The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.
I'm pleased to announce that my latest law journal article has just been published in the new issue of the Richmond Journal of Law and Technology: Shooting the Messenger: Remediation of Disclosed Vulnerabilities as CFAA “Loss." The article reviews post-Van Buren Computer Fraud and Abuse Act cases to determine whether lower courts have followed the Van Buren Court's dicta that "loss" under the CFAA shou Read more about New law journal article on the Computer Fraud and Abuse Act
As a cybersecurity professional, I see plenty of risks that worry me as Twitter becomes a private company – but one in particular stands out more than any other.
Specifically, I believe Twitter under Musk is facing serious and pervasive questions of trust across a wide range of issues.
Europe’s top telecom regulator dealt a strong blow to Europe’s biggest telecoms in a report released in October, finding “no evidence” to justify the proposal from large broadband companies like Deutsche Telekom and Orange to force websites and apps to pay them. Read more about EU’s Top Telecom Regulator: Big Telecoms’ Proposal to Force Websites to Pay Them Puts the Internet at Risk
The examples also illustrate what I think is a very real risk: that state enforcers may abuse transparency laws, using them to reshape platforms’ actual policies. I think it should be possible to mitigate this risk. But we can only do so if we recognize it. Read more about State Abuse of Transparency Laws and How to Stop It
Did Twitter ignore basic security measures? A cybersecurity expert explains a whistleblower’s claims
On Wednesday, European top telecom regulator BEREC, which consists of the national telecom regulators from across the EU, published its revised net neutrality guidelines. The guidelines now prohibit broadband providers’ zero-rating offers that benefit select apps or categories of apps, whether they do so for free or require apps to pay to be included. Read more about European Regulators Just Stopped Facebook, Google and Big Telecoms’ Net Neutrality Violations
I discuss here two illustrative cases of paradoxical puzzles in cybersecurity:
1) To reduce failures, aim at having some failures;
2) To get better international cybersecurity, have fewer rules and limit prosecutorial-type enforcement.
First, to reduce failures, don't aim at a state where there are no failures. More sophisticated approaches to cybersecurity embrace paradox (or, if you will, irony). One salient example is the concept of “zero trust,” where, in effect, cybersecurity never sleeps. Additionally, a state of perfect security would breed complacency. Preferable to have imperfect security, where skirmishes lead to vigilance, and modest occurrences of failure cultivate determination.
Second, while rules and enforcement are important parts of any cybersecurity program, in dealing with nation-state actors who may not be subject to U.S. domestic law enforcement (akin to dealing with quantum particles that do not observe Newtonian laws of physics), it's often preferable to aim at somewhat ambiguous principles which enjoy broad consensus than to aim at rules and enforcement. Read more about Tool Without A Handle: Cybersecurity Paradoxes
The E.U.’s top telecom regulator BEREC is set to issue new net neutrality rules, after the European Court of Justice found that discriminatory zero-rating plans such as T-Mobile’s StreamOn and Vodafone’s Pass violate Europe’s net neutrality law. Read more about Facebook, Google & Big Telecoms Want to Keep Violating Net Neutrality in Europe. Regulators Should Stop Them.
The Law Commission in the United Kingdom recently completed its massive study on domestic legal reform for automated driving. As the UK government works to implement the study’s thoughtful recommendations, the Commission’s experts are now turning to the topic of remote driving. I’m happy to offer a few thoughts.
First, “remote driving” encompasses a range of scenarios.
The remote human might be: Read more about On Remote Driving