Cyber Alliance Seminar: Dan Roche, Professor, Computer Science, U.S. Naval Academy, Annapolis

Talk Title: What FTC cases tell us about developing and managing secure software systems

Abstract: In the absence of nationwide data privacy legislation, the U.S. Federal Trade Commission (FTC) has played a significant role in holding firms accountable in the wake of compromises to sensitive personal data which they hold. Two significant court cases in the last eleven years have first established the FTC's authority to regulate data security, and secondly required that the commission be specific in what technical and non-technical measures must be taken to remedy and (presumably) prevent further data breaches. We examined the FTC's recent cases related to data security and found a few broad commonalities in the recommendations, despite the wide variety of technical circumstances that lead to the underlying data breaches. In this talk I will give a little history on why the FTC is the de-facto top cybersecurity regulator in the U.S., then talk about our methodology and look at a few interesting cases, and finally give some of our conclusions and recommendations for software developers and network administrators.

This is joint work with Chris Brown, Ellis Fenske, and Jeff Kosseff, for a forthcoming article that will appear in the Fordham Intellectual Property, Media & Entertainment Law Journal. We are supported by NSF grant #2217597.

Bio: Dan Roche is a professor in the Computer Science Department at the U.S. Naval Academy in Annapolis, Maryland, where he has been since completing his Ph.D. at the University of Waterloo in 2011. His research focuses on developing algorithms for exact mathematical computation and privacy-preserving cryptographic protocols. Dan is visiting the Faculty of Computing & Data Sciences while on sabbatical in the 2024-25 academic year, where he is hosted by Mayank Varia

Back to Calendar