Mark Rasch

Cyber Law Editor

Security Current


I’m Not Reading Your Email – I’m Just Reading the Other Guys – Court Approves NSA Interception

Posted on: 16 Dec 2016

A federal court in San Francisco on December 5th, approved of the government’s interception and use of emails and other communications in a terrorism case involving the so-called Portland Christmas Tree Bombing case.  In that case a Somali-American was caught plotting a bombing on the Christmas tree lighting after his parents repeatedly asked the FBI to…

Russia, the DNC, Cyberwar and the Attribution Problem

Posted on: 11 Dec 2016

Was Russia responsible for hacking the DNC and John Podesta, and releasing their communications as part of a concerted effort to impact the US electoral result and get their favored candidate elected president?  Yes.  And no. And maybe. This question, and the various questions subsumed by this question, have much broader implications for how we conduct…

Hands Across the Water – DOJ Permits US Judges to Authorize Foreign Searches

Posted on: 02 Dec 2016

One problem with modern computer or computer related crime: it’s international in scope.  But governments are limited by their borders, their authority, and their sovereignty. A proposed change to the federal rules of criminal procedure that authorize US judges and magistrates to permit searches is either a minor tweak of a procedural rule designed to deal with a growing problem, which…

Backdoor Politics 2017

Posted on: 22 Nov 2016

One of the most hotly contested issues in information security is whether the government should encourage the ubiquitous use of strong encryption to protect data both at rest and in transit, or whether the government (and by this, I mean any government) should require users to use only “government approved” encryption. That is crypto algorithms…

IoT Security – I Know What Will Help – Get Congress Involved

Posted on: 18 Nov 2016

The U.S. House Energy and Commerce Committee held hearings on November 16, 2016  on security of Internet of Things in the wake of the massive distributed denial of service (DDoS) attacks perpetrated against certain network DNS servers via a host of unsecured IoT devices.  So, what’s a government to do? That is, not what SHOULD…

Failure to Secure – No Harm, No Foul?

Posted on: 15 Nov 2016

If a tree falls in the forest and there is nobody there to hear it, does it make a sound?? If a company has a data security event exposing sensitive data, but nobody is harmed by the exposure, is it a violation of the law?  A recent case from a federal appeals court in Atlanta LabMD…

Brexit’s Potential Impact on Information Security

Posted on: 27 Jun 2016

One of the lessons of crisis management is that you don’t make predictions during a crisis.  Not to say that the recent UK vote to leave the EU (“Brexit”) is a crisis per se, but just that it is a period of uncertainty.  So what impact will Brexit have on data security, privacy, governance, and…

Virginia Court Kills Privacy

Posted on: 23 Jun 2016

A federal court in Virginia on June 23 may have put the final stake in the heart of constitutionally protected privacy rights online. The case itself was simple enough – in an effort to investigate the murky and disreputable “business” of sharing of child pornography on the Dark Web that is accessible mostly through TOR…

Inside(r) Job

Posted on: 18 Aug 2015

In 1981, R. Foster Winans was a reporter for the Wall Street Journal, writing the “Heard it on the Street” column.  As a diligent reporter, he would find out information about companies, and then publish this information in the Journal. He wasn’t an “insider” of any company except the company that owned the Journal.  When…

Encryption as Protection? Maybe Not

Posted on: 13 Aug 2015

A recent espionage prosecution in West Palm Beach, Florida demonstrates that encryption may not be the panacea that organizations think it is.  So rather than relying on encryption alone, companies need to adopt and maintain strategies that continue to provide layered security. After every data breach, we hear the same mantra, “If only the data…