Department of Finance, Insurance and Business Law
Permanent URI for this community
Browse
Browsing Department of Finance, Insurance and Business Law by Author "Hiller, Janine S."
Now showing 1 - 2 of 2
Results Per Page
Sort Options
- Civil Cyberconflict: Microsoft, Cybercrime, and BotnetsHiller, Janine S. (Santa Clara University School of Law, 2014-01)Cyber “warfare” and hackback by private companies is a hot discussion topic for its potential to fight cybercrime and promote cybersecurity. In the shadow of this provocative discussion, Microsoft has led a concerted, sustained fight against cybercriminals by using traditional legal theories and court actions to dismantle criminal networks known as botnets. This article brings focus to the role of the private sector in cybersecurity in light of the aggressive civil actions by Microsoft to address a thorny and seemingly intractable global problem. A botnet is a network of computers infected with unauthorized code that is controlled from a distance by malicious actors. The extent of botnet activity is staggering, and botnets have been called the plague of the Internet. The general public is more commonly aware of the damaging results of botnet activity rather than its operation, intrusion, or infection capabilities. Botnet activity may result in a website being unavailable due to a denial-of-service (DoS) attack, identity theft can occur because the botnet collects passwords from individual users, and bank accounts may be emptied related to botnet activity. Spam, fraud, spyware, and data breaches are all the result of botnet activity. Technical remedies for stopping botnet attacks and damages are ongoing, but technical solutions alone are inadequate. Law enforcement is active in tracking down criminal activities of botnets, yet the number and sophistication of the attackers overwhelm it. In a new development, multiple civil lawsuits by Microsoft have created the legal precedent for suing botnet operators and using existing law to dismantle botnets and decrease their global reach. This article reviews the threats created by botnets and describes the evolution of legal and technical strategies to address botnet proliferation. The distinctive aspects of each of the cases brought by Microsoft are described and analyzed and the complex questions surrounding a botnet takedown are identified. Discussion of the details of the lawsuits are important, because over a relatively short period of time, government and private sector roles have evolved considerably in the search for a methodology to deal effectively with botnets. Theoretical and international questions surrounding the sustainability and policy ramifications of private sector leadership in cybersecurity are examined, and questions for future research are identified.
- Privacy and Security in the Implementation of Health Information Technology (Electronic Health Records): U.S. and EU ComparedHiller, Janine S.; McMullen, Matthew S.; Chumney, Wade M.; Baumer, David L. (Boston University School of Law, 2011)The importance of the adoption of Electronic Health Records (EHRs) and the associated cost savings cannot be ignored as an element in the changing delivery of health care. However, the potential cost savings predicted in the use of EHR are accompanied by potential risks, either technical or legal, to privacy and security. The U.S. legal framework for healthcare privacy is a combination of constitutional, statutory, and regulatory law at the federal and state levels. In contrast, it is generally believed that EU protection of privacy, including personally identifiable medical information, is more comprehensive than that of U.S. privacy laws. Direct comparisons of U.S. and EU medical privacy laws can be made with reference to the five Fair Information Practices Principles (FIPs) adopted by the Federal Trade Commission and other international bodies. The analysis reveals that while the federal response to the privacy of health records in the U.S. seems to be a gain over conflicting state law, in contrast to EU law, U.S. patients currently have little choice in the electronic recording of sensitive medical information if they want to be treated, and minimal control over the sharing of that information. A combination of technical and legal improvements in EHRs could make the loss of privacy associated with EHRs de minimis. The EU has come closer to this position, encouraging the adoption of EHRs and confirming the application of privacy protections at the same time. It can be argued that the EU is proactive in its approach; whereas because of a different viewpoint toward an individual’s right to privacy, the U.S. system lacks a strong framework for healthcare privacy, which will affect the implementation of EHRs. If the U.S. is going to implement EHRs effectively, technical and policy aspects of privacy must be central to the discussion.