Wed, 1 October 2014
Our guest today is Admiral David Simpson, Chief of the FCC’s Public Safety and Homeland Security Bureau. Admiral Simpson has more than 20 years of Information and Communications Technology experience supporting the Department of Defense. Adm. Simpson is joined by Clete Johnson, his Chief Counsel for Cybersecurity. The interview digs deep into Chairman Wheeler’s cybersecurity initiative, asking among other things exactly how voluntary it will be, what telecom companies can do to stop DDOS attacks, and what CSRIC really stands for.
It’s getting harder and harder to find new NSA stories, which must be a relief to the agency. Last week, the only news was NSA’s decision to name Anne Neuberger its Chief Risk Officer. Anne is an able woman who knows the outside world better than practically anyone at the agency, but I can’t shake the feeling that what the agency wants is a Chief Risk-Aversion Officer.
In other news, how to handle location data after Riley continues to bedevil the circuit courts, but the Fifth Circuit seems to have come to a surprisingly reasonable result, holding that users don’t have a reasonable expectation of privacy in the cell-site data that they give the phone company so it can connect calls to them.
Adm. Simpson and I dig into three stories that are more technical than legal but which will all have legal fallout soon: It turns out that Apple may have known about the iCloud security flaw that enabled disclosure of nude celebrity photos for as long as six months before the hack. The Shellshock bug debunks the notion that open-source is inherently more secure than proprietary code, and it means that anyone who has built their business on Linux should be scrambling (that means you, Apple and Google). And the financial industry launches a real-time information-sharing program that will finally test-drive the vision underlying the bills that Congress has been trying to pass for years.
In retaliation for Western sanctions, Russia is advancing the date for mandatory social media data localization. Meanwhile, Google’s staggering potential liability for “wiretapping” publicly broadcast Wi-Fi signals has led to an interesting discovery fight, with the self-proclaimed victims of the wiretapping challenged to show that Google actually intercepted any of their data when the Street View car drove past their homes. If the plaintiffs fail, their whole case (and their lawyers’ payday) are at risk, since non-victims are not proper class representatives.
Finally, a brief cybersecurity obituary: Apple’s warrant canary is pining for the fjords.
The Cyberlaw Podcast is now open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com. If you’d like to leave a message by phone, contact us at +1 202 862 5785.