In our latest episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Jason Gull, Senior Counsel in the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. The CCIPS prosecutes hacking crimes, as well as intellectual property crimes, and provides guidance to the more than 90 U.S. Attorney offices around the country when it comes to prosecuting crimes under the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).
In the conversation, Jason sheds light on the evolution of the DMCA, including the 1996 intellectual property treaties that led to its enactment in 1998, the exceptions built into the statute, and the role of the Library of Congress in reviewing the law every three years. Jason, Jen and Alex dive into the DMCA’s triennial process, including why, and how, provisions and exceptions are submitted and maintained.
The 2024 review process is underway, and potential new or amended exemptions have been submitted. On October 19, the Copyright Office issued a Notice of Proposed Rulemaking, which indicates that the existing exemption for security research will be renewed, along with several other exemptions relating to computer programs that may be of interest to security professionals (see pages 7-11). The notice also advised that new or expanded exemptions have been organized into seven classes for further review, including a petition for Generative AI research. If you’re interested in that topic, or any of the others being proposed, you can get involved and have your say. The Copyright Office is accepting comments and evidence, as detailed here.
In addition to the above, this week’s episode features Alex’s updates from Singapore International Cyber Week, and he also highlighted Singapore’s Cybersecurity Labeling Scheme for Medical Devices sandbox, which medical device manufacturers are invited to join. Jen covered some recent research from Lloyd’s on the potential cost and impact of a large scale cyber attack against payments systems.
Our Mystery Trivia Master this week is the wonderful Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology and Executive Director of the Ransomware Task Force.
Check out the newest Distilling Cyber Policy episode on Spotify, Apple or Google. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email info@centerforcybersecuritypolicy.org
Read Next
Japanese Regulator Balances Cybersecurity, Competition Concerns In MSCA Implementation Guidelines
Promoting robust competition in the digital space while ensuring cybersecurity protections is challenging. The Japan Fair Trade Commission strikes a crucial balance between these priorities in its May 2025 guidelines.
The Clock’s Ticking: Why CISA 2015 Must Be Renewed Now
As the September 2025 expiration of CISA 2015 looms, Congress faces a critical decision that will shape the future of national cyber defense. At a time when the U.S. is under near constant cyber attacks, government and industry need to share intel.
Cybersecurity Coalition, CR2 Comment on EU Cybersecurity Act Revision Consultation
The Cybersecurity Coalition and the Coalition to Reduce Cyber Risk submitted comments to the European Union Directorate-General for Communications Networks, Content and Technology’s open consultation on revisions to the Cybersecurity Act.
