Law Commons^™

Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod

University of Miami Law Review

Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack …

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Ohio's Data Protection Act And/As A Process-Based Approach To "Reasonable" Security, Brian Ray

Akron Law Review

This essay argues that the ODPA [Ohio Data Protection Act], which has become a model for similar laws and legislative proposals in several other states, in effect creates a process-based standard for cybersecurity. It does so by incorporating the risk-based approach used by the listed cybersecurity frameworks as the defacto standard for reasonable security for organizations seeking to qualify for the Act’s affirmative defense. This article summarizes the ODPA and then explains the risk-based approach of the cybersecurity frameworks it incorporates. It then argues that this risk-based approach in effect establishes a process-based definition of reasonable security and explains why …

Security In The Digital Age, Michael Gentithes

Akron Law Review

Rapidly evolving technology allows governments and businesses to elevate our collective well-being in ways we could not have imagined just decades ago. Data is now a resource that governments and businesses alike can mine to address the world’s needs with greater efficiency, accuracy, and flexibility. But evolving technology and advanced data analytics also come with risk. New digital capabilities also create new means for nefarious actors to infiltrate the complex technological systems at the heart of nearly all of our daily activities. Just as new digital tools emerge to offer unique goods and services, new tools allow wrongdoers to invade …

Two Visions Of Digital Sovereignty, Sujit Raman

Joint PIJIP/TLS Research Paper Series

No abstract provided.

Blockchain Safe Harbor? Applying The Lessons Learned From Early Internet Regulation, Amy Cyphert, Sam Perl

Marquette Law Review

It has been more than a quarter century since Congress enacted twin safe harbor provisions to help protect and encourage the growth of a nascent internet by removing some liability and regulatory uncertainty. Today, there are calls for a similar safe harbor provision for blockchain, the technology behind cryptocurrencies and smart contracts. What lessons have we learned from the implementation of the internet safe harbor provisions, Section 230 of the Communications Decency Act, and Section 512 of the Digital Millennium Copyright Act? This Article charts the history of those provisions and their judicial construction over the decades. It also examines …

Cyberattacks: An Underlying Condition Exacerbated By The Covid-19 Pandemic, Kaitlyn Palmeter

The Journal of Business, Entrepreneurship & the Law

COVID-19 continues to change the world in unforeseen ways triggering a new era of corporate data breaches. This article will illustrate how cyberattacks have increased in severity during the pandemic, how current laws and government officials are trying to evolve with the current threats and technology, how victims of cyberattacks risk sanctions and potential lawsuits, and concludes by suggesting solutions throughout to increase Cybersecurity.

Legal Implications Of A Ubiquitous Metaverse And A Web3 Future, Jon M. Garon

Marquette Law Review

The metaverse is understood to be an immersive virtual world serving as the locus for all forms of work, education, and entertainment experiences. Depicted in books, movies, and games, the metaverse has the potential not just to supplement real-world experiences but to substantially supplant them. This Article explores the rapid emergence and evolution of the Web3 technologies at the heart of the metaverse movement. Web3 itself is a paradigmatic shift in internet commerce.

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

The Legal And Regulatory Aspect Of International Cybercrime And Cybersecurity: Limits And Challenges, Nnesochi Nweze-Iloekwe

Theses and Dissertations

The development of the internet and digital technologies represent a major opportunity for humanity in transforming businesses and providing new tools for everyday communication. Internet users are spending increasing amounts of time online and undertaking a greater range of online and social networking activities. However, just like a double edged sword, the internet also presents opportunities to cybercrimes in the Information society. The nature of some ‘traditional’ crime types has been transformed by the use of computers and other information communications technology (ICT) in terms of its scale and reach, with risks extending to many aspects of social life, such …

The Rise Of 5g Technology: How Internet Privacy And Protection Of Personal Data Is A Must In An Evolving Digital Landscape, Justin Rabine

Catholic University Journal of Law and Technology

No abstract provided.

Platforms, Encryption, And The Cfaa: The Case Of Whatsapp V Nso Group, Jonathon Penney, Bruce Schneier

Articles, Book Chapters, & Popular Press

End-to-end encryption technology has gone mainstream. But this wider use has led hackers, cybercriminals, foreign governments, and other threat actors to employ creative and novel attacks to compromise or workaround these protections, raising important questions as to how the Computer Fraud and Abuse Act (CFAA), the primary federal anti-hacking statute, is best applied to these new encryption implementations. Now, after the Supreme Court recently narrowed the CFAA’s scope in Van Buren and suggested it favors a code-based approach to liability under the statute, understanding how best to theorize sophisticated code-based access barriers like end-to-end encryption, and their circumvention, is now …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Indiana Law’S Lubin, Sun Help Advise Kosovo Government On Country’S Cybersecurity Act, James Owsley Boyd

Keep Up With the Latest News from the Law School (blog)

No abstract provided.

Securities Law: Overview And Contemporary Issues, Neal Newman, Lawrence J. Trautman

Faculty Scholarship

This is not your grandfather’s SEC anymore. Rapid technological change has resulted in novel regulatory issues and challenges, as law and policy struggles to keep pace. The U.S. Securities and Exchange Commission (SEC) reports that “the U.S. capital markets are the deepest, most dynamic, and most liquid in the world. They also have evolved to become increasingly fast and extraordinarily complex. It is our job to be responsive and innovative in the face of significant market developments and trends.” With global markets increasingly interdependent and interconnected and, “as technological advancements and commercial developments have changed how our securities markets operate, …

A Deep Dive Into Technical Encryption Concepts To Better Understand Cybersecurity & Data Privacy Legal & Policy Issues, Anthony Volini

Journal of Intellectual Property Law

Lawyers wishing to exercise a meaningful degree of leadership at the intersection of technology and the law could benefit greatly from a deep understanding of the use and application of encryption, considering it arises in so many legal scenarios. For example, in FTC v. Wyndham1 the defendant failed to implement nearly every conceivable cybersecurity control, including lack of encryption for stored data, resulting in multiple data breaches and a consequent FTC enforcement action for unfair and deceptive practices. Other examples of legal issues requiring use of encryption and other technology concepts include compliance with security requirements of GLBA & HIPAA, …

What's The Harm? Federalism, The Separation Of Powers, And Standing In Data Breach Litigation, Grayson Wells

Indiana Law Journal

This Comment will argue that the Supreme Court should analyze standing in data breach litigation under a standard that is deferential to state statutory and common law. Specifically, federal standing analysis should look to state law when determining whether an injury is concrete such that the injury-in-fact requirement is met. Some argue that allowing more data breach cases to proceed to the merits could lead to an explosion of successful litigation and settlements, burdening the federal courts and causing economic losses for the breached businesses. These concerns may be valid. But if state law provides a remedy to the harm …

Eu Privacy Law And U.S. Surveillance: Solving The Problem Of Transatlantic Data Transfers, Peter Margulies

Law Faculty Scholarship

No abstract provided.

Self-Defense To Cyber Force: Combatting The Notion Of ‘Scale And Effect', Thomas Eaton

American University International Law Review

No abstract provided.

Cybersecurity-Cybercrime-The Legal Environment, Amy J. Ramson

Open Educational Resources

This presentation covers the legal environment of cybercrime to date. It addresses: the challenges of law enforcement; federal government vs. sate jurisdiction of cybercrime; law enforcement department and agencies which handle cybercrime; criminal statutes and privacy statutes.

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

Of Monopolies And Monocultures: The Intersection Of Patents And National Security, Charles Duan

Articles in Law Reviews & Other Academic Journals

It was certainly an odd thing for the Department of Justice attorney arguing for the United States to appear before the Ninth Circuit to tell the appellate judges that a federal agency was wrong. This was what happened in a Federal Trade Commission enforcement action against Qualcomm Inc., a semiconductor technology company. As a substantial holder of patents on mobile communications technologies and also a leading manufacturer of chips used in that same industry, the FTC charged Qualcomm with anticompetitive conduct; the district court agreed and enjoined Qualcomm from certain patent licensing practices. It was that award of injunctive relief …

The (Possibly) Injured Consumer: Standing In Data Breach Litigation, Lauren M. Lozada

St. John's Law Review

(Excerpt)

This Note will address the question of what factors a prospective plaintiff must display to “push [a] threatened injury of future identity theft beyond the speculative to the sufficiently imminent.” Part I will delve into relevant statistics to identify the characteristics of a data breach that most often lead to eventual identity theft. Part II will explore recent data breach standing cases and analyze the factual differences and legal perspectives that have led to disparate results among the federal circuits. Lastly, Part III will recommend a method for evaluating future data breach standing issues.

National Cybersecurity Innovation, Tabrez Y. Ebrahim

Faculty Scholarship

National cybersecurity plays a crucial role in protecting our critical infrastructure, such as telecommunication networks, the electricity grid, and even financial transactions. Most discussions about promoting national cybersecurity focus on governance structures, international relations, and political science. In contrast, this Article proposes a different agenda and one that promotes the use of innovation mechanisms for technological advancement. By promoting inducements for technological developments, such innovation mechanisms encourage the advancement of national cybersecurity solutions. In exploring possible solutions, this Article asks whether the government or markets can provide national cybersecurity innovation. This inquiry is a fragment of a much larger literature …

Internet Of Things For Sustainability: Perspectives In Privacy, Cybersecurity, And Future Trends, Abdul Salam

Faculty Publications

In the sustainability IoT, the cybersecurity risks to things, sensors, and monitoring systems are distinct from the conventional networking systems in many aspects. The interaction of sustainability IoT with the physical world phenomena (e.g., weather, climate, water, and oceans) is mostly not found in the modern information technology systems. Accordingly, actuation, the ability of these devices to make changes in real world based on sensing and monitoring, requires special consideration in terms of privacy and security. Moreover, the energy efficiency, safety, power, performance requirements of these device distinguish them from conventional computers systems. In this chapter, the cybersecurity approaches towards …

Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco

Touro Law Review

No abstract provided.

Hacking For Intelligence Collection In The Fight Against Terrorism: Israeli, Comparative, And International Perspectives, Asaf Lubin

Articles by Maurer Faculty

תקציר בעברית: הניסיון של המחוקק הישראלי להביא להסדרה מפורשת של סמכויות השב״כ במרחב הקיברנטי משקף מגמה רחבה יותר הניכרת בעולם לעיגון בחקיקה ראשית של הוראות בדבר פעולות פצחנות מצד גופי ביון ומודיעין ורשויות אכיפת חוק למטרות איסוף מודיעין לשם סיכול עבירות חמורות, ובייחוד עבירות טרור אם בעבר היו פעולות מסוג אלה כפופות לנהלים פנימיים ומסווגים, הרי שהדרישה לשקיפות בעידן שלאחר גילויי אדוארד סנודן מחד והשימוש הנרחב בתקיפות מחשב לביצוע פעולות חיפוש וחקירה לסיכול טרור מאידך, מציפים כעת את הדרישה להסמכה מפורשת. במאמר זה אבקש למפות הן את השדה הטכנולוגי והן את השדה המשפטי בכל האמור בתקיפות מחשבים למטרות ריגול ומעקב. …

The Survival Of Critical Infrastructure: How Do We Stop Ransomware Attacks On Hospitals?, Helena Roland

Catholic University Journal of Law and Technology

Our nation’s infrastructure is under an emerging new threat: ransomware attacks. These attacks can cause anything from individual laptops, to entire cities to shut down for a period of time until the victim pays a ransom to the attacker. Unfortunately, these attacks are on the rise and the attackers have a new target: hospitals. Ransomware attacks on hospitals can temporarily shut down operating room technology and limit physician access to patient files, ultimately threatening the safety of hospital patients and the surrounding community. This paper examines how the threat of ransomware attacks on hospitals is on the rise and what …

Defining Critical Infrastructure For A Global Application, Colleen M. Newbill

Indiana Journal of Global Legal Studies

A Google search for the phrase "critical infrastructure" turns up 189 million results in little more than a half second: ''global critical infrastructure" has 151 million results; and "definition of critical infrastructure" yields 71.5 million results. The list of what industries and sectors fall under the critical infrastructure designation expands as time progresses and technology develops. As the threat of cyberattacks increases and this frontier of terrorism continues to emerge, attacks on critical infrastructure are high on the list of concerns and the need for protective measures imperative. The focus on protecting critical infrastructure does not stop at the borders …