Cover photo
Verified name
Benjamin Wright
Works at Lawyer -Private Practice | SANS Instructor: Law of Data Security & Investigations | Author: Law of E-Commerce | Blogs: BYOD, Bitcoin, Cyber-attacks, Digital Forensics
Attended Georgetown University Law (J.D. 1984)
Lives in Dallas, Texas
1,174 followers|389,159 views



Benjamin Wright

Shared publicly  - 
Home Depot Data Breach | What to Say?

Public relations is more important to legal controversies than many lawyers and non-lawyers appreciate. 

Home Depot is today in legal jeopardy because it has announced what appears to be a large breach of payment card data.

The Home Depot predicament fits into a historical context. Many major data breaches have happened before today, including TJX, Target and Sony Playstation Network.

Home Depot faces many difficult choices in the coming weeks. HD’s statements to the public about this breach will affect the company’s

* legal liability
* relationship with customers
* support or hostility from payment card issuers
* punishment from regulators

As explained in the blog post below, the SANS Institute offers unique professional training on this topic. The SANS course emphasizes the role of public communications in coping with infosec legal and reputation risk.

#homedepotbreach   #dfir   #databreach  
Add a comment...

Benjamin Wright

Shared publicly  - 
Of all the SANS instructors, +Lenny Zeltser is the most "professorial." And I mean that as a high compliment. He is a uniquely effective teacher.
Watch this 2-minute video to discover what you can learn by taking the FOR610 malware analysis course at SANS Institute.
View original post
Add a comment...

Benjamin Wright

Shared publicly  - 
IoT Produces Digital Forensics Employment

The Internet of Things (IoT) opens a gold rush for digital forensics experts. All the little devices – like Nest Thermostats or GoPro Cameras -- that are collecting data about this or that are also gathering legal and audit evidence that could resolve a dispute or an official investigation. 

Fitness Tracker Yields Legal Evidence

The article below says a woman claimed to have been sexually assaulted, and filed a detailed complaint with police.

But her FitBit – her wearable fitness tracker -- tells a story that is inconsistent with her complaint: Data from the FitBit indicates she was up and walking around when she claimed to be sleeping!

Police are now prosecuting her for filing a false complaint. What a surprising turn of events.

Experts Must Race to Keep Up

Small devices like the FitBit are very new. They are multiplying and diversifying. And they change constantly. 

They record data from their sensors. They store data. They share data. They inhabit a complicated ecosystem of digital evidence.

To competently access and evaluate data from this strange IoT ecosystem, forensics experts must constantly update their skills.

These skills include the ability to manage ethical issues. For example: if an investigator has authorized access to Device A, and Device A gives access to Device B, is the investigator authorized to access Device B's data?
When every move you make is data-mined, evidence piles up fast.
Add a comment...

Benjamin Wright

Shared publicly  - 
Do you know anyone with deep expertise in #Oracleaudit , Oracle Compliance or Oracle License Review?
Add a comment...

Benjamin Wright

Shared publicly  - 
Data Security Breaches are Normal | Law Should Recognize this Fact of Life

InfoSec law is chaotic. Part of the reason is that InfoSec itself is in crisis. The public believes that data can be secured in functioning enterprises like banks, hospitals and government agencies. This belief is shared by political authorities. But this belief does not align with reality. 

Read the news. Every day, a responsible organization is breached. (Office of Personnel Management, IRS, Anthem, Target, Home Depot, NSA, etc., etc., etc.) 

Breaches are normal, the way that losing a sporting match is normal. 
Law has not responded effectively to this reality. Law is confused and ineffective.
Add a comment...

Benjamin Wright

Shared publicly  - 
The plot in this strange infosec law case just gets thicker and thicker.
It took over a year to get Rick on the stand with criminal immunity. This is no “he said she said” game, criminal immunity isn’t easily approved by the Justice Department, but the consistency and forensic evidence provided to Chairman Darreell Issa and the Justice Department must have done the trick.
Grab your popcorn and turn off House of Cards because it doesn’t get better than this. The testimony of former Tiversa employee Rick Wallace is bombshell transparent testimony. It took over a year to get Rick on the stand with criminal immunity. This is no “he said she said” game, criminal immunity isn’t easily approved …
View original post
Add a comment...

Benjamin Wright

Shared publicly  - 
Bootcamp on cyber law and forensic evidence in legal proceedings
Benjamin Wright's profile photo
Infosec law is changing quickly. This course helps you keep pace.
Add a comment...
Have him in circles
1,174 people
Michael Vincent Buonassissi's profile photo
Barbara Owiredu's profile photo
João Carvalho's profile photo
luka Niang's profile photo
Peter Voss's profile photo
Robert Gottesman's profile photo
Robert Gaby's profile photo
Brian Ford's profile photo
Mark Peacock's profile photo

Benjamin Wright

Shared publicly  - 
Sharing Cyber Threat Data with DHS

For years we've been debating whether private enterprises should voluntarily share InfoSec data with government.

Unintended Uses for the Data

For a firm that contemplates sharing data, a big issue is whether the data might be used for unintended purposes, such as tax collection or a class action lawsuit trying to prove the firm did something wrong (e.g., failed to do enough to protect privacy).

Once data about anything gets out, it is hard to limit its use. Legal adversaries want the data; hackers want the data; vigilante leakers want to "liberate" the data.

Maintaining Legal Confidentiality

Increasingly, firms try to assure the legal secrecy of incident-response data by collecting it under the guidance of legal counsel. But that legal secrecy may be compromised if the data is then shared with government. Therefore a firm may be wise to refrain from giving the data to the government (DHS).

See discussion of secrecy under legal doctrine called "attorney work product:"
Do you think organizations would participate in voluntary information sharing of non-breach incidents?
US Homeland Security Secretary Jeh Johnson recently spoke at a conference at the Center for Strategic and International Studies (CSIS) about the challenges of cybersecurity as they affect the federal civilian .gov world. In his speech, secretary Johnson stressed the importance of passing new ...
1 comment on original post
Add a comment...

Benjamin Wright

Shared publicly  - 
This video demonstrates what a powerful tool a cheap drone can be for public safety. In a big city, full-size helicopters can track a tornado and report live on TV. But helicopters are often not available outside cities. 

For about $1000 a rural community can have a drone that spots the exact location of a tornado or other threat. Then the community can deliver live footage to local residents over the web or mobile app.
Add a comment...

Benjamin Wright

Shared publicly  - 
Some argue the US does not engage in enough scientific research. But US statistics on scientific research do not take into account Lenny's research on malware. They should.
In the following article I explain how adversaries distribute malware with the help of redirects, Google Analytics and Dropbox. I also outline an approach to bypassing some of Google's redirection safeguards that hasn't been previously discussed.
View original post
Add a comment...

Benjamin Wright

Shared publicly  - 
Greater Recognition for SANS Master's Degree Program

Another global company, a top 5 US Bank, just chose the SANS master's degree program to develop and retain their high-performing cyber investigators.

Why are major commercial and government organizations selecting the SANS Technology Institute for their cyber workforce?  Because SANS' regionally accredited graduate school develops the key traits of successful information security professionals:

1. Practical experience.
2. Deep technical knowledge.
3. Management/communications skills to get things done.
4. Credibility and confidence.

With expanded tuition reimbursement programs and eligibility for
Veterans Education benefits, there has never been a better time to earn a graduate certificate or master's degree in information security from the SANS Technology Institute!

Join the next online information session June 25th in order to learn
more about our programs:

Thursday, June 25th at 1:00 p.m. EST

If you can't make it, write us at with your
questions. (Or, put us in touch with your HR department.)

SANS Technology Institute.
The best. Made better.

Built on proven SANS courses and GIAC certification exams, and
accessible through live classes around the country and online from work or home, our programs transform the best of SANS training and faculty into an unparalleled educational experience that is custom designed for a working professional.

The SANS Technology Institute chooses the very best applicants to pursue a graduate certificate or master's degree. These programs simultaneously improve a student's technical skills while also teaching the essential communication and management techniques required to be an effective leader.

A master's degree or graduate certificate from SANS is an immediately recognizable mark of achievement, skill, and capability that is highly valued by organizations.

The SANS Technology Institute is accredited by The Middle States
Commission on Higher Education (3624 Market Street, Philadelphia, PA 19104 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.

GI Bill(R) is a registered trademark of the U.S. Department of Veterans
Affairs (VA). More information about education benefits offered by VA is available at the official U.S. government Web site at
Add a comment...

Benjamin Wright

Shared publicly  - 
SANS Institute | Legal 523

My SANS course (Law of Data Security and Investigations) is available in both live delivery and recorded listen-from-where-you-are format.

Live Concert vs Recording

The difference between the live delivery and the recorded delivery is like the difference between a live concert and a recorded song. The former is a physical, multi-sensory experience where we discuss, debate and learn through interaction how to think differently about a difficult topic. The latter is a recording of my voice, matched with slides & notes.

Obviously many people are unable to attend the live event. But the live event is more fun and engaging. The interaction is more than just a formal exchange of words between the students and me.  It includes the full range of human communication, like hand gestures, facial expressions and manipulation of props like the flip chart and my over-wide necktie. It includes the students talking to each other, both in the open classroom and privately during the breaks.

In a live classroom I tape handwritten posters on the walls so as to reinforce key ideas. Then I point to those posters when they are relevant to the conversation. The classroom becomes a three-dimensional learning environment; students learn things by just turning their gaze from one wall to the next.

The Education Flows in Both Directions.

I have benefited immeasurably by teaching the course since 2003. SANS students are smart, and they teach me. They tell me war stories. They help me understand how technology works in practice. I constantly change the course in reaction to what I learn from students. 

The process of writing, delivering and updating that course also makes me a better lawyer. It expands my base of experience. It lets me test arguments and ideas. Over the years I have suggested lots of measures for managing legal risk (like saying one thing or another in a contract or in terms of service), and students have disagreed with me. I then refine or change my ideas.

So the education is a two-street, especially in the live classroom.

P.S. We work hard to make the OnDemand version of the course the best it can possibly be. And we continue to improve. For example, in two weeks SANS and I will be shooting a new Introductory video specifically to support the OnDemand version. As technology improves, OnDemand is becoming a richer experience . . . even though it will be a while before OnDemand is as compelling as a bunch of people all together in a real classroom.
Benjamin Wright's profile photoGary Zeune's profile photo
In reference to the photo: On this day I was being recorded so that SANS could update the OnDemand version of the course.
Add a comment...
Have him in circles
1,174 people
Michael Vincent Buonassissi's profile photo
Barbara Owiredu's profile photo
João Carvalho's profile photo
luka Niang's profile photo
Peter Voss's profile photo
Robert Gottesman's profile photo
Robert Gaby's profile photo
Brian Ford's profile photo
Mark Peacock's profile photo
  • Georgetown University Law (J.D. 1984)
    Law, 1981 - 1984
  • Trinity University
    English, 1978 - 1981
Basic Information
Other names
Ben Wright
Data Law

Benjamin Wright is an attorney in private practice. He helps others navigate the law of data compliance, including privacy, outsourcing, IT security, online investigations and forensic investigations. He teaches e-discovery, BYOD, cryptocurrency and data protection law for SANS Institute.

Mr. Wright has published hundreds of blog posts on technology law.  Search them.

Wright is known for promoting screencast video to document legal investigations in social media and audit evidence in online trading platforms.

To email Mr. Wright, please send to ben_wright at compuserve dot com; put "BLOG" in subject line.

Speaker and Author  

Mr Wright is a frequent public speaker at professional groups like state CPA societies and local ISACA chapters.  As author of technology law books such as Law of Electronic Commerce, he blogs on electronic data, records, security and social media law, and he spots trends, such as the rise of big data as a tool for legal investigations

Mr. Wright is an editor for compliance topics at SANS Institute's Securing The Human program.


Texas Bar Association publishes an attorney profile on Mr. Wright.

Mr. Wright mentors students at SMU's Lyle School of Engineering. He is a member of the Pennsylvania College of Technology Advisory Committee for the Information Assurance and Cyber Security Degree.

Mr. Wright is known for bringing attention to the power of terms, conditions, contracts, disclaimers, warnings and other notices -- like those below -- published through online media.

IMPORTANT: No public comment by Mr. Wright (blog, book, tweet, video, update, speech, article, podcast or the like) is legal or other professional advice.  If you need legal advice, you should hire and consult a lawyer.

Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk. 

Public Education and Discussion

Mr. Wright's blogs, tweets, videos, web comments, web courses and the like are intended to promote public education and discussion. They are not intended to advertise or solicit legal services. They constitute an online update service for the book Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is published by Wolters Kluwer.


Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to (a) notify him at 1.214.403.6642 (b) comment publicly on his blogs or pages that he is wrong. Promptness helps mitigate damage. 

Any person accessing Mr. Wright's blogs, tweets, profiles, comments, web pages or other public activities or statements agrees not to use data from them in a way that is adverse to Mr. Wright's interests.

Forming an Attorney-Client Relationship

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly, formally agree that the relationship is being formed. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchange of private messages with Mr. Wright does not, by itself, create an attorney-client relationship.

Privacy/Security Vision 

Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

IMPORTANT Confidentiality Notice

Benjamin Wright is licensed as an attorney. Some of Mr. Wright's non-public records stored in the cloud are confidential and subject to protections associated with attorney work and communications. The laws of many countries recognize such protections. Mr. Wright insists that you recognize those protections with respect to his records and communication. 


The only person responsible for Mr. Wright's words is Mr. Wright.

Mr. Wright often earns financial or other reward from those he mentions or links on blogs and social media, such as Yellow Brick, Messaging Architects/Netmail, SANS Institute, Credant Technologies, state CPA societies, Park Avenue Presentations, LabMD and others.


Some images, sounds and font output associated with Wright's work and comments are copyrighted by Corel Corporation or its licensors or partners like iStockphoto; they reserve all their rights. Some images are declared on wikimedia to be public domain.  Mr. Wright strives to respect IP rights, but sometimes technology behaves in surprising ways. If you are an IP owner and you have a problem with something published by Mr. Wright, please telephone him promptly. Trademarks are property of their respective owners.

Dallas, Texas.   Tel: +1.214.403.6642

Bragging rights
Technology law humbles me.
Public speaker on digital law and cyber investigations
  • Lawyer -Private Practice | SANS Instructor: Law of Data Security & Investigations | Author: Law of E-Commerce | Blogs: BYOD, Bitcoin, Cyber-attacks, Digital Forensics
    Lawyer, present
    Contracts, policies, training and public communications in regards to risk and compliance in technology law around the world.
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Dallas, Texas
Contact Information
Dallas, Texas
Benjamin Wright's +1's are the things they like, agree with, or want to recommend.
Singularity Hub

The Future Is Here Today... Robotics, Genetics, AI, Longevity, The Brain...

The curious case of LabMD new developments in the “other” FTC data-secur...

By now, businesses with an interest in data security are aware of FTC v. Wyndham Worldwide Corp., in which a US District Court of New Jersey

Here Are My Official Comments on the New York Department of Financial Se...

Dear Mr. Syracuse: I am an attorney and Certified Public Accountant with a Master's Degree in Accounting. For nearly twenty years I have als

Toni Ruttimann: The Bridge-Builder | Indonesia Expat

Meet Toni Ruttimann, the bridge-builder. He is, literally, bringing two worlds together; one community at a time. Toni has built over 600 br

Code of Conduct | The Honeynet Project

Below, you will find the Honeynet Project's proposed code of conduct. We invite you to submit comments until 5/1/2012 to project@honeyne

Report: Mysterious Happenings at JPMorgan?

I've tried a number of times to understand The Wall Street Journal's story headlined "J.P. Morgan Rankled by Risk," but I still don't get it

Blog - Michael Daugherty

Trying to write a book while running a company and having the government knocking on your door calls for drastic measures. I needed to get t

Answers to Google Social Network - Google+

A continually improving collection of questions and answers created, edited, and organized by thousands who use the Google+ social network.

Is Zippo Getting Zapped? | Litigation News | ABA Section of LitigationA...

Florida court rejects Zippo’s “sliding scale” for jurisdiction over Internet activity.

Web Preservation by Screencast — Slaw

Slaw is Canada's online legal magazine ISSN 1925-6175. home about. • about Slaw. • our contributors. • our columnists. archives. • by da

Spy Privacy Subpoena Law: Definition of Data Security Breach

When Has Privacy of Credit Card or Social Security Numbers been Compromised? Security Incident Response and Information Protection Law. Many

Introduction to MobiSec video

We just wanted to post a quick update to let you know about a new video. Kevin (working with James) recorded a "quick" introduction to OWASP

FINRA and the SEC Move One Step Closer to JOBS Act Implementation

Washington, D.C. (PRWEB) January 31, 2013 – Earlier this week FINRA invited prospective Crowdfunding portals to voluntarily file an interim

Computer forensic delays a growing problem? | Cybercrime Review

It is hard not to notice the growing number of cases that revolve around or discuss the delays associated with processing computer forensic

Hide & seek profile research Discreet & Confidential

Hide & seek profile research. Discreet & Confidential. We all have felt the stings of betrayal from lies told by people very close t

Microsoft DMCA Notice ‘Mistakenly’ Targets BBC, Techcrunch, Wikipedia an...

Over the last year Microsoft asked Google to censor nearly 5 million webpages because they allegedly link to copyright infringing content. W

Excellent place to hold a business conference.
Public - 3 months ago
reviewed 3 months ago
The rooms are very spacious, clean and up-to-date. The place is quiet and peaceful . . . making for a good night of sleep.
Public - 3 months ago
reviewed 3 months ago
4 reviews
I have visited the Gallery numerous times over the years, most recently last week. The Gallery is a rare treasure, one of the best-kept secrets in New York. Serious antique collectors must check it out. Call ahead for an appointment.
Quality: ExcellentAppeal: ExcellentService: Excellent
Public - 2 years ago
reviewed 2 years ago