In our latest episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Jason Gull, Senior Counsel in the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. The CCIPS prosecutes hacking crimes, as well as intellectual property crimes, and provides guidance to the more than 90 U.S. Attorney offices around the country when it comes to prosecuting crimes under the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).
In the conversation, Jason sheds light on the evolution of the DMCA, including the 1996 intellectual property treaties that led to its enactment in 1998, the exceptions built into the statute, and the role of the Library of Congress in reviewing the law every three years. Jason, Jen and Alex dive into the DMCA’s triennial process, including why, and how, provisions and exceptions are submitted and maintained.
The 2024 review process is underway, and potential new or amended exemptions have been submitted. On October 19, the Copyright Office issued a Notice of Proposed Rulemaking, which indicates that the existing exemption for security research will be renewed, along with several other exemptions relating to computer programs that may be of interest to security professionals (see pages 7-11). The notice also advised that new or expanded exemptions have been organized into seven classes for further review, including a petition for Generative AI research. If you’re interested in that topic, or any of the others being proposed, you can get involved and have your say. The Copyright Office is accepting comments and evidence, as detailed here.
In addition to the above, this week’s episode features Alex’s updates from Singapore International Cyber Week, and he also highlighted Singapore’s Cybersecurity Labeling Scheme for Medical Devices sandbox, which medical device manufacturers are invited to join. Jen covered some recent research from Lloyd’s on the potential cost and impact of a large scale cyber attack against payments systems.
Our Mystery Trivia Master this week is the wonderful Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology and Executive Director of the Ransomware Task Force.
Check out the newest Distilling Cyber Policy episode on Spotify, Apple or Google. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email info@centerforcybersecuritypolicy.org
Read Next
What States Can Learn from North Carolina’s Approach to Securing Government
As states across the country grapple with how to adopt AI responsibly, North Carolina offers a compelling case study - not because it has all the answers, but because it has built the institutional muscle to learn, adapt, and lead.
Developing a National Cybersecurity Strategy
Developing a national cybersecurity strategy is a critical investment a government can make to secure its future. This paper outlines the components and offers a framework with the tools to design, implement, and improve their strategies.
FedRAMP Signals Acceleration of Requirements for Machine-Readable Packages in the Rev5 Process
FedRAMP has proposed modifications to the Rev5 process in the newly published RFCs that could enact major changes and require Cloud Service Offerings to provide authorization packages in a “machine-readable format.”
