Wed, 4 December 2019
This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that never once mention China. More accurately, the Department has rolled out a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude that the government is still fighting about the content of a policy it’s already announced. And to show that decoupling can go both ways, a U.S.-based chip-tech group is moving to Switzerland to reassure its Chinese participants. Nick Weaver and I conclude that there’s a little less here than Reuters seems to think.
Mark MacCarthy tells us that reports of the University of Chicago’s weather turning sunny and warm for hipster antitrust plaintiffs are probably overdone. Even so, Silicon Valley should be at least a little nervous that even Chicago School enforcers are taking a hard look at personal data and free services as sources of anti-competitive conduct.
Mark also highlights my favorite story of the week, as the Right to be Forgotten discredits itself in, where else, Germany. Turns out that you can kill two people and wound a third on a yacht in the Atlantic, get convicted, serve 20 years, and then demand that everybody just forget it happened. The doctrine hasn’t just jumped the shark. It’s doubled back and put a couple of bullets in the fish for good measure.
Nick explains why NSA is so worried about TLS inspection. And delivers a rant on bad cybersecurity software along the way.
It’s been a bad week for TikTok, which was caught blocking an American Muslim teen who posted about Uighurs in China and offered an explanation that was believable only because US social media companies have offered explanations that were even less credible. I suggest that all the criticism will just lead to more and sneakier ways to block disfavored content without getting caught. And Brian tells us how the flap might affect TikTok’s pending CFIUS negotiation.
Nick ladles out abuse for the bozo who thought it was a good idea to offer cryptocurrency advice on avoiding sanctions to Kim Jong Un’s cyber bank robbers. And Brian explains that the government’s prosecution of the bozo might have to tiptoe past the First Amendment.
Senate Democrats have introduced the Consumer Online Privacy Rights Act, an online privacy bill with an unfortunate acronym (think fossilized dinosaur poop). Mark and I conclude that the bill is more a sign that Washington isn’t going to do privacy before 2021.
Who can resist GPS crop circle spoofing by sand pirates? Not Nick. Or me. Arrr.
I update our story on DHS’s CISA, which has now issued in draft a binding operational directive on vulnerability disclosure policies for federal agencies. It’s now taking comments on GitHub.
And in quick hits: The death of the Hippie Internet, part 734: Apple changes its map to show Crimea as Russian, but only for Russians; Facebook accepts correction notice from the Singapore government; our own Paul Rosenzweig will be an expert witness in the government’s prosecution of the Vault 7 leaker; and Apple’s bad IT cost it $467,000 for sanctions violations. I ask whether we should be blaming Scooby-Doo for the error.
Join Steptoe for a complimentary webinar on Tuesday, December 10. We’ll be talking about the impacts on retailers of the newly implemented California Consumer Privacy Act and the EU’s General Data Protection Regulation. This is a fast-moving area of the law; we can keep you up to date. You can find out more and register here.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.