Cyber Defense Strategies and Responsibilities for Industry Call for Papers Now Open

The Northern Kentucky Law Review and Salmon P. Chase College of Law seek submissions for the third annual Law + Informatics Symposium on February 27-28, 2014.

2014 Law + Informatics Symposium on

Cyber Defense Strategies and Responsibilities for Industry

 The focus of the conference is to provide an interdisciplinary review of issues involving business and industry responses to cyber threats from foreign governments, terrorists, and corporate espionage. The symposium will emphasize the role of the NIST Cybersecurity Framework and industries providing critical infrastructure.

The symposium is an opportunity for academics, practitioners, consultants, and students to exchange ideas and explore emerging issues cybersecurity and informatics law as it applies to corporate strategies and the obligations of business leaders. Interdisciplinary presentations are encouraged. Authors and presenters are invited to submit proposals on topics relating to the theme, such as the following:

Cyber Warfare Rules of Engagement Offensive and defensive approaches Responses to state actors Engagement of non-state actors Distinguishing corporate espionage from national defense Proportionality and critical infrastructure Cyber diplomacy Cold War footing and concerns of human rights implications Front Lines for Industry Role of regulators such as FERC Legacy systems and modern threats NIST guidelines NIST Cybersecurity Framework Engaging Dept. of Homeland Security Implications on various industries (electric power,  telecommunications and transportation systems, chemical facilities) Health and safety issues

Global Perspectives Concepts of cyber engagement in Europe Perception of Internet and social media as threat to national soverignty Rules of engagement outside U.S. and NATO Implications for privacy and human rights Stuxnet, Duqu, Gauss, Mahdi, Flame, Wiper, and Shamoon Cyber engagement in lieu of kinetic attacks or as a component of kinetic engagement   Corporate Governance Confidentiality and disclosure obligations Responsibilities of the board of directors Staffing, structures and responses Data protection & obligations regarding data breaches Corporate duty to stop phishing and other attacks for non-critical industries Investment and threat assessment Litigation and third party liability   Other Issues Executive orders and legislative process Lawyer responsibility in the face of potential threats Practical implications of government notices Perspective on the true nature of the threat

Submissions & Important Dates: 

• Please submit materials to Nkylrsymposium@nku.edu
• Submission Deadline for Abstracts: September 1, 2013
• Submission Deadline for First Draft of Manuscripts: January 1, 2014
• Submission Deadline for Completed Articles: February 1, 2014
• Symposium Date: February 27-28, 2014

Law Review Published Article:  The Northern Kentucky Law Review will review, edit and publish papers from the symposium in the 2014 spring symposium issue.  Papers are invited from scholars and practitioners across all disciplines related to the program. Please submit a title and abstract (of 500-100 words) or draft paper for works in progress. Abstracts or drafts should be submitted by September 1, 2013. Submissions may be accepted on a rolling basis after that time until all speaking positions are filled.

Presentations (without publication) based on Abstracts:  For speakers interested in presenting without submitting a publishable article, please submit an abstract of the proposed presentation. Abstracts should be submitted by September 1, 2013. Submissions may be accepted on a rolling basis after that time until all speaking positions are filled.

Publication of Corporate Handbook on Cyber Defense: The Law + Informatics Institute may edit and publish a handbook for corporate counsel related to the topics addressed at the symposium. Scholars and practitioners interested in authoring book chapters are invited to submit their interest by September 1, 2013 which may be in addition to (or as an adaptation of) a submitted abstract for The Northern Kentucky Law Review. Submissions may be accepted on a rolling basis after that time until all chapter topics are filled.

About the Law and Informatics Institute:  The Law + Informatics Institute at Chase College of Law provides a critical interdisciplinary approach to the study, research, scholarship, and practical application of informatics, focusing on the regulation and utilization of information – including its creation, acquisition, aggregation, security, manipulation and exploitation – in the fields of intellectual property law, privacy law, evidence (regulating government and the police), business law, and international law.

Through courses, symposia, publications and workshops, the Law + Informatics Institute encourages thoughtful public discourse on the regulation and use of information systems, business innovation, and the development of best business practices regarding the exploitation and effectiveness of the information and data systems in business, health care, media, and entertainment, and the public sector.

For More Information Please Contact:

• Professor Jon M. Garon, symposium faculty sponsor and book editor: garonj1@nku.edu or 859.572.5815
• Lindsey Jaeger, executive director: JaegerL1@nku.edu or 859.572.7853
• Aaren Meehan, symposium editor, meehana2@mymail.nku.edu or 859-912-1551

LII Presents Ethics in Informatics Program on proposed changes to ABA guidelines and SEC Technology Guidance

Information and registration for our next even is now available.

Ethics in Informatics:

Changing Ethics Rules and New SEC Guidance Redefine the Competency of the Lawyer

featuring

Dean Dennis R. Honabach, Chair of the ABA’s Standing Committee on Professionalism

Professor Jon M. Garon, Director of the NKU Chase Law & Informatics Institute

Friday, May 4, 2012

Cincinnati, Ohio

The practice of law has largely gone digital in the past decade.  In response, the American Bar Association’s Commission on Ethics 20/20 is examining technology’s impact on the legal profession.  It has proposed a revision to the Model Rules of Professional Responsibility to make explicit the affirmative duty to prevent “the unintended disclosure of, or unauthorized access to, information relating to the representation of a client” to data privacy, security and reliability.  Not to be outdone, the Corporate Finance Division of the Securities and Exchange Commission has taken steps of its own to require greater awareness, disclosure and reporting of issues relating to technological knowledge held by a company – including its lawyers.

This program provides attendees guidance on three key areas:

• The existing and proposed ethical rules regarding technologically mediated client confidentiality;
• The lawyer’s role in assisting clients meet their affirmative duties of disclosure; and
• The lawyer’s duties regarding social media and cloud computing in the context of client communications, ex parte communications, and interactions with the judiciary in social media and cyberspace.

Date:	Friday, May 4, 2012
Time:	7:30 a.m. to 9:35 a.m. Continental Breakfast will be served from 7:30 a.m. to 8:00 a.m.
Location:	Wood, Herron & Evans, Floor 36, 441 Vine Street, Cincinnati, OH 45202
Registration fee:	$99.00 for general public and $89.00 for alumni
CLE credits:	1.5 Ethics CLE in Ohio & KY
For more information:	www.lawandinformatics.org/breakfastseries
Online registration:	Register online
Fax Registration:	Download a fax registration form
Call in registration:	(859) 572-7853 to reach Admin. Dir. Lindsey Jaeger

Dean Dennis R. Honabach is the co-author of D&O Liability Handbook and the Proxy Rules Handbook. He has published law review articles on topics ranging from managerial liability and Enron to toxic torts and legal education. Dean Honabach is the chair of the ABA’s Standing Committee on Professionalism, the co-chair of the Business Law Education Committee of the ABA’s Business Law Section and a member of the Misconduct and Irregularities Subcommittee of the LSAC.

Jon M. Garon is an attorney and professor of informatics, entertainment, intellectual property and business law. He has extensive practice experience in the areas of entertainment law (including film, music, theatre and publishing), data privacy and security, business planning, copyright, trademark, and software licensing.

“Ethics in Informatics” is the first presentation in the Law & Informatics Breakfast Series, which will address various topics on privacy, data security, social media and ethics. These programs will be hosted in downtown Cincinnati. We are very grateful to the law firms of Wood Herron & Evans LLP, Frost Brown Todd LLC, Baker & Hostetler LLP and Dinsmore & Shohl LLP for their support as hosts for this coming year’s program.

                         

Business Law Today Features Rich Array of Cyberspace Issues

In the December 2011 of Business Law Today, The Cyberspace Law Section has weighed in with a series of articles discussing critical issues for online legislation, policy and security. The first is my introduction to the Protect IP Act and SOPA, the second focuses on international regulation, the third on the SEC move into disclosure of data threats, and the last on the internal regulations for updated policies.

All four articles are helpful and interesting. Please take a look.

As a postscript, let me point out that my article was intended to provide a neutral overview of the proposals currently before Congress. This was difficult for me to do. SOPA has a number of well-known problems and undermines data security. Moreover, the involvement of credit card companies and advertising companies will create a host of unintended consequences that will add to the cost of doing business while having only marginal impact on piracy. Nonetheless, the article was written to provide context to the current debate and help the public understand just how much additional regulation has been added in recent years.

New Legislation Renews Conflict Between Content Creators and Content Distributors
By Jon M. Garon

Business Interests Under Attack in Cyberspace: Is International Regulation the Right Response?
By Henry L. Judy and David Satola

The SEC Staff’s ‘Cybersecurity Disclosure’ Guidance: Will It Help Investors or Cyber-thieves More?
By Roland L. Trope and Sarah Jane Hughes

Going Mobile: Are Your Company’s Electronic Communications Policies Ready to Travel?
By Kathleen M. Porter

So What is Law & Informatics and Why Study it in Law School?

On November 4th the NKU Chase Law & Informatics Institute held our opening reception at the beautiful, new LEED certified Griffin Hall, host to the NKU College of Informatics. Well over one hundred attorneys, business leaders, faculty and students attended, including representatives of NKU and many other Tri-State universities.

Among the presentations made by NKU President, Dr. James Votruba, deans Dennis Honabach (Law) and Kevin Kirby (Informatics) was a short video directed by Informatics undergraduate student Kyle Breitenstein.

You can see the video here:

We are very grateful for the time and effort from everyone who worked on the event and attended the event.

As you watch the short video, I hope you find the answers to the questions of this post. Please let me know.

What is Law & Informatics? Visit YouTube to learn more: http://www.youtube.com/watch?v=Muk5n1aDX0k

Expanding Crowdfunding

In September, Representative Patrick McHenry introduced proposed legislation to make the process of raising capital through crowdfunding exempt from federal securities laws.The Entrepreneurial Access to Capital Act, HR 2930, has received house panel support. His proposal is actually quite straight forward. Under the proposal, the Securities Act of 1933 (15 U.S.C. 77d) would be amended by the addition of a new section 4(6) to provide that individuals can purchase up to the lower of $10,000 or 10 percent of the investor’s annual income (based on the investor’s own declaration of income) for investments up to $5 million.

More importantly, the crowdfunding provisions exempt the offering from state filing obligations. The law does not, in fact, require actual crowdfunding. While IndieGoGo and KickStarter provide tools to raise donations, sales and even funding, the law is not limited and could create a new business for Facebook, Google and other social media sites.

The Wall Street Journal has recently identified analysts both in favor and against the proposal, but when it is unlinked from the crowdfunding projects of independent artists, the provision has great promise.

The antifraud provisions of state and federal law do not go away. Swindlers offering promises that they cannot keep or designed to steal are committing fraud and will be subject to both civil and criminal laws. Undoubtedly, it will be a bit easier to float the fraudulent proposals among the legitimate – but unsuccessful – attempts of other businesses, but criminals are already busy. This might change some criminal strategy but it is unlikely to create new criminals.

The greater threat to the economy is the lack of capital for high-risk small businesses and creative enterprises. Currently, opportunities for high-risk economic participation exist only at the top of the pyramid. Many of these fail; others succeed. Most investors believe in the goals more than they expect economic rewards. A paternalistic law that dramatically increases the financial costs of raising low amounts of money is not really helping the investors, the economy or the creative culture in America. The proposal is simple. It is a stimulus everyone can support.

SEC provides guidance of disclosure of cybersecurity

Responding to a request from members of the Senate, the SEC has published official guidance regarding the obligation of publicly traded companies to address issues of economic consequences to cyber-attacks. The guidance, which does not have the binding authority of law or regulation, will still shape the decisions regarding the disclosure of public companies.

The obligation to report likely exists in the more general obligations of disclosing material risks for public companies, a point the guidance emphasizes.

“Although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents.”

For purposes of the disclosure, cybersecurity has been defined as “the body of technologies, processes and practices designed to protect networks, systems, computers, programs and data from attack, damage or unauthorized access.” The definition cites Whatis?com available at http://whatis.techtarget.com/definition/cybersecurity.html.

The guidance illustrates the types of issues that can rise to material importance for the public.

Registrants that fall victim to successful cyber attacks may incur substantial costs and suffer other negative consequences, which may include, but are not limited to:

• Remediation costs that may include liability for stolen assets or information and repairing system damage that may have been caused. Remediation costs may also include incentives offered to customers or other business partners in an effort to maintain the business relationships after an attack;
• Increased cybersecurity protection costs that may include organizational changes, deploying additional personnel and protection technologies, training employees, and engaging third party experts and consultants;
• Lost revenues resulting from unauthorized use of proprietary information or the failure to retain or attract customers following an attack;
• Litigation; and
• Reputational damage adversely affecting customer or investor confidence.

The need for guidance was triggered by a letter to the SEC Commission Chairperson, Mary Schapiro, on May 11, 2011 by five members of the Senate. The letter demanded better disclosure.

“In light of the growing threat and the national security and economic ramifications of successful attacks against American businesses, it is essential that corporate leaders know their responsibility for managing and disclosing information security risk. … Beyond our concerns about material information security risk, we believe that once a material network breach has occurred, leaders of publicly traded companies may not fully understand their affirmative obligations to disclose information on potentially compromised intellectual property or trade secrets.”

The new guidance is simply a reminder that the threats and the ramifications of network breach and theft of intellectual property have material implications on the value of publicly traded companies and as such, these issues must be addressed in the ongoing public disclosure of affected companies.