Security Programs & Policies

The Federal Trade Commission’s (FTC) other foot, I argue, is lodged firmly in its mouth. Tatyana Bolton defends the agency, which released what can only be described as a regulatory blog post in response to the log4j vulnerability, invoking the $700 million in fines imposed on Equifax to threatening “to use its full legal

All the cyberlitigation that didn’t get filed, or decided, over Thanksgiving finally hit the fan last week, and we’re still cleaning up. But first, I have to ask Dave Aitel for sanity check a on Log4Shell.

Does it really deserve a 10 out of 10 for impact? And what does it mean for all

This week we celebrated International Tech Policy Week, which happens every year around this time, when the American policymakers, the American execs who follow them, and the U.S. journalists who report on them all go home to eat turkey with their families and leave tech policy to the rest of the world.

Leading off

Among the many problems with the current social media enthusiasm for deplatforming is this question: What do you do with all the data generated by people you deplatformed?

Facebook’s answer, as you’d expect, is that Facebook can do what it wants with the data, which mostly means deleting it. Even if it’s evidence of

Two major Senate committees have reached agreement on a cyber incident reporting mandate. And it looks like the big winner are the business lobbyists who got concessions from both committees. At least that’s my take. Dmitri Alperovitch says the bill may still be in trouble because of Justice Department opposition. And Tatyana Bolton

We’re joined for this episode by Scott Shapiro, long-time listener and first-time panelist, not to mention our first philosopher. He breaks down the Biden administration sanctions on four offensive cyber firms, most notable the Israeli company, NSO. Imposing Commerce Department “entity list” sanctions on companies from friendly countries for human rights abuses is

In this episode, Dave Aitel and I dig into the new criminal law the House intelligence committee has proposed for workers at intelligence agencies. The proposal is driven by the bad decisions of three intel agency alumni who worked for the UAE, doing phone hacking and other intrusions under the sobriquet of Project

We begin the episode with Michael Ellis taking a close look at the takedown of the ransomware gang. It’s a good story for the good guys, as REvil seems to have been brought down by the same tactic it used against so many of its victims – malware that lingered in the backups

The theme of this episode is a surge of creativity in the Biden administration as it searches for ways to regulate cybersecurity and cryptocurrency without new legislative authority. Paul Rosenzweig lays out the Department of Homeland Security’s entries in the creativity sweepstakes: New (and frankly pretty modest) cybersecurity directives to the rail and air

The Biden administration’s effort to counter ransomware may not be especially creative, but it is comprehensive. The administration is pushing all the standard buttons on the interagency dashboard, including the usual high-level task force and a $10 million reward program (but not including hackback authority for victims, despite headlines suggesting otherwise. And all the