Education:
Harvard Law School, J.D. magna cum laude, 1994
Tufts University, B.A. in Political Science, magna cum laude, 1991 

Practice Areas:
Information Security and Internet Enforcement
Litigation
Intellectual Property and Technology

Professional Profile:
Mr. Zwillinger chairs the Firm's Information Security and Internet Enforcement Practice Group from Sonnenschein's Washington, DC office. In that capacity, he provides corporations with advice and counsel on protecting the confidentiality, availability and integrity of their proprietary information and networks and compliance with information security laws and regulations. Mr. Zwillinger has helped this country's most trusted financial institutions develop incident response plans and procedures and has provided immediate incident response to those clients who have experienced a breach of their computer security or violations of their network policies. Most recently, he has been active in advising clients on compliance with security breach notification laws and conducting internal investigations of security breaches.

In addition, he has helped content providers devise and implement Internet Enforcement programs to help respond to Internet misconduct, including Internet piracy, signal theft and spam. For more than four years, he has served as National Anti-piracy Counsel for DIRECTV, Inc. Mr. Zwillinger also helps Internet Service Providers and other clients comply with their compliance obligations under federal laws (such as the Electronic Communications Privacy Act) pertaining to the discovery and disclosure of customer and subscriber information.

Mr. Zwillinger regularly provides advice and counsel on issues related to the increasingly complex laws governing Internet practices, including issues related to CAN-SPAM, spyware, Internet gambling and adult-oriented content.

Mr. Zwillinger is regularly invited to speak and guest lecture to various professional audiences, and he has appeared on or been quoted in a variety of national media sources including ABC World News Tonight, Washington Post, New York Times, Wall Street Journal, ZDNet and numerous broadcast outlets and media publications.

Prior to joining Sonnenschein, Mr. Zwillinger spent three years prosecuting cybercrime from the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice. At the Department of Justice, he coordinated the investigations of several high-profile computer crime cases including the 1997 penetration of U.S. military computer systems by an Israeli hacker ("Solar Sunrise"), the February 2000 Denial of Service Attacks on prominent e-commerce sites, and the Love Bug virus. He also investigated and prosecuted violations of the Economic Espionage Act of 1996 (the "EEA") and represented the government at trial and in sentencing proceedings in United States v. P.Y. Yang, et. al., the first EEA case successfully tried in the United States. While at the Department of Justice, Mr. Zwillinger also worked extensively on issues related to Internet gambling enforcement.

After receiving his J.D. from Harvard Law School, Mr. Zwillinger clerked for Judge Mark L. Wolf of the United States District Court, District of Massachusetts.

Professional Affiliations:
Mr. Zwillinger was a member of the National Academy of Sciences Committee on Critical Infrastructure Protection and the Law, and a key author of the Commission's 2003 Report -- Critical Information Infrastructure Protection and the Law: An Overview of Key Issues (http://www7.nationalacademies.org/cstb/pub_ciip.html). He was a member of the Corporate Information Security Working Group, which worked under the auspices of Chairman Adam Putnam from the United States House of Representatives Committee on Government Reform, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

Mr. Zwillinger is also a Certified Systems Security Professional (CISSP).

Admitted to the Bar:
District of Columbia
Illinois 

Organizations:
Member of the National Academy of Sciences Committee on Critical Infrastructure Protection and the Law, and a key author of the Commission's 2003 Report -- Critical Information Infrastructure Protection and the Law: An Overview of Key Issues (http://www7.nationalacademies.org/cstb/pub_ciip.html). He is also a current member of the Corporate Information Security Working Group, which is working under the auspices of Chairman Adam Putnam from the United States House of Representatives Committee on Government Reform, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. Serves as the chair of the legal subcommittee of the Generally Accepted Information Security Principles or "GAISP Project" (http://www.issa.org/gaisp.html).

Publications:
"Compliance with Breach Notification Laws," SearchSecurity.com, July 2005.

"Liability for Unsecured Computer Systems," a White Paper for Corporate Counsel's Directory of In-House Law Departments at the Top 250 Companies, American Lawyer Media, December 2003.

"Calculating Loss under the Economic Espionage Act of 1996," George Mason Law Review, June 2001

"When the Government Wants What it Can't Have: Obtaining Electronic Evidence" Business Crimes Bulletin, June 2001

"Developing a Computer Policy Framework: What Every General Counsel Should Know," The Internet Newsletter, Law Journal Newsletters, June 2001

"Intrusion Response Planning," Legal Times, January 29, 2000

"Conflicting Views of the Economic Espionage Act," Criminal Justice Magazine, October 2000

Selected Recent Lectures & Presentations:
"Conducting an Internal Investigation of Employee/Consultant Computer Misconduct," presented at the SIA Technology Management Conference in New York, NY. June 22, 2005.

"Untangling the Spider's Web of Today's Compliance Laws," presented at the Summit on Managing IT & Security Compliance in Boston, MA. June 21, 2005.

"New Incident Response and Reporting Requirement under Gramm-Leach-Bliley," a Webcast sponsored by Guidance Software presented on April 7, 2005.

"Security and Compliance," presented at the eWeek Security Summit in New York, NY. May 12, 2004.

"Security and the Law: How to Decipher New Legislation and Minimize Risk," presented at the Security Decisions Conference in New York, NY. April 20, 2004.

"Taming the Wild, Wild Web: Regulating the Internet," presented at the Institute of Corporate Counsel in Los Angeles, CA. March 14, 2004.

Potential Legal Liability for Unsecured Systems," presented at e-Crimes Security Forum in Los Angeles, CA. December 2, 2003.

"Enterprise Liability for Unsecured Computer Systems." SearchSecurity Webcast, October 1, 2003.

"Winning High-Stakes Civil Litigation with Cutting-Edge Electronic Discovery Tactics," presented by BNA, Inc. and Pike & Fischer, Inc. The conference was part of a continuing series of BNA Litigation Forums designed to dissect the emerging procedural and technical issues affecting litigators and in-house counsel, September 25, 2003.

Guest speaker on SearchSecurity.com's webcast "Enterprise Liability for Unsecured Computer Systems." Discussed the growing framework of information security regulations and how this framework is starting to lead to the imposition of various forms of liability for unsecured or poorly secured computer systems or botched incident handling. Webcast aired October 1, 2003, through the SearchSecurity.com site, September 26, 2003.

"The New Gramm-Leach-Bliley Regulations Require Financial Institutions to Investigate Incidents Quickly and Notify Customers if Personal Information is Compromised."

"Understanding Cyber Attacks." Washington, DC, October 8, 2002.

"Consumer Information Security Workshop." Federal Trade Commission. Washington, DC. May 20-21, 2002.

"Economic Espionage Prosecutions. The National Cybercrime Conference, John Marshall Law School. Chicago, Illinois, May 9-11, 2002.

"Live Incident Response : Legal and Forensic Issues." Techno-Security Conference, Myrtle Beach, SC, April 9, 2002.

"Incident Response: Pitfalls and Pointers." BNA Conference on Cybersecurity, February 28, 2002.

"Information Security Regulations: GLB and Liability." Cybercrime 2002, Foxwoods, CT. February 5, 2002.