Legislation

Post thumbnail

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. To summarize: new requirements are coming to a project near you, and getting ready now…

Read More Threat Model Thursday: NIST’s Code Verification Standard

Post thumbnail

Finally! A Cybersecurity Safety Review Board is a new article by Steve Bellovin and myself at Lawfare. One element of President Biden’s executive order on cybersecurity establishes a board to investigate major incidents involving government computers in somewhat the way that the National Transportation Safety Board investigates aviation disasters. The two of us, among many…

Read More Thoughts on the Executive Order

In a simpler age, Matt Stoller famously lost his job for critiquing Google. He has a really interesting article summarizing and analyzing the massive anti-trust report at Congress Gets Ready to Smash Big Tech Monopolies. If you’re like me, unsure if or how this might matter, take the time to read what he said. (Via…

Read More On Monopolies

I’ve signed on to Access Now’s letter to the Indian Ministry of Electronics and Information Technology, asking the Government of India to withdraw the draft amendments proposed to the Information Technology (Intermediary Guidelines) Rules. As they say in their press release: Today’s letter, signed by an international coalition of 31 organizations and individuals, explains how…

Read More India’s Intermediary Guidelines

Post thumbnail

Today, a global coalition led by civil society and technology experts sent a letter asking the government of Australia to abandon plans to introduce legislation that would undermine strong encryption. The letter calls on government officials to become proponents of digital security and work collaboratively to help law enforcement adapt to the digital era. In…

Read More Keeping the Internet Secure

A lot of people I trust are suggesting that the “Collins-Lieberman” bill has a substantial chance of passing. I have some really interesting (and time-consuming) work tasks right now, and so I’m even more curious than usual what you all think, especially how this According to the press release, the “Collins-Lieberman” bill would: The Department…

Read More New Cyber Security Bill: Crowdsource Analysis?

Industry ‘experts’ misfired when they criticized Microsoft’s Scott Chareney’s “Internet Security Tax” idea. Q: How many of these ‘experts’ know any thing about information economics and public policy responses to negative externalities? A: Zero. Thus, they aren’t really qualified to comment. This is just one small case in the on-going public policy discussions regarding economics of information security, but given the reaction of the ‘experts’, this was a step backward.

Read More 'Experts' misfire in trying to shoot down Charney's 'Internet Security Tax' idea