With all of the hype and hyperbole surrounding bitcoin and the dizzying array of press coverage, it can be hard for companies to know where to start in evaluating the potential risks involved in making bitcoin a part of their business. Law360 published an article this week in which I make sense of it all –… Continue Reading
In our sixth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss: This Week in NSA: Transparency reports disclose Foreign Intelligence Surveillance orders and telephony metadata program is not tracking as much as previously thought Target breach update: hackers got in through HVAC contractor and Senate Judiciary Committee hearing and… Continue Reading
In our fifth episode of the Steptoe Cyberlaw Podcast, Michael Vatis and Jason Weinstein discuss: Potential talks between the US and Snowden if he pleads guilty Senator Leahy’s view of Privacy and Civil Liberties Oversight Board; calls for end to 215 program during Senate hearing with AG; cyber researchers also call for end to program… Continue Reading
In our fourth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Jason Weinstein, and guest commentator Steptoe partner Chris Conte, discuss: Privacy and Civil Liberties Oversight Board issues report Supreme Court grants cert on cell phone searches incident to arrest SEC’s National Examination Program identifies cybersecurity risk as exam priority Verizon transparency report FTC gets… Continue Reading
Almost immediately after the Republican National Committee adopted an error-filled resolution attacking the NSA and its telephone metadata program, current and former GOP officials took a strong stand against the RNC resolution: [T]he RNC resolution threatens to do great damage to the security of the nation. It would be foolhardy to end the program without… Continue Reading
Welcome to the next installment of the new Steptoe Cyberlaw Podcast. In our second episode, Stewart Baker, Michael Vatis, Jason Weinstein, and guest panelist Stephanie Roy predict what the President may say regarding the NSA; discuss the latest update in the Target and Nieman Marcus breaches; and explain the recent net neutrality decision. Download the… Continue Reading
We are pleased to offer a new component of the Steptoe Cyberblog, the Steptoe Cyberlaw Podcast. The podcasts will be a weekly feature of the Cyberblog offering up the commentary and opinions of our authors on the latest events in technology, security, privacy, and government. We hope you enjoy it! Download the first episode (mp3).
Matt Blaze, a well-known public cryptographer and NSA critic, offered what seemed like a modest concession in the relentless campaign against NSA intelligence gathering: The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re a… Continue Reading
I’ve been critical of the claim that European privacy law offers more protection against government surveillance than American law. Apparently not critical enough. An Ars Technica reporter with a pro-privacy inclination decided to seriously investigate using a German email system to get the benefits of European privacy law. His tale of disillusionment revealed three privacy… Continue Reading
I’d like to offer readers a short quiz on judicial independence. Imagine a field where liability is common but damages vary widely — patent law, perhaps, or disability claims. In this field, there is a specialized court that has attracted Congressional and press criticism because it rules for the plaintiff 99% of the time. Stung… Continue Reading
It turns out that at least one Washington mugger is a little too well informed about current affairs: An attempted mugging on Capitol Hill was thwarted Monday night by a quick-thinking victim — one who apparently keeps an eye on national security news. The victim, who weighs a petite 95 pounds, explained to the assailant… Continue Reading
The New York Times recently ran a story arguing that, after the Snowden revelations, Europe would have to build its own cloud computing industry to protect European privacy. I was moved to send the Times a letter in response. The Times edits such letters pretty heavily, so I’m sharing it here: You left some critical… Continue Reading
Officials in the EU often deride the lack of a national data protection authority in the US. It is absurd to suggest that the existence of a national DPA is itself a litmus test for a country’s commitment to privacy protection. Indeed, I would put the US system of constitutional checks and balances and sectoral… Continue Reading
In my first post about NIST’s draft cybersecurity framework I explained its basic problem as a spur to better security: It doesn’t actually require companies to do much to improve their network security. My second post argued that the framework’s privacy appendix, under the guise of protecting cybersecurity, actually creates a tough new privacy requirement… Continue Reading
Following up on my earlier NIST post, it’s fair to ask why I think the NIST Cybersecurity Framework will be a regulatory disaster. After all, as I acknowledged in that post, NIST’s standards for cybersecurity are looking far less prescriptive than business feared. There’s not a “shall” or “should” to be found in NIST’s August… Continue Reading
Business and conservatives have been worried all year about the cybersecurity standards framework that NIST (the National Institute of Standards and Technology) is drafting. An executive order issued early this year, after cybersecurity legislation stalled on the Hill, told NIST to assemble a set of standards to address cyber risks. Once they’re adopted, the order… Continue Reading
All too often, companies that have been victimized by data breaches are being blamed by regulators and class action lawyers for not doing more to prevent the breaches. Now more than ever, companies need to move proactively to manage their risks of a breach, before the breach occurs. Corporate Counsel has published my article on… Continue Reading
Law360 has published my article (subscription required) on data privacy class actions. The article discusses lessons from the first wave of these cases as well as steps companies can take in advance to reduce their litigation risks.
According to Dan Balz’s new book, the Obama campaign had its employees and volunteers log onto the campaign’s “Dashboard” application using their Facebook accounts, which allowed the campaign to see each person’s Facebook friend list. The campaign would then match the friends’ names to other information the campaign had amassed showing which of those friends… Continue Reading
The International Association of Privacy Professionals has published my article on how US cloud providers and the US government can respond to the wave of hypocrisy from the EU over PRISM. The full article can be found here.
I will be testifying today to the full House Judiciary Committee about FISA, NSA and the Snowden flap. You can download my full prepared remarks here. In short I used this opportunity to muse on the resemblance between today and the waning Clinton era; I discuss the (surprisingly short) history of viewing intelligence as a… Continue Reading
In the wake of the leaks about the NSA’s PRISM program and domestic data collection activities, EU officials have, quite predictably, raised alarms that the NSA’s programs pose a grave threat to the privacy of EU citizens. In recent days, European Parliament members have been quoted as calling the NSA programs “shocking” and tantamount to… Continue Reading
With all the controversy surrounding the leaks regarding the PRISM program, there is at least one constituency that is likely rejoicing — Europe-based cloud computing companies. For the past few years, cloud providers in Europe have tried to gain a competitive advantage over US-based providers in the European market by arguing that the Patriot Act… Continue Reading
It seems we can’t go a day without another bombshell in what we can now call the “Snowden Affair.” Many people are calling Edward Snowden a “whistleblower” for leaking two classified intelligence programs. But that term is usually reserved for someone who reveals government lies, law-breaking, or malfeasance. What Snowden revealed, though, are government activities… Continue Reading