This is my favorite story of the episode. David Kris covers a report from the Privacy and Civil Liberties Oversight Board on the enormous value that European governments get in fighting terrorism from the same American surveillance programs that European institutions have been fighting for twenty years to shut down. It’s a delightful takedown
Data security
Episode 331: Damned if You Do, Damned if You Don’t (Pay the Ransom)
In this episode, Jamil Jaffer, Bruce Schneier, and I mull over the Treasury announcement that really raises the stakes even higher for ransomware victim. The message from Treasury seems to be that if the ransomware gang is the subject of OFAC sanctions, as many are, the victim needs to call Treasury…
Episode 330: US-China Tech Divide – Where Will it End?
Our news roundup is dominated by the seemingly endless ways that the US and China can find to quarrel over tech policy. The Commerce Department’s plan to use an executive order to cut TikTok and WeChat out of the US market have now been enjoined. But the $50 Nick Weaver bet me that TikTok…
Episode 327: “I’ll Take Hacking Tesla for One Million Dollars, Alex”
In our 327th episode of the Cyberlaw Podcast, Stewart is joined by Nick Weaver (@ncweaver), David Kris (@DavidKris), and Dave Aitel (@daveaitel). We are back from hiatus, with a one-hour news roundup to cover the big stories of the last month. Pride of place goes to the WeChat/Tiktok mess, which just gets messier…
Episode 326: Face Poisoning
In our 326th episode of the Cyberlaw Podcast, Stewart Baker interviews Lauren Willard, who serves as Counselor to the Attorney General. Stewart is also joined Nick Weaver (@ncweaver), David Kris (@DavidKris), and Paul Rosenzweig (@RosenzweigP).
Our interview this week focuses on section 230 of the Communications Decency Act and features Lauren Willard,…
Episode 324: TikTok on the Clock
Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain. His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new…
Episode 321: Using the internet to cause emotional distress is a felony?
This is the week when the movement to reform Section 230 of the Communications Decency Act got serious. The Justice Department released a substantive report suggesting multiple reforms. I was positive about many of them (my views here). Meanwhile, Sen. Josh Hawley (R-MO) has proposed a somewhat similar set of changes in his…
Episode 320: Hackers for Hire
Our interview this week is with Chris Bing, a cybersecurity reporter with Reuters, and John Scott-Railton, Senior Researcher at Citizen Lab and PhD student at UCLA. John coauthored Citizen Lab’s report last week on BellTroX and Indian hackers for hire, and Chris reported for Reuters on the same organization’s activities –…
Data Security Components of New York’s SHIELD Act Take Effect
While most businesses have been preoccupied with navigating the effects of the COVID-19 pandemic, a significant change to businesses’ data security obligations has taken effect in New York. On March 21, 2020, the second part of the Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act) went into effect in New York State.
…
New York Adopts New Data Breach Law, Including Data Security Requirements
Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances the state attorney general’s enforcement authority of the data breach notification law, and introduces data security requirements for the first time. The Shield Act was passed by the New York Legislature in June. The Act goes into effect on October 23, 2019, with the exception of the Act’s data security requirements, which go into effect on March 21, 2020.…
Continue Reading New York Adopts New Data Breach Law, Including Data Security Requirements