Publications — Justin Sherman

Justin has written hundreds of articles on a range of technology, policy, and geopolitics issues, including for The Atlantic, Barron’s, The Daily Beast, The Diplomat, Fast Company, Foreign Affairs, Foreign Policy, The Guardian, Slate, The Washington Post, WIRED, and World Politics Review. He has also written numerous research reports, book chapters, journal articles, and privately commissioned assessments and published research and analysis with major think tanks and institutions around the world, including the Atlantic Council, Brookings Institution, Bulletin of the Atomic Scientists, Carnegie Endowment for International Peace, Center for European Policy Analysis, Council on Foreign Relations, Italian Institute for International Political Studies, Modern War Institute at West Point, New America, Pacific Forum, Stanford University, and University of Hawaiʻi. He is currently a contributing editor at Lawfare. He previously wrote a Slate Magazine op-ed column on technology, privacy, and public policy and wrote a WIRED Magazine column on technology and geopolitics.

LAWFARE ARTICLES

Data Brokers and Threats to Government Employees, October 22, 2024

Hard Lessons from the National Public Data Hack, August 29, 2024

The Pros and Cons of the House’s Data Broker Bill, April 11, 2024

Using ‘Sensitive Locations Lists’ to Address Data Broker Harm, March 14, 2024

Location Data Broker X-Mode and the FTC’s Unprecedented Settlement, March 12, 2024

Biden’s Sensitive Data EO Takes an Important Step, March 4, 2024

Security by Design: An Annotated Resource List, February 28, 2024 (with Reganne Hardy and Eugenia Lostri)

The Most Critical Elements of the FTC’s Health Breach Rulemaking, January 8, 2024 (with Devan Desai)

The FTC’s Amended Kochava Complaint and the Harms of Selling Geolocation Data, December 26, 2023

Data Brokers, Military Personnel, and National Security Risks, November 16, 2023 (with Hayley Barton et al.)

People Search Data Brokers, Stalking, and ‘Publicly Available Information,’ October 30, 2023

The FTC, 1Health.io, and Genetic Data Privacy and Security, September 22, 2023

The 2024 NDAA, Data Brokers, and Members of Congress, August 11, 2023

Examining a New Bill to Label Apps “Made in China,” July 18, 2023

Data Broker Registries in Bills: the ADPPA and the DELETE Act, June 6, 2023

The FTC, Fertility App Premom, and Sharing Consumer Health Data, May 26, 2023

Two New Bills on TikTok and Beyond: The DATA Act and RESTRICT Act, March 22, 2023

GoodRx, Health Data Brokerage, and the Limits of HIPAA, March 3, 2023

Global Technology Products, U.S. Security Policy, and Spectrums of Risk, February 2, 2023

New Bill Proposes Banning TikTok in the U.S., December 28, 2022

The Data Broker Caught Running Anti-Abortion Ads—to People Sitting in Clinics, September 19, 2022

See more articles at Lawfare

RECENT THINK TANK & ACADEMIC BLOGS & ARTICLES

Russia’s Becoming More Digitally Isolated—and Dependent on China, Council on Foreign Relations, August 12, 2024

Analyzing Russian Internet Firm Yandex, Its Open-Source Code, and Its Global Contributors, Margin Research, March 27, 2023

Russia’s largest hacking conference reflects isolated cyber ecosystem, Brookings Institution, January 12, 2023

Analyzing Russian SDK Pushwoosh and Russian Code Contributions, Margin Research, February 2, 2022

GRU 26165: The Russian Cyber Unit that Hacks Targets On-Site, Atlantic Council, November 18, 2022

Russia’s Open-Source Code and Private-Sector Cybersecurity Ecosystem, Margin Research, November 10, 2022

Russia’s Vast Cyber Web Enables Deniability and Obscurity—But Not Without Risks, Modern War Institute, November 1, 2022

Untangling Moscow’s Complex Cyber Web, Center for European Policy Analysis, October 24, 2022

The ITU pitted the United States and Russia against each other for the future of the internet, Atlantic Council, September 29, 2022 (with Konstantinos Komaitis)

Russia’s Internet Censor Is Also a Surveillance Machine, Council on Foreign Relations, September 28, 2022

Data brokers and data breaches, Duke University Sanford School of Public Policy, September 27, 2022

Russia is weaponizing its data laws against foreign organizations, Brookings Institution, September 27, 2022

Examining data broker Equifax’s relationships with millions of employers, Duke University Sanford School of Public Policy, August 24, 2022

Justice Department’s Russia Indictment Reminds to Look Beyond Online Influence, Council on Foreign Relations, August 8, 2022 (with Gavin Wilde)

Internet Security Under the Ocean: EU-US Must Cooperate on Submarine Cable Security, Italian Institute for International Political Studies, June 17, 2022

Putin’s internet plan: Dependency with a veneer of sovereignty, Brookings Institution, May 11, 2022 (with Gavin Wilde)

A new vision for EU-Asia data privacy cooperation, Atlantic Council, March 25, 2022 (with Anand Raghuraman)

Ukraine Offers Lessons for Russia’s 2024 Election Interference, Council on Foreign Relations, March 17, 2022 (with Gavin Wilde)

Ukraine has made a request to take Russia off the internet. That’s a bad idea, Atlantic Council, March 1, 2022

See more at Atlantic Council, Brookings Institution, Council on Foreign Relations, Lawfare, and elsewhere

RECENT JOURNAL ARTICLES

Authoritarian multilateralism in the global cyber regime complex: The double transformation of an international diplomatic practice, Contemporary Security Policy 45, no. 1 (2024): 110-140 (with Mark Raymond)

Chinese and Russian Efforts to Undermine the Global Internet, Fletcher Security Review 10, no. 1 (Winter 2023)

Improving Indo-Pacific Cable Security and Resilience: Investment, Licensing, and Repair, Indo-Pacific Outlook 1, no. 4 (2023)

Changing the Kremlin's Election Interference Calculus, The Washington Quarterly 45, no. 1 (Spring 2022): 112-131

Digital Active Measures: Historical Roots of Contemporary Russian Cyber and Information Operations, Georgetown Security Studies Review 9, no. 2 (April 2022): 1-9

Seizing on US-Japan Opportunities for Submarine Cable Security, in US-Japan Cybersecurity Cooperation: Beyond the Tokyo 2020 Olympics, ed. Mark Bryan Manantan and Crystal Pryor, Pacific Forum, November 2021

Beijing’s Growing Influence on the Global Undersea Cable Network, Jamestown China Brief 21, no. 18 (September 2021): 21-26

The Future of US-India Digital Relations, The Diplomat Magazine 74 (January 2021)

RECENT RESEARCH REPORTS AND PAPERS

Finding Security in Digital Public Infrastructure, Atlantic Council, October 2024

“Security by Design” in Practice: Assessing Concepts, Definitions, and Approaches, Lawfare Institute, August 2024 (with Eugenia Lostri)

Russia’s Digital Tech Isolationism: Domestic Innovation, Digital Fragmentation, and the Kremlin’s Push to Replace Western Digital Technology, Atlantic Council, August 2024

Data Brokers and the Sale of Data on US Military Personnel, Duke University Sanford School of Public Policy, November 2023 (with Hayley Barton et al.)

Critical Infrastructure and the Cloud: Policy for Emerging Risk, Atlantic Council, July 2023 (with Tianjiu Zuo, Maia Hamin, and Stewart Scott)

Cybersecurity under the Ocean: Submarine Cables and US National Security, Hoover Institution, January 2023

Russia’s Cyber Operations: A Threat to American National Security, Margin Research, December 2022 (with Dave Aitel et al.)

Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem, Atlantic Council, September 2022 (with Patrick Mitchell et al.)

Untangling the Russian Web: Spies, Proxies, and Spectrums of Russian Cyber Behavior, Atlantic Council, September 2022

China’s War for Control of Global Internet Governance: The Chinese Government’s Campaign to Influence and Control the ITU, Social Science Research Network, July 2022

Hackers, Hoodies, and Helmets: Technology and the Changing Face of Russian Private Military Contractors, Atlantic Council, July 2022 (with Emma Schroeder, Gavin Wilde, and Trey Herr)

The Case for a US-India Digital Handshake: A Report of the Atlantic Council US-India Digital Economy Task Force, Atlantic Council, June 2022 (with US-India Digital Economy Task Force)

Russia’s War for Control of Global Internet Governance: The Russian Government’s Campaign to Influence and Control the ITU, Social Science Research Network, May 2022

Creating a Framework for Supply Chain Trust in Hardware and Software: A Report of the Lawfare Institute’s Trusted Hardware and Software Working Group, Lawfare Institute, May 2022 (with Lawfare Institute Trusted Hardware and Software Working Group)

Trading in US-India Data Flows: Prospects for Cooperation in US-India Data Policy, Atlantic Council, March 2022

Targeting Ukraine Through Washington: Russian Election Interference, Ukraine, and the 2024 US Election, Atlantic Council, March 2022 (with Gavin Wilde)

Cyber Defense Across the Ocean Floor: The Geopolitics of Submarine Cable Security, Atlantic Council, September 2021

Data Brokers and Sensitive Data on U.S. Individuals, Duke University Sanford School of Public Policy, August 2021

Dense Grey Webs: Cyber Risks and Trends in the Asia-Pacific, Diplomat Risk Intelligence, August 2021 (with Arindrajit Basu and Abhijnan Rej)

Reassessing RuNet: Russian Internet Isolation and Implications for Russian Cyber Behavior, Atlantic Council, July 2021

Widening the Lens on Content Moderation: Mapping the Ecosystem of Online Content Dissemination, American University Washington College of Law, July 2021 (with Jenna Ruddock)

Privacy Tech’s Third Generation: A Review of the Emerging Privacy Tech Sector, Future of Privacy Forum, June 2021 (with Tim Sparapani)

The Politics of Internet Security: Private Industry and the Future of the Web, Atlantic Council, October 2020

Censorship in Crisis: Government Information Crackdowns in the Covid-19 Pandemic, American University Washington College of Law, August 2020

Data Nationalism on the Rise: The Global Push for State Control of Data, Data Catalyst Institute, June 2020 (with Jennifer Daskal)

Global Data Governance: Concepts, Obstacles, and Prospects, New America, December 2019 (with Samm Sacks)

Strategic Competition in Cyberspace: Challenges and Implications, Livermore National Lab: Center for Global Security Research, September 2019 (with Jaclyn Kerr et al.)

Reframing the U.S.-China AI “Arms Race”: Why This Framing is Not Only Wrong, But Dangerous for American Policymaking, New America, March 2019

SELECTED OTHER POLICY PUBLICATIONS

Coalition Letter to Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra on the Fair Credit Reporting Act (FCRA), Data Brokers, and Other Business Practices Involving the Collection and Sale of Consumer Information, October 31, 2024

Response to US Department of Justice Advance Notice of Proposed Rulemaking — Provisions Regarding Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern — from Justin Sherman, April 2024

Response from Duke University’s Data Brokerage Research Project: Consumer Financial Protection Bureau (CFPB) Request for Information Regarding Data Brokers and Other Business Practices Involving the Collection and Sale of Consumer Information, Duke University Sanford School of Public Policy, July 2023 (with David Hoffman et al.)

Response from Duke University’s Data Brokerage Research Project: Federal Trade Commission (FTC) Rule on Commercial Surveillance and Data Security, Duke University Sanford School of Public Policy, October 2022 (with Jolynn Dellinger et al.)

SELECTED OTHER OP-EDS & ARTICLES

The U.S. Banned a Russian Tech Company. Why the Move Has Big Implications for China, Barron’s, July 10, 2024

The Fight Over TikTok Enters a New Phase. 3 Unknowns, Barron’s, May 7, 2024

The Danger in Genetic-Data Breaches: You Can’t Change Your DNA, Barron’s, December 13, 2023

Electric-Vehicle Subsidies Are Driving a Wedge Between the U.S. and Europe, Barron’s, January 18, 2023

Russia Is Using Telegram to Spread Disinformation About the Ukraine War, World Politics Review, December 29, 2022