New, Real, and Deadly Threat to Our Healthcare: Cyber Extortion

By: Drusti Gandhi

Cyber extortion, specifically attacks on healthcare organizations, has been on the rise; with no evidence of stopping. Cyber Extortion comes in many ways ranging from ransomware to denial of service and distributed denial of service. Ransomware attack involves encrypting data, blocking the healthcare provider from accessing it, and threatening to publish it unless the attackers are paid. Meanwhile, denial of service and distributed denial of service attack involves continuous assault on the computer system with emails and other traffic, which results in shutting the system down. Attackers then demand money to stop the attack. With the new technological advances in the healthcare, patient’s information is not the only vulnerable target. Wearable health technology and surgical robots in some areas can also become potential targets, which can lead to physical injury or even death.
Continue reading “New, Real, and Deadly Threat to Our Healthcare: Cyber Extortion”

Beating a Dead Horse: Title II in the Courts…Again

By: Ryan Johnston

As many both in the Internet community and out are aware, December 14, 2017 marked the date that the Federal Communications Commission (FCC) repealed the net neutrality rules put in place by then Chairman Wheeler in 2015.  To some this was a step forward in promoting competition between small local and regional service providers, and the national providers that most of us interact with. To others it was the end of an era of fair play online; believing the new rules give service providers the ability to do as they please with no governmental oversight. Regardless of whether the repeal was right or wrong on January 16, 2018, 21 state Attorneys General signed on to a suit against the FCC in opposition of the repeal. On the same day two non-profits, Free Press and Public Knowledge, filed their own suits against the FCC. The major question remains, what is the issue at the heart of these suits? The leader of the suit filed by State AGs, Eric Schneiderman, argues that the policy is arbitrary and capricious because the commission failed to justify the departure from the two-year-old policies in a way supported by the administrative record. Furthermore, Schneiderman’s comments claim that the reclassification of broadband as a Title I information service is based on an erroneous and unreasonable interpretation of the Telecommunications Act. The AGs are also upset that there are broad preemption clauses built into the FCC’s order.

Continue reading “Beating a Dead Horse: Title II in the Courts…Again”

2018 Winter Olympics:  An Exemplification of the Importance of Information Security Measures During World-Class Sporting Events

By: Rachel Dodd

This winter South Korea is hosting the 2018 Winter Olympic Games in Pyeochang.  On February 9th, viewers from all over the world tuned in to watch the spectacular opening ceremony. However, just a few days after the ceremony, Cisco’s information security branch, Talos, confirmed that a cyber-attack occurred during the Olympic Games opening ceremony. This attack caused the official website to shut down for twelve hours, the Wi-Fi connection in the Olympic stadium to disconnect, and left televisions and internet in media rooms inoperable.

Talos identified the malware that was responsible, which was named “Olympic Destroyer”. Researchers noted that the malware focused on taking down systems and wiping out data, more specifically deleting files and their backup copies. Fortunately, the attack was far less damaging than it could have been. However, suspects of the attack have still not been identified by officials.
Continue reading “2018 Winter Olympics:  An Exemplification of the Importance of Information Security Measures During World-Class Sporting Events”

ISP Announces its First Annual Privacy Symposium

On Friday, March 30th ISP will be hosting a Privacy Symposium discussing current trends in Privacy and Information Law. Panelist will discuss the EU’s new General Data Protection Regulation, Department of Homeland Security’s entry/exit biometric policy, and the Stop Enabling Sex Trafficking Act (SESTA). Register Here


By: Drusti Gandhi

Cyber attacks are certainly happening at a higher rate and with bigger stakes. Within recent years, we had targets from Sony Pictures to Yahoo to DNC and, just recently, Equifax. The question comes to what can private sector do to defend itself from such attacks? Active defenses to cyber attacks are limited in their own ways. Computer Fraud and Abuse Act (CFAA) does not provide much support in way of active defense. It merely prohibits an individual from accessing someone else’s Internet devices without authorization; regardless if the person has malicious intent, or if they were responding to an attack. However, experts have noted that there is a possibility of active defenses depending on how CFAA classifies the word “authorization.” Technically, a victim cannot use defenses that go outside his or her network so any retaliatory attack would have to happen within their own network such as hacking back against a botnet as it pushes security patches onto infected computers. Continue reading “LEGAL HACK BACK: BALANCING RISKS AND BENEFITS”

SESTA: Congressional Overregulation and Misunderstanding of the Internet

By: Ryan Johnston

On February 8, 1996 then President Bill Clinton signed into law the Communications Decency Act (CDA). The Act sought to regulate both indecency and obscenity on the internet. Section 230 (c)(1) provides “no provider of user or an interactive service shall be treated as the publisher or speaker of any information provided by another information content provider.” This effectively allows an internet service provider to claim immunity in the event a suit is brought against them for

[A]ny action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

However, Section 230 does not protect against violations of federal law by service providers. Continue reading “SESTA: Congressional Overregulation and Misunderstanding of the Internet”

Revenge Porn: A New First Amendment Quandary

By: Drusti Gandhi

Nonconsensual pornography or “revenge porn” as it is widely known is defined as the distribution of sexual images or videos of individuals without the consent of the person(s) depicted. Revenge porn in the mainstream media has generally characterized by ex-boyfriends posting sexually explicit images of their ex-girlfriends on the internet along with the victim’s private information such as names, phone numbers, addresses, and workplaces. Media and public attention of this crime has led to the creation of advocacy groups such as Cyber Civil Rights Initiative (CCRI) and Without My Consent, which provide legal advice and support to victims, as well as information to the general public. Subsequently, the efforts by the organization and various lawsuits against the perpetrators have led to various social networking websites banning sexually explicit images posts without the individual’s permission. Continue reading “Revenge Porn: A New First Amendment Quandary”

Blog at

Up ↑