Skip to main content
David Thaw
David Thaw Assistant Professor


David Thaw is an Assistant Professor of Law and Information Sciences at the University of Pittsburgh and an Affiliated Fellow of the Information Society Project at Yale Law School. His research and scholarship examine the regulation and impact of Internet and computing technologies, with specific focus on cybersecurity, privacy, cybercrime, and cyberwarfare.

Prior to joining the Pitt faculty, David taught at the University of Connecticut and the University of Maryland. He also practiced cybersecurity and privacy regulatory law at Hogan Lovels (formerly Hogan & Hartson) and was previously a Postdoctoral Fellow at Yale Law School.

David holds a PhD from UC Berkeley's School of Information, a JD from Berkeley Law, an MA in Political Science from UC Berkeley, a BS in Computer Science and a BA in Government & Politics from the University of Maryland.

Recent Publications


Data Breach (Regulatory) Effects, 2015 Cardozo L. Rev. de novo 105 (2015). Available on SSRN.
Reasonable Expectations of Privacy Settings: Social Media and the Stored Communications Act, 13 Duke L. & Tech. Rev. 36 (2015). Available on SSRN.
Surveillance at the Source, 103 Ky. L. J. 405 (2015). Available on SSRN.
Enlightened Regulatory Capture, 89 Wash. L. Rev. 329 (2014). Available on SSRN.
Invited Blogging: Enlightened Regulatory Capture, REGBLOG (Nov. 12, 2013).
The Efficacy of Cybersecurity Regulation, 30 Ga. St. U. L. Rev. 287 (2014). Available on SSRN.
Invited Congressional Testimony: Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers?, Hearing Before the House Energy & Commerce Comm., Subcomm. on Commerce, Mfg., & Trade, 113th Cong. (July 18, 2013) (Testimony of David Thaw, Visiting Assistant Professor of Law, University of Connecticut).
Invited Blogging: A Flexible Approach to Cybersecurity Regulation, REGBLOG (July 9, 2013).
Criminalizing Hacking, Not Dating: Reconstructing the CFAA Intent Requirement, 103 J. Crim. L. & Criminology 907 (2013). Available on SSRN.
When Machines Are Watching: How Warrantless Use of GPS Surveillance Technology Terminates The Fourth Amendment Right Against Unreasonable Search, 121 Yale L. J. Online 177 (2011) (with Priscilla Smith, Nabiha Syed & Albert Wong). Available on SSRN.
User Choices and Regret: Understanding Users' Decision Process about Consensually Acquired Spyware, 2 I/S: J. L. & Pol. Info. Soc'y 283 (2006) (with Nathaniel Good, Jens Grossklags, Aaron Perzanowski, Deirdre Mulligan, & Joseph Konstan). Available on SSRN.
Scientific, Policy, and Other Academic Publications (Selected):

David B. Thaw, Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets (May 12, 2011) (Ph.D. dissertation, University of California, Berkeley (on file with the University of California).
David Thaw, Neha Gupta, and Ashok Agrawala, Proposal for a "Down-the-Chain" Notification Requirement in Online Behavioral Advertising Research and Development, W3C Workshop on Web Tracking and User Privacy (Apr. 28, 2011).
Thaw, D., Feldman, J., Li, J. (2008). CoPE: Democratic CSCW in Support of e-Learning. In proceedings of the International Workshop on Collaborative E-learning Systems and Application (CESA 2008) (pp. 481-486). Barcelona, Spain. IEEE Computer Society. ISBN: 0-7695-3109-1/08.
Jerome Feldman, Daniel Lee, and David Thaw. "Communities of Practice Environment." The Internet and Society, Morgan, Bebbia, and Spector (eds.), Southampton: WIT Press, 2006.