This week on Legal RoundUp with MeidasTouch.com‘s Ben  Meiselas of GERAGOS & GERAGOS we cover: Racial Profiling in the enforcement of COVID policy; the DOJ dropping Michael Flynn’s charges ; Federal limitations on COVID-related liability; SCOTUS’ overturning of the Christie/Bridgegate convictions; and our Federal PPP Class Action lawsuits.

#CARES #PPP #COVID-19 #DOJ #triallawyers #bridgegate #scotus #meidastouch

ZPP is proud to represent business consultant AD Sims LLC, along with our colleagues Ben Meiselas and Michael Adler,  in a class action case filed last week in Chicago federal court against Bank of America and other banks for failure to pay  the required borrower’s agent fees under the Federal PPP and CARES Act.  Contact  ZPP attorneys Michael Popok, Mitch Mandell or Michelle Malone for more information.

Click here to view the filed lawsuit.

Along with co-counsel Ben Meiselas of  Geragos & Geragos, APC, we filed a lawsuit earlier this week against DePaul University, exposing the corrupt culture of its Athletics Department.  The story has been covered by various major news sources, including TMZ: DePaul Sued, Accused Of Covering Up ‘Abusive Cult’…In School’s Softball Team.

#FireJLP #DePaul #DePaulAthletics

Click here to view the filed lawsuit.

COVID-19 has put us even more at the mercy of the Internet and the “Internet of Things” (IoT) those Internet-connected home and business devices, from Siri and Alexa to refrigerators, stoves, hot water heaters, HVAC printers and copiers, etc.—that are logged on without one being conscious of the fact.  Stories abound about how we are responding to the COVID-19 crisis with increased use of the Internet for socializing at a distance, working remotely, communicating in new ways, and living and working in an entirely wired yet isolated environment.  In this environment, it is all the more important to mitigate electronic risk.

Risk management is one of the things lawyers do.  Up to now, the law has lagged behind technological change, significantly challenging lawyers seeking to provide the best legal advice.  The national emergency, which gives the President, governors, and mayors significant statutory authorities, including an ability to dispense with cumbersome regulations that they otherwise would not enjoy, may change the legal-technological environment in enduring ways.  Meanwhile, lawyers and their clients should consider how to mitigate risk.

Inadequate cybersecurity security against unwanted intrusions is central to the existing reality.  Tens of millions U.S. employees are working online away from offices where IT systems have better protections than household WiFi systems (at least in theory).  Devices and the servers they access are vulnerable to malicious penetration, manipulation, and worse—theft, assault, defamation to name just three.  The data collected by devices and saved on servers are subject to misuse, commercial sale, and malicious, criminal activity.  In most cases, users lack control over their personal data and what is done with them.

Today’s Internet context has a number of dimensions and sources.  Product developers take advantage of low-cost devices with extraordinarily powerful computer chips to create and market products of all kinds, from automobiles to medical devices of all types, that are connected to the Internet.  New communication technologies provide low-cost or free bandwidth and connectivity to the Internet.  Device users often are unaware of the connection, and the devices and servers they currently access have inadequate security.  Inadvertent error adds to the problem.  The urge to develop new products to meet needs revealed by the COVID-19 Coronavirus or to exploit the pandemic in other, less public-spirited ways, exacerbates the security challenge.

Examples of insecurity abound:  “Zoom bombing,” hacking into video conferences that are not secure, either because of faults in the conferencing protocol or the way users set up the meeting, is the latest hacking fad.  The 2018 Worldwide Threat Assessment of the U.S. Intelligence Community proved prescient.  It  stated that “The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits.”  That is contemporary reality.

Simple steps can help manage risk.  First, one must understand the nature of the problem.  It doesn’t mean becoming a computer scientist, but it does mean acquiring a certain minimal understanding about the systems on which one relies.  With the advent of the personal computer, the development of nanotechnology, and the transition from what started as a U.S. Defense Department research agency’s means of communication among scientists to the ubiquitous living organism we know as the Internet, billions of people acquired the ability to access data and to communicate in ways never before seen.  COVID-19 has vastly increased the number and the use.

Today’s smartphone, a powerful, hand-held compute in its own right, has become central to people’s lives all over the world.  Recent accounts suggest that more than half the U.S. population over the age of 8 owns a smartphone and most have laptops, tablets, and other computers as well.  In addition, a growing number of digitized appliances—TVs, speakers, refrigerators, stoves, home security systems, HVAC systems, automobiles, medical devices, almost anything that can be home to a computer chip—has brought new forms of risks for individuals and companies.  These range from spying on behavior using cameras one may not intend to work, listening in on a conversation by means of a mobile phone acting as a transmitter even though not in use but also not secured in a lead-lined box, and accessing a computer unbeknownst to the owner to theft of personal and financial data, intentional harm to reputations, manipulation of medical devices and records, and almost ubiquitous invasions of what might have been thought to be privacy.  Who now really is king or queen in his or her own castle?

In the United States as elsewhere, companies hold data on the personal habits and identifying information of millions of people.  They therefore risk litigation if they are negligent in the way they protect such information.  In the banking/financial sector the need for vigilant protection of a company’s digital systems is obvious.  The point applies equally to the health care industry.  A pacemaker can be hacked.  COVID-19 test results almost certainly are stored on vulnerable computers and servers, and even HIPPA protections cannot keep them safe.  One can imagine hackers disrupting surgery conducted using robots.

The fundamental reality to understand is that the cyber landscape began with legacy 1960s technologies.  It expanded by orders of magnitude in the following years as chip and communications technologies evolved, and the costs of devices plummeted.  As a result, structural vulnerabilities exist at the foundation of cyber activity.  Users need to take this fact into account as they develop, acquire, and use new software.  Constant vigilance and updating of security protocols and patches are essential to minimize risk.  These measures demand seriousness of purpose, knowledge, and willingness to devote the resources necessary.  Without them, it is difficult rationally to manage risk.  At the same time, users need to be aware that the available security protocols and patches are inadequate and flawed, particularly against sophisticated threats that now come from criminal organizations, foreign states, and their armed forces and other agents.

One way to address the problem is to have your legal team conduct a technology-dependence and security audit for legal risks your institution or company faces.  This audit will include a review of the appropriate information technology processes in place to keep up to date on threats, available patches, and system improvements, and by conducting a thorough review of legal risks associated with technological dependence.  Americans, perhaps more than other groups but certainly as much as citizens of most European and some Asian countries, present an enormous “attack surface”—vulnerabilities resulting from the extensive use of, and dependence on, cyber technologies.  COVID-19 has expanded that attack surface.  As a result, Americans need to take security seriously as a cost of doing business.

Tools are being developed that help measure cyber-related risk.  When developed and deployed, these tools would enable a company, for example, to know what its entire Internet exposure looks like and what value to place on risks to it.  Lawyers can help integrate that kind of information with evaluation of legal liability to enable a client to adopt an informed and robust cybersecurity position.  But remember:  one cannot eliminate risk, only manage it.  To do so requires time, money, and knowledge.

Past notorious cases involving loss of personal data resulted in lawsuits, which usually were settled.  Companies should make prevention the highest technology issue.  Zumpano Patricios & Popok’s senior partners have the in-house expertise and ability to access some of the best cybersecurity experts in the country.  Together, we can help companies identify legal obligations, manage liability by helping establish best practice training programs and conduct ongoing testing for vulnerabilities, and respond to breaches if and when they occur.

As a regular contributor to the new media outlet founded by Ben Meiselas (@meiselasb) MeidasTouch.com and its coverage of business, law, sports, media and politics (and the intersection of all 5,  our Managing Partner, Michael Popok has published a timely thought-piece about the potential effects of the war on Covid-19 on our privacy rights — National Antibody Identification Cards and Smart Phone Apps May Be in Your Future in the Next 30-90 Days

As a regular contributor to the new media outlet MeidasTouch.com and its coverage of business, law, sports and politics (and the intersection of all 4), along with its publisher, Ben Meiselas, our Managing Partner, Michael Popok just published a thought-piece about the constitutionality of a national lockdown–  OPINION: Quarantine and National Lockdown Orders May Not Be Constitutional

As New York’s businesses were already coping with the harsh consequences of COVID-19, Governor Cuomo directed in the “New York On Pause” Executive Order that took effect Sunday, March 22, 2020 at 8 p.m., all businesses and not-for-profit entities in New York State shall reduce the in-person workforce at each business/work location by 100% from pre-state of emergency declaration employment levels. However, the Executive Order provided a carve out for “essential businesses or entities” that are permitted to continue to operate at full employment levels and on-site, as long as CDC COVID-19 health guidelines are followed.

If your business falls into the financial services, hospitality, construction or technology related services industries (such as remote education or tele-health), your business may be considered an essential business. Identifying immediately whether your business falls into this “essential business” category to avoid fines and shut-down orders is critical to keeping your businesses operating and to properly guide your employees.

Businesses in these industries are also specifically considered “essential” under the current but ever changing New York law:

•      Health Care Operations (hospitals, elder care, walk- in-care health facilities, etc.);

•      Infrastructure (utilities, telecommunications, data centers, airports, etc.);

•      Manufacturing (pharmaceuticals, medical equipment, food processing, etc.);

•      Retail (grocery stores, pharmacies, convenience stores, restaurants for take-out and delivery only, etc.);

•      Critical Services (childcare, auto repair, mail and shipping, trash and recycling, etc.);

•      News/Media;
•      Providers of basic necessities to economically disadvantaged populations (homeless shelters, food banks, etc.)

•      Defense (national security-related operations, etc.); and

•      Services necessary to maintain the safety, sanitation and essential operations of residences or other businesses (law enforcement, fire prevention and response, security, etc.).

In addition, the State has created a process under Executive Order 202.6 to permit businesses to submit requests to the Empire State Development Corporation to be deemed an “essential business”.

If you have any question about whether your business falls into one of these exceptions or the PAUSE law in general, or would like assistance with making a request to deem your business as “essential,” please do not hesitate to reach out to Michael S. Popok, Managing Partner, (mpopok@zplaw.com),  or Mitchell G. Mandell, Senior Partner, (mmandell@zplaw.com), to discuss the most appropriate continuity plan for your business during these unprecedented times.