Welcome to eWhite House Watch
Where Technology, Privacy, and Politics Collide

Cyber Policy Updates Written By La...

Cyber Policy Updates Written By Law Students

eWhite House Watch features concise updates on cyber policy issued by the Office of the President of the United States (POTUS). Monitored and written primarily by law students, each eWHW cyber policy update is presented in an easy-to-scan format that includes links to POTUS announcements, federal and state proposed legislation, breaking news, updates, cyber policy committee reports, and more.

Technology + Privacy + Politics

Technology + Privacy + Politics

Striking the proper balance of benefits between technological advances and privacy protection has always posed challenges. Today, the challenges are even greater as technology significantly outpaces privacy protections; and the need for greater recognition of this reality and honest public discourse is more pressing than ever. eWhite House Watch monitors the cyber agenda so you can be informed and partake in the debate.

New to the Cyber World?

New to the Cyber World?

Visit our special feature, Origins: The White House Cyber Agenda for details on the current administration's Comprehensive National Cybersecurity Initiative. Learn More

Companion Blog: eLessons Learned

Companion Blog: eLessons Learned

The creator of eWhite House Watch also created eLessons Learned with a similar vision in mind: To provide readers with useful and timely information about how technology impacts our legal system and our lives in a way that is easy to understand. Learn More



OFAC Issues Cyber-Related Sanctions Regulations

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) published the Cyber-Related Sanctions Regulations that became effective on December 30, 2015. The new regulations implement Executive Order 13694 and authorize the imposition of economic sanctions on those found to be responsible for, as well as those who significantly benefit from, malicious cyber attacks or cyber theft. The regulations do not identify specific individuals or entities who will be sanctioned, nor do they indicate any sort of immediate compliance obligations for U.S. companies. Some notable regulations include: Sanctions on identified entities who participate in cyber-enabled activities that are reasonably likely to have resulted in a significant threat to the national security, foreign policy, economic health or financial stability of the United States. Sanctions on identified entities who trade or engage in other transactions with people named on OFAC’s SDN List pursuant to E.O. 13694.     You can find more details about the Cyber-Related Sanctions Regulations here.

The (cyber) State of the Union – Have we placed enough of a priority on our cyber security since 2008?

By Kristen Tierney   While security seemed to be a major focal point during President Obama’s State of the Union Address last Tuesday night, cyber security did not receive quite as much direct attention. Not surprisingly, national security took a front seat, but this time with very little focus on national surveillance policies. Perhaps it could be because it is the President’s eighth and last State of the Union Address, but the overall tone felt nostalgic, with the President frequently referencing the traditional American “spirit” and “work ethic.” Yet, it was candid and at times even “playful,” with the President evoking laughter several times throughout the night.   The President opened his address by laying out four major questions that he planned to answer, one of which was how we as a nation can “make technology work for us and not against us.” In trying to promote the need for technological developments in science and in medicine, Obama referred to the American “spirit of discovery.” calling for a similar response in dealing with issues like climate change and developing the cure for cancer as there was during the development and buildup of the American space program.   Developments in internet access received a brief but honorable mention, when the President said we have successfully “protected an open internet” and which also allowed for more students and low-income Americans to have internet access. It would have been impossible for the President to address issues of national security without at least acknowledging the looming threat of terrorism. It was at this point that the internet received a less honorable mention when the President acknowledged the use of the internet as a tool for terrorist groups like Al Qaida and ISIL in recruiting new members.

Read More

Georgetown’s Third Annual Cybersecurity Law Institute – A Recap of Informative Programming

The Georgetown University Law Center held its annual Cybersecurity Law Institute on May 20 and 21, 2015.  The event, billed as the only cybersecurity conference geared primarily for attorneys, focused on providing both practical how-to advice for attorneys working on cybersecurity while also discussing the future of cybersecurity.  eWhite House Watch had the opportunity of attending the conference as part of the Institute’s Press Corps, and found the sessions and networking opportunities fascinating.   The highlight of the event came on its first day when both James B. Comey, the director of the FBI, and Leslie Caldwell, Assistant Attorney General in charge of the DOJ Criminal Division, spoke to the assembled conference goers.  Director Comey demonstrated a solid understanding of the cybersecurity threats facing the nation.  He repeatedly emphasized the importance of private companies' collaborating with the FBI to address the most pressing of cyber threats.  He noted that even though the FBI has not always had a stellar record in working with the private sector, it hastaken great steps to improve its relationship with private enterprise since the financial attacks of 2012.

Read More

House Faces Both Support and Criticism over Cybersecurity Bills Discussed this Past Week

As reported by The Hill this past week, the House was set to discuss two important Cybersecurity Bills, both expected to pass. According to the proposed bill, the Protecting Cyber Networks Act is intended “to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.” Separately, the National Cybersecurity Protection Advancement Act is an amendment to the Homeland Security Act of 2002 and according to that proposed bill it is expected “to enhance multi-directional sharing of information related to cyber-security risks and strengthen privacy and civil liberties, protections, and for other purposes.. On the surface, neither of the proposed bills seems problematic. There is some significant support for the bill, as noted in The Hill’s piece Tech will be watching cyber vote – in that the Information Technology Industry Council (ITI) has already sent a letter to the House expressing its support for the bills. In the letter ITI said that it “firmly believe[s] that passing legislation to help to increase voluntary cybersecurity threat information and sharing between the private sector, is an important step Congress can take to enable all stakeholders to address threats, stem losses, and shield their systems, partners and customers.”

Read More

Cyberwar Escalates in the Middle East

  Author: Sarah Austin   On March 31, 2015 the DHS reported two new malware campaigns spotted in the Middle East. The first malware campaign is a brand-new information gathering tool called Trojan Laziok. The operators of Trojan Laziok have been targeting oil, gas and helium companies in the Middle East since January 2015. This malware infects the companies’ computer systems via a phishing email that contains an infected Microsoft Excel file. Once the email is opened and the malware has infiltrated the system, it collects vital data and information regarding the companies’ anti-virus protection. Access to information about the companies’ anti-virus protection allows the malware’s operators to remain undetected while continuing to infect the companies system with more advanced malware, such as Cyberats and Zbots, which can record audio and video from the infected computers and monitor keystrokes.

Read More

Wikimedia v NSA Complaint

The grounds for which Wikimedia is basing its lawsuit involve the mass surveillance program that the NSA has been implementing. One of the most troublesome facets of this program, according to Wikimedia’s pleading, is the NSA’s search and seizure of internet communications, which is called “Upstream” surveillance. Wikimedia argues that these actions violate its users most basic of rights, citing the U.S. Constitution’s First Amendment protection of freedom of speech, and Fourth Amendment protection against unreasonable search and seizure because defendants’ conduct involved suspicionless seizure and searching of Internet traffic by NSA on U.S. soil.   The founder of Wikipedia, Jimmy Wales, continues to emphasize that user privacy is of utmost importance. When such privacy is put in question, and people fear that their information will be leaked, the Wiki experience is seriously undermined. This issue, with the NSA specifically, was made much more serious and real with the Edward Snowden 2013 public disclosures, which revealed information about Wikimedia’s programs. According to its blog postings, Wikimedia has been looking for a way to file a lawsuit ever since this incident. Zeroing in on the “upstream” surveillance aspect allows the suit to serve as a vehicle to address Wikimedia’s views on how…..

Read More