Law Commons^™

Understanding Cyber Risk: Unpacking And Responding To Cyber Threats Facing The Public And Private Sectors, Lawrence J. Trautman, Scott Shackelford, Brian Elzweig, Peter Ormerod

University of Miami Law Review

Cyberattacks, data breaches, and ransomware continue to pose major threats to businesses, governments, and health and educational institutions worldwide. Ongoing successful instances of cybercrime involve sophisticated attacks from diverse sources such as organized crime syndicates, actors engaged in industrial espionage, nation-states, and even lone wolf actors having relatively few resources. Technological innovation continues to outpace the ability of U.S. law to keep pace, though other jurisdictions including the European Union have been more proactive. Nation-state and international criminal group ransomware attacks continue; Sony’s systems were hacked by a ransomware group; MGM Resorts disclosed that recovery from their September 2023 hack …

Comparing Gdpr Against The United States’ Approach To Data Breach Notification By Examining Texas And California And The Feasibility Of A Universal Standard, Amrit Nagi

Cybaris®

No abstract provided.

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Individuals As Gatekeepers Against Data Misuse, Ying Hu

Michigan Technology Law Review

This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …

Trimming The Fat: The Gdpr As A Model For Cleaning Up Our Data Usage, Kassandra Polanco

Touro Law Review

No abstract provided.

A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini

Michigan Law Review

Following a data breach, consumers suffer an increased risk of identity theft because of the exposure of their personal information. Limited protection by data-breach statutes has made it difficult for consumers to seek compensation for these injuries and penalize the companies that fail to protect their information, leading consumers to bring common law claims in court. Yet courts have disagreed about whether an increased risk of identity theft qualifies as an injury-in-fact under Article III standing principles: the Seventh and Ninth Circuits have approved of increased risk standing, while the Third Circuit has rejected it. The Supreme Court has further …

Implications For The Future Of Global Data Security And Privacy: The Territorial Application Of The Stored Communications Act And The Microsoft Case, Russell Hsiao

Catholic University Journal of Law and Technology

No abstract provided.

Limits Of The Federal Wiretap Act's Ability To Protect Against Wi-Fi Sniffing, Mani Potnuru

Michigan Law Review

Adoption of Wi-Fi wireless technology continues to see explosive growth. However many users still operate their home Wi-Fi networks in unsecured mode or use publicly available unsecured Wi-Fi networks, thus exposing their communications to the dangers of "packet sniffing," a technique used for eavesdropping on a network. Some have argued that communications over unsecured Wi-Fi networks are "readily accessible to the general public" and that such communications are therefore excluded from the broad protections of the Federal Wiretap Act against intentional interception of electronic communications. This Note examines the Federal Wiretap Act and argues that the current Act's treatment of …

Reasons Why We Should Amend The Constitution To Protect Privacy, Deborah Pierce

Chicago-Kent Law Review

Threats to consumer privacy are many, and varied. Some threats come from corporate entities such as data aggregators and social networking sites; while others come from panoptics government surveillance systems such as Secure Flight. Not only can the data be compromised, but consumers may be adversely affected by incorrect information in their files. The time may be right to explicitly protect privacy via a constitutional amendment to the U.S. Constitution.

E-Contract Doctrine 2.0: Standard Form Contracting In The Age Of Online User Participation , Shmuel I. Becher, Tal Z. Zarsky

Michigan Telecommunications & Technology Law Review

The growing popularity of e-commerce transactions revives the perennial question of consumer contract law: should non-salient provisions of consumer standard form contracts be enforced? With the focus presently on an ex-ante analysis, scholars debate whether consumers can and should read standardized terms at the time of contracting. In today's information age, such a focus might be misguided. The online realm furnishes various tools, so-called "Web 2.0" applications, which encourage the flow of information from experienced to prospective consumers. This Article, therefore, reframes the analysis of online consumer contracts while taking into account this new flow of information. In doing so, …

'Code' And The Slow Erosion Of Privacy, Bert-Jaap Koops, Ronald Leenes

Michigan Telecommunications & Technology Law Review

The notion of software code replacing legal code as a mechanism to control human behavior--"code as law"--is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of "code as law" on privacy. To what extent is privacy-related "code" being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it …

Snake-Oil Security Claims The Systematic Misrepresentation Of Product Security In The E-Commerce Arena, John R. Michener, Steven D. Mohan, James B. Astrachan, David R. Hale

Michigan Telecommunications & Technology Law Review

The modern commercial systems and software industry in the United States have grown up in a snake-oil salesman's paradise. The largest sector of this industry by far is composed of standard commercial systems that are marketed to provide specified functionality (e.g. Internet web server, firewall, router, etc.) Such products are generally provided with a blanket disclaimer stating that the purchaser must evaluate the suitability of the product for use, and that the user assumes all liability for product behavior. In general, users cannot evaluate and cannot be expected to evaluate the security claims of a product. The ability to analyze …

The Emergence Of Website Privacy Norms, Steven A. Hetcher

Michigan Telecommunications & Technology Law Review

Part I of the Article will first look at the original privacy norms that emerged at the Web's inception in the early 1990s. Two groups have been the main contributors to the emergence of these norms; the thousands of commercial websites on the early Web, on the one hand, and the millions of users of the early Web, on the other hand. The main structural feature of these norms was that websites benefitted through the largely unrestricted collection of personal data while consumers suffered injury due to the degradation of their personal privacy from this data collection. In other words, …

Establishing A Legitimate Expectation Of Privacy In Clickstream Data, Gavin Skok

Michigan Telecommunications & Technology Law Review

This Article argues that Web users should enjoy a legitimate expectation of privacy in clickstream data. Fourth Amendment jurisprudence as developed over the last half-century does not support an expectation of privacy. However, reference to the history of the Fourth Amendment and the intent of its drafters reveals that government investigation and monitoring of clickstream data is precisely the type of activity the Framers sought to limit. Courts must update outdated methods of expectation of privacy analysis to address the unique challenges posed by the Internet in order to fulfill the Amendment's purpose. Part I provides an overview of the …