Data Breach

Subscribe to Data Breach

In our 328th episode of the Cyberlaw Podcast, Stewart is joined by Bruce Schneier (@schneierblog), Sultan Meghji @sultanmeghji), and Nate Jones (@n8jones81). The Belfer Center has produced a distinctly idiosyncratic report ranking the world’s cyber powers – a kind of Jane’s Fighting Nerds report. Bruce Schneier and I puzzle over its oddities, but

In our 327th episode of the Cyberlaw Podcast, Stewart is joined by Nick Weaver (@ncweaver), David Kris (@DavidKris), and Dave Aitel (@daveaitel). We are back from hiatus, with a one-hour news roundup to cover the big stories of the last month.  Pride of place goes to the WeChat/Tiktok mess, which just gets messier

Our interview with Ben Buchanan begins with his report on how artificial intelligence may influence national and cybersecurity. Ben’s quick takes: better for defense than offense, and probably even better for propaganda. The best part, in my view, is Ben’s explanation of how to poison the AI that’s trying to hack you

Nate Jones and I dig deep into Twitter’s decision to delete Rudy Giuliani’s tweet (quoting Charlie Kirk of Turning Point) to the effect that hydroxychloroquine had been shown to be 100% effective against the coronavirus and that Gov. Whitmer (D-MI) had threatened doctors prescribing it out of anti-Trump animus. Twitter claimed that it was deleting tweets that “go directly against guidance from authoritative sources” and separately implied that the tweet was an improper attack on Gov. Whitmer.


Continue Reading Episode 310: Is Twitter using the health emergency to settle political scores?

Nick Weaver and I debate Sens. Graham and Blumenthal’s EARN IT Act, a proposal to require that social media firms follow best practices on preventing child abuse. If they don’t, they won’t get full Section 230 immunity from liability for recklessly allowing the abuse. Nick thinks the idea is ill-conceived and doomed to fail. I think there’s a core of sense to the proposal, which simply asks that Silicon Valley firms who are reckless about child abuse on their networks pay for the social costs they’re imposing on society. Since the bill gives the attorney general authority to modify the best practices submitted by a commission of industry, academic, and civic representatives, critics are sure that the final product will reduce corporate incentives to offer end-to-end encryption.


Continue Reading Episode 298: Bill Barr as Bogeyman

Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances the state attorney general’s enforcement authority of the data breach notification law, and introduces data security requirements for the first time. The Shield Act was passed by the New York Legislature in June. The Act goes into effect on October 23, 2019, with the exception of the Act’s data security requirements, which go into effect on March 21, 2020.
Continue Reading New York Adopts New Data Breach Law, Including Data Security Requirements

Today, I interview Frank Blake, who as CEO brought Home Depot through a massive data breach. Frank’s a former co-clerk of mine, a former Deputy Secretary of Energy, and the current host of Crazy Good Turns, a podcast about people who have found remarkable, even crazy, ways to help others. In

Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.

At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.

These guidelines should help provide a common interpretation of

Episode 207: What to do about China?

Our interview this week is with Ambassador Nathan Sales, the State Department’s Counterterrorism Coordinator.  We cover a Trump administration diplomatic achievement in the field of technology and terrorism that has been surprisingly undercovered (or maybe it’s not surprising at all, depending on how cynical you are about