Open in app

Sign in

Write

Sign in

Strength in Numbers: The Counter-Ransomware Initiative

By Ravi Nayyar

A Techno-Legal Update
18 min readOct 18, 2021

On October 13 and 14, over a few dozen countries and the European Union gathered for a summit (‘Summit’) at the White House on how to solve a problem like ransomware (my apologies to Messrs Rodgers and Hammerstein). Or, as a senior US Government (‘USG’) official put it a few days beforehand, ‘to accelerate cooperation to counter ransomware’.

The following countries were represented at the ‘Counter Ransomware Initiative Meeting’, the Summit’s official name: (emphasis added)

We the Ministers and Representatives of Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States

Bolded are:

  • the Five Eyes (‘FVEY’) countries, the Quad countries and the European Union, given their (growing) geopolitical heft and influence in standard-setting and global policymaking when it comes to technology more generally (see Professor Rory Medcalf’s book for more context on the Quad); and
  • Estonia because of its prowess in running a cyber-resilient economy and society despite the spate of hostile campaigns against it from Russia, a state sharing a pax mafiosa with organised cybercrime groups (per Nicole Perlroth’s book) and representing a safe haven for ransomware groups.

Big Wraps

There was a fair bit of build-up, with outlets using language certainly less drab than the typical ransom note left by cybercriminals.

Take NBC News:(emphasis added)

The summit will be the most concrete step it [the White House] has taken so far to build an international coalition to address ransomware, an epidemic of cybercrime...

Or Foreign Policy: (emphasis added)

After Spike in Ransomware Attacks, U.S. Looks to Go on the Offensive: The Biden administration is circling the wagons to address growing cyberthreats.

But a dedicated multilateral summit on countering ransomware makes sense when one considers the specific mentioning of ransomware in high-level multilateral fora. For instance, in:

  • October 2020, when the G7 highlighted the greater ‘scale, sophistication, and frequency’ of ransomware attacks targeting critical infrastructure assets;
  • April 2021, when the Five Eyes (‘FVEY’) countries released a Ministerial Statement on Ransomware, which flagged the ‘significant threat to Governments, critical infrastructure and essential services on which all our citizens depend’; and
  • June 2021, when the G7 ‘commit[ed] to work together to urgently address the escalating shared threat from criminal ransomware networks’.

Little wonder such multilateral momentum carried forward to the Summit, as exemplified by the preamble to the Joint Statement. The preamble both specifically mentions ‘critical infrastructure’ and provides a list of sectors thereof that have been and can be targeted: (emphasis added)

From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity.

There is even an implied reference to the definition of critical infrastructure, given the mentioning of ‘public safety’ and ‘economic prosperity’.

Little wonder that a senior USG official highlighted ‘the eagerness to participate, the eagerness to learn, the eagerness to help other countries build capacity’ from said official’s overseas counterparts in the lead-up to the Summit. That eagerness is certainly manifest in the preamble of the Joint Statement: (emphasis added)

The threat of ransomware is complex and global in nature and requires a shared response… Governments recognize the need for urgent action, common priorities, and complementary efforts to reduce the risk of ransomware.

Of course, these are words drafted after deliberation by diplomats, but these are rather strong words. Especially when ‘urgent’ is used. Sir Humphrey Appleby would be aghast.

Words that are stronger than those coming from the UN Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security (‘UN GGE’, emphasis added):

Norm 13 (d) States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect…

The Group underscores the importance of cooperation and assistance in the area of ICT security and capacity-building and their importance to all elements of the Group’s mandate.

(Note that the UN GGE includes representatives from Russia and China, and the report was approved by consensus. So, of course, the language has a lower modality than the Joint Statement from the Summit, which neither of those two countries attended.)

The Joint Statement’s strong words are also justified in light of the threat. A threat manifest in the aforementioned ‘epidemic’ of ransomware attacks targeting critical infrastructure assets worldwide in only the past few years. A threat which, as I argued in this post for the blog of the ANU Journal of Law and Technology, can be analogised with that from conventional kinetic terrorism.

It is thus splendid that several countries banded together to call a spade a spade (per the preamble, emphasis added):

Having gathered virtually on October 13 and 14 to discuss the escalating global security threat from ransomware, we the Ministers and Representatives… recognize that ransomware is an escalating global security threat with serious economic and security consequences.

Twice in the first paragraph of the Joint Statement.

So What Actually Happened?

The Summit was divided into six sessions, the first of which was open to the public (see Eric Geller’s thread which covered that session) and the rest being behind closed virtual doors.

The sessions were focused on four areas:

  • resilience (with India organising and leading this discussion);
  • countering illicit finance (the United Kingdom, ‘the UK’);
  • disruption and other law enforcement efforts (Australia); and
  • diplomacy (Germany).

These areas supplied the structure for the Joint Statement, which will now be analysed.

Resilience

First things first, I just love that the first section of the Joint Statement has this title.

After all, resilience is more holistic a concept than security, given that the latter is focused on ex ante risk mitigation. Resilience captures that, in addition to ‘the ability [of a system] to operate during, and to adapt and recover, from [a failure or a breach]’. Cyber resilience thus comprises ‘the ability to prepare for, respond to and recover from a cyber attack’ (emphasis added).

In multilateral cyber diplomacy, words certainly matter. Therefore, it is terrific that the Joint Statement preferred ‘Resilience’ over ‘Security’ as a section heading. It is also fantastic that the section conveys the attendees’ agenda to include ‘network resilience to prevent incidents when possible and respond effectively when incidents do occur’ (emphasis added). This is linked with how the preamble states the importance of resilience across international and domestic stakeholders to ‘a nation’s ability to effectively prevent, detect, mitigate and respond to threats from ransomware’.

Besides, the section is to be applauded in signalling that ‘network resilience is about more than technical capabilities’, harking back to the aforementioned holistic nature of the subject. The elements of a decent cyber resilience programme, for both system operators and policymakers, are listed: (emphasis added)

effective policy frameworks, appropriate resources, clear governance structures, transparent and well-rehearsed incident response procedures, a trained and ready workforce, partnership with the private sector, and consistently enforced legal and regulatory regimes.

From an industry perspective, this list captures the essentials of cyber resilience, for instance, if one uses the obligations of Australian financial institutions under the Australian Prudential Regulation Authority’s Prudential Standard CPS 234, Information Security, as a model. The components listed by the Joint Statement would certainly make national corporate regulators quite happy, not least because it mimics guidance they have put out themselves (see, eg, guidance from the Australian Securities and Investments Commission).

Great adjectives and adverbs (bolded text in the extract) in the quoted text to boot, as opposed to merely listing that, say, an entity needs ‘incident response procedures’. It won’t be surprising if the eyebrows of recalcitrant officers of companies and government officials more generally, are raised by such strident wording. A cumulonimbus’s worth of shade (to coin a phrase) is thrown at the end of the section: (emphasis added)

We note that resilience efforts are most effective when accountable senior leaders with the ability to direct resources, balance associated trade-offs, and drive outcomes are actively involved in cybersecurity decision-making.

Another sentence to make the Sir Humphreys of the corporate and regulatory world blush, of course, assuming they read the Joint Statement to begin with.

It can be argued that the mentioned recalcitrance by people at the top is arguably why so many breaches of cyber resilience occur in the first place, including due to ransomware.

Writ large in how ‘basic’ the ‘several universal cybersecurity best practices’ listed by the Joint Statement are:

… maintaining offline data backups, use of strong passwords and multi-factor authentication, ensuring software patches are up to date, and education against clicking suspicious links or opening untrusted documents.

These are measures repeated in countless guidance from relevant agencies (see, eg, the Cybersecurity and Infrastructure Security Agency), regulators and Track 2 experts. This is Cyber 101. The fact that these are specifically mentioned in a diplomatic statement as measures that ‘can dramatically reduce the likelihood of a ransomware incident and mitigate the risk from a host of other cyber threats’ is an indictment of the state of cyber resilience worldwide. The commitment of the attendees ‘to promote improvements in basic cyber hygiene’ (again, the b-word!) rubs it in, doesn’t it? The wording is reminiscent of that used by the Australian Cyber Security Centre (‘ACSC’): (emphasis added)

The ACSC responds to hundreds of cyber security incidents each year that have been the result of very poor cyber security practices. To further protect against cyber security intrusions, the ACSC recommends implementing ASD’s Essential Eight security controls will substantially reduce the risk of compromise and help to prevent the most common TTPs used by malicious cyber adversaries.

But then again, a silver lining exists: Chief Information Security Officers and General Counsel worldwide would now have an easier job convincing Boards and higher officials to invest in said ‘basic’ cyber resilience controls and take cyber risk seriously.

After all, if over 30 countries and the EU — the progenitor of the General Data Protection Regulationhave agreed on the above words, then firms and governments do not really have an excuse to stand idly by, right?

Another silver lining: when so much risk can be mitigated so easily, why not put in place the right controls quick sticks?

I am an optimist, of course, in the spirit of Cybersecurity Awareness Month.

Moving on, the Joint Statement touches on the need for countries to ‘consider appropriate steps’ to drive intelligence sharing between victims, law enforcement and cyber emergency response teams (CERTs) ‘with protection for privacy and human rights’. While I would have appreciated stronger language at the start, this is still better than nothing; especially when a multi-stakeholder ransomware task force (‘the RTF’) recommended the creation of worldwide ‘ransomware investigative hubs’ that ‘should foster a culture of information sharing, [and] be located in diverse geopolitical regions to enable swift sharing of intelligence’. (emphasis added). Also, the reference to CERTs reminds me of the UN GGE’s recommendation that: (emphasis added)

States could also consider putting in place other measures such as a national ICT-security incident management framework with designated roles and responsibilities, including for CERTs/CSIRTs, to facilitate cooperation and coordination among CERTs/CSIRTs and other relevant security and technical bodies at the national, regional and international levels.

This can only be a good thing, especially when information sharing frameworks are enacted with human rights safeguards in place (per the Joint Statement). For instance, as the Summit attendees point out, the authorities can actually investigate and prosecute ransomware actors, as well as help the ‘broad distribution of cyber threat mitigation steps’.

The section concludes with a reference to public-private partnerships ‘to promote incident information sharing and to explore other opportunities for collective buy-down of risk’, riffing off the preamble’s reference to the ‘resilience’ of, among other stakeholders, industry as a determinant of a state’s response to the ransomware threat. This echoes the UN GGE’s calling for ‘increased cooperation alongside more effective assistance and capacity-building’ with industry as ‘critical to bridging existing divides within and between States on policy, legal and technical issues relevant to ICT security’.

Countering Illicit Finance

The next section deals with the financial crime prevention aspect of the fight against ransomware, given that ‘ransomware is primarily a profit-seeking endeavor, commonly leveraging money laundering networks to move ransomware proceeds’ (per the Joint Statement, emphasis added).

Such is the profit motive behind the crime that ransomware groups were observed in 2020 to increasingly outsource and cooperate among each other in relation to money laundering services. The need for the criminals to be strategic with their money laundering choices is seen in how high their revenues are. After all, American financial institutions reported US$590 million worth of activity, which they considered was ransomware-related, to the USA’s Financial Crimes Enforcement Network (‘FinCEN’) ‘during the first six months of 2021’ — a figure greater than the value covering all of 2020. Just one ransomware strain attracted US$3.6 billion worth of Bitcoin transfers from September 2019 until October 2021.

These factors reinforce the equivalence between the need, on one hand, to respond to the abuse of virtual assets to launder ransom payments and the need, on the other hand, to respond to the abuse of fiat money to launder the proceeds of, say, narco-trafficking. Especially when the Joint Statement designates virtual assets as ‘the primary instrument criminals use for ransomware payments and subsequent money laundering’ (emphasis added).

Therefore, I love this section’s title: it captures said equivalence by suggesting counter-ransomware policy to be one facet of the broader fight against financial crime, rather than a separate issue which can be handled with kid gloves. The generic nature of the title, which can easily be that for a paper on anti-money laundering and counter-terrorism financing (‘AMLCTF’) policy in the fiat currency context, brings home the point that virtual assets and virtual asset service providers (‘VASPs’) must be subject to AMLCTF regulation, per Recommendation 15 of the Financial Action Task Force’s (‘FATF’) Recommendations. (Note that the latter were first extended to virtual assets during the American Presidency of the international AMLCTF standard-setter.)

The need for this regulatory coverage is underlined by the Summit attendees’ acknowledgement of how the ‘uneven global implementation’ of the FATF Recommendations in relation to VASP regulation ‘creates an environment permissive to jurisdictional arbitrage by malicious actors’.

Having written my Hons thesis on how AMLCTF law can regulate virtual assets and worked in AMLCTF and virtual assets policy, I love the Joint Statement’s specific and detailed language in relation to the enactment and enforcement of risk-based AMLCTF laws, as well as how countries should form a collectively harder target for the launderers of ransom payments. It is great that the Summit’s attendees committed to work with the sector (which arguably includes blockchain forensics providers) to enhance the sharing of financial intelligence, such sharing being a pillar of financial crime risk mitigation. Job well done to the national AMLCTF officials (and, I’m guessing, those from the FATF Secretariat) who would have helped out with the drafting.

I applaud the ambition reflected in the bolded words of the following passages (emphasis added):

We recognize the significant potential for combating ransomware through enhanced international cooperation... Cooperation can include a wide range of activities...

Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks…

We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities. We will enhance the capacity of our national authorities… to regulate, supervise, investigate, and take action against virtual asset exploitation…

This is language of high modality. The reference to cooperation as a non-exclusive list of activities, as well as that to growing regulatory capacity to ‘take action’ — as opposed to a watching brief — is welcome. The commitment of several Western markets to strengthen their AMLCTF supervision of virtual assets will certainly give the sector pause (and make its trade associations and lobbyists grin at the prospect of more donations and cheques, respectively).

Additionally, the USA can play a prominent role in the aforementioned international cooperation and capacity-building, given its work to better prosecute the ransomware threat. Those efforts include:

  • the Department of Justice (‘DoJ’) establishing a Task Force to bring together ‘law enforcement and prosecutorial initiatives combating ransomware’;
  • the DoJ forming its National Cryptocurrency Enforcement Team ‘to tackle complex investigations and prosecutions of criminal misuses of [virtual assets]’;
  • the Department of the Treasury sanctioning a virtual assets exchange known to facilitate ransom payments drawn by at least eight variants;
  • the Department of the Treasury’s Office of Foreign Assets Control publishing sanctions compliance guidance for the virtual assets sector and an updated advisory on sanctions risk attached to facilitating ransom payments; and
  • work, led by the FBI, to establish an ‘Illicit Virtual Asset Notification… information sharing partnership and supporting platform’ to track illicit financial flows associated with ransomware.

To read more from me on countering illicit finance risk in the ransomware risk, check out my pieces on the ransomware economy and how ransom payments should be tackled (mandatory reporting versus prosecution for money laundering). Note that the ‘Resilience’ section of the Joint Statement flags the ‘development of policies to address ransom payments’, which is great because those policies are long overdue.

Disruption and Other Law Enforcement Efforts

As someone very much in favour of playing on the front foot in the fifth domain against ransomware actors (per this essay on offensive cyber operations), I grinned when reading this section of the Joint Statement.

The countries in attendance have adopted a rather decisive tone, which is welcome in light of the urgency of the threat and the need to meaningfully respond (as above): (emphasis added)

We must also act to degrade and hold accountable ransomware criminal operators... Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory…

We will consider all national tools available in taking action against those responsible for ransomware operations threatening critical infrastructure and public safety.

Such language arguably leaves little room for doubt as to the willingness of the Summit attendees to go on the offensive, especially when critical infrastructure and public safety are at stake. #ReleaseTheHounds

It is synchronous with national policies — certainly in the FVEY countries of late — when it comes to using offensive cyber capabilities both generally and against ransomware.

  • General Paul Nakasone, Director of the National Security Agency (‘NSA’) and Commander of United States Cyber Command (‘CYBERCOM’), recently highlighted that CYBERCOM ‘is “surging” to respond to [ransomware]’ and the ‘national security threat’ which it represents in targeting including critical infrastructure. General Nakasone was fairly clear on the importance of countering ransomware actors for the NSA and CYBERCOM, pointing to how his personnel could ‘really effectively’ understand how attackers should be targeted in partnership with other countries.
  • Australia’s Ransomware Action Plan denotes the use of ‘the Australian Signals Directorate’s offshore offensive cyber capabilities to disrupt foreign cybercriminals’ as a ‘current and immediate initiative’ (for my views on that document, check out this thread).
  • After describing her organisation’s ‘aim to deliver a more sustained, proactive and integrated campaign for disrupting and imposing costs on malicious actors’, Lindy Cameron — CEO of the UK’s National Cyber Security Centre — stated that it was working to ‘better integrate and deploy’ tools including its ‘military capabilities’, and with the UK National Cyber Force.

The commitment by Summit countries to ‘timely and consistent collaboration across law enforcement, national security authorities, cybersecurity agencies, and financial intelligence units’ is important in light of the cross-border nature of the threat, as the countries flag. The reference to financial intelligence units is welcome, given how important the sharing and exploitation of financial intelligence — which an FIU centralises, analyses and disseminates — is to counter-ransomware policy.

The countries also signal their intent:

to cooperate with each other and with other international partners to enhance the exchange of information and provide requested assistance where able to combat ransomware activity leveraging infrastructure and financial institutions within our territories.

Besides, the above extract is a stronger version of the UN GGE’s recommendation that: (emphasis added)

Norm 13 (d) States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats…

I also appreciate the cumulonimbus’s worth of shade thrown at Russia in the reference to ‘other’ countries on whom the Summit’s attendees committed to ‘impress urgency’ to ‘counter cybercriminal activity emanating from within [their]… territory’ and thus ‘eliminate safe havens’ for ransomware operators. This is arguably an implied shoutout to the norms for responsible state behaviour in the fifth domain that were proposed by the UN GGE: (emphasis added)

Norm 13 (c) States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs…

This norm reflects an expectation that if a State is aware of or is notified in good faith that an internationally wrongful act conducted using ICTs is emanating from or transiting through its territory it will take all appropriate and reasonably available and feasible steps to detect, investigate and address the situation…

Norm 13 (f) A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.

I have, however, a question: apart from through offensive cyber operations, what does the Joint Statement mean when it refers to the countries committing to ‘hold [ransomware operators] accountable’? Does this mean financial sanctions? Seizing virtual assets? Targeting facilitators? Indictments without prosecutions? Because I do not know how the countries in attendance can (easily) extradite, let alone prosecute, (state-backed) ransomware actors from Russia and China? That is, unless fate seemingly intervenes.

Food for thought.

Diplomacy

Devil’s advocate: was this section placed at the end to reflect the level of optimism of the Summit’s attendees on the success of diplomacy as a means of getting Russia to can the aforementioned pax mafiosa? Diplomacy which can be argued to have not achieved enough to justify inviting Russia to the Summit? After all, the Director of the Cybersecurity and Infrastructure Security Agency (‘CISA’) recently observed that she has ‘not seen any significant, material changes’ in malicious Russian (state) activity in the fifth domain.

In any case, the Summit’s attendees plan to ‘leverage diplomacy through coordination of action in response to states whenever they do not address the activities of cybercriminals’. Which is great because coordinated cyber diplomacy can’t be a bad thing, right? Especially when the concept was recommended by the UN GGE: (emphasis added)

Norm 13 (a) Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security…

States can help Norm 13 (a) and Norm 13 (c) (see above) become accepted as responsible state practice by coordinating their diplomacy to condemn and persuade recalcitrant states to cooperate on counter-ransomware policy and tackle ransomware activity within their territory. Strength in numbers, eh?

Such diplomatic efforts are anticipated to form a ‘critical component’ of efforts against jurisdictional arbitrage by ransomware actors, synchronous with the RTF’s recommendations that countries ‘signal that ransomware is an international diplomatic and enforcement priority’ and ‘establish an international coalition to combat ransomware criminals’. Especially when combined with action to (per the Joint Statement) build the sovereign cyber and law enforcement capacity of countries ‘to serve as a force multiplier in the fight against ransomware’, for instance, because they can better participate in coordinated cyber diplomacy against stronger states providing sanctuary to cybercriminals.

In this vein, the USG was fairly bullish on what the Summit would contribute to cyber diplomacy to fight the ransomware threat: (emphasis added)

The headline… should really be around [the] U.S. government leading and bringing countries together to fight ransomware effectively… [The USA is] very hopeful and really excited about this international coalition work.

For the same reasons as with countering illicit finance, the USA can play a prominent role in such coalition work and capacity-building efforts. Its FVEY and Quad allies can act as force multipliers in the cyber context; for instance, since one of the Quad’s foci include cooperation on ‘bolster[ing] critical-infrastructure resilience against cyber threats by bringing together the expertise of our nations [India, Australia, Japan and the USA] to drive domestic and international best practices’.

In that vein, coordinated cyber diplomacy is of value in the fight against ransomware because it can be used in multilateral and/or multi-stakeholder standard-setting organisations (like the International Telecommunication Union and the International Organisation for Standardisation) to ensure that robust technical standards touching on cyber resilience are set in accordance with the values of the coordinating states, such as respect for human rights.

Which is key because, bar the United Arab Emirates, the Summit’s attendees were all democracies.

= Better than Nothing

The Summit was momentous, both for diplomacy generally and cyber diplomacy.

Based on the Joint Statement, it had a highly ambitious agenda dedicated to understanding how countries ought to counter ransomware, as opposed to relegating the national security threat to half a sentence in a long communiqué. On the whole, the countries in attendance agreed on a decent plan of attack across key areas, namely resilience, illicit finance, releasing the hounds and diplomacy.

It can be argued that the value of the Summit was undermined by the absence of Russia and China, assuming the countries would have approved such a strident Joint Statement. One journalist questioned the viability of ‘a long-term successful strategy to combat ransomware’ without Russian participation.

In response, the USG highlighted the ‘frank and professional exchanges’ between the USA and Russia in which the former have made their expectations of Russia ‘address[ing] ransomware criminal activity coming from actors within [its territory]’ clear. The USG also said it has observed, without providing further detail, ‘some steps by the Russian government’ and awaits ‘follow-up actions’.

Let’s wait and see how the statistics covering attacks by Russian actors or actors operating from Russian territory track. For the proof will be in that pudding.

In any case, I personally do not see what value there would have been in inviting Russia and China to the Summit, given their markedly different values relative to the vast majority of the countries that signed the Joint Statement and their continued violation of norms (defined broadly) of acceptable state conduct in cyberspace (see, eg, Nicole Perlroth, Ben Buchanan and Andy Greenberg’s books, Lindy Cameron’s speech, CISA’s advisory and the 2021 edition of the Annual Threat Assessment of the US Intelligence Community). The aforementioned observation of the CISA Director also comes to mind.

All in all, I applaud the White House and the other attendees for putting on and using the Summit to share ideas and resources on ransomware policy. About time. I applaud them for putting out such an ambitious and comprehensive Joint Statement. Yes, it has shortcomings (see the above analysis), but what we have here is better than nothing.

Especially when over a few dozen democracies have signed it.

Strength in numbers, eh?

Ransomware
Cyberdiplomacy
Cybersecurity
Cyber Resilience
Critical Infrastructure

--

--

A Techno-Legal Update
A Techno-Legal Update

Written by A Techno-Legal Update

19 Followers
1 Following

Vignettes from the intersection of law and technology, and a word or two about sport. Composed by Ravi Nayyar.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams