Cybercrime’s International Challenges

Jane and I are in Cluj-Napoca, Romania, for a conference titled “Crimes, Criminals, and the New Criminal Codes: Assessing the Effectiveness of the Legal Response” at Babes-Bolyai University. Jane is speaking on “Surveillance in a Technological Age: The Case of the NSA,” and I’m giving a talk based on my forthcoming article Ghost in the Network. […]

Shark Tanks and Cybersecurity

It’s the most wonderful time of the year… for data breaches. Target may have compromised as many as 40 million credit and debit cards used by shoppers in their stores. What liability will they face? At George Mason’s excellent workshop on cybersecurity, there was a spirited debate over the mechanisms of enforcing security standards. (This […]

Cyberwar and Cyberespionage

My paper “Ghost in the Network” is available from SSRN. It’s forthcoming in the University of Pennsylvania Law Review. I’m appending the abstract and (weirdly, but I hope it will become apparent why) the conclusion below. Comments welcomed. Abstract Cyberattacks are inevitable and widespread. Existing scholarship on cyberespionage and cyberwar is undermined by its futile […]

Hollywood Comes to Brooklyn

Catchy title, no? Today, Al Perry, Vice President of Worldwide Content Protection and Outreach at Paramount Pictures, came to BLS to talk about movies, piracy, and the Internet. He spoke for about 40 minutes, and then Jason Mazzone offered comments. Next, we had about 30 minutes of spirited discussion with BLS students. I’m writing up […]

Goldilocks and Cybersecurity

It may seem strange in a week where Megaupload’s owners were arrested and SOPA / PROTECT IP went under, but cybersecurity is the most important Internet issue out there. Examples? Chinese corporate espionage. Cyberweapons like Stuxnet. Anonymous DDOSing everyone from the Department of Justice to the RIAA. The Net is full of holes, and there […]

How Not To Secure the Net

In the wake of credible allegations of hacking of a water utility, including physical damage, attention has turned to software security weaknesses. One might think that we’d want independent experts – call them whistleblowers, busticati, or hackers – out there testing, and reporting, important software bugs. But it turns out that overblown cease-and-desist letters still […]

Cyber-Terror: Still Nothing to See Here

Cybersecurity is a hot policy / legal topic at the moment: the SEC recently issued guidance on cybersecurity reporting, defense contractors suffered a spear-phishing attack, the Office of the National Counterintelligence Executive issued a report on cyber-espionage, and Brazilian ISPs fell victim to DNS poisoning. (The last highlights a problem with E-PARASITE and PROTECT IP: […]

The Myth of Cyberterror

UPI’s article on cyberterrorism helpfully states the obvious: there’s no such thing. This is in sharp contrast to the rhetoric in cybersecurity discussions, which highlights purported threats from terrorists to the power grid, the transportation system, and even the ability to play Space Invaders using the lights of skyscrapers. It’s all quite entertaining, except for […]

Spying, Skynet, and Cybersecurity

The drones used by the U.S. Air Force have been infected by malware – reportedly, a program that logs the commands transmitted from the pilots’ computers at a base in Nevada to the drones flying over Iraq and Afghanistan. This has led to comparisons to Skynet, particularly since the Terminators’ network was supposed to become […]

Hacking Bloomberg Law

I had a fun podcast interview with Spencer Mazyck of Bloomberg Law about this summer’s wave of hacking. We talk about who hacks and why, what companies can do about it (treat it like disaster planning), and whether we need to worry about cyberwar. Good fun. I botched the story about Robert Mueller slightly: he […]