Header graphic for print
Steptoe Cyberblog

Tag Archives: privacy

Steptoe Cyberlaw Podcast – Interview with Glenn Gerstell

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

What is the most surprising discovery a law firm partner makes when he jumps to the National Security Agency?  I direct that and other questions at Glenn Gerstell, who has just finished six months in the job as General Counsel at the National Security Agency. In the news roundup, we begin, of course, with the… Continue Reading

Steptoe Cyberlaw Podcast – Triple Entente Beer Summit II

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

The Second Annual Triple Entente Beer Summit again filled the Washington Firehouse loft with an audience at least as knowledgeable as the panel, which consisted of Ben Wittes, Shane Harris, Stewart Baker, Tamara Cofman Wittes, and Alan Cohn.  The Triple Entente Beer Summit brings together members of the Lawfare, Rational Security, and the Steptoe Cyberlaw podcasts.

Steptoe Cyberlaw Podcast – Interview with David Kris

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

We devote episode 100 to “section 702” intelligence – the highly productive counterterrorism program that collects data on foreigners from data stored on US servers.  What’s remarkable about the program is its roots:  President Bush’s decision to ignore the clear language of FISA and implement collection without judicial approval.  That decision has now been ratified… Continue Reading

Time to Get Serious About Europe’s Sabotage of US Terror Intelligence Programs

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

The intelligence tools that protect us from terrorism are under attack, and from an unlikely quarter. Europe, which depends on America’s intelligence reach to fend off terrorists, has embarked on a path that will sabotage some of our most important intelligence capabilities. This crisis has been a long time brewing, and up to now, the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mark Shuttleworth

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

The NSA metadata program that is set to expire in two weeks was designed to provide early warning of a terror attack planned in a foreign safe haven and carried out inside the United States.  Those are some of the most deadly terror attacks we’ve seen, from 9/11 to Mumbai.  And now Paris. So should… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Kozy and Johannes Gilger

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Gen. Michael Hayden

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Want to see cyber attribution and deterrence in action? In August, a hacker pulled the names of US military personnel and others out of a corporate network and passed them to ISIL. British jihadist Junaid Hussain exulted when ISIL released the names. “They have us on their ‘hit list,’ and we have them on ours… Continue Reading

US-EU Safe Harbor Decision Invalidated: Now What?

Posted in International, Privacy Regulation

Now that the US-EU Safe Harbor has been invalidated by the European Court of Justice (ECJ) in Schrems v. Data Protection Commissioner, the Safe Harbor no longer provides a legal basis for transfers of personal information from the EU to the US.  The ECJ’s press release and the full text of the Schrems decision are available…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Bruce Schneier joins Stewart Baker and Alan Cohn for an episode recorded live in front of an audience of security and privacy professionals.  Appearing at the conference Privacy.Security.Risk. 2015., sponsored by the IAPP and the Cloud Security Alliance, Bruce Schneier talks through recent developments in law and technology. The three of us stare into the pit… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Cyberlaw negotiations are the theme of episode 82, as the US and China strike a potentially significant agreement on commercial cyberespionage and Europeans focus on tearing up agreements with the US and intruding on US sovereignty. Our guest for the episode is Jim Lewis, a senior fellow and director of the Strategic Technologies Program at… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Peter Singer

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

The cyberlaw podcast is back from hiatus with a bang.  Our guest is Peter Singer, author of Ghost Fleet, a Tom Clancy-esque thriller designed to illustrate the author’s policy and military chops.  The book features a military conflict with China that uses all the weapons the United States and China are likely to deploy in… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Andrews

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Our guest for episode 77 is Bruce Andrews, the deputy secretary of the Commerce Department. Alan Cohn and I pepper Bruce with questions about export controls on cybersecurity technology, stopping commercial cyberespionage, the future of the NIST cybersecurity framework, and how we can get on future cybersecurity trade missions, among other things. In the news… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Annie Antón and Peter Swire

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 76 of the podcast features the power couple of privacy and cybersecurity, Peter Swire and Annie Antón, both professors at Georgia Institute of Technology.  I question them on topics from the USA FREEDOM Act to the enduring gulf between writing law and writing code. In the news roundup, as our listeners have come to… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Casey

Posted in Blockchain, Cybersecurity and Cyberwar, International, Privacy Regulation

Hip Hop Summit at Graceland: Michael Casey and Digital Money Bitcoin and the blockchain – how do they work and what do they mean for financial and government services and for consumers? And who holds massive stores of bitcoin that can’t be spent without solving one of the great financial mysteries of our time?  Our… Continue Reading

New EU Data Protection Law: Are We There Yet?

Posted in International, Privacy Regulation, Security Programs & Policies

EU data protection (privacy) law is changing, albeit slowly.  After three years of intense discussions behind the scenes, the Council, the last of the EU institutions to reveal its hand, has finally managed to adopt a negotiating position on the General Data Protection Regulation or GDPR.  Three-way talks with the Commission and Parliament are confirmed… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jason Brown

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 69 is Jason Brown, the Assistant to the Special Agent in Charge of the Cyber Intelligence Section at the US Secret Service.  We talk about the Secret Service’s Electronic Crimes Task Forces and their critical role in investigating data breaches affecting financial institutions, retailers and other companies.  We also discuss how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Julian Sanchez

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guests for Episode 68 include Julian Sanchez, senior fellow at the CATO Institute where he studies issues at the busy intersection of technology, privacy, and civil liberties, with a particular focus on national security and intelligence surveillance. They also include the entire May meeting of ISSA- NOVA, which kindly invited the Cyberlaw Podcast to… Continue Reading

Steptoe Cyberlaw Podcast – Triple Entente Beer Summit

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, PCLOB, Security Programs & Policies

The Triple Entente Beer Summit was a great success, with an audience that filled the Washington Firehouse loft and a cast that mashed up Lawfare, Rational Security, and the Steptoe Cyberlaw Podcast.  We attribute the podcast’s freewheeling interchange to the engaged audience, our profound respect for each other, and, mostly, the beer. We begin by… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 65 would be ugly if it weren’t so much fun.  Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.”  And that’s pretty much how the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mary DeRosa

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 64 of the Cyberlaw Podcast is Mary DeRosa, the chief lawyer for the National Security Council during the early years of the Obama Administration, and now a Distinguished Visitor at Georgetown University Law Center.  We ask Mary to walk us through a hypothetical set of NSC meetings on the Sony breach… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dr. Andy Ozment

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 58 of the Cyberlaw Podcast, our guest is Andy Ozment, who heads the DHS cybersecurity unit charged with helping improve cybersecurity in the private sector and the civilian agencies of the federal government.  We ask how his agency’s responsibilities differ from NSA’s and FBI’s, quote scripture to question his pronunciation of ISAO, dig… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Alexander Klimburg

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In this week’s episode of the Cyberlaw Podcast, I take our new mobile recording equipment to Paris to talk about Europe’s cybersecurity directive with Alex Klimburg, of the Hague Institute for Strategic Studies and the Harvard Kennedy School’s Belfer Center.  The directive is in its final stages after a two-year buildup, and the most recent… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Rebecca Richards

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, PCLOB, Privacy Regulation, Security Programs & Policies

In this week’s episode, our guest is Rebecca Richards, NSA’s director of privacy and civil liberties.  We ask the tough questions:   Is her title an elaborate hoax or is she the busiest woman on the planet?  How long will it be before privacy groups blame the Seattle Seahawks’ loss on NSA’s policy of intercepting everything? … Continue Reading

Why Tort Liability Won’t Produce Good Cybersecurity

Posted in Data Breach, Security Programs & Policies

Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. Those who see tort law as… Continue Reading