Cory Bennett reports: Aaron’s Law is back in Congress. Named for Aaron Swartz — the programmer and digital activist who took his life while facing data theft charges — the bill would ease punishments stemming from the law under which Swartz was charged, the Computer Fraud and Abuse Act (CFAA). Rep. Zoe Lofgren (D-Calif.) is backing…
Category: Federal
At long last, Congress passes law to strip Social Security numbers from Medicare cards
Robert Pear reports that although the federal government already prohibits private insurers using Social Security numbers on insurance cards when they provide benefits under contract with Medicare, Medicare itself has continued to issue new Medicare cards with Social Security numbers imprinted on them. And as anyone who hasn’t been asleep through the past decade knows, that’s been a recipe…
New bill would protect security research hacking
Cory Bennett reports: Sen. Ron Wyden (D-Ore.) and Rep. Jared Polis (D-Colo.) introduced a bill Thursday that would exempt responsible hacking from prosecution under existing copyright law. The security and academic community has long worried they could face legal action for basic research, which often involves examining computer networks in a way that may technically run afoul…
FTC and Wyndham Present Arguments on Whether FTC has Declared Unreasonable Cybersecurity Practices Unfair
Katherine Gasztonyi writes: On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a violation of the FTC Act…
House Dem to introduce separate data breach bill
Elise Viebeck reports: A co-chairman of the House Cybersecurity Caucus is planning to introduce a data breach bill that would not create federal security standards for private companies. Rep. Jim Langevin (D-R.I.) announced that he will release two cyber-related measures on Thursday: one to require companies to disclose data breaches to affected customers within 30…
Allegations of Indirect Access Held Insufficient To State Claim Under CFAA – Court
David J. Clark of Epstein Becker & Green, P.C., writes: On March 20, 2015, a California federal court rejected an expansive reading of the Computer Fraud and Abuse Act (“CFAA”) urged by two plaintiff corporations that sought to hold a competitor and two of its directors liable under the CFAA, under an agency theory, for the actions…