In our 326th episode of the Cyberlaw Podcast, Stewart Baker interviews Lauren Willard, who serves as Counselor to the Attorney General. Stewart is also joined Nick Weaver (@ncweaver), David Kris (@DavidKris), and Paul Rosenzweig (@RosenzweigP).

Our interview this week focuses on section 230 of the Communications Decency Act and features Lauren Willard,

Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain.  His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new

This is the week when the movement to reform Section 230 of the Communications Decency Act got serious. The Justice Department released a substantive report suggesting multiple reforms. I was positive about many of them (my views here). Meanwhile, Sen. Josh Hawley (R-MO) has proposed a somewhat similar set of changes in his

Our interview this week is with Chris Bing, a cybersecurity reporter with Reuters, and John Scott-Railton, Senior Researcher at Citizen Lab and PhD student at UCLA. John coauthored Citizen Lab’s report last week on BellTroX and Indian hackers for hire, and Chris reported for Reuters on the same organization’s activities –

Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances the state attorney general’s enforcement authority of the data breach notification law, and introduces data security requirements for the first time. The Shield Act was passed by the New York Legislature in June. The Act goes into effect on October 23, 2019, with the exception of the Act’s data security requirements, which go into effect on March 21, 2020.
Continue Reading New York Adopts New Data Breach Law, Including Data Security Requirements

Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.

At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.

These guidelines should help provide a common interpretation of

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018.

The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the

Episode 215:  The Zelig of Hacking Back

Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing