It’s something that is on nearly everyone’s minds these days, something that has affected everything from credit cards to political conventions: cyber attacks. Quite simply, people are rightfully concerned about how and when their own and government data will be hacked and misused, and the law must play some role in helping. Three bills to improve cybersecurity were just released. This article explores the issue of cybersecurity and addresses what roles the expert witnesses play in the field.
The first thing that is important to note with respect to cybersecurity issues is that the expert witnesses are everywhere. Whether a senator is drafting legislation to address these issues or an attorney is preparing a lawsuit, experts play a very important role in guiding every party involved. Specifically, cybersecurity experts exist, but computer, internet security, and other experts also play a role in what policies ensue.
The Democrats have released three bills that would, if passed, strengthen the role of the Federal Communications Commission (FCC) in cybersecurity issues. See The National Law Review, “House Democrats Propose Three Bills that Would Bolster FCC Influence over Cybersecurity,” Mar. 8, 2017, at http://www.natlawreview.com/article/house-democrats-propose-three-bills-would-bolster-fcc-influence-over-cybersecurity (last visited Mar. 8, 2017). The three bills differ but have certain things in common. The first bill is entitled the “Securing IoT Act of 2017,” and it “would expand the FCC’s certification authority…to require that radio frequency equipment meet certain cybersecurity standards. Such cybersecurity standards would be established by the FCC… .The standards would apply to equipment for which certification is submitted at least one year after the bill’s enactment.” Id. To even draft such a bill, the legislator involved (in this case Rep. Jerry Nerney of California) would have to consult with cyber and internet security experts. See id.
The second bill being proposed is called the “Interagency Cybersecurity Cooperation Act.” See id. It was offered by Representative Eliot Engel, of New York, and it also aims at increasing FCC control over cybersecurity. Specifically, the bill “would require the FCC to establish an advisory committee known as the “Interagency Communications Security Committee.” The Committee…would be tasked with reviewing communications security reports submitted to the Committee, recommending investigation into any such security reports to relevant agencies, and issuing reports containing the results of any investigation, findings following each security incident, and any policy recommendations that may arise… .” Id. This bill clearly would require experts to play a critical consulting role to the government, as the FCC and other agencies involved get their data on cybersecurity from experts in the field.
The third bill, introduced by Representative Yvette Clark of New York, is the “Cybersecurity Responsibility Act.” See id. That Act would “direct the FCC, in consultation with the Secretary of Homeland Security, to issue rules to secure Communications Networks… .The rules would include provisions regarding the treatment of Critical Infrastructure information relating to Communications Networks and, like the Interagency Cybersecurity Cooperation Act, would designate Communications Networks as ‘Critical Infrastructure.’” Id.
Aside from legislation that requires expert guidance, cybersecurity lawsuits will also need expert assistance. Moreover, litigation over cybersecurity is not only currently taking place but will likely increase in the future. The American Bar Association names over twenty cases that have arisen over cybersecurity issues alone. See American Bar Association (ABA), “Cybersecurity Litigation: Where We’ve Been And Where We’re Going,” Apr. 19, 2016, at http://www.americanbar.org/content/dam/aba/administrative/litigation/materials/2016_sac/written_materials/2_cybersecurity_litigation_where_weve_been_and_where_were_going.authcheckdam.pdf (last visited Mar. 7, 2017). The types of claims involved have ranged from consumers concerned about internet data collection to surreptitious monitoring of televisions. See id. This range suggests that a number of expert witnesses will play invaluable roles in both the consulting and testifying stages. Because tech-savviness is a must, internet, security, computer, and cybersecurity experts will play a part, but so will consumer advocates and government agency policy specialists. The field will be rife with experts whose guidance may be the determining factor in future cases.
Whether the issue concerns pending legislation, implementation of cybersecurity programs, or just litigation, expert witnesses will be of great import at every juncture. These types of situations and cases should only increase, as technology improves and our capabilities exceed our own expectations.
By: Kat S. Hatziavramidis, Attorney-at-Law