Tag Archives: Jeh Charles Johnson

The Year That Was: Key Cybersecurity and Privacy Developments in 2023 and Issues for 2024

by John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Peter Carey, and Steven C. Herzog

From left to right: John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Peter Carey, and Steven C. Herzog. Photos courtesy of Paul, Weiss, Rifkind, Wharton & Garrison LLP.

At the beginning of the year, we predicted that the use of personal information and the protection of data in an evolving threat environment would be the focus of increased legislation, regulation, and regulatory enforcement. And 2023 delivered, with both threat actors and regulators presenting new challenges for technology and legal teams. At the same time, these teams are navigating how to harness the burgeoning potential of rapidly evolving artificial intelligence applications while mitigating associated security, legal, and related risks. Amidst all of the noise, we break down below ten key developments of 2023 that contributed to an increasingly complex legal and data security landscape and prompted business leaders to increase resources and attention to bolster their defenses and ensure compliance with their growing list of legal obligations. We predict a continued flurry of activity in 2024. Continue reading

Theft of Federal Funds Highlights Expanding Cyber Threat from Foreign Actors

by John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Steven C. Herzog, and David Kessler

Photos of the authors

From Left to Right: John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Steven C. Herzog, and David Kessler

The Secret Service has reported that APT41, a hacking organization, stole roughly $20 million in federal COVID-19 relief funds by obtaining access to the computer systems of a number of U.S. states beginning in mid-2020.[1]  According to the Secret Service, APT41 is a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain.”[2]  While experts are uncertain regarding whether the breach by APT41 was ordered by the PRC government or merely tolerated, the Secret Service announcement marks the first public confirmation by a federal agency of a state-affiliated hacking group breaching U.S. cyber defenses to steal federal funds. According to the government, the hackers obtained unemployment insurance funds and Small Business Administration loans from more than a dozen states.[3]  The true scope of the breach remains unclear, with officials speculating that government networks in all 50 states were likely targeted.[4]  The Secret Service has further linked the APT41 intrusion to the organization’s broader efforts to access and interrogate state networks.[5]

Continue reading

ESG Disclosures: Task Force on Climate-Related Financial Disclosures

by Mark S. Bergman, Ariel J. Deckelbaum, Jeh Charles Johnson, Brad S. Karp, Loretta E. Lynch, Richard A. Rosen, Audra J. Soloway, Frances F. Mi, and David G. Curran

The disclosure recommendations of the Task Force on Climate-related Financial Disclosures (“TCFD”), which consider the physical, liability and transition risks associated with climate change, are intended to facilitate the development of voluntary and consistent climate-related financial disclosures by companies for investors, lenders, insurers and other stakeholders. Since their publication in 2017, the TCFD recommendations have emerged as a leading international framework for climate-related disclosures, although uptake on these standards has been slower in the United States than elsewhere. The number of companies that reference the TCFD recommendations in their disclosures is steadily increasing, and industry leaders continue to call on companies to adopt these recommendations.

Continue reading

ESG Disclosures: The Push for Consistent and Comparable Standards – Europe

by Mark S. Bergman, Ariel J. Deckelbaum, Jeh Charles Johnson, Brad S. Karp, Loretta E. Lynch, Richard A. Rosen, and Audra J. Soloway

Key Takeaways

  • The European Union has taken a leading role in advancing ESG disclosure requirements across the full spectrum of sustainability topics. Some of the initiatives are focused largely on climate issues, while others address the broader sustainability landscape.
  • In the absence of international consensus on ESG disclosure requirements, EU regulations and guidance could begin to shape disclosure in other jurisdictions.

Continue reading

Social Media Bot Company Devumi LLC Reaches $2.5 Million Settlement with FTC for Sale of Misleading Social Media “Influence Indicators”

by Christopher D. Frey, Roberto J. Gonzalez, Jeh Charles Johnson, Jonathan S. Kanter, Claudine Meredith-Goujon, Lorin L. Reisner, Jeannie S. Rhee, Richard C. Tarlowe, Alessandra Baniel-Stark, Daniel J. Klein, and Taylor C. Williams.

Background

On October 21, 2019, the Federal Trade Commission (“FTC”) settled its first-ever complaint against a company for selling fake indicators of social media influence such as phony likes, follows, views, and subscribers to users on Twitter, LinkedIn, YouTube, Pinterest, Vine, and SoundCloud.[1] The company, Devumi LLC (“Devumi”), and its CEO, German Calas, Jr., settled the enforcement action with a $2.5 million fine.[2] The company was dissolved in 2018.[3]  Reporting suggested that Devumi maintained an estimated stock of at least 3.5 million automated accounts, thousands of which used personal details of real social media users (who had not engaged Devumi’s clients with follows, likes, etc.), and that these accounts were used to generate the false indicators of social media influence.[4] 

The FTC found, for example, that Devumi filled more than 58,000 orders for fake Twitter followers from a diverse set of buyers, including actors, athletes, musicians, investment professionals, lawyers, and experts who wanted to increase their appeal as influencers or otherwise boost their credibility.[5] Devumi filled over 800 orders for fake LinkedIn followers to marketing and public relations firms, consulting firms, and financial services companies, among others.[6] Continue reading

Preparing for an Uptick in Congressional Investigations of Corporations

by Susanna M. Buergel, H. Christopher Boehning, Jessica S. Carey, Michael E. Gertzman, Roberto J. Gonzalez, Udi Grofman, Jeh Charles Johnson, Jonathan S. Kanter, Brad S. Karp, Mark F. Mendelsohn, and Alex Young K. Oh

Beginning next month, Democrats will control the House of Representatives for the first time since 2010.  Given the pent-up demand for House Democrats to make robust use of their oversight and investigative authorities, the current relative lull in congressional investigations of corporations is expected to end.  Corporations across sectors should anticipate an uptick in investigative activity. 

In addition to holding the majority for the first time in nearly a decade, this will be the first time that Democrats control the House since a 2015 rule change that empowered a number of committee chairs to subpoena witnesses or documents unilaterally.  The chairs of the following committees, among others, have this authority: Energy and Commerce; Financial Services; Intelligence; Judiciary; Natural Resources; and  Oversight and Government Reform.[1] Continue reading

Cyberspace is the New Battlespace

by Jeh Charles Johnson

[Following personal reflections on his return to private life from public service, former U.S. Secretary of Homeland Security Jeh Charles Johnson delivered the following keynote address at the Global Cyber Threats: Corporate and Governmental Challenges to Protecting Private Data cybersecurity conference held by the Program on Corporate Compliance and Enforcement at New York University School of Law on April 6, 2018.]

Like millions of other Americans, my world was rocked by the terrorist attack that occurred a few blocks from here on September 11, 2001.  Like many of you, I am a New Yorker, and was in Manhattan that day.  September 11 also happens to be my birthday.  I have a vivid recollection of the day, both before and after 8:46 a.m., when the first plane hit the World Trade Center.  At 9:59 a.m., when the first tower collapsed, it was perhaps the only time in my life when my mind could not believe what my eyes were seeing.  Neither would I have been able to comprehend then that 15 years later, there would be something called the Department of Homeland Security, that I would lead it, and that the Secretary’s New York office would occupy the 50th floor of a taller, stronger World Trade Center tower standing in the same place. Continue reading