The Cyberlaw Podcast

Fresh off a redeye from Israel, I interview Matthew Green of the Johns Hopkins Information Security Institute. Security news from the internet of things grows ever grimmer, we agree, but I get off the bus when Matt and the EFF try to solve the problem with free speech law.

In the news roundup, Matt joins Michael and me to consider the difficulties of retaliating for Putin’s intrusion into the US election. There just aren’t that many disclosures that would surprise Russians about Vlad, though the Botox rumors are high on my list.

In other news, the EU’s cybersecurity agency, ENISA, issues a report on crypto policy that has a surprisingly musty air.

Two new settlements show the limits of privacy law. Michael Vatis covers them both. Ashley Madison settles with the FTC and is assessed a large fine that has to be partially forgiven because the company can’t pay. We all thought that adultery was a more durable business model. And Google settles a class action for unlawful wiretapping by agreeing to scan everyone’s email a few microseconds later than it used to. To spike the football in its victory, Google offers most victims of the violation damages that amount to, well, nothing.

Ah, but Europe marches on, convinced that more privacy regulation will solve the twenty-first century for Europe. Given a choice between more privacy regulation or less, the EU of course chooses more. Maury Shenk explains.  Meanwhile faced with the problem of “fake news” and the real risk that Vladimir Putin will use doxing and propaganda against Angela Merkel in her election next year, Europe has the answer: more regulation, especially regulation that puts all the blame on American social media companies. The first amendment rights of Americans look to be collateral damage.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-143.mp3
Category:general -- posted at: 9:25am EDT

Too busy to read the 100-page Presidential Commission on Enhancing National Security report on what the next administration should do about cybersecurity? No worries. Episode 142 features a surprisingly contentious but highly informative dialog about the report with Kiersten Todt, the commission’s executive director.

In the news, Lindsey Graham, John McCain, and a host of Dems want to investigate Russia’s role in the recent election, while the President-elect thinks it’s, well, fake news, to borrow a lefty trope. Michael Vatis presses me to pick a side. Long-time listeners won’t be surprised at my answer.

The Ninth Circuit offers ginger approval for the use of FISA-derived evidence in a criminal trial.

Gen. John Kelly is picked to head DHS. What does that say about its role in cybersecurity? Nothing, I venture. On crypto, though, we could finally see a commission. Chairman McCaul supports the idea, and it’s just possible that foreign government action and the Trump presidency will finally make Silicon Valley nervous enough to stop stonewalling and start talking.

We close with a definitive five-minute briefing on the future of net neutrality. The quick answer is that the dingoes are running the child care center.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-142.mp3
Category:general -- posted at: 2:35pm EDT

We ask Rihanna to sum up the latest U.S.-EU agreement:

And that’s when you need me there
With you I’ll always share …
You can stand under my umbrella

RiRi’s got the theory right:  The Umbrella Agreement was supposed to make sure the U.S. and EU would always share law enforcement data.  But when the Eurocrats were done piling on the caveats, it’s clear what concessions that US has made but it isn’t clear if the EU has made any at all. Meanwhile, the Investigatory Powers Act has gained royal assent, Maury Shenk walks us through both developments.

The Trump administration is hinting at a change in responsibility for protecting critical infrastructure from cyberattack, and it’s consistent with the President-elect’s enthusiasm for turning hard jobs over to generals. Congress is doing its bit, elevating Cyber Command to full combatant command status. But the Obama administration may still be toying with the idea of firing Adm. Rogers.

In good news, DOJ and a boatload of other countries have sinkholed Avalanche botnet. Michael Vatis has the details.

Kudos to Sen. Cornyn, who held off a series of left/lib attacks on the changes to Rule 41 needed to catch even moderately sophisticated child porn and cyber law breakers.

Tom Donilon’s Commission on what the next administration should do about cybersecurity has delivered recommendations. The response:  crickets.

Lastly, Saudi Arabia suffers major Iranian attack.

We then turn to an interview with Scott Charney, Corporate Vice President for Trustworthy Computing at Microsoft.  I’ve known Scott for 25 years and he’s an acute observer of the international cybersecurity scene.  He discusses international pressures on technology companies including the conflicted roles of governments dealing with encryption.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

Direct download: SteptoeCyberlawPodcast-141.mp3
Category:general -- posted at: 10:03am EDT

1