Archives: Cyber and National Security

Subscribe to Cyber and National Security RSS Feed

PrivSec Blog Year in Review: Top 10 PrivSec Blog Posts in 2017

As we close out 2017, check out our most read privacy & security blogs of the year!


1. 42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule a… Continue Reading

Planning to Attend the Privacy + Security Forum in DC This October?

If you will be attending the Privacy + Security Forum October 4-6 in Washington, DC and are interested in attending a reception hosted by DWT, please send us a note at We are planning a nearby reception on October 4th from 5PM to 7PM.

The Privacy + Security Forum breaks down the silos of privacy and security by bringing together seasoned thoug… Continue Reading

Planning to Attend the Privacy + Security Forum in DC This October?

If you will be attending the Privacy + Security Forum October 4-6 in Washington, DC and are interested in attending a reception hosted by DWT, please send us a note at We are planning a nearby reception on October 4th from 5PM to 7PM.

The Privacy + Security Forum breaks down the silos of privacy and security by bringing together seasoned thoug… Continue Reading

Draft Cybersecurity Legislation Would Impose Substantial New Obligations on Vendors Selling Interconnected Devices to the U.S. Government

On Tuesday, August 1, 2017, a bipartisan group of four Senators from the Senate Cybersecurity Caucus introduced legislation designed to improve the cybersecurity of devices purchased by the U.S. government and – albeit indirectly – sold anywhere in the U.S. or the world.

The legislation – the “Internet of Things (IoT) Cybersecurity Improvemen… Continue Reading

How to Use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

How to use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

Ample bandwidth has been eaten by panicky commentary over the fines possible under the EU’s upcoming General Data Protection Regulation (GDPR). Sure, the GDPR arms EU data protection authorities with a hefty compliance stick. Yet the focus on exorbitant fines seems a bi… Continue Reading

The Chinese Government Issues Draft Cybersecurity Regulations to Protect Critical Information Infrastructure

On June 10, 2017, the Cyberspace Administration of China (the “CAC”) released the Draft Regulations on the Security Protection of Critical Information Infrastructure (the “Draft Regulations” 《关键信息基础设施安全保护条例(征求意见稿)》). The CAC is seeking public comments with a deadline of August 10, 201… Continue Reading

Washington’s New Biometric Privacy Law: What Businesses Need to Know

With the rise in hackings and data breaches, companies and government agencies are looking for ways to protect their data that offer more security than passwords. Because passwords are easily lost, stolen, guessed, and cracked by hackers, companies are shifting to the use of biological characteristics that uniquely identify you, called biometric iden… Continue Reading

(Connected) Toy Story: The FTC Updates the COPPA Compliance Plan

The Federal Trade Commission (“FTC”) recently issued an updated “Six-Step Compliance Plan for Businesses” (“Compliance Plan”) for entities subject to the Federal Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501-6506, to “reflect developments in the marketplace—for example, the introduction of int… Continue Reading

The Privileged Cyber Investigation: Ensuring Non-Lawyers Understand the Essentials

The attorney-client privilege and the work-product doctrine are both well known among practitioners in the U.S., but these concepts are not always well understood. In the context of investigating a suspected cyber incident or auditing the security of your systems, it is important not only for counsel to understand these concepts, but also the technical … Continue Reading

China’s Cybersecurity Regulators Issue Procedural Rules to Strengthen Enforcement Power

For the past several years, the Cyberspace Administration of China (the “CAC”) has risen to a very important status among the Chinese national government’s agencies. However, it lacks a specific procedural law to empower it with specific enforcement actions. Against this background, the CAC issued the Provisions on Administrative Law Enforcem… Continue Reading

White House Releases Cybersecurity Executive Order

On May 11, 2017, the White House released its long-awaited Executive Order on cybersecurity (EO). The EO directs Executive Branch agencies to develop plans to assess and improve the cybersecurity of their own operations, based on the 2014 NIST Cybersecurity Framework; directs law enforcement and national security agencies to work with providers of cri… Continue Reading

Cyber Security Threats are Evolving. Are You?

Cyber-attacks are constantly growing more challenging and dangerous. It is a top priority for businesses to protect their networks, computers, and information from unauthorized access. Should a data breach occur, cyber criminals, industry competitors, and even foreign governments put your employees and business and customer relationships at riskContinue Reading

What if Apple and the FBI went to SCOTUS?

Davis Wright attorneys Robert Corn-Revere and Ronald London recently argued the privacy and First Amendment interests in a “moot Supreme Court” session at the Newseum that sought to approximate appellate review of the issues arising out of the FBI’s effort to access the smart phones of the suspects in the San Bernardino shootings.

In the original r… Continue Reading

Advisory Alert: Can Ransomware Trap Your Health Information?

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been highlighting the threat posed by “ransomware”—when an organization is locked out of its own systems and files by cyber criminals who then demand the organization pay a ransom to regain access.  OCR launched its Cyber-Awareness initiative on Feb. 2 by emaili… Continue Reading

Passage of Cybersecurity Act Eliminates Liability for Cyber-Sharing

Businesses concerned about combating cyber threats got an unexpected gift from Washington in the final weeks of 2015 with the passage of long-stalled cyber-sharing legislation that encourages private enterprises and the federal government to voluntarily share certain cyber threat information while limiting the private sector’s liability for su… Continue Reading

Wyndham v. Deflategate: Where Are the Goal Posts?

As a privacy litigator, I could not help but observe an apparent contradiction in the way the Third Circuit allowed the FTC to pursue Wyndham Hotels for cybersecurity breaches under the FTC Act, but Judge Berman (SDNY) rejected the NFL’s authority to impose a 4-game suspension on New England Patriots’ quarterback Tom Brady for breaching professional … Continue Reading

Pardon the “Intrusion” – Cybersecurity Worries Scuttle Wassenaar Changes

Concerns over proposal to implement cybersecurity provisions of the Wassenaar Arrangement prompt Commerce Department to pull proposed rule

Companies concerned about their cybersecurity posture can breathe a small sigh of relief, as the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) recently announced it was scrapping plans t… Continue Reading

DoD New Cyber Security Reporting Rules for Contractors

In a move that highlights the changing winds of federal cybersecurity policy, the Department of Defense (“DoD”) has issued an interim Rule (“Rule”) that imposes new security and reporting requirements on federal contractors, and new requirements for DoD cloud computing contracts.

The Rule requires federal contractors to report cyber incide… Continue Reading

Telephone Surveillance Hang-Ups: Second Circuit Asks Parties in ACLU v. Clapper to Brief Whether the USA Freedom Act Moots Plaintiff’s Claims

Not long after striking down the National Security Agency’s telephone surveillance program in ACLU v. Clapper, the Second Circuit is asking the parties to assess whether recently passed federal legislation has rendered the plaintiff’s claims moot.

On May 7 the Second Circuit Court of Appeals ruled that the NSA’s bulk telephone metadata collecti… Continue Reading

Video Interview: Protect Yourself from Cyber Threats

On Thursday, June 4, 2015, Sean Hoar made an appearance on the “AARP Fraud Watch” segment of A.M. Northwest, a television program at KATU TV in Portland, Oregon, where he gave some tips to consumers about how they can protect themselves from cyber threats.  In his former role as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, Sea… Continue Reading

Finding a Cyber Safe Harbor in the SAFETY Act

Does your company provide or use a cybersecurity product or service? Are you concerned about the potential liability for yourself, your distributors and your customers if your cybersecurity product is used in an attempt to thwart cyber terrorism? You should be.

Late last month the Department of Homeland Security (DHS) certified two cybersecurity produ… Continue Reading

Wake-Up Call: Second Circuit Declares NSA’s Mass Telephone Surveillance Program Illegal

Whatever your opinion of Edward Snowden, the shockwaves from his leaks of classified material continue to roil all three branches of the federal government.

The latest wave broke last week when the United States Court of Appeals for the Second Circuit held in ACLU v. Clapper that the National Security Agency’s mass telephone metadata collection progra… Continue Reading

Is Wi-Fi Security Keeping You Awake on the Road?

Sometimes it’s hard to get a good night’s rest out on the road. Accessible Wi-Fi in hotels, airplanes, coffee shops, and other hospitality locations has quickly gone from a luxury to a  necessity for customers who need continuous access to the Internet. Yet serious security gaps in the majority of hospitality Wi-Fi networks are causing restless nig… Continue Reading

Are Regulatory Fears Impeding Industry Cyber Sharing?

Business leaders confess that concerns of adverse regulatory actions are impacting industry willingness to share cyberthreat information with authorities

They say that no good deed goes unpunished. And when it comes to cyber sharing, industry leaders are concerned that their only “reward” for helping the government identify and respond to cyber… Continue Reading