The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.
Patrick Lin is the director of the Ethics + Emerging Sciences Group, based at California Polytechnic State University, San Luis Obispo, where he is also an associate philosophy professor. He has published several books and papers in the field of technology ethics, especially with respect to nanotechnology, human enhancement, robotics, cyberwarfare, space exploration, and other areas. He teaches courses in ethics, political philosophy, philosophy of technology, and philosophy of law. Dr.
Assistant Professor, Legal Studies and Business Ethics, Wharton School, University of Pennsylvania
Dr. Andrea M. Matwyshyn is a leading authority on corporate information security regulation, commercial and consumer privacy law, and technology law. She studies "hackers" - both destructive and entrepreneurial - and the legal and developmental psychology consequences of machine-human convergence, particularly for children.
Today, 21 cyberlaw and/or cybersecurity professors and researchers joined a letter calling for the Senate to reject the Cybersecurity Information Sharing Act ("CISA"). Endorsing the concerns raised in an April 2015 technologists' letter, the signatories identify the fundamental problem with CISA, namely, that it will achieve little to address the real cybersecurity challenges facing US industry.
Tomorrow, the U.S. House Judiciary Committee will hold a hearing on reforming the Computer Fraud and Abuse Act (CFAA). Before you start thinking, "it's about time", note that the witness list includes someone from the Department of Justice, the Federal Bureau of Investigation and the Business Software Alliance. The only reform proponent is former computer crime prosecutor Orin Kerr, now a Professor at George Washington University Law School.
Today, Rep. Zoe Lofgren in conjunction with Reps.
The Trump Administration this week formally accused the North Korean government of responsibility for the WannaCry ransomware attacks that hobbled hundreds of thousands of computers “in more than 150 countries” in May 2017.
Rep. Tom Graves (R-GA) and Rep. Kyrsten Sinema (D-AZ) introduced the Active Cyber Defense Certainty Act (H.R. 4036) in the House of Representatives on Oct. 13. The bill would amend the Computer Fraud and Abuse Act (CFAA)—the main federal statute that governs computer hacking—effectively to allow victims of certain cyber intrusions to take defensive measures that would otherwise violate the CFAA’s prohibitions on unauthorized access to computers.
Arguing that a defendant’s conviction for website hacking should be overturned because legitimate, highly valuable security and privacy research commonly employs techniques that are essentially identical to what the defendant did and that such independent research is of great value to academics, government regulators and the public even when – often especially when — conducted without a website owner’s permission.
"Business law professor and author of the study Scott Shackelford says it would be similar to the National Transportation Safety Board investigation model. He says that model is applicable to cybersecurity.
“It’s not only formal investigators that dig into the details of why an airplane happened to crash, but they look into bigger issues like culture at manufacturers, at airlines,” says Shackelford. “We thought a similar approach would be really helpful for cybersecurity because typically, it’s not just one thing that’s at fault in big data breaches.”"
"Kristen Eichensehr, an assistant professor at UCLA School of Law who specializes in cybersecurity issues, said the Europeans begin any privacy discussion with a presumption that individuals have a right to control their personal information.
“We don’t have a similar right in this country,” she observed.
For that reason, Eichensehr said, “it’s hard to imagine much of what Europe is doing being implemented in the U.S.”"
"According to Andrea Matwyshyn, professor of law and computer science at Northeastern University, if companies help cyber criminals make money off hacks, they will only continue.
"Andrea Matwyshyn, a professor of law and computer science at Northeastern University, said that unless the owner or operator of a system specifically authorizes an attempt to guess a password, anyone who does so and enters that system could be charged under the CFAA. It wouldn't matter whether the password was obtained through insider knowledge or via a brute force attack, she said."
""Contrary to Rosenstein's inflammatory digs, strong encryption does help prevent crime, such as identity theft -- something 'responsible' companies need to worry about at a time when massive data breaches regularly dominate the headlines," said Riana Pfefferkorn, a cryptography fellow at Stanford Law School.
"Professor Brett Frischmann at Villanova University states, "the problem some companies face with self-dealing by IT professionals is complex because it is an area where contract and trade secrecy laws' protections may be inadequate. In some cases, other laws such as the Computer Fraud and Abuse Act can be helpful.”"
In January 2017 the US finally designated voting machines as a critical infrastructure. Why do you think it’s appropriate? What’s got you worried?
It's appropriate because picking the next leader of the free world unfettered from foreign interference should be at least as important to us as turning the lights on or using our smartphones.
Looking ahead to the 2018 and 2020 US elections, I’m worried about the ability of technology to now produce very accurate fake audio and video files.
"When it comes to fighting cyber crimes in Hollywood, it’s a case of pay now or pay later. Matwyshyn said the entertainment industry is a prime target for hackers because the stakes are high, and those who work in the industry may not be paying close attention to internet security practices. It’s relatively easy to send a “phishing” email to a studio executive, advising them to click on a link. And just like that, hackers are in.
"Moreover, Scott Shackelford, cybersecurity program chair at Indiana University, said the case in part “illustrates the difficulty of shutting down botnets (given how easy it is to set up new command and control servers), along with the trouble of protecting trademarks online. At a higher level, it helps highlight the difficulty of exercising jurisdiction in an interconnected world.”"
"It can be tempting to try to hide information or use technological tricks such as 'duress passwords' that, if used instead of the genuine one, unlock the device but keep a portion of the data hidden and encrypted. But Jennifer Granick, who studies cybersecurity law at Stanford University in California, warns against such strategies. “You don't want to lie to a government agent. That can be a crime.” And border guards are not likely to be sympathetic to the argument that a researcher has a legal duty to prevent anyone from seeing confidential data.
Join Mozilla and Stanford Center for Internet and Society for the third installment in a series of conversations about government hacking. Information from our first two events is available online: discussing the vulnerabilities disclosure process and recent changes to Federal Rule of Criminal Procedure 41.
Sextortion—defined as blackmail (often by the threat of releasing sexually explicit images of the victim) carried out over a computer network, which forces victims to engage in some form of sexual activity online—is a new term for a new crime. The remote coercion of sex is a crime that was impossible until recently, but with the expansion of the Internet and proliferation of webcams, Sextortion is a growing form of exploitation. This remarkably understudied crime has affected thousands of people, almost entirely women and children.
Presented by: Catholic University Columbus School of Law’s Journal of Law & Technology
2016 Journal of Law & Technology Symposium
Cybersecurity and Privacy in the Internet Economy: Information Sharing, Data Security, and Intellectual Property
March 17, 2016
2:00 p.m. - 5:30 p.m.
The 2015 Santa Clara Journal of International Law presents
“Critical Global Business Issues: When Theory Meets Practice”
Hosted by Santa Clara Law, the Santa Clara Journal of International Law, and the Center for Global Law and Policy
Friday, February 6th, 2015 (all day)
Saturday, February 7th, 2015 (morning session)
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer.
On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not guilty.
Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)
Evgeny Morozov and Andrew McLaughlin will debate the sincerity, utility and repercussions of America's commitment to a free Internet. They will discuss the desireability of network neutrality and network regulation in the context of US foreign policy, the ways to balance user privacy with the growing needs of law enforcement agencies; and the emerging threats to freedom of expression that are inherent in the technical design as well as the business imperatives of today's Web.
Andrew is a lawyer (Harvard '94) who has worked as Deputy Chief Technology Officer of the U.S. in the Obama White House, Director of Global Public Policy at Google, Vice President and Chief Policy Officer at ICANN, Senior Fellow at the Berkman Center, and as a member of the litigation team that successfully challenged the Communications Decency Act before the Supreme Court in 1997.Please RSVP for this free event.
"That inability to address growing cyber risk is part of what makes state and local governments easy targets for hackers, says Brian Nussbaum, a professor focusing on cybersecurity at the State University of New York at Albany. At the federal level, defense and intelligence agencies have large security staffs with deep expertise that other federal agencies often rely on. “States really don’t have that deep well of technical assistance to draw upon,” says Nussbaum."
"FBI Director James Comey has said that voter-registration sites in at least a dozen states — including Arizona — were targeted by hackers.
Department of Homeland Security Secretary Jeh Johnson has broached the idea of increasing the protection for the nation’s voting systems. They could potentially be put under the umbrella of critical infrastructure, which currently includes the electrical grid and the banking system, among other things.
Last week Yahoo announced that 500 million accounts had been hacked – consumer names, email addresses, phone messages, passwords and birth dates were stolen. It is one of the biggest security breaches in history. We’re been seeing a lot more cyber attacks on companies, individuals and the government in recent years. So who is behind them and what can consumers do to protect ourselves online?
Emails of the Democratic National Committee were leaked this summer. Last year, a Chinese hack of the US Office of Personnel Management exposed the personal data of millions of Americans. So, how safe is the ballot box? Cybersecurity expert Dr. Richard Forno, Assistant Director of the UMBC Center for Cybersecurity, walks us through the potential vulnerabilities of voting systems in America.
Image Credit smysnbrg/Flickr via Creative Commons
Many of America’s top cybersecurity executives are gathering in Las Vegas this week for an annual conference known as Black Hat 2016. Organizers say hacking remains a major concern and that many of the country’s digital infrastructure is vulnerable, as demonstrated by a series of recent high-profile attacks on consumer companies and political organizations. So what can be done to keep information safe? On this week’s HashtagVOA, we ask a few experts for answers.
With the news that Russian hackers stole Democratic National Committee campaign data, the threats of cyber espionage and cyber attacks from foreign entities are all the more real.
Last week, health insurance giant Anthem revealed that the personal information of as many as 80 million customers was stolen by hackers. This news came just days before President Obama announced the creation of a new agency to analyze and counter cyber threats. In this hour, we look at Obama’s cybersecurity agenda, and the cyber-security challenges that face users in the coming year.
Hacking generally has a pejorative meaning, namely, someone who accesses a computer by circumventing its security system. But, hacking may also refer to excellence in programming —the kind of innovation that built the Internet. Penn Professor Andrea Matwyshyn knows the difference and tells Jim Zirin how to stay away from the dark side of the Internet.