“U.S. Prosecutors to Weigh Criminal Case for McCabe,” The Wall Street Journal, April 20, 2018 A1. The DOJ Inspector General referred the case/matter of former FBI Deputy Director for criminal prosecution over his responses to investigators looking into leaks.
What does it say about the culture of an organization when two of its top officers, both of whom are lawyers, may have lied to federal investigators? And what if that organization’s mission is the investigation of crimes?
How much do we rely on institutions and professionals to provide governance and to stand as examples of compliance? Is that reliance justified?
Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Government, Lawyers, Legal, Requirements
“Comey’s Handling of Memos Is Investigated,” The Wall Street Journal, April 21, 2018 A1.
Apparently, the former head of the FBI (and a lawyer) considers memos he wrote in the course of his employment, about a meeting with his boss in his capacity as an employee, on his employer’s computers, to be personal documents, rather than government documents. I don’t think he learned that at the University of Chicago’s Law School.
Forget, for the moment, whether these contained classified information, the leaking of which would be a crime a well as a violation of the duty of an employee. He decided to transfer these memos to an outside party (a law professor!), so that they would be leaked to the press. Another crime if classified information was involved. But the law professor just became a member of a conspiracy involving the theft of government property.
But think about it from the employer’s point of view. Didn’t Mr. Comey just convert an employer asset into a personal asset? Allegedly, he created these contemporaneously as a business record. Business records belong to the business.
I (another lawyer, mind you) take the view that everything an employee receives or creates in his or her role as an employee is the property of his/her employer. How could a government employee decide to release them to the media in his/her role “‘as a private citizen.'” Does this mean an employee of your company can decide on their own to broadcast your trade secrets, not as an employee, but as a private citizen?
I don’t know what the record is for consecutive days on which one company’s screw-up was on the front page of The Wall Street Journal, but Facebook is in the running.
“U.S., States Step Up Pressure on Facebook,” The Wall Street Journal, March 27, 2018 A1. “[F]ederal regulators [including the FTC] … and 37 state attorneys general demanding explanations for [Facebook’s privacy] practices.” Stock price up 0.4% (when the market was up 669.40 points). Demands/invitations that Zuckerberg (and Google and Twitter) testify before Congress. And Europe hasn’t weighted in yet.
There is also a pop-up that describes FB’s practice of logging some calls and texts from Android phones. Did you (we) know that? Do you know what companies are doing with “your” data? Do you care? Privacy is dead; Facebook investigated as person of interest.
I guess that answers the question of who’s in charge: the Feds and the states. I guess I missed the outrage when essentially the same data was collected and used quite effectively by the Obama campaign.
Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Internal controls, Legal, Oversight, Ownership, Privacy, Protect assets, Requirements, Third parties, Vendors, Who is in charge?
“U.S. Authorities Can Access Data Stored Overseas,” The Wall Street Journal, March 24, 2018 A6. US warrants will soon reach can information stored by US tech companies on cloud servers overseas.
You now need to know what you have and where you have it; now you have to know who you store it with. Saying that you have it in France and can’t turn it over to the FBI isn’t going to work here. Much like telling the French court that you need to turn it over to the US, despite French blocking statutes that forbid that.
In the event of a conflict, who wins? Is that how you know who is in charge? Are you still going to use a cloud service hosted by a US company?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, IT, Privacy, Protect assets
It was bad when the Office of Personnel Management got hacked. Worse, perhaps, overseas.
“German Government Network Was Breached,” The Wall Street Journal, March 1, 2018 A9. Multiple ministries were breached. May have been the Russians. May have been the Chinese. Was it the super-secret stuff? No one knows.
What does it say when the government can’t protect its own information, much less yours?
Where does your vendor store your information? Whose laws apply?
“Justices to Hear Microsoft Case on Email Storage,” The Wall Street Journal, February 27, 2018 B4. Supreme Court to resolve whether a search warrant to a person in the US (Microsoft) can require that person to turn over materials of a non-US person stored outside this jurisdiction. At issue is the Stored Communications Act, passed in 1986, which gives some privacy protection to materials stored online.
This involves both questions of governance (does the US government get to control information stored in, say, France, if within the control of a party in the US? Even though France says the US can’t have it? Does the DOJ get to ignore laws passed by Congress?)) and questions of storage of information. Discovery rules in civil litigation go to things within your possession, custody, or control. Is there any doubt that Microsoft controls where this information is stored? Why would a search warrant be able to get less information than a litigant in a civil case? What happens if Microsoft wins? Who owns the information? Does ownership matter?
If the Court rules for Microsoft, is the issue back with Congress, to further define (or eliminate) our privacy rights?
Does the government need to obey our laws? Must Microsoft protect the rights of non-US citizens?
Filed under Access, Compliance, Controls, Corporation, Duty, Governance, Government, Information, Interconnections, Internal controls, IT, Ownership, Privacy, Protect assets, Security, Third parties
Not sure whether this is more about governance than about information.
“AT&T Thwarted In Focus On Trump,” The Wall Street Journal, February 21, 2018 B1. AT&T wants information on internal government discussions, in order to rebut the government’s attack on the proposed acquisition of/merger with Time Warner. Court says no dice.
On the information point, how much is it worth to get information you don’t have, but suspect will help you? How much is it worth to keep your internal government discussions private?
On the governance point, one governing authority (the Executive Branch) moves to block a transaction, alleging it’s anti-competitive. The parties to the proposed transaction sue for access to the Executive Branch’s internal documents, to demonstrate alleged bias. The Executive Branch says “no.” Another governing authority (the Judicial Branch) also says “no.”
Whose information is it? Who’s in charge (i.e., governing)?