Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances… Continue Reading
Tag Archives: Data Breach
Episode 273: What it’s like to live through a big data breach
Posted in China, Data Breach, European Union, InternationalToday, I interview Frank Blake, who as CEO brought Home Depot through a massive data breach. Frank’s a former co-clerk of mine, a former Deputy Secretary of Energy, and the current host of Crazy Good Turns, a podcast about people who have found remarkable, even crazy, ways to help others. In addition to his… Continue Reading
An Overview of Blockchain Cybersecurity Risks and Issues
Posted in Block Chain, Blockchain, Data BreachOur blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of privacy laws… Continue Reading
European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)
Posted in Data Breach, European Union, International, Security Programs & PoliciesThe European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR. At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope. These guidelines should help provide a common interpretation of… Continue Reading
The Cyberlaw Podcast — Interview with Ambassador Nathan Sales
Posted in China, Cybersecurity and Cyberwar, Virtual CurrencyEpisode 207: What to do about China? Our interview this week is with Ambassador Nathan Sales, the State Department’s Counterterrorism Coordinator. We cover a Trump administration diplomatic achievement in the field of technology and terrorism that has been surprisingly undercovered (or maybe it’s not surprising at all, depending on how cynical you are about press… Continue Reading
The Cyberlaw Podcast – The News Roundup
Posted in International, Security Programs & PoliciesCyberlaw Podcast alumnus Marten Mickos was called before the Senate Commerce Committee to testify about HackerOne’s bug bounty program. But the unhappy star of the hearings was Uber, which was heavily criticized for having paid out a large bonus under cloudy circumstances. Sen. Blumenthal and others on the Hill treated the payment as more ransom than bounty… Continue Reading
The Cyberlaw Podcast — Discussion with Michael Sulmeyer and Nicholas Weaver
Posted in Cybersecurity and Cyberwar, Data BreachEpisode 192: Discussion with Michael Sulmeyer and Nicholas Weaver With the Texas church shooting having put encryption back on the front burner, I claim that Apple is becoming the FBI’s crazy ex-girlfriend in Silicon Valley — and offer the tapes to prove it. When Nick Weaver rises to Apple’s defense, I point out that Apple responded… Continue Reading
The Cyberlaw Podcast — Election Cybersecurity Panel with Chris Krebs and Ed Felten
Posted in Security Programs & Policies191: Election security may be better than you think. Unless you live in New Jersey. Episode 191 is our long-awaited election security podcast before a live, and lively, audience. Our panel consists of Chris Krebs, formerly of Microsoft and now the top cybersecurity official at DHS (with the longest title in the federal government as proof),… Continue Reading
The Cyberlaw Podcast – Interview with Mårten Mickos
Posted in Data Breach, Security Programs & PoliciesEpisode 185: The Midnight Basketball of Cybersecurity This episode features an interview with Mårten Mickos, the CEO of HackerOne. HackerOne administers bug bounty and vulnerability disclosure programs for a host of private companies as well as DOD’s “Hack the Pentagon” program. He explains how such programs work, how companies and agencies typically get started (with “vulnerability disclosure”… Continue Reading
The Cyberlaw Podcast – News Roundup
Posted in Data Breach, InternationalEpisode 181: Equifax and the Upside of Nation-State Cyberattacks Was the Equifax breach a nation-state attack? Nick Weaver parses the data, and I explore the surprising upside for Equifax if it was. Twitter comes to Capitol Hill to talk Russian election interference; it goes home with a flea in its ear and plenty of homework… Continue Reading
Interview with Jeanette Manfra
Posted in Data Breach, Security Programs & PoliciesEpisode 179: Interview with Jeanette Manfra Our interview is with Jeanette Manfra, DHS’s Assistant Secretary for Cyber Security and Communications. We cover her agency’s binding directive to other civilian agencies to purge Kaspersky software from their systems, and her advice to victims of the Equifax breach (and to doctors who think that Abbott Labs’ heart implants… Continue Reading
Interview with Rebecca Richards and Elizabeth Goitein
Posted in Data Breach, International, Privacy RegulationEpisode 178: The Evil Dolphin Episode The Cyberlaw Podcast kicks off a series exploring section 702 – the half-US/half-foreign collection program that has proven effective against terrorists while also proving controversial with civil liberties groups. With the program due to expire on December 31, we’ll examine the surveillance controversies spawned by the program. Today, we… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Nicholas Weaver
Posted in Data Breach, International, Privacy RegulationEpisode 159: Interview with Nicholas Weaver Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute. It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Curtis Dukes and Tony Sager
Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & PoliciesEpisode 154: What cybersecurity experts tell their Moms about computer security In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Joining us for… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Kiersten Todt
Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & PoliciesToo busy to read the 100-page Presidential Commission on Enhancing National Security report on what the next administration should do about cybersecurity? No worries. Episode 142 features a surprisingly contentious but highly informative dialog about the report with Kiersten Todt, the commission’s executive director. In the news, Lindsey Graham, John McCain, and a host of… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Scott Charney
Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & PoliciesWe ask Rihanna to sum up the latest US-EU agreement: And that’s when you need me there With you I’ll always share … You can stand under my umbrella RiRi’s got the theory right: The Umbrella Agreement was supposed to make sure the US and EU would always share law enforcement data. But when the… Continue Reading
Steptoe Cyberlaw Podcast – Interview with John Markoff
Posted in Cybersecurity and Cyberwar, Data BreachThe Autonomous Weapon Who Went to the Beach Episode 140 features long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings. Our conversation covers everything from robots, autonomous weapons, and Siri to hippie… Continue Reading
Steptoe Cyberlaw Podcast – The Grugq
Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies(Groucho) Marxism and Red Lines in Cyberspace In episode 133, our guest is The Grugq, famous in hacker circles but less so among Washington policymakers. We talk about the arrest of an NSA employee for taking malware and other classified materials home, the Shadow Broker leak of Equation Group tools, and the Grugq’s view that… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima
Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & PoliciesIn episode 132, our threepeat guest is Ellen Nakashima, star cyber reporter for the Washington Post. Markham Erickson and I talk to her about Vladimir Putin’s endless appetite for identifying ‒ and crossing ‒ American red lines, the costs and benefits of separating NSA from Cyber Command, and the chances of a pardon for Edward… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Matt Cutts and Lisa Wiswell
Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & PoliciesA record-setting insecurity week. Our interview in episode 131 is with Matt Cutts and Lisa Wiswell from the Pentagon’s Defense Digital Service. Matt joined the Digital Service from Google where he authored their SafeSearch content filter. Lisa is a bureaucracy hacker with the Defense Digital Service and previously spent years working on cyber-warfare in DOD’s… Continue Reading
Steptoe Cyberlaw Podcast – News Round-Up
Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, UncategorizedIn a law-heavy news roundup, Katie Cassel and I talk about New York’s dangerously prescriptive cybersecurity regs for banks and insurers. Maury Shenk and I uncover the seamy industrial politics behind the EU’s latest copyright and telecom proposals. The Sixth Circuit deepens a circuit split over standing and how much injury it takes to support… Continue Reading
Steptoe Cyberlaw Podcast – News Round-up with Phil West
Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & PoliciesIronman meets the Antideficiency Act In episode 129, Alan Cohn and I dive deep on the Government Oversight committee’s predictably depressing and unpredictably entertaining report on the OPM hack. Cheeky Chinese hackers register their control sites to superhero alter egos. And poor, patriotic Cytech finds an intruder during a sales demo, rushes to provide support… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Scott DePasquale
Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & PoliciesThe podcast is back with a bang from hiatus. Our guest, Scott DePasquale, is the CEO of Utilidata, an electric utility IoT and cybersecurity company. Scott talks about his contribution to the Internet Security Alliance’s upcoming book, The Cyber Security Social Contract. Episode 128 also brings you a news roundup from the most momentous August… Continue Reading
Steptoe Cyberlaw Podcast – Bonus Episode – Interview with Charles Allen and John McLaughlin
Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies127: Vlad’s Cojones I know we promised to take August off, but I was inspired by the flap over the DNC hack and the fact that I’m at the Aspen Homeland Security Working Group meeting in Colorado. I waylaid two former intelligence community members on the Aspen campus and asked for their views on the… Continue Reading