How Privilege Undermines Cybersecurity

Despite the title, rest assured that the Cyberlaw Podcast has not gone woke.

This bonus episode is focused instead on how cybersecurity is undermined by the attorney-client privilege.  To explore that question, I interview Josephine Wolff and Dan Schwarcz, who along with Daniel Woods have written an article with the same title as this post.

Their thesis is that breach lawyers have lost perspective as they’ve waged a no-holds-barred (and frequently losing) battle to preserve the attorney-client privilege for forensic reports that diagnose their clients’ cybersecurity breaches. Remarkably for the authors of a law review article, they did actual field research, and it tells us a lot.

The authors interviewed all the players in breach response—the breached company’s information security teams, the breach lawyers, the forensics investigators who parachute in for incident response, the insurers and insurance brokers, and more. I am reminded of Tracy Kidder’s astute observation that, in building a house, there are three main players – owner, architect, and builder – and that if you get any two of them in a room alone, they will spend all their time bad-mouthing the third. Wolff, Schwarcz, and Woods seem to have done that with the breach response players, and while the bad-mouthing is spread around, it falls hardest on the lawyers.

The main problem is that invoking attorney-client privilege to keep breach forensics confidential is not an easy sell. The courts have been unsympathetic. To overcome the undertow of judicial skepticism, breach lawyers end up imposing more and more draconian restrictions on forensic investigators and their communications. The upshot is that no forensics report at all may be written for many breaches (up to 95% of them, Josephine estimates). How does the breached company find out what it did wrong and what lessons it should learn from the incident? Simple. Their lawyer talks to the forensic firm, translates its advice into a high-level PowerPoint, and orally explains the cybersecurity details to the company’s management and information security team. Really, what could go wrong?

In closing, Dan and Josephine offer some ideas for how to get out of this mess. I push back. All in all, it’s the most fun I’ve ever had talking about insurance law.

Download the Bonus 435th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Source link:




Hillary Clinton Claims Trump ‘Rigged’ 2020 Election, Predicts ‘End of Democracy’ If He Wins in 2024

Former presidential candidate Hillary Clinton claimed Donald Trump engaged in a “rigged game” to try and steal the 2020 election and predicted a...

Frank Lampard sends message to Chelsea players as he singles out Noni Madueke for praise after goal at Arsenal

Frank Lampard reserved special praise for Noni Madueke after his first goal for the club on what was a disastrous night for Chelsea. The...

Twitch Partner Plus to Benefit Just 2.5% of Streamers: Tracker

Although Twitch’s new Partner Plus program, which gives streamers an increased share of their subscription revenues, was seen as an olive branch by...

Covid-19 inflamed the opioid crisis, particularly for Black Americans

Between 2016 and 2021, the rate of fentanyl overdose deaths rose 279 percent for all Americans, the new CDC data shows. Even as...

Mango Markets Exploiter Arrested in Puerto Rico, Charged with Market Manipulation and Fraud

Avraham Eisenberg, the crypto trader behind the $110 million decentralized finance (DeFi) platform Mango Markets exploit, has been arrested in Puerto Rico and...