BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Court Rules Email Accounts are Fair Game for Hackers

From: security curmudgeon <jericho () attrition org>
Date: Tue, 16 Oct 2012 16:47:40 -0500 (CDT)

http://www.securitybistro.com/blog/?p=2608

Court Rules Email Accounts are Fair Game for Hackers
Posted on October 16, 2012 by Anthony M. Freed

Did you think your private correspondence stored by email providers like 
Google and Yahoo is safe from unauthorized access? Think again. In a 
devastating blow to privacy and the sanctity of proprietary data, the 
South Carolina Supreme Court has ruled that such data in not protected by 
the Stored Communications Act (SCA).

In a landmark decision, the Court ruled that online email services do not 
fit the definition of "electronic storage" as spelled out by the SCA, and 
are therefore fair game for hackers and snoops. The decision was handed 
down last Wednesday in a lawsuit filed against a woman who had 
surreptitiously gained unauthorized access to an email account belonging 
to Lee Jennings, the plaintiff in the case.

Under the SCA, electronic storage is defined as "any temporary, 
intermediate storage of a wire or electronic communication incidental to 
the electronic transmission thereof" and as being "any storage of such 
communication by an electronic communication service for the purposes of 
backup protection of such communication."

The Justices ruled that since the correspondence in the plaintiff.s emails 
were not created for the purpose of backing up the data, the information 
does not warrant protection from intrusion under the Act.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: