The Crane Kick and the Unlocked Door

Cybersecurity legislative and policy proposals have had to grapple with when (if ever) firms ought to be held liable for breaches, hacks, and other network intrusions. Current approaches tend to focus on the data that spills when bad things happen: if it’s sensitive, then firms are in trouble; if not personally identifiable, then it’s fine; […]

Against Jawboning

I’d be grateful for feedback on a new draft article, Against Jawboning, coming out in volume 100 of the Minnesota Law Review. Here’s the abstract: Despite the trend towards strong protection of speech in U.S. Internet regulation, federal and state governments still seek to regulate on-line content. They do so increasingly through informal enforcement measures, […]

On Accuracy in Cybersecurity

I have a new article on how to address questions of accuracy in cybersecurity up on SSRN. It’s titled Schrödinger’s Cybersecurity; here’s the abstract: Both law and cybersecurity prize accuracy. Cyberattacks, such as Stuxnet, demonstrate the risks of inaccurate data. An attack can trick computer programs into making changes to information that are technically authorized but […]

Shark Tanks and Cybersecurity

It’s the most wonderful time of the year… for data breaches. Target may have compromised as many as 40 million credit and debit cards used by shoppers in their stores. What liability will they face? At George Mason’s excellent workshop on cybersecurity, there was a spirited debate over the mechanisms of enforcing security standards. (This […]

Search and the First Amendment

Jane and I are in Arlington, Virginia, for a conference on Competition Policy in Search and Social Media at George Mason University. Jane, Neil Richards, Dawn Nunziato, and Stuart Benjamin will discuss the interplay of the First Amendment, regulation, and search / social media. I expect an entertaining fight over whether search results are speech, […]

A Final Report, But Just a Start

The Federal Trade Commission today released its “final report” on consumer data privacy, updating a preliminary staff report from 2010. (Here’s a PDF of all 112 pages). The word “final” should be taken with several metric tons of salt, however — there is nothing final about this report, by its own admission. The report does […]