Mark Rasch

Cyber Law Editor

Security Current


Update on Iowa

Posted on: 19 Sep 2019

Yesterday, I wrote about two employees of CoalFire who were arrested for performing a physical pen test of various courthouses in Iowa. The article focused on the need to have a well-defined Statement of Work and contract. Well, guess what. The State of Iowa Judicial Branch released exactly these documents. And guess what? Page 12 of the…

Data Privacy – I Do Not Think That Word Means What You Think it Means

Posted on: 16 Sep 2019

On September 10, 2019, leaders of the high tech and business world, through the Business Roundtable, sent a letter to political leaders urging them to pass a comprehensive federal consumer data privacy law. The letter, signed by individuals like Amazon’s Jeff Bezos and Michael Dell, and other business leaders noted that “There is now widespread agreement among…

Scraping Away at Computer “Crime” – Federal Appeals Court Rules Against LinkedIn in online “scraping” case

Posted on: 11 Sep 2019

Your domain is your domain. Your website is your website. You decide who can access your site, who can access your data, and how they can do that. You make those decisions through both technology (e.g., code, access control, userIDs, passwords, multifactor authentication) and contracts (terms of use, terms of service, privacy policies, software license…

Doorbell privacy: Where the ring tolls

Posted on: 10 Sep 2019

Amazon’s Ring video doorbell allows you to see who is at (or near) your doorstep. Under a semi-secret program called “Neighbors” it also allows the police to see the same thing. The program incentivizes police to “sell” the Ring device to consumers (even giving the police free surveillance devices themselves) and creates a network whereby…

Security status unknown

Posted on: 29 Mar 2019

Do CEOs and Boards have any idea what the company’s cybersecurity status is? Cybersecurity and privacy compliance should be a top priority of the Board of Directors and senior management of any publicly traded company, right? Not so fast, kemo sabe. The problem is, everyone thinks that their problems, their issues, their topics should be…

A Tale of Two Servers: Hillary, Ivanka and the Real Lessons from “Servergate(s)”

Posted on: 20 Nov 2018

It was the best of times, it was the worst of times. Currently, the chattering class is in a titter about the fact that Special Advisor to the President of the United States, Ivanka Trump, consistently used a personal email account for official government communications in violation of records retention requirements imposed by regulation. Lock.…

All’s Fair in Love and Cyberwar

Posted on: 07 Nov 2018

Von Clausewitz said that war is diplomacy by other means. If that’s true, then litigation — particularly divorce and custody litigation is war by other means.  And in war, there are casualties. In modern custody and divorce litigation, one of the casualties is cybersecurity and privacy. And the courts don’t seem to care. At all.…

Privacy is Dead. Long Live Privacy

Posted on: 29 Jun 2018

Former Oracle CEO Larry Ellison once famously said, “Privacy is Dead.” However, privacy had been resurrected and killed more times than a Tyrannosaurus Rex in a Spielberg sequel. A recent data breach https://www.wired.com/story/exactis-database-leak-340-million-records/ involving more than 340 million records of U.S. citizens demonstrates why privacy is dead. Again. It’s dead because you never heard of…

Till Hacks Do Us Part

Posted on: 15 Mar 2018

As a former prosecutor and defense counsel, I was often asked how I could handle dealing with criminals.  I explained that the difference between criminal law and family law was that in criminal law, you were dealing with bad people at their best. In family law, you are dealing with good people at their worst. A…

It’s 10 PM. Do You Know Where Your Data Is? By Mark Rasch

Posted on: 27 Feb 2018

This morning, the United States Supreme Court heard oral argument on a case that could decide the fate of the Cloud, the Internet, and the fate of the free world. Or not. The case deals with the thorny issue of “data sovereignty,” that is, whether the location of the data impacts the ability of governments…