myU OneStop


Unit's home page.

Recently in Cyber Security Category

Nia Chung, MJLST Staff

Cyberbullying comes in varying forms. Online outlets with user identification features such as Facebook and MySpace give third party attackers a platform to target individuals but remain identifiable to the victim. The transparency of identification provided on these websites allows victims the ability of possible redress without involving the Internet Service Providers (ISPs).

In February 2014, Bryan Morben published an article on cyberbullying in volume 15.1 of the Minnesota Journal of Law, Science and Technology. In that article Mr. Morben wrote that Minnesota's new anti-cyberbullying statute, the "Safe and Supportive Minnesota Schools Act" H.F. 826 would "reconstruct the Minnesota bullying statute and would provide much more guidance and instruction to local schools that want to create a safer learning environment for all." Mr. Morben's article analyzes the culture of cyberbullying and the importance of finding a solution to such actions.

Another form of cyberbullying has been emerging, however, and state initiatives such as the Safe and Supportive Minnesota Schools Act may prompt Congress to revisit current, outdated, federal law. This form of cyberbullying occurs on websites that provide third parties the ability to hide behind the cloak of anonymity to escape liability for improper actions, like 4chan and AOL.

On September 22, 2014, British actress Emma Watson delivered a powerful U.N. speech about women's rights. Less than 24 hours later, a webpage titled "Emma You Are Next" appeared, displaying the actress's face next to a countdown, suggesting that Ms. Watson would be targeted this Friday. The webpage was stamped with the 4chan logo, the same entity that is said to have recently leaked celebrity photos of actresses including Jennifer Lawrence, this past summer. On the same website, one anonymous member responded to Ms. Watson's speech by stating "[s]he makes stupid feminist speeches at UN, and now her nudes will be online." Problematically, the law provides no incentive for such ISPs to remove such defamatory content because they are barred from liability by a federal statute. The Communications Decency Act, 47 U.S.C. ยง 230, provides, "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Essentially, this provision provides ISPs immunity from tort liability for content or information generated on a user-generated website. Codified in 1996, initially to regulate pornographic material, the statute added sweeping protection for ISPs. However, 20 years ago, the internet was relatively untouched and had yet to realize its full potential.

Courts historically have applied Section 230 broadly and have prevented ISPs from being held liable for cyberbullying actions brought from victims of cyberbullying on its forum. For example, the Ninth Circuit upheld CDA immunity for an ISP for distributing an email to a listserv who posted an allegedly defamatory email authored by a third party. The Fourth Circuit immunized ISPs even when they acknowledged that the content was tortious. The Third Circuit upheld immunity for AOL against allegations of negligence because punishing the ISP for its third party's role would be "actions quintessentially related to a publisher's role." Understandably, the First Amendment provides the right to free exchange of information and ideas, which gives private individuals the right to anonymous speech. We must ask, however, where the line must be drawn when anonymity serves not as a tool to communicate with others in a public forum but merely as a tool to bring harm to individuals, their reputations and their images.

In early April of this year, the "Safe and Supportive Minnesota Schools Act was approved and officially went into effect. Currently, http://www.cyberbullying.us/Bullying_and_Cyberbullying_Laws.pdf have anti-cyberbullying statutes in place, demonstrating positive reform in keeping our users safe in a rapidly changing and hostile online environment. Opinions from both critics and advocates of the bill were voiced through the course of the bill's passing, and how effectively Minnesota will apply its cyberbullying statute remains to be seen. A closer look at the culture of cyberbullying, as is discussed in Mr. Morben's article, and the increasing numbers of anti-cyberbullying state statutes, however, may prompt Congress to revisit Section 230 of the Communications Decency Act, to at least modestly reform ISP immunity and give cyber-attacks victims some form of meaningful redress.

by Ryan Connell, UMN Law Student, MJLST Lead Articles Editor

In Cyber-Threats and the Limits of Bureaucratic Control, Volume 14, Issue 1 of the Minnesota Journal of Law, Science & Technology, Professor Susan Brenner delivered a thoughtful and compelling analysis of the current state of the United States Government's approach to cybercrime. Professor Brenner advocates for a new threat-control strategy. Specifically, Professor Brenner urges us to abandon the rigid hierarchical structures that currently define our strategy. Professor Brenner instead would support a system that correlates with the lateral networked structures that are found in cyberspace itself.

Almost certainly, cybercrime must be at the forefront of our concerns. Hackers across the globe constantly threaten government secrets. In the private sector, corporations' data also provide lucrative targets for hackers.

As Professor Brenner points out, we, as a country, have given the government complete responsibility for addressing the cybercrime threat. The problem however, is that the government has distributed its response among the many agencies that comprise the government. This has created a fragmented response where agencies either needlessly repeat each other's work or operate in the dark due to a lack of information sharing between the agencies. Overall, this response has left many, particularly in the corporate world, feeling dissatisfied with the government.

Unfortunately, this dissatisfaction in the corporate world has damaged the government's ability to address cybercrime in the private sector. For instance, although private industry has spent in upwards of 300 billion dollars to fight hackers, only one third of companies report cybercrimes to the government. This may suggest that the companies think they can solve the problem better than the government can. It bears mentioning that this problem is not unique the United States. The United Kingdom, for instance, has suffered similar problems. Indeed, in the UK, banks are more likely to simply reimburse most victims of cybercrime than they are to report it to the government.

Professor Brenner has presented an interesting and plausible solution. She has recognized that the Internet itself is community-based and is laterally networked. Accordingly, it is difficult to address the problems raised by cybercrime using a vertically networked system. The government should encourage and facilitate civilian participation in the fight against cybercrime. The government should recognize that it alone cannot solve this problem. Cybercrime is a solution that takes more than government to solve; it takes a government and its citizens.

by Ude Lu, UMN Law Student, MJLST Staff.

Ude-Lue.jpgOn April 18th, 2013, Cyber Intelligence Sharing and Protection Act (CISPA) was passed with wide spread controversies. CISPA aims to help national security agencies to investigate cyber threats by allowing private companies, such as Google and Facebook, to search users' personal data to identify possible threats. Commentators argue that CISPA compromises the Fourth Amendment, because, under CISPA, agencies can get privacy data of suspects identified by the privacy companies without a judicial order. CISPA bridges the gap between crime investigations and the privacy data stored and analyzed by social media companies.

Cybersecurity: Serious threat or "technopanic"?

|

by Bryan Dooley, UMN Law Student, MJLST Staff

Thumbnail-Bryan-Dooley.jpgWhile most would likely agree that threats to cybersecurity pose sufficient risk to warrant some level of new regulation, opinions vary widely on the scope and nature of an appropriate response. FBIwebsite-sm-border.jpgThe Cyber Intelligence Sharing and Protection Act, one of several proposed legislative measures intended to address the problem, has drawn widespread criticism. Concerns voiced by opponents have centered on privacy and the potential for misuse of shared information. Some fear the legislation creates the potential for additional harm by allowing or encouraging private parties to launch counterattacks against perceived security threats, with no guarantee they will always hit their intended targets.

by Bryan Morben, UMN Law Student, MJLST Staff

Thumbnail-Bryan-Morben.jpgThere has been a lot of attention on North Korea and the possibility of a nuclear war lately. In fact, as recently as April 4, 2013, news broke that the increasingly hostile country moved medium-range missiles to its east coastline. It is reported that the missiles do not have enough range to hit the U.S. mainland, but is well within range of the South Korean capital. Tensions have been running high for several months, especially when the North took the liberty to shred the sixty year old armistice that ended the Korean War, and warned the world that "the next step was an act of 'merciless' military retaliation against its enemies."

Time for a New Approach to Cyber Security?

|

by Kenzie Johnson, UMN Law Student, MJLST Managing Editor

Kenzie Johnson The recent announcements by several large news outlets including the New York Times, Washington Post, Bloomberg News, and the Wall Street Journal reporting that they have been the victims of cyber-attacks have yet again brought cyber security into the news. These attacks reportedly all originated in China and were aimed at monitoring news reporting of Chinese issues. In particular, the New York Times announced that Chinese hackers persistently attacked their servers for a period of four months and obtained passwords for reporters and other Times employees. The Times reported that the commencement of the attack coincided with a story it published regarding mass amounts of wealth accumulated by the family of Chinese Prime Minister Wen Jiabao.