Header graphic for print
Steptoe Cyberblog

Tag Archives: privacy

Episode 290: The Right to be Forgotten Shoots the Shark

Posted in CFIUS, China, International, Russia

  This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that never once mention China. More accurately, the Department has rolled out a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude… Continue Reading

Episode 272: Illuminating supply chain security

Posted in China, European Union, International, Security Programs & Policies

  What is the federal government doing to get compromised hardware and software out of its supply chain? That’s what we ask Harvey Rishikof, coauthor of “Deliver Uncompromised,” and Joyce Corell, who heads the Supply Chain and Cyber Directorate at the National Counterintelligence and Security Center. There’s no doubt the problem is being admired to… Continue Reading

More States Move to Restrict Companies’ Use or Sale of Personal Information

Posted in Privacy Regulation

In the aftermath of the passage of the California Consumer Privacy Act (CCPA) in 2018, numerous other states have begun to consider similar legislation. While most of those states are in the early stages of the legislative process, Nevada and Maine recently enacted laws strictly regulating what online companies can do with their customers’ personal… Continue Reading

Episode 257: How we know the North Korean Embassy break-in wasn’t the work of the CIA

Posted in Data Breach, International, Privacy Regulation

  In today’s News Roundup, Klon Kitchen adds to the North Korean Embassy invasion by an unknown group. Turns out some of the participants fled to the US and lawyered up, but the real tipoff about attribution is that they’ve given some of the data they stole to the FBI. That rules out CIA involvement… Continue Reading

Episode 237: I’d Like to Teach the World to Troll, in Perfect Harmony!

Posted in China, Data Breach, European Union, International, Privacy Regulation, Russia

  The theme of this week’s podcast seems to be the remarkable reach of American soft power: Really, we elect Donald Trump, and suddenly everybody’s trolling. The Justice Department criminally charges a Russian troll factory’s accountant, and before David Kris can finish explaining it, she’s on YouTube, trolling the prosecutors with a housewife schtick. She’s… Continue Reading

The Cyberlaw Podcast — Interview with Megan Stifel

Posted in China, European Union, International, Privacy Regulation, Russia

Episode 222: In which I get to play that guy in line for the movie with Woody Allen Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in China, International, Privacy Regulation, Security Programs & Policies

Episode 218: The Mugshots.com Case: California Crazy Meets European Crazy In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case… Continue Reading

EU Court Denies Class Action for Data Protection in Schrems vs. Facebook Ireland Ltd – A Short-Lived Respite Until GDPR?

Posted in European Union, International, Privacy Regulation

In its judgment of January 26, the European Court interpreted EU rules on jurisdiction in a dispute referred from the Austrian Supreme Court between a ‘consumer’ – Maximilian Schrems – and Facebook Ireland Limited. The Court would not accept the consumer’s choice of forum for a class-action type proceeding and held that, when interpreting EU… Continue Reading

The Cyberlaw Podcast – The Shane Roundup

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Today’s news roundup features Shane Harris of the Wall Street Journal, Brian Egan, and Alan Cohn discussing stories that Shane wrote last week.  Out of the box, we work through the hall of mirrors that the Kaspersky hacking story has become. The Russian hacking story is biting more companies than just Kaspersky.  Turns out that… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Joshua Corman and Justine Bone

Posted in Privacy Regulation, Security Programs & Policies

Episode 157 digs into the security of the medical internet of things.  Which, we discover, could be described more often than we’d like as an internet of things that want to kill us.  Joshua Corman of the Atlantic Council and Justine Bone, CEO of MedSec, talk about the culture clash that has made medical cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jason Healey

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies, Uncategorized

149:  Thigh-high boots and defense dominance Our guest for episode 149 of the podcast is Jason Healey, whose Atlantic Council paper, “A Nonstate Strategy for Saving Cyberspace,” advocates for an explicit bias toward cyber defense and the private sector.  He responds well to my skeptical questioning, and even my suggestion that his vision of “defense… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Frank Cilluffo

Posted in Cybersecurity and Cyberwar, Data Breach

The episode features a vigorous and friendly debate between me and Frank Cilluffo over his Center’s report on active defense, titled “Into the Gray Zone.”  It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University.  My fear: the report creates gray zones for computer defense that should not… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jonathan Zittrain

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

Jonathan Zittrain, who holds a surfeit of titles at Harvard, is our guest for episode 136.  Among other topics, we explore the implications of routine doxing of political adversaries.  Along the way I extract kind words from Jonathan for Sarah Palin and welcome him to the club of those who think mass doxxers are evil punks. … Continue Reading

Data Portability under EU GDPR: A Financial Services Perspective

Posted in International, Privacy Regulation

Philip Woolfson and I wrote an article for PL&B International about data portability, a new requirement of data protection law which will be introduced when the European Union General Data Protection Regulation (GDPR) applies on May 25, 2018.  Under this new regulation, data subjects have acquired a right to data portability (RDP). This article looks… Continue Reading

An EU General Data Protection Guide for the Insurance and Financial Services Sector

Posted in International, Privacy Regulation

To help prepare for the application of the European regulation on the protection of individuals with regard to the processing of personal data and on the free movement (the EU General Data Protection Regulation or GDPR), which will enter into force on May 25, 2018, Guy Soussan, Philip Woolfson, and I authored a commentary on the GDPR… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Carlin

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

John Carlin leaves Justice:  We give him the good news and the bad news. Episode 134 features John Carlin’s swan song as assistant attorney general for national security.  We review the highs and lows of his tenure from a cybersecurity point of view and then look to the future, including how the US should respond… Continue Reading

Steptoe Cyberlaw Podcast – The Grugq

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

(Groucho) Marxism and Red Lines in Cyberspace In episode 133, our guest is The Grugq, famous in hacker circles but less so among Washington policymakers.  We talk about the arrest of an NSA employee for taking malware and other classified materials home, the Shadow Broker leak of Equation Group tools, and the Grugq’s view that… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 132, our threepeat guest is Ellen Nakashima, star cyber reporter for the Washington Post.  Markham Erickson and I talk to her about Vladimir Putin’s endless appetite for identifying ‒ and crossing ‒ American red lines, the costs and benefits of separating NSA from Cyber Command, and the chances of a pardon for Edward… Continue Reading