For some reason, debates about Snowden are thick on the ground these days, and I’ve joined a couple of them. The most fun was the Oxford Union, which has been preparing future Parliamentarians (and Prime Ministers) all around the British Commonwealth since 1823. The Oxford Union debate was “This House would call Edward Snowden a
Security Programs & Policies
Making sense of Bitcoin
With all of the hype and hyperbole surrounding bitcoin and the dizzying array of press coverage, it can be hard for companies to know where to start in evaluating the potential risks involved in making bitcoin a part of their business. Law360 published an article this week in which I make sense of it all…
Time for a change in the cybersecurity paradigm
Earlier today the Wall Street Journal’s Risk and Compliance Journal published an interview with me and Steve Chabinsky from Crowdstrike about cybersecurity. In the interview, Steve and I make the case that the current paradigm for protecting companies against cyberattacks isn’t working, and that fixing it involves focusing on aligning private sector and…
Are You Prepared for a Data Breach?
I recently spoke to mainjustice.com (subscription required) about how companies can help prepare for a data breach in this “blame the victim” environment. The video of that interview can be found here:
Another Takeaway from TARGET: Are you being targeted through your vendors?
Yesterday TARGET announced that the hackers who committed the breach that has potentially affected as many as 110 million customers gained access to its systems through one of its vendors. Although the details are still emerging as the forensic investigation continues, this early report is a reminder that your vendors can be a potential source…
Republican National Committee draws fire for resolution condemning NSA
Almost immediately after the Republican National Committee adopted an error-filled resolution attacking the NSA and its telephone metadata program, current and former GOP officials took a strong stand against the RNC resolution:
[T]he RNC resolution threatens to do great damage to the security of the nation. It would be foolhardy to end the…
Is the Congressional Response to the Target Breach Off-Target?
In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type. Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard. But if the congressional response focuses entirely on breach notification and…
Tightening the Screws on Chinese Investment
The Committee on Foreign Investment in the United States, or CFIUS, reviews foreign investments for national security risks. It is now beyond doubt that Chinese investment is getting much closer scrutiny from CFIUS. A total of ten transactions failed to survive review in 2012, according to a just-released Treasury report. That may not sound…
The Shorter Matt Blaze: NSA Hacking Is OK, As Long As We Take Away Its Best Hacking Tools
Matt Blaze, a well-known public cryptographer and NSA critic, offered what seemed like a modest concession in the relentless campaign against NSA intelligence gathering:
The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re…
New Controls on Surveillance and Hacking Tools?
The old Cold War export control alliance, now known as the Wassenaar Arrangement, hasn’t exactly been a hotbed of new controls since Russia joined the club. But according to the Financial Times, the 41-nation group is preparing a broad new set of controls on complex surveillance and hacking software and cryptography. I suspect that the…