Steptoe Cyberlaw Podcast, Episode #39: An Interview with Tom Finan

Stewart Baker
Thursday, October 23, 2014, 11:51 AM
Our guest today is Tom Finan, Senior Cybersecurity Strategist and Counsel at DHS’s National Protection and Programs Directorate (NPPD), where he is currently working on policy issues related to cybersecurity insurance and cybersecurity legislation.  Marc Frey asks him why DHS, specifically NPPD, is interested in cybersecurity insurance, what trends they are seeing in this space for carriers and other stakeholders, and what is next for their role in this space.  He is incredibly forthcoming in his responses and even asks liste

Published by The Lawfare Institute
in Cooperation With
Brookings

Our guest today is Tom Finan, Senior Cybersecurity Strategist and Counsel at DHS’s National Protection and Programs Directorate (NPPD), where he is currently working on policy issues related to cybersecurity insurance and cybersecurity legislation.  Marc Frey asks him why DHS, specifically NPPD, is interested in cybersecurity insurance, what trends they are seeing in this space for carriers and other stakeholders, and what is next for their role in this space.  He is incredibly forthcoming in his responses and even asks listeners to email him  with their feedback. This week in NSA: The House and Senate Judiciary chairs call for action on USA Freedom Act.  And nobody cares.  We conclude that the likelihood of action before the election is zero, and the likelihood of action in a lame duck is close to zero.  But next week we’ll be interviewing Bob Litt, one of the prime negotiators for the intelligence community on this issue, and he may have a different view. The Great Cable Unbundling seems finally upon us, as several content providers announce that they’re willing to sell content direct to consumers over the Internet.  Does that mean more support for net neutrality?  Not necessarily.  Stephanie Roy explains. Are parents responsible for what their adolescent kids do and say on Facebook?  That makes sense, if you’ve never had adolescent kids.  Maybe that explains why Michael Vatis sees merit in the Georgia appellate court decision finding potential liability.  It reversed the trial court, which had granted summary judgment in favor of the parents of a kid who set up a fake and defamatory Facebook page in the name of a classmate he hated.  The facts are a little odd.  The kid who set up the page never took it down, even after he’d been caught and punished by school and parents.  The appeals court thought that the parents had a “supervisory” obligation to make their child delete the fake account, and that they could be held liable for negligently failing to do so.  It’s quite possible, though, that everyone in this case is a Privacy Victim; the issue could have been hashed out with a phone call from the parents of the victim to the parents of the perpetrator, but according to the press, “the child’s parents didn’t immediately confront the boy’s parents because their school refused to identify the culprit.”  Because privacy. FBI Director Comey comes out swinging for CALEA reform, saying in a speech at Brookings that the law needs to be updated to require cooperation from makers of new communications systems when the FBI has a court order granting access to those systems. When it comes to regulating on other topics, though, the Justice Department is a little less restrained; it has opened the door to a round of new disability claims against websites, offering a roadmap to what it thinks the law requires. The right to be forgotten is attracting more flak in Europe, as the BBC announces a competing “right to remember” website devoted to publicizing stories that Google has delinked.  It’s Auntie BBC v. Nanny Europe.  Cue popcorn.  Unhappily, a “progressive” group most famous for relentlessly sliming Google on privacy issues has urged the search engine to bring the right to be forgotten  to the United States.  Sigh. In breach news, TD Bank pays $850,000 to the state AGs over a “breach” that may never have happened.  TD lost a backup tape in transit, and the data wasn’t encrypted.  Was anyone’s data actually compromised by the loss of the tape?  The AGs don’t say.  They just want their money.  And they get it. The Russians are getting sloppy, or maybe they’re taking a leaf from China’s book – figuring it doesn’t matter if they get caught. And caught they have been, by iSight Partners, which reports that Russian hackers used a Microsoft zero-day to target Western governments and Ukraine.  Meanwhile, the FBI is warning about another and even more sophisticated set of Chinese government hackers.  And hackers are now adding a new form of targeted attack to their arsenal a tactic that combines spearphishing with watering hole attacks.  They’re targeting ads at users that take them to a compromised website that serves malware. And, in good news for privacy skeptics, the Video Privacy Protection Act gets a narrow reading. We remind everyone that the Steptoe Cyberlaw Podcast welcomes feedback, either by email (CyberlawPodcast@steptoe.com) or voicemail ( +1 202 862 5785).


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare