Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain. His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new
Data security
Episode 321: Using the internet to cause emotional distress is a felony?
This is the week when the movement to reform Section 230 of the Communications Decency Act got serious. The Justice Department released a substantive report suggesting multiple reforms. I was positive about many of them (my views here). Meanwhile, Sen. Josh Hawley (R-MO) has proposed a somewhat similar set of changes in his…
Episode 320: Hackers for Hire
Our interview this week is with Chris Bing, a cybersecurity reporter with Reuters, and John Scott-Railton, Senior Researcher at Citizen Lab and PhD student at UCLA. John coauthored Citizen Lab’s report last week on BellTroX and Indian hackers for hire, and Chris reported for Reuters on the same organization’s activities –…
Data Security Components of New York’s SHIELD Act Take Effect
While most businesses have been preoccupied with navigating the effects of the COVID-19 pandemic, a significant change to businesses’ data security obligations has taken effect in New York. On March 21, 2020, the second part of the Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act) went into effect in New York State.
…
An Overview of Blockchain Cybersecurity Risks and Issues
Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of…
European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)
The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.
At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.
These guidelines should help provide a common interpretation of…
The Final Countdown – The EU General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018.
The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the…
The Cyberlaw Podcast – Interview with Nicholas Schmidle
Episode 215: The Zelig of Hacking Back
Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing…
The Cyberlaw Podcast – News Roundup
Episode 204: News Roundup
In our 204th episode of The Cyberlaw Podcast, the team bumbles forward without Stewart Baker, who is spending the week racing his offspring down mountain slopes somewhere in Utah. Brian Egan and Jamil Jaffer begin by covering a few implications of Special Counsel Mueller’s indictment from Friday – the legal theories…
The Cyberlaw Podcast – Interview with Susan Landau
Episode 201: Interview with Susan Landau
The crypto wars return to The Cyberlaw Podcast in episode 201, as I interview Susan Landau about her new book on the subject, Listening In: Cybersecurity in an Insecure Age. Susan and I have been debating each other for decades now, and this interview is no exception.
In…