Cyberlaw Podcast Features Prof. Schwarcz's Article, How Privilege Undermines Cybersecurity

The Cyberlaw Podcast recently devoted an episode to Prof. Schwarcz's article How Privilege Undermines Cybersecurity. Schwarcz co-authored the article, which is forthcoming in the Harvard Journal of Law and Technology, with Josephine Wolff at The Fletcher School at Tufts University, and Daniel Woods at the University of Edinburgh’s School of Infomatics.  The Article argues that the rules governing attorney/client privilege and work-product doctrine undermine cybersecurity.  In particular, they cause lawyers to direct forensic providers to refrain from making recommendations to clients about how to enhance their cyber defenses, restrict direct communications between forensic firms and clients, insist on hiring forensic firms that have no familiarity with the client’s networks or internal processes, and strictly limit dissemination of the forensic firm’s conclusions to the client’s internal personnel. To reverse these trends, the Article suggests that materials produced during incident response should be entitled to confidentiality protections that are untethered from the provision of legal services, but that such protections should be coupled with new requirements that firms impacted by a cyberattack disclose specific forensic evidence and analysis. .