CFAA Beacon Bill

Posted Leave a commentPosted in CFAA

Representatives Tom Graves (R-GA) and Kyrsten Sinema (D-AZ) have introduced a bill to amend the Computer Fraud and Abuse Act. The bill, titled the “Active Cyber Defense Certainty Act,” would allow the defensive use of “beaconing” technology (see H.R. 4036).  A “beacon” is a program that causes traffic to leave a network at regular intervals.  […]

Microsoft and the Law of the Cloud: to the Supreme Court

Posted Leave a commentPosted in Cloud, Cyber Crime, ECPA

Last year I wrote about Microsoft’s Stored Communications Act litigation.  The dispute has now worked its way up to the Supreme Court.  Andrew Keane Woods offers a good primer on the case on the Lawfare Blog.  I generally agree with Andrew’s take:  (1) the extraterritoriality issues do not seem to raise major sovereignty concerns; and (2) […]

Bot Code, Norms, and Law

Posted Leave a commentPosted in Cyber Risks, Internet Governance

There’s a good post on Dark Reading by Ido Safruti about norms and etiquette for bot code.  According to Imperva’s most recent bot traffic report, bots comprise the majority of Internet traffic.  May bots are intentionally disruptive or misleading — for example, bots that create comment link spam on blogs.  Others are useful — for example, […]

Cybersecurity and Social Media Use by Sex Offenders: Packingham v. North Carolina

Posted Leave a commentPosted in Cyber Speech, Personal Safety

This week the U.S. Supreme Court decided Packingham v. North Carolina, a first amendment challenge to a state statute that prohibited convicted sex offenders from accessing certain “commercial social networking” sites.  I include cases like this that involve the protection of minors, harassment, stalking, and the like under the rubric of “cybersecurity” because these issues of […]

Slides on Cybersecurity and Legal Ethics

Posted Leave a commentPosted in Attorney Ethics, Uncategorized

I’m also speaking later with Brett Harris on cyber security and legal ethics.  Here are our slides.

Tabletop for NJSBA Second Annual Cybersecurity Conference

Posted Leave a commentPosted in Cyber Compliance / Regulation, Cyber Risks

Here is a tabletop exercise I drafted that we’ll be running at the Second Annual NJSBA Cybersecurity Conference. Acme Corp. manufactures and sells industrial control systems (ICS).  ICS devices integrate computer chips, hardware and software and can be programmed to monitor, regulate and control various components of commercial manufacturing, assembly and packaging plants.  For example, […]

Implementing ABA Formal Opinion 477

Posted Leave a commentPosted in Attorney Ethics

Background On May 4, 2017, the ABA released Formal Ethics Opinion 477, “Securing Communication of Protected Client Information” (attached at the end of this post).  This Opinion updates Formal Ethics Opinion 99-413, issued in 1999, which concluded that lawyers could use unencrypted email to communicate with clients.  Those of us who were practicing in 1999 will […]

Fourth Circuit Revives Wikimedia NSA Case

Posted Leave a commentPosted in Cyber Surveillance

Yesterday the Fourth Circuit reinstated a case brought by the Wikimedia Foundation concerning the National Security Agency’s bulk “Upstream” surveillance program.  Under the Upstream program, the NSA collects traffic on the U.S. Internet backbone.  The Government claims that this collection is targeted to specific queries relating to terror investigations and other intelligence matters.  As a result, […]

Facebook and Terrorism: Cohen v. Facebook and Force v. Facebook

Posted Leave a commentPosted in National Security

It’s well-known that Facebook, Twitter, YouTube, and other social media platforms are used for propaganda and recruiting purposes by terrorist groups such as ISIL.  A number of Jewish groups filed lawsuits alleging that Facebook should be held civilly liable for facilitating terrorist attacks against Jews.  Two of these cases recently were dismissed by Judge Nicholas […]

WannaCry Ransomware and Legal Fault

Posted Leave a commentPosted in Cyber Insurance, Cyber Risks

The WannaCry Ransomware attack has spread throughout the world over the past week.  Fingers are pointing at Microsoft for the vulnerability in earlier versions of Windows, at the NSA for creating the leaked exploit, and at North Korea for allegedly perpetrating the attack.  There is blame to go around, but if we were to assess […]