Why IT Security Guys Now Also Need To Be Legal Experts

from the welcome-to-the-modern-world dept

Every so often we get complaints from people who point out that this site is called "Techdirt," and yet quite frequently talks about the legal issues. There are a few different responses to this, but one of the key points is that, if you're in the tech field these days, you actually really do need to be pretty familiar with the law in a lot of ways. This is a point that I've been thinking about a lot lately, so it seemed like great timing when Michael Scott directed our attention to an article about how IT and security folks now need to recognize that legal risks are a big part of the security realm:
The era of legal defensibility is upon us. The legal risk associated with information security is significant and will only increase over time. Security professionals will have to defend their security decisions in a foreign realm: the legal world. This article discusses implementing security that is both secure and legally defensible, which is key for managing information security legal risk.
It certainly takes things pretty far outside the world where information security folks are used to living. And while there may be a sense of being able to defend the technological decisions should there be a security breach, reaching the level of "legal defensibility" involves a whole different set of issues.

The blog post linked above notes that we're still early in realizing this overlapping arena of security and law, and it's important to have folks from all of these disciplines work together:
Now is the time for legal, privacy and security professionals to break down arbitrary and antiquated walls that separate their professions. The distinctions between security, privacy and compliance are becoming so blurred as to ultimately be meaningless. Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. In this regard we must all develop thick skins and be not afraid to stop zealously guarding turf. The reality is, the legal and security worlds have collided, and most lawyers don't know enough about security, and most security professionals don't know enough about the law. Let's change that.
Indeed. In fact, this is part of the reason that I made sure there was at least some legal discussion in our upcoming webinar on security in the cloud -- because it's an important aspect of security these days, and the cloud raises some serious legal questions (if you haven't registered yet, please do!). But making sure that legal and security/IT people are talking about this regularly is important. Otherwise, you can bet that the legal folks are going to make decisions that are going to come back to haunt those in the IT and security worlds...


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, May 7th, 2010 @ 5:46pm

    "point out that this site is called "Techdirt," and yet quite frequently talks about the legal issues."

    A lot of the dirt is in the law and how the laws govern tech and innovation.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 7th, 2010 @ 6:11pm

    another post supporting that 'cloud' thing. damn masnick, when you decide to jump in front of a wave, you go with both feet. too bad you are as transparent as a they come.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), May 7th, 2010 @ 6:51pm

      Re:

      another post supporting that 'cloud' thing

      The post has nothing to do with the cloud. At the end, I mention the webinar, because it's a topic that is of interest to those actually interested in this article.

      too bad you are as transparent as a they come.

      In most worlds, transparency is considered a good thing. Curious as to what's wrong with transparency? Also a bit confused as to why telling people about a webinar we're doing is somehow a bad thing.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, May 7th, 2010 @ 7:12pm

        Re: Re:

        it is another post about the cloud because it connects with the legal issues you have been attempting to stir up around cloud computing. in fact, the site you link to (press release, it seems) has this nice tag: 'Technology lawyers & attorneys at Information Law Group, offering services related to privacy, data security, intellectual property, information technology, compliance, litigation, incident response, outsourcing, e-commerce, new media, workplace privacy, software licensing, merchant agreements, privacy policies, electronic signatures, cloud computing, risk management, social networking policies, direct marketing, transborder data flow, security litigation and identity theft.'

        you are transparent about jumping on bandwagons. this month its cloud computing, no doubt because of the sponsors paying you to talk about it. there is a difference between transparent and transparency, you know that, but hey, play dumb if you like.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, May 7th, 2010 @ 7:32pm

          Re: Re: Re:

          TAM, you truly are an idiot.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, May 7th, 2010 @ 8:50pm

            Re: Re: Re: Re:

            you calling me an idiot is like getting an a+ on a term paper. if you think i am an idiot, then i am probably closer to the truth. who is tam by the way?

             

            reply to this | link to this | view in chronology ]

        •  
          identicon
          Any Mouse, May 8th, 2010 @ 8:14am

          Re: Re: Re:

          I'd say playing dumb is your forte, but you're so good at it that we often wonder how much of it is acting. Dude, nobody listens to your mindless ridicule, anymore. You can't even make a valid point, these days, so maybe wise up? Or take your mental masturbation elsewhere?

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, May 8th, 2010 @ 8:42am

          Re: Re: Re:

          Mike has an agenda. His agenda is to make the world a better place. Everyone has an agenda. You have an agenda almost every time you post here. Do you have a problem with Mikes agenda? What, is your agenda to make the world a worse place? What's your agenda?

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, May 8th, 2010 @ 9:58am

            Re: Re: Re: Re:

            i dont think his agenda has anything to do with making the world a better place. i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model (release software anyone?). the agenda is about mike, not much else.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Bob Vila, May 8th, 2010 @ 11:27am

              Re: Re: Re: Re: Re:

              Well, to be fair, Mike won't make your world a better place. He attempts to make the world a little better for people who are reasonable. Your bitter world will continue to suck.

               

              reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, May 8th, 2010 @ 2:37pm

              Re: Re: Re: Re: Re:

              "i dont think his agenda has anything to do with making the world a better place."

              Who cares what you think, you're an idiot.

              "i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model"

              His business model doesn't depend on government lobbying and it's still successful. The only failed business models are the ones that depend on government lobbying. They would fail if it weren't for laws that unfairly benefit them. and big media is corrupt, they censor the perfectly legitimate discussions we have here on Techdirt in favor of dishonestly presenting only one side of these issues, so the fact that Mike isn't with them only strengthens his legitimacy. Big media would be afraid to put Mike on there, he would completely humiliate them to the masses.

               

              reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 7th, 2010 @ 11:32pm

      Re:

      Troll

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      The Groove Tiger (profile), May 8th, 2010 @ 2:01am

      Re:

      Agenda!

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    NAMELESS ONE, May 8th, 2010 @ 3:09am

    I fraking refuse

    to become a lawyer
    there the problem
    just look at how hollywood acts
    now you wan that in the IT world
    OMG STFU on that plan

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 8th, 2010 @ 7:38am

      Re: I fraking refuse

      The best way to keep other people's lawyers (OPLs) away is to predict what they'll try to do before they do it. In order to do that, you need to understand what they can do (given that, after factoring for costs, all lawyers will do something if they can). The best way to understand that is to understand the law. Not all hacks are technological, so not all intrusion detection should be technological.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    packrat (profile), May 8th, 2010 @ 4:12am

    legal woes.

    Jurisprudence in the NWO? It'll be about the same as the old one.
    ie: Ya gotta know person, property, behavior, fact law + procedures.

    any first year law student can tell ya that. the process of rationalizing the market (from what'is name, the techbook publisher. invented web 2.0)

    contrasted with the dynamics of revolution/evolution
    (turning the cloud into standards+ bucks)

    is evolution in action. ie: killing /watching dinosaurs die off. rev theory goes thru terror, colaspe to old form + working new soc forms. phases.

    packrat

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    aicra, May 8th, 2010 @ 12:46pm

    Legal considerations are important for success in IT. The net admin must understand the DMCA and limitations on liability. Technical writers and Web content writers must understand copyright laws. Developers must understand GPL and GFDL among other things.

    Sure, a legal team at a company may understand some of it. Not always.

    However, consider Terms of Service agreements where service is terminated due to a simple DMCA complaint. Now companies are working with RIAA with threats to terminate users.

    While the legal team for these providers may believe that the TOS or Contract law supersedes the Federal Copyright law, the termination of service does in fact, void limitations on liability.

    The fact is that if a user provides a counternotification, the provider can not restore the content if the user is terminated. Thus, the user can sue in a court of law and has the potential to win, especially if the DMCA notification was false.

    That being said, Mike has been doing an outstanding job in my opinion and in the opinion of many people in the IT and computer law arena.

    Prof. Marcia K. Wilbur
    author: Decade of the DMCA

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, May 8th, 2010 @ 2:42pm

      Re:

      Are you Prof. Marcia K. Wilbur or is that just a book you're promoting? Also, the retard FCC rules require you to disclose any conflicts of interest.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 17th, 2010 @ 11:20am

        Re: Re:

        I'm Prof. Wilbur. And, I don't really expect any IT Guys to read the book. I think they just read blogs, forums and chat in IRC. :P

        The fact is that the article title does leave something to be desired and I can see there are some strong opinions regarding the content also.

        Understanding legal matters is really essential.

        FCC rules do not apply here.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    bryan (profile), May 8th, 2010 @ 5:35pm

    I read techdirt BECAUSE of tech and law.

    The primary reason that I read tech dirt specifically because it often deals with the interplay of technology and law. There are many Tech blogs and there are many Law blogs, but there are very few that combine both and understand both.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ciro Faienza, May 8th, 2010 @ 8:45pm

    With the way legislation is going in the hands of uncommonly tech-stupid lawyers, I'd say it's infinitely more important that legal experts become IT security guys.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Janice Taylor Gaines (profile), May 9th, 2010 @ 9:40am

    Everyone Needs to be a Mini-Secuirty Officer Now

    In David Scott’s words, everyone needs to be a mini-Security Officer today. I don't know if everyone can be a mini legal expert, but definitely all activity should be viewed through the prism of security, and that requires awareness and training. I think Mr. Scott, the author, is right: Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight, check out his blog, “The Business-Technology Weave” – you can Google to it, or search on the site IT Knowledge Exchange which hosts it. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium). “In the realm of risk, unmanaged possibilities become probabilities.” Great stuff.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    NAMELESS.ONE, May 9th, 2010 @ 9:57am

    @ those wantign hackers to become lawyers - GOOD LUCK WITH THAT

    one of the reasons i survive as a hacker with a massive sized association is my understanding of law and legal aspects pertaining to multiple fields of law , i can thank groklaw.net for opening some eye points but this is not nor should be the way that things go. GET some basics , get enough to say i can understand . LEAVE the rest to a real lawyer.

    there does not need be any more waste of resources on law
    LAW already is too complex , if you want no one programming then by all means make then idiot lawyers.
    all they will write is EULA's by the bag full and hten no software will be made.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Tyler S., May 16th, 2010 @ 8:52pm

    Law Schools - Advice?

    Mike,

    Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA... but I am unsure where to get started.

    Thanks for your help,
    -Tyler

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), May 16th, 2010 @ 9:24pm

      Re: Law Schools - Advice?

      Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA... but I am unsure where to get started.

      Actually... not sure... but pay attention to our next webinar, which we'll be announcing this week. That may have some useful info.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 17th, 2010 @ 11:24am

        Re: Re: Law Schools - Advice?

        Try the Berkman Center for Internet and Society at Harvard or Stanford. Duke also has a good program.

        Prof Wilbur

         

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This