14 Recorded Sessions from the 2017 RSA Law Track.  Session topics include:

ABA Information Security leaders kick off Law Track with the annual expert panel on critical new issues. "Hot Topics" gives attendees a snapshot of new developments in law, public policy, regulation, court cases and legal framework for our industry. Focus on privacy and civil liberties, identity, cyber-conflict, IOT, standards, corporate structuring and the international technology marketplace.

Moderator: Michael Aisenberg, Principal Cyber Policy Counsel, The MITRE Corp.

Panelists: Richard Abbott, Principal, DTE Consulting, Inc.

Thomas Smedinghoff, Of Counsel, Locke Lord LLP

Lucy Thomson, Principal/ Attorney, Livingston PLLC

Online gaming company EZcomeEZgo collects customer credit cards data and SSNs. Its published security policy states that it protects each customer’s personal information. Its credit card data is not exposed in a breach but customer SSNs are. Since learning that the protection of SSNs is nowhere near as strong as that for credit cards, the FTC claims that EZcomeEZgo’s business practice is deceptive.

Moderator: Aaron Alva, Tech Policy Fellow, Federal Trade Commission

Panelists: Hoyt Kesterson, Senior Security Architect, Terra Verde

Mitch Dembin, United States Magistrate Judge, Southern District of California

April Doss, Partner, Saul Ewing

The year 2016 marked the first year that security researchers monetized their findings through the financial markets, instead of by traditional means such as bug bounties or zero-day sales. The panelists will walk through a hypothetical scenario to discover vulnerabilities in medical devices, retain legal counsel and take a market position to exploit the disclosure and work through the consequences.

Aaron Turner, VP, Security Research and Development, Verifone

Steven Wu, Shareholder, Silicon Valley Law Group

Peter Kuper, Partner, InQTel

Digital evidentiary data is evolving past traditional email, server files, router logs and device data to now include data created, captured or managed by IoT devices. This session will examine the emerging challenges and solutions associated with its preservation and analysis for investigations and litigation.

Speaker: Erik Laykin, Managing Director, Duff & Phelps LLC

Small drone operation will soon encroach on our personal airspace and invade our privacy and challenge our security. Our attorneys must be prepared to play a leading role in crafting potential policy and addressing legislative concerns. This mock trial will highlight probing issues that lawyers will soon face with the disruptive technology of nongovernment agency drone operations.

Moderator: Charles Shugg, Partner | COO, Sylint Group, Inc

Erin M. Joe, Section Chief, Federal Bureau of Investigation Cyber Division

Serge Jorgensen, President | Founding Partner, Sylint Group

Andrew Peck, US Magistrate Judge, US Government

Last year we explored the concept of "reasonable security" measures. We have come back to examine an underlying but even more difficult question: What legally required standard of care governs an entity’s cybersecurity practices? We consider whether the answer(s) to this question is contextually driven, or whether it is possible to divine a more generally applicable standard.

Moderator: William Rogers, Attorney, Prince Lobel Tye LLP

Panelists: Joseph Burton, Attorney, Duane Morris LLP

April Doss, Partner, Saul Ewing

Monique Ferraro, Counsel, Hartford Steam Boiler

Jon Stanley, Attorney, Jon Stanley Law PLLC

Detecting, deterring and disrupting cyber threats requires robust cooperation. DOJ and its foreign partners must collaborate to dismantle transnational criminal activity that affects cybersecurity. Learn how international law enforcement attributes, locates and apprehends criminals, and the jurisdictional and legal challenges they must overcome to operate in this area rapidly and effectively.

Moderator: Richard Downing, Acting Deputy Assistant Attorney General, U.S. Department of Justice, Criminal Division

Panelists: Steven Kelly, Unit Chief, International Cyber Crime Coordination Cell (IC4), Federal Bureau of Investigation

John Lynch, Section Chief, US Department of Justice, Criminal Division, Computer Crime and Intellectual Property Section

Steve Wilson, Head of Business, European Cybercrime Centre

Government access to email and other data has been in the news like never before. There’s a growing consensus that the law doesn’t fit with how we use technology nor provide the privacy or security that we should expect. At the same time, government needs investigative tools. We’ll discuss the hot issues, the patchwork of non-intuitive rules, obsolete assumptions and possible fixes to the law.

Christopher Calabrese, Vice President, Policy, Center for Democracy & Technology

Chris Hoofnagle, Professor, UC Berkeley Law

Jamil Jaffer, VP, Strategy & Business Development, IronNet Cybersecurity

Richard Salgado, Director Law Enforcement & Information Security, Google Inc.

A horrific terrorist cyberattack has occurred on US critical infrastructure. Forensic examination of the attack reveals the terrorists were able to bypass critical infrastructure cyber-defense by going through a trusted business associate (your business or client) as a proxy for the attack. What will be your company’s, or client’s, defense in the eyes of the law and the general public?

Moderator: Charles Shugg, Partner | COO, Sylint Group, Inc

Panelists: Erin M. Joe, Section Chief, Federal Bureau of Investigation Cyber Division

Serge Jorgensen, President | Founding Partner, Sylint Group

Andrew Peck, US Magistrate Judge, US Government

Many are talking about IoT security, but what are researchers, companies and government actually doing about it? This panel will cover both technical and policy issues related to IoT, including common vulnerabilities, recent security research, and go vernment initiatives that could promote or harm IoT security. Speakers include an IoT security researcher, a lawyer and a government official.

Moderator: Harley Geiger, Director of Public Policy, Rapid7

Panelists: Dr. Allan Friedman, Director of Cybersecurity, US Department of Commerce

Jeffrey Greene, Senior Director, Global Government Affairs & Policy, Symantec

Deral Heiland, IoT Research Lead, Rapid7

Stephen Wu, Shareholder, Silicon Valley Law Group

Recent accidents and mishaps give a flavor of the myriad issues surrounding the development and operation of autonomous vehicles. As manufacturers and technology companies are developing automated technologies for ground transportation, legislators and regulatory agencies in the US and the EU struggle to keep pace. What role and objectives should there be for information security professionals?

Raffaele Zallone, Partner, Studio Legale Zallone

Francoise Gilbert, Shareholder/Partner, Greenberg Traurig, LLP

ESI is a sensitive aspect of most businesses, but especially law firms. ESI not only involves a law firm’s business operation but also client and case information, litigation strategy and status, escrow accounts and potentially sensitive client information. Sadly, most firms are living on borrowed time. This panel discussion will include case studies regarding successful and high-risk environments.

Moderator: Lauren Topelsohn, Partner and Attorney, Mandelbaum Salsburg, PC

Charles Shugg, Partner and COO, Sylint Group, INC

Andrew Peck, US Magistrate Judge, U.S. Government

Serge Jorgensen, President and Founding Partner, Sylint Group, INC

Bitcoin is sometimes described as the "currency of criminals," and we all see stories about how criminals use bitcoin to move money and extract ransoms. But did you know that law enforcement also uses the blockchain—bitcoin’s distributed, immutable, permanent record of transactions—to investigate cybercrime? Come learn more about how bitcoin’s underlying technology helps fight cybercrime.

Moderator: Alan Cohn, Of Counsel, Steptoe & Johnson LLP

Kathryn Haun, Assistant US Attorney, US Department of Justice, US Attorney’s Office, Northern District of California

Jonathan Levin, Co-Founder, Chainalysis

As the stakes rise in data breach litigation, more and more information security professionals will be called upon to testify on behalf of their organization. This boot camp will teach participants the basics of providing solid, credible testimony, and point out traps for the unwary first time witness.

Moderator: Jay Brudz, Chair, Information Governance and eDiscovery Group, Drinker Biddle & Reath LLP

Seamus Duffy, Partner, Litigation, Drinker Biddle & Reath LLP

Eric Hibbard, CTO, Security & Privacy, Hitachi Data Systems Corp.

Erez Liebermann, Chief Counsel, Cybersecurity and Privacy; VP & Senior Counsel, regulatory Law, Prudential Financial, Inc