The Cyberlaw Podcast

Our guest interview is with Jack Goldsmith, Shattuck Professor of Law at Harvard and co-founder of Lawfare. We explore his contrarian view of how to deal with Russian hacking, which leads to me praising (or defaming, take your pick) him as a Herman Kahn for cyberconflict. Except what’s unthinkable in this case are his ideas for negotiating, not fighting, with the Russians.

In the news roundup, I ask Michael Vatis whether the wheels are coming off the FTC’s business model, as yet another company refuses to succumb to the commission’s genteel extortion. 

The Obama Administration came to an end last week, and its officials left behind a lot of paper to remind us why we’ll miss them—and why we won’t. A basically sympathetic review of the administration’s cyber policies ends with a harsh judgment on President Obama: “He did almost everything right and it still turned out wrong.”

Among the leftovers served up last week: a farewell statement on privacy that seems unlikely to prove relevant in the new administration, a workman-like report on cyber incident responsea wistful FCC public safety bureau report on the commission’s cybersecurity initiatives, and a zombie notice that showed up in the Federal Register three days into the Trump administration, implementing the Umbrella Agreement on data protection with the EU. Maury Shenk evaluates the agreement and its prospects.

And just to make sure we haven’t forgotten the new team’s rather different approach, it posted a policy statement on how good its cyber policy will be. It reads, in its entirety, “Cyberwarfare is an emerging battlefield, and we must take every measure to safeguard our national security secrets and systems. We will make it a priority to develop defensive and offensive cyber capabilities at our U.S. Cyber Command, and recruit the best and brightest Americans to serve in this crucial area.”

I try a quick explanation of the flap between security researchers and the Guardian over an alleged “back door” in WhatsApp messaging. Somehow, the Iran-Iraq war makes an appearance.

And, in a first for the Steptoe Cyberlaw Podcast, Alan Cohn reports as our roving foreign correspondent from, where else, Davos. Want to know what the global 1% are worried about—other than you? Alan has the answers.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-147.mp3
Category:general -- posted at: 1:15pm EDT

Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity? Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight.

Should the FDA allow implants of defibrillators with known security flaws—without telling the patients who are undergoing the surgery?  That’s the question raised by the latest security flaw announcement from the FDA, DHS, and St. Jude Medical (now Abbot Labs).

Repealing the FCC’s internet privacy regulations is well within Congress’s power if it acts soon, says Stephanie Roy, who stresses how rare it is for a Republican president to control both houses of Congress.  (And who says President Obama didn’t leave a legacy?)

The European Commission isn’t done complaining about U.S. security programs, Maury Shenk tells us. Vera Jourova wants to know more about the U.S. request that Yahoo! screen for certain identifiers and hand over what it finds. That’s apparently too useful for finding terrorists to satisfy delicate European sensibilities  Speaking of which, Angela Merkel is in the bulls-eye for Russian doxing.  And to hear Maury tell it, Russia has probably been collecting raw material for years.

Should we start treating Best Buy computer support as though its geeks work for the FBI? And would that be a defense if they find bad stuff on our computers without a warrant? Michael thinks it’s more complicated than that.

Speaking of overhyped stories, Michael and I unpack the claim that President Obama’s team is handing out access to raw NSA product with unseemly haste and enthusiasm. In fact, this proposal has been kicking around the interagency for years, and the access is heavily circumscribed. As for the haste, it could be the outgoing team is afraid its proposal will be unduly delayed—or that all its circumscribing will be second-guessed. You make the call!

And for something truly new, we offer “call-in corrections,” as Nebraska law professor Gus Hurwitz tells us about the one time the FTC discussed the NIST Cyber Security Framework.  It’s safe to say that this correction won’t leave the FTC any happier than my original charge that the agency can’t get past “Hey! I was here first!”

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

Direct download: SteptoeCyberlawPodcast-146.mp3
Category:general -- posted at: 10:29am EDT

Steptoe Cyberlaw Podcast – Interview with Davis Hake and Nico Sell

Episode 145:  What Donald Trump and “Occupy Wall Street” have in common

We interview two contributors to CSIS’s Cybersecurity Agenda for the 45th President.  Considering the track record of the last three Presidents, it’s hard to be optimistic, but Davis Hake and Nico Sell offer a timely look at some of the most pressing policy issues in cybersecurity.

In the news roundup, it’s more or less wall to wall President-elect Trump. Michael Vatis, Alan Cohn, and I talk about Russian hacking, the American election, Putin’s longtime enthusiasm for insurgent movements from “Occupy Wall Street” to “Make America Great Again,” and the President-elect’s relationship with the intelligence community.

In other news, I’m forced to choose between dissing the New York Times and dissing Apple’s surrender to Chinese censorship. Tough call, but I make it. Speaking of censorship, Russia is rapidly following China’s innovation in app store regulation.  For legal antiquarians, I suggest that the Foreign Agent Registration Act deserves a comeback.

It seems to be solidarity week.  Lots of amici have leapt to support LabMD in court now that it looks like a winner Meanwhile I stick up for Mike Masnick, the man who puts the dirt in Techdirt. He may be an colorfully opinionated jerk, but he doesn’t deserve to be a defendant.  And I congratulate Lawfare for joining the Europocrisy campaign on Schrems and China.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

 

Direct download: SteptoeCyberlawPodcast-145.mp3
Category:general -- posted at: 4:07pm EDT

We start 2017 the way we ended 2016, mocking the left/lib bias of stories about intercept law.  Remember the European Court of Justice decision that undermined the UK’s new Investigatory Powers Act and struck down bulk data retention laws around Europe?  Yeah, well, not so much.  Maury Shenk walks us through the decision and explains that it allows bulk data retention to continue for "serious" crime, which is really the heart of the matter.

We can’t, of course, resist an analysis of the whole Russian election interference sanctions brouhaha.  The FBI/DHS report on Russian indicators in the DNC hack is taking on water, and its ambiguities have not been helped by a Washington Post article on alleged Russian intrusion into Vermont Yankee’s network.  That story had to be walked way back, from an implicit attack on the electric grid to an apparently opportunistic infection of one company laptop.  No one is surprised that there’s an increasingly partisan split over who’s going to answer the phone now that the 1980s really have called to get their foreign policy back. 

Meredith Rathbone walks us through the revamp of the Obama Administration’s cyber sanctions in an attempt to address election meddling.  And we manage to find a legal twist to the new sanctions on the FSB.  Turns out that large numbers of U.S. tech firms have to deal with the FSB, not as a buyer of services but as a regulator, both of encryption and intercepts inside Russia.  If the sanctions prohibit dealing with FSB as a regulator, Maury reports, they could end up imposing unintentionally broad restrictions on a lot of US companies doing business in Russia.

Meredith also updates us on the Wassenaar effort to control exports of “intrusion software”—which some European governments seem to want to regulate in a way that does maximum damage to cybersecurity.  The overreaching was blunted in a recent Wassenaar meeting, but not nearly as much as the U.S. government—and industry—had hoped.  The issue won’t go away, but it will soon become an appropriate job for the author of “The Art of the Deal.”

Finally, Jennifer Quinn-Barabanov takes us on a tour of the dirtier back streets ofprivacy class action practice—otherwise known as cy pres awards and their challengers.  It sounds like “genteel corruption” to me, but you be the judge.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-144.mp3
Category:general -- posted at: 11:01am EDT

1