Cybersecurity and Corporate Social Responsibility

Posted Leave a commentPosted in Cyber Risks, Cyber Surveillance

My article Cybersecurity, Encryption, and Corporate Social Responsibility has been published in the current edition of the Georgetown Journal of International Affairs.  I argue in this paper that “[c]ompanies such as Apple should recognize that they have a social responsibility to work with governments on security issues, and such a corporate social responsibility norm should […]

Standing Reconsidered: Fero v. Excellus Health Plan

Posted Leave a commentPosted in Data Breach Litigation, Data Breaches

An interesting decision from Judge Elizabeth Wolford of the Western District of New York has revived a data breach claim against Excellus Health Plan.  The court had previously dismissed claims by plaintiffs who did not allege any actual misuse of there personal data for lack of standing.  Plaintiffs moved for reconsideration based on the Second […]

CFAA Beacon Bill

Posted Leave a commentPosted in CFAA

Representatives Tom Graves (R-GA) and Kyrsten Sinema (D-AZ) have introduced a bill to amend the Computer Fraud and Abuse Act. The bill, titled the “Active Cyber Defense Certainty Act,” would allow the defensive use of “beaconing” technology (see H.R. 4036).  A “beacon” is a program that causes traffic to leave a network at regular intervals.  […]

Microsoft and the Law of the Cloud: to the Supreme Court

Posted Leave a commentPosted in Cloud, Cyber Crime, ECPA

Last year I wrote about Microsoft’s Stored Communications Act litigation.  The dispute has now worked its way up to the Supreme Court.  Andrew Keane Woods offers a good primer on the case on the Lawfare Blog.  I generally agree with Andrew’s take:  (1) the extraterritoriality issues do not seem to raise major sovereignty concerns; and (2) […]

Bot Code, Norms, and Law

Posted Leave a commentPosted in Cyber Risks, Internet Governance

There’s a good post on Dark Reading by Ido Safruti about norms and etiquette for bot code.  According to Imperva’s most recent bot traffic report, bots comprise the majority of Internet traffic.  May bots are intentionally disruptive or misleading — for example, bots that create comment link spam on blogs.  Others are useful — for example, […]

Cybersecurity and Social Media Use by Sex Offenders: Packingham v. North Carolina

Posted Leave a commentPosted in Cyber Speech, Personal Safety

This week the U.S. Supreme Court decided Packingham v. North Carolina, a first amendment challenge to a state statute that prohibited convicted sex offenders from accessing certain “commercial social networking” sites.  I include cases like this that involve the protection of minors, harassment, stalking, and the like under the rubric of “cybersecurity” because these issues of […]

Slides on Cybersecurity and Legal Ethics

Posted Leave a commentPosted in Attorney Ethics, Uncategorized

I’m also speaking later with Brett Harris on cyber security and legal ethics.  Here are our slides.

Tabletop for NJSBA Second Annual Cybersecurity Conference

Posted Leave a commentPosted in Cyber Compliance / Regulation, Cyber Risks

Here is a tabletop exercise I drafted that we’ll be running at the Second Annual NJSBA Cybersecurity Conference. Acme Corp. manufactures and sells industrial control systems (ICS).  ICS devices integrate computer chips, hardware and software and can be programmed to monitor, regulate and control various components of commercial manufacturing, assembly and packaging plants.  For example, […]

Implementing ABA Formal Opinion 477

Posted Leave a commentPosted in Attorney Ethics

Background On May 4, 2017, the ABA released Formal Ethics Opinion 477, “Securing Communication of Protected Client Information” (attached at the end of this post).  This Opinion updates Formal Ethics Opinion 99-413, issued in 1999, which concluded that lawyers could use unencrypted email to communicate with clients.  Those of us who were practicing in 1999 will […]

Fourth Circuit Revives Wikimedia NSA Case

Posted Leave a commentPosted in Cyber Surveillance

Yesterday the Fourth Circuit reinstated a case brought by the Wikimedia Foundation concerning the National Security Agency’s bulk “Upstream” surveillance program.  Under the Upstream program, the NSA collects traffic on the U.S. Internet backbone.  The Government claims that this collection is targeted to specific queries relating to terror investigations and other intelligence matters.  As a result, […]