Law Commons^™

Indiana Law’S Lubin, Sun Help Advise Kosovo Government On Country’S Cybersecurity Act, James Owsley Boyd

Keep Up With the Latest News from the Law School (blog)

No abstract provided.

Securities Law: Overview And Contemporary Issues, Neal Newman, Lawrence J. Trautman

Faculty Scholarship

This is not your grandfather’s SEC anymore. Rapid technological change has resulted in novel regulatory issues and challenges, as law and policy struggles to keep pace. The U.S. Securities and Exchange Commission (SEC) reports that “the U.S. capital markets are the deepest, most dynamic, and most liquid in the world. They also have evolved to become increasingly fast and extraordinarily complex. It is our job to be responsive and innovative in the face of significant market developments and trends.” With global markets increasingly interdependent and interconnected and, “as technological advancements and commercial developments have changed how our securities markets operate, …

Professional Responsibility, Legal Malpractice, Cybersecurity, And Cyber-Insurance In The Covid-19 Era, Ethan S. Burger

St. Mary's Journal on Legal Malpractice & Ethics

In response to the COVID-19 outbreak, law firms conformed their activities to the Centers for Disease Control and Prevention (CDC), Occupational Safety and Health Administration (OSHA), and state health authority guidelines by immediately reducing the size of gatherings, encouraging social distancing, and mandating the use of protective gear. These changes necessitated the expansion of law firm remote operations, made possible by the increased adoption of technological tools to coordinate workflow and administrative tasks, communicate with clients, and engage with judicial and governmental bodies.

Law firms’ increased use of these technological tools for carrying out legal and administrative activities has implications …

It's Time To Reform The U.S. Vulnerabilities Equities Process, Amy Gaudion

Faculty Scholarly Works

No abstract provided.

A Deep Dive Into Technical Encryption Concepts To Better Understand Cybersecurity & Data Privacy Legal & Policy Issues, Anthony Volini

Journal of Intellectual Property Law

Lawyers wishing to exercise a meaningful degree of leadership at the intersection of technology and the law could benefit greatly from a deep understanding of the use and application of encryption, considering it arises in so many legal scenarios. For example, in FTC v. Wyndham1 the defendant failed to implement nearly every conceivable cybersecurity control, including lack of encryption for stored data, resulting in multiple data breaches and a consequent FTC enforcement action for unfair and deceptive practices. Other examples of legal issues requiring use of encryption and other technology concepts include compliance with security requirements of GLBA & HIPAA, …

What's The Harm? Federalism, The Separation Of Powers, And Standing In Data Breach Litigation, Grayson Wells

Indiana Law Journal

This Comment will argue that the Supreme Court should analyze standing in data breach litigation under a standard that is deferential to state statutory and common law. Specifically, federal standing analysis should look to state law when determining whether an injury is concrete such that the injury-in-fact requirement is met. Some argue that allowing more data breach cases to proceed to the merits could lead to an explosion of successful litigation and settlements, burdening the federal courts and causing economic losses for the breached businesses. These concerns may be valid. But if state law provides a remedy to the harm …

Eu Privacy Law And U.S. Surveillance: Solving The Problem Of Transatlantic Data Transfers, Peter Margulies

Law Faculty Scholarship

No abstract provided.

The Fsia And Cyberspace: Could Hact Be The Answer?, Ritika Malkani

Catholic University Journal of Law and Technology

Under the non-commercial tort exception to the Foreign Sovereign Immunities Act (FSIA), a tort committed by a foreign state must occur wholly within the United States in order to trigger jurisdiction and liability in an American court. As such, cybercrimes which are committed abroad, even if targeted at and cause harm to U.S. citizens, fall outside this exception, leaving injured parties with no domestic avenue of redress. Potential solutions to closing this gap in the legal framework include the proposed Homeland and Cyber Threat Act (HACT), expansion of the FSIA's terrorism exception, or overruling the entire tort doctrine.

The Evolution Of Legal Risks Pertaining To Patch Management And Vulnerability Management, James T. Kitchen, David R. Coogan, Keeton H. Christian

Duquesne Law Review

This article begins with an overview, in non-technical terms, of the tools generally available and processes implemented for vulnerability management and patch management. Section II identifies some of the evolving security standards that regulators and plaintiffs may rely on to show that companies are legally required to have vulnerability management and patch management. Section III identifies U.S. legal implications of vulnerability management and patch management and factors that a court and regulators may consider.

Self-Defense To Cyber Force: Combatting The Notion Of ‘Scale And Effect', Thomas Eaton

American University International Law Review

No abstract provided.

Show Me The (Data About The) Money!, Nizan Geslevich Packin

Utah Law Review

Information about consumers, their money, and what they do with it is the lifeblood of the flourishing financial technology (“FinTech”) sector. Historically, highly regulated banks jealously protected this data. However, consumers themselves now share their data with businesses more than ever before. These businesses monetize and use the data for countless prospects, often without the consumers’ actual consent. Understanding the dimensions of this recent phenomenon, more and more consumer groups, scholars, and lawmakers have started advocating for consumers to have the ability to control their data as a modern imperative. This ability is tightly linked to the concept of open …

Fedaccounts: Digital Dollars, John Crawford, Lev Menand, Morgan Ricks

Faculty Scholarship

We are entering a new monetary era. Central banks around the world – spurred by the development of privately controlled digital currencies as well as competition from other central banks – have been studying, building, and, in some cases, issuing central bank digital currency (“CBDC”).

Although digital fiat currency is one of the hottest topics in macroeconomics and central banking today, the discussion has largely overlooked the most straightforward and appealing strategy for implementing a U.S. dollar-based CBDC: expanding access to bank accounts that the Federal Reserve already offers to a small, favored set of clients. These accounts consist of …

Recognizing The Role Of Inspectors General In The U.S. Government's Cybersecurity Restructuring Task, Amy Gaudion

Faculty Scholarly Works

Months prior to the 2015 public disclosure of a data breach at the U.S. government’s Office of Personnel and Management (OPM), the Office of the Inspector General for OPM issued a report that identified significant deficiencies and material weaknesses in a number of the agency’s information systems and IT security programs. In response to the 2020 SolarWinds supply chain hack, attributed to Russia, calls are underway for inspectors general to conduct audits and inspections and to review prior inspector general assessments of information systems and vulnerabilities at federal agencies. The use of inspectors general to assess information system vulnerabilities and …

Persuasion About/Without International Law: The Case Of Cybersecurity Norms, Steven R. Ratner

Book Chapters

International law on cybersecurity is characterized by at best a thin consensus on the existence of rules, their meaning, and the desirability and content of new rules. This legal landscape results in a unique pattern of argumentation and persuasion by states and non-state actors both in advocating for a regulatory scheme for cyber activity and in reacting to malicious cyber acts. By examining argumentation in the absence of a generally agreed legal framework, this chapter seeks to provide new insights into the motivations for and effects of international legal argumentation in shaping debates and behavior. After describing the legal landscape …