If you’re a security researcher, you’ll definitely want to read this. Nadia Kayyali writes: This summer, Senator Sheldon Whitehouse introduced an amendment to the flawed Cyber Information Sharing Act (CISA) that would make it even worse, by expanding the broken Computer Fraud and Abuse Act (CFAA). EFF has proposed common sense changes to this federal anti-hacking law, many of which were included in “Aaron’s…
Category: Commentaries and Analyses
Does the FTC really assess compliance with consent orders? If so, how well?
Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…
DEA obtains a federal search warrant for patient data on MicroMD
Justin Shafer pointed me to a case where the government, investigating a healthcare provider, served SaaS MicroMD with a federal search warrant for some patients’ data. You can read Justin’s write-up on his blog, but the case reminds us that patient data can be disclosed to law enforcement without patients’ awareness or consent, and that unencrypted patient…
U.S. & China agree to stop conducting economic espionage in cyberspace
Ellen Nakashima and Steven Mufson report: The United States and China have agreed that neither country will conduct economic espionage in cyberspace in a deal that addresses a major source of tension in the bilateral relationship. The pact also calls for a process aimed at helping to ensure compliance. Read more on Washington Post. Now…
DoD Issues Guidance on Privacy Breach Notices
From the Federal Manager’s Daily Report: The Pentagon has issued guidance to DoD components on considerations for making public announcements regarding breaches of private information, an issue that has been much in the mind of the federal workforce in recent months following disclosure of two major cyber hacks of personally identifiable information, or PII, held…