Scott Ikeda reports: The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors. The country is taking a formal position on extending international law to the digital realm, something that nations have…
Category: Legislation
Pennsylvania lawmakers consider requiring government data breach notifications
WHTM reports: Pennsylvania Senator Kristin Phillips, who chairs the technology committee, held a hearing on June 7 about a proposal to require prompt disclosure whenever there is a data breach within the state government. In her opinion, the state should have revealed the unemployment and contact tracing breaches that took place. “Citizens are tired of…
California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the…
What Counts as “Good Faith Security Research?”
Brian Krebs writes: The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting…
Thailand’s Personal Data Protection Act Enters into Force
Hunton Andrews Kurth writes: On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic,…
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
Andrew Crocker of EFF responds to the announcement this week by DOJ about its revised policy for enforcement of the Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work…