Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: ID Theft

Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis

CRS – Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis. N. Eric Weiss, Specialist in Financial Economics. December 11, 2014.

“Data breaches, such as those at Target, Home Depot, Neiman Marcus, and JPMorgan Chase, affecting financial records of tens of millions of households seem to occur regularly. Companies typically respond by trying to increase their cybersecurity by hiring consultants and purchasing new hardware and software. Policy analysts have suggested that sharing information about these breaches could be an effective and inexpensive part of improving cybersecurity. Firms share information directly on an ad hoc basis and through private-sector, nonprofit organizations such as Information Sharing and Analysis Centers (ISACs) that can analyze and disseminate information. Firms sometimes do not share information because of perceived legal risks, such as violating privacy or antitrust laws, and economic incentives, such as giving useful information to their competitors. A firm that has been attacked might prefer to keep such information private out of a worry that its sales or stock price will fall. Further, there are no existing mechanisms to reward firms for sharing information. Their competitors can take advantage of the information, but not contribute in turn. This lack of reciprocity, called “free riding” by economists, may discourage firms from sharing. In addition, the information shared may not be applicable to those receiving it, or it might be difficult to apply. Because firms are reluctant to share information, other firms suffer from vulnerabilities that could be corrected. Further, by not sharing information about effective cybersecurity products and techniques, the size and quality of the market for cybersecurity products suffer. Some industry leaders call for mandatory sharing of information concerning attacks. Other experts advocate a strictly voluntary approach, because they believe it could impose fewer regulatory costs on businesses and cost less for taxpayers. Several bills have been introduced in the 113th Congress to encourage information sharing. H.R. 624, the Cyber Intelligence Sharing and Protection Act, and S. 2588, the Cybersecurity Information Sharing Act of 2014, aim to increase information sharing by directing the Department of Homeland Security and the Department of Justice to develop procedures for receiving and sharing information and by providing liability protection for private entities acting in good faith for a cybersecurity purpose. H.R. 624 passed the House, and S. 2588 was reported out of the Senate Select Committee on Intelligence.”

CIGI-Ipsos Global Survey on Internet Security and Trust

“The CIGI-Ipsos Global Survey on Internet Security and Trust, undertaken by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, reached 23,376 Internet users in 24 countries, and was carried out between October 7, 2014 and November 12, 2014. The countries included: Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain,Continue Reading

Experian Data Breach Resolution releases second annual data breach industry forecast

“Preventing and managing data breaches have become two of the highest priorities facing businesses today. To help executives plan ahead, Experian Data Breach Resolution announces the release of its second annual Data Breach Industry Forecast, a complimentary white paper outlining key issues and trends to watch for in 2015. Many evolving factors such as new threats, regulatory changesContinue Reading

Home Depot SEC Filing – Pretax Breach Cost $43 million

eSecurity Planet – “In a recent SEC filing, Home Depot stated that a recent data breach that exposed 56 million credit cards and 53 million email addresses cost the company $43 million in the third quarter of 2014 alone. Specifically, Home Depot says it “recorded $43 million of pretax expenses related to the data breach, partially offsetContinue Reading

Executive Order – Improving the Security of Consumer Financial Transactions

“Given that identity crimes, including credit, debit, and other payment card fraud, continue to be a risk to U.S. economic activity, and given the economic consequences of data breaches, the United States must take further action to enhance the security of data in the financial marketplace. While the U.S. Government’s credit, debit, and other paymentContinue Reading

Pew Report – Cyber Attacks Likely to Increase

Cyber Attacks Likely to Increase BY LEE RAINIE, JANNA ANDERSON AND JENNIFER CONNOLLY “The Internet has become so integral to economic and national life that government, business, and individual users are targets for ever-more frequent and threatening attacks. In the 10 years since the Pew Research Center and Elon University’s Imagining the Internet Center first asked expertsContinue Reading

California Data Breach Report

Kamala D. Harris, Attorney General, California Department of Justice, October 2014 “California is the birthplace of the digital revolution that has transformed nearly every aspect of the world in which we live. Yet even as technological innovation and advances bring us greater convenience, efficiency, and productivity, they are also generating new vulnerabilities. The Internet has created aContinue Reading

JPMorgan Data Breach Involves Information on 76 Million Households

JPMorgan Data Breach Involves Information on 76 Million Households, 7 Million Small Businesses, CRS Legal Sidebar, October 23, 2014 “JPMorgan did not provide individual customers with notice of the breach because it believed that it had no obligation to do so because no “sensitive customer information” was involved in the data breach. This means thatContinue Reading

Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws

CRS – Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws. Charles Doyle, Senior Specialist in American Public Law. October 15, 2014. “The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030, outlaws conduct that victimizes  computer systems. It is a cyber security law. It protects federal computers, bank computers, and computersContinue Reading

Understand the Cost of Cyber Security Crime

HP Report – Cyber Crime Costs Continue to Grow: “Cyber crimes are growing more common, more costly, and taking longer to resolve. Those are among the findings of the fifth annualCost of Cyber Crime Study conducted by the respected Ponemon Institute on behalf of HP Enterprise Security. The 2014 global study of U.S.-based companies, which spannedContinue Reading

Executive Order – Improving the Security of Consumer Financial Transactions

“Given that identity crimes, including credit, debit, and other payment card fraud, continue to be a risk to U.S. economic activity, and given the economic consequences of data breaches, the United States must take further action to enhance the security of data in the financial marketplace. While the U.S. Government’s credit, debit, and other paymentContinue Reading

JPMorgan Chase Says More Than 76 Million Accounts Compromised in Cyberattack

New York Times: “The breach is among the largest corporate hacks, and the latest revelations vastly dwarf earlier estimates that hackers had gained access to roughly 1 million customer accounts.”