Austin Mooney, 3L, and his team won first place in the Policy Competition category of the 13th annual New York University's Cyber Security Awareness Week (NYU CSAW) in November.
The third annual NYU CSAW Policy Competition, organized by the NYU Center for Cyber Security, challenged students to propose public policy solutions to real-world computer security challenges. This year's finalists fashioned proposals addressing ways to appropriately align business incentives with the true costs of data insecurity. Mr. Mooney teamed up with Katie Morehead and Julian Flamant, both students at the Antonin Scalia Law School, and bested four other teams to clinch the first prize.
Mr. Mooney, whose focus is in privacy and cyber security at GW Law, concentrated on these fields shortly after making the move to D.C. from his native state of Florida. "After just a few weeks at GW Law, I realized that what was previously a passing interest in internet policy could actually be made into a career, with a wealth of classes, practice areas, and positions opening up," Mr. Mooney said. He spent his year as a 1L reading about encryption and other issues in cybersecurity and privacy law.
During his second year at GW Law, he took classes in cybersecurity law and policy, privacy law, and consumer protection law. This past summer, Mr. Mooney interned at the Federal Trade Commission (FTC) where he worked on projects related to privacy and security. During his internship, he heard about the CSAW Policy Competition from law clerks who participated in the previous year. Mr. Mooney formed a team with two of his fellow FTC colleagues who were also interested in cybersecurity policy.
For this year's competition, participants were given a prompt that touched on important cyber security policy issues. Students had to respond to the externalities associated with poor data security practices by companies. Mr. Mooney’s team, modeling their approach after successes in correcting for externalities in environmental policy, came up with a two-part regulatory scheme titled "A Carbon Tax for Cybersecurity." The proposal would, first, expand the mandate of the FTC to conduct extensive consumer surveys assessing the value people place in the protection of their personal data. Second, the proposal would grant the FTC the authority to use the results of these surveys to impose fines on companies that suffer data breaches as a result of poor cybersecurity practices. "Our proposal's two main advantages," Mr. Mooney says, "were the fact that it was modeled after successful regulatory policy in other fields and that we chose a federal agency with a history of expertise both in antitrust and cybersecurity."
The five finalists were invited to New York to compete in the final round, where they presented a revised and expanded version of their work to a panel of experts, who evaluated the feasibility of their proposals.
In regards to how his team was able to secure the top honor, Mr. Mooney says, "What really helped us clench the first place was that we were very good at answering questions and talking about the proposal in a way that made sense in the broader scheme of national security policy."