Mark Rasch Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team.
Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference.
Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp.
Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris.
Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.
Mark Rasch
A CISO Employment Contract May Mean the Difference Between Success and Jail
On May 4, 2023, U.S. District Judge William Orrick sentenced former Uber CISO and former DOJ cybercrime prosecutor Joe Sullivan to three years of probation and 200 hours of community service for his role in concealing a massive data breach at Uber from the public and from the FTC. While ... Read More
Security Boulevard
Prosecutors Argue for 15 Months in Jail for Uber CISO
In a sentencing memorandum filed with a San Francisco federal court on April 27, 2023, prosecutors argued that Joe Sullivan—the former CISO of Uber and a former federal computer crimes prosecutor himself (with the same office)—should serve 15 months in federal prison for his role in the ride-sharing company’s concealment ... Read More
Security Boulevard
The Ethics of Selling Hacker Tools
With Indiana Jones about to enter the space race in the Dial of Destiny, I am reminded of the great Tom Lehrer’s 1965 song about former Nazi scientist Dr. Wernher von Braun’s “apolitical” approach to the engineering of rockets. According to Lehrer’s parody, “’Once the rockets are up, who cares ... Read More
Security Boulevard
Supreme Court to Address Online Threats to Celebrities
On April 19, 2023, the Supreme Court heard oral arguments in the case of Counterman v. Colorado, a case readdressing the question of the mental state the government has to demonstrate to convict a person for making online threats. Specifically, the high court addressed “whether, to establish that a statement ... Read More
Security Boulevard
How to Write A Website Privacy Policy
Mark Rasch | | browser, Data Privacy, internet security, Privacy Policy, User Security, Web security
Data privacy attorneys are often called upon to draft a privacy policy for a company to link to their landing page. You know, the little link that says either “Privacy” or “Legal” that nobody clicks on and nobody reads—at least until there is a data breach or a misuse of ... Read More
Security Boulevard
Show Me the Coverage: Ransomware Actors Demand Cyberinsurance Policies
The landscape of cybersecurity threats is continuously evolving, and ransomware attacks have emerged as a significant concern for organizations of all sizes. In a ransomware attack, cybercriminals encrypt the victim’s files, rendering them inaccessible and demand a ransom in exchange for the decryption key. This extortion method has proven lucrative ... Read More
Security Boulevard
DEA Using AirTags to Track Packages (and Drug Manufacturers)
It was recently reported in Forbes that the U.S. Drug Enforcement Administration (DEA) was using Apple’s AirTags to help track drug manufacturers. According to the March 23 article by Thomas Brewster, “[B]order agents intercepted two packages from Shanghai, China. Inside one was a pill press, a machine used to compress ... Read More
Security Boulevard
Is Trafficking in Hacking Information a Crime?
Quincy Compton of Concord, North Carolina, had a wife and a pregnant girlfriend and wrote to a doctor in Washington, D.C. for information about terminating a pregnancy. The doctor, Thomas Kemp, wrote back that “[I]t would cost about two hundred [dollars] and the woman would have to stay in DC ... Read More
Security Boulevard
Ethics in AI: The Missing Code
As part of its push toward artificial intelligence, Microsoft laid off more than 10,000 employees and spent billions on acquiring AI tech. Among those laid off were the seven-member team in their Office of Responsible AI. While the software company indicated that they remain “committed to developing AI products and ... Read More
Security Boulevard
Privacy Challenges Illustrated by Recent Cases
In the 1973 baseball melodrama Bang the Drum Slowly, the players, intent on scamming some rubes, play a card game called “TEGWAR.” It stands, as you later learn, for ‘The Exciting Game Without Any Rules.’ Three recent unrelated events in the news this week illustrate how U.S. data privacy rules ... Read More
Security Boulevard