Andrea M. Matwyshyn

Associate Dean for Innovation and Technology; Founding Faculty Director, Penn State PILOT Lab; Founding Faculty Director, Manglona Lab; Professor of Law and Engineering Policy; Steering Committee Member, Center for Socially Responsible AI (CSRAI); Affiliate Faculty, Bioethics Program, College of the Liberal Arts

Dr. Andrea M. Matwyshyn is an academic and author whose work focuses on the intersection of technology design, innovation policy, and law, particularly information security/ cybersecurity, artificial intelligence/machine learning, health tech and fraud, and consumer privacy and technology competition. Professor Matwyshyn serves as a professor and the Associate Dean of Innovation at Penn State Dickinson Law. She is also a professor in the engineering school at Penn State and the founding faculty director of both the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology policy lab, and the Anuncia Donecia Songsong Manglona Lab. 
 
She has worked in both the public and the private sector. In 2022-2023, she served as both a Senior Special Advisor on Law, Technology, and the Digital Economy to the U.S. Federal Trade Commission's Bureau of Consumer Protection and as a Senior Special Advisor on Information Security and Data Privacy to the U.S. Consumer Financial Protection Bureau's Office of Enforcement. Previously, in 2014, she served as the Senior Policy Advisor/Academic in Residence at the U.S. Federal Trade Commission. She also served as a consultant to the U.S. Food and Drug Administration’s CDRH on cybersecurity policy. As public service, she has testified in Congress and for various regulatory agencies on issues of information security regulation, IoT, machine learning and other technology regulatory issues, and she maintains ongoing policy engagement. Prior to becoming an academic, Professor Matwyshyn was a corporate attorney in private practice, focusing her work on technology transactions. She continues to maintain collaborative technology industry relationships and has authored articles for the popular business press. 
 
Professor Matwyshyn is also an affiliate scholar of the Center for Internet and Society at Stanford Law School. She has previously held primary appointments in University of Pennsylvania’s Wharton School, Northwestern University School of Law, University of Florida Levin College of Law, where she founded the Center for Information Research in 2005, and Northeastern University School of Law/School of Computer Science, where she co-founded the Center for Law, Innovation, and Creativity (CLIC) in 2017. She has held visiting appointments or affiliations at the University of Oxford, University of Cambridge, University of Edinburgh, Singapore Management University, the Indian School of Business, University of Notre Dame, University of Pennsylvania School of Law, and Princeton University’s Center for Information Technology Policy, where she was the Microsoft Visiting Professor of Information Technology Policy in in 2014-15 and an affiliate scholar in 2015-2017. In 2016, she was named a Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center on International Security, and, in 2019, she was a visiting researcher at the French National Centre for Scientific Research (CNRS) Institute for Communication Sciences (ISCC) at the Sorbonne.
 
Professor Matwyshyn was a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017. In 2019-2021, she was a Fellow of the John W. Kluge Center in the Library of Congress.

 Dr. Andrea M. Matwyshyn

Location: University Park

Email  andreamm@psu.edu

CV  Curriculum Vitae

Prof. Matwyshyn’s News and Activity

Prof. Matwyshyn in the Media

Faculty Impact

Education
Ph.D., Northwestern University, Human Development and Social Policy (applied developmental psychology)

J.D., Northwestern University School of Law, with Honors

M.A, Northwestern University, International Relations

B.A., Northwestern University, with Honors

Current Courses
Information Security Law

PILOT Lab Class
Matwyshyn’s Publications

BOOKS

(CYBER)SECURITY LAW AND POLICY: AN INTRODUCTION TO PROBLEMS IN COMPUTER AND INFORMATION SECURITY (forthcoming 2022) (with Stephanie K. Pell)

HARBORING DATA: INFORMATION SECURITY, LAW AND THE CORPORATION, Stanford University Press (2009) (editor and contributor).

MAJOR LAW JOURNAL ARTICLES

Fake, 42 CARDOZO LAW REVIEW 101 (2021) (with Miranda Mowbray)

The Internet of Bodies, 61 WILLIAM & MARY LAW REVIEW 77 (2019)

Broken, 32 HARV. J.L. & TECH. 479 (2019) (with Stephanie K. Pell)

CYBER!, 2017 BYU LAW REVIEW 1109 (2018).

Privacy, the Hacker Way, 87 SOUTHERN CALIFORNIA LAW REVIEW 1 (2014).

Hacking Speech: Informational Speech and the First Amendment, 107 NORTHWESTERN LAW REVIEW 795 (2013).

The Law of the Zebra, 28 BERKELEY TECHNOLOGY LAW JOURNAL 1 (2013).

Generation C: Childhood, Code and Creativity, 87 NOTRE DAME LAW REVIEW 1979 (2012).

Salvatore Stolfo, Angelos Keromytis, Ang Cui, Ehtics in Security Vulnerability Research, 8 IEEE SECURITY & PRIVACY 2 (2010).

Hidden Engines of Destruction: The Reasonable Expectation of Code Safety and the Duty to Warn in Digital Products, 62 FLORIDA LAW REVIEW 1 (2010).

Imagining the Intangible, 34 DELAWARE JOURNAL CORPORATE LAW 3 (2009).

Technoconsen(t)sus, 85 WASHINGTON UNIVERSITY LAW REVIEW 529 (2007).

Material Vulnerabilities: Data Privacy, Corporate Information Security and Securities Regulation, 3 BERKELEY BUSINESS LAW JOURNAL 129 (2005).

Of Nodes and Power Laws: A Network Theory Approach to Internet Jurisdiction through Data Privacy, 98 NORTHWESTERN LAW REVIEW 493 (2004).

OTHER LAW REVIEW ARTICLES AND PROJECTS

Unavailable, 81 UNIVERSITY OF PITTSBURGH LAW REVIEW 349 (2019)

Cyber Harder, 24 BOSTON UNIVERSITY JOURNAL OF SCIENCE AND TECHNOLOGY LAW 450 (2018)

Artificial Intelligence and Machine Learning Applied to Cybersecurity, IEEE SPECTRUM (2018) (with David Brumley, Robert Cunningham, Chris Dalton, Erik Debenedektis, Flavia Dinca, William G Dubyak, Nigel Edwards, Rhett Hernandez, Bill Horne, Brian David Johnson, Aleksandar Mastilovic, Avi Mendelson, Dejan Milojicic, Katie Moussouris, Adrian L. Shaw, Barry Shoop, Trung Tran, and Mike Walker)

Twitter (R)evolution: Privacy, Free Speech and Disclosure, Proceedings of International World Wide Web Conference, May 13–17, 2013, Rio de Janeiro, Brazil in WWW 2013 Companion (ACM 978-1-4503-2038-2/13/05) (with Lilian Edwards)

Resilience: Building Better Users and Fair Trade Practices in Information, 63 Federal Communications Law Journal 391 (2011).

Corporate Cyborgs and Technology Risks, 11 Minnesota Journal of Law, Science & Technology 573 (2010).

Data Devolution: Corporate Information Security, Consumers and the Future of Regulation symposium (editor and contributor), 84 Chicago Kent Law Review (2009).

Technology, Commerce, Development, Identity, 8 Minnesota Journal of Law, Science & Technology 515 (2007).

Penetrating the Zombie Collective: Spam as an International Security Issue, 4 SCRIPTed (2006).

Organizational Code: A Complexity Theory Perspective on Technology and Intellectual Property Regulation, FOREWORD, 11 Journal of Technology Law & Policy 1 (2006).

Silicon Ceilings: Information Technology Equity, the Digital Divide and the Gender Gap Among Information Technology Professionals, 2 Northwestern Journal of Technology & Intellectual Property 1 (2004).

BUSINESS JOURNAL AND OTHER ARTICLES

The ‘Internet of Bodies’ Is Here Are Courts and Regulators Ready?, Wall Street Journal, Nov. 12, 2018.

Hackback in black, The Hill, Nov. 6, 2017 (with FTC Comm. Terrell McSweeny)

The Big Security Mistakes Companies Make When Buying Tech, Wall Street Journal, March 13, 2017.

Discussion of Online Display Advertising: Targeting and Obtrusiveness by Avi Goldfarb and Catherine Tucker, 30 Marketing Science 409 (2011).

CSR and the Corporate Cyborg: Ethical Corporate Information Security Practices, _ Journal of Business Ethics _ (2010).

Book review: Ian Kerr, Valerie Steeves, Carole Lucock (Eds.), Lessons from the Identity Trail (2009), 3 IDIS 363 (2009).

Behavioural Targeting of Online Advertisements and the Future of Data Protection, 20 Computers and Law _ (2009).

BOOK CHAPTERS

Of Pandemics and Progress, in PANDEMIC SURVEILLANCE (2022) (Margaret Hu, ED.)

The New Intermediation: Contract, Identity and the Future of Internet Governance, in Ian Brown (ed.), In Research Handbook on Governance of the Internet, Edward Elgar (2013).

Commentary: Social Media, Privacy and Children’s Development, in Diana T. Slaughter-Defoe, Race and Child Development, Karger (2012).

Mutually Assured Protection: Development of Relational Internet Security Contracting Norms, Chapter in A. Chander, L. Gelman, M. Radin (eds.), SECURING PRIVACY IN THE INTERNET AGE. Stanford University Press (2008).

Chapter 10, in Cronin et al. West Treatise on Data Security and Privacy Law: Combating Cyberthreats, West-Thompson (2006) (updating and revising work of previous author Stephen M. Foxman).