Last Week in Tech Policy #57: Medjacking

(by Justin Manusov, Colorado Law 3L)

Hacking. Tapping. Cracking. Medjacking.

In the TV show Homeland episode Broken Hearts, a CIA informant  is forced to retrieve a serial number that corresponds to the American Vice President’s pacemaker. A terrorist gains access to the VP’s pacemaker, accelerates his heartbeat and induces a heart attack.

Former Vice President Dick Cheney revealed that when he had a device implanted to regulate his heartbeat in 2007, he had his doctors disable its wireless capabilities to prevent a possible assassination attempt.

The health IT community is beginning to take medjacking seriously.

Continue reading “Last Week in Tech Policy #57: Medjacking”

Last Week in Tech Policy #56: LEDs Talk About Lights!

(By Sophia Galleher, Colorado Law 2L)

Some people enter Newark Airport and look up. The lights, like many LEDs, seem almost too crisp—too bright. But most travelers, perhaps worried about missing a connection or losing a wayward child in the terminal, rush through the airport without raising a brow; the LEDs lights, twinkling down from their chic, architectural fixtures, don’t really beg much thought. They seem innocuous enough.

But just know, the next time you walk through Newark Airport, that those lights are watching you.

Continue reading “Last Week in Tech Policy #56: LEDs Talk About Lights!”

Last Week in Tech Policy #54: Challenges of Apprehending and Combating Cybercriminals

(by Jordan Demo, Colorado Law 2L)

The recent Equifax breach affecting approximately 143 million people has left many to call for justice—but justice for whom? After-the-fact investigations have tended to focus on whether the targeted entities took sufficient or reasonable measures to protect their systems. But what is the process for bringing attackers to justice? How are attackers who take the personal information of companies and individuals held accountable? What can be done to help deter this kind of behavior?

Continue reading “Last Week in Tech Policy #54: Challenges of Apprehending and Combating Cybercriminals”

Last Week in Tech Policy #53: Equifax and Data Breach in the Modern Era

(by Susan Miller, Colorado Law 2L)

A cyberattack on Equifax, a consumer credit reporting agency, was announced last week. The breach was especially problematic for a variety of reasons:

  1. Equifax’s job is to gather and maintain sensitive personal information. Yet it learned of the breach in July but failed to inform the public of the breach until September, taking more than two months to give consumers notice of the breach.
  2. The breach put the personal information of 143 million Americans, nearly one-third of the entire population, at risk. This personal information includes names, social security numbers, birth dates, addresses, driver’s license numbers, and in some cases, credit card numbers.
  3. Three Equifax executives sold their stock days only days after the company learned of the attack and before the public was notified.

Equifax is offering free credit monitoring and, thanks to angry consumers, waived fees for setting up credit freezes through Equifax.

Continue reading “Last Week in Tech Policy #53: Equifax and Data Breach in the Modern Era”

Last Week in Tech Policy #48: Playpen and Government Hacking

(by Sergey Frolov, University of Colorado Computer Science Ph.D candidate)

In the U.S., it is illegal to produce, distribute, and possess child pornography. Playpen is a now-defunct child pornography website. The FBI managed to trace the site’s operators, then obtained a warrant and seized the web server on which the site ran.

However, instead of shutting the server down immediately, the FBI continued to operate Playpen for an additional 13 days. During that time, according to the Electronic Frontier Foundation, the FBI sent malware to visitors to the site in order to identify and prosecute them for possession of child pornography.

Continue reading “Last Week in Tech Policy #48: Playpen and Government Hacking”

Last Week in Tech Policy #47: W3C and EME—Is DRM Being Inserted in Your Web Browser?

(By Lucas Ewing, Colorado Law 2L)

The World Wide Web Consortium (W3C) is an international organization whose goal is to set standards for the World Wide Web. Due to W3C’s highly technical subject matter, internal discussions rarely broach the public discourse, but recently, open internet advocates and some W3C members have expressed concern over plans to endorse Encrypted Media Extensions (EMEs).

Continue reading “Last Week in Tech Policy #47: W3C and EME—Is DRM Being Inserted in Your Web Browser?”

Last Week in Tech Policy #42: @realDonaldTrump: How Twitter is Changing Communications from the White House

(By Connor Boe, Colorado Law 2L)

After it was first announced that President Trump would continue to use his personal Twitter account after taking office, it has become clear that social media is going to become a dominant source of information from the White House. How might social media impact the consistency and clarity of messaging that the American public has come to expect from the executive branch?

Trump first created the @realDonaldTrump account in 2009 and has tweeted roughly 34,000 tweets and accrued over 22 million followers since. Since the election Trump has used Twitter along with other social media platforms to release policy statements, personal opinions, and a surprising number of politically polarizing statements.  This new form of communication from the President creates some interesting dynamics, some possible opportunities, and a multitude of challenges that need to be considered as we enter a new era of American politics.

Continue reading “Last Week in Tech Policy #42: @realDonaldTrump: How Twitter is Changing Communications from the White House”

Understanding and Solving the Problems that Non-Service-Initialized Devices and Non-Emergency 911 Calls Cause for PSAPs, First Responders, and the Public

(by Zach Goldberg and Eilif Vanderkolk, TLPC Student Attorneys)

Over the past several months, the TLPC, in collaboration with the National 911 Program, has researched problems burdening 911 call centers, with the aim of discovering solutions to improve the efficiency of emergency response throughout the country. Specifically, we have examined the negative impact of calls made from non-service-initialized devices (“NSIDs”) and high non-emergency 911 call volume upon the efficacy of public safety answering points (PSAPs). We aimed to gain deeper understanding of how 911 systems work, the difficulties they face, and how changes in law and policy, technology, and consumer awareness and behaviors might help. However, crafting effective solutions to these problems is difficult because the factors contributing to high non-emergency 911 call volume figures are complex, and reliable, precise studies and data is scarce. We explore these problems in the attached white paper.


Autonomous Vehicle Cybersecurity Threats: Physical Layer Jamming and Spoofing Attacks

(by Zach Goldberg, TLPC Student Attorney)

Over the past month, the TLPC has researched autonomous vehicle technology and its susceptibility to physical layer cyber attacks, with the aim of encouraging research and development efforts to counteract such threats. We sought to gain deeper understanding of the communication systems that enable autonomous vehicle technology, the vulnerabilities of these systems to jamming and spoofing attacks, and possible defenses against such attacks. We explore these issues in the attached comment, filed in the National Highway Traffic Safety Administration’s latest proceedings relating to autonomous vehicle safety and vehicular cyber security.

Autonomous Vehicle Jamming and Spoofing Comment

Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices

(by Zachary Goldberg, Colorado Law 2L)

Apparently Yahoo waited two full months to disclose to its customers the largest consumer data breach in history, which Yahoo officials claim went undetected for two full years

On September 22, 2016, Yahoo officials announced that 500 million of its customers’ email accounts were hacked in 2014. The Yahoo security team believes that “state-sponsored hackers” somehow managed to penetrate Yahoo’s system to target its email users’ identifying information, passwords, and security question responses. At this stage in their investigation, Yahoo officials have not indicated precisely when they discovered the breach, and they know neither specific details as to who orchestrated it, nor how they gained access to Yahoo’s email system.

Continue reading “Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices”