David Simon is a partner in Mayer Brown's Washington DC office and a member of the global Cybersecurity & Data Privacy practice. He is also a member of the firm's National Security and Government Contracts practices.
A former special counsel at the U.S. Department of Defense (DoD), David has advised extensively on cutting-edge cybersecurity and national security matters. David focuses his practice on complex and sensitive cybersecurity, defense, intelligence and national security matters, with deep experience advising victims of state-sponsored cyber activity. He counsels companies as they address cyber vulnerabilities and breaches, as well as associated legal, regulatory, and reputational consequences. David has advised companies on major cybersecurity incidents and incident preparedness across virtually every sector of the economy, including the banking, investment management, tech, automotive, healthcare, defense and intelligence, and telecom. In addition, he has significant expertise regarding the evolving cybersecurity and privacy legal framework applicable to the Internet of Things (IoT) and product cybersecurity. David helps companies structure, negotiate and protect their commercial and compliance relationships with key national security government agencies. David also counsels US and foreign clients regarding economic sanctions, asset controls and transactions reviewed by the Committee on Foreign Investment in the United States (CFIUS).
During his time as special counsel in the Pentagon (2011-2015), David advised on the development of a legal and policy framework to address cyber threats, including one of the most destructive cyber attacks against the United States: North Korea’s 2014 cyber attack of Sony Pictures Entertainment. In addition, he advised on broader matters involving cybersecurity policy, plans and operations, as well as autonomous technologies, the use of force, counterterrorism, treaties, sensitive investigations, and regional matters involving China, the Korean Peninsula, Russia, Ukraine, Syria, Iran, and Israel.
David is widely recognized for his experience regarding the legal and policy issues at the intersection of cybersecurity, autonomous technologies, and national security. Recently, he was named a “2017 Cybersecurity & Data Privacy Trailblazer” by the National Law Journal for helping to “make a difference in the fight against criminal cyber activity and towards adding much needed layers of data security in an increasingly digital world of commerce,” and a 2018 Rising Star of the Law – 40 Under 40 – by DCA Live. He is an Adjunct Fellow in Cybersecurity and International Law at the Center for Strategic and International Studies (CSIS), where he served as a member of a Cyber Policy Task Force that developed cybersecurity recommendations for the 45th presidential administration. David is also a Visiting Research Fellow with the College of Information and Cyberspace at the U.S. National Defense University. Currently, David also serves as an independent expert on cybersecurity and international law to the United Nations (UN) Security Council and is a member of the UN Experts Committee regarding the prevention of terrorist exploitation the Internet and related information communications technologies. Previously, David served, at the invitation of the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia, as a peer reviewer of the second edition of the “Tallinn Manual on the International Law Applicable to Cyber Warfare.” He is a term member of the Council on Foreign Relations.
A Rhodes Scholar and Truman Scholar, David graduated from Harvard Law School, where he was an executive editor of the Harvard Civil Rights-Civil Liberties Law Review and a Heyman Fellow. Prior to attending law school, he received an M.Phil. in International Relations from Trinity College, Oxford, where he debated for the Oxford Union and was the managing editor of the Oxford International Review. David graduated summa cum laude and Phi Beta Kappa from the University of Minnesota, where he received a BA in Russian Area Studies.
As Special Counsel to the DoD General Counsel, David worked directly for two chief lawyers of the Pentagon, including former Secretary of Homeland Security, Jeh Johnson, and former Central Intelligence Agency General Counsel, Stephen Preston. In this role he operated at the right hand of the chief legal officer of an organization of 3,000,000 people, including more than 6,000 lawyers, and an annual budget of more than $600 billion. David advised on the U.S. domestic and international legal issues related to the worldwide activities and operations of the US armed forces, as well as DoD policy and planning. Those matters involved cyber policy, plans and operations, as well as social media, autonomous technologies, the use of force, counterterrorism, treaties and sensitive investigations.
David also served as a lead counsel for the DoD working group that drafted the DoD Directive on Autonomy in Weapons Systems, which established the Department’s policies on the development, acquisition, and employment of unmanned, semi-autonomous, and fully autonomous weapons technologies. The Directive represents the first policy announcement by any country regarding fully autonomous weapons.
In addition, David handled regional matters involving China, the Korean Peninsula, Syria, Russia, Ukraine and other countries in Asia and the Middle East. David also advised the General Counsel on high-stakes litigation facing the Department, including Supreme Court and appellate matters, such as Kiobel v. Royal Dutch Petroleum and Samantar v. Yousuf.
As a member of the DoD Office of General Counsel senior leadership team, David represented the Department regularly with senior officials at the White House, Department of State, Department of Justice, Department of the Treasury, Department of Homeland Security, Department of Commerce, Central Intelligence Agency and Federal Bureau of Investigation. In recognition of his national security work at DoD, David received the Office of the Secretary of Defense Award for Excellence.
Prior to serving at DoD, David was a lawyer in private practice at a national law firm. In addition, he taught courses in national security law, cybersecurity and international litigation as an adjunct professor of law at the University of Minnesota Law School.
A Rhodes Scholar and Truman Scholar, David graduated from Harvard Law School, where he was an executive editor of the Harvard Civil Rights-Civil Liberties Law Review and a Heyman Fellow. Prior to attending law school, he received an M.Phil. in International Relations from Trinity College, Oxford, where he debated for the Oxford Union and was the managing editor of the Oxford International Review. David graduated summa cum laude and Phi Beta Kappa from the University of Minnesota where he received a B.A. in Russian Area Studies.
The breadth of David’s practice is reflected in the following sampling of his experience:
Cybersecurity, Espionage, Electronic Surveillance and Privacy
- Lead counsel for national security investigation involving nation-state-sponsored cyber attack on a global technology company. Also lead counsel for associated grand jury proceeding.
- Investigation of one of the largest cybersecurity incidents in U.S. history involving nation-state cyber and information operations on two continents. Matter involved law enforcement, intelligence, and congressional inquiries, as well as other proceedings.
- Advised a major U.S. technology company with respect to the legal response to notice by FBI of a nation-state sponsored cyber-campaign allegedly targeting the company.
- Counsels Fortune 500 companies facing ransomware attacks and extortion demands from malicious hackers and cyber criminals, including involving engagement with security researchers, the DHS, and the FBI.
- Advises manufacturers and suppliers of Internet-connected products – such as semi-autonomous and fully autonomous cars, implanted medical devices, connected-home products, mobile devices, and telecommunications devices – regarding cyber vulnerability management and disclosure programs, bug bounty programs, how to conduct product cybersecurity assessments under privilege, and product cybersecurity risk management.
- Represented global corporations in connection with data security incidents that required analysis of breach reporting obligations under U.S. and international statutes.
- Advise several automobile manufacturers on legal, regulatory, and legislative developments, and litigation related to emerging cyber threats and autonomous technologies.
- Advises the United Nations regarding international legal issues related to the prevention of cyber warfare, cyber threats to critical infrastructure, and preventing terrorists from exploiting the Internet and related information communication technologies.
- Providing strategic counsel to companies in a wide range of industries as they assess their cybersecurity posture and engage with their boards of directors.
- Counsel companies regarding the establishment and maintenance of cybersecurity vulnerability disclosure (i.e., bug bounty) programs.
- Advise companies regarding cybersecurity vulnerability disclosure policy and related coordination processes involving cybersecurity researchers, DHS, and computer emergency response teams, including US-CERT, ICS-CERT, and CERT/CC.
- Counseled companies regarding the application of domestic and international law in the context of international cybersecurity, involving cyber norms, sovereignty, critical infrastructure, jurisdiction, attribution standards, international humanitarian law, human rights law, espionage and the conduct of cyber activities.
- Counsel companies on cybersecurity incidents involving foreign governments, insider threats, and non-state actors, including malicious hacking and cyber terrorism.
- Advise global technology companies regarding management and mitigation of alleged cybersecurity vulnerabilities, including regarding bug bounty programs.
- Counseled companies on liability protections, as well as authorized monitoring, defensive measures and cyber threat information sharing under the Cybersecurity Act of 2015.
- Counseled software services company on the applicability of the Computer Fraud and Abuse and related statutes in connection with a proposed service offerings.
- Counseled companies seeking to improve the legal defensibility of their cybersecurity and privacy policies and procedures.
- Advised companies on sensitive cybersecurity matters, including internal investigations, forensics, securities law disclosure obligations and corporate governance. Representations have included major companies in the software, social media, healthcare, energy and defense sectors.
- Counseled Internet and social media companies regarding cross-border government requests for consumer data, and compliance with Mutual Legal Assistance Treaties (MLAT).
- Counseled Internet and software companies on public policy issues, including encryption, privacy and MLAT reform.
Foreign Relations Litigation
- Appellate litigation on behalf of certain victims of the September 11, 2001, attacks, addressing foreign sovereign immunity and counter-terrorism laws.
National Security, Government Contracts and International Investment
- Counseled leading commercial cloud services provider regarding contracts with the US Department of Defense and the US Intelligence Community.
- Represented Fortune 10 company before CFIUS in filings with respect to an acquisition of one of its businesses.
- Involved in numerous other transactions involving CFIUS and due diligence matters, including transactions in telecommunications, software, financial services, electronics manufacturing, energy and industrial equipment sectors.
- Counseled companies and individuals on facility security clearance and personnel security clearance matters, including compliance with NISPOM requirements, assessment and mitigation of Foreign Ownership, Control and Influence (FOCI).
- Advised defense and intelligence contractors on export control compliance matters relating to the performance of classified contracts.
- Counseled large private equity firm on due diligence for transactions involving government contracting, export control, CFIUS and the Defense Security Service (DSS).
Economic Sanctions and Export Controls
- Counseled companies regarding export controls related to encryption and cybersecurity.
- Advised major financial institutions and emerging technology companies on sanctions and export control compliance issues.
- Counseled major e-commerce company on compliance on U.S. economic sanctions compliance.
Harvard Law School, JD
Oxford University, MPhil, Rhodes Scholar
University of Minnesota, BA, summa cum laude, Phi Beta Kappa, Truman Scholar
- District of Columbia
- Adjunct Fellow in Cybersecurity and International Law, Technology Policy Program, Center for Strategic and International Studies (CSIS)
- Visiting Research Fellow, College of Information and Cyberspace, National Defense University (NDU)
- Experts Committee Member, UN Security Council Counter-Terrorism Committee Executive Directorate, United Nations
- Term Member, Council on Foreign Relations