A Framework for Cyber Security Insurance

New paper: "Policy measures and cyber insurance: a framework," by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017. Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should… Continue reading A Framework for Cyber Security Insurance

Surveillance Intermediaries

Interesting law-journal article: "Surveillance Intermediaries," by Alan Z. Rozenshtein. Abstract:Apple’s 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government surveillance has become in American politics and law. But scholarly attempts to answer this question have suffered from a serious… Continue reading Surveillance Intermediaries

Election Security

It’s over. The voting went smoothly. As of the time of writing, there are no serious fraud allegations, nor credible evidence that anyone tampered with voting rolls or voting machines. And most important, the results are not in doubt. While we may breathe a collective sigh of relief about that, we can’t ignore the issue until the next election. The… Continue reading Election Security

Regulation of the Internet of Things

Late last month, popular websites like Twitter, Pinterest, Reddit and PayPal went down for most of a day. The distributed denial-of-service attack that caused the outages, and the vulnerabilities that made the attack possible, was as much a failure of market and policy as it was of technology. If we want to secure our increasingly computerized and connected world, we… Continue reading Regulation of the Internet of Things

Arresting People for Walking Away from Airport Security

A proposed law in Albany, NY, would make it a crime to walk away from airport screening. Aside from wondering why county lawmakers are getting involved with what should be national policy, you have to ask: what are these people thinking? They’re thinking in stories, of course. They have a movie plot in their heads, and they are imaging how… Continue reading Arresting People for Walking Away from Airport Security

Julian Sanchez on the Feinstein-Burr Bill

Two excellent posts. It’s such a badly written bill that I wonder if it’s just there to anchor us to an extreme, so we’re relieved when the actual bill comes along. Me: "This is the most braindead piece of legislation I’ve ever seen," Schneier — who has just been appointed a Fellow of the Kennedy School of Government at Harvard… Continue reading Julian Sanchez on the Feinstein-Burr Bill

Data Is a Toxic Asset

Thefts of personal information aren’t unusual. Every week, thieves break into networks and steal data about people, often tens of millions at a time. Most of the time it’s information that’s needed to commit fraud, as happened in 2015 to Experian and the IRS. Sometimes it’s stolen for purposes of embarrassment or coercion, as in the 2015 cases of Ashley… Continue reading Data Is a Toxic Asset