Weather Alert Block


Fri, 03/01/2024 - 3:54pm -- szb5706

For up-to-date information regarding the reunification of Penn State's two law schools, please click here.

Penn State
Lewis Katz Building, University Park, PA
twitter   facebook   linkedin   Instagram   webmail
Give Now Apply Now

Andrea M. Matwyshyn

Andrea Matwyshyn

Associate Dean for Innovation and Technology
Founding Faculty Director, Penn State PILOT Lab
Founding Faculty Director, Manglona Lab for Gender and Economic Equity
Professor of Law and Engineering Policy
Affiliate Faculty, Bioethics Program, College of the Liberal Arts

Curriculum Vitae


Ph.D., Human Development and Social Policy (applied developmental psychology), Northwestern University
J.D. with Honors, Northwestern University School of Law
M.A, International Relations, Northwestern University
B.A. with Honors, Northwestern University

Dr. Andrea M. Matwyshyn is an academic and author whose work focuses on the intersection of technology design, innovation policy, and law, particularly information security/ "cybersecurity," artificial intelligence/machine learning, health tech and infodemiology, consumer privacy, intellectual property, technology competition, and workforce pipeline policy.
Professor Matwyshyn is a professor in the law school and engineering school at Penn State, the Associate Dean of Innovation at Penn State Law (University Park), and the founding faculty director of both the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology policy lab, and the Anuncia Donecia Songsong Manglona Lab for Gender and Economic Equity, a technology equity lab and clinic. She is also an affiliate scholar of the Center for Internet and Society at Stanford Law School. In 2019-2021, she was a Fellow of the John W. Kluge Center in the Library of Congress, where she remains a member of the Kluge alumni advisory board, and a visiting researcher at the French National Centre for Scientific Research (CNRS) Institute for Communication Sciences (ISCC) at the Sorbonne.
She has worked in both the public and the private sector. In 2014, she served as the Senior Policy Advisor/ Academic in Residence at the U.S. Federal Trade Commission.  As public service, she has testified in Congress and for various regulatory agencies on issues of information security regulation, IoT, machine learning and other technology regulatory issues, and she maintains ongoing policy engagement. Prior to becoming an academic, she was a corporate attorney in private practice, focusing her work on technology transactions. She continues to maintain collaborative technology industry relationships and has authored articles for the popular business press.
Professor Matwyshyn has previously held primary appointments in University of Pennsylvania's Wharton School, Northwestern University School of Law, University of Florida Levin College of Law, and Northeastern University School of Law/School of Computer Science, where she co-founded the Center for Law, Innovation, and Creativity (CLIC).  She has also held visiting appointments or affiliations at the University of Oxford, University of Cambridge, University of Edinburgh, Singapore Management University, Indian School of Business, University of Notre Dame, University of Pennsylvania School of Law,   and Princeton University, where she was the Microsoft Visiting Professor of Information Technology Policy during 2014-15 and an affiliate scholar in 2015-2017. She has previously also served as Senior Fellow of the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center on International Security. Professor Matwyshyn was a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017.  



2022) (with Stephanie K. Pell) 

HARBORING DATA: INFORMATION SECURITY, LAW AND THE CORPORATION, Stanford University Press (2009) (editor and contributor).


Major Law Journal Articles

Fake, 42 CARDOZO LAW REVIEW 101 (2021) (with Miranda Mowbray)

The Internet of Bodies, 61 WILLIAM & MARY LAW REVIEW 77 (2019)

Broken 32 HARV. J.L. & TECH. 479 (2019) (with Stephanie K. Pell)

CYBER!,  2017 BYU LAW REVIEW 1109 (2018).

Privacy, the Hacker Way, 87 SOUTHERN CALIFORNIA LAW REVIEW 1 (2014).

Hacking Speech: Informational Speech and the First Amendment, 107 NORTHWESTERN LAW REVIEW 795 (2013).

The Law of the Zebra, 28 BERKELEY TECHNOLOGY LAW JOURNAL 1 (2013).

Generation C: Childhood, Code and Creativity, 87 NOTRE DAME LAW REVIEW 1979 (2012).

Salvatore Stolfo, Angelos Keromytis, Ang Cui, Ehtics in Security Vulnerability Research, 8 IEEE SECURITY & PRIVACY 2 (2010).

Hidden Engines of Destruction: The Reasonable Expectation of Code Safety and the Duty to Warn in Digital Products, 62 FLORIDA LAW REVIEW 1 (2010).

Imagining the Intangible, 34 DELAWARE JOURNAL CORPORATE LAW 3 (2009).

Technoconsen(t)sus, 85 WASHINGTON UNIVERSITY LAW REVIEW 529 (2007).

Material Vulnerabilities: Data Privacy, Corporate Information Security and Securities Regulation, 3 BERKELEY BUSINESS LAW JOURNAL 129 (2005).

Of Nodes and Power Laws: A Network Theory Approach to Internet Jurisdiction through Data Privacy, 98 NORTHWESTERN LAW REVIEW 493 (2004).

Other Law Review Articles and Projects



Artificial Intelligence and Machine Learning Applied to Cybersecurity, IEEE SPECTRUM (2018) (with David Brumley, Robert Cunningham, Chris Dalton, Erik Debenedektis, Flavia Dinca, William G Dubyak, Nigel Edwards, Rhett Hernandez, Bill Horne, Brian David Johnson, Aleksandar Mastilovic, Avi Mendelson, Dejan Milojicic, Katie Moussouris, Adrian L. Shaw, Barry Shoop, Trung Tran, and Mike Walker)

Twitter (R)evolution: Privacy, Free Speech and Disclosure, Proceedings of International World Wide Web Conference, May 13–17, 2013, Rio de Janeiro, Brazil in WWW 2013 Companion (ACM 978-1-4503-2038-2/13/05) (with Lilian Edwards)

Resilience: Building Better Users and Fair Trade Practices in Information, 63 Federal Communications Law Journal 391 (2011).

Corporate Cyborgs and Technology Risks, 11 Minnesota Journal of Law, Science & Technology 573 (2010).

Data Devolution: Corporate Information Security, Consumers and the Future of Regulation symposium (editor and contributor), 84 Chicago Kent Law Review (2009).

Technology, Commerce, Development, Identity, 8 Minnesota Journal of Law, Science & Technology 515 (2007).

Penetrating the Zombie Collective: Spam as an International Security Issue, 4 SCRIPTed (2006).

Organizational Code: A Complexity Theory Perspective on Technology and Intellectual Property Regulation, FOREWORD, 11 Journal of Technology Law & Policy 1 (2006).

Silicon Ceilings: Information Technology Equity, the Digital Divide and the Gender Gap Among Information Technology Professionals, 2 Northwestern Journal of Technology & Intellectual Property 1 (2004).

Business Journal and Other Articles

The 'Internet of Bodies' Is Here Are Courts and Regulators Ready?,  Wall Street Journal, Nov. 12, 2018.

Hackback in black, The Hill, Nov. 6, 2017 (with FTC Comm. Terrell McSweeny)

The Big Security Mistakes Companies Make When Buying Tech, Wall Street Journal, March 13, 2017.

Discussion of Online Display Advertising: Targeting and Obtrusiveness by Avi Goldfarb and Catherine Tucker, 30 Marketing Science 409 (2011).

CSR and the Corporate Cyborg: Ethical Corporate Information Security Practices, _ Journal of Business Ethics _ (2010).

Book review: Ian Kerr, Valerie Steeves, Carole Lucock (Eds.), Lessons from the Identity Trail (2009), 3 IDIS 363 (2009).

Behavioural Targeting of Online Advertisements and the Future of Data Protection, 20 Computers and Law _ (2009).

Book Chapters

Of Pandemics and Progress, in PANDEMIC SURVEILLANCE (2022) (Margaret Hu, ED.)

The New Intermediation: Contract, Identity and the Future of Internet Governance, in Ian Brown (ed.), In Research Handbook on Governance of the Internet, Edward Elgar (2013).

Commentary: Social Media, Privacy and Children’s Development, in Diana T. Slaughter-Defoe, Race and Child Development, Karger (2012).

Mutually Assured Protection: Development of Relational Internet Security Contracting Norms, Chapter in A. Chander, L. Gelman, M. Radin (eds.), SECURING PRIVACY IN THE INTERNET AGE.  Stanford University Press (2008).

Chapter 10, in Cronin et al. West Treatise on Data Security and Privacy Law: Combating Cyberthreats, West-Thompson (2006) (updating and revising work of previous author Stephen M. Foxman).