The Crane Kick and the Unlocked Door

Cybersecurity legislative and policy proposals have had to grapple with when (if ever) firms ought to be held liable for breaches, hacks, and other network intrusions. Current approaches tend to focus on the data that spills when bad things happen: if it’s sensitive, then firms are in trouble; if not personally identifiable, then it’s fine; […]

In Memoriam: Greg Lastowka

I am deeply saddened to learn of the news of the death of my friend Greg Lastowka, a professor at Rutgers-Camden School of Law. Greg was a pioneer in studying virtual worlds and video games, and his work forms a good part of the foundation in that field. His work had that wonderful quality of […]

Privacy in a Data Collection Society

Jane and I are here with a great group of presenters and attendees at a conference at Loyola University Chicago School of Law, Privacy in a Data Collection Society. I’m speaking this afternoon on the folly of information sharing as a means of improving cybersecurity, and I’ll post a cleaned-up draft of my remarks here […]

Against Jawboning

I’d be grateful for feedback on a new draft article, Against Jawboning, coming out in volume 100 of the Minnesota Law Review. Here’s the abstract: Despite the trend towards strong protection of speech in U.S. Internet regulation, federal and state governments still seek to regulate on-line content. They do so increasingly through informal enforcement measures, […]

Celebrities, Copyright, and Cybersecurity

The fall began with a wave of hacked nude celebrity photos (as Tim notes in his great post). The release generated attention to the larger problem of revenge porn – or, more broadly, the non-consensual sharing of intimate media. Legislators and scholars have moved to tackle the problem. Danielle Citron proposes a model statute for criminalizing revenge […]

On Accuracy in Cybersecurity

I have a new article on how to address questions of accuracy in cybersecurity up on SSRN. It’s titled Schrödinger’s Cybersecurity; here’s the abstract: Both law and cybersecurity prize accuracy. Cyberattacks, such as Stuxnet, demonstrate the risks of inaccurate data. An attack can trick computer programs into making changes to information that are technically authorized but […]

ACLU Challenges Arizona Revenge Porn Law

The ACLU, ably assisted by Dentons US LLP, has filed a challenge to Arizona’s revenge porn law in federal district court (complaint, ACLU blog, WIRED story). This is great news for Arizonans: the bill was terribly drafted and unconstitutional from the moment it was signed into law. Fighting revenge porn is important, but as Arizona […]

Icanhazjurisdiction?

Alan Trammell and I have a new article coming out on the problems of personal jurisdiction analysis when it involves Internet contacts. (The title is Personal Jurisdiction and “teh Interwebs”; I tried very hard to convince Alan to go with the title of this post, to no avail.) Abstract is below; we’d love your comments […]

Why Aren’t “Hacked” Celebrities Filing Takedown Notices?

Writing today in Slate, Emily Bazelon complains that the law does not do enough to protect the privacy rights of celebrities whose accounts were illicitly “hacked” last weekend, resulting in the release of unauthorized nude photos the celebrities apparently took of themselves. Bazelon contrasts what she characterizes as the celebrities’ inability to remove their objectionable content […]

Cybercrime’s International Challenges

Jane and I are in Cluj-Napoca, Romania, for a conference titled “Crimes, Criminals, and the New Criminal Codes: Assessing the Effectiveness of the Legal Response” at Babes-Bolyai University. Jane is speaking on “Surveillance in a Technological Age: The Case of the NSA,” and I’m giving a talk based on my forthcoming article Ghost in the Network. […]