The Cyberlaw Podcast

What is the most surprising discovery a law firm partner makes when he jumps to the National Security Agency? I direct that and other questions at Glenn Gerstell, who has just finished six months in the job as General Counsel at the National Security Agency.

In the news roundup, we begin, of course, with the fight between Apple and the Justice Department. I open the discussion by reminding the audience that the war on terror cannot be a war on one of the world’s great religions and insisting that Apple remains a religion of peace. Michael Vatis describes the Justice Department’s latest filing, and we trade for deep discovery, not only at the FBI but also at Apple.

CFIUS has released its annual report – only eighteen months late – and the report shows continuing tough review standards from the Committee, Stephen Heifetz reports. There is no sign yet that Chinese acquisitions will experience a smoother ride in future.

Michael and I report on Google’s new effort to accommodate European data censors by geolocating users of google.com.

Finally, the judiciary is allowing defense lawyers to take a close look at the code used by the FBI to capture data about users of a child porn site seized by the Bureau.

As always, the Cyberlaw Podcast welcomes feedback. Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_102.mp3
Category:general -- posted at: 6:18pm EDT

The Second Annual Triple Entente Beer Summit again filled the Washington Firehouse loft with an audience at least as knowledgeable as the panel, which consisted of Ben WittesShane Harris,Stewart BakerTamara Cofman Wittes, and Alan Cohn. The Triple Entente Beer Summit brings together members of the LawfareRational Security, and the Steptoe Cyberlaw podcasts.

The topic of the day was the confrontation between Apple and the Justice Department over gaining access to the iPhone used by one of the terrorists responsible for the mass killing in San Bernardino, California. Suffice it to say that the podcast was not sponsored by Apple, nor will it be any time prior to the heat death of the universe.

We also dig into the Nitro Zeus story, claiming that in 2009 the United States prepared a massive cyberattack on Iran as an alternative to kinetic action in the event that nuclear talks failed and Iran began a nuclear breakout.

Finally, the panel explores the administration’s rekindled enthusiasm for CVE – countering violent extremism. We provide a definitive answer to the question, “Do we need more GS-14s tweeting on terrorism?” And Tamara Wittes challenges us to find the difference between late Obama and late Bush in the messaging department.

Then the audience takes over, greatly raising the tone of the podcast with a series of thoughtful questions for the panel.

It was a fine evening, and we look forward to another reunion soon.

As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

Direct download: Podcast_101.mp3
Category:general -- posted at: 12:06pm EDT

We devote episode 100 to “section 702” intelligence – the highly productive counterterrorism program that collects data on foreigners from data stored on US servers. What’s remarkable about the program is its roots: President Bush’s decision to ignore the clear language of FISA and implement collection without judicial approval. That decision has now been ratified by Congress – and will be ratified again in 2017 when the authority for it ends. But what does it say about the future of intelligence under law that our most productive innovation in intelligence only came about because the law was broken?

Our guest for the episode, David Kris, thinks that President Bush might have been able to persuade Congress to approve the program in 2001 if he’d asked. David may be right; he is a former Assistant Attorney General for National Security, the coauthor of the premier sourcebook on intelligence under law, "National Security Investigations & Prosecutions,” and the General Counsel of Intellectual Ventures. But what I find surprising is how little attention has been paid to the question. How about it? Is George Bush to FISA what Abraham Lincoln was to habeas corpus?

My interview with David leaves Lincoln to the history books and instead focuses entirely on section 702. David lays out the half-dozen issues likely to be addressed during the debate over reauthorization, including the risk that the legislation will attract efforts to limit overseas signals intelligence, now governed mainly by Executive Order 12333. He then pivots to the issues he thinks Congress should grapple with but probably won’t – from the growing ambiguity of location as a proxy for US citizenship to the failure of current intelligence law to adequately extract intelligence from the technologies that have emerged since 9/11, particularly social media and advertising technology.

In the news roundup, Maury Shenk and Michael Vatis take us deep into the US-EU agreement on “Privacy Shield” – a replacement for the Safe Harbor. The short version: there’s many a slip twixt cup and lip, but the EU has once again taken off the table its unenforceable threat to stop transatlantic data flows.

In other news, Michael and Alan explain how HIPAA became a divorce lawyer’s dream weapon.

The Brits, meanwhile, are lapping the United States in creative use of intelligence law. Maury and Michael explore how the UK proposes to bring the big webmail providers to heel.

I note the controversy at Berkeley over some garden-variety network monitoring, adopted in response to a serious health data breach. University academics are appalled to discover that protecting patient privacy might limit their ability to do what they want on university networks. HIPAA enforcers v. entitled academic lefties: all I ask is more popcorn.

Hey, remember Norse Security, the company that went to the press to say that the FBI was all wet when it attributed the Sony attack to North Korea? Well, Norse imploded last week, after a laid-off employee’s published criticisms were amplified by security blogger Brian Krebs. Choicest bit from the Norse co-founder’s post: the company’“demonstrat[es] how today’s media can be manipulated by persons to suit their purposes or personal vendettas and how facts can be misrepresented to lead an entire industry astray.” Yep. You know what they say: Live by the flashy but inaccurate press report, die by the flashy but inaccurate press report.

As always, the Cyberlaw Podcast welcomes feedback. Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: Podcast_100.mp3
Category:general -- posted at: 3:30pm EDT

Our guest is Amit Ashkenazi, whom I interviewed while in Israel.  Amit is Legal Advisor of The Israel National Cyber Bureau and a former general counsel to Israel’s data protection agency.  Israel is drafting its own cybersecurity act, and we discuss what if anything that country can learn from the US debate – and what the US can learn from Israel’s cybersecurity experience.  We explore the challenges Israel will face in trying to start a new cybersecurity agency, how Israel strikes the balance between security and privacy, the risks of using contractors to staff a new agency, the danger of stating agency authorities with too much specificity, and why the agency is likely to look more like DHS than the FBI. 

In the news roundup, I discuss the dynamics of the Safe Harbor talks with Maury Shenk, boldly predicting that the EU will cave on the remaining issues once it’s convinced the US means business.

Jason Weinstein and I talk about the Judicial Redress Act and the gratifying Senate Judiciary Committee amendment – an amendment that the EU must have seen as a bad sign for the future if the Safe Harbor talks fail.  The Act is intended to facilitate the Justice Department’s “umbrella” agreement over data protection and law enforcement.  We conclude that it is a largely one-sided set of concessions by the United States in return for an illusory “data peace in our time.”  We nonetheless find a fine reason for the Obama administration to have accepted all these limits. 

Alan Cohn and I check in on the status of DHS’s Einstein cyberdefense  
program and the reasons why GAO has criticized its progress.  And we close with a bit of “dog bites man” crypto news

As always, the Cyberlaw Podcast welcomes feedback.  Send e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. 

Direct download: Podcast_99.mp3
Category:general -- posted at: 6:51pm EDT

1