Law Commons^™

Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod

University of Miami Law Review

Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack …

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Ohio's Data Protection Act And/As A Process-Based Approach To "Reasonable" Security, Brian Ray

Akron Law Review

This essay argues that the ODPA [Ohio Data Protection Act], which has become a model for similar laws and legislative proposals in several other states, in effect creates a process-based standard for cybersecurity. It does so by incorporating the risk-based approach used by the listed cybersecurity frameworks as the defacto standard for reasonable security for organizations seeking to qualify for the Act’s affirmative defense. This article summarizes the ODPA and then explains the risk-based approach of the cybersecurity frameworks it incorporates. It then argues that this risk-based approach in effect establishes a process-based definition of reasonable security and explains why …

Security In The Digital Age, Michael Gentithes

Akron Law Review

Rapidly evolving technology allows governments and businesses to elevate our collective well-being in ways we could not have imagined just decades ago. Data is now a resource that governments and businesses alike can mine to address the world’s needs with greater efficiency, accuracy, and flexibility. But evolving technology and advanced data analytics also come with risk. New digital capabilities also create new means for nefarious actors to infiltrate the complex technological systems at the heart of nearly all of our daily activities. Just as new digital tools emerge to offer unique goods and services, new tools allow wrongdoers to invade …

Blockchain Safe Harbor? Applying The Lessons Learned From Early Internet Regulation, Amy Cyphert, Sam Perl

Marquette Law Review

It has been more than a quarter century since Congress enacted twin safe harbor provisions to help protect and encourage the growth of a nascent internet by removing some liability and regulatory uncertainty. Today, there are calls for a similar safe harbor provision for blockchain, the technology behind cryptocurrencies and smart contracts. What lessons have we learned from the implementation of the internet safe harbor provisions, Section 230 of the Communications Decency Act, and Section 512 of the Digital Millennium Copyright Act? This Article charts the history of those provisions and their judicial construction over the decades. It also examines …

Cyberattacks: An Underlying Condition Exacerbated By The Covid-19 Pandemic, Kaitlyn Palmeter

The Journal of Business, Entrepreneurship & the Law

COVID-19 continues to change the world in unforeseen ways triggering a new era of corporate data breaches. This article will illustrate how cyberattacks have increased in severity during the pandemic, how current laws and government officials are trying to evolve with the current threats and technology, how victims of cyberattacks risk sanctions and potential lawsuits, and concludes by suggesting solutions throughout to increase Cybersecurity.

Legal Implications Of A Ubiquitous Metaverse And A Web3 Future, Jon M. Garon

Marquette Law Review

The metaverse is understood to be an immersive virtual world serving as the locus for all forms of work, education, and entertainment experiences. Depicted in books, movies, and games, the metaverse has the potential not just to supplement real-world experiences but to substantially supplant them. This Article explores the rapid emergence and evolution of the Web3 technologies at the heart of the metaverse movement. Web3 itself is a paradigmatic shift in internet commerce.

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

The Rise Of 5g Technology: How Internet Privacy And Protection Of Personal Data Is A Must In An Evolving Digital Landscape, Justin Rabine

Catholic University Journal of Law and Technology

No abstract provided.

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

A Deep Dive Into Technical Encryption Concepts To Better Understand Cybersecurity & Data Privacy Legal & Policy Issues, Anthony Volini

Journal of Intellectual Property Law

Lawyers wishing to exercise a meaningful degree of leadership at the intersection of technology and the law could benefit greatly from a deep understanding of the use and application of encryption, considering it arises in so many legal scenarios. For example, in FTC v. Wyndham1 the defendant failed to implement nearly every conceivable cybersecurity control, including lack of encryption for stored data, resulting in multiple data breaches and a consequent FTC enforcement action for unfair and deceptive practices. Other examples of legal issues requiring use of encryption and other technology concepts include compliance with security requirements of GLBA & HIPAA, …

What's The Harm? Federalism, The Separation Of Powers, And Standing In Data Breach Litigation, Grayson Wells

Indiana Law Journal

This Comment will argue that the Supreme Court should analyze standing in data breach litigation under a standard that is deferential to state statutory and common law. Specifically, federal standing analysis should look to state law when determining whether an injury is concrete such that the injury-in-fact requirement is met. Some argue that allowing more data breach cases to proceed to the merits could lead to an explosion of successful litigation and settlements, burdening the federal courts and causing economic losses for the breached businesses. These concerns may be valid. But if state law provides a remedy to the harm …

Self-Defense To Cyber Force: Combatting The Notion Of ‘Scale And Effect', Thomas Eaton

American University International Law Review

No abstract provided.

The (Possibly) Injured Consumer: Standing In Data Breach Litigation, Lauren M. Lozada

St. John's Law Review

(Excerpt)

This Note will address the question of what factors a prospective plaintiff must display to “push [a] threatened injury of future identity theft beyond the speculative to the sufficiently imminent.” Part I will delve into relevant statistics to identify the characteristics of a data breach that most often lead to eventual identity theft. Part II will explore recent data breach standing cases and analyze the factual differences and legal perspectives that have led to disparate results among the federal circuits. Lastly, Part III will recommend a method for evaluating future data breach standing issues.

Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco

Touro Law Review

No abstract provided.

The Survival Of Critical Infrastructure: How Do We Stop Ransomware Attacks On Hospitals?, Helena Roland

Catholic University Journal of Law and Technology

Our nation’s infrastructure is under an emerging new threat: ransomware attacks. These attacks can cause anything from individual laptops, to entire cities to shut down for a period of time until the victim pays a ransom to the attacker. Unfortunately, these attacks are on the rise and the attackers have a new target: hospitals. Ransomware attacks on hospitals can temporarily shut down operating room technology and limit physician access to patient files, ultimately threatening the safety of hospital patients and the surrounding community. This paper examines how the threat of ransomware attacks on hospitals is on the rise and what …

Defining Critical Infrastructure For A Global Application, Colleen M. Newbill

Indiana Journal of Global Legal Studies

A Google search for the phrase "critical infrastructure" turns up 189 million results in little more than a half second: ''global critical infrastructure" has 151 million results; and "definition of critical infrastructure" yields 71.5 million results. The list of what industries and sectors fall under the critical infrastructure designation expands as time progresses and technology develops. As the threat of cyberattacks increases and this frontier of terrorism continues to emerge, attacks on critical infrastructure are high on the list of concerns and the need for protective measures imperative. The focus on protecting critical infrastructure does not stop at the borders …

Protecting Personal Data: A Model Data Security And Breach Notifications Statute, Michael Bloom

St. John's Law Review

(Excerpt)

This Note argues that current law is inadequate to protect consumers in light of the prevalence and severity of data breaches in recent years, and that a unifying federal legislation combining portions of state law and the DSBNA should be enacted. Part I of this Note analyzes the DSBNA for notification requirements when data breaches occur, the requirements for the implementation of security policies, regulatory mechanisms for monitoring compliance with these requirements, and criminal penalties for failing to comply. Part II summarizes the various state laws that exist for notification of data breaches. Part III proposes a model federal …

Data Protection In An Increasingly Globalized World, Nicholas F. Palmieri Iii

Indiana Law Journal

With the rise of the internet in recent decades, it has become increasingly easy for various enterprises—including retailers, advertising agencies, and service providers—to acquire, use, and even share the personal details of their users. Such a trend is unlikely to decrease in the coming years; in fact, internet usage is only likely to increase as more and more people gain access to the internet. In the wakeof recent data breaches, including the now infamous breach of Equifax as well as the scandal involving Facebook and Cambridge Analytica, people are even more aware of the need for (and the risk of …

Building Bridges: International Trade Law, Internet Governance, And The Regulation Of Data Flows, Neha Mishra

Vanderbilt Journal of Transnational Law

The regulation of internet data flows touches upon various distinct disciplines including internet governance and international trade law. In internet governance, three fundamental principles, namely, internet openness, internet security, and internet privacy apply to regulation of internet data flows. This Article argues that internet privacy and security, when implemented in a reasoned and transparent manner by different stakeholders, enable internet openness--thus, challenging the dominant perspective that cybersecurity and privacy requirements constrain the free flow of data. Further, this Article introduces a unique perspective by arguing that these three principles (notwithstanding their nonbinding nature) play an important role in applying trade …

Creating A National Data Privacy Law For The United States, Shaun G. Jamison

Cybaris®

No abstract provided.

The Threat Is Real: Protecting The Energy Infrastructure From Cyberattacks, Patricia Blotzer

Barry Law Review

No abstract provided.

The Battlefield Of Tomorrow, Today: Can A Cyberattack Ever Rise To An “Act Of War?”, Christopher M. Sanders

Utah Law Review

In a sense, war has not changed. The end results will always remain the same: death and destruction; even if that destruction is not fully tangible. The results may be instantaneous, or they may be delayed. It is only the means implemented to achieve these destructive ends that evolve. Cyberwarfare is a product of that evolution. Most importantly, we must always remain abreast of evolution and the changes in warfare in order to effectively and efficiently respond to new attacks, and to prevent them as well.

This Note sheds light on recent evolution in warfare. It enlightens the reader of …

“Private” Cybersecurity Standards? Cyberspace Governance, Multistakeholderism, And The (Ir)Relevance Of The Tbt Regime, Shin-Yi Peng

Cornell International Law Journal

We are now living in a hyper-connected world, with a myriad of devices continuously linked to the Internet. Our growing dependence on such devices exposes us to a variety of cybersecurity threats. This ever-increasing connectivity means that vulnerabilities can be introduced at any phase of the software development cycle. Cybersecurity risk management, therefore, is more important than ever to governments at all developmental stages as well as to companies of all sizes and across all sectors. The awareness of cybersecurity threats affects the importance placed on the use of standards and certification as an approach.

The Industrial Internet Of Things: Risks, Liabilities, And Emerging Legal Issues, Mauricio Paez, Kerianne Tobitsch

NYLS Law Review

No abstract provided.

Ng9-1-1, Cybersecurity, And Contributions To The Model Framework For A Secure National Infrastructure, Andrew Jackson Coley

Catholic University Journal of Law and Technology

9-1-1 call networks form the foundation of emergency communications infrastructure. However, a lack of funding and taking such networks for granted has led to a gradual yet predictable outdating of this critical infrastructure. Fortunately, recent efforts have acknowledged as such, and dedicated public safety officials have worked to update 9-1-1 systems to Next Generation 9-1-1 (NG9-1-1).
NG9-1-1 is an IP-based network with 21^stcentury technology capable of handling increased call volume, more resilient networks, and providing significantly more data to first responders, among litany of other advancements. With this much needed advancement comes the responsibilities of ensuring a secure …

Cybersecurity And Tax Reform, Michael Hatfield

Indiana Law Journal

INTRODUCTION

I. THE PAST AND FUTURE OF THE IRS AS A CYBERATTACK TARGET

A. IRS AS A CYBERATTACK TARGET

B. THE FUTURE OF THE IRS AS A CYBERATTACK TARGET1. INFORMATION TECHNOLOGY

2. TAX INFORMATION

3. TYPES OF FUTURE ATTACKS

II. THE IRSWILL FAIL TO IMPLEMENT ADEQUATE CYBERSECURITY

A. VERY POOR HISTORY OF IMPROVING TECHNOLOGY

B. INADEQUATE FUNDING

C. INABILITY TO RECRUIT AND RETAIN EXPERTS

D. TOOMANY USERS

E. CYBERSECURITY IS DIFFICULT

III. BETTER DIGITAL TECHNOLOGY IS NOT THE GOAL

A. SLOWING THE USE OF DIGITAL TECHNOLOGY

B. CYBERSECURITY AND TAX REFORM

1. PAY-AS-YOU-EARN (PAYE)

2. SIMPLIFIED INCOME TAX

3. PURIFIED …

Password Please: The Effectiveness Of New York's First-In-Nation Cybersecurity Regulation Of Banks, Melissa Knerr

The Business, Entrepreneurship & Tax Law Review

In March of 2017, New York enacted new cybersecurity legislation focused on regulating banking security. Cybersecurity attacks on the financial sector have risen recently and the federal and state governments are looking to combat data breaches. The regulations themselves strive to regulate security conduct by the financial institutions, including required testing and risk assessment, training for cybersecurity personnel, and mandated reporting to upperlevel staff as well as the New York Department of Financial Services. While these regulations are the first of their kind and strive to set in place certain basic requirements for cybersecurity, it remains to be seen how …

The Sky Is Not Falling: An Analysis Of The National Strategy For Trusted Identities In Cyberspace And The Proposed Identity Ecosystem, Aaron L. Jackson

Oklahoma Journal of Law and Technology

No abstract provided.