This is Prof. David Opderbeck’s homepage relating to cybersecurity, privacy, artificial intelligence, Internet, and other technology law and policy. I have been practicing, teaching, and writing about technology law since the mid-1990’s. I also teach Constitutional Law, Copyright Law, and other intellectual property law courses.

A New Jersey Law Journal article published in 1995 notes that I was the first lawyer in New Jersey to establish an Internet home page. According to that article, at that time, 30 million people had Internet access and 74 law firms were listed in the Yahoo! directory. Today there are over 3 billion Internet users worldwide and nearly every law firm has a website. The Internet’s astonishing growth is one thing that makes this subject challenging and fun.

From The Cybersecurity Lawyer Newsletter:

  • New Paper on Data Breach Harms
    This is a draft of my paper Cybersecurity and Data Breach Harms: Theory and Reality, forthcoming in the Maryland Law Review.
  • ePrivacy Regulation Proposal
    On February 10, 2021, the Council of the European Union released its proposed ePrivacy Regulation. If adopted, the ePR will complement and extend the GDPR. The ePR would be deemed lex specialis in relation to the GDPR as lex generalis, meaning the ePR would take precedence in the event of any conflicts. The ePR would… Continue reading ePrivacy Regulation Proposal
  • North Korean Hacker Indictment
    Today Federal prosecutors in California unsealed an indictment against North Korean members of Lazarus Group and APT38 alleging $1.3 billion in theft and extortion. The Indictment is notable for the scale of the nation-state sponsored economic criminal activity it describes.
  • The Virus and Ransomware
    In the middle of the pandemic, things we used to take for granted feel frightening.  A trip to the grocery store, taken only when truly necessary, seems like stepping onto the set of a post-apocalyptic movie, as shoppers eye each other suspiciously from behind face masks while picking over thinly-stocked shelves.  Cyber criminals, unfortunately, know… Continue reading The Virus and Ransomware
  • Human Rights in Cyberspace Outside the West
    Here’s a video for one of my classes on human rights in cyberspace outside the West.
  • Google v. Oracle
    I’m presenting today at Stevens Institute of Technology on the Google v. Oracle case about copyright in APIs. Here are my slides.
  • Legal Ethics and Technology
    I’m speaking tonight at the Gibbons Institute of Law, Science & Technology’s “Legal Ethics, Technological Competence and New Technologies” event.  I’ll focus on Comment 8 to ABA Model Rule 1.1, ABA Formal Opinion 477, and ABA Formal Opinion 483, all of which concern a lawyer’s ethical duties in relation to new technologies.  Here’s the slide… Continue reading Legal Ethics and Technology
  • AI Data Privacy Concerns
    Here’s a working list of legal concerns regarding AI and data privacy: Legal Problem #1: Do you have authority to collect the data? Legal Problem #2: Do you have authority to use the data? Legal Problem #3: Do you have authority to retain the data? Legal Problem #4: Does your algorithm need to be fair?… Continue reading AI Data Privacy Concerns
  • AI in the Pharma Industry
    On Thursday I’m speaking at the Mayer Brown Life Sciences Symposium on AI, Blockchain, and Automation in the pharma industry.  Here’s a graph from a recent EY Report showing the ways in which big data and automation will impact the pharma and healthcare industries.   These developments promise to revolutionize healthcare for the better.  From a… Continue reading AI in the Pharma Industry
  • Encryption and the Fifth Amendment
    This afternoon I’m presenting at the Hofstra Law School IP Colloquium on my paper The Skeleton in the Hard Drive:  Encryption and the Fifth Amendment.  Here are my slides. [google-drive-embed url=”https://drive.google.com/file/d/1BGkHdofptEBeJjkbbi9gkpycbnjtmlMa/preview?usp=drivesdk” title=”The Skeleton in the Hard Drive.pptx” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.openxmlformats-officedocument.presentationml.presentation” width=”100%” height=”400″ style=”embed”]
  • Disrupt NJ
    Speaking tonight at Disrupt NJ on “Corporate Social Responsibility and Cybersecurity.”  Here are my slides. [google-drive-embed url=”https://drive.google.com/file/d/1drmCVDg-mNkCfTp8bD6Mr56i_iqVnr2x/preview?usp=drivesdk” title=”csrtechethics.pptx” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.openxmlformats-officedocument.presentationml.presentation” width=”100%” height=”400″ style=”embed”]
  • Law and AR / VR: “Asymmetric Reality”
    On Friday I spoke at the “Virtual Legality” symposium at the University of Maryland Law School.  Here are my slides.  My talk emphasized the “second half of the chessboard” effect concerning data collection in AR / VR. [google-drive-embed url=”https://drive.google.com/file/d/1w5Vew5vBXL_fL26ZbYatwEiqlgTUpFjr/preview?usp=drivesdk” title=”maryland presentation.pptx” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.openxmlformats-officedocument.presentationml.presentation” width=”100%” height=”400″ style=”embed”]
  • The NIST Framework: Introduction
    A new video from our YouTube channel on the NIST Framework for cybersecurity compliance.
  • Russia’s Other Cyber Attack
    Russia’s meddling in the 2016 Presidential election obviously has captured plenty of media attention.  Less well known is that, according to a recent U.S. CERT Report, Russia has been “targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors” with cyber intrusions.  The CERT Report… Continue reading Russia’s Other Cyber Attack
  • Cybersecurity and Corporate Social Responsibility
    My article Cybersecurity, Encryption, and Corporate Social Responsibility has been published in the current edition of the Georgetown Journal of International Affairs.  I argue in this paper that “[c]ompanies such as Apple should recognize that they have a social responsibility to work with governments on security issues, and such a corporate social responsibility norm should… Continue reading Cybersecurity and Corporate Social Responsibility
  • Standing Reconsidered: Fero v. Excellus Health Plan
    An interesting decision from Judge Elizabeth Wolford of the Western District of New York has revived a data breach claim against Excellus Health Plan.  The court had previously dismissed claims by plaintiffs who did not allege any actual misuse of there personal data for lack of standing.  Plaintiffs moved for reconsideration based on the Second… Continue reading Standing Reconsidered: Fero v. Excellus Health Plan
  • CFAA Beacon Bill
    Representatives Tom Graves (R-GA) and Kyrsten Sinema (D-AZ) have introduced a bill to amend the Computer Fraud and Abuse Act. The bill, titled the “Active Cyber Defense Certainty Act,” would allow the defensive use of “beaconing” technology (see H.R. 4036).  A “beacon” is a program that causes traffic to leave a network at regular intervals. … Continue reading CFAA Beacon Bill
  • Microsoft and the Law of the Cloud: to the Supreme Court
    Last year I wrote about Microsoft’s Stored Communications Act litigation.  The dispute has now worked its way up to the Supreme Court.  Andrew Keane Woods offers a good primer on the case on the Lawfare Blog.  I generally agree with Andrew’s take:  (1) the extraterritoriality issues do not seem to raise major sovereignty concerns; and (2)… Continue reading Microsoft and the Law of the Cloud: to the Supreme Court
  • Bot Code, Norms, and Law
    There’s a good post on Dark Reading by Ido Safruti about norms and etiquette for bot code.  According to Imperva’s most recent bot traffic report, bots comprise the majority of Internet traffic.  May bots are intentionally disruptive or misleading — for example, bots that create comment link spam on blogs.  Others are useful — for example,… Continue reading Bot Code, Norms, and Law
  • Cybersecurity and Social Media Use by Sex Offenders: Packingham v. North Carolina
    This week the U.S. Supreme Court decided Packingham v. North Carolina, a first amendment challenge to a state statute that prohibited convicted sex offenders from accessing certain “commercial social networking” sites.  I include cases like this that involve the protection of minors, harassment, stalking, and the like under the rubric of “cybersecurity” because these issues of… Continue reading Cybersecurity and Social Media Use by Sex Offenders: Packingham v. North Carolina
  • Slides on Cybersecurity and Legal Ethics
    I’m also speaking later with Brett Harris on cyber security and legal ethics.  Here are our slides. [google-drive-embed url=”https://drive.google.com/file/d/0BzS0leqU862xbFVLaTVHNDYtZHM/preview?usp=drivesdk” title=”Final Cyber 2017 Presentation.ppt” icon=”https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.ms-powerpoint” width=”100%” height=”400″ style=”embed”]
  • Tabletop for NJSBA Second Annual Cybersecurity Conference
    Here is a tabletop exercise I drafted that we’ll be running at the Second Annual NJSBA Cybersecurity Conference. Acme Corp. manufactures and sells industrial control systems (ICS).  ICS devices integrate computer chips, hardware and software and can be programmed to monitor, regulate and control various components of commercial manufacturing, assembly and packaging plants.  For example,… Continue reading Tabletop for NJSBA Second Annual Cybersecurity Conference
  • Implementing ABA Formal Opinion 477
    Background On May 4, 2017, the ABA released Formal Ethics Opinion 477, “Securing Communication of Protected Client Information” (attached at the end of this post).  This Opinion updates Formal Ethics Opinion 99-413, issued in 1999, which concluded that lawyers could use unencrypted email to communicate with clients.  Those of us who were practicing in 1999 will… Continue reading Implementing ABA Formal Opinion 477
  • Fourth Circuit Revives Wikimedia NSA Case
    Yesterday the Fourth Circuit reinstated a case brought by the Wikimedia Foundation concerning the National Security Agency’s bulk “Upstream” surveillance program.  Under the Upstream program, the NSA collects traffic on the U.S. Internet backbone.  The Government claims that this collection is targeted to specific queries relating to terror investigations and other intelligence matters.  As a result,… Continue reading Fourth Circuit Revives Wikimedia NSA Case
  • Facebook and Terrorism: Cohen v. Facebook and Force v. Facebook
    It’s well-known that Facebook, Twitter, YouTube, and other social media platforms are used for propaganda and recruiting purposes by terrorist groups such as ISIL.  A number of Jewish groups filed lawsuits alleging that Facebook should be held civilly liable for facilitating terrorist attacks against Jews.  Two of these cases recently were dismissed by Judge Nicholas… Continue reading Facebook and Terrorism: Cohen v. Facebook and Force v. Facebook