Drew Mitnick

Policy Counsel

Drew works on cybersecurity, digital due process, and privacy. He has experience working on human rights in Asia and the United States. Drew was previously a Senior Research Associate for the Public International Law and Policy Group and served as the Managing Online Editor of the Human Rights Brief. He received his law degree from American University Washington College of Law where he served as a JD Distinguished Fellow. In a previous life, he lived in Nashville where he played drums for a rock band.

U.S. Microsoft Ireland case shows need for privacy safeguards in cross-border access to data

27 Feb 2018 •

Any system that permits governments to access data abroad must be built on human rights protections and account for the law of the countries involved.

Post

U.S. Microsoft Ireland case shows need for privacy safeguards in cross-border access to data

27 Feb 2018

U.S. Microsoft Ireland case shows need for privacy safeguards in cross-border access to data

New U.S. CLOUD Act is a threat to global privacy

7 Feb 2018 •

This bill would give law enforcement around the globe — particularly in the U.S. — more access to users’ private data without sufficient privacy protections.

Post

New U.S. CLOUD Act is a threat to global privacy

7 Feb 2018

New U.S. CLOUD Act is a threat to global privacy

After Meltdown and Spectre, we need better vulnerability disclosure and a stronger U.S. cyber framework

25 Jan 2018 •

Read our comments for NIST, a U.S. agency that creates technical standards, on its framework for cybersecurity.

Post

After Meltdown and Spectre, we need better vulnerability disclosure and a stronger U.S. cyber framework

25 Jan 2018

After Meltdown and Spectre, we need better vulnerability disclosure and a stronger U.S. cyber framework

In cyber engagement strategy, Australia overlooks its own threats to user rights

17 Oct 2017 •

Our letter to the Australian Ambassador for Cyber Affairs points out that the government’s own current actions, including government hacking and threats to encryption, run counter to its commitments in the document.

Post

In cyber engagement strategy, Australia overlooks its own threats to user rights

17 Oct 2017

In cyber engagement strategy, Australia overlooks its own threats to user rights

DreamHost disrupts U.S. DOJ plan for mass spying. Others should do the same.

17 Aug 2017 •

The expansive U.S. order stands in contravention of our fundamental rights to privacy and freedom of expression.

Post

DreamHost disrupts U.S. DOJ plan for mass spying. Others should do the same.

17 Aug 2017

DreamHost disrupts U.S. DOJ plan for mass spying. Others should do the same.

Code for tolerance: How tech companies can respond to hate but respect human rights

17 Aug 2017 •

Baking human rights into processes and policies is the way forward.

Post

Code for tolerance: How tech companies can respond to hate but respect human rights

17 Aug 2017

Code for tolerance: How tech companies can respond to hate but respect human rights

We (still) know where you’ll be next summer

19 Jul 2017 •

No matter who you are or where you’re from, if your plans include crossing a border in the EU, your private information is fair game. If you choose to visit the US, the situation may be even worse.

Post

We (still) know where you’ll be next summer

19 Jul 2017

We (still) know where you’ll be next summer

Another cyber attack shows we need more cybersecurity defense, not offense

27 Jun 2017 •

Another day, another cyber attack wreaking havoc in systems around the world. Will we learn from this one?

Press Release

Another cyber attack shows we need more cybersecurity defense, not offense

27 Jun 2017

Another cyber attack shows we need more cybersecurity defense, not offense

How to make an MLAT “safe harbor” safe for users

15 Jun 2017 •

Any “safe harbor” mechanism for bypassing the MLAT system must entail increasing protections for human rights.

Post

How to make an MLAT “safe harbor” safe for users

15 Jun 2017

How to make an MLAT “safe harbor” safe for users

How to fix MLATs — and a path toward resolving jurisdictional issues

23 May 2017 •

Our guidance for modernizing the system for cross-border access to data, and determining jurisdiction in a way that respects human rights.

Post

How to fix MLATs — and a path toward resolving jurisdictional issues

23 May 2017

How to fix MLATs — and a path toward resolving jurisdictional issues

Get the latest

Expert insights

Press releases

In the news

Publications

Events

Featured campaigns

#FreeAlaa

#KeepItOn

#WhyID

More campaigns

RightsCon: our annual event

Featured

Surveillance

Content governance

Data protection

Internet shutdowns

More issues

Get immediate help

Digital Security Helpline

Recent guides

Access Now Grants

Get to know us

Our mission

Partnerships

Our team

Our board

Quick links

U.S. Microsoft Ireland case shows need for privacy safeguards in cross-border access to data

New U.S. CLOUD Act is a threat to global privacy

After Meltdown and Spectre, we need better vulnerability disclosure and a stronger U.S. cyber framework

In cyber engagement strategy, Australia overlooks its own threats to user rights

DreamHost disrupts U.S. DOJ plan for mass spying. Others should do the same.

Code for tolerance: How tech companies can respond to hate but respect human rights

We (still) know where you’ll be next summer

Another cyber attack shows we need more cybersecurity defense, not offense

How to make an MLAT “safe harbor” safe for users

How to fix MLATs — and a path toward resolving jurisdictional issues