Last night, House and Senate leaders released their draft Omnibus appropriations bill. The bill not only sets spending levels for the various Federal government agencies and departments, but also includes several important updates to the laws and policies governing lawful access to data. Among them is a revised version of The CLOUD Act, which includes changes designed to strengthen privacy protections and Congressional oversight made in response to concerns raised by civil liberties and privacy groups upon review of an earlier version of the bill.

Full Article

Earlier this week, two dozen civil liberties-focused organizations, including the American Civil Liberties Union (ACLU), Center for Democracy and Technology (CDT), and Amnesty International USA, wrote to members of Congress to express their opposition to The CLOUD Act. These organizations are concerned that, if enacted, the bill would erode civil liberty protections in the United States, allowing foreign governments to circumvent U.S. legal protections while “empowering” them to engage in human rights violations. While I understand their concerns, I believe that these groups are mistaken about the impact that the act will have on civil liberty protections in both the U.S. and around the globe.

For those who have not been following The CLOUD Act, the bill aims to clarify the laws governing how law enforcement in the U.S. and other countries obtain access to data stored in the Cloud, meet the legitimate investigatory needs of law enforcement while helping to resolve the conflicts of law currently facing service providers. The act has drawn bipartisan support in Congress, as well as support from the technology community, the White House, and our allies in the United Kingdom. I’ve also expressed my support for the bill last month in the Wall Street Journal.

Full Article

“Data is the new oil.” Or so say the pundits. If it is, then we are about to experience the first great international data transformation, much as oil transformed transportation.

Indeed, we are on the cusp of one of the most significant transitions in international governance since the fall of the Berlin Wall heralded the end of Communism. Perhaps that is an overstatement for dramatic effect, but if it is, the degree of excess is rather small.

Full Article

Sitting in a small group setting with cyber policy experts in Washington, D.C., I heard a well-respected cyber policy analyst say: “The cyber security of the Internet of Things is a national security issue. It is long past time for the law to impose liability on those who write insecure code.”

The implications of this statement are far reaching. Let’s take the automobile industry as an example. For developers and manufacturers, the security of the systems they are deploying in cars they are currently designing is a matter of good engineering. They are worried about safety, effectiveness, cost, and efficiency. However, in Washington, government is worried about cyber-attacks. And with Washington being Washington, the way they will act is the way they do best – through law.

Full Article
The Chertoff Group continues to closely monitor the Petya ransomware attack.  The story is still evolving, but we wanted to provide a brief summary for those of you who may not have had time to review in detail and assess appropriate actions for your organization. 
Full Article

Few policy makers in Washington would disagree that the United States benefits when we have a safe, secure, reliable energy supply. In fact, because our electric grid and power generation are vital to the United States economy, most support it. However, at this moment, I fear we are missing a critical opportunity when it comes to investing in our nation’s nuclear energy program.

Full Article

The Chertoff Group continues to closely monitor the WannaCry ransomware attack. The story is still evolving, but we wanted to provide a brief summary for those of you who may not have had time to review in detail and assess appropriate actions for your organization.

Full Article

Last week’s global ransomware cyber-attack that upended hospitals across the globe reminds us that every innovation comes with challenges. In all industries, especially the healthcare industry, connectivity offers tremendous benefits but also increased risk. Although these attacks disrupted healthcare services and others, the risk extends to every aspect of connected healthcare, including connected medical devices. This industry must come together to address growing challenges.

Full Article

The whole WannaCry episode has understandably resurrected the question of NSA's role in identifying and then exploiting or patching cyber vulnerabilities.

To remind, the National Security Agency is one of the few organizations in the world to have both an offensive and defensive mission. It's charged with intercepting communications for legitimate foreign intelligence purposes while also defending American communications from similar attempts by foreign actors.

Full Article

Today we stand at a crossroads. Will the internet continue to be a global system for commerce, politics, and social discourse, or will that world-girding network fracture into component parts? The road we take will help to define the vitality of the cyber network for the foreseeable future.

There are many policies that contribute to internet balkanization. Pervasive government surveillance, content limits, and even censorship all inhibit the free flow of information across the network. However, one of the most insidious causes of splintering is the phenomenon known as data localization – the all-too-reasonable-seeming idea that data about a country’s citizens should mandatorily be stored only in that country. While sensible in theory; in practice, it foreshadows the death knell of the global network as we know it.

Full Article
Schedule a Consultation

Contact us today to learn what we can do for you.

Schedule a Consultation