The FTC has opened the new decade with a quiet revolution in their data security orders. Reasonableness, a touchstone of FTC data security, has disappeared from their newest orders. What replaces it does not put the FTC's cybersecurity program on much better footing.
Sam Bieler is a past Cyber Scholar and graduate of the New York University School of Law. Before attending law school, he was a criminologist with the Justice Policy Center of the Urban Institute.
Subscribe to this Lawfare contributor via RSS.
The FTC’s cybersecurity enforcement program has faced increasing judicial scrutiny because of the inherent vagueness of the "reasonable" cybersecurity it seeks to require. Meanwhile, the Cybersecurity and Infrastructure Security Agency has struggled to achieve robust private sector engagement. Linking these agencies’ programs and enforcement practices will help each solve the other’s problem.