Data Breach

Subscribe to Data Breach

For the first time in twenty years, the Justice Department is finally free to campaign for the encryption access bill it has always wanted.  Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced the Lawful Access To Encrypted Data Act. (Ars Technica, Press Release) As Nick

This is the week when the movement to reform Section 230 of the Communications Decency Act got serious. The Justice Department released a substantive report suggesting multiple reforms. I was positive about many of them (my views here). Meanwhile, Sen. Josh Hawley (R-MO) has proposed a somewhat similar set of changes in his

Our interview with Ben Buchanan begins with his report on how artificial intelligence may influence national and cybersecurity. Ben’s quick takes: better for defense than offense, and probably even better for propaganda. The best part, in my view, is Ben’s explanation of how to poison the AI that’s trying to hack you

Nick Weaver and I debate Sens. Graham and Blumenthal’s EARN IT Act, a proposal to require that social media firms follow best practices on preventing child abuse. If they don’t, they won’t get full Section 230 immunity from liability for recklessly allowing the abuse. Nick thinks the idea is ill-conceived and doomed to fail. I think there’s a core of sense to the proposal, which simply asks that Silicon Valley firms who are reckless about child abuse on their networks pay for the social costs they’re imposing on society. Since the bill gives the attorney general authority to modify the best practices submitted by a commission of industry, academic, and civic representatives, critics are sure that the final product will reduce corporate incentives to offer end-to-end encryption.


Continue Reading Episode 298: Bill Barr as Bogeyman

Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances the state attorney general’s enforcement authority of the data breach notification law, and introduces data security requirements for the first time. The Shield Act was passed by the New York Legislature in June. The Act goes into effect on October 23, 2019, with the exception of the Act’s data security requirements, which go into effect on March 21, 2020.
Continue Reading New York Adopts New Data Breach Law, Including Data Security Requirements

Today, I interview Frank Blake, who as CEO brought Home Depot through a massive data breach. Frank’s a former co-clerk of mine, a former Deputy Secretary of Energy, and the current host of Crazy Good Turns, a podcast about people who have found remarkable, even crazy, ways to help others. In

We kick off Episode 267 with Gus Hurwitz reading the runes to see whether a 50-year Chicago winter for antitrust plaintiffs is finally thawing in Silicon Valley. Gus thinks the predictions of global antitrust warming are overhyped. But he recognizes we’re seeing an awful lot of robins on the lawn: The rise of Margrethe Vestager in the EU, the enthusiasm of state AGs for suing Big Tech, and the piling on of Dem presidential candidates and the House of Representatives. Judge Koh’s Qualcomm decision is another straw in the wind, triggering criticism from Gus (“an undue extension of Aspen Skiing”) and me (“the FTC needs a national security minder in privacy and competition law”). Matthew Heiman tells me I’m on the wrong page in suggesting that Silicon Valley’s suppression of conservative speech is a detriment to consumer welfare that the antitrust laws should take into account, even in a Borkian world.


Continue Reading Episode 267: “Call me a fascist again and I’ll get the government to shut you up. Worldwide.”

In today’s News Roundup, Klon Kitchen adds to the North Korean Embassy invasion by an unknown group. Turns out some of the participants fled to the US and lawyered up, but the real tipoff about attribution is that they’ve given some of the data they stole to the FBI. That rules out CIA involvement right there.

Nick Weaver talks about Hal Martin pleading guilty to unlawfully retaining massive amounts of classified NSA hacking data. It’s looking more and more as though Martin was just a packrat, making his sentence of nine years in prison about right. But as Nick points out, that leaves unexplained how the Russians got hold of so much NSA data themselves.

Paul Hughes explains the seamy Europolitics behind the new foreign investment regulations that will take effect this month.


Continue Reading Episode 257: How we know the North Korean Embassy break-in wasn’t the work of the CIA

In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to US cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of a few years.


Continue Reading Episode 249: Black swans, black ops, BlackCube, and red herrings

Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of