Author Archives: Eddie Block

When is a fraud a “direct” result of computer use?

In an interesting case was brought to my attention today.  In Interactive Communications Int. v. Great American Ins. the court found that the insurance provider did not have to cover losses under Incomm’s “Computer Fraud” policy.

Incomm lost $11+ million when fraudsters were able to duplicate “chits” sold by Incomm.  The chits could then be converted to debit cards.  The fraud was perpetrated using Incomm’s IVR (Interactive Voice Response) computer system.

Now an IVR is a computer system, so a “Computer Fraud” policy should cover fraud perpetrated using a computer, right?  Not  so much…

The policy, according to its terms, covered “loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property…”

So we know that a computer was used in the fraud, but the word the court triggered on was “directly.”

The court accepted that “manipulation of InComm’s computers set into motion” the fraud.  BUT, and this is a BIG BUT, did not directly cause the loss.

Without going too deep into the inner-workings of Incomm’s process, they transferred money to a third-party to hold until the debit card was used at a merchant.  In the court’s opinion, Incomm still had control over the money until it was paid to the merchant, so the loss wasn’t ” immediately and without intervention or interruption” the cause of the loss.

This logic will seem crazy to some and completely sensible to others.  The big takeaway is to review your insurance coverage, talk to your insurance broker, work through an example like this one, and make sure you fully understand what your insurance actually covers.

Coming up for air…

Wow!  What a couple months it’s been.  Obviously I’ve let this blog go a bit stale, so a little update.

GDPR compliance advisory and counseling has been all consuming.  I knew that there would be organizations that were not compliant by the effective date of the GDPR.  What I wasn’t expecting was the sheer number of organizations that only learned about the GDPR in the last few days of May.  The best example of this was the crazy number of “new privacy policy” notices that spammed our inboxes the last couple days of May.

I’m not going to go into a discussion of GDPR.  If you don’t know what it is, take a look at the blog post I did in April 2017 (yes, over a year ago.)

The last few weeks have also been interesting with a couple volunteer groups.  The Computer and Technology section of the State Bar of Texas met in Washington D.C. with Texas members of Congress.  It was good to hear their strong support for security initiatives.  The section also creates “Tech Bytes” which are 5-15 minute videos on numerous security topics.  Take a look.

The American Bar Association’s Privacy and Computer Crime Committee is in the process of updating their International Guide to Cybersecurity.  The original was published in 2004, so it is long overdue.  If you are a InfoSec pro, you might want to take a look.  It is pretty funny to see where we’ve come from where we started.

Those projects combined with a few speaking and panel presentations have made for a busy few months.  It is good to be able to keep my head on work, so busy is good.  .

 

Did this guy just walk away with $50M?

Update:  Nope, he’s just really bad a PR.

Investors and website visitors to the Savedroid ICO (initial coin offering) page were greeted by a Southpark meme that seems to indicate all of their money is gone…

On his twitter feed Yassin Hankir, Founder and CEO of savedroid posted a picture of himself in an airport and holding a beer.  The page is down. Did he just fly away with $50 million worth of investors’ money?

I guess we will have to wait and see, but it looks a lot like the first official ICO scam.  What does this say about the future of cryptocurrency?

Excuse the language and think bigger than Porn

UPDATE:  Tom Scott posted a really great example of this on his YouTube channel.  Please take a look.

Motherboard, an online technology magazine, recently posted an article (excuse the NSFW language) discussing the development of artificial intelligent (AI) to face-swap celebrities into pornographic videos.

Clearly there are significant ramifications to celebrities, who will now have numerous fake pornographic videos online.  There is also a threat of blackmail of adults and kids with this new technology.  All of this is very troubling.

Another concern, which should get everyone thinking, is that this technology will not be limited to pornography.  Like many technologies, the porn industry leads the way.  This technology will eventually find its way into the mainstream.

So what does this mean for the political world?  Will “fake news” really become fake news?  At what point will we no longer be able to trust our own eyes?  Can we put Gandhi and Kim Kardashian into a meeting together discussing the benefits of Kobe beef?

It now seems clear that fake news had an influence on the 2016 elections.  How will we be able to discern fake news when the video evidence is right in front of us?  It will become easier and easier to perform the historical revisionism envisioned by Orwell or simply make up events and statements.

Revenge porn” laws exist to protect individuals from malicious disclosure of intimate activities.  Will AI assisted, fake pornography fall under the same protections?  Will we be able to develop laws or protections that protect the citizenry from AI assisted fake news videos, or will those same videos fall under 1st amendment protections?

I don’t have an answer but, even if I did, would it really be from me…?