Wed, 12 April 2017
Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute. It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a bank’s entire online presence, to the pwning of Dallas’s emergency sirens and a successful campaign to compromise the outsourcing firms that supply IT to small and medium sized businesses.
In the news roundup, Maury Shenk, and Jamil Jaffer, of George Mason’s National Security Law & Policy Program, talk with me about the likely outcome of the European movement to regulate encryption. The bad news for Silicon Valley is that the US isn’t likely to play much of a moderating role when the Europeans tighten the screws.
In other news, Jennifer Quinn-Barabanov explains the two-front battle that Wendy’s is facing (and mostly losing) over data breach liability.
I acknowledge the latest Silicon Valley fad: filing lawsuits on behalf of their customers’ privacy. So far, Twitter has chalked up a win, and Facebook a loss.
LabMD has also chalked up another win, this time in a Bivens action to hold FTC officials personally liable for aggressively enforcing the law against the company as punishment for its outspoken critique of the Commission. The case has mostly survived a motion to dismiss.
Meanwhile in Massachusetts, outmoded privacy laws continue to burden would-be undercover journalists, and Jennifer reports that the prospects for invalidating a law banning recordings of oral conversations on first amendment grounds took a hit last week, at least as it relates to public officials.
Finally, in other computer security news around the globe, Germany’s security services are claiming a lack of authority to take needed action in response to cyber threats. In India, in contrast, enthusiasts for better attribution of India’s populace are forcing everyone to register in a detailed identity database – despite the efforts of India’s top court to ensure that the system remains voluntary. The death of anonymity will be a prolonged affair, but the outcome seems inevitable.