The Cybersecurity Executive Order: A Right Start

May 13, 2017 President Trump issued two days ago a much anticipated executive order that reflects mature thinking about managing the sprawling kluge of federal networks, a determination to do it, and an over-estimation of the government’s ability to comply with demands for 16 Cabinet-level reports in short order. Whether the order is rigorously implemented [...]

FISA and Foreign Intelligence: Getting the History Straight

The editors of the New England Law Review have kindly given permission to post the following book review in anticipation of its appearance in that review later this year. 51 New Eng. L. Rev. (forthcoming, 2017) Response to: Laura K. Donohue, The Future of Foreign Intelligence: Privacy and Surveillance in a Digital Age (New York: OUP, [...]

Emerging Standard of Care in Data Security: The FTC’s LabMd decision

Company data security practices will now be measured against a legally enforceable standard of care. The National Institute for Standards and Technology (NIST) began creating the groundwork for this standard in 2002,[1] the Third Circuit announced its arrival last year in Wyndham  Hotels[2], and the Federal Trade Commission (FTC or Commission) told you last month [...]

Debating the Chinese Cyber Threat

If you follow cyber conflict issues, you’ll want to see this correspondence from International Security, Vol. 40, No. 1 (Summer 2015), pp. 191–195: In “The Impact of China on Cybersecurity: Fiction and Friction,” Jon Lindsay asserts that the threat of Chinese cyber operations, though “relentlessly irritating,” is greatly exaggerated; that China has more to fear from [...]

Forty Years After Church-Pike: What’s Different Now?

This is the Henry F. Schorreck Memorial Lecture that I delivered at the  National Security Agency May 15, 2015 _____   About ten years ago, when I was the inspector general here, I found myself one day in Hawaii, under the Pineapples, and by coincidence there was at the same time a conference nearby of [...]

Bringing Out the Big Stick

  President Obama yesterday signed an executive order that will put serious economic pressure on organized cyber criminals operating from overseas and on foreign companies that benefit from the cyber theft of American trade secrets and other intellectual property.  I have previously criticized this administration for bringing too little, too late to this fight, but [...]

Let’s Stop Playing Whac-a-Mole on our networks

The White House has been slow to the cyber defense problem and continues to miss the boat.  For years we’ve been playing Whac-a-Mole, but there are too many moles in the garden to whack.  The President’s proposal for better information sharing with the private sector would be a good thing; Congress should pass that bill. [...]

Merely an attack on a German steel producer — or is it a message to Germany?

This link will take you to an account of a sophisticated, network-enabled attack on a German steel producer that disrupted production and caused physical damage to a blast furnace.  We are the beginning, not the end, of an era in which proliferating and uncontrollable expertise, backed by very little capital, can be leveraged to cause [...]

State-Sponsored IP Theft: The Huge Hole in the WTO — and How to Fix It

How is it that the world’s trading nations, including Russia and China, are obligated by treaty to protect other nationals’ intellectual property within their own borders, but are free to steal it when operating abroad?  Near-universal digitization of information and pervasive connectivity have turned state-sponsored IP theft into a plague.   The World Trade Organization was created [...]

A Reflection on Veterans’ Day 2014

I had the good fortune this Veterans’ Day to participate in a panel on surveillance sponsored by the ACLU at Harvard Law School and moderated by Professor Jonathan Zittrain, and the equal good fortune to have as fellow panelists federal appellate Judge Alex Kozinsky and the ACLU’s Alex Abdo.  It was fitting, on the day [...]