Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of
Data security
European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)
The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.
At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.
These guidelines should help provide a common interpretation of…
Treasury Sanctions on Cyber Attackers
The executive order allowing the President to impose OFAC sanctions on hackers is good news. I’ve been calling on the government for several years to go beyond attribution to retribution. See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate. Similar sentiments were expressed …
Why Tort Liability Won’t Produce Good Cybersecurity
Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy.
Those who see tort law as…
“Groundhog Day” for Data Breaches
Here we go again. A prominent company suffers a data breach. The company publicly alerts its customers. The company almost immediately finds itself the subject of inquiries from Congress and the target of investigations by regulators. Before long, class action lawyers will crank out complaints as if they’re Mad Libs, filling in the name of…
European Court of Justice Google Decision: Broader Implications
Since the European Court of Justice (ECJ) startled the Internet sector and world at large last week by its finding in the Google v. AEPD case that there is a “right to be forgotten” under the EU Data Protection Directive, there has been extensive speculation what the decision will mean for Google and other search…
Is Snowden a Spy?
That’s the possibility raised by Edward Jay Epstein in a (paywalled) Wall Street Journal op-ed. Epstein offers some new evidence for his theory. In particular he says that NSA investigators now know that Snowden’s tactics included breaking into two dozen compartments using forged or stolen passwords. Once there, Snowden loosed an automated “spider” with…
The New Phone Metadata Program
According to the New York Times, the President has decided to kill the existing NSA phone metadata program and come up with a substitute that leaves the metadata with the phone companies. The decision will limit the government’s ability to find older connections, since few companies hold records for three or more years; it…
Debating Snowden
For some reason, debates about Snowden are thick on the ground these days, and I’ve joined a couple of them. The most fun was the Oxford Union, which has been preparing future Parliamentarians (and Prime Ministers) all around the British Commonwealth since 1823. The Oxford Union debate was “This House would call Edward Snowden a…
Making sense of Bitcoin
With all of the hype and hyperbole surrounding bitcoin and the dizzying array of press coverage, it can be hard for companies to know where to start in evaluating the potential risks involved in making bitcoin a part of their business. Law360 published an article this week in which I make sense of it all…