Tue, 22 November 2016
In this week’s episode, we guess at the near-term future with Betsy Cooper and Steve Weber of UC Berkeley’s Center for Long Term Cybersecurity. In all of their scenarios, the future is awash in personal data; the only question is how it’s used. I argue that it will be used to make us fall in love—with our machines.
In the news of the week, we explore the policy consequences of President-elect Trump’s personnel choices. I point out that the quickest route to the new administration’s short list seems to be an interview on the Steptoe Cyberlaw Podcast.
The internet advertising industry is trying to stamp out ad malware so that firms following a set of guidelines will earn a seal of approval Katie Cassel explains. Color me skeptical: would you buy an antivirus product that proclaimed that it scans “a reasonable percentage of” incoming code?
It’s apparently guidelines week in cybersecurity-land, as agencies rush to release their work before the transition. Two agencies issued guidelines on security practices. The Department of Homeland Security released the recommendations for internet-connected devices that Rob Silvers forecast on the podcast last month. Alan Cohn summarizes the principles, which include steps like security by design and regular vulnerability patches. Meanwhile, Katie tells us, NIST has released its guidance for small business network security. We compare its guidance to the FTC’s. NIST wins.
Two Chinese Android phone backdoors have emerged in one week. Researchers at Kryptowire have uncovered a secret backdoor in large numbers of Android phones that ships users’ personal data, including their SMS messages and location, back to China. The company responsible, Shanghai Adups Technology Company, says it was a mistake, and that the software wasn’t supposed to be installed on phones for sale in the US. Or perhaps the mistake was in getting caught. Investigations will follow, one hopes.
The second backdoor is an unsecured firmware upgrade channel that would allow a man-in-the-middle to add arbitrary code to an upgrade. I point out that Apple uses the same backdoor—just better secured—for the same purpose. So its claim that it’s fighting the FBI to protect us from backdoors and their security risks is balderdash.
The 1990s have called, and they want their competition policy back. At least that seems to be the gravamen of Kaspersky’s complaint that Microsoft Defender is killing third party antivirus companies.
In other news that isn’t new, the effort to override Rule 41 changes still looks as dead as General Franco. That doesn’t mean that a forlorn left-right coalition will give up, of course, since there is still sympathetic lib/left press coverage to be milked from the issue.
Finally, in a sign of just how serious the cybersecurity crisis is, almost 2 in 5 American adults said they would give up sex for a year in exchange for never having to worry about being hacked.
As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.