Why IT Security Guys Now Also Need To Be Legal Experts

from the welcome-to-the-modern-world dept

Every so often we get complaints from people who point out that this site is called “Techdirt,” and yet quite frequently talks about the legal issues. There are a few different responses to this, but one of the key points is that, if you’re in the tech field these days, you actually really do need to be pretty familiar with the law in a lot of ways. This is a point that I’ve been thinking about a lot lately, so it seemed like great timing when Michael Scott directed our attention to an article about how IT and security folks now need to recognize that legal risks are a big part of the security realm:

The era of legal defensibility is upon us. The legal risk associated with information security is significant and will only increase over time. Security professionals will have to defend their security decisions in a foreign realm: the legal world. This article discusses implementing security that is both secure and legally defensible, which is key for managing information security legal risk.

It certainly takes things pretty far outside the world where information security folks are used to living. And while there may be a sense of being able to defend the technological decisions should there be a security breach, reaching the level of “legal defensibility” involves a whole different set of issues.

The blog post linked above notes that we’re still early in realizing this overlapping arena of security and law, and it’s important to have folks from all of these disciplines work together:

Now is the time for legal, privacy and security professionals to break down arbitrary and antiquated walls that separate their professions. The distinctions between security, privacy and compliance are becoming so blurred as to ultimately be meaningless. Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. In this regard we must all develop thick skins and be not afraid to stop zealously guarding turf. The reality is, the legal and security worlds have collided, and most lawyers don’t know enough about security, and most security professionals don’t know enough about the law. Let’s change that.

Indeed. In fact, this is part of the reason that I made sure there was at least some legal discussion in our upcoming webinar on security in the cloud — because it’s an important aspect of security these days, and the cloud raises some serious legal questions (if you haven’t registered yet, please do!). But making sure that legal and security/IT people are talking about this regularly is important. Otherwise, you can bet that the legal folks are going to make decisions that are going to come back to haunt those in the IT and security worlds…

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Why IT Security Guys Now Also Need To Be Legal Experts”

Subscribe: RSS Leave a comment
Mike Masnick (profile) says:

Re: Re:

another post supporting that ‘cloud’ thing

The post has nothing to do with the cloud. At the end, I mention the webinar, because it’s a topic that is of interest to those actually interested in this article.

too bad you are as transparent as a they come.

In most worlds, transparency is considered a good thing. Curious as to what’s wrong with transparency? Also a bit confused as to why telling people about a webinar we’re doing is somehow a bad thing.

Anonymous Coward says:

Re: Re: Re:

it is another post about the cloud because it connects with the legal issues you have been attempting to stir up around cloud computing. in fact, the site you link to (press release, it seems) has this nice tag: ‘Technology lawyers & attorneys at Information Law Group, offering services related to privacy, data security, intellectual property, information technology, compliance, litigation, incident response, outsourcing, e-commerce, new media, workplace privacy, software licensing, merchant agreements, privacy policies, electronic signatures, cloud computing, risk management, social networking policies, direct marketing, transborder data flow, security litigation and identity theft.’

you are transparent about jumping on bandwagons. this month its cloud computing, no doubt because of the sponsors paying you to talk about it. there is a difference between transparent and transparency, you know that, but hey, play dumb if you like.

Anonymous Coward says:

Re: Re: Re:2 Re:

i dont think his agenda has anything to do with making the world a better place. i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model (release software anyone?). the agenda is about mike, not much else.

Anonymous Coward says:

Re: Re: Re:3 Re:

“i dont think his agenda has anything to do with making the world a better place.”

Who cares what you think, you’re an idiot.

“i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model”

His business model doesn’t depend on government lobbying and it’s still successful. The only failed business models are the ones that depend on government lobbying. They would fail if it weren’t for laws that unfairly benefit them. and big media is corrupt, they censor the perfectly legitimate discussions we have here on Techdirt in favor of dishonestly presenting only one side of these issues, so the fact that Mike isn’t with them only strengthens his legitimacy. Big media would be afraid to put Mike on there, he would completely humiliate them to the masses.

Anonymous Coward says:

Re: I fraking refuse

The best way to keep other people’s lawyers (OPLs) away is to predict what they’ll try to do before they do it. In order to do that, you need to understand what they can do (given that, after factoring for costs, all lawyers will do something if they can). The best way to understand that is to understand the law. Not all hacks are technological, so not all intrusion detection should be technological.

packrat (profile) says:

legal woes.

Jurisprudence in the NWO? It’ll be about the same as the old one.
ie: Ya gotta know person, property, behavior, fact law + procedures.

any first year law student can tell ya that. the process of rationalizing the market (from what’is name, the techbook publisher. invented web 2.0)

contrasted with the dynamics of revolution/evolution
(turning the cloud into standards+ bucks)

is evolution in action. ie: killing /watching dinosaurs die off. rev theory goes thru terror, colaspe to old form + working new soc forms. phases.


aicra says:

Legal considerations are important for success in IT. The net admin must understand the DMCA and limitations on liability. Technical writers and Web content writers must understand copyright laws. Developers must understand GPL and GFDL among other things.

Sure, a legal team at a company may understand some of it. Not always.

However, consider Terms of Service agreements where service is terminated due to a simple DMCA complaint. Now companies are working with RIAA with threats to terminate users.

While the legal team for these providers may believe that the TOS or Contract law supersedes the Federal Copyright law, the termination of service does in fact, void limitations on liability.

The fact is that if a user provides a counternotification, the provider can not restore the content if the user is terminated. Thus, the user can sue in a court of law and has the potential to win, especially if the DMCA notification was false.

That being said, Mike has been doing an outstanding job in my opinion and in the opinion of many people in the IT and computer law arena.

Prof. Marcia K. Wilbur
author: Decade of the DMCA

Anonymous Coward says:

Re: Re: Re:

I’m Prof. Wilbur. And, I don’t really expect any IT Guys to read the book. I think they just read blogs, forums and chat in IRC. 😛

The fact is that the article title does leave something to be desired and I can see there are some strong opinions regarding the content also.

Understanding legal matters is really essential.

FCC rules do not apply here.

Janice Taylor Gaines (profile) says:

Everyone Needs to be a Mini-Secuirty Officer Now

In David Scott’s words, everyone needs to be a mini-Security Officer today. I don’t know if everyone can be a mini legal expert, but definitely all activity should be viewed through the prism of security, and that requires awareness and training. I think Mr. Scott, the author, is right: Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight, check out his blog, “The Business-Technology Weave” – you can Google to it, or search on the site IT Knowledge Exchange which hosts it. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium). “In the realm of risk, unmanaged possibilities become probabilities.” Great stuff.


@ those wantign hackers to become lawyers - GOOD LUCK WITH THAT

one of the reasons i survive as a hacker with a massive sized association is my understanding of law and legal aspects pertaining to multiple fields of law , i can thank groklaw.net for opening some eye points but this is not nor should be the way that things go. GET some basics , get enough to say i can understand . LEAVE the rest to a real lawyer.

there does not need be any more waste of resources on law
LAW already is too complex , if you want no one programming then by all means make then idiot lawyers.
all they will write is EULA’s by the bag full and hten no software will be made.

Tyler S. says:

Law Schools - Advice?


Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA… but I am unsure where to get started.

Thanks for your help,

Mike Masnick (profile) says:

Re: Law Schools - Advice?

Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA… but I am unsure where to get started.

Actually… not sure… but pay attention to our next webinar, which we’ll be announcing this week. That may have some useful info.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
09:00 Awesome Stuff: Monitor Everything (5)
09:00 Awesome Stuff: Cool Components (1)
12:42 Tech Companies Ask European Commission Not To Wreck The Internet -- And You Can Too (4)
09:00 Awesome Stuff: Play & Listen (1)
09:00 Awesome Stuff: Beyond Chiptunes (12)
09:00 Awesome Stuff: Updated Classics (3)
09:00 Awesome Stuff: Celebrating Cities (1)
09:00 Awesome Stuff: Crafts Of All Kinds (5)
09:00 Awesome Stuff: One Great Knob (13)
09:00 Awesome Stuff: Simple Geeky Toys (2)
09:00 Awesome Stuff: Gadgets For The New Year (18)
09:00 Awesome Stuff: A Post-Holiday Grab Bag (0)
13:34 How Private-Sector Innovation Can Help Those Most In Need (21)
09:00 Awesome Stuff: Towards The Future Of Drones (17)
09:00 Awesome Stuff: Artisanal Handheld Games (5)
09:00 Awesome Stuff: A New Approach To Smartphone VR (5)
09:00 Awesome Stuff: Let's Bore The Censors (37)
09:00 Awesome Stuff: Open Source For Your Brain (2)
09:00 Awesome Stuff: The Final Piece Of The VR Puzzle? (6)
09:00 Awesome Stuff: The Internet... Who Needs It? (15)
09:00 Awesome Stuff: The Light Non-Switch (18)
09:00 Awesome Stuff: 3D Printing And Way, Way More (7)
13:00 Techdirt Reading List: Learning By Doing (5)
12:43 The Stagnation Of eBooks Due To Closed Platforms And DRM (89)
09:00 Awesome Stuff: A Modular Phone For Makers (5)
09:00 Awesome Stuff: Everything On One Display (4)
09:00 Awesome Stuff: Everything Is Still A Remix (13)
09:00 Awesome Stuff: Great Desk Toy, Or Greatest Desk Toy? (6)
09:00 Awesome Stuff: Sleep Hacking (12)
09:00 Awesome Stuff: A Voice-Operated Household Assistant (19)
More arrow