Mark Rasch

Cyber Law Editor

Security Current


Court Hears FTC v. Wyndham Worldwide Corporation

Posted on: 03 Mar 2015

In a large brick and glass building on 6th and Market Streets in Philadelphia, across the street from the Yu Ya Nails and Spa, and only a few hundred yards from Independence Hall, a case is being argued that may decide the fate of cybersecurity in America. On March 3, in the United States Court of…

The Difference Between Phishing and Fishing- Supreme Court Renders Decision

Posted on: 25 Feb 2015

On February 25, 2015 the United States Supreme Court rendered the unremarkable decision that a fish – yes, a fish – is not a computer hard drive.  Sure, you can buy thumb drives in the shape of sushi. To anyone but a lawyer, that would be obvious.  Not so when you get Congress involved.  At issue was…

Will a Free Market Solution to Privacy and Security Work?

Posted on: 18 Feb 2015

AT&T recently unveiled a Gigabit Internet service in Texas, with a catch.  There are different prices if you opt out of sharing your surfing habits than if you decide you want your personal data to be, well, personal. So in effect, you are paying for privacy – or as AT&T would describe it, getting a…

Gag Me With A Court Order – Again

Posted on: 09 Feb 2015

I recently wrote about efforts by prosecutors and other government agents to keep their work secret, not only from the public, or from the targets of their investigations, but also from the people whose help they need to investigate the matter as well. On February 5, a magistrate judge in San Jose put a limit…

Auto Roboticism

Posted on: 09 Feb 2015

On 60 Minutes last night, Lesley Stahl was shocked, shocked to see that modern automobiles collected vast amounts of information about their owners and drivers, had myriad sensors to collect information and allow remote access to that information, and has little if any security either for the sensors or the data collected. Also shocking is the…

The Anthem Hack – Part Deux – What Anthem Did Right (and Wrong)

Posted on: 06 Feb 2015

In the wake of every hack (and every second and one yard in the Super Bowl) there is a stream of criticism from Monday morning quarterbacks about what should have been done.  (Handoff to Marshawn Lynch, maybe?) But in many ways, Anthem Blue Cross did the best they could, considering the situation. There are several things you…

Anthem Blue Cross – The Five Stages of Hack Response

Posted on: 05 Feb 2015

This week it was Anthem Blue Cross’s time. The health insurance giant disclosed a massive hack, which compromised records for as many as 80 million people.  This included identity information, provider information and financial information, as well as sensitive information like SSN’s.  To their credit, they found the breach themselves and reported is quickly and…

The CISO’s Guide to Getting Stuff Done

Posted on: 02 Feb 2015

Let’s face it.  You know what you have to do.  You have a 30-day plan.  A 90-day plan.  A one-year plan.  A five-year plan.  You have spreadsheets, budgets, and PowerPoints. What you DON’T have is management commitment, budget, resources or even the ear of the right people to get done what you need to get…

Crowdsourcing Invasions of Privacy

Posted on: 29 Jan 2015

The Wall Street Journal recently reported that the United States government is creating a massive database of records culled from license plate scanners, and making this database available to law enforcement and other agencies. The WSJ article was specifically about a database created by the Drug Enforcement Administration, but thousands of other agencies and departments collect,…

What Keeps CISO’s Up At Night

Posted on: 28 Jan 2015

Every CISO is one data breach from being fired.  Or one disruptive DDoS attack.  Or one theft of information. Or one bad audit result.  Or one compliance investigation.  Or one letter from the Federal Trade Commission or other regulator.  Or one loss of a CEO or Board of Director’s member’s personal data. It only takes…