Cory Bennett reports: Sen. Ron Wyden (D-Ore.) and Rep. Jared Polis (D-Colo.) introduced a bill Thursday that would exempt responsible hacking from prosecution under existing copyright law. The security and academic community has long worried they could face legal action for basic research, which often involves examining computer networks in a way that may technically run afoul…
Category: Federal
FTC and Wyndham Present Arguments on Whether FTC has Declared Unreasonable Cybersecurity Practices Unfair
Katherine Gasztonyi writes: On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a violation of the FTC Act…
House Dem to introduce separate data breach bill
Elise Viebeck reports: A co-chairman of the House Cybersecurity Caucus is planning to introduce a data breach bill that would not create federal security standards for private companies. Rep. Jim Langevin (D-R.I.) announced that he will release two cyber-related measures on Thursday: one to require companies to disclose data breaches to affected customers within 30…
Allegations of Indirect Access Held Insufficient To State Claim Under CFAA – Court
David J. Clark of Epstein Becker & Green, P.C., writes: On March 20, 2015, a California federal court rejected an expansive reading of the Computer Fraud and Abuse Act (“CFAA”) urged by two plaintiff corporations that sought to hold a competitor and two of its directors liable under the CFAA, under an agency theory, for the actions…
Criminalizing the Overseas Sale of Stolen U.S. Financial Information
I’ve been posting some of the U.S. Department of Justice’s attempts to justify their proposed amendments to cybersecurity laws. Here’s how the most recent post in their series begins: In the last of our series on the need for limited updates to laws enhancing cybersecurity while protecting individual rights, this post will describe a proposal that is geared…
OCR’s Enforcement of HIPAA’s Privacy and Security Rules Continues with Robust 2014
From the I-must-have-a-different-definition-of-‘robust’ dept.: Douglas Dahl writes: With the news of the recent cyber-attack and resulting data breach at health insurance giant Anthem Inc., the buzz around data security and privacy is again high. The Anthem breach serves as a reminder to those entities subject to the Health Insurance Portability and Accountability Act (HIPAA) that…