Header graphic for print
Steptoe Cyberblog

Tag Archives: Data security

Steptoe Cyberlaw Podcast – Interview with Davis Hake and Nico Sell

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

Episode 145:  What Donald Trump and “Occupy Wall Street” have in common We interview two contributors to CSIS’s Cybersecurity Agenda for the 45th President.  Considering the track record of the last three Presidents, it’s hard to be optimistic, but Davis Hake and Nico Sell offer a timely look at some of the most pressing policy… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Frank Cilluffo

Posted in Cybersecurity and Cyberwar, Data Breach

The episode features a vigorous and friendly debate between me and Frank Cilluffo over his Center’s report on active defense, titled “Into the Gray Zone.”  It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University.  My fear: the report creates gray zones for computer defense that should not… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robert Silvers

Posted in Blockchain, Cybersecurity and Cyberwar, International, Security Programs & Policies

Our guest for the episode is Rob Silvers, the assistant secretary for cybersecurity policy at DHS.  He talks about what the government can and should do about newly potent DDOS attacks and the related problem of the Internet of Things.  The only good news: insecure debrillators and pacemakers may kill you, but they haven’t yet been… Continue Reading

Data Portability under EU GDPR: A Financial Services Perspective

Posted in International, Privacy Regulation

Philip Woolfson and I wrote an article for PL&B International about data portability, a new requirement of data protection law which will be introduced when the European Union General Data Protection Regulation (GDPR) applies on May 25, 2018.  Under this new regulation, data subjects have acquired a right to data portability (RDP). This article looks… Continue Reading

An EU General Data Protection Guide for the Insurance and Financial Services Sector

Posted in International, Privacy Regulation

To help prepare for the application of the European regulation on the protection of individuals with regard to the processing of personal data and on the free movement (the EU General Data Protection Regulation or GDPR), which will enter into force on May 25, 2018, Guy Soussan, Philip Woolfson, and I authored a commentary on the GDPR… Continue Reading

Steptoe Cyberlaw Podcast – The Grugq

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

(Groucho) Marxism and Red Lines in Cyberspace In episode 133, our guest is The Grugq, famous in hacker circles but less so among Washington policymakers.  We talk about the arrest of an NSA employee for taking malware and other classified materials home, the Shadow Broker leak of Equation Group tools, and the Grugq’s view that… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Matt Cutts and Lisa Wiswell

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

A record-setting insecurity week. Our interview in episode 131 is with Matt Cutts and Lisa Wiswell from the Pentagon’s Defense Digital Service.  Matt joined the Digital Service from Google where he authored their SafeSearch content filter.  Lisa is a bureaucracy hacker with the Defense Digital Service and previously spent years working on cyber-warfare in DOD’s… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Hammersla and Brian White

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 126 – The podcast goes to the conventions If Vladimir Putin can do it, so can we. This week the podcast dives deep into the US presidential campaign. I of course talk with Maury Shenk about evidence that the Russians are behind “Guccifer 2.0” and the DNC data leak – aided by a Wikileaks… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jeremy and Ariel Rabkin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In the news roundup, Michael Vatis covers Microsoft’s surprising Second Circuit victory over the Justice Department in litigation over a warrant for data stored in Ireland.  The hidden issue in that case was data localization – the same issue driving the Justice Department’s new legislative proposal to allow foreign nations to obtain information from US… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s news roundup is dominated by the Ninth Circuit and the European Union. The EU parliament has approved the Privacy Shield that replaces the Safe Harbor. Michael Vatis, Alan Cohn and I ask whether companies should seek protection under what may prove to be a pretty leaky Shield. And the EU has approved cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Edward Snowden criticizes Russia’s mass surveillance law, and a Russian official retaliates by outing him ‒ as a Russian intelligence source.  Silent Circle, the phone company that built its marketing on fear and loathing of the NSA, is nearing bankruptcy. And members of the dominant European Parliament faction are asking the Commission, “Hey! How come… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up with Paul Rosenzweig

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

European hypocrisy on data protection is a lot like the weather.  Everyone complains about it but no one does anything about it.  Until today. In episode 120, we announce the launch of the Europocrisy Prize.  With the support of TechFreedom, we’re seeking tax deductible donations for a prize designed to encourage the proliferation of Schrems-style litigation,… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Kozy and Johannes Gilger

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would… Continue Reading

US-EU Safe Harbor Decision Invalidated: Now What?

Posted in International, Privacy Regulation

Now that the US-EU Safe Harbor has been invalidated by the European Court of Justice (ECJ) in Schrems v. Data Protection Commissioner, the Safe Harbor no longer provides a legal basis for transfers of personal information from the EU to the US.  The ECJ’s press release and the full text of the Schrems decision are available…. Continue Reading

The GitHub Attack and Internet Self-defense

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In an earlier post I talked about how the Chinese government has used its “Great Firewall” censorship machinery on an expanded list of targets – from its own citizens to ordinary Americans who happen to visit Internet sites in China.  By intercepting the ad and analytics scripts that Americans downloaded from Chinese sites, the Chinese… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Andrews

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Our guest for episode 77 is Bruce Andrews, the deputy secretary of the Commerce Department. Alan Cohn and I pepper Bruce with questions about export controls on cybersecurity technology, stopping commercial cyberespionage, the future of the NIST cybersecurity framework, and how we can get on future cybersecurity trade missions, among other things. In the news… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Casey

Posted in Blockchain, Cybersecurity and Cyberwar, International, Privacy Regulation

Hip Hop Summit at Graceland: Michael Casey and Digital Money Bitcoin and the blockchain – how do they work and what do they mean for financial and government services and for consumers? And who holds massive stores of bitcoin that can’t be spent without solving one of the great financial mysteries of our time?  Our… Continue Reading

New EU Data Protection Law: Are We There Yet?

Posted in International, Privacy Regulation, Security Programs & Policies

EU data protection (privacy) law is changing, albeit slowly.  After three years of intense discussions behind the scenes, the Council, the last of the EU institutions to reveal its hand, has finally managed to adopt a negotiating position on the General Data Protection Regulation or GDPR.  Three-way talks with the Commission and Parliament are confirmed… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Julian Sanchez

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guests for Episode 68 include Julian Sanchez, senior fellow at the CATO Institute where he studies issues at the busy intersection of technology, privacy, and civil liberties, with a particular focus on national security and intelligence surveillance. They also include the entire May meeting of ISSA- NOVA, which kindly invited the Cyberlaw Podcast to… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Geer

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 67 is Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel.  We review Dan’s recommendations for improving computer security, including mandatory reporting of intrusions, liability for proprietary software, striking back at hackers, at least in some ways, and getting the government to purchase and fix vulnerabilities.  We agree… Continue Reading

Treasury Sanctions on Cyber Attackers

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

The executive order allowing the President to impose OFAC sanctions on hackers is good news.  I’ve been calling on the government for several years to go beyond attribution to retribution.  See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate.  Similar sentiments were expressed in a 2013 report… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Alexander Klimburg

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In this week’s episode of the Cyberlaw Podcast, I take our new mobile recording equipment to Paris to talk about Europe’s cybersecurity directive with Alex Klimburg, of the Hague Institute for Strategic Studies and the Harvard Kennedy School’s Belfer Center.  The directive is in its final stages after a two-year buildup, and the most recent… Continue Reading

Why Tort Liability Won’t Produce Good Cybersecurity

Posted in Data Breach, Security Programs & Policies

Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. Those who see tort law as… Continue Reading