Mark Rasch

Cyber Law Editor

Security Current


I’ll Trade You a Mantle Rookie Card for Two Cyber Vulnerabilities

Posted on: 31 Jan 2017

President Trump is slated to issue two Executive Orders this week which may relate to the ability of the nation to defend itself (and its critical infrastructure) from potential cyberattacks.  The first is the President’s Executive order on cybersecurity.  The second is the Executive Order on Regulatio.  It may be that these orders work contrary to each other in practice.  We will…

Alexa, How Do You Hide a Dead Body?

Posted on: 30 Jan 2017

A recent report has indicated that police have subpoenaed records from Amazon to get the cloud stored audio files from an Amazon Echo to help solve a murder case. This points out a disturbing trend in privacy. It’s not that the government is surveilling us.  It’s that we are surveilling ourselves in newer and more…

FTC versus IoT

Posted on: 06 Jan 2017

For the Internet of Things (IoT) to be useful, some sensing device has to collect data, and transmit that data over the Internet (typically) to a cloud server (typically) that will store and analyze that data and allow the user to see that data, and/or use the data to effect some change in the device…

Share and Share Alike in the Context of the Reported Russian Hack

Posted on: 05 Jan 2017

In preparation for sanctions against hackers from the Federal Security Service of the Russian Federation (FSB) and Russia’s main intelligence agency known as the GRU, the Obama administration released information that it alleged showed the responsibility for the “highest levels” of the Russian government for hacking into servers of the Democratic National Committee (DNC) and email of…

I’m Not Reading Your Email – I’m Just Reading the Other Guys – Court Approves NSA Interception

Posted on: 16 Dec 2016

A federal court in San Francisco on December 5th, approved of the government’s interception and use of emails and other communications in a terrorism case involving the so-called Portland Christmas Tree Bombing case.  In that case a Somali-American was caught plotting a bombing on the Christmas tree lighting after his parents repeatedly asked the FBI to…

Russia, the DNC, Cyberwar and the Attribution Problem

Posted on: 11 Dec 2016

Was Russia responsible for hacking the DNC and John Podesta, and releasing their communications as part of a concerted effort to impact the US electoral result and get their favored candidate elected president?  Yes.  And no. And maybe. This question, and the various questions subsumed by this question, have much broader implications for how we conduct…

Hands Across the Water – DOJ Permits US Judges to Authorize Foreign Searches

Posted on: 02 Dec 2016

One problem with modern computer or computer related crime: it’s international in scope.  But governments are limited by their borders, their authority, and their sovereignty. A proposed change to the federal rules of criminal procedure that authorize US judges and magistrates to permit searches is either a minor tweak of a procedural rule designed to deal with a growing problem, which…

Backdoor Politics 2017

Posted on: 22 Nov 2016

One of the most hotly contested issues in information security is whether the government should encourage the ubiquitous use of strong encryption to protect data both at rest and in transit, or whether the government (and by this, I mean any government) should require users to use only “government approved” encryption. That is crypto algorithms…

IoT Security – I Know What Will Help – Get Congress Involved

Posted on: 18 Nov 2016

The U.S. House Energy and Commerce Committee held hearings on November 16, 2016  on security of Internet of Things in the wake of the massive distributed denial of service (DDoS) attacks perpetrated against certain network DNS servers via a host of unsecured IoT devices.  So, what’s a government to do? That is, not what SHOULD…

Failure to Secure – No Harm, No Foul?

Posted on: 15 Nov 2016

If a tree falls in the forest and there is nobody there to hear it, does it make a sound?? If a company has a data security event exposing sensitive data, but nobody is harmed by the exposure, is it a violation of the law?  A recent case from a federal appeals court in Atlanta LabMD…