Tue, 5 December 2017
Episode 195 features an interview with Susan Hennessey of Lawfare and Andrew McCarthy of the National Review. They walk us through the “unmasking” of US identities in intelligence reports—one of the most divisive partisan issues likely to come up in the re-enactment of Section 702 of FISA. I bask momentarily in the glow of being cast as a civil liberties extremist. And Thidwick the Big-Hearted Moose offers insights into 702 reform.
In the news roundup, I try to count votes after the Supreme Court argument in Carpenter v. United States. I count at least four likely votes to require a warrant for cell phone location data and only two likely votes for the United States (and the preservation of the third party doctrine). The other justices didn’t exactly wear their votes on their sleeve, but the smart money favors a whole new ballgame for criminal discovery. The court’s biggest problem will be finding a rationale that doesn’t open up decades of litigation. Justice Gorsuch distinguishes himself with a rationale that is creative, libertarian-conservative, and, well, cockamamie.
Phil West provides the tech angle on the biggest Congressional news—tax reform and what it means for Silicon Valley
Nick Weaver and Jamil Jaffer walk us through the Justice Department’s impressive haul of indictments and guilty pleas in the world of cyberespionage. Yet another NSA exploit hoarder has been caught and pled guilty. And for the first time, Justice has the goods on cyberespionage by Boyusec, a Chinese “security” firm tied to China’s Ministry of State Security. The company has conveniently gone out of business after being outed, but the indictment does raise the question whether the US-China agreement on commercial cyberespionage was really just about which Chinese cyberspies would be allowed to steal U.S. commercial secrets.
There’s yet another flashpoint in China-US cyber relations—drones. A DHS analyst has publicly trashed the dominant drone maker, China’s DJI, as providing the Chinese government with access to data collected by its drones and as targeting sensitive US infrastructure for its sales. The DJI response is not exactly nuanced: A DJI spokesman called the report “insane.”
Meanwhile, Uber's problems seem neverending. The latest disaster focuses on the company’s use of quick-to-vanish messaging services like Wickr and Telegram. Such services are popular among “Technorati” who like to fancy themselves as targets of government surveillance. Problem is, when they are under surveillance, or just a discovery obligation, the use of evanescent messaging is often seen as a sign of guilt. This messaging movement could turn out to be extremely costly—first for Uber and then for Silicon Valley in general. I'm not sure that putting employees on the honor system not to use those services for company business is going to be enough.
Apple was in the news for giving up root access to anyone who insisted. And its attempt to rush out a patch wins the Equifax Prize for Breach Fixes That Create New Security Problems. Perhaps the security team was off providing support to Tim Cook for his keynote speech at the celebration of the Chinese internet (“We are proud to have worked alongside many of our partners in China to help build a community that will join a common future in cyberspace.”) Nick Weaver suggests as a result that we take a closer look at Facetime intercept capability.
Finally, it’s down to the wire on Section 702. Jamil Jaffer, Susan Hennessey and our other commentators think we may escape without too much damage to the intelligence program.
As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.