The Equities Decision: Deciding When To Exploit or Defend

By: Michael V. Hayden, Principal at The Chertoff Group and former Director of the NSA and CIA

The whole WannaCry episode has understandably resurrected the question of NSA's role in identifying and then exploiting or patching cyber vulnerabilities.

To remind, the National Security Agency is one of the few organizations in the world to have both an offensive and defensive mission.  It's charged with intercepting communications for legitimate foreign intelligence purposes while also defending American communications from similar attempts by foreign actors. 

Read more


By: Michael Chertoff, Executive Chairman and Co-Founder

Today we stand at a crossroads. Will the internet continue to be a global system for commerce, politics, and social discourse, or will that world-girding network fracture into component parts? The road we take will help to define the vitality of the cyber network for the foreseeable future.

There are many policies that contribute to internet balkanization. Pervasive government surveillance, content limits, and even censorship all inhibit the free flow of information across the network. However, one of the most insidious causes of splintering is the phenomenon known as data localization – the all-too-reasonable-seeming idea that data about a country’s citizens should mandatorily be stored only in that country. While sensible in theory; in practice, it foreshadows the death knell of the global network as we know it.

Read more


By: Alan Wehler, Senior Associate

Over the past year, U.S. courts have grappled with important legal questions surrounding how U.S. law enforcement gains access to data stored in the cloud. On February 3rd U.S. Magistrate Judge Thomas Rueter issued a decision ordering Google to comply with two Federal search warrants compelling the company to turn over customer email data stored outside of the United States. This decision contradicts a July 2016 decision by the United States Second Circuit Court of Appeals on a similar case involving Microsoft, a decision that court declined to re-hear only a week before Judge Rueter’s decision. Both cases concern Federal search warrants issued under the authorities of the Stored Communications Act (SCA), a 1986 law that dictates how the government is able to obtain access to “stored wire and electronic communications and transaction records.” As one might expect, the law hasn’t held up particularly well over the past thirty years of technological change. Congress didn’t anticipate the invention of cloud computing technologies and never envisioned the complicated, transnational data storage and transit systems technology companies have created to serve their customers.

Read more