Header graphic for print
Steptoe Cyberblog

Category Archives: Data Breach

Subscribe to Data Breach RSS Feed

Second Annual Triple Entente Beer Summit

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Next  Thursday, February 18, from 6:00 pm – 9:00 pm, Alan Cohn and I will be speaking at the “2016 Triple Entente Beer Summit” at the Old Engine 12 Firehouse Restaurant (1626 North Capitol Street Northwest, Washington, DC).  This will be the second annual live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational… Continue Reading

Steptoe Cyberlaw Podcast – Interview with David Kris

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

We devote episode 100 to “section 702” intelligence – the highly productive counterterrorism program that collects data on foreigners from data stored on US servers.  What’s remarkable about the program is its roots:  President Bush’s decision to ignore the clear language of FISA and implement collection without judicial approval.  That decision has now been ratified… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Melanie Teplinsky

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

If there really is another crypto war in Washington, then this week’s podcast features several war correspondents and at least one victim of PTSD.  Our guest is Melanie Teplinsky, former cybersecurity lawyer at Steptoe, adjunct professor at American University’s Washington College of Law, advisory board member for Crowdstrike, and a regular columnist on privacy and… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Lynch

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.  John Lynch is the head of the Justice Department’s computer crime section.  We find more common ground than might be expected but plenty of conflict as well.  I suggest that Sheriff… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Senator Tom Cotton

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

How do you graduate as a conservative with two Harvard degrees? We learn this and much more from Sen. Tom Cotton (R-AR), our guest for episode 96 .  We dive deep with the Senator on the 215 metadata program and its USA FREEDOM Act replacement.  We ask what the future holds for the 702 program, one… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mike Daugherty

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

With Wyndham’s surrender to the FTC after a brutal court of appeals opinion, the last outpost of resistance to the FTC’s cybersecurity agenda is Mike Daugherty, CEO of LabMD.  Daugherty refused to take the easy road and enter into a consent decree with the FTC to settle its claim that the company’s security was insufficient… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Rod Beckstrom

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 93 is cybersecurity’s Renaissance Man.  Rod Beckstrom started DHS’s National Cybersecurity Center, then headed ICANN; before and after those gigs, he was a Silicon Valley investor and officer in security startups as early as the 1990s and as recently as this year.  Our interview spans Rod’s career and what it has… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mark Shuttleworth

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

The NSA metadata program that is set to expire in two weeks was designed to provide early warning of a terror attack planned in a foreign safe haven and carried out inside the United States.  Those are some of the most deadly terror attacks we’ve seen, from 9/11 to Mumbai.  And now Paris. So should… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Kozy and Johannes Gilger

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ari Schwartz

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

What good is CISA, anyway? Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good.  But what changes, and how much difference will they make to network defenders?  That’s the topic we explore in episode 87… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mikko Hypponen

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth?  That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think).  Mikko is the Chief Research Officer at F-Secure and a… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jack Goldsmith

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog.  Before coming to Harvard, he served as Assistant Attorney General, Office of Legal Counsel and Special Counsel to the Department of Defense.  From cyberespionage to the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Bruce Schneier joins Stewart Baker and Alan Cohn for an episode recorded live in front of an audience of security and privacy professionals.  Appearing at the conference Privacy.Security.Risk. 2015., sponsored by the IAPP and the Cloud Security Alliance, Bruce Schneier talks through recent developments in law and technology. The three of us stare into the pit… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Cyberlaw negotiations are the theme of episode 82, as the US and China strike a potentially significant agreement on commercial cyberespionage and Europeans focus on tearing up agreements with the US and intruding on US sovereignty. Our guest for the episode is Jim Lewis, a senior fellow and director of the Strategic Technologies Program at… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Margie Gilbert

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 81 features China in the Bull Shop, as the White House prepares for President Xi’s visit and what could be ugly talks on cyber issues.  Our guest commentator, Margie Gilbert, is a network security professional with service at NSA, CIA, ODNI, Congress, and the NSC.  Now at Team Cymru, she’s able to offer a… Continue Reading

Steptoe Cyberlaw Podcast – Hostfull

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Still trying to dig out from under our hiatus backlog, we devote episode 80 to our regulars.  We’ll bring back a guest next week.  This week it’s a double dose of Jason Weinstein, Michael Vatis, Stewart Baker, and Congress-watcher Doug Kantor. Michael offers an analysis of the Second Circuit’s oral argument in the Microsoft lawsuit… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Peter Singer

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

The cyberlaw podcast is back from hiatus with a bang.  Our guest is Peter Singer, author of Ghost Fleet, a Tom Clancy-esque thriller designed to illustrate the author’s policy and military chops.  The book features a military conflict with China that uses all the weapons the United States and China are likely to deploy in… Continue Reading

The GitHub Attack and Internet Self-defense

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In an earlier post I talked about how the Chinese government has used its “Great Firewall” censorship machinery on an expanded list of targets – from its own citizens to ordinary Americans who happen to visit Internet sites in China.  By intercepting the ad and analytics scripts that Americans downloaded from Chinese sites, the Chinese… Continue Reading

Steptoe Cyberlaw Podcast – Atlantic Council Panel

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Bonus Episode 78:  Dmitri Alperovitch, Harvey Rishikof, Stewart Baker, and Melanie Teplinsky debate whether the United States should start doing commercial espionage I know, I know, we promised that the Cyberlaw Podcast would go on hiatus for the month of August.  But we also hinted that there might be a bonus episode.  And here it… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Andrews

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Our guest for episode 77 is Bruce Andrews, the deputy secretary of the Commerce Department. Alan Cohn and I pepper Bruce with questions about export controls on cybersecurity technology, stopping commercial cyberespionage, the future of the NIST cybersecurity framework, and how we can get on future cybersecurity trade missions, among other things. In the news… Continue Reading

Does Your CEO Know What’s Keeping You Up at Night?

Posted in Cybersecurity and Cyberwar, Data Breach

Security Magazine’s Security Talk interviewed us on how we help clients navigate cybersecurity issues.  In the article, “Does Your CEO Know What’s Keeping You Up at Night?,” we discuss how a company’s ability to weather a cyber attack depends in part on the decisions the company makes both before a breach occurs and in the immediate… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Annie Antón and Peter Swire

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 76 of the podcast features the power couple of privacy and cybersecurity, Peter Swire and Annie Antón, both professors at Georgia Institute of Technology.  I question them on topics from the USA FREEDOM Act to the enduring gulf between writing law and writing code. In the news roundup, as our listeners have come to… Continue Reading