Student Authors Examine Cybersecurity and Data Privacy

Constant changes in technology and data security make it increasingly difficult for law and regulatory agencies to keep up, a challenge three Columbia Law School graduates and one student address head on in published or forthcoming papers, Professor Matthew C. Waxman said at a recent event celebrating their scholarship.

“Data security is a fascinating and important area to study that cuts across so many dimensions of public policy,” said Waxman, who is chair of the Law School’s Roger Hertog Program on Law and National Security and co-chair of the Center for Cybersecurity at Columbia University’s Data Science Institute. “A major challenge is that technology moves faster and faster, but the law tends to move slowly.”

Waxman, who has written extensively on cybersecurity and recently testified about cyber strategy before the U.S. Senate’s Armed Services Committee, said the gradutes (who were students at the time of publication) had produced “superb papers” on a diverse set of topics, ranging from concerns over the re-identification of people whose data had previously been anonymized to international law limits on self-defense against hacking. He moderated a recent presentation and discussion of the work at the Note Author Speaker Series, which is held twice a year by the Columbia Law Review and the Office of Student Services. The featured authors were:

• Jacob Arber ’17, who presented his Columbia Science and Technology Law Review paper, “Obstruction of Justice in the Digital Age: Defining the Actus Reus of 18 U.S.C. §§ 1512(C) and 1519;”
• Ryan Hayward ’17, who spoke about his Columbia Law Review piece, “Evaluating the ‘Imminence’ of a Cyber Attack for Purposes of Anticipatory Self-Defense;”
• Clara Kim ’17, whose paper, “Granting Standing in Data Breach Cases: The Seventh Circuit Paves the Way Towards a Solution to the Increasingly Pervasive Data Breach Problem,” was published by the Columbia Business Law Review; and
• Elizabeth Brasher ’18, who discussed her forthcoming Columbia Business Law Review piece, “Protecting the Privacy of Consumers’ Sensitive Data: Guidance from the European Union’s Use of Pseudonymization Under the GDPR.”

The writers answered questions from their classmates in the audience and Waxman about the substance of their work (including how the United States and the EU compare on data privacy issues, and whether courts or legislators should take the lead on addressing data security concerns) and the processes behind their note writing, including how they came up with their topic or chose an adviser.

Hayward said he chose his topic in part because he had some professional experience in technology before coming to the Law School. He worked for five years as a product-marketing manager at Google and served as chief executive officer and founder of a startup called Hatch.co, a marketplace for made-to-order products. He also was inspired by Waxman’s work, which has raised the question of how a state would assess the imminence of a cyber attack.

Kim said she became more interested in her topic after working in a cyber unit of the U.S. Attorney’s Office in her hometown of Pittsburgh after her first year at the Law School.

The writers and Waxman agreed that the difficulties in balancing technological progress, personal privacy, and national security aren’t going away anytime soon.

“Columbia University is at the forefront of data science and its application to public policy, as well as the security and privacy challenges in the digital world,” said Waxman, who next year will co-teach a cybersecurity course with Computer Science Professor Steven M. Bellovin and Jason Healey, a senior research scholar at the University’s School of International and Public Affairs. “At the Law School, both our faculty and our students are dealing with these cutting-edge issues.”

# # #

Posted on May 23, 2017