Supreme Court Nominee Kavanaugh

Memo to Supreme Court Nominee Kavanaugh: The Internet is not a Series of Tubes

Washington will spend the summer and at least part of the fall debating the relative merits of D.C. Circuit Court Judge Brett Kavanaugh’s elevation to the U.S. Supreme Court. The debate will likely focus on issues including abortion, presidential privilege and power, gun rights and other “hot button” topics. But ... Read More
Security Boulevard
Breach Disclosure Laws Unconstitutional

Are Breach Disclosure Laws Unconstitutional in the Wake of Supreme Court Abortion Case?

Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are ... Read More
Security Boulevard
Supreme Court Ruling Changes

Supreme Court Ruling Changes as Internet Ages

On June 21, the U.S. Supreme Court ruled in South Dakota v. Wayfair that internet-based retailers had to pay state sales taxes even if they had no “physical presence” in the state where the tax was imposed. This represented not only a change in the law, but a direct reversal ... Read More
Security Boulevard
GDPR: Privacy Uber Alles

GDPR: Privacy Uber Alles (Literally)

When the EU’s General Data Protection Regulation (GDPR) became effective, most companies, especially in the United States, had a  few simple thoughts. First, “Am I covered?” In other words, does GDPR apply to my activities, particularly in the United States? Second, “Am I compliant?” Again, if GDPR applies to what ... Read More
Security Boulevard
Dell Computers Doesn’t Care About Fraud

Dell Doesn’t Care About Fraud – And Neither Do Most Companies

A declined suspicious attempted purchase sheds an ugly light on company apathy regarding fraud Willie Sutton famously replied to the question, “Why do you rob banks?” with the answer, “Because that’s where the money is.” Same thing with hackers: Why to they target merchants and credit cards? Because it’s cheap, ... Read More
Security Boulevard
Moonshot Information Security Project

The Moonshot Information Security Project

Recently, I was reading about the U.S. government considering funding a “moonshot” information security project—that is, like the efforts in the 1960s to reach the moon (before the Soviets), abandon incrementalism in information security and try the impossible (or nearly so.) So, this is where the audience participation part of ... Read More
Security Boulevard
Sharing Data, Compromising Privacy

Public-Private Partnerships: Sharing Data, Compromising Privacy

Our privacy is up for sale to anyone—even government and law enforcement agencies There are things that the government is allowed to do that private entities can’t. This includes activities such as arresting people and throwing them in jail, executing search warrants and engaging in electronic surveillance and wiretaps without ... Read More
Security Boulevard
Surveillance Sans Frontiers

Surveillance Sans Frontiers, Thanks to the Internet

When Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act, it amended the federal Stored Communications Act in a way that now requires internet companies including Verizon, AOL, Yahoo, Google and Facebook to produce records that belong to foreigners wherever such records may be located, pursuant to an ... Read More
Security Boulevard
Privacy in Public Places

Privacy in Public Places

Does license plate information-gathering constitute an invasion of privacy? As you drive down Robert E. Lee Memorial Highway in the Virginia suburbs of Washington, D.C., a police camera captures and reads your license plate. After checking to make sure that the owner of the car is not a wanted fugitive ... Read More
Security Boulevard
Providing Security Be a Crime

Can Providing Security Be a Crime?

| | criminality, Law, services, software
The purpose of security is to allow the “right” people to have access to data and resources and to keep others out. It is ultimately about having control over data and data processing and enforcing decisions about who gets access to what. In a hospital, for example, good security ensures ... Read More
Security Boulevard