The Intelligence Authorization Act for Fiscal Year 2025 (S.4443) is a bold legislative step in addressing ransomware as a critical threat. The act’s provisions, from elevating ransomware to a national intelligence priority to establishing an AI Security Center, illustrate the U.S.’s comprehensive approach to tackling this complex issue. The act sets the stage for a
Sinan Pismisoglu
Sinan Pismisoglu advises clients on product development, privacy and security compliance, AI ethics, SaaS contracting, Big Data, data licensing and ownership, supply chain and vendor management, and incident preparedness and response. He solves complex cybersecurity, information security, compliance, and operational issues beginning with early planning and prevention through detection, remediation, and crisis management. Sinan collaborates with engineering teams to create compliance-integrated risk management frameworks, governance, and ethics programs for emerging technologies such as AI/ML, cybersecurity, IoT, and cloud models.
Can Privacy Be Bought? How Scrutiny of Meta’s Subscription Model Has Wider Implications –PART II
In Part I, we discussed the European Commission’s (“Commission”) disapproval of Meta’s “pay or consent” subscription model. In Part II, we delve into the European Commission’s findings, prior findings by the European Data Protection Board (EDPB), and how those findings may affect future models where privacy is considered “for sale.”
The European Commission’s Findings
…Can Privacy Be Bought? How Scrutiny of Meta’s Subscription Model Has Wider Implications – PART I
In November of 2023, Meta launched a service in the European Union that allowed users to utilize the Facebook and Instagram platforms “ad free” for a monthly fee. The subscription service was meant to address regulatory concerns about Meta’s vast data collection and surveillance-based advertising system that tracks consumers across websites. The concept introduced a…
Balancing Act: Industry Concerns Over CISA’s Proposed Cyber Incident Reporting Rule
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While designed to enhance CISA’s ability to monitor and respond to cyber threats, the rule has ignited a contentious debate. The concerns raised highlight…
Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the federal government. This change stems from the U.S. Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) issuing a Notice of…
Network Topology and Network Mapping: The NIST Cybersecurity Framework – Part 2
A previous installment discussed the centrality of network topology to an organization’s data security and outlined the legal framework and obligations incumbent upon many organizations in the U.S. The first installment can be found here. The second and final part of this series will discuss strategies for optimizing network topology and data security, focusing…
Network Topology and Mapping: Cornerstones of Data Security – Part 1
Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical measures to safeguard data from internal and external threats. Securing data is challenging in the current environment of multiplying cyber threats against small and large organizations…
Navigating Data Ownership in the AI Age, Part 2: Frameworks Governing Data Ownership
The proliferation of AI-derived and processed data in the era of big data is occurring against a complex backdrop of legal frameworks governing ownership of and responsibilities with regard to that data. In a previous installment of this two-part series, the authors outlined challenges and opportunities presented by big data and AI-derived data. In this…
Navigating Data Ownership in the AI Age, Part 1: Types of Big Data and AI-Derived Data
The emergence of big data, artificial intelligence (AI), and the Internet of Things (IoT) has fundamentally transformed our understanding and utilization of data. While the value of big data is beyond dispute, its management introduces intricate legal questions, particularly concerning data ownership, licensing, and the protection of derived data. This article, the first installment in…
Technological and Legal Defenses Against Privacy Attacks on Machine Learning Models
Machine learning (ML) models are a cornerstone of modern technology, allowing models to learn from and make predictions based on vast amounts of data. These models have become integral to various industries in an era of rapid technological innovation, driving unprecedented advancements in automation, decision-making, and predictive analysis. The reliance on large amounts of data…
How Smart Is Your Artificial Intelligence Policy?
There is a great YouTube video that has been circulating the internet for half a decade that reimagines a heuristically programmed algorithmic computer “HAL-9000” as Amazon Alexa in an iconic scene from “2001: A Space Odyssey.” In the clip, “Dave” asks Alexa to “open the pod bay doors,” to which Alexa responds with a series…