Information Security

A Privileged Approach

Blackstone Law Group provides information security, compliance, and related investigative services in a legally privileged context. 

We work hand-in-hand with our affiliate Black Chambers Inc., and our extensive network of partners, to provide a full arsenal of information security services in response to and in compliance with constantly changing legal and regulatory requirements.  These include, among other bespoke services, the following:

  • Risk Assessments 
  • Managed Penetration Testing and Vulnerability Assessment
  • Hyper-intensive Offensive and Defensive Capability Enhancements
  • Information Security Policies and Implementation
  • Data Governance and Classification
  • Incident Response 
  • CISO and Affiliate Services to Comply with the NYS Dep't of Financial Services Cybersecurity Regulation
  • Encryption Implementation (domestically and abroad)
  • Third Party Audit Services 
  • Cybersecurity Awareness Training (updated in lockstep with emerging threats)
  • Trade Secret Protection (both legal and technical in nature)
  • Executive and Board Level Briefings on Cybersecurity Events or Trends of Concern
  • Discrete Investigation of Internal and External Events 
  • Interaction with State and Federal Regulatory Bodies 

Drawing on both technical and legal acumen, we see our role as helping clients navigate overlapping regulatory requirements and information security best practices, without running afoul of either.

Managing the Information Security Risk

Trust in the parties whom you let into your network to document your security posture is critical.  The process of securing a single network or enterprise creates risk – risk that the party assessing your network cannot be trusted with your data, and risk that the documentation or communications concerning vulnerabilities can end up in the wrong hands, whether that be a malicious actor, a competitor, parties to a lawsuit, or the government.  

We manage this risk by affording our clients the protection of attorney-client privilege.  Our analyses, and those of our agent, Black Chambers, are protected from disclosure to any third party, be that an adversary in a litigation or a governmental request.  In practical terms, this means that both the ‘input’ and ‘output’ of our engagements, i.e., your communications to us and our agents and their responses, are covered by privilege and therefore confidential.  

Structuring engagements in this manner allows our clients to be completely candid about their legal concerns and their security posture; and our risk assessments, advice, and remedial actions in kind may be similarly frank.

With the protection of attorney-client privilege surrounding our engagements, clients can rest assured that their most sensitive and business critical data belongs to them and them only, and shall not be disclosed to third parties without their consent.  

We Take Pride in the Protection of Our Data and Your Data

Blackstone Law Group takes its own security posture very seriously.  As the Panama Papers incident and the breach of Panamanian law firm Mossack Fonseca made clear, law firms are frequently in the crosshairs of criminals, and can unintentionally become the soft underbelly of their clients.  Along with our affiliate Black Chambers and our specialized partners, we continually assess and re-assess our security practices.  We understand that our clients’ sensitive data takes many forms, and we view the protection of that data as our solemn obligation.

We are Leaner, Faster, More Economical, and Have Greater Expertise

Unlike other firms that see information security simply as a growing practice area, our lawyers and our affiliates at Black Chambers have a long history in the InfoSec community that spans decades.  Our lawyers and technical personnel speak the same language, and work together day in and  day out.  There is no lag time to ‘get the lawyers up to speed’ on the technical issues surrounding an assessment or investigation.  The combination of legal acumen and information security expertise in this sense results in great efficiencies that, by design, benefit our clients’ bottom line.  

Unlike other firms, we are not beholden to third parties or security product re-sellers.  Because of our long history, we have partners and alliances that span the globe, and can be activated, on an as needed basis, for specific client needs.  

We offer our clients legal expertise, technical expertise, a trusted network, and peace of mind.  We love what we do, and because of this there is no question that we offer our clients more for less. 

 


OMNI: DNS Policing from Detection to Takedown

OMNI is Blackstone Law Group’s full circle solution to policing the domain name space.

Domain abuse is a cybersecurity blind spot.

OMNI gives an organization full situational awareness of DNS-based threats on the open and deep web, together with in-house expertise to execute legal and ethical takedowns. Provided under the protection of legal privilege, OMNI utilizes a unique methodology to identify domains — and subdomains — that could be used to aback or compromise an organization.

OMNI is a full circle solution: from detection to removal.

DNS intelligence is under-utilized.

Done properly, DNS intelligence can yield actionable and world-wide data on a range of topics, including misinformaton, market saturaton, concepts and business models under development, and compettor intelligence.

Our OMNI intelligence platform has been featured in the media (AP, NY Times, Washington Post, VICE, et al.) for effectively identifying misinformation campaigns relating to the midterm elections and federal officials. OMNI has also been featured and noted for garnering actionable intelligence related to blockchain proliferation and the identification of contraband opioid sales on the open web.

OMNI Identifies Threats Below the Surface Level.

Unregulated and untraceable, subdomains present advanced and serious threats. Subdomains of high-risk findings are investigated for configurations indicating fraud.

Every day, we scour the domain name system to identify newly weaponized domains and subdomains used in advanced spearphishing attacks against hundreds of organizations worldwide, for the sale and distribution of counterfeit materials, and the dissemination of copyrighted or confidential content.

This data is stored in a private repository against which we scan daily for threats to our clients.

OMNI is also able to identify commonalities.

Analyses facilitate assessments of domains under common control of a group of bad actors, allowing for the takedown of multiple domains through a single UDRP proceeding. Such consolidated enforcement efforts save tens of thousands of dollars in legal, investigative, and arbitration fees, per filing, and may potentially save hundreds of thousands of dollars per year.

Full Circle Services.

OMNI offers a marked advantage over competitors’ services with a full suite of solutions from detection to takedown, including brand protection, typosquatting identification, homographic identification, permutation identification, subdomain identification, phishing / malware protection, threat identification, in-house simultaneous takedown (UDRP), and DNS intelligence function, all at a fixed price.

And all analyses and communications are protected by legal privilege. This critical point is extremely important to any organization that is highly regulated or could potentially be involved in litigation with respect to data breaches or consumer privacy issues.

Blackstone offers OMNI at competitive pricing options. Please This email address is being protected from spambots. You need JavaScript enabled to view it. us to discuss.

 

Related Practices

Internet Governance

Policy decisions concerning the structure, mechanics, and organization of the Internet can have tremendous import for businesses large and small. Working with and through the international multi-stakeholder bodies responsible for Internet governance, our lawyers have helped clients understand and indeed shape the future of the Internet.

Starting in 2011, when ICANN's new generic Top-Level Domain program was in its nascent form, our lawyers have advised clients on the implications of expanding the Internet beyond the .com universe.

On behalf of Fortune 500 clients, our lawyers regularly advised and lobbied many different ICANN constituent bodies, such as the Governmental Advisory Committee and Intellectual Property Constituency, on such important matters are trademark protection, rights protection mechanisms, and effective methods of domain name dispute resolution. In one form or another, we advised, negotiated associated services agreements, and prosecuted approximately 200 gTLD applications submitted to ICANN.

Unlike traditional lawyers, we draw not only on legal but also technical backgrounds, and therefore have corresponding experience with matters involving the Internet Engineering Task Force (IETF), and the ability to interact with often-overlooked components of ICANN such as the Security and Stability Advisory Committee (SSAC) and the Root Server System Advisory Committee (RSSAC), whose deliberations throughout 2016 could have far-reaching implications for companies interested in submitting new or additional gTLD applications.

 

Domain Names Law

For Domainers and Brand Owners

With information security expertise and significant investigatory experience, we bring added firepower to the table when domain name disputes occur. We have successfully retrieved fraudulently acquired and hijacked domain names that were transferred internationally by employing thorough and forensically sound evidence collection processes. Once collected, we have successfully presented our findings to general counsels, lawyers, and TEACs at both the losing and gaining registrar, and have assisted clients navigate ICANN’s Transfer Undo Request Form (TURF) processes when necessary.

Our long experience and rich understanding of the Domain Name System (DNS) translates well to both the enforcement and defensive sides of Uniform Domain Name Dispute Resolution Policy (UDRP) proceedings, Uniform Rapid Suspension (URS) proceedings, and national Dispute Resolution Proceedings (DRPs). On the one hand, we assist brand owners to manage and maintain their domain name portfolios and protect against trademark dilution, counterfeits, typo-squatting, and other headaches and maladies; on the other hand, we protect domainers from the zealous over-enforcement and misuse of legal proceedings to ensure the value of domains and portfolio as a whole are realized.

Within our trusted network of clients and partners, we also help domainers monetize and utilize domain names in a clean, legal, and efficient manner by securing short and long-term leasing of traffic. We help our clients accomplish revenue generation without resort to dubious tactics, such as pay-per-click revenue and trademark infringement, that could jeopardize ownership of domains.

For Registrars and Potential Registrars

Complementing our Internet Governance practice, our lawyers bring a wealth of experience to our practice of domain name law.

We help entities obtain ICANN registrar accreditation and assist them to navigate this arcane process from start to finish. We draft registrar accreditation application responses that are fully compliant with ICANN’s registrar accreditation agreement and all relevant registrar specifications, including business plans, customer service overviews, domain name registration projections.

Utilizing a trusted network of providers for back-end technical services and data escrow, we also streamline the negotiation and contracting process with third parties that are critical to a successful application. Finally, we hand-tailor every ICANN-required policy necessary for registrars to apply for accreditation and operate thereafter, including registrar-registrant agreements, privacy policies, terms of use, abuse reporting procedures, and emergency response protocols.

Once accredited, we actively support our clients and manage third parties to ensure registrar operations ‘go live’ in a timely fashion, and act as transfer emergency action contact (TEAC) once operational.

Cryptocurrencies

Combining several decades of experience in financial services industries, information security, government enforcement, compliance, and securities regulation, Blackstone Law Group has emerged as a natural leader with regard to blockchain technologies, and the launch, use, and regulation of cryptocurrencies in the United States and abroad.

We help our clients from start to finish, often operating as a de facto general counsel to nascent organizations. We assist in areas such as the formation of entities and special purpose vehicles in the United States, Singapore, Caribbean, and elsewhere; we assist with capital raises, investor agreements, memoranda of understanding with founders and partners, preparation and review of investor pitch decks, and the drafting of cryptocurrency whitepapers.

On the regulatory front, we have provided our clients with Howey analyses to determine whether a particular cryptocurrency project would be regulated as a security by the U.S. Securities and Exchange Commission (SEC). Importantly, the filing of registration or exemption paperwork with the SEC turned on the outcome of our analyses and the participation of US investors. With regard to ICOs occurring abroad, we have assisted with protocols – both technical and legal in nature – to wall off US investors from participation.

On the technology front, we assist with the design and implementation of information security features required of cryptocurrencies to remain viable and foster an environment of trust. With high-profile breaches of cryptocurrency repositories occurring all the more frequently – and the costly investor and customer litigation arising from these breaches – we believe that information security should be a priority built into all underlying protocols and operations.

On the commercial front, we help our cryptocurrency clients negotiate and execute agreements with partners that are crucial to all ICOs, such as marketing agencies and development teams. Oftentimes, it is necessary to negotiate these instruments before a capital raise, because increasingly investors require detailed plans with specific milestones for the creation of an ICO’s underlying network, together with a realistic go-to-market strategy.

Alternative Fee Arrangements

Because we understand that most organizations seeking to launch a cryptocurrency are not fully capitalized, we have developed flexible fee arrangements that include deferred payments and equity interests. In short, we believe that having our skin in the game benefits all parties, and drives the Blackstone Law Group to work harder and smarter when our mutual successes are tied to each other.

Representative Matters:

We are founding members and general counsel to a cryptocurrency geared towards the film financing industry.

We acted as US counsel to the first cryptocurrency launched out of India.

We are general counsel to a US-based cryptocurrency and offshore hedge fund launching in early 2018.

 

Government Contracts

With experience working for, with and against myriad federal agencies, our attorneys will provide clear and prescient legal counsel during the proposal, administration, and dispute phases of your federal contracts and grants. We will advise you on unsuccessful bids and prosecute protests on your behalf. We will ensure your team’s compliance with ever-expanding statutory and regulatory requirements. And we will resolve outstanding issues to your satisfaction, through negotiation, litigation, mediation, or arbitration, as necessary. 

Our attorneys understand government contracting inside and out. We have legal experience inside the Departments of Defense, Justice, and the Central Intelligence Agency. Our attorneys have represented the United States domestically and internationally in legal proceedings, conferences, and negotiations with foreign governments.

On the contractor side, we have successfully protested unsuccessful bids before the Comptroller General at the Government Accountability Office (GAO). In one such matter, we successfully protested the awards of multi-year, multi-billion-dollar indefinite-delivery/indefinite-quantity contracts by the U.S. Army to competitors of a firm client. Multimax, Inc., et al., B-298249.6, et al., Oct. 24, 2006, 2006 CPD ¶ 165.

Our initial filings have even encouraged agencies to take corrective action voluntarily, saving our clients months of legal expenses and lost revenue. Our attorneys have successfully prosecuted numerous claims before both the Armed Services and Civilian Boards of Contract Appeals (ASBCA/CBCA). For several years, we edited and updated the preeminent legal authority concerning the U.S. Court of Federal Claims.

Litigation

Integrated and efficient, our attorneys have handled major litigation for both global Fortune 50 companies and small businesses, managed multi-district matters spanning years, and have acted as litigation counsel to businesses and investors focusing on finance, art, information security, and privacy.

We have an impeccable track record and experience with sensitive and complex litigation. With particular expertise in matters that involve technology, multi-party mass tort defense coordination, and regulatory frameworks, we work as a multi-disciplinary team to creatively analyze and develop the most effective strategies for our clients.

Having been on the in-house side of the fence, we understand all too well how expensive litigation can be. With this in mind, we aim to control costs for our clients using specialized risk-assessment methodologies and proven litigation-avoidance strategies whenever possible.

 

Appeals

Having served as counsel and amici before the US Supreme Court, and both federal and state courts of appeal, we have deep roots and passion for appellate matters. Our approach to appeals is to combine strategy, philosophy, and efficiency, informing and strengthening all of our practice areas.

Our appellate attorneys have briefed and argued a number of successful appeals in both state and federal courts of appeal. We strive to distill complex legal arguments into clean, concise presentations that are easily digested by appellate bodies. In addition, our appellate experience strengthens us as litigators: we brief and argue constitutional and other complex legal issues in trial courts and assist in ensuring that legal arguments are well developed and preserved for appeal.

On appeal, our attorneys have successfully represented D. E. Shaw, MetLife, and Kroll Associates, as well as POWs held captive during the First Gulf War and a Nigerian immigrant who was facing deportation. Published appellate opinions include:

      • Parietti v. Wal-Mart Stores, Inc., 140 A.D.3d 1039 (2d Dep't 2016) (granting Wal-Mart's motion for summary judgment against plaintiff in a matter involving a slip-and-fall in a Wal-Mart store) 
      • Blumenstein v. Waspit Group, Inc., 2016 N.Y. App. Div. Lexis 4925 (1st Dep't 2016) (unanimous reversal of lower court entitling client to immediate judgment under CPLR 3213 on a valuable promissory note used to secure loan to a technology company) 
      • Castiglione v. Kruse, 130 A.D.3d 957, 15 N.Y.S.3d 360 (2d Dep’t 2015) (reversing lower court’s ruling that pedestrian was not entitled to summary judgment on the issue of liability) 
      • Jones v. Attorney General of U.S., 397 Fed.Appx. 831 (3d Cir. 2010) (reversing the Board of Immigration Appeals because the board did not apply the proper level of deference to the decision of alien’s Immigration Judge) 
      • Estate of Lois Mancini v. American International Group, Inc., A-3180-08T1 (N.J. Super. Ct. App. Div., Mar 30, 2010) (affirming grant of summary judgment based on appellants’ repeated failure to comply with discovery order and appellants’ failure to demonstrate that “exceptional circumstances” existed in support of their motion to extend discovery) 
      • Boccardi Capital Systems, Inc. v. D.E. Shaw Laminar Portfolios, L.L.C., 355 Fed.Appx. 516 (2d Cir. 2009) (affirming dismissal of complaint seeking $68 million for breach of contract in failing to pay appellant his share of profits gained in purchase of stock in casino because confidentiality agreement did not bar respondent’s purchase and sale of stock) 
      • Republic of Iraq v. Beaty, 556 U.S. 848, 129 S.Ct. 2183, 173 L.Ed.2d 1193 (2009) (representing US servicemembers and civilians captured and tortured by Saddam Hussein and Iraqi Intelligence during the first Gulf War in opposition to the Republic of Iraq and the US Dep’t of Justice) 
      • Simon v. Republic of Iraq, 529 F.3d 1187 (D.C.Cir. 2008) ­(reversing lower court on grounds that neither § 1083 of the National Defense Authorization Act nor President Bush’s waiver under § 1083(d) thereof deprives the courts of jurisdiction over cases brought by former POWs for the torture they endured in captivity at the hands of the Iraqi regime during the 1990–91 Gulf War) 

 

Our attorneys have also acted as counsel to Former District Attorneys Robert Morgenthau, Gil Garcetti, and E. Michael McCann on an amicus brief to the Supreme Court of the United States seeking certiorari on the appeal of an inmate on Alabama’s death row whose conviction rested on testimony that was at odds with evidence never shared with the defense.

 

Global Compliance

With in-house experience at the Chief Compliance Officer level, together with our backgrounds in intelligence, defense, and litigation, we provide clear advice and legal risk assessments about the scope and enforcement of regulations that affect international businesses.

Firsthand Experience

Our attorneys have built, from the ground up, worldwide compliance programs integrating crucial components such as anti-money laundering, anti-corruption, whistleblowing, data security, and privacy. As with all of our practices, we employ a multi-disciplinary approach to building effective and tailored compliance programs.

Unique Talent, Reducing Risk and Complexity

Drawing on diverse and complementary skillsets in information security, forensic analyses, litigation, and compliance, allows us to assist companies with internal and external compliance or whistleblowing investigations in lean and cost-effective manners. Other law firms would have to contract with two or three separate parties or vendors to achieve the same basic skillsets that we retain in-house.

Our structure reduces the risk that of an information leak and at the same time reduces complexity. This is especially important given the cross-border nature of business conduct and investigations, often requiring companies to make strategic and coordinated responses among business components and multiple parties.