Header graphic for print
Steptoe Cyberblog

Category Archives: Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

Steptoe Cyberlaw Podcast – Interview with David Kris

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

We devote episode 100 to “section 702” intelligence – the highly productive counterterrorism program that collects data on foreigners from data stored on US servers.  What’s remarkable about the program is its roots:  President Bush’s decision to ignore the clear language of FISA and implement collection without judicial approval.  That decision has now been ratified… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Amit Ashkenazi

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Our guest is Amit Ashkenazi, whom I interviewed while in Israel.  Amit is Legal Advisor of The Israel National Cyber Bureau and a former general counsel to Israel’s data protection agency.  Israel is drafting its own cybersecurity act, and we discuss what if anything that country can learn from the US debate – and what… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Melanie Teplinsky

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

If there really is another crypto war in Washington, then this week’s podcast features several war correspondents and at least one victim of PTSD.  Our guest is Melanie Teplinsky, former cybersecurity lawyer at Steptoe, adjunct professor at American University’s Washington College of Law, advisory board member for Crowdstrike, and a regular columnist on privacy and… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Lynch

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.  John Lynch is the head of the Justice Department’s computer crime section.  We find more common ground than might be expected but plenty of conflict as well.  I suggest that Sheriff… Continue Reading

Time to Get Serious About Europe’s Sabotage of US Terror Intelligence Programs

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

The intelligence tools that protect us from terrorism are under attack, and from an unlikely quarter. Europe, which depends on America’s intelligence reach to fend off terrorists, has embarked on a path that will sabotage some of our most important intelligence capabilities. This crisis has been a long time brewing, and up to now, the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Senator Tom Cotton

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

How do you graduate as a conservative with two Harvard degrees? We learn this and much more from Sen. Tom Cotton (R-AR), our guest for episode 96 .  We dive deep with the Senator on the 215 metadata program and its USA FREEDOM Act replacement.  We ask what the future holds for the 702 program, one… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Nick Weaver

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

We’re back from hiatus with a boatload of news and a cautiously libertarian technologist guest in Nick Weaver of the International Computer Science Institute in Berkeley.  To start Episode 95 of the podcast, Michael Vatis and I plumb the meaning of the Cyber Security Act’s passage.  The big news?  Apparently Santa is real, state laws… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mike Daugherty

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

With Wyndham’s surrender to the FTC after a brutal court of appeals opinion, the last outpost of resistance to the FTC’s cybersecurity agenda is Mike Daugherty, CEO of LabMD.  Daugherty refused to take the easy road and enter into a consent decree with the FTC to settle its claim that the company’s security was insufficient… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Rod Beckstrom

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 93 is cybersecurity’s Renaissance Man.  Rod Beckstrom started DHS’s National Cybersecurity Center, then headed ICANN; before and after those gigs, he was a Silicon Valley investor and officer in security startups as early as the 1990s and as recently as this year.  Our interview spans Rod’s career and what it has… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima and Tony Cole

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Did China’s PLA really stop hacking US companies for commercial secrets? And does it matter? In episode 92, we ask those questions and more of two experts on the topic ‒ Washington Post reporter Ellen Nakashima, who has broken many stories on PLA hacking, and Tony Cole, the Global Government CTO with FireEye, who has… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mark Shuttleworth

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

The NSA metadata program that is set to expire in two weeks was designed to provide early warning of a terror attack planned in a foreign safe haven and carried out inside the United States.  Those are some of the most deadly terror attacks we’ve seen, from 9/11 to Mumbai.  And now Paris. So should… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Kozy and Johannes Gilger

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ari Schwartz

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

What good is CISA, anyway? Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good.  But what changes, and how much difference will they make to network defenders?  That’s the topic we explore in episode 87… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mikko Hypponen

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth?  That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think).  Mikko is the Chief Research Officer at F-Secure and a… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Gen. Michael Hayden

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Want to see cyber attribution and deterrence in action? In August, a hacker pulled the names of US military personnel and others out of a corporate network and passed them to ISIL. British jihadist Junaid Hussain exulted when ISIL released the names. “They have us on their ‘hit list,’ and we have them on ours… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jack Goldsmith

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog.  Before coming to Harvard, he served as Assistant Attorney General, Office of Legal Counsel and Special Counsel to the Department of Defense.  From cyberespionage to the… Continue Reading

US-EU Safe Harbor Decision Invalidated: Now What?

Posted in International, Privacy Regulation

Now that the US-EU Safe Harbor has been invalidated by the European Court of Justice (ECJ) in Schrems v. Data Protection Commissioner, the Safe Harbor no longer provides a legal basis for transfers of personal information from the EU to the US.  The ECJ’s press release and the full text of the Schrems decision are available…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Bruce Schneier joins Stewart Baker and Alan Cohn for an episode recorded live in front of an audience of security and privacy professionals.  Appearing at the conference Privacy.Security.Risk. 2015., sponsored by the IAPP and the Cloud Security Alliance, Bruce Schneier talks through recent developments in law and technology. The three of us stare into the pit… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Cyberlaw negotiations are the theme of episode 82, as the US and China strike a potentially significant agreement on commercial cyberespionage and Europeans focus on tearing up agreements with the US and intruding on US sovereignty. Our guest for the episode is Jim Lewis, a senior fellow and director of the Strategic Technologies Program at… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Margie Gilbert

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 81 features China in the Bull Shop, as the White House prepares for President Xi’s visit and what could be ugly talks on cyber issues.  Our guest commentator, Margie Gilbert, is a network security professional with service at NSA, CIA, ODNI, Congress, and the NSC.  Now at Team Cymru, she’s able to offer a… Continue Reading

Steptoe Cyberlaw Podcast – Hostfull

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Still trying to dig out from under our hiatus backlog, we devote episode 80 to our regulars.  We’ll bring back a guest next week.  This week it’s a double dose of Jason Weinstein, Michael Vatis, Stewart Baker, and Congress-watcher Doug Kantor. Michael offers an analysis of the Second Circuit’s oral argument in the Microsoft lawsuit… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Peter Singer

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

The cyberlaw podcast is back from hiatus with a bang.  Our guest is Peter Singer, author of Ghost Fleet, a Tom Clancy-esque thriller designed to illustrate the author’s policy and military chops.  The book features a military conflict with China that uses all the weapons the United States and China are likely to deploy in… Continue Reading