The Cyberlaw Podcast

In Episode 55 of the Cyberlaw Podcast, we revive This Week in NSA to explore the claim that GCHQ stole mass quantities of cell phone encryption keys.  Meanwhile, Jason explains the complex political battles over Rule 41, Michael explains why so many companies have rallied to Twitter’s first amendment claim against the Justice Department, and both of them explain how Yahoo! managed to beat the government’s indefinite gag order – and why Yahoo! might even be right.  After which we melt down into the bottomless hot mess of liability and litigation that surrounds the Lenovo/Superfish/Komodia/Lavasoft flap.

Our interview is with the charming and feisty CEO of the Center for Democracy and Technology, Nuala O’Connor.  Nuala and I square off over end-to-end encryption, privacy, and section 215, while managing to find common ground on TLS and even child-rearing.

As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_55.mp3
Category:general -- posted at: 2:06pm EDT

Episode 54 of the Cyberlaw Podcast features a guest appearance by Lawfare’s own Ben Wittes, discussing cybersecurity in the context of his forthcoming book, The Future of Violence, authored by Ben and Gabriella Blum.  (The future of violence, you won’t be surprised to hear, looks bright.)  Ben also floats the idea of taping an episode of all the Lawfare-affiliated podcasts in a bar with some of our listeners.  More on that idea to come.

In the news roundup, I cover the President’s surprisingly news-light cybersecurity summit in Silicon Valley.  Jason comments on state attorneys generals’ predictable sniping at Anthem for delays in identifying all the potential victims of its hack.  I note with satisfaction a serious loss by EFF in the Jewel lawsuit over the US government’s access to AT&T traffic.  And Jason lays out a report  by the New York State Department of Financial Services on insurance company cybersecurity.

We both express concern about two Kaspersky security reports that identify new hacking tactics and new dangers for computer networks.  The patient infiltration of large bank networks and the extraction of hundreds of millions of dollars casts doubt on the safety of banking systems around the world.  Equally troubling is the discovery that what Kaspersky calls the “Equation” group used firmware exploits to achieve enduring access to a wide variety of hard drives.  (Though Kaspersky’s claim that the access depended on having the hard drive makers’ source code looks wrong.)

 

As always, send your questions, suggestions for interview candidates and offers to stand a round at the Beer Summit to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_54.mp3
Category:general -- posted at: 9:58am EDT

In this week’s episode of the Cyberlaw Podcast, I take our new mobile recording equipment to Paris to talk about Europe’s cybersecurity directive with Alex Klimburg, of the Hague Institute for Strategic Studies and the Harvard Kennedy School’s Belfer Center.  The directive is in its final stages after a two-year buildup, and the most recent drafts suggest that the EU is finding it hard to muster the will for heavy regulation in this area.

In our news roundup, Jason Weinstein covers the Anthem hackand probable Chinese responsibilityfor it.  I point out that American privacy groups have said more or less nothing about the idea that a massive database about Americans might be assembled by China.

Stephanie Roy explains the FCC’s proposed net neutrality regs. And Doug Kantor lays odds on the five most prominent cybersecurity proposals.  Short version:  information-sharing is looking doable, and a national breach law might be as well.  CFAA changes look less easy, and the ECPA changes are stuck in a fight between people who hate Wall Street and privacy campaigners. The President’s $14 billion appropriation request for cybersecurity will get sliced, diced, and roasted, but he’ll likely end up with a lot of that money.

Cybersecurity scrutiny continues for financial institutions.  Jason reports on two recent regulators’ warning shots.  And I cover a variety of surveillance news, including the irony that a UK tribunal declaredthat an otherwise unlawful GCHQ practice had been saved by none other than Edward Snowden, who provided the transparency the tribunal considered necessary.  Thanks, Eddie!

 

The Cyberlaw Podcast is now open to feedback.  Send your questions, suggestions for interview candidates, or topics to CyberlawPodcast@steptoe.com.  If you’d like to leave a message by phone, contact us at +1 202 862 5785.

Direct download: Podcast_53.mp3
Category:general -- posted at: 11:37am EDT

In this week’s episode, our guest is Rebecca Richards, NSA’s director of privacy and civil liberties.  We ask the tough questions:   Is her title an elaborate hoax or is she the busiest woman on the planet?  How long will it be before privacy groups blame the Seattle Seahawks’ loss on NSA’s policy of intercepting everything?  How do you tell an extroverted NSA engineer from an introvert?  And, more seriously, now that acting within the law isn’t apparently enough, how can an intelligence agency assure Americans that it shares their values without exposing all its capabilities? 

In the week’s news, Jason Weinstein, Michael Vatis and I explore the DEA’s license plate collection program and what it means, among other things, for future Supreme Court jurisprudence on location and the fourth amendment.   We take on the WikiLeaks-Google flap and conclude that there’s less there than meets the eye. 

Jason celebrates a festival of FTC news.   The staff report on the Internet of Things provokes a commissioner to dissent from feel-good privacy bromides.  The FTC data security scalp count grows to 53, with more on the way.  We discover that the FTC has aspirations to become the Federal Telecommunications Commission, regulating telecommunications throttling as well as cramming – and apparently forcing the FCC into the business of regulating hotels.  To be fair, we find ourselves rooting for the Commission as it brings the hammer down on a revenge porn site

And Michael finds the key to understanding China’s policies on cybersecurity and encryption.

 

The Cyberlaw Podcast is now open to feedback.  Send your questions, suggestions for interview candidates, or topics to CyberlawPodcast@steptoe.com.  If you’d like to leave a message by phone, contact us at +1 202 862 5785.

Direct download: Podcast_52.mp3
Category:general -- posted at: 4:03pm EDT

1