CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. This report provides updates to an earlier report on cyberlaw from June of 2019 which can be viewed here: https://www.csiac.org/csiac-report/evolving-developments-in-cyberlaw-2019/
This presentation was given at the annual meeting of the American Bar Association’s Information Security Committee. The Committee is comprised of a diverse group of lawyers, security experts, technologists, auditors and other professionals, whose focus includes the examination and analysis of legal, business, and technical aspects of securing the confidentiality, integrity and availability of information. The Committee’s focus spans across the spectrum of information security issues, including: emerging issues surrounding the protection of information and critical infrastructures within computer systems and networks, such as the Internet; all aspects of litigation involving computer ecosystems as well as the electronic information generated by them; and regulatory and legal information security compliance and contracting.
CAC/PIV holders can download the report here: https://www.dodtechipedia.mil/dodwiki/download/attachments/606470786/emerging-developments-in-cyberlaw-2020.pdf
Mr. Aldrich, great presentation. Law enforcement across the board need more training on what is legally permissive with new technology. The legislators and judicial system is about 15 years behind in provided consistent legal standing for digital investigations.
Thank you Mr. Walton for the kind message. Please contact CSIAC if you would like me to make an updated presentation to your organization. There have been many new cases in just the last few months! I provide presentations that are focused to law enforcement, counterintelligence, system administrator, or legal audiences, but can also provide more general briefings to address mixed audiences.
Hi Rick. I was reading your PowerPoint presentation from June 2019 regarding evolving developments in cyberlaw. The Mondelez case caught my eye (and I understand it still may be pending determination). This grey zone between contractual definitions of ‘war’, ‘warlike’ and ‘hostile’ and the debate about whether existing international law adequately contemplates the concept of cyber-warfare is as frightening as it is intriguing. On the one hand, organizations may not have insurance cover if property destruction, or financial losses, are deemed by the insurer to be associated to the malicious actions of a State actor. Some of these financial losses are staggering. And on the other hand, the question as to whether a host State can legitimately and proportionately retaliate against State-actor threats in accordance with international law remains unclear. Short of specific international treaties being agreed on the matter, how do States normalize conduct and rules of engagement if proportionate response mechanisms cannot be conducted openly ? I accept that this is a bit of an abstract question, but I would appreciate any views you have on the matter. Malicious events could quite seriously derail entire economies, or large sections of them. Thanks.