Discerning Data

The U.S. in the AI Era: the National Security Commission on Artificial Intelligence Releases Report Detailing Policy Recommendations

On March 1, 2021, the National Security Commission on Artificial Intelligence (NSCAI) released its 700-page Final Report (the “Report”), which presents NSCAI’s recommendations for “winning the AI era” (The Report can be accessed here). This Report issues an urgent warning to President Biden and Congress: if the United States fails to significantly accelerate its understanding and use of AI technology, it will face unprecedented threats to its national security and economic stability. Specifically, the Report cautions that the United States “is not organizing or investing to win the technology competition against a committed competitor, nor is it prepared to defend against AI-enabled threats and rapidly adopt AI applications for national security purposes.”

In the Final Report, NSCAI makes a number of detailed policy recommendations “to advance the development of AI, machine learning, and associated technologies to comprehensively address the national security and defense needs of the United States.” The Report, its findings and recommendations all signal deep concern that the U.S. has underinvested in AI and must play catch-up in order to safeguard its future.

Continue reading “The U.S. in the AI Era: the National Security Commission on Artificial Intelligence Releases Report Detailing Policy Recommendations”

Faegre Drinker on Law and Technology Podcast: A Primer on Cybersecurity Frameworks

ISO, NIST, CMMC — if the alphabet soup of cybersecurity frameworks has you confused, we’ve got you covered. In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss chats with guest Jim Watkins, former deputy laboratory director in the FBI’s Orange County Crime Lab and current certified technical assessor for the ANSI National Accreditation Board, about some of the more prominent cybersecurity frameworks, the process of cybersecurity assessments, how compliance issues are addressed, and what’s the difference between self-assessment, self-certification, and accreditation, and how a skilled attorney can make all the difference in getting accredited.

Continue reading “Faegre Drinker on Law and Technology Podcast: A Primer on Cybersecurity Frameworks”

New York Department of Financial Services Announces $1.5 Million Settlement of Second Cybersecurity Enforcement Action

On March 3, 2021, the New York State Department of Financial Services (NYDFS) announced a settlement with Residential Mortgage Services, Inc. (RMS) for $1.5 million in connection with its violation of the NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500). This is the second publicly-announced settlement of an enforcement action brought under NYDFS’s novel cybersecurity regulation (we wrote about the first action).

According to the consent order, in March 2020, NYDFS’ Mortgage Banking Division commenced a routine examination of RMS, which included a review of its compliance with Part 500. RMS is headquartered in Maine, but it is registered as mortgage banker in New York and other states. During the examination, NYDFS determined that RMS failed to report a March 2019 data breach incident, as required by Part 500.

Continue reading “New York Department of Financial Services Announces $1.5 Million Settlement of Second Cybersecurity Enforcement Action”

The Eleventh Circuit Finds that Potential Future Misuse of Personal Information Does Not Confer Article III Standing in Data Breach Suits

On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split.

The case, Tsao v Captiva MVP Restaurant Partners LLC, originated in the District Court for the Middle District of Florida where the plaintiff filed a class action complaint against the restaurant chain PDQ in connection with a May 2017 data breach. Following the breach, PDQ posted a notice to customers regarding the breach, explaining that customers’ names, credit card numbers, card expiration dates and CVVs may have been exposed.

Continue reading “The Eleventh Circuit Finds that Potential Future Misuse of Personal Information Does Not Confer Article III Standing in Data Breach Suits”

Non-Techies – Protect Your Digital Data by Securing Your Home and Business Wi-Fi

I spent over 22 years in the FBI performing criminal cyber and forensics investigations. Many of these investigations led us to people who were innocent of the alleged crimes but who were guilty of unknowingly allowing criminals to hijack their home or business Wi-Fi networks. These cyber-criminals were committing crimes while leaving a digital fingerprint that pointed at people guilty only of poor Wi-Fi security.

If you do not encrypt your Wi-Fi settings, you may get an early morning visit from my former FBI colleagues investigating federal crimes such as child pornography or terrorist threats. Why? You might be the victim of a nefarious behavior known as “War Driving,” which occurs when cyber-criminals drive through your neighborhood, identify unencrypted Wi-Fi signals, and do their evil bidding using your Internet Protocol or IP address. When law enforcement checks the IP address associated with the criminal behavior, it is your name and address that surfaces. Often this connection can be the basis for a criminal search warrant with your name on it. Many a front door has knocked down as a result of this kind of search warrant.

Continue reading “Non-Techies – Protect Your Digital Data by Securing Your Home and Business Wi-Fi”

Faegre Drinker on Law and Technology Podcast: Cybersecurity and Incident Response — A Battle Plan

You’ve been hacked! What happens next? In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with guests Serge Jorgensen, founding partner and chief technology officer at Sylint Cybersecurity, and Faegre Drinker’s Jay Brudz about the legal and technical aspects of a cybersecurity incident, action items leaders should be prepared to take in the immediate aftermath of a breach, and other critical decisions that will make or break your incident response.

Continue reading “Faegre Drinker on Law and Technology Podcast: Cybersecurity and Incident Response — A Battle Plan”