In our latest episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Jason Gull, Senior Counsel in the Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department’s Criminal Division. The CCIPS prosecutes hacking crimes, as well as intellectual property crimes, and provides guidance to the more than 90 U.S. Attorney offices around the country when it comes to prosecuting crimes under the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).
In the conversation, Jason sheds light on the evolution of the DMCA, including the 1996 intellectual property treaties that led to its enactment in 1998, the exceptions built into the statute, and the role of the Library of Congress in reviewing the law every three years. Jason, Jen and Alex dive into the DMCA’s triennial process, including why, and how, provisions and exceptions are submitted and maintained.
The 2024 review process is underway, and potential new or amended exemptions have been submitted. On October 19, the Copyright Office issued a Notice of Proposed Rulemaking, which indicates that the existing exemption for security research will be renewed, along with several other exemptions relating to computer programs that may be of interest to security professionals (see pages 7-11). The notice also advised that new or expanded exemptions have been organized into seven classes for further review, including a petition for Generative AI research. If you’re interested in that topic, or any of the others being proposed, you can get involved and have your say. The Copyright Office is accepting comments and evidence, as detailed here.
In addition to the above, this week’s episode features Alex’s updates from Singapore International Cyber Week, and he also highlighted Singapore’s Cybersecurity Labeling Scheme for Medical Devices sandbox, which medical device manufacturers are invited to join. Jen covered some recent research from Lloyd’s on the potential cost and impact of a large scale cyber attack against payments systems.
Our Mystery Trivia Master this week is the wonderful Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology and Executive Director of the Ransomware Task Force.
Check out the newest Distilling Cyber Policy episode on Spotify, Apple or Google. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email info@centerforcybersecuritypolicy.org
Read Next
European Commission 2028-2034 Budget Proposal Includes Substantial Increase for Cyber, Digital Programmes
The European Commission presented its initial proposal for the European Union’s 2028-2034 financial framework that, if approved, could authorise nearly EUR 2 trillion in spending over seven years for cyber and other digital efforts.
Congress’ Proposed Chip Security Act Threatens to Create New Cyber Vulnerabilities in U.S. Semiconductors
As the U.S. races toward global AI dominance, a new bill aimed at preventing diversion of innovative U.S. semiconductors to China could inadvertently make those very same chips less secure.
Japanese Regulator Balances Cybersecurity, Competition Concerns In MSCA Implementation Guidelines
Promoting robust competition in the digital space while ensuring cybersecurity protections is challenging. The Japan Fair Trade Commission strikes a crucial balance between these priorities in its May 2025 guidelines.
