Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances… Continue Reading
In the aftermath of the passage of the California Consumer Privacy Act (CCPA) in 2018, numerous other states have begun to consider similar legislation. While most of those states are in the early stages of the legislative process, Nevada and Maine recently enacted laws strictly regulating what online companies can do with their customers’ personal… Continue Reading
With apologies for the late post, Episode 263 of The Cyberlaw Podcast tells the sad tale of another US government leaker who unwisely trusted The Intercept not to compromise its source. As Nick Weaver points out, The Intercept also took forever to actually report on some of the material it received. In other news,… Continue Reading
We recently published a client alert on the California Consumer Privacy Act. From the alert: When California lawmakers hastily enacted the California Consumer Privacy Act (CCPA) in June 2018, few expected the law — voted on after only a few days’ deliberation — to remain unamended. And, indeed, the law was first amended just a few… Continue Reading
Have the Chinese hired American lawyers to vet their cyberespionage tactics – or just someone who cares about opsec? Probably the latter, and if you’re wondering why China would suddenly care about opsec, look no further than Supermicro’s announcement that it will be leaving China after a Bloomberg story claiming that the company’s supply… Continue Reading
In this episode, Nick Weaver and I discuss new Internet regulations proposed in the UK. He’s mostly okay with its anti-nudge code for kids, but not with requiring proof of age to access adult material. I don’t see the problem; after all, who wouldn’t want to store their passport information with Pornhub?
Recently, Meegan Brooks, an associate in our San Francisco office, published an article on the California Consumer Privacy Act. Below is an excerpt. You can read the full article here.
In today’s News Roundup, Klon Kitchen adds to the North Korean Embassy invasion by an unknown group. Turns out some of the participants fled to the US and lawyered up, but the real tipoff about attribution is that they’ve given some of the data they stole to the FBI. That rules out CIA involvement… Continue Reading
If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast – DOJ’s indictment of a couple of kids whose hacker chops are modest but whose… Continue Reading
If the surgeon about to operate on you has been disciplined for neglecting patients, wouldn’t you like to know? Well, the mandarins of the European Union privacy lobby beg to differ. Google has been told by a Dutch court not to index that story, and there seems to have been a six-month lag in… Continue Reading
This episode features an interview with Michael Tiffany, the co-founder and president of White Ops and a deep student of how to curtail adtech fraud. Michael explains the adtech business, how fraudsters take advantage of its structure, and what a coalition of law enforcement and tech companies did to wreck one of the most… Continue Reading
The theme of this week’s podcast seems to be the remarkable reach of American soft power: Really, we elect Donald Trump, and suddenly everybody’s trolling. The Justice Department criminally charges a Russian troll factory’s accountant, and before David Kris can finish explaining it, she’s on YouTube, trolling the prosecutors with a housewife schtick. She’s… Continue Reading
In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he’s been identified, should British intelligence make it their business to execute Col. Chepiga?
Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in… Continue Reading
We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more… Continue Reading
We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my… Continue Reading
Our guest for the interview is Noah Phillips, recently appointed FTC Commissioner and former colleague of Stewart Baker at Steptoe. Noah fields questions about the European Union, privacy, and LabMD, about whether Silicon Valley suppression of conservative speech should be a competition law issue, about how foreign governments’ abuse of merger approvals can be disciplined,… Continue Reading
In Episode 226 of The Cyberlaw Podcast, Stewart departs for the wilderness, and the News Roundup team (Brian Egan with Matthew Heiman, Jim Lewis, and Dr. Megan Reiss) muddles through without him.
I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand… Continue Reading
Episode 222: In which I get to play that guy in line for the movie with Woody Allen Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up… Continue Reading
On June 12, Belgium’s Parliament published a draft law on the “protection of natural persons with regard to processing of personal data.” The draft – comprising 280 Articles – has three objectives: Legislate so-called “open clauses” of the General Data Protection Regulation, i. e. those clauses in the Regulation where EU Member States are free to… Continue Reading
Episode 220: GDPR and the Typhoid Marys of the Internet GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is WHOIS, as German courts ride to the rescue… Continue Reading
Episode 218: The Mugshots.com Case: California Crazy Meets European Crazy In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case… Continue Reading
The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading