coordinated disclosure programs (“bug bounty programs”), to vendors and other bug bounty program operators.
    [Show full text]
  • A Survey of Consumer Protections Throughout North Carolina's Identity Theft Protection Act
    Campbell Law Review Volume 42 Issue 1 Winter 2020 Article 7 2020 Protecting Personal Data: A Survey of Consumer Protections Throughout North Carolina's Identity Theft Protection Act James H. Ferguson III Follow this and additional works at: https://scholarship.law.campbell.edu/clr Recommended Citation James H. Ferguson III, Protecting Personal Data: A Survey of Consumer Protections Throughout North Carolina's Identity Theft Protection Act, 42 CAMPBELL L. REV. 191 (2020). This Comment is brought to you for free and open access by Scholarly Repository @ Campbell University School of Law. It has been accepted for inclusion in Campbell Law Review by an authorized editor of Scholarly Repository @ Campbell University School of Law. Ferguson: Protecting Personal Data: A Survey of Consumer Protections Throug Protecting Personal Data: A Survey of Consumer Protections Throughout North Carolina's Identity Theft Protection Act ABSTRACT "Data is the pollutionproblem of the information age, andprotecting privacy is the environmental challenge."' You trade it every day. In a technologically-evolved world, our per- sonal data has become a form of currency in the digitalmarketplace. Who is responsiblefor protecting that data? What happens when it is compro- mised? This Comment conducts a descriptive assessment of North Caro- lina's data breach notification law, exploring the legislative history of the Identity Theft Protection Act and comparing the consumer protections found therein to those offered in other states' statutory schemes. Addition- ally, this Comment evaluates the extent to which a statutorily requiredrea- sonable security standard comports with consumer protections, and their competitive interplay with businesses' economic interests. A B STRAC T ...........................................................................................19 1 IN TRO DU CTION ....................................................................................192 I.
    [Show full text]
  • Examining How System Administrators Manage Software Updates
    Keepers of the Machines: Examining How System Administrators Manage Software Updates Frank Li Lisa Rogers Arunesh Mathur University of California, Berkeley University of Maryland Princeton University [email protected] [email protected] [email protected] Nathan Malkin Marshini Chetty University of California, Berkeley Princeton University [email protected] [email protected] ABSTRACT While prior studies have investigated how end users deal with soft- Keeping machines updated is crucial for maintaining system secu- ware updates [18,19,22,30 –32,35,40,45,46,49,50], there has been rity. While recent studies have investigated the software updating less attention on system administrators, whose technical sophisti- practices of end users, system administrators have received less at- cation and unique responsibilities distinguish them from end users. tention. Yet, system administrators manage numerous machines for Industry reports and guides on administrator patching exist (e.g., their organizations, and security lapses at these hosts can lead to Sysadmin 101 [41]), but these lack peer-review and transparent rig- damaging attacks. To improve security at scale, we therefore also orous methods. Prior academic work on system administrators is need to understand how this specific population behaves and how to often dated and focuses on aspects of administrator operations other help administrators keep machines up-to-date. than updating (e.g., on general tools used [11]) or specific technical (rather than user) updating aspects. Given the critical role that sys- In this paper, we study how system administrators manage software tem administrators play in protecting an organization’s machines, updates. We surveyed 102 administrators and interviewed 17 in- it behooves us to better understand how they manage updates and depth to understand their processes and how their methods impact identify avenues for improved update processes.
    [Show full text]