Exploring Barriers to Justice in Cybersecurity with Eliott Behar

In 2018, we saw some interesting developments in how law enforcement addressed cybercrime; the FBI named Chinese nationals as part of the APT 10 group and charged suspects in Iran with perpetrating the SamSam Ransomware attacks. IntelliGO detects when incidents like these occur, responds to them, and enables our clients to recover from them – but we don’t always see whether the intelligence we provide enables law enforcement to remove the threat actors behind these attacks. We reached out to Eliott Behar, legal expert, former security counsel for Apple, and former Crown Attorney in Toronto for his unique perspective. Below, Eliott helps us understand the barriers to justice in cybersecurity incidents and the reasons for them. Note, this is a comprehensive dialog, so you’ll find it a little longer than our typical blog posts.

We’re seeing companies being held accountable across international borders on issues of privacy and proper handling of personally identifiable information. Why is it that laws like GDPR can function across borders, while those dealing with cybercriminals can’t?

We’re at an interesting moment now where business is increasingly multi-national, and huge quantities of information move seamlessly across borders, but the law remains essentially local and domestic. What we call “international law” is in practical terms built as a sort of patchwork overtop of our domestic legal systems. In some ways the GDPR functions across borders, but it really only governs companies that are established in the EU or who process the personal data of people in the EU. In this sense, it’s really just an EU law that has a major global impact, because so many businesses today are multinational and operate by default in a global marketplace.

The real challenge to investigating and prosecuting cybercrime isn’t the law itself – it’s clear enough in most countries (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by IntelliGO Networks. Read the original post at: