Ground Control to Major Dumb

The St. Louis Cardinals, one of baseball’s most famous teams, is under investigation (by both Major League Baseball and the FBI) for allegedly hacking into a data warehouse compiled by the Houston Astros. At first blush, this seems strange: the Cardinals play in the National League Central, and the Astros in the American League West. […]

The Crane Kick and the Unlocked Door

Cybersecurity legislative and policy proposals have had to grapple with when (if ever) firms ought to be held liable for breaches, hacks, and other network intrusions. Current approaches tend to focus on the data that spills when bad things happen: if it’s sensitive, then firms are in trouble; if not personally identifiable, then it’s fine; […]

Against Jawboning

I’d be grateful for feedback on a new draft article, Against Jawboning, coming out in volume 100 of the Minnesota Law Review. Here’s the abstract: Despite the trend towards strong protection of speech in U.S. Internet regulation, federal and state governments still seek to regulate on-line content. They do so increasingly through informal enforcement measures, […]

Celebrities, Copyright, and Cybersecurity

The fall began with a wave of hacked nude celebrity photos (as Tim notes in his great post). The release generated attention to the larger problem of revenge porn – or, more broadly, the non-consensual sharing of intimate media. Legislators and scholars have moved to tackle the problem. Danielle Citron proposes a model statute for criminalizing revenge […]

On Accuracy in Cybersecurity

I have a new article on how to address questions of accuracy in cybersecurity up on SSRN. It’s titled Schrödinger’s Cybersecurity; here’s the abstract: Both law and cybersecurity prize accuracy. Cyberattacks, such as Stuxnet, demonstrate the risks of inaccurate data. An attack can trick computer programs into making changes to information that are technically authorized but […]

Mod a Game Console, Go to Jail

I’ve been puzzling over the 6th Circuit’s new opinion in United States v. Reichert (No. 13-3479, Mar. 28, 2014), in which a divided panel affirmed a defendant’s criminal conviction for violating the Digital Millennium Copyright Act’s anti-trafficking rule (17 U.S.C. § 1201(a)(2)) based on the defendant’s sale of a “modded” video game console to an […]

Cybercrime’s International Challenges

Jane and I are in Cluj-Napoca, Romania, for a conference titled “Crimes, Criminals, and the New Criminal Codes: Assessing the Effectiveness of the Legal Response” at Babes-Bolyai University. Jane is speaking on “Surveillance in a Technological Age: The Case of the NSA,” and I’m giving a talk based on my forthcoming article Ghost in the Network. […]

Shark Tanks and Cybersecurity

It’s the most wonderful time of the year… for data breaches. Target may have compromised as many as 40 million credit and debit cards used by shoppers in their stores. What liability will they face? At George Mason’s excellent workshop on cybersecurity, there was a spirited debate over the mechanisms of enforcing security standards. (This […]

The Law of Internet Intermediaries: Meet the New Boss, Same as the Old Boss

I have a short essay, Middlemen, up at the Florida Law Review Forum. It’s a response to Jacqui Lipton‘s thought-provoking article, Law of the Intermediated Information Exchange (bonus: first page is at 1337!). And, it has a footnote about turtles. Here’s the introduction: Meet the new boss, same as the old boss. The Internet was supposed […]

Search and the First Amendment

Jane and I are in Arlington, Virginia, for a conference on Competition Policy in Search and Social Media at George Mason University. Jane, Neil Richards, Dawn Nunziato, and Stuart Benjamin will discuss the interplay of the First Amendment, regulation, and search / social media. I expect an entertaining fight over whether search results are speech, […]