Skip to content

Posts by Paul Rosenzweig

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University, a Senior Editor of the Journal of National Security Law & Policy, and as a Visiting Fellow at The Heritage Foundation.

ICANN CEO To End Tenure

By
Thursday, May 21, 2015 at 11:54 AM

Fadi Chehade, the CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), has announced his intention to step down, effective March 2016.  The United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted . . .
Read more »

Bits and Bytes

By
Friday, May 1, 2015 at 8:38 AM

China Worried By New US Cyber Strategy.  “China’s Defence Ministry expressed concern on Thursday at the Pentagon’s updated cyber strategy that stresses the U.S. military’s ability to retaliate with cyber weapons, saying this would only worsen tension over Internet security.”  Maybe this is a good thing …. Controlling Internet Infrastructure.  Still not sure exactly how . . .
Read more »

Tallinn 2.0

By
Monday, April 27, 2015 at 12:57 PM

Earlier this month, the government of the Netherlands hosted a Global Conference on Cyberspace, which was, apparently, fairly well received, as the Chair’s Statement suggests. One important side event, for readers of this blog, was a conference of  state legal advisers from over 35 States at a “Tallinn Manual 2.0 consultation meeting.”  The authors who . . .
Read more »

Administration Loves RSA; Does It Get Love Back?

By
Monday, April 27, 2015 at 7:53 AM

Last week was the annual RSA convention in San Francisco, the premier convention of cybersecurity professionals in America each year.  This year the largest crowd ever gathered at the Moscone Center, and the Obama Administration was out in force.  It had three booths on the convention floor (including one from NSA with an absolutely cool . . .
Read more »

A Primer on Globally Harmonizing Internet Jurisdiction and Regulations

By
Tuesday, April 14, 2015 at 3:29 PM

That is the title of a paper I recently co-authored with former Secretary of Homeland Security, Michael Chertoff.  We wrote it for the Global Commission on Internet Governance, a commission chaired by former Swedish Prime Minister Carl Bildt.  Here’s the introductory paragraph: We stand on the cusp of a defining moment for the Internet, and . . .
Read more »

On the Issue of “Jurisdiction” over ICANN

By
Wednesday, April 8, 2015 at 9:56 AM

By now readers of this blog know, the United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by the Internet Corporation for Assigned Names and Numbers (ICANN) under contract to the Department of Commerce.  . . .
Read more »

Entertainment IS Critical Infrastructure — Who Knew?

By
Thursday, April 2, 2015 at 1:18 PM

I stand corrected.   Yesterday, in my post about the new cyber-sanctions EO I made the point that it wouldn’t apply to the Sony hack because Sony was not critical infrastructure.  I was wrong, as several people, including our own Herb Lin, graciously pointed out. I knew, of course, that Commercial Facilities, were a critical infrastructure . . .
Read more »

Executive Order on Cyber Sanctions

By
Wednesday, April 1, 2015 at 2:00 PM

President Obama has, today, issued an executive order entitled, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”  On first glance it looks like a strong step in the right direction. The EO is notable not just for what it does, but for how it characterizes the malicious cyber activity.  It is . . .
Read more »

It Is Pi Day — 3.14.15 @ 9:26:53

By
Saturday, March 14, 2015 at 9:23 AM

Happy Pi Day

By
Friday, March 13, 2015 at 4:22 PM

Tomorrow — 3.14.15 @ 9:26:53.  Enjoy the moment …. we shall not see its like again.

Groundhog Day in the Senate

By
Friday, March 13, 2015 at 4:18 PM

One of my favorite movies has always been Bill Murray’s Groundhog Day.  Besides the great acting from Murray (and co-star Andie MacDowell) it’s a wonderful exposition of the definition of insanity — doing the same thing over and over again expecting a different result. By that definition, you have to wonder about the sanity of . . .
Read more »

Bits and Bytes

By
Friday, March 6, 2015 at 4:59 PM

Neustar looks to lose its contract. “Federal Communications Commission staff has recommended that a $450 million contract Sterling-based company Neustar has held exclusively for 18 years be awarded to rival Ericsson.”  Readers will recall that the Neustar contract has cybersecurity implicaitons. Canada to address encryption password protection.  “A Quebec man charged with obstructing border officials . . .
Read more »

Email Privacy, Overseas Jurisdiction, and the 114th Congress

By
Friday, March 6, 2015 at 9:00 AM

Everything old is new again.  Two years ago, I wrote about a bipartisan effort (in which I was and still am participating) to update the Electronic Communications Privacy Act.  That effort, sadly, went nowhere. I am, however, happy to report that progress is being made to revive that effort in the 114th Congress.  This year . . .
Read more »

Bits and Bytes

By
Thursday, March 5, 2015 at 2:00 PM

FTC v. Wyndham.  The Third Circuit heard oral argument the other day in this long-running case that will test whether or not the FTC can use its “unfair” business practices authority to sanction companies that allegedly take inadequate cybersecurity measures.  If the FTC loses, I predict the FCC will fill the void …. Stay tuned. . . .
Read more »

Bits and Bytes

By
Thursday, March 5, 2015 at 8:00 AM

If you weaken crypto … you weaken crypto.  “Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov.”  The vulnerability (deliberate use of 512-bit encyrption) . . .
Read more »

Hillary’s Email

By
Wednesday, March 4, 2015 at 3:24 PM

By now, most readers will be familiar with the news reports that Hillary Clinton used a personal email account ([email protected]) for her official work while Secretary of State.  Most of the news has been about whether or not this action violated federal record-keeping requirements but few (Shane Harris being a notable exception) are asking the . . .
Read more »

American Privacy and EU Privacy

By
Wednesday, March 4, 2015 at 2:33 PM

Of course the US cares about privacy, just as much, if not more, than they do in the EU.  And the data are clear that in the EU, national security and law enforcement surveillance are often subject to less formal judicial control than in America. Many have been making this case for quite some time . . .
Read more »

Problems with Cyber Arms Control

By
Thursday, February 26, 2015 at 3:17 PM

The New York Times has an editorial today, calling for an arms control effort in cyberspace.  The Times effort is, honestly, a bit simplistic, as is its conclusion: The tougher challenge is on the global level. Cyberwarfare has already done considerable damage and can lead to devastating consequences. The best way forward is to accelerate . . .
Read more »

The Moral Vacuity of The Intercept

By
Thursday, February 26, 2015 at 1:22 PM

In our new book, Whistleblowers, Leaks and the Media, my co-editors and I talk at some length about what we characterize as the “fundamental tension” that lies at the heart of news reporting today involving national security matters.  The tension — between transparency and secrecy — is fundamental for two distinct reasons:  First, because at . . .
Read more »

Bits and Bytes

By
Thursday, February 19, 2015 at 12:41 PM

Are Submarines Becoming Obsolete?  Perhaps, in light of enhanced data processing capabilities.  “[T]he ability of submarines to hide through quieting alone will decrease as each successive decibel of noise reduction becomes more expensive and as new detection methods mature that rely on phenomena other than sounds emanating from a submarine. These techniques include lower frequency . . .
Read more »