By: Drusti Gandhi

Cyber attacks are certainly happening at a higher rate and with bigger stakes. Within recent years, we had targets from Sony Pictures to Yahoo to DNC and, just recently, Equifax. The question comes to what can private sector do to defend itself from such attacks? Active defenses to cyber attacks are limited in their own ways. Computer Fraud and Abuse Act (CFAA) does not provide much support in way of active defense. It merely prohibits an individual from accessing someone else’s Internet devices without authorization; regardless if the person has malicious intent, or if they were responding to an attack. However, experts have noted that there is a possibility of active defenses depending on how CFAA classifies the word “authorization.” Technically, a victim cannot use defenses that go outside his or her network so any retaliatory attack would have to happen within their own network such as hacking back against a botnet as it pushes security patches onto infected computers. Continue reading “LEGAL HACK BACK: BALANCING RISKS AND BENEFITS”

SESTA: Congressional Overregulation and Misunderstanding of the Internet

By: Ryan Johnston

On February 8, 1996 then President Bill Clinton signed into law the Communications Decency Act (CDA). The Act sought to regulate both indecency and obscenity on the internet. Section 230 (c)(1) provides “no provider of user or an interactive service shall be treated as the publisher or speaker of any information provided by another information content provider.” This effectively allows an internet service provider to claim immunity in the event a suit is brought against them for

[A]ny action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

However, Section 230 does not protect against violations of federal law by service providers. Continue reading “SESTA: Congressional Overregulation and Misunderstanding of the Internet”

Revenge Porn: A New First Amendment Quandary

By: Drusti Gandhi

Nonconsensual pornography or “revenge porn” as it is widely known is defined as the distribution of sexual images or videos of individuals without the consent of the person(s) depicted. Revenge porn in the mainstream media has generally characterized by ex-boyfriends posting sexually explicit images of their ex-girlfriends on the internet along with the victim’s private information such as names, phone numbers, addresses, and workplaces. Media and public attention of this crime has led to the creation of advocacy groups such as Cyber Civil Rights Initiative (CCRI) and Without My Consent, which provide legal advice and support to victims, as well as information to the general public. Subsequently, the efforts by the organization and various lawsuits against the perpetrators have led to various social networking websites banning sexually explicit images posts without the individual’s permission. Continue reading “Revenge Porn: A New First Amendment Quandary”

Baby Steps: Congress’ First Action to Scale Back Obama-Era Privacy Controls

By Steve Keegan

Some have decried it as a death knell for internet privacy as we know it, while others say we are back on course for a strong and innovative economy. But what really is S.J.Res 34, a “CRA,” and, more importantly, what does this mean to the average consumer dawdling away in cyberspace? Continue reading “Baby Steps: Congress’ First Action to Scale Back Obama-Era Privacy Controls”

The Battle to Transfer Personal Data Between the EU and U.S.

By Michael Baker

The EU Charter of Fundamental Rights (“Charter”) provides Europeans the fundamental right to respect for private and family life; the protection of personal data; the right to have a fair trial; and the right to a legal remedy. These rights are the primary focus in the discussion on how personal data is transferred commercially across the Atlantic. The European Union (“EU”) and the United States (“U.S.”) have worked together for two years to develop a system where companies can transfer personal data from within the EU to servers in the United States. The flow of data between the EU and U.S. is critical for the economic success and political stability of these two Governments. Continue reading “The Battle to Transfer Personal Data Between the EU and U.S.”

ISP Hosts DOJ CCIPS Trial Attorney

ISP will be hosting its first event on Wednesday, April 12, 2017 at 5pm in Room NT08.

International Collaboration in Cyber Crime Investigations: The Past, Present, & Future

A lecture by: 

Richard Green

US DOJ Computer Crime and Intellectual Property Section

Blog at

Up ↑