In our latest episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Jason Gull, Senior Counsel in the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. The CCIPS prosecutes hacking crimes, as well as intellectual property crimes, and provides guidance to the more than 90 U.S. Attorney offices around the country when it comes to prosecuting crimes under the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA)

In the conversation, Jason sheds light on the evolution of the DMCA, including the 1996 intellectual property treaties that led to its enactment in 1998, the exceptions built into the statute, and the role of the Library of Congress in reviewing the law every three years. Jason, Jen and Alex dive into the DMCA’s triennial process, including why, and how, provisions and exceptions are submitted and maintained. 

The 2024 review process is underway, and potential new or amended exemptions have been submitted. On October 19, the Copyright Office issued a Notice of Proposed Rulemaking, which indicates that the existing exemption for security research will be renewed, along with several other exemptions relating to computer programs that may be of interest to security professionals (see pages 7-11). The notice also advised that new or expanded exemptions have been organized into seven classes for further review, including a petition for Generative AI research. If you’re interested in that topic, or any of the others being proposed, you can get involved and have your say. The Copyright Office is accepting comments and evidence, as detailed here.   

In addition to the above, this week’s episode features Alex’s updates from Singapore International Cyber Week, and he also highlighted Singapore’s Cybersecurity Labeling Scheme for Medical Devices sandbox, which medical device manufacturers are invited to join. Jen covered some recent research from Lloyd’s on the potential cost and impact of a large scale cyber attack against payments systems. 

Our Mystery Trivia Master this week is the wonderful Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology and Executive Director of the Ransomware Task Force. 

Check out the newest Distilling Cyber Policy episode on Spotify, Apple  or Google. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email

Ines Jordan-Zoob

Read Next

Progress Report: National Cyber Workforce and Education Strategy

The Office of the National Cyber Director released an Initial Stages of Implementation report on the National Cyber Workforce and Education Strategy showing progress made thus far.

Chevron Pattern Disrupted: The Impact on Cybersecurity Regulations

The Supreme Court struck down a long-standing precedent on the power of federal agencies to interpret and clarify the laws they enforce. The ruling will likely have a sweeping effect on regulations, including cybersecurity rules, in every sector.

EU Cyber Policy with Despina Spanou (DCP S2 E5)

In our latest Distilling Cyber Policy podcast, our hosts are joined by Despina Spanou, the Head of the Cabinet of the Vice-President of the European Commission. In her role, Despina oversees the EUs policies on security, migration, and other topics.