Header graphic for print
Steptoe Cyberblog

Category Archives: Data Breach

Subscribe to Data Breach RSS Feed

European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)

Posted in Data Breach, European Union, International, Security Programs & Policies

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR. At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope. These guidelines should help provide a common interpretation of… Continue Reading

Episode 224 with Duncan Hollis: Do we need an international “potluck” cyber coalition?

Posted in China, Data Breach, International, Privacy Regulation

I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand… Continue Reading

The Final Countdown – The EU General Data Protection Regulation

Posted in Data Breach, European Union, Privacy Regulation

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading

GDPR: Belgium sets up new Data Protection Authority

Posted in Data Breach, European Union, International, Privacy Regulation

On 10 January, the Belgian Gazette published the Law of 3 December 2017 “setting up the authority for data protection” (the Law). The Law is the first legal text in Belgium applying various provisions of the EU’s General Data Protection Regulation (GDPR). Under the GDPR, EEA Member States must provide for one or more independent… Continue Reading

European Commission Keeps Up Pressure On GDPR

Posted in Data Breach, European Union, International, Privacy Regulation

The EU General Data Protection Regulation (GDPR) will apply to businesses operating in the EU from 25 May 2018 – in 100 days’ time. Senior Commissioners Ansip (Digital Single Market) and Jourová (Justice) yesterday announced guidelines and other materials to “facilitate a direct and smooth application of the new data protection rules across the EU [and beyond]… Continue Reading

The Cyberlaw Podcast — Interview with Shane Harris

Posted in China, Data Breach, Government Contracts, Security Programs & Policies

Episode 198 — Interview with Shane Harris It turns out that the most interesting policy story about Kaspersky software isn’t why the administration banned its products from government use. It’s why the last administration didn’t.  Shane Harris is our guest for the podcast, delving into the law and politics of the Kaspersky ban.  Along the way,… Continue Reading

The Cyberlaw Podcast — Interview with David Ignatius

Posted in China, Cybersecurity and Cyberwar, Data Breach, International

Episode 193:  David Ignatius and The Quantum Spy We celebrate the holiday season by interviewing David Ignatius, Columnist and Associate Editor at The Washington Post and the author of multiple spy thrillers, including his most recent, The Quantum Spy.  David and I discuss themes from the book, from quantum computing to ethnic and gender tensions… Continue Reading

The Cyberlaw Podcast — Discussion with Michael Sulmeyer and Nicholas Weaver

Posted in Cybersecurity and Cyberwar, Data Breach

Episode 192: Discussion with Michael Sulmeyer and Nicholas Weaver With the Texas church shooting having put encryption back on the front burner, I claim that Apple is becoming the FBI’s crazy ex-girlfriend in Silicon Valley — and offer the tapes to prove it. When Nick Weaver rises to Apple’s defense, I point out that Apple responded… Continue Reading

The Cyberlaw Podcast – Interview with United States Representative Tom Graves

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Episode 189: Hack Back in Black: Interviewing United States Representative Tom Graves about the ACDC act. Today’s bonus episode is an interview with Rep. Graves, co-sponsor of the Active Cyber Defense Certainty (ACDC) Act, which allows those whose networks are under persistent attack to leave their network to conduct investigative action. Rep. Graves offers a… Continue Reading

The Cyberlaw Podcast – Interview with Mårten Mickos

Posted in Data Breach, Security Programs & Policies

Episode 185: The Midnight Basketball of Cybersecurity This episode features an interview with Mårten Mickos, the CEO of HackerOne. HackerOne administers bug bounty and vulnerability disclosure programs for a host of private companies as well as DOD’s “Hack the Pentagon” program. He explains how such programs work, how companies and agencies typically get started (with “vulnerability disclosure”… Continue Reading

The Cyberlaw Podcast – Bonus Episode

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

Episode 182: Attribution of Cyberattacks Episode 182 features a panel of experts on attribution of cyberattacks. I moderated the panel at the Georgia Tech 15th Annual Cyber Security Summit in Atlanta on September 27, 2017.  Panel members included Cristin Goodwin of Microsoft, Rob Knake of the Council on Foreign Relations, Hannah Kuchler of the Financial Times,… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in Data Breach, International

Episode 181: Equifax and the Upside of Nation-State Cyberattacks Was the Equifax breach a nation-state attack? Nick Weaver parses the data, and I explore the surprising upside for Equifax if it was. Twitter comes to Capitol Hill to talk Russian election interference; it goes home with a flea in its ear and plenty of homework… Continue Reading

Interview with Jeanette Manfra

Posted in Data Breach, Security Programs & Policies

Episode 179: Interview with Jeanette Manfra Our interview is with Jeanette Manfra, DHS’s Assistant Secretary for Cyber Security and Communications. We cover her agency’s binding directive to other civilian agencies to purge Kaspersky software from their systems, and her advice to victims of the Equifax breach (and to doctors who think that Abbott Labs’ heart implants… Continue Reading

Interview with Rebecca Richards and Elizabeth Goitein

Posted in Data Breach, International, Privacy Regulation

Episode 178: The Evil Dolphin Episode The Cyberlaw Podcast kicks off a series exploring section 702 – the half-US/half-foreign collection program that has proven effective against terrorists while also proving controversial with civil liberties groups.  With the program due to expire on December 31, we’ll examine the surveillance controversies spawned by the program. Today, we… Continue Reading

Steptoe Cyberlaw Podcast – Interview with David Aitel

Posted in Data Breach, International

Episode 176: Governments to Internet: STFU Everybody’s a critic, and everybody’s a censor, at least if you judge by today’s episode: Maury Shenk tells us the European Court of Justice will soon rule on its authority to censor what Americans read. Markham Erickson discusses the Ninth Circuit decision upholding national security letter gag orders. And Maury says… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Data Breach, International, Security Programs & Policies

Episode 171.  Implants in the Kremlin’s Snack Machines? Our guest, Ellen Nakashima, was coauthor of a Washington Post article that truly is a first draft of history, though not a chapter the Obama administration is likely to be proud of.  She and Greg Miller and Adam Entous chronicle the story of Russia’s information operations attack… Continue Reading

Steptoe Cyberlaw Podcast – News Roundup

Posted in Data Breach, International, Security Programs & Policies

Episode 170 This week’s episode is a news roundup without interview.  We lead with the Senate’s overwhelming adoption of unexpectedly tough Russia sanctions along with the Iran sanctions bill.  The mainstream press has emphasized that the bill will lock the Obama sanctions into legislation, but Anthony Rapa explains that the bigger story is just how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kevin Mandia

Posted in Cybersecurity and Cyberwar, Data Breach, International

Episode 166 is the interview that goes with episode 165’s news roundup, released separately to ensure the timeliness of the news. In episode 166, we interview Kevin Mandia, the CEO and Board Director of FireEye, an intelligence-led security company.  FireEye recently outed a new cyberespionage actor associated with the Vietnamese government.  Kevin tells us how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Tim Maurer

Posted in Data Breach, International, Security Programs & Policies

Episode 164: Stewart on the Road to Tarsus Episode 164 features Stewart Baker’s startling change of heart on the question of cyberspace norms. Credit goes to our interview guest, Tim Maurer, Fellow and co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace. And perhaps as well to Brian Egan, former Legal… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Nicholas Weaver

Posted in Data Breach, International, Privacy Regulation

Episode 159: Interview with Nicholas Weaver Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute.  It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a… Continue Reading