Welcome to eWhite House Watch
Where Technology, Privacy, and Politics Collide

Cyber Policy Updates Written By La...

Cyber Policy Updates Written By Law Students

eWhite House Watch features concise updates on cyber policy issued by the Office of the President of the United States (POTUS). Monitored and written primarily by law students, each eWHW cyber policy update is presented in an easy-to-scan format that includes links to POTUS announcements, federal and state proposed legislation, breaking news, updates, cyber policy committee reports, and more.

Technology + Privacy + Politics

Technology + Privacy + Politics

Striking the proper balance of benefits between technological advances and privacy protection has always posed challenges. Today, the challenges are even greater as technology significantly outpaces privacy protections; and the need for greater recognition of this reality and honest public discourse is more pressing than ever. eWhite House Watch monitors the cyber agenda so you can be informed and partake in the debate.

New to the Cyber World?

New to the Cyber World?

Visit our special feature, Origins: The White House Cyber Agenda for details on the current administration's Comprehensive National Cybersecurity Initiative. Learn More

Companion Blog: eLessons Learned

Companion Blog: eLessons Learned

The creator of eWhite House Watch also created eLessons Learned with a similar vision in mind: To provide readers with useful and timely information about how technology impacts our legal system and our lives in a way that is easy to understand. Learn More



White House’s All-Inclusive Cybersecurity Directive – What does it all mean?

By Sarah Austin   On Tuesday, July 26 The White House unveiled a new policy directive specifying how the federal government will react to growing and rapidly evolving cyberthreats.   The new directive implements principles from February’s Cybersecurity National Action Plan. Most importantly, it reinforces the White House’s policy that cybersecurity is a team effort.   Under the new directive, the FBI will be responsible for coordinating the response to an immediate threat, and the Department of Homeland Security will be responsible for managing the effects after an attack occurs. The directive will also require the U.S. Departments of Justice and Homeland Security to keep an updated list of contact information to assist those impacted by a cyberattack and report it to the proper authorities.  

Read More

Never Waste A Good Breach! — Lessons Learned at the 2016 NetDiligence Cyber Risk and Privacy Liability Forum

By Sarah Austin and George K. Sarris     NetDiligence held its annual Cyber Risk and Privacy Liability Forum on June 6-8th in Philadelphia.  The event primarily focused on providing practical advice for cybersecurity insurance brokers, attorneys and Chief Information Security Officers (CISOs). eWhite House Watch was invited to cover the forum as part of the NetDiligence Press Corps.   On June 6th, the event opened with a session called “Cyber Claims & Loss Updates” where leading experts in cybersecurity insurance discussed the types of claims being covered, examination costs, and claims notice and handling. The panel discussed how policyholders of cyber insurance can improve their methods of dealing with privacy and notice issues after a breach. The panel stated that within the risk pool, only twenty-percent to thirty percent of organizations at risk are covered.  This is largely due to the misconception that breaches are targeted. Chris Novak, the co-founder and Managing Principal of the Verizon Investigative Response Unit, emphasized that recent studies indicate that the “majority of the breaches are opportunistic and not targeted.” Further, the panel discussed how the security industry has not reached the level of maturity needed to combat cybersecurity risks.  For example, the industry struggles to “patch” IOT devices after they are breached.

Read More

IAPP 2016 Global Privacy Summit Recap

The IAPP held its annual Global Privacy Summit in Washington DC between April 3rd and 6th.  Drawing more than 3,500 attendees, the IAPP said it was the largest summit they had ever put on, and to their knowledge the largest of its type in the world. eWhite House Watch had the opportunity to attend the conference as part of the press corps.  As it has in years past, the conference combined fascinating opportunities to hear about cutting edge issues in privacy law with great opportunities to connect with privacy professionals from around the globe.   The conference drew some of the best speakers and biggest names in the privacy community.  For example, one of the keynote speakers was Brad Smith, Microsoft’s Chief Legal Officer and President.  Mr. Smith’s theme was that this is the best of times and the worst of times for privacy in America.  “Privacy is one of the defining issues of our time.”  With everything being connected, we can all benefit from the use of big data, advances in human centered technology, and vast networks of people and computers.  But, hacks like the one Sony experienced, and concerns regarding encryption’s role in the Paris attacks, are just a few examples of the challenges facing privacy professionals.  He emphasized that there is no single answer and that the private sector and governments need to work together to draw proper lines that protect people’s privacy while also providing for their safety.  In short, there is a lot of work to do, but Mr. Smith emphasized that “Privacy should be a cause worth embracing.”

Read More

President Obama’s Budget Proposal Seeks $19 Billion to Launch Cybersecurity National Action Plan

President Obama presented his final annual budget proposal to Congress on Tuesday, which included a $19 billion request to support the launch of his new Cybersecurity National Action Plan (CNAP). The $19 billion request reflects a $5 billion increase in current spending. The President insists that this investment will ensure that Americans will have the tools to protect themselves online, companies will be able to protect their operations and information from hackers, and the government will be able to defend itself against cyber attacks. Some highlights of the CNAP include:   • $3.1 billion to form the Information Technology Modernization Fund, which will rebuild the federal government’s aging computer systems.   • The formation of the Commission on Enhancing National Cybersecurity, comprised of top business and technical non-government employees and thinkers, who will advise the government on the newest technical solutions and the best cybersecurity practices to protect privacy and public safety.

Read More

OFAC Issues Cyber-Related Sanctions Regulations

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) published the Cyber-Related Sanctions Regulations that became effective on December 30, 2015. The new regulations implement Executive Order 13694 and authorize the imposition of economic sanctions on those found to be responsible for, as well as those who significantly benefit from, malicious cyber attacks or cyber theft. The regulations do not identify specific individuals or entities who will be sanctioned, nor do they indicate any sort of immediate compliance obligations for U.S. companies. Some notable regulations include: Sanctions on identified entities who participate in cyber-enabled activities that are reasonably likely to have resulted in a significant threat to the national security, foreign policy, economic health or financial stability of the United States. Sanctions on identified entities who trade or engage in other transactions with people named on OFAC’s SDN List pursuant to E.O. 13694.     You can find more details about the Cyber-Related Sanctions Regulations here.

The (cyber) State of the Union – Have we placed enough of a priority on our cyber security since 2008?

By Kristen Tierney   While security seemed to be a major focal point during President Obama’s State of the Union Address last Tuesday night, cyber security did not receive quite as much direct attention. Not surprisingly, national security took a front seat, but this time with very little focus on national surveillance policies. Perhaps it could be because it is the President’s eighth and last State of the Union Address, but the overall tone felt nostalgic, with the President frequently referencing the traditional American “spirit” and “work ethic.” Yet, it was candid and at times even “playful,” with the President evoking laughter several times throughout the night.   The President opened his address by laying out four major questions that he planned to answer, one of which was how we as a nation can “make technology work for us and not against us.” In trying to promote the need for technological developments in science and in medicine, Obama referred to the American “spirit of discovery.” calling for a similar response in dealing with issues like climate change and developing the cure for cancer as there was during the development and buildup of the American space program.   Developments in internet access received a brief but honorable mention, when the President said we have successfully “protected an open internet” and which also allowed for more students and low-income Americans to have internet access. It would have been impossible for the President to address issues of national security without at least acknowledging the looming threat of terrorism. It was at this point that the internet received a less honorable mention when the President acknowledged the use of the internet as a tool for terrorist groups like Al Qaida and ISIL in recruiting new members.

Read More