TWO FORDHAM LAW CENTERS ARE LEADING THE CHARGE IN CYBERSECURITY
Last December, as tech-savvy consumers were shopping online for holiday gifts, cyber criminals were using the Internet to shop for Hollywood secrets.
Individuals breached Sony Pictures’ computer defenses and were doing quite a bit of damage: leaking e-mails, disclosing sensitive data, and threatening employees. The U.S. government suggested that North Korea was behind the attack because of the country’s displeasure over the upcoming release of the movie The Interview, which comedically portrays a plot to assassinate North Korean leader Kim Jong-un.
Given the scale of the attack, the notoriety of its victim, and the related political concerns, it is no surprise that the Sony hack garnered extensive media attention. What perhaps is surprising is that these types of attacks don’t happen more often. With their enormous databases of customer information, including credit card numbers and bank account details, large businesses are attractive prey for online attackers. Security breaches have occurred recently at high-profile retailers Target and Home Depot.
In the 21st century, technology is both a tool and weapon. As a result, cybersecurity is more important than ever, and Fordham Law is at the front lines: from academic programs that allow students to understand the intricacies of information and privacy law to centers that are part of the national discussion on improving cybersecurity infrastructure.
PRIVACY: ALL OF YOUR BUSINESS
The Internet’s legal matrix often seems to confound technologists, lawyers, policymakers, and the general public. Since its inception in 2005, the Law School’s Center on Law and Information Policy (CLIP) has aimed to fill that gap in knowledge.
Joel R. Reidenberg, the Stanley D. and Nikki Waxberg Chair and Founding Academic Director of CLIP, understands the importance of protecting information and the role of technology in the economy. He has served as an expert advisor on data privacy to the American Law Institute, the Federal Trade Commission, Congress, and the European Commission. He says it is imperative that students gain a practical understanding of the legal and policy areas that are important for the future of information — such as laws relating to cloud computing — and how those areas can be improved.
Students involved with CLIP have the opportunity to become immersed in this constantly evolving field through many initiatives such as CLIP’s research programs, where law students collaborate with faculty and postgraduate fellows to publish policy-guiding reports.
Congress has held hearings to learn about recent CLIP privacy studies, and the World Intellectual Property Organization in Geneva has convened meetings on CLIP’s intellectual property work. Most recently, through a Frontier grant awarded by the National Science Foundation, CLIP is working with Stanford and Carnegie Mellon computer scientists to address mechanisms for more meaningful online privacy notices using natural language processing and crowd sourcing techniques. The CLIP team is providing the legal and policy perspective for the development of technological tools such as user interfaces that will help convey the meaning of website privacy policies.
For the next generation of lawyers who will be dealing with information law matters, Reidenberg says opportunities like this are invaluable.
“CLIP gives students tremendous hands-on experiences in legal and policy analysis in an information law context,” he says.
Throughout this spring semester, CLIP has organized a number of events to advance the discussion of these topics, such as book talks led by prominent professors and faculty workshops. CLIP also hosts a yearly Law and Information Society Symposium, which features a daylong discussion on a cutting-edge topic in the field. Last year, the annual conference centered around the “Internet of Things,” a term used to define everyday items that may one day collect or are already collecting data about their users. Federal Trade Commissioner Julie Brill gave an insightful keynote address, and a range of topics was covered, including interconnected devices and their role in healthcare.
Information is an enormous part of the American economy. You need protection for innovation, intellectual property, and data privacy. This all comes from information law. – Joel Reidenberg
Three years ago CLIP began the Volunteer Privacy Education Program, an initiative that educates middle schoolers on privacy issues. Using a curriculum developed by then CLIP fellow Jordan Kovnot ’11, a handful of Fordham Law student volunteers in 2013 taught their first lesson at a Manhattan public school, where they led classes on issues ranging from the use of social media to passwords. The curriculum was then made available online for other law schools to use as a pro bono service project as well as any educator who wished to incorporate the lessons in the classroom. Law schools across the country have adopted the program and partnered with local middle schools.
Reidenberg says there is great economic value to information, digital and otherwise.
“Information is an enormous part of the American economy,” he says. “You need protection for innovation, intellectual property, and data privacy. This all comes from information law.”
GOVERNMENTS UNDER ATTACK
At the beginning of last year, an Israeli defense ministry computer was hacked, allowing intruders to assume control of a number of computers, including one that monitors Palestinians in territory occupied by Israel. Countries have routinely accused other nations of using high-tech attacks as a method of spying or disrupting affairs. These types of breaches highlight the crucial nature of cybersecurity as it relates to geopolitical issues.
Karen Greenberg, Director of the Law School’s Center on National Security, studies security threats to nations, whether they originate from a missile code or binary code. A professor and permanent member of the Council on Foreign Relations, Greenberg publishes extensively and is an expert on issues of terrorism and national security. As head of the Center, Greenberg organizes educational and research projects devoted to rapidly evolving U.S. security issues. In addition to hosting programs on national security and terrorism, the Center is strongly focused on the issue of cybersecurity, which Greenberg says is an important area to focus on given the range of such threats to a nation.
“There are so many potential threats, from financial attacks to compromised defense systems,” she says.
To foster discussion on cybersecurity issues, the Center sponsors a number of events, bringing in experts from around the country, including a director from computer security company Symantec and the former commander of Army Cyber Command and leading cybersecurity experts in private industry. In 2013, Greenberg moderated a discussion co-sponsored by West Point’s Combating Terrorism Center titled “Bitcoin: The Promise and Risks of Alternative Currencies.” The event featured a trio of speakers delving into the issues surrounding the virtual currency, such as difficulties with regulation.
The Center publishes a weekly online newsletter, the Cyber Brief, in which the top cybersecurity news stories are distilled for readers. Recent issues have linked to media reports about the Sony hack, proposed Congressional legislation related to cybersecurity, and court reports about the WikiLeaks case.
There are so many potential threats, from financial attacks to compromised defense systems. –Karen Greenberg
According to Greenberg, one of the best ways to improve national cybersecurity is to remain informed and to openly discuss the issues. In defusing attacks, she says that first a nation needs to understand the threats it is confronting. It is then faced with a decision: observe the problem or try to counteract it.
“It’s very important to have this conversation,” she says. As a means of furthering that discussion, the Center hosted a daylong conference in April on cybersecurity, featuring former and current officials from the NSA and CIA and various voices from industry as well as from privacy experts and advocates.
As financial statements and customer information move from ledger books and spreadsheets to databases and servers, cybersecurity plays an increasingly important role for a company. Fordham University alumnus and CLIP advisor Edward Stroz knows this well. As Executive Chairman of Stroz Friedberg, an international consulting firm with headquarters in New York that specializes in digital forensics, intelligence, and risk management, Stroz works regularly with businesses on cybersecurity issues.
Threats to a company’s digital infrastructure are naturally much different than those to its physical footprint. In online transactions, the robustness of the security system is more directly connected to customer behavior. For example, when a brick-and-mortar store is robbed, customers may be initially wary, but they will most likely return as patrons. If an online retailer suffers a data breach, consumers may be loath to use their credit cards at that site again, fearing that they may be putting their personal information at risk.
“Good security is connected to brand reputation,” says Stroz. “It’s really the first time that there’s a strong link between adequate security and the confidence of the consumer.”
Stroz’s firm provides comprehensive services for organizations, including forensic accounting, incident response, security, compliance, data discovery, and due diligence. His team includes former members of the CIA and FBI and former attorneys in the Department of Justice. Working together, they determine where their clients are digitally vulnerable and where they are being threatened by breaches.
National security really depends on how much you can invest in first-rate protection. –Edward Stroz
When it comes to protecting information at the government level, Stroz notes that technology resources play a crucial role. The United States utilizes a sophisticated dual system: the primary Internet, which the general public uses, and a separate network available only to the U.S. government, one that is not connected to the World Wide Web.
“Anything on the government system is harder to access than that on the public side,” says Stroz. “An attack will not disable the entire system.”
Some nations, however, do not have this dual-system capability, which presents troubling gaps in security.
“National security really depends on how much you can invest in first-rate protection,” he says.
As Reidenberg notes, the landscape of the world has changed considerably. The impact of cyber attacks is similar to the evolution of warfare centuries ago, where the battlefield changed when new technology was implemented. Geographical proximity and heavy artillery were often the prerequisites of war. Nowadays, an enemy can do major damage from thousands of miles away wielding nothing more than a laptop and a computer virus.
“Cybersecurity weapons are the new gunpowder of our era,” says Reidenberg. “And just think of the impact that gunpowder had on warfare centuries ago.”
Story by Andrew Clark