Data Breach

Episode 310: Is Twitter using the health emergency to settle political scores?

By Stewart Baker on April 6, 2020

Nate Jones and I dig deep into Twitter’s decision to delete Rudy Giuliani’s tweet (quoting Charlie Kirk of Turning Point) to the effect that hydroxychloroquine had been shown to be 100% effective against the coronavirus and that Gov. Whitmer (D-MI) had threatened doctors prescribing it out of anti-Trump animus. Twitter claimed that it was deleting tweets that “go directly against guidance from authoritative sources” and separately implied that the tweet was an improper attack on Gov. Whitmer.

…
Continue Reading Episode 310: Is Twitter using the health emergency to settle political scores?

Episode 298: Bill Barr as Bogeyman

By Stewart Baker on February 3, 2020

Posted in Data Breach, Privacy Regulation, Security Programs & Policies

Nick Weaver and I debate Sens. Graham and Blumenthal’s EARN IT Act, a proposal to require that social media firms follow best practices on preventing child abuse. If they don’t, they won’t get full Section 230 immunity from liability for recklessly allowing the abuse. Nick thinks the idea is ill-conceived and doomed to fail. I think there’s a core of sense to the proposal, which simply asks that Silicon Valley firms who are reckless about child abuse on their networks pay for the social costs they’re imposing on society. Since the bill gives the attorney general authority to modify the best practices submitted by a commission of industry, academic, and civic representatives, critics are sure that the final product will reduce corporate incentives to offer end-to-end encryption.

…
Continue Reading Episode 298: Bill Barr as Bogeyman

New York Adopts New Data Breach Law, Including Data Security Requirements

By Michael Vatis on August 7, 2019

Posted in Data Breach, Privacy Regulation

Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances the state attorney general’s enforcement authority of the data breach notification law, and introduces data security requirements for the first time. The Shield Act was passed by the New York Legislature in June. The Act goes into effect on October 23, 2019, with the exception of the Act’s data security requirements, which go into effect on March 21, 2020.…
Continue Reading New York Adopts New Data Breach Law, Including Data Security Requirements

Episode 273: What it’s like to live through a big data breach

By Stewart Baker on July 22, 2019

Posted in China, Data Breach, European Union, International

Today, I interview Frank Blake, who as CEO brought Home Depot through a massive data breach. Frank’s a former co-clerk of mine, a former Deputy Secretary of Energy, and the current host of Crazy Good Turns, a podcast about people who have found remarkable, even crazy, ways to help others. In…

An Overview of Blockchain Cybersecurity Risks and Issues

By Stewart Baker on January 30, 2019

Posted in Block Chain, Blockchain, Data Breach

Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of…

European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)

By Philip Woolfson & Alexander Hamels on October 2, 2018

Posted in Data Breach, European Union, International, Security Programs & Policies

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.

At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.

These guidelines should help provide a common interpretation of…

The Cyberlaw Podcast — Interview with Ambassador Nathan Sales

By Stewart Baker on March 12, 2018

Posted in China, Cybersecurity and Cyberwar, Virtual Currency

Episode 207: What to do about China?

Our interview this week is with Ambassador Nathan Sales, the State Department’s Counterterrorism Coordinator. We cover a Trump administration diplomatic achievement in the field of technology and terrorism that has been surprisingly undercovered (or maybe it’s not surprising at all, depending on how cynical you are about…

The Cyberlaw Podcast – The News Roundup

By Stewart Baker on February 12, 2018

Posted in International, Security Programs & Policies

Cyberlaw Podcast alumnus Marten Mickos was called before the Senate Commerce Committee to testify about HackerOne’s bug bounty program. But the unhappy star of the hearings was Uber, which was heavily criticized for having paid out a large bonus under cloudy circumstances. Sen. Blumenthal and others on the Hill treated the payment as more…

The Cyberlaw Podcast — Discussion with Michael Sulmeyer and Nicholas Weaver

By Stewart Baker on November 14, 2017

Posted in Cybersecurity and Cyberwar, Data Breach

Episode 192: Discussion with Michael Sulmeyer and Nicholas Weaver

With the Texas church shooting having put encryption back on the front burner, I claim that Apple is becoming the FBI’s crazy ex-girlfriend in Silicon Valley — and offer the tapes to prove it. When Nick Weaver rises to Apple’s defense, I point out that Apple…

The Cyberlaw Podcast — Election Cybersecurity Panel with Chris Krebs and Ed Felten

By Stewart Baker on November 8, 2017

Posted in Security Programs & Policies

191: Election security may be better than you think. Unless you live in New Jersey.

Episode 191 is our long-awaited election security podcast before a live, and lively, audience. Our panel consists of Chris Krebs, formerly of Microsoft and now the top cybersecurity official at DHS (with the longest title in the federal government…

Stewart BakerPartner

Stewart Baker’s career has spanned national security and law. He served as General Counsel of the National Security Agency, Assistant Secretary for Policy at the…

Stewart Baker’s career has spanned national security and law. He served as General Counsel of the National Security Agency, Assistant Secretary for Policy at the Department of Homeland Security, and drafter of a report reforming the intelligence community after the Iraq War. His legal practice focuses on cyber security, CFIUS, export controls, government procurement, and immigration and regulation of international travel.

Michael VatisPartner

Michael Vatis has spent most of his career addressing cutting edge issues at the intersection of law, policy, and technology. Michael’s practice focuses on Internet…

Michael Vatis has spent most of his career addressing cutting edge issues at the intersection of law, policy, and technology. Michael’s practice focuses on Internet, e-commerce, and technology matters, providing legal advice and strategic counsel on matters involving privacy, security, encryption, intelligence, law enforcement, Internet gambling, and international regulation of Internet content.

Cyberblog