Over lawyering or protection beyond requirements? https://www.databreaches.net/article-how-privilege-undermines-cybersecurity/
Article: How Privilege Undermines Cybersecurity
A new article appears to be of great relevance to discussions about how lawyers and “privilege” may thwart our efforts to get more transparency and may thwart our efforts to learn from others’ mistakes — and may even thwart the victim’s own ability to learn from any forensic investigation.
Schwarcz, Daniel B. and Wolff, Josephine and Woods, Daniel W, How Privilege Undermines Cybersecurity (July 28, 2022). Available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4175523
Abstract
In recent years, cyberattacks have cost firms countless billions of dollars, undermined consumer privacy, distorted world geopolitics, and even resulted in death and bodily harm. Rapidly accelerating cyberattacks have not, however, been bad news for many lawyers. To the contrary, lawyers that specialize in coordinating all elements of victims’ incident response efforts are increasingly in demand. Lawyers’ dominant role in cyber-incident response is driven predominantly by their purported capacity to ensure that information produced during the breach-response process remains confidential, particularly in any subsequent lawsuit. By interposing themselves between their clients and any third-party consultants that are involved in incident response, lawyers can often shield any materials produced after a breach from discovery under either attorney-client privilege or work product immunity. Moreover, by limiting and shaping the documentation that is produced by breached firms’ personnel and third-party consultants in the wake of a cyberattack, attorneys can limit the availability of potentially damaging information to plaintiffs’ attorneys, regulators, or media, even if their attorney-client privilege and work product immunity arguments falter. Relying on over sixty interviews with a broad range of actors in the cybersecurity landscape—including lawyers, forensic investigators, insurers, and regulators—this Article shows how, in their zeal to preserve the confidentiality of incident response efforts, lawyers frequently undermine the long-term cybersecurity of both their clients and society more broadly. We find that lawyers often direct forensic providers to refrain from making recommendations to clients about how to enhance their cyber defenses, restrict direct communications between forensic firms and clients, insist on hiring forensic firms that have no familiarity with the client’s networks or internal processes, and strictly limit dissemination of the forensic firm’s conclusions to the client’s internal personnel. To ensure that any legal confidentiality protections are not inadvertently waived by their clients, lawyers also frequently refuse to share any written documentation regarding a breach with third parties like insurers, regulators, and law enforcement. Even worse, we find that law firms overseeing breach investigations increasingly instruct forensic firms not to craft any final report regarding a breach whatsoever. These practices, we find, substantially impair the ability of breached firms to learn from cybersecurity incidents and implement long-term remediation measures. Furthermore, such efforts to protect confidentiality inhibit insurers’ capacity to understand the efficacy of different security countermeasures and regulators’ power to investigate cybersecurity incidents. To reverse these trends, the Article suggests that materials produced during incident response should be entitled to confidentiality protections that are untethered from the provision of legal services, but that such protections should be coupled with new requirements that firms impacted by a cyberattack disclose specific forensic evidence and analysis. By disentangling the incident response process from the production of information that can hold firms accountable for failing to take appropriate and required precautions, the Article aims to remove barriers to effective incident response while preserving incentives for firms to take cybersecurity seriously.
You can download the full paper (for free) from SSRN.
Unfortunately, my AI was unable to attend.
AI’s Role in Modernizing Intellectual Property and Bolstering National Security
The U.S. may lose its position as a global leader in artificial intelligence (AI) if we do not modernize our intellectual property system and bolster our national security strategy. That emerged as the key theme at the U.S. Chamber’s fifth and final AI Commission field hearing, hosted in Washington, D.C. last week. Experts from civil society, government, academia, and industry fathered to discuss this and other important issues related to the use and regulation of AI.
U.S. Chamber President and CEO Suzanne Clark opened the hearing by noting several challenges ahead, such as cooperation between Russia and China to compete against the U.S., intellectual property (IP) theft, and regulation from abroad. With regard to the Commission’s forthcoming policy recommendations, she noted, “You can count on the U.S. Chamber of Commerce to do something with this. You can count on us to not just produce a white paper but to really turn it into action, into work.”
Here are six recommendations for how the U.S. can lead on AI:
Perspective.
https://www.bespacific.com/infographic-of-the-worlds-104-trillion-economy/
Infographic of the world’s $104 trillion economy
BoingBoing – “Fascinating at-a-glance look at the $104 trillion global economy, divvied up into slices of geographical pie. I wasn’t surprised that the United States has the biggest economy, at $25.3 trillion, and that China is close behind with $19.9 trillion (and is expected to surpass the United States by 2030).
Things that surprised me:
How small Russia’s economy ($1.8 trillion) is in comparison with the U.S. and China.
Japan, at $4.9 trillion, has the third largest GDP. That’s more than Germany at $4.3 trillion, or the UK at $3.4 trillion.
Iran’s GDP is $1.7 trillion, which is more than I would expect for a country that has so many sanctions imposed on it.
I expected Canada’s GDP to be more than $2.2 trillion…”
Perspective.
Abortion bans are impeding access to ulcer, arthritis, and cancer medications
Popular Science – “Methotrexate was introduced in the 1940s as a chemotherapy agent. Misoprostol was developed in the 1970s to treat stomach ulcers. On July 13, the US Department of Health and Human Services (HHS) notified pharmacies that refusing to fill prescriptions for medicines containing ingredients that can induce abortion or prevent pregnancy could be in violation of federal civil rights law. The new guidance, which is aimed at the roughly 60,000 retail pharmacies across the country, breaks down how withholding certain medicines would discriminate against customers on the basis of sex or disability. These drugs include contraceptives, miscarriage treatments, and several non-abortion medications used to treat conditions like rheumatoid arthritis, ulcers, and multiple sclerosis. Experts are concerned that some pharmacists in states that have passed abortion restrictions might be unwilling to dispense common medications, even when they have been prescribed for other purposes besides reproductive healthcare. “Reproductive rights are not only a women’s issue, nor are they only an [obstetrics] issue,” Sara C. LaHue, an assistant professor of clinical neurology at the University of California, San Francisco, said in an email. “Restrictions on abortion will affect the care provided by the vast majority of medical specialties in the US.” ..
Resources. Now all I need is the time to search.
https://www.makeuseof.com/websites-discover-best-online-apps/
7 All-In-One Tools Websites to Discover the Best and Most Useful Online Apps
No comments:
Post a Comment