Why IT Security Guys Now Also Need To Be Legal Experts

from the welcome-to-the-modern-world dept

Fri, May 7th 2010 5:09pm — Mike Masnick

Every so often we get complaints from people who point out that this site is called "Techdirt," and yet quite frequently talks about the legal issues. There are a few different responses to this, but one of the key points is that, if you're in the tech field these days, you actually really do need to be pretty familiar with the law in a lot of ways. This is a point that I've been thinking about a lot lately, so it seemed like great timing when Michael Scott directed our attention to an article about how IT and security folks now need to recognize that legal risks are a big part of the security realm:

The era of legal defensibility is upon us. The legal risk associated with information security is significant and will only increase over time. Security professionals will have to defend their security decisions in a foreign realm: the legal world. This article discusses implementing security that is both secure and legally defensible, which is key for managing information security legal risk.

It certainly takes things pretty far outside the world where information security folks are used to living. And while there may be a sense of being able to defend the technological decisions should there be a security breach, reaching the level of "legal defensibility" involves a whole different set of issues.

The blog post linked above notes that we're still early in realizing this overlapping arena of security and law, and it's important to have folks from all of these disciplines work together:

Now is the time for legal, privacy and security professionals to break down arbitrary and antiquated walls that separate their professions. The distinctions between security, privacy and compliance are becoming so blurred as to ultimately be meaningless. Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. In this regard we must all develop thick skins and be not afraid to stop zealously guarding turf. The reality is, the legal and security worlds have collided, and most lawyers don't know enough about security, and most security professionals don't know enough about the law. Let's change that.

Indeed. In fact, this is part of the reason that I made sure there was at least some legal discussion in our upcoming webinar on security in the cloud -- because it's an important aspect of security these days, and the cloud raises some serious legal questions (if you haven't registered yet, please do!). But making sure that legal and security/IT people are talking about this regularly is important. Otherwise, you can bet that the legal folks are going to make decisions that are going to come back to haunt those in the IT and security worlds...

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: it, legal defensibility, security

28 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 7 May 2010 @ 5:46pm

"point out that this site is called "Techdirt," and yet quite frequently talks about the legal issues."

A lot of the dirt is in the law and how the laws govern tech and innovation.
[ link to this | view in chronology ]
Anonymous Coward, 7 May 2010 @ 6:11pm

another post supporting that 'cloud' thing. damn masnick, when you decide to jump in front of a wave, you go with both feet. too bad you are as transparent as a they come.
[ link to this | view in chronology ]
- Mike Masnick (profile), 7 May 2010 @ 6:51pm
  
  Re:
  another post supporting that 'cloud' thing
  
  The post has nothing to do with the cloud. At the end, I mention the webinar, because it's a topic that is of interest to those actually interested in this article.
  
  too bad you are as transparent as a they come.
  
  In most worlds, transparency is considered a good thing. Curious as to what's wrong with transparency? Also a bit confused as to why telling people about a webinar we're doing is somehow a bad thing.
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 May 2010 @ 7:12pm
    
    Re: Re:
    it is another post about the cloud because it connects with the legal issues you have been attempting to stir up around cloud computing. in fact, the site you link to (press release, it seems) has this nice tag: 'Technology lawyers & attorneys at Information Law Group, offering services related to privacy, data security, intellectual property, information technology, compliance, litigation, incident response, outsourcing, e-commerce, new media, workplace privacy, software licensing, merchant agreements, privacy policies, electronic signatures, cloud computing, risk management, social networking policies, direct marketing, transborder data flow, security litigation and identity theft.'
    
    you are transparent about jumping on bandwagons. this month its cloud computing, no doubt because of the sponsors paying you to talk about it. there is a difference between transparent and transparency, you know that, but hey, play dumb if you like.
    [ link to this | view in chronology ]
    - Anonymous Coward, 7 May 2010 @ 7:32pm
      
      Re: Re: Re:
      TAM, you truly are an idiot.
      [ link to this | view in chronology ]
      - Anonymous Coward, 7 May 2010 @ 8:50pm
        
        Re: Re: Re: Re:
        you calling me an idiot is like getting an a+ on a term paper. if you think i am an idiot, then i am probably closer to the truth. who is tam by the way?
        [ link to this | view in chronology ]
    - Any Mouse, 8 May 2010 @ 8:14am
      
      Re: Re: Re:
      I'd say playing dumb is your forte, but you're so good at it that we often wonder how much of it is acting. Dude, nobody listens to your mindless ridicule, anymore. You can't even make a valid point, these days, so maybe wise up? Or take your mental masturbation elsewhere?
      [ link to this | view in chronology ]
    - Anonymous Coward, 8 May 2010 @ 8:42am
      
      Re: Re: Re:
      Mike has an agenda. His agenda is to make the world a better place. Everyone has an agenda. You have an agenda almost every time you post here. Do you have a problem with Mikes agenda? What, is your agenda to make the world a worse place? What's your agenda?
      [ link to this | view in chronology ]
      - Anonymous Coward, 8 May 2010 @ 9:58am
        
        Re: Re: Re: Re:
        i dont think his agenda has anything to do with making the world a better place. i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model (release software anyone?). the agenda is about mike, not much else.
        [ link to this | view in chronology ]
        
        Bob Vila, 8 May 2010 @ 11:27am
        
        Re: Re: Re: Re: Re:
        Well, to be fair, Mike won't make your world a better place. He attempts to make the world a little better for people who are reasonable. Your bitter world will continue to suck.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 8 May 2010 @ 2:37pm
        
        Re: Re: Re: Re: Re:
        "i dont think his agenda has anything to do with making the world a better place."
        
        Who cares what you think, you're an idiot.
        
        "i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model"
        
        His business model doesn't depend on government lobbying and it's still successful. The only failed business models are the ones that depend on government lobbying. They would fail if it weren't for laws that unfairly benefit them. and big media is corrupt, they censor the perfectly legitimate discussions we have here on Techdirt in favor of dishonestly presenting only one side of these issues, so the fact that Mike isn't with them only strengthens his legitimacy. Big media would be afraid to put Mike on there, he would completely humiliate them to the masses.
        [ link to this | view in chronology ]
- Anonymous Coward, 7 May 2010 @ 11:32pm
  
  Re:
  Troll
  [ link to this | view in chronology ]
- The Groove Tiger (profile), 8 May 2010 @ 2:01am
  
  Re:
  Agenda!
  [ link to this | view in chronology ]
NAMELESS ONE, 8 May 2010 @ 3:09am

I fraking refuse
to become a lawyer
there the problem
just look at how hollywood acts
now you wan that in the IT world
OMG STFU on that plan
[ link to this | view in chronology ]
- Anonymous Coward, 8 May 2010 @ 7:38am
  
  Re: I fraking refuse
  The best way to keep other people's lawyers (OPLs) away is to predict what they'll try to do before they do it. In order to do that, you need to understand what they can do (given that, after factoring for costs, all lawyers will do something if they can). The best way to understand that is to understand the law. Not all hacks are technological, so not all intrusion detection should be technological.
  [ link to this | view in chronology ]
packrat (profile), 8 May 2010 @ 4:12am

legal woes.
Jurisprudence in the NWO? It'll be about the same as the old one.
ie: Ya gotta know person, property, behavior, fact law + procedures.

any first year law student can tell ya that. the process of rationalizing the market (from what'is name, the techbook publisher. invented web 2.0)

contrasted with the dynamics of revolution/evolution
(turning the cloud into standards+ bucks)

is evolution in action. ie: killing /watching dinosaurs die off. rev theory goes thru terror, colaspe to old form + working new soc forms. phases.

packrat
[ link to this | view in chronology ]
- chris (profile), 10 May 2010 @ 12:15pm
  
  Re: legal woes.
  wat?
  [ link to this | view in chronology ]
aicra, 8 May 2010 @ 12:46pm

Legal considerations are important for success in IT. The net admin must understand the DMCA and limitations on liability. Technical writers and Web content writers must understand copyright laws. Developers must understand GPL and GFDL among other things.

Sure, a legal team at a company may understand some of it. Not always.

However, consider Terms of Service agreements where service is terminated due to a simple DMCA complaint. Now companies are working with RIAA with threats to terminate users.

While the legal team for these providers may believe that the TOS or Contract law supersedes the Federal Copyright law, the termination of service does in fact, void limitations on liability.

The fact is that if a user provides a counternotification, the provider can not restore the content if the user is terminated. Thus, the user can sue in a court of law and has the potential to win, especially if the DMCA notification was false.

That being said, Mike has been doing an outstanding job in my opinion and in the opinion of many people in the IT and computer law arena.

Prof. Marcia K. Wilbur
author: Decade of the DMCA
[ link to this | view in chronology ]
- Anonymous Coward, 8 May 2010 @ 2:42pm
  
  Re:
  Are you Prof. Marcia K. Wilbur or is that just a book you're promoting? Also, the retard FCC rules require you to disclose any conflicts of interest.
  [ link to this | view in chronology ]
  - Anonymous Coward, 17 Oct 2010 @ 11:20am
    
    Re: Re:
    I'm Prof. Wilbur. And, I don't really expect any IT Guys to read the book. I think they just read blogs, forums and chat in IRC. :P
    
    The fact is that the article title does leave something to be desired and I can see there are some strong opinions regarding the content also.
    
    Understanding legal matters is really essential.
    
    FCC rules do not apply here.
    [ link to this | view in chronology ]
bryan (profile), 8 May 2010 @ 5:35pm

I read techdirt BECAUSE of tech and law.
The primary reason that I read tech dirt specifically because it often deals with the interplay of technology and law. There are many Tech blogs and there are many Law blogs, but there are very few that combine both and understand both.
[ link to this | view in chronology ]
Ciro Faienza, 8 May 2010 @ 8:45pm

With the way legislation is going in the hands of uncommonly tech-stupid lawyers, I'd say it's infinitely more important that legal experts become IT security guys.
[ link to this | view in chronology ]
- Anonymous Coward, 9 May 2010 @ 7:37am
  
  Re:
  Like that will ever happen. They tried to pass a law banning dihydrogen monoxide even.
  [ link to this | view in chronology ]
Janice Taylor Gaines (profile), 9 May 2010 @ 9:40am

Everyone Needs to be a Mini-Secuirty Officer Now
In David Scott’s words, everyone needs to be a mini-Security Officer today. I don't know if everyone can be a mini legal expert, but definitely all activity should be viewed through the prism of security, and that requires awareness and training. I think Mr. Scott, the author, is right: Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight, check out his blog, “The Business-Technology Weave” – you can Google to it, or search on the site IT Knowledge Exchange which hosts it. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium). “In the realm of risk, unmanaged possibilities become probabilities.” Great stuff.
[ link to this | view in chronology ]
NAMELESS.ONE, 9 May 2010 @ 9:57am

@ those wantign hackers to become lawyers - GOOD LUCK WITH THAT
one of the reasons i survive as a hacker with a massive sized association is my understanding of law and legal aspects pertaining to multiple fields of law , i can thank groklaw.net for opening some eye points but this is not nor should be the way that things go. GET some basics , get enough to say i can understand . LEAVE the rest to a real lawyer.

there does not need be any more waste of resources on law
LAW already is too complex , if you want no one programming then by all means make then idiot lawyers.
all they will write is EULA's by the bag full and hten no software will be made.
[ link to this | view in chronology ]
Tyler S., 16 May 2010 @ 8:52pm

Law Schools - Advice?
Mike,

Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA... but I am unsure where to get started.

Thanks for your help,
-Tyler
[ link to this | view in chronology ]
- Mike Masnick (profile), 16 May 2010 @ 9:24pm
  
  Re: Law Schools - Advice?
  Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA... but I am unsure where to get started.
  
  Actually... not sure... but pay attention to our next webinar, which we'll be announcing this week. That may have some useful info.
  [ link to this | view in chronology ]
  - Anonymous Coward, 17 Oct 2010 @ 11:24am
    
    Re: Re: Law Schools - Advice?
    Try the Berkman Center for Internet and Society at Harvard or Stanford. Duke also has a good program.
    
    Prof Wilbur
    [ link to this | view in chronology ]