Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

Is it Illegal to Listen to a Podcast or Watch a Movie Online?

Mark Rasch | May 16, 2025 | communication, downloading, Podcasts, streaming

Defining wire communications, and whether the wiretap statute makes it illegal to listen to a podcast or watch a movie online? ... Read More

Security Boulevard

The AI Alibi Defense: How General-Purpose AI Agents Obscure Criminal Liability

Mark Rasch | April 7, 2025 | Agentic AI, AI agents, cybercrime, Law, liability

As these AI agents become more capable of behaving like autonomous actors — clicking, typing, downloading, exfiltrating, or engaging in arguably criminal behavior — they may also become unintended scapegoats or even tools of plausible deniability ... Read More

Security Boulevard

PIN, Password, authentication security IAM privacy cloud security Biometrics: Giving the Government the Finger

The PIN is Mightier Than the Face

Mark Rasch | March 31, 2025 | access, biometrics, identity, Password, pin

People pick weak passwords or reuse them over devices, tokens are lost, compromised or bypassed, and biometrics can be forced or spoofed ... Read More

Security Boulevard

Business Email Compromise, ACH Transactions, and Liability

Mark Rasch | March 27, 2025 | bec, email, Fraud

Business Email Compromise (BEC) fraud represents one of the most insidious threats facing businesses and individuals today ... Read More

Security Boulevard

food stamp fraud, Geofence, warrant, enforcement, DOJ AI crime

Fifth Circuit Strikes Down “Geofence” Warrants – Conflict With Fourth Circuit

Mark Rasch | March 21, 2025 | Geofence, google, law enforcement, Location, Privacy, tracking

Geofence warrants are a relatively new tool that allows law enforcement to obtain location data from devices within a specified geographic area during a specific time frame ... Read More

Security Boulevard

Russian, threats, Kapersky, cyberespionage,

“My Vas Pokhoronim!”

Mark Rasch | March 18, 2025 | cyberattacks, Cyberwar, Ransomware, Russia

CISA, in collaboration with the FBI and NSA, identified and attributed multiple attacks to Russian entities, emphasizing the risks posed by state-backed Advanced Persistent Threats (APTs) ... Read More

Security Boulevard

authentication, SMS, buddy system, credential stuffing attack

The Buddy System: Why Google is Finally Killing SMS Authentication

Mark Rasch | March 10, 2025 | google, QR Codes, SMS authentication

Like the Buddy System in The Simpsons, SMS authentication was only foolproof if everything went right. But when both “buddies” could be compromised at the same time, the entire system was doomed to fail ... Read More

Security Boulevard

web, scraping, data, AI, ransomware cybersecurity

AI, Web Scraping and the Transformation of Data Privacy: What the EDPB’s Rulings Mean for Businesses

Mark Rasch | March 6, 2025 | AI, data, web scraping

Web scraping is no longer just about collecting raw data. AI transforms this data, embedding it into machine learning models that can generate insights, predict behaviors and even infer new information about individuals in ways that were never intended when the data was first made public ... Read More

Security Boulevard

DOGE, judge, privacy, protect, SSE data privacy balance cybersecurity

DOGE Access to Personal Information and The Difficulty of Showing Harm in Privacy Litigation

Mark Rasch | March 3, 2025 | breaches, Data breaches, Privacy, security breaches

If a company has effective insurance, prevention becomes even less cost-effective. By failing to “value” privacy alone, the system skews in favor of not protecting privacy ... Read More

Security Boulevard