Steptoe Cyberlaw Podcast

With Wyndham’s surrender to the FTC after a brutal court of appeals opinion, the last outpost of resistance to the FTC’s cybersecurity agenda is Mike Daugherty, CEO of LabMD.  Daugherty refused to take the easy road and enter into a consent decree with the FTC to settle its claim that the company’s security was insufficient because of a file-sharing program installed on the corporate network.  That decision has cost Daugherty his company.  LabMD has ceased operations.  And it took him on an extraordinary odyssey through Washington that he has described in his book, The Devil Inside the Beltway, and speeches.  I caught up with Mike at the Black Hat Executive Summit where we were both speakers, and he kindly agreed to a short interview describing some of that odyssey. 

I offered the FTC equal time to offer their perspective.  So far, they haven’t taken me up on the offer, but it remains open. 

As always, the Cyberlaw Podcast welcomes feedback.  Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. 

Direct download: Episode_94.mp3
Category:general -- posted at: 11:25am EST

Our guest for episode 93 is cybersecurity’s Renaissance Man. Rod Beckstrom started DHS’s National Cybersecurity Center, then headed ICANN; before and after those gigs, he was a Silicon Valley investor and officer in security startups as early as the 1990s and as recently as this year. Our interview spans Rod’s career and what it has taught him about security, privacy, law, and government.

In the news roundup, Alan Cohn and Jason Weinstein talk about proposals to require social media sites to do more about online terrorist activity. Alan and I take a dive into the EU’s achingly slow progress toward new cybersecurity rules for critical infrastructure – and how those rules will affect US companies.

Michael Vatis tells us that Michael Daugherty of LabMD is officially the only challenge facing the FTC as it sets (or at least enforces) cybersecurity requirements for American business. That’s because Wyndham Hotels has officially given up the ghost, agreeing to twenty years of privacy and security monitoring by the FTC.

Finally, Michael Vatis and I agree that encryption has become the Donald Trump of tech issues – but each of us for different reasons.

The podcast will be on hiatus over the holidays, but we won’t completely abandon you. While I was at a BlackHat Executive conference last week, I had a chance to do a short interview of Mike Daugherty about his LabMD experience, and we’ll be releasing that as a special bonus edition of the podcast over the Christmas break. (We’re holding it because I’ve offered the FTC a chance for equal time.  But we’ll be releasing the interview next week in any event, with or without the FTC’s input.)

As always, the Cyberlaw Podcast welcomes feedback.  Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_93.mp3
Category:general -- posted at: 4:47pm EST

Did China’s PLA really stop hacking US companies for commercial secrets? And does it matter? In episode 92, we ask those questions and more of two experts on the topic ‒ Washington Post reporter Ellen Nakashima, who has broken many stories on PLA hacking, and Tony Cole, the Global Government CTO with FireEye, who has fought off his share of PLA hackers.

In the news roundup, Jason Weinstein and Michael Vatis explain how the ‘cannibal cop’ beat the rap for violating the Computer Fraud and Abuse Act. Maury Shenk and Michael mull the fate of the Safe Harbor negotiations – and question whether a deal can be done before the Christmas holidays. Meanwhile, privacy activist Max Schrems is doing his best to close off the other options US companies have used to cushion the blow from losing the Safe Harbor.

The same Europeans who want to punish US tech giants for helping fight terrorism also want to punish them for not helping fight terrorism. Michael and Maury consider the heavy pressure falling on tech companies from the EU, France, Pakistan, and even the Oval Office.

Only the judicial branch still seems like safe ground for the companies. Jason and Michael explain the immunity for ISPs whose typographic errors expose innocent people to computer searches for child porn – as well as the courts’ refusal to give effect to Congress’s plan to impose liquidated damages for privacy violations. In the most strikingly newsworthy item in the podcast, Michael accuses me of not being conservative enough. And in the least newsworthy item, Jason tells us that there is still a stalemate over a law requiring a warrant for the contents of email.

As always, the Cyberlaw Podcast welcomes feedback.  Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_92.mp3
Category:general -- posted at: 11:27am EST

Is the internet really worth it? Our guest for episode 91, Jason Healey of the Atlantic Council and Columbia University, recaps a study finding that, even with a worst-case Clockwork Orange Internet, the economic benefits of networking still outweigh the losses from security failures – though the closer we get to the worst case, the more likely we are to get Leviathan Internet, where the inherently controlling aspects of the network are embraced by governments around the world.

Our post-Thanksgiving news roundup is dominated by leftovers – edible and otherwise. Larry Klayman and Judge Leon have apparently run out of time to challenge the now-deceased NSA metadata program, Michael Vatis and I note, while Section 702 has survived a rare judicial challenge.

Meanwhile, it’s beginning to look as though the FTC and LabMD really deserve each other. The FTC has launched an ill-advised appeal in its ill-advised pursuit of LabMD, Michael reports, and LabMD has returned the favor by launching a lawsuit against the three FTC staffers who pursued the company so improvidently. 

The Google cookie case has mostly crumbled, Michael tells us, but the plaintiffs still have one big bite left, raising the chilling prospect of California law as interpreted by Third Circuit judges. 

Alan Cohn describes the NRC’s new cyberattack reporting requirements – and Iranian social media attacks on government workers who don’t usually get any attention at all.

Finally, with help from loyal listener Michael Farrell, I report that China’s use of the Great Cannon to infect Western computers has been emulated by Comcast, which is using China’s technique to inject copyright warnings into users’ screens. I predict that EFF and CDT, who ignored China’s Great Cannon attacks on Western computer users and companies, will go to battle stations now that it turns out the tactic is being used by an Axis of Evil that they actually care about – Big Copyright aligned with Big ISPs.

As always, the Cyberlaw Podcast welcomes feedback.  Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_91.mp3
Category:general -- posted at: 10:37pm EST

1