The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.
"Albert Gidari, director of privacy for the Center for Internet and Society at Stanford Law School, said, at best, an "indictment is better than silence or inaction," but may not be an effective hacker deterrent.
"As to how regulators might take on enforcement, Northeastern University professor Andrea Matwyshyn, who has advised the FTC on data security policy, said that a major question regulators going forward is the lack of precedent for something like the Yahoo hack. The SEC, for example, would handle an investigation pertaining to whether investors were properly advised of the risks of a major breach. But it’s not clear what the SEC might do.
"“The law should require, not just encourage, reasonable data security practices from companies that collect, process, and share personal information,” said law professor Woodrow Hartzog in a hearing in 2015. “This will fortify the protection of personal information in the United States and help ensure that fewer breach notifications need to be sent at all.”"
"If this most recent attack is also state-sponsored, says Albert Gidari, the director of Privacy at the Stanford Center for Internet and Society, "it's government espionage that's really at issue."
Gidari says the size of the breach fits the profile of a government actor, which is typically motivated by an interest in collecting "large volumes of data that gets warehoused for future reference."
""It could have been beyond the scope, but I’m sure the investors are going to be asking if it was beyond the scope, then why was it," says Scott Shackelford, an associate professor of business law and ethics at Indiana University’s Kelley School of Business who’s written about cybersecurity due diligence."
"That order grants Yahoo immunity, said Albert Gidari, director of privacy at Stanford University's Center for Internet and Society. "I think it is pretty clear that if Yahoo rendered technical assistance to the government pursuant to a FISA order or directive, it faces no liability for doing so and is immunized for doing so," Gidari said in an email.
"“This is another example of how the government is pushing secretly novel or innovative interpretations of surveillance law” to conduct wiretapping in broader ways than the public realizes, said Jennifer Granick, the director of civil liberties at the Stanford Law School Center for Internet and Society."
""I've never seen that, a wiretap in real time on a 'selector,"' said Albert Gidari, a lawyer who represented phone and Internet companies on surveillance issues for 20 years before moving to Stanford University this year. A selector refers to a type of search term used to zero in on specific information.
"It would be really difficult for a provider to do that," he added."
"Hemant Bhargava, professor of technology management at University of California-Davis, and Northeastern University law professor Andrea Matwyshyn discussed the implications of the data breach at Yahoo on the Knowledge@Wharton show on Wharton Business Radio on SiriusXM channel 111. (Listen to the podcast at the top of this page.)