Category Archives: Communications Law

PUC Creates New Office of Cybersecurity Compliance and Oversight

puc_sealSeptember 20, 2018 the Pennsylvania Public Utility Commission (PUC) announced the appointment of Michael C. Holko, of Dauphin County, as the Director of the Office of Cybersecurity Compliance and Oversight (OCCO), a new position created by the PUC to direct the Commission’s cybersecurity and regulatory oversight program in helping to ensure that the Commonwealth’s regulated utilities are protected from cyber-attacks and ensuring adequate, safe and reliable public utility service to consumers.

“We are pleased to add Michael to our PUC team as he joins us in this most critical position,” said PUC Chairman Gladys M. Brown at Public Meeting.  “The creation of our new Office of Cybersecurity Compliance and Oversight is the next important step in the Commission’s continued efforts to protect Pennsylvania utility customers from experiencing disruption of utility services and other vital systems and services we depend on.”

Holko’s experience includes positions at the state’s Office of Administration’s Bureau of Personnel, the state’s Office of the Budget, the Pennsylvania Justice Network and most recently as a program manager at the state’s Office of Administration, Office for Information Technology.  Holko received his bachelor’s and master’s degrees from Slippery Rock University.  He resides in Harrisburg.

As the Director of the Office of Cybersecurity Compliance and Oversight, Holko will advise the Executive Director and Commissioners on policy issues and procedural improvements involving cybersecurity oversight functions of regulated utilities; draft proposed cyber-related regulations; and oversee the preparation of orders, rulemakings, policy statements, Secretarial Letters and memoranda related to cybersecurity policies and procedures of those regulated utilities.

Chairman Brown also noted that October is Cybersecurity Awareness Month, and discussed how the PUC is working with utilities, state agencies such as the Pennsylvania Emergency Management Agency (PEMA) and the Governor’s Office of Homeland Security, emergency responders, and other organizations to better prepare for cyber and physical attacks, strengthen critical systems, share information about current and future threats, and ensure that essential services are as resilient as possible. Last summer, those entities joined other stakeholders around the world in EARTH EX 2017, a first-ever transnational exercise to test responses to a large-scale power outage event.

Additionally, Chairman Brown stressed that it is equally important for consumers to review Pennsylvania’s online cybersecurity guide for tips to prevent identity theft, protect passwords, keep children safe online and secure mobile devices and referred utilities to the Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities Guide, published by the PUC and available on its website.

If you or your business have legal questions or concerns regarding communications law, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law

FCC SPEEDS ACCESS TO UTILITY POLES TO PROMOTE BROADBAND, 5G DEPLOYMENT

Access to Poles Must Be Safe, Swift, Predictable, and Affordable

WASHINGTON, August 2, 2018—The Federal Communications Commission (FCC) promoted broadband deployment and competition by speeding the process and reducing the costs of attaching new network facilities to utility poles.FCCRuling

To enable broadband providers to enter new markets and deploy high-speed networks, access to poles must be swift, predictable, safe, and affordable.  Pole access also is essential in the race to deploy fast 5G wireless service, which relies on small cells and wireline backhaul.  An estimated 100,000 to 150,000 small cells will be constructed by the end of 2018, and these numbers are projected to reach 455,000 by 2020 and 800,000 by 2026.

The FCC fundamentally reformed the federal framework governing pole attachments by adopting a process in which the new attacher moves existing attachments and performs all other work required to make the pole ready for a new attachment.  Called “one-touch, make-ready,” (OTMR) this process speeds and reduces the cost of broadband deployment by allowing the party with the strongest incentive—the new attacher—to prepare the pole quickly, rather than spreading the work across multiple parties.

By some estimates, one-touch, make-ready alone could result in approximately 8.3 million incremental premises passed with fiber and about $12.6 billion in incremental fiber capital expenditures.  The process will not apply to more complicated attachments, or above the “communications space” of a pole, where safety and reliability risks are greater, but the Order improves current processes for attachments in these spaces.

The FCC also addressed two forms of state and local regulatory barriers to the deployment of wireline and wireless facilities.  The Report and Order makes clear that the FCC will preempt, on a case-by-case basis, state and local laws that inhibit the rebuilding or restoration of broadband infrastructure after a disaster.  And in a Declaratory Ruling, the FCC made clear that blanket state and local moratoria on telecommunications services and facilities deployment are barred by the Communications Act because they, in the language of Section 253(a), “prohibit or have the effect of prohibiting the ability of any entity to provide any interstate or intrastate telecommunications service.”

Action by the Commission August 2, 2018 by Report and Order and Declaratory Ruling (FCC 18-111).  Chairman Pai, Commissioners O’Rielly, and Carr approving.  Commissioner Rosenworcel approving in part and dissenting in part.  Chairman Pai, Commissioners O’Rielly, Carr, and Rosenworcel issuing separate statements.  WC Docket No. 17-84; WT Docket No. 17-79.

If you or your business have legal questions or concerns regarding communications law, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Energy Law, Real Estate

Online Dating and Relationship Scams

Valentine’s Day is around the corner, but if an online love interest asks you for money, it’s probably a scam.online-dating-scams-3_350

The Federal Trade Commission (FTC) receives thousands of reports each year about romance scammers who create fake online relationships only to rob their victims.

Millions of Americans use dating sites, social networking sites and chat rooms to meet people, but scammers use them too, and eventually the scammers ask for money.

The FTC’s new infographic, developed with the American Bankers Association Foundation, lists common signs of online dating scams and how to handle them.

How to Recognize a Scam

The relationship may not be what you think, especially if your sweetheart:

  • wants to leave the dating site immediately and use personal email or IM
  • claims love in a heartbeat
  • claims to be from the U.S., but is traveling or working overseas
  • plans to visit, but is prevented by a traumatic event or a business deal gone sour

Scammers also like to say they’re out of the country for business or military service.

What You Can Do About It

You may lose your heart, but you don’t have to lose your shirt, too. Don’t wire money to cover:

  • travel
  • medical emergencies
  • hotel bills
  • hospital bills for a child or other relative
  • visas or other official documents
  • or losses from a temporary financial setback

Don’t send money to tide someone over after a mugging or robbery, and don’t do anyone a favor by making an online purchase or forwarding a package to another country. One request leads to another, and delays and disappointments will follow. In the end, your money will be gone along with the person you thought you knew.

Report relationship scams to:

If you or your business have legal questions or concerns regarding computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

BEC Attacks to Exceed $9B in 2018

Business email compromise is projected to skyrocket as attackers adopt sophisticated techniques to dupe their victims.

Business email compromise (BEC) attacks are projected to exceed $9 billion in 2018. The attacks continue to become more sophisticated and fleece more money from U.S. businesses.

How it works

There has been an increase of computer intrusions linked to BEC scams, involving fraudsters impersonating high level executives, sending phishing emails from seemingly legitimate sources, and requesting wire transfers to alternate, fraudulent accounts. In some cases these methods ultimately lead to successful intrusion and unfettered access to their victims’ credentials.

The Internet Crime Complaint Center (IC3) puts BEC attacks in five categories: Bogus Invoice Schemes, CEO Fraud, Account Compromise, Attorney Impersonation, and Data

IC3PressReleaseBanner3

Theft. More information is available from the Federal Bureau of Investigation (FBI) IC3.

Growth Industry

The combination of simplicity and effectiveness have ensured that BEC will continue to be one of the most popular attacks according to a January 18, 2018 Trend Micro report “Delving into the World of Business Email Compromise (BEC).” Researchers analyzed BEC as a cybercriminal operation from January through September 2017, dissecting tools and strategies commonly used in these attacks to predict activity for this year.

The Internet Crime Complaint Center (IC3) puts BEC attacks in five categories: Bogus Invoice Schemes, CEO Fraud, Account Compromise, Attorney Impersonation, and Data Theft. In this case, researchers split them in two: Credential-grabbing and Email-only. Attackers must be proficient in at least one of these methods for the scheme to work, researchers report.

Defending against the scam

Businesses are advised to stay vigilant and educate employees on how to prevent being victimized by BEC scams and other similar attacks. It’s important to know that cybercriminals do not care about your company’s size—the more victims, the better. Additionally, cybercriminals need not to be highly technical as they can find tools and services that cater to all levels of technical expertise in the cybercriminal underground. Here are some tips on how to avoid these scams:

• Employee awareness and education is the first step. Organizations should train employees how to spot phishing attacks.

• Email is often used to perform BEC attacks, relying on deception and social engineering to trick employees into downloading files, visiting websites or providing information. End users should know what to look out for when it comes to email—as even the most convincing BEC attacks typically have telltale signs that can be used to distinguish a legitimate email from a malicious one.

• Verify the legitimacy of fund transfer requests, especially those that involve large amounts. Just because the request seemingly comes from an executive, it does not mean that it is legitimate. If possible, confirm the request directly with the person who sent the request if there is something unusual or suspicious about the request.

• For vendors and suppliers, organizations should verify payment requests and invoices before transferring funds. If the vendor or supplier suddenly provides a different payment location, consider it a red flag and verify the change via a secondary sign-off by company personnel.

• Any request should be verified and challenged. If the request comes in via email, making a phone call or face-to-face discussion with the person making the request to ensure its validity will help mitigate BEC attacks. Use known good telephone numbers, not those in the email.

• Building a culture of security within the organization from top to bottom.

What to do

If you suspect that you have been a victim of a BEC email, report the incident to your company and financial institution immediately.  Also, consider filing a complaint with the IC3 no matter how much the amount.

If you or your business have legal questions or concerns regarding computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Real Estate

Section 508 Gets an Update: New Web Accessibility Guidelines for Government Sites Take Effect January 18

Today, January 18, 2018 new website accessibility requirements (such as screen reader compatibility for hearing and sight impaired) for federal websites became effective. 

The U.S. Access Board in a published final rule updating accessibility requirements for information and communication technology (ICT) covered by Section 508 of the Rehabilitation Act became effective today.

Updated Section 508 Standards for Federal ICT

Section 508 and 255 Refresh with reload iconThe Access Board’s final rule revises and refreshes its standards for information and communication technology in the federal sector covered by Section 508 of the Rehabilitation Act of 1973. The Board’s Section 508 Standards, which were first issued in 2000, apply to ICT developed, procured, maintained, or used by federal agencies. Examples include computers, telecommunications equipment, multifunction office machines such as copiers that also function as printers, software, websites, information kiosks and transaction machines, and electronic documents.

Goals of the Refresh

The Board updated the 508 Standards and 255 Guidelines jointly to ensure consistency in accessibility across the spectrum of information and communication technologies (ICT) covered. Other goals of this refresh include:

  • enhancing accessibility to ICT for people with disabilities;
  • making the requirements easier to understand and follow;
  • updating the requirements so that they stay abreast of the ever-changing nature of the technologies covered; and
  • harmonizing the requirements with other standards in the U.S. and abroad.

Major Changes

The final rule revises both the structure and substance of the ICT requirements to further accessibility, facilitate compliance, and make the document easier to use. Major changes include:

  • restructuring provisions by functionality instead of product type due to the increasingly multi-functional capabilities of ICT;
  • incorporating the Web Content Accessibility Guidelines (WCAG) 2.0 by reference and applying Level A and Level AA Success Criteria and Conformance Requirements to websites, as well as to non-web electronic documents and software;
  • specifying the types of non-public facing electronic content that must comply;
  • requiring that operating systems provide certain accessibility features;
  • clarifying that software and operating systems must interoperate with assistive technology (such as screen magnification software and refreshable braille displays);
  • addressing access for people with cognitive, language, and learning disabilities; and
  • harmonizing the requirements with international standards.

Incorporation of the Web Content Accessibility Guidelines (WCAG)

W3C WCAG 2.0 logoThe final rule incorporates by reference a number of voluntary consensus standards, including WCAG 2.0. Issued by the W3C’s Web Accessibility Initiative, WCAG 2.0 is a globally recognized, technology-neutral standard for web content. The final rule applies WCAG 2.0 not only to web-based content, but to all electronic content. The benefits of incorporating the WCAG 2.0 into the Section 508 Standards and the 255 Guidelines and applying it in this manner are significant. WCAG 2.0 addresses new technologies and recognizes that the characteristics of products, such as native browser behavior and plug-ins and applets, have converged over time. A substantial amount of WCAG 2.0 support material is available, and WCAG 2.0-compliant accessibility features are already built into many products. Further, use of WCAG 2.0 promotes international harmonization as it is referenced by, or the basis for, standards issued by the European Commission, Canada, Australia, New Zealand, Japan, Germany, and France.

If you or your business have legal questions or concerns regarding computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Tech Support Fraudsters to Pay

A federal court ordered that the assets of the operators of an alleged tech support scam be used to reimburse consumers who lost money to the defendants’ scheme.

US District Court ED PAThe U.S. District Court for the Eastern District of Pennsylvania agreed with the FTC, the State of Connecticut, and the Commonwealth of Pennsylvania that the money held by a court-ordered receiver was acquired by the defendants “through fraud and other improper means” and should be used for the benefit of consumer victims.

ftc

The FTC alleged that the defendants used Internet ads and popups that claimed to be from major tech companies like Microsoft and Apple to trick consumers into calling the defendants and buying tech support services.

In May, the Federal Trade Commission (FTC), Connecticut and Pennsylvania announced settlements with Bruce Bartolotta, Click4Support, LLC, Spanning Source LLC, George Saab, Chetan Patel and Niraj Patel as well as Innovazion Inc., Innovazion Research Private Limited, Abhishek Gagneja, and Rishi Gagneja. Under the settlements, the defendants are banned from marketing technical support services and agreed to pay a total of more than $554,000 and to forfeit $1.3 million held by the receiver. The settlements were announced as part of the Operation Tech Trap initiative, an international crackdown of tech support scams announced by the FTC in May.

Consumers who believe they were victims of the tech support services operated by the defendants can file a consumer complaint with the FTC by visiting www.ftccomplaintassistant.gov or by calling (877) 382-4357.

If you or your business have legal questions or concerns regarding computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Did the FCC Just Kill the Internet?

ftc_logo_430Federal Trade Commission (FTC) Acting Chairman Maureen K. Ohlhausen issued the following statement in response to today’s vote by the Federal Communications Commission (FCC) on the Restoring Internet Freedom Order regarding net neutrality:

“The FCC’s action today (December 14, 2017) restored the FTC’s ability to protect consumers and competition throughout the Internet ecosystem. The FTC is ready to resume its role as the cop on the broadband beat, where it has vigorously protected the privacy and security of consumer data and challenged broadband providers who failed to live up to their promises to consumers. In addition, the FCC’s new transparency rules provide additional tools to help ensure that consumers get what they expect from their broadband providers, who will be required to disclose their traffic management practices. The Memorandum of Understanding establishes a framework for FTC-FCC cooperation. Together we will move ahead to protect consumers and help ensure they enjoy the many benefits of online innovation.”

So did the FCC just kill the internet?  Probably not, but time will tell.

If you or your business have legal questions or concerns regarding communications law, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy