Last Week in Tech Law & Policy, Vol.2: The Inside Scoop

(by Chelsea E.  Brooks, Colorado Law 2L)

State of the Union:  This week, I want to look ahead to President Obama’s State of the Union Address, which will be held Friday,  January 20th.  The President has revealed cybersecurity as being one of the key issues he will address. In particular, he is proposing a 30-day window in which companies must notify consumers that their data has been breached, is championing criminalization of selling credit card information outside of the U.S.,  and is expected to recommend to Congress a Consumer Privacy Bill of Rights.  In addition to consumer-focused proposals, the President wants to broaden the legal definition of unauthorized computer access under the Computer Fraud and Abuse Act (CFAA) and increase penalties for computer access crimes.

Back to Sony:  Connecting back to last week’s post, could the Sony hacking scandal have been influential in directing this agenda?  As mentioned in Vol.1, the Sony hack has “broad implications for the future of law enforcement, crime and punishment, privacy, and war.”  Those implications may already be coming to light as Shaun Donovan, the Director of the Office of Management and Budget, has cited to the Sony hack in writing the Administration’s cybersecurity proposals to Congress.  Donovan states:

[T]he dramatic increase in cyber intrusions and the recent destructive and coercive attack on Sony Pictures Entertainment offer a stern reminder that we must act with urgency to do everything possible to better protect the Nation and economy against cyber threats.

With that statement in mind, consider two questions posed by the New York Times:

When should the federal government step in to fight hackers? And is America’s own use of cyberweapons a complicating factor?

Blackhat:  Hollywood’s recent connections with cybersecurity don’t stop with the Sony hack.  The just-released Blackhat glamorizes the world of hacking and raises the question: could the current climate of fear of cyber crime lead to over-inclusive policy making?  Members of the Obama administration are already citing to the Sony hack as reasoning for increasing punishments and broadening the power of the CFAA. Is this reasoning justifiable?  Can increasing penalties effectively deter undesirable hacking?  (The legal ramifications didn’t seem to deter the Sony hackers.)

Last Week in Tech Law & Policy, Vol.1: Net Neutrality and the Sony Hack

(by Blake E. Reid, TLPC Director)

Just about every week during the fall and spring semesters, the TLPC spends time discussing current events in tech law and policy. Our students do a great job researching and highlighting current events, so this semester we thought we’d share what we’re reading with the world.

I have the task of leading our inaugural discussion, so I’m going to focus on two events that have blown up over our winter break:

Net Neutrality. While it’s hard to narrow down the 10+ year-old net neutrality / Open Internet discussion down, the biggest news over break was the soft-launch of the Commission’s plan to reclassify ISPs under Title II of the Telecommunications Act— announced at the Consumer Electronics Show—in rules to be voted on at the Commission’s February open meeting. Other interesting issues waiting in the wings include the treatment of wireless providers, the Commission’s approach to forbearance, various other bells and whistles of the final item (I’m particularly interested in the treatment of reasonable network management and the premises operator exception), and how the courts and Congress will ultimately impact the state of play (or not).

The Sony Hack. There’s so much to say about this, but I’ve been most interested in the epistemological debate over whodunit (is it North Korea, or isn’t it?), and the difficulty of assessing adversaries online. This is the tip of the iceberg for this phenomenon, which has broad implications for the future of law enforcement, crime and punishment, privacy, and war.

See you next week!

Will the FCC Let You Retain Your Privacy and the Cybersecurity of Your Information When You Text 911?

(by Spencer Rubin and Trip Nistico, Colorado Law 2Ls, and Vickie Stubbs, ATLAS Institute)

Two weeks ago, the TLPC submitted reply comments on the Third Further Notice of Proposed Rulemaking (FNPRM) in the Federal Communications Commission’s Text-to-911 (TT911) docket. Among the many areas in which the FCC sought comment on rules for text messages to 911, we focused on the privacy and cybersecurity implications of sharing enhanced location information via text message to emergency responders.

Continue reading “Will the FCC Let You Retain Your Privacy and the Cybersecurity of Your Information When You Text 911?”

TLPC files DMCA exemption for good faith security research

The TLPC continued its efforts in the Copyright Office’s triennial review last week by filing a petition for exemption from the anti-circumvention measures in Section 1201 of the Digital Millennium Copyright Act (DMCA) for circumventing technological protection measures (TPMs) to perform good faith security research. The TLPC filed the petition, drafted by student attorneys Chris Meier, Amber Williams, and Bridgett Murphy on behalf of  Dr. Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute.