Header graphic for print
Steptoe Cyberblog

Category Archives: Data Breach

Subscribe to Data Breach RSS Feed

The Cyberlaw Podcast — Discussion with Michael Sulmeyer and Nicholas Weaver

Posted in Cybersecurity and Cyberwar, Data Breach

Episode 192: Discussion with Michael Sulmeyer and Nicholas Weaver With the Texas church shooting having put encryption back on the front burner, I claim that Apple is becoming the FBI’s crazy ex-girlfriend in Silicon Valley — and offer the tapes to prove it. When Nick Weaver rises to Apple’s defense, I point out that Apple responded… Continue Reading

The Cyberlaw Podcast – Interview with United States Representative Tom Graves

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Episode 189: Hack Back in Black: Interviewing United States Representative Tom Graves about the ACDC act. Today’s bonus episode is an interview with Rep. Graves, co-sponsor of the Active Cyber Defense Certainty (ACDC) Act, which allows those whose networks are under persistent attack to leave their network to conduct investigative action. Rep. Graves offers a… Continue Reading

The Cyberlaw Podcast – Interview with Mårten Mickos

Posted in Data Breach, Security Programs & Policies

Episode 185: The Midnight Basketball of Cybersecurity This episode features an interview with Mårten Mickos, the CEO of HackerOne. HackerOne administers bug bounty and vulnerability disclosure programs for a host of private companies as well as DOD’s “Hack the Pentagon” program. He explains how such programs work, how companies and agencies typically get started (with “vulnerability disclosure”… Continue Reading

The Cyberlaw Podcast – Bonus Episode

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

Episode 182: Attribution of Cyberattacks Episode 182 features a panel of experts on attribution of cyberattacks. I moderated the panel at the Georgia Tech 15th Annual Cyber Security Summit in Atlanta on September 27, 2017.  Panel members included Cristin Goodwin of Microsoft, Rob Knake of the Council on Foreign Relations, Hannah Kuchler of the Financial Times,… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in Data Breach, International

Episode 181: Equifax and the Upside of Nation-State Cyberattacks Was the Equifax breach a nation-state attack? Nick Weaver parses the data, and I explore the surprising upside for Equifax if it was. Twitter comes to Capitol Hill to talk Russian election interference; it goes home with a flea in its ear and plenty of homework… Continue Reading

Interview with Jeanette Manfra

Posted in Data Breach, Security Programs & Policies

Episode 179: Interview with Jeanette Manfra Our interview is with Jeanette Manfra, DHS’s Assistant Secretary for Cyber Security and Communications. We cover her agency’s binding directive to other civilian agencies to purge Kaspersky software from their systems, and her advice to victims of the Equifax breach (and to doctors who think that Abbott Labs’ heart implants… Continue Reading

Interview with Rebecca Richards and Elizabeth Goitein

Posted in Data Breach, International, Privacy Regulation

Episode 178: The Evil Dolphin Episode The Cyberlaw Podcast kicks off a series exploring section 702 – the half-US/half-foreign collection program that has proven effective against terrorists while also proving controversial with civil liberties groups.  With the program due to expire on December 31, we’ll examine the surveillance controversies spawned by the program. Today, we… Continue Reading

Steptoe Cyberlaw Podcast – Interview with David Aitel

Posted in Data Breach, International

Episode 176: Governments to Internet: STFU Everybody’s a critic, and everybody’s a censor, at least if you judge by today’s episode: Maury Shenk tells us the European Court of Justice will soon rule on its authority to censor what Americans read. Markham Erickson discusses the Ninth Circuit decision upholding national security letter gag orders. And Maury says… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Data Breach, International, Security Programs & Policies

Episode 171.  Implants in the Kremlin’s Snack Machines? Our guest, Ellen Nakashima, was coauthor of a Washington Post article that truly is a first draft of history, though not a chapter the Obama administration is likely to be proud of.  She and Greg Miller and Adam Entous chronicle the story of Russia’s information operations attack… Continue Reading

Steptoe Cyberlaw Podcast – News Roundup

Posted in Data Breach, International, Security Programs & Policies

Episode 170 This week’s episode is a news roundup without interview.  We lead with the Senate’s overwhelming adoption of unexpectedly tough Russia sanctions along with the Iran sanctions bill.  The mainstream press has emphasized that the bill will lock the Obama sanctions into legislation, but Anthony Rapa explains that the bigger story is just how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kevin Mandia

Posted in Cybersecurity and Cyberwar, Data Breach, International

Episode 166 is the interview that goes with episode 165’s news roundup, released separately to ensure the timeliness of the news. In episode 166, we interview Kevin Mandia, the CEO and Board Director of FireEye, an intelligence-led security company.  FireEye recently outed a new cyberespionage actor associated with the Vietnamese government.  Kevin tells us how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Tim Maurer

Posted in Data Breach, International, Security Programs & Policies

Episode 164: Stewart on the Road to Tarsus Episode 164 features Stewart Baker’s startling change of heart on the question of cyberspace norms. Credit goes to our interview guest, Tim Maurer, Fellow and co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace. And perhaps as well to Brian Egan, former Legal… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Nicholas Weaver

Posted in Data Breach, International, Privacy Regulation

Episode 159: Interview with Nicholas Weaver Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute.  It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a… Continue Reading

Steptoe Cyberlaw Podcast – Debate with Greg Nojeim and Jamil Jaffer

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

155: Debating Hackback Episode 155 of the podcast offers something new:  equal time for opposing views.  Well, sort of, anyway.  In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week.  I argue that US companies should be allowed to hack back; I’m opposed by Greg Nojeim, Senior… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Curtis Dukes and Tony Sager

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

Episode 154:  What cybersecurity experts tell their Moms about computer security In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Joining us for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dominic Rochon and Patricia Kosseim

Posted in Cybersecurity and Cyberwar, Data Breach, International

Our interview features a classic “please don’t read this” headline: “Worthwhile Canadian Initiatives.”  We explore multiple worthwhile Canadian initiatives with Dominic Rochon, deputy chief of policy and communications for CSE, Canada’s version of the NSA and with Patricia Kosseim, general counsel and director general for policy at the Office of Canada’s Privacy Commissioner.  Among other… Continue Reading

Steptoe Cyberlaw Podcast – News Roundup

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Uncategorized

Posse Comitatus: Latin for “Get off my turf”? Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity?  Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight. Should the FDA allow implants of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kiersten Todt

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

Too busy to read the 100-page Presidential Commission on Enhancing National Security report on what the next administration should do about cybersecurity?  No worries.  Episode 142 features a surprisingly contentious but highly informative dialog about the report with Kiersten Todt, the commission’s executive director. In the news, Lindsey Graham, John McCain, and a host of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Scott Charney

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

We ask Rihanna to sum up the latest US-EU agreement: And that’s when you need me there With you I’ll always share … You can stand under my umbrella RiRi’s got the theory right:  The Umbrella Agreement was supposed to make sure the US and EU would always share law enforcement data.  But when the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Markoff

Posted in Cybersecurity and Cyberwar, Data Breach

The Autonomous Weapon Who Went to the Beach Episode 140 features long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings.  Our conversation covers everything from robots, autonomous weapons, and Siri to hippie… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Paul Rosenzweig and Shane Harris

Posted in China, Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

We couldn’t resist.  This week’s topic is of course President-elect Trump and what his election could mean for All Things Cyber.  It features noted cybercommentator Paul Rosenzweig and Daily Beast reporter Shane Harris.  In the news, we’re reminded of the old Wall Street saying that bulls and bears can both make money in the market… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Frank Cilluffo

Posted in Cybersecurity and Cyberwar, Data Breach

The episode features a vigorous and friendly debate between me and Frank Cilluffo over his Center’s report on active defense, titled “Into the Gray Zone.”  It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University.  My fear: the report creates gray zones for computer defense that should not… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Carlin

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

John Carlin leaves Justice:  We give him the good news and the bad news. Episode 134 features John Carlin’s swan song as assistant attorney general for national security.  We review the highs and lows of his tenure from a cybersecurity point of view and then look to the future, including how the US should respond… Continue Reading