Most phishing messages come from cybercriminals, but a few are probably being sent by your information technology department to test how susceptible the organization is to malware attacks and phishing scams. Increasingly, IT departments are turning to in-house experiments of this kind to identify weaknesses in their technology systems and to educate users on the risks of infiltration. The use of experiments to assess vulnerabilities extends far beyond information security. For instance, to test the efficacy of airport security measures, the Transportation Security Administration “Red Team” now regularly conducts experiments in which it seeks to take banned items through airport security and customs checks. The results of these tests have proved sobering: airport screening often fails to catch more than half the banned items, demonstrating that changes in training and procedures are necessary to enhance security. Compliance programs are meant to reduce a wide variety of socially harmful conduct, from drug trafficking, money laundering, and public corruption to dangerous consumer products and dangerous working conditions. Devoting substantial resources to compliance provides no guarantee of compliance effectiveness. Implementing a compliance program without proof it works constitutes nothing more than a hope that the measures will protect workers, investors, and the general public from organizational misconduct. That hope is likely to go unfulfilled, at a tremendous monetary and opportunity cost in many cases.
This Essay expounds on the outsized role of private law in governing ownership of new technologies and data. As scholars lament gaps between law and...
Large language models (LLMs) now perform extremely well on many natural language processing tasks. Their ability to convert legal texts to data may...
Privacy is a key issue in AI regulation, especially in a sensitive area such as healthcare. The United States (US) has taken a sectoral approach to...
The 2024 edition of Selected Intellectual Property, Internet, and Information Law, Statutes, Regulations, and Treaties, edited by Professors Sharon K...
Fifty years ago, federal and state lawmakers called for the regulation of a criminal justice “databank” connecting federal, state, and local agencies...
The use of autonomy to initiate force, which states may begin to view as necessary to protect against hypersonic attacks and other forms of ‘hyperwar...
This chapter provides an overview of computational text analysis techniques used to study judicial behavior and decision-making. As legal texts become...
A crucial first step in addressing intimate-image abuse is its proper conceptualization. Intimate-image abuse amounts to a violation of intimate...
We live in a golden age of student surveillance. Some surveillance is old school: video cameras, school resource officers, and tip lines. Old-school...
A resilience agenda is an essential part of protecting national security in a digital age. Digital technologies impact nearly all aspects of everyday...
Cyber stalking involves repeated, often relentless targeting of someone with abuse. Death and rape threats may be part of a perpetrator’s playbook...
Generative AI is already beginning to alter legal practice. If optimistic forecasts prove warranted, how might this technology transform judicial...
Working hand-in-hand with the private sector, largely in a regulatory vacuum, policing agencies at the federal, state, and local level are acquiring...
This article argues that the fact that an action will compound a prior injustice counts as a reason against doing the action. I call this reason The...
This chapter examines several ways that the United States takes advantage of international law’s permissiveness and ambiguity to extend its criminal...
The 2023 edition of Selected Intellectual Property, Internet, and Information Law Statutes, Regulations, and Treaties, edited by Professors Sharon K...