The podcast is back with a bang from hiatus. Our guest, Scott DePasquale, is the CEO of Utilidata, an electric utility IoT and cybersecurity company. Scott talks about his contribution to the Internet Security Alliance’s upcoming book, The Cyber Security Social Contract.
Episode 128 also brings you a news roundup from the most momentous August in cybersecurity history. Maury Shenk brings the SWIFT hack to life by describing his own brush with cyber bank fraud. I cover the Shadow Brokers’ disclosure of what most believe to be an NSA hacking toolkit. Meanwhile, Russia is hacking our political process and only the side whose ox is being gored seems to care.
The EU, with an instinct for the capillaries, continues to fight the US on these issues. Privacy Shield is up, and a lot of serious companies are signing up, despite the uncertainties. Maury and I note the entry of France and Germany into the Great Crypto World War – at a comfortably leisurely pace. And, in a welcome move, the European Court of Justice has reaffirmed that there are still some (modest and blurry) limits to the assertion of data protection jurisdiction over internet merchants.
The FTC had a busy month. It served LabMD a mess of home cookin’ and the company is now free to argue its case before an unbiased court of appeals. Speaking of which, the ninth circuit court of appeals shot down the FTC’s effort to steal the FCC’s common-carrier-regulating turf, and the FTC has finally deigned to notice (and even pat on the head) NIST’s Cybersecurity Framework.
The UK’s terror watchdog has more or less endorsed the value of bulk collection of personal data. And Baltimore has put it into effect, adopting an “eye in the sky” technology that has solved serious crimes without harming anyone’s privacy; naturally the privacy lobby is determined to make sure it’s never used again.
In privacy class action news, the lawyers for CareFirst deserve a bonus; they’ve now killed three class action cases (here, here, and here) where the breach was serious but the plaintiffs couldn’t claim that the stolen data was ever used to harm them. And Judge Koh, to her shame, has approved $4 million in legal fees for the lawyers who brought a class action against Yahoo! and settled for a no-damages injunction that lets Yahoo! keep reading its users emails, but after it’s been sent, not before.