Gus Hurwitz

Gus Hurwitz

Gus Hurwitz, a visiting fellow at AEI's Center for Internet, Communications, and Technology Policy, is an assistant professor at the University of Nebraska College of Law, where he teaches telecommunications law, cyber law, law and economics, and other regulation-related subjects. His research builds on his background in law, technology, and economics to consider the interface between law and technology and the role of regulation in high-tech industries. He has a particular expertise in telecommunications law and technology. He was previously the inaugural research fellow at the University of Pennsylvania Law School’s Center for Technology, Innovation and Competition, and before that was a visiting assistant professor at George Mason University Law School. He previously spent several years as a trial attorney with the US Department of Justice Antitrust Division’s Telecommunications and Media Enforcement Section. Hurwitz has a background in technology and worked at Los Alamos National Laboratory. During this time, his work was recognized with professional awards from organizations such as the Federal Laboratory Consortium, R&D Magazine, Los Alamos National Lab, the Institute of Electrical and Electronics Engineers, the Association for Computing Machinery, and the Corporation for Education Network Initiatives in California. In addition, he held an Internet2 Land Speed world record with the Guinness Book of World Records. Hurwitz is a co-blogger at Truth on the Market.

LabMD ruling should be a wake-up call for FTC data security enforcement

The big news last week in FTC- and Data Security-land was the FTC’s loss in its enforcement action against LabMD. This decision, announced at the very end of the previous week – the afternoon of Friday the 13th, in fact – was a major loss for the FTC and a major win for consumers and small businesses: FTC Chief Administrative Law Judge Chappell roundly rejected the FTC’s data security case against LabMD, a small cancer detection lab effectively put out of business as part of the commission’s imperious decade-long effort to establish itself as the nation’s chief cybersecurity regulator. The judge’s opinion calls into question the FTC’s underlying legal theory and enforcement-based approach to developing data security norms – an approach under which a majority of companies in the United States could be found guilty of violating the Section 5 of the FTC Act.

Understanding encryption: No longer just about sending secret messages

As part of our contribution to Cybersecurity Awareness Month, we’re making today Encryption Awareness Day here at Encryption is a key aspect of cybersecurity. Indeed, it is hard to have a meaningful conversation about cybersecurity without an understanding of what encryption is and how it works. Unfortunately, encryption is a complicated concept which many people don’t understand all that well. Indeed, as explained in this post, encryption’s most important function probably isn’t that it lets us keep information secret from prying eyes – in the modern setting, encryption serves the more important role of identity verification.

What the FCC can learn from the Volkswagen scandal

I had promised’s Editors that I would write this week about regulation and the use of technology in education. The Editors were excited. Earlier this week, Bronwyn Howell wrote about the recent OECD study showing that spending on technology to support education does not necessarily benefit, and can actually harm, education outcomes. And the next day Ari Rabkin wrote about the challenges of defining what we mean when we say “computer science” should be added to primary school curricula. Both Bronwyn’s and Ari’s discussions offer examples of policy charging ahead of evidence – with the potential consequence of both wasting money or even undermining the intended policy goals.
FTC data security by Felix Lipov /

In Wyndham, the FTC won a battle but perhaps lost its data security war

Tech Policy Daily readers are likely aware that sometimes a seemingly big loss (or win) in court can prove to be a major win (or loss) in practice. This is what happened in Verizon, where the DC Circuit rejected the FCC’s 2010 Open Internet rules but upheld the FCC’s underlying legal authority. On Monday, the Third Circuit released a similarly important opinion relating to the FTC’s authority to regulate data security practices. In this case the court has given the FTC what seems to be a win. But in doing so the court rejected the agency’s basic approach to data security regulation, ignoring the FTC’s efforts over the past 15 years to regulate data security practices. This is a major blow to the FTC, which has steadfastly argued – including in this case – that it has developed its own law of data security that should apply in cases such as this.

Will the FTC’s UMC policy statement save the commission from itself?

Last Thursday, Federal Trade Commission (FTC) Chairwoman Edith Ramirez announced a new policy clarifying the commission’s use of its authority under Section 5 of the FTC Act to take action against “unfair methods of competition” (UMC). This policy statement represents a major win for both Commissioner Wright – who has pushed for the commission to adopt such a statement since joining the commission – and for the American consumer, who will benefit from the increased stability that this policy creates. It also represents an abrupt about-face for the chairwoman, who has steadfastly resisted providing such guidance (or otherwise accepting any limits on the commission’s authority) – an about-face almost certainly prompted by recent congressional concern.