Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Monthly Archives: July 2007

iPhone Security Flaw — First of Many With Nextgen Phones?

Posted in Cyber and National Security

Posted by Lance Koonce

We can’t say we weren’t warned.

Experts have been saying for years that as cell phone technology advanced, so would the risk of security problems (see, e.g., “Ten Dangerous Claims About Smart Phone Security“, at  We’ve already seen purported “hacks” of celebrity phones like that of Paris Hilton, although that was allegedly pulled off in part through an old-fashioned con of a phone company employee.

Now comes a report in today’s New York Times that a team of consultants working for working for Independent Security Evaluators has discovered a flaw in Apple’s iPhone that could potentially allow a hacker to take “complete control” over the phone remotely.  The flaw is described in detail at the ISE website.  Given the amount of information that can be stored on an iPhone, this represents a serious risk.   More coverage here.... Continue Reading

Think You’re Safe?

Posted in Technology

Posted by Angela Kang and Jennifer Small

The latest RSA Monthly Fraud Report warns of a new “plug-and-play” phishing kit that can install a phishing site within two seconds. Creating a phishing site is now as easy as installing a “.exe” file. If that doesn’t ring any alarm bells, McAfee Avert Labs reports a 784% increase in phishing sites in the first quarter of 2007, with no slowdown in sight.... Continue Reading

The REAL ID Act: The First Step Away from the Abyss?

Posted in Policy and Regulatory Positioning

Posted by Ronald London

First it was Maine and then Montana and Washington, and now concerns have come full circle as opponents of the REAL ID Act in the newly Democrat-controlled Senate have taken the first concrete steps toward retrenchment against adoption of a de facto national identification card. A recent floor debate over a massive immigration bill saw preservation of an amendment sponsored by Senators Baucus and Tester that would prohibit the identifications cards to be required by the REAL ID Act from being mandated as the document required for employment verification. Senators Baucus and Tester, both Democrats, are both from Montana, the first state to adopt a law refusing the implement the REAL ID Act (Maine was the first to adopt a resolution opposing the law, and others have followed suit, but Montana was the first to adopt a law in this regard).... Continue Reading

Watching Them Watching Us

Posted in Healthcare, Marketing and Consumer Privacy

Posted by Thomas Jeffry

An interesting development from the American Medical Association is worth noting.

The AMA House of Delegates met in Chicago at the end of June where it received a report previously requested by that group’s governing body on the medical and ethical implications of the use of implantable radio frequency identification (RFID) microchips in humans. Use of RFID chips were approved for use in humans by the Food & Drug Administration in 2004. Similar versions of such chips are commonly used to tag pet dogs and cats for identification purposes. ... Continue Reading

OCC Approves National Bank Investment in Fraud Prevention Company

Posted in Financial Services

Posted by Peter Mucklestone and Jim Young

The Office of the Comptroller of the Currency (OCC) recently issued an Interpretive Letter (the “Letter”), which concludes that national banks have the authority under 12 U.S.C. § 24(Seventh) to make a noncontrolling investment in a certain limited liability company (the “Investee LLC”) that sells fraud prevention, identity verification, credential validation and payment/deposit risk services (the “Investee Activities”) to financial institutions, credit card issuers, check acceptance companies, brokerage firms, mutual fund companies, retailers, governmental agencies and others. 12 U.S.C. § 24(Seventh) contains a broad grant of authority allowing national banks to engage activities that are incidental to the "business of banking."... Continue Reading