Steptoe Cyberlaw Podcast

Episode 60 of the Cyberlaw Podcast features Paul Rosenzweig, founder of Red Branch Consulting PLLC and Senior Advisor to The Chertoff Group.  Most importantly he was a superb Deputy Assistant Secretary for Policy in the Department of Homeland Security when I was Assistant Secretary.

Paul discusses the latest developments in ICANN, almost persuading me that I should find them interesting.  He expresses skepticism about the US government’s effort to win WTO scrutiny of China’s indigenous bank technology rules; he also sees the DDOS attack on GitHubas a cheap exercise in Chinese extraterritorial censorship.

Michael Vatis, meanwhile, fills us in on two new cyberlaw cases whose importance is only outweighed by their weirdness. And I dissect the House cybersecurity information sharing bill, concluding that it has gone so far to appease the unappeasable privacy lobby that it may actually discourage information sharing.

 

As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.comor leave a message at +1 202 862 5785.

Direct download: Podcast_60.mp3
Category:general -- posted at: 4:17pm EDT

Richard Bejtlich is our guest for episode 59 of the Cyberlaw Podcast. Richard is the Chief Security Strategist at FireEye, an adviser to Threat Stack, Sqrrl, and Critical Stack, and a fellow at Brookings. We explore the significance of China’s recently publicized acknowledgment that it has a cyberwar strategy, FireEye’s disclosure of a gang using hacking to support insider trading, and NSA director Rogers’s recent statement that the US may need to use its offensive cyber capabilities in ways that will deter cyberattacks. 

In the news roundup, class action defense litigator Jennifer Quinn-Barabanov explains why major automakers are facing cybersecurity lawsuits now, before car-hacking has caused any identifiable damage.  I explain how to keep your aging car and swap out its twelve-year-old car radio for a cool new Bluetooth enabled sound system.  Michael Vatis disassembles the “$10 million” Target settlement and casts doubt on how much victims will recover.

Michael also covers the approval by a Judicial Conference advisory committee of a rule allowing warrants to extend past judicial district lines, explaining why it may not be such a big deal.  Maury Shenk, former head of Steptoe’s London office and now a lawyer and a private equity investor and adviser, jumps in to discuss the Chinese cyberwar strategy document as well as China’s effort to exclude US technology companies from its market.

 

As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_59.mp3
Category:general -- posted at: 3:59pm EDT

In episode 58 of the Cyberlaw Podcast, our guest is Andy Ozment, who heads the DHS cybersecurity unit charged with helping improve cybersecurity in the private sector and the civilian agencies of the federal government. We ask how his agency's responsibilities differ from NSA's and FBI's, quote scripture to question his pronunciation of ISAO, dig into the question whether sharing countermeasures is a prelude to cybervigilantism, and address the crucial question of how lawyers should organize cybersecurity information sharing organizations (hint: the fewer lawyers and the more clients the better). In the news roundup, we revisit the cybersecurity implications of net neutrality, and Stephanie Roy finds evidence that leads me to conclude that the FCC has stolen the FTC's playbook (and, for all we know, deflated the FTC's football). This ought to at least help AT&T in its fight with the FTC over throttling, but that's no sure bet.

I explain why Hillary Clinton's email server was a security disaster for the first two months of her tenure – and engage in utterly unsupported speculation that she closed the biggest security gap in March 2009 because someone in the intelligence community caught foreign governments reading her mail.

In news with better grounding, the Wyndham case goes to the Third Circuit and the bench is hot. We explain why this is good for Wyndham. In other litigation news, the feds respond to Microsoft in the Irish warrant case. Michael and I agree that the Justice Department is praying for a cold bench.

Finally, in two updates from earlier podcasts, it looks as though China may have backed down on backdoors, for now, so Silicon Valley can go back to worrying about Jim Comey. And, I explain my claim from last week's show that the FREAK vulnerability is overhyped to support a simplistic civil libertarian morality tale.

 

As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_58.mp3
Category:general -- posted at: 10:54am EDT

This episode of the podcast features Rep. Mike Rogers, former chairman of the House intelligence committee, Doug Kantor, our expert on all things cyber in Congress, and Maury Shenk, calling in from London.  Mike Rogers is now a nationally-syndicated radio host on Westwood One, a CNN national security commentator, and an adviser to Trident Capital’s new cybersecurity fund. The former chairman addresses a host of issues -- gaps in CFIUS, the future of the President’s new cyber threat integration center, the risk of rogue state cyberattacks on US infrastructure – as well as the issues we cover in the news roundup. 

These include Maury’s take on China’s toughening policy toward US technology, the prospects for a workable bill renewing section 215 (the ex-chairman is not as sanguine as Doug Kantor and I) and the administration’s new privacy bill.  (Our take: the bill is ideal for the Twitter age, since you still have 137 characters left after typing “DOA”.)   Maury updates us on the latest reason for delay in adoption of a new European data protection regulation. Doug Kantor and Mike Rogers consider the prospects for an information sharing bill and comment on privacy groups’ goalpost-moving style of congressional negotiation. 

And, finally, I respond to Edward Snowden’s claim that he wants to move to Switzerland by reminding him (and the Swiss)  what he said about them the last time he lived there.  (Said Snowden: “You guys can’t say I look gay any more. I’m living in Switzerland. I’m the straightest-looking man in the country.” Geneva is “nightmarishly expensive and horrifically classist,” and “I have never, EVER seen a people more racist than the swiss.”  Apparently a year in Moscow broadened his horizons.)

 

As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_57.mp3
Category:general -- posted at: 3:32pm EDT

Our guest for Episode 56 of the Cyberlaw Podcast is Siobhan Gorman, who broke many of the top cybersecurity stories for the Wall Street Journal until she left late last year to join the Brunswick Group, which does crisis communications for private companies.  Siobhan comments on the flood of attribution stories in recent days, including the US government’s almost casual attribution of the Sands Las Vegas cyberattack to Iran and the leaked attribution of the Saudi Aramco and US bank attacks to the same nation.  She also compares private sector cyber crisis planning to the US government’s coordination (or lack thereof) in responding to the Sony attack.

In other news, Stephanie Roy and I take a deep and slightly off-center dive into the FCC’s net neutrality ruling.  I predict that within five years the FCC will have used its new Title II authority to impose cybersecurity requirements on US ISPs.  (And in ten years, I suspect, there will be a debate in the FCC over whether to throttle or disfavor communications services that don’t cooperate with the FBI’s effort to deny perfectly encrypted security to criminals.) Stephanie demurs.

Michael Vatis and I chew over China’s “overdetermined” (h/t Mickey Kauspolicy of ousting American tech products in favor of Chinese competitors, the prospects of class action plaintiffs in the Komodia/Superfish/Lenovo flap, and NY financial regulator Benjamin Lawsky’s war on the password.

 

We finally get listener feedback to read on the air, as Michael Samway congratulates Nuala O’Connor for her masterly handling of, well, me.  Those who think they can do a better job of humiliating me will have their work cut out for them, but they’re welcome to try, sending emails to CyberlawPodcast@steptoe.comail and voice mails to +1 202 862 5785.

Direct download: Podcast_56.mp3
Category:general -- posted at: 4:19pm EDT

1