Latest in Cybersecurity

Huawei

The Confused U.S. Messaging Campaign on Huawei

For the past several months, American policymakers have sought to convince allies, partners and potential partners to ban Chinese telecommunications company Huawei from supplying the entirety of, or components for, 5G communications networks around the world. This messaging campaign has centered primarily around concerns that Huawei could assist the Chinese government in spying on other countries or even shutting down or manipulating their 5G networks in a warlike scenario.

Congress

A Method for Establishing Liability for Data Breaches

Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers.

Cybersecurity and Deterrence

Entering the Third Decade of Cyber Threats: Toward Greater Clarity in Cyberspace

Over the course of just a few decades, the world has entered into a digital age in which powerful evolving cyber capabilities provide access to everyone connected online from any place on the planet. Those capabilities could be harnessed for the benefit of humanity; they might also be abused, leading to enormous harms and posing serious risks to the safety and stability of the entire world.

Cybersecurity

Listen to the 2019 Verify Conference Panels

In April, the Hewlett Foundation hosted the 2019 Verify Conference, an annual event on cyber issues in national security, tech and the media. This year’s conference focused on increasing cyber threats from other nations, the expanding role of tech companies, how to build global cybersecurity norms and cyber threats to civil society among other topics. Audio of the on-the-record discussions is available below:

James Comey on Law Enforcement, Technology and Emerging Threats

Cybersecurity

The GCHQ’s Vulnerabilities Equities Process

In the U.S. there has been a long debate about “vulnerability equities”—that is, whether the government should disclose a vulnerability it discovers to the vendor, which will then allow users to apply a patch and be defended against exploitation, or keep the vulnerability secret to enable the government’s exploitation of targets. There is little data on how the process works. But the U.S. has the potential to learn how the British handle the same problem.

Cybersecurity

A New Tool for Tech Companies: International Law

These days, many people see technology companies as indifferent to law, or at least interested in remaining under-regulated. When Mark Zuckerberg called on Congress to regulate how social media companies should handle challenges such as harmful content and data privacy, the request was unusual enough to make headlines. This real or perceived disinterest in legal regulation has troubled a host of people, including those worried about protecting privacy and freedom of expression.

Cybersecurity and Deterrence

What’s the Point of Charging Foreign State-Linked Hackers?

The May 7 indictment of a Chinese national and unnamed conspirator for hacking and stealing data from nearly 80 million customers of the health care company Anthem in 2015, which researchers previously linked to Chinese state-sponsored actors, is the latest iteration of a four-year U.S.

Cybersecurity

Progress in Cybersecurity: Toward a System of Measurement

How do we quantify safety and security? That fundamental question underlies almost all modern national security questions (and, naturally, most commercial questions about risk as well). The cost-benefit analysis inherent in measuring safety and security drives decisions on, to cite just a few examples, new car safety devices, airplane maintenance schedules and the deployment of border security systems. In a world where resources are not infinite, some assessment of risk and risk mitigation necessarily attends any decision—whether it is implicit in the consideration or explicit.

Cybersecurity

Associate Deputy Attorney General Sujit Raman Remarks at the ABA Rule of Law Initiative Annual Issues Conference

On Tuesday, Associate Deputy Attorney General Sujit Raman delivered the following remarks to the ABA Rule of Law Initiative annual conference in a speech entitled “The Rule of Law in the Age of Great Power Competition in Cyberspace.”

Subscribe to Lawfare

EmailRSSKindle