Sharing Shortcomings

I have a new essay coming out in Loyola University Chicago Law Journal titled Sharing Shortcomings. Comments and feedback are very much welcomed. Here’s the abstract: Current cybersecurity policy emphasizes increasing the sharing of threat and vulnerability information. Legal reform is seen as crucial to enabling this exchange, both within the public and private sectors […]

Ground Control to Major Dumb

The St. Louis Cardinals, one of baseball’s most famous teams, is under investigation (by both Major League Baseball and the FBI) for allegedly hacking into a data warehouse compiled by the Houston Astros. At first blush, this seems strange: the Cardinals play in the National League Central, and the Astros in the American League West. […]

The Crane Kick and the Unlocked Door

Cybersecurity legislative and policy proposals have had to grapple with when (if ever) firms ought to be held liable for breaches, hacks, and other network intrusions. Current approaches tend to focus on the data that spills when bad things happen: if it’s sensitive, then firms are in trouble; if not personally identifiable, then it’s fine; […]

Celebrities, Copyright, and Cybersecurity

The fall began with a wave of hacked nude celebrity photos (as Tim notes in his great post). The release generated attention to the larger problem of revenge porn – or, more broadly, the non-consensual sharing of intimate media. Legislators and scholars have moved to tackle the problem. Danielle Citron proposes a model statute for criminalizing revenge […]

Cyberwar and Cyberespionage

My paper “Ghost in the Network” is available from SSRN. It’s forthcoming in the University of Pennsylvania Law Review. I’m appending the abstract and (weirdly, but I hope it will become apparent why) the conclusion below. Comments welcomed. Abstract Cyberattacks are inevitable and widespread. Existing scholarship on cyberespionage and cyberwar is undermined by its futile […]

Whereupon I Depress Lifehacker Readers

Because DVD ripping is illegal if you bypass DRM. Which, most of the time, you have to.

Petraeus and Privacy

The resignation of CIA Director David Petraeus, after a cyberharassment investigation brought his affair with biographer Paula Broadwell to light, has generated a fascinating upsurge in privacy worries. (Side note: I believe “working with my biographer” has now superseded “hiking the Appalachian Trail” as the top euphemism for infidelity). Orin Kerr has an excellent summary […]

Research Project on State Information Laws

My friend Sasha Romanosky, a research fellow at the Information Law Institute at NYU and the co-author of a great paper on data breach notification laws, is looking for your help with a research project: Greetings, I am involved in a research project that examines state laws affecting the flow of personal information. This information could […]

When Cybersecurity Makes Things Worse

Adam Dachis has an interesting and worrisome post up at Lifehacker. (Disclosure: he kindly asked me for input into the post.) It thinks about a post-CISPA world, where privacy exists only at the behest of companies who hold our information. CISPA would immunize these firms for sharing information with the federal government, so long as […]

The Myth of Perfection

As promised, The Myth of Perfection is now available at the Wake Forest Law Review Online.