On Friday, March 30th ISP will be hosting a Privacy Symposium discussing current trends in Privacy and Information Law. Panelist will discuss the EU’s new General Data Protection Regulation, Department of Homeland Security’s entry/exit biometric policy, and the Stop Enabling Sex Trafficking Act (SESTA). Register Here
On Saturday, March 31st there will be a Data Security Competition. All graduate students are invited to participate in teams of 2 – 4 people. The competition will give participants the chance to compete against other local students to manage the incident response of a major company that may have been compromised. Register your team here
By: Eitan Morris
Globalization and technology have led to increases in opportunity and connectivity for individuals and businesses around the globe. In response to the increasingly porous nature of technological barriers, many countries are attempting to exert control through regulation. A common method of regulation is through the implementation of data localization legislation. Data localization is the requirement that data about a country’s citizens or residents be collected, processed, and/or stored on servers physically located in-country. Placing limitations on the cross-boarder transfer of data can have consequences across economic sectors. For these reasons, data localization regimes have been called into question. One key example is Canadian provincial data localization laws which have become a hotly contested element in the e-commerce section of the current North American Free Trade Agreement (NAFTA) renegotiations.
By: Alvaro Maranon
Bitcoin’s popularity has gathered global momentum over the past year, with its unprecedented increase in value that saw its all-time high break the $20,000 mark. With money being made, two questions naturally arose – what exactly are cryptocurrencies and how can they be regulated to protect the players involved? Cryptocurrencies became possible with the development and creation of the Blockchain, and subsequently led to the development of Bitcoin and other cryptocurrencies, ranging from alternative fiat-based currencies to a satirical open source peer-to-peer digital currency based upon the use of Shiba Inus.
On February 6, 2018, the Committee on Banking, Housing, and Urban Affairs held an open session solely focused on Virtual Currencies and the oversight role of the SEC and CFTC. The Chairman of the SEC, Jay Clayton, and the Chairman of the CFTC, Christopher Giancarlo, acknowledged the rapid development and importance of the cryptocurrency market but in turn cautioned investors of the dangers with it being unregulated. Mr. Clayton identified three main takeaways: 1) these are not “currencies” in the traditional meaning and are closer to securities; 2) Initial Coin Offerings (ICOs) have not been registered with the SEC and will be considered as the sale of securities; and 3) be weary of ICOs as they are prone to money-laundering schemes, digital hacks, and “pump and dumps.” Ultimately this hearing marked the first of many hearings aimed at informing regulators of the landscape and how to regulate it.
By: Drusti Gandhi
Cyber extortion, specifically attacks on healthcare organizations, has been on the rise; with no evidence of stopping. Cyber Extortion comes in many ways ranging from ransomware to denial of service and distributed denial of service. Ransomware attack involves encrypting data, blocking the healthcare provider from accessing it, and threatening to publish it unless the attackers are paid. Meanwhile, denial of service and distributed denial of service attack involves continuous assault on the computer system with emails and other traffic, which results in shutting the system down. Attackers then demand money to stop the attack. With the new technological advances in the healthcare, patient’s information is not the only vulnerable target. Wearable health technology and surgical robots in some areas can also become potential targets, which can lead to physical injury or even death.
Continue reading “New, Real, and Deadly Threat to Our Healthcare: Cyber Extortion”
By: Ryan Johnston
As many both in the Internet community and out are aware, December 14, 2017 marked the date that the Federal Communications Commission (FCC) repealed the net neutrality rules put in place by then Chairman Wheeler in 2015. To some this was a step forward in promoting competition between small local and regional service providers, and the national providers that most of us interact with. To others it was the end of an era of fair play online; believing the new rules give service providers the ability to do as they please with no governmental oversight. Regardless of whether the repeal was right or wrong on January 16, 2018, 21 state Attorneys General signed on to a suit against the FCC in opposition of the repeal. On the same day two non-profits, Free Press and Public Knowledge, filed their own suits against the FCC. The major question remains, what is the issue at the heart of these suits? The leader of the suit filed by State AGs, Eric Schneiderman, argues that the policy is arbitrary and capricious because the commission failed to justify the departure from the two-year-old policies in a way supported by the administrative record. Furthermore, Schneiderman’s comments claim that the reclassification of broadband as a Title I information service is based on an erroneous and unreasonable interpretation of the Telecommunications Act. The AGs are also upset that there are broad preemption clauses built into the FCC’s order.
By: Rachel Dodd
This winter South Korea is hosting the 2018 Winter Olympic Games in Pyeochang. On February 9th, viewers from all over the world tuned in to watch the spectacular opening ceremony. However, just a few days after the ceremony, Cisco’s information security branch, Talos, confirmed that a cyber-attack occurred during the Olympic Games opening ceremony. This attack caused the official website to shut down for twelve hours, the Wi-Fi connection in the Olympic stadium to disconnect, and left televisions and internet in media rooms inoperable.
Talos identified the malware that was responsible, which was named “Olympic Destroyer”. Researchers noted that the malware focused on taking down systems and wiping out data, more specifically deleting files and their backup copies. Fortunately, the attack was far less damaging than it could have been. However, suspects of the attack have still not been identified by officials.
Continue reading “2018 Winter Olympics: An Exemplification of the Importance of Information Security Measures During World-Class Sporting Events”
By: Drusti Gandhi
Cyber attacks are certainly happening at a higher rate and with bigger stakes. Within recent years, we had targets from Sony Pictures to Yahoo to DNC and, just recently, Equifax. The question comes to what can private sector do to defend itself from such attacks? Active defenses to cyber attacks are limited in their own ways. Computer Fraud and Abuse Act (CFAA) does not provide much support in way of active defense. It merely prohibits an individual from accessing someone else’s Internet devices without authorization; regardless if the person has malicious intent, or if they were responding to an attack. However, experts have noted that there is a possibility of active defenses depending on how CFAA classifies the word “authorization.” Technically, a victim cannot use defenses that go outside his or her network so any retaliatory attack would have to happen within their own network such as hacking back against a botnet as it pushes security patches onto infected computers. Continue reading “LEGAL HACK BACK: BALANCING RISKS AND BENEFITS”