Steptoe Cyberlaw Podcast

Our guest for episode 152 is Paul Rosenzweig, and we tour the horizon with him.

In the news roundup, Stephanie Roy outlines the deregulatory tangle around ISPs, privacy, security, and the FCC. Maury Shenk briefs us on the European legislation authorizing the quashing of terrorist advocacy on line. Jennifer Quinn-Barabanov explains when standing is a defense against privacy claims and when it isn’t. Together, we remark on the latest example of formerly stodgy banks embracing their inner plaintiffness.

Maury explains why the Germans have banned Cayla the talking (and listening!) doll. I ask whether the Germans next plan to ban speakerphones. (Likely answer: only if they come from America.)

Paul and I dig into the Amazon claim that the first amendment prevents enforcement of a criminal discovery order seeking Amazon Echo recordings. Hey, the suspect might have been ordering books, and that’s a First Amendment activity, says Amazon; and anyway, what Alexa said back to the suspect was an exercise of Amazon’s First Amendment rights. These arguments cry out for the command most frequently heard by my music-playing Echo: “Alexa, that’s enough.”

Almost as unpersuasive to Paul and me is magistrate judge David Weisman’s refusal to issue an order allowing the police to search a home and make anyone on the premises put their fingers on their iPhones to unlock them. That act is testimonial in Weisman’s opinion because, well, because he says it is. (His Fourth Amendment analysis is better, but hardly compelling.)

Paul explains the dramatic clash of cultures hidden in the otherwise esoteric battle between the GSA’s inspector general and “18F,” an Obama-meets-Silicon-Valley effort to streamline government IT development. Like any good tragedy, you knew from the start that this trainwreck was coming, but you still can’t look away.

The draft cyber executive order still isn’t out, despite what looks like a much more disciplined vetting process than other EOs went through. What’s the reward for running a good interagency process in a White House not noted for such discipline? The Homeland Security Council may get folded under the National Security Council.

No one has heard of the National Association of Secretaries of State in 50 years. And if you want to know why, we say, look no further than NASS’s foolish resolution objecting to the designation of electoral systems as "critical infrastructure."

Finally, Paul and I noodle over DHS’s request that Chinese visitors to the US voluntarily disclose their social media handles. I predict that this puts the frog in the pot and the stove on simmer. Meanwhile, Paul finds one border security measure that even I wouldn’t adopt.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 
Direct download: SteptoeCyberlawPodcast-152.mp3
Category:general -- posted at: 3:20pm EST

In this episode, Stewart Baker goes to RSA and interviews the people that everyone at RSA is hoping to sell to—CISOs. In particular, John “Four” Flynn of Uber, Heather Adkins of Google, and Troels Oerting of Barclays Bank. We ask them what trends at RSA give them hope for the future, which make them weep, what’s truly new in cybersecurity, and what kind of help they would like from government. 

While Stewart’s traveling, Alan Cohn takes over the news roundup. We start with some news from the RSA Conference keynotes. Brad Smith, President of Microsoft, called for a cyber “Geneva Convention” on behalf of the sovereign nation of Microsoft. And Rep. Michael McCaul (R-TX), chair of the House Committee on Homeland Security, announced his opposition to backdoors in encryption, lining up with former Secretary of Homeland Security Michael Chertoff and former NSA and CIA Director Michael Hayden, but against current Attorney General Jeff Sessions and current FBI Director Jim Comey.

In news from across the pond, Maury takes us through the EU’s efforts to take on robots.  We coin the term #EURobotHammer in the process (it’s complicated). Maury also tells us whether the Russians are hacking the French elections (it’s complicated).

Back stateside, Alan asks what the cyber implications are of "out like Flynn, in with McMaster" at the National Security Council. Alan also confides in us about White House staffers’ use of confidential messaging apps like Confide (see what I did there?). 

Finally, Alan takes us through a few quick hits on CrowdStrike vs NSS Labs, the SASC’s new Cyber subcommittee, and Yahoo!’s $350M haircut.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-151.mp3
Category:general -- posted at: 5:48pm EST

In our interview this week, we explore multiple worthwhile Canadian initiatives with Dominic Rochon, deputy chief of policy and communications for CSE, Canada’s version of the NSA and with Patricia Kosseim, general counsel and director general for policy at the Office of Canada’s Privacy Commissioner. Among other things, we take a close look at Canada’s oversight regime for intelligence, in which a retired judge gets to exercise executive authority over the CSE—in contrast to the US system where active judges do the same but pretend they’re carrying out a judicial function.

In the news roundup, Judge Robart is doing his best to hog the judicial headlines, not only blocking the Trump administration’s immigration policy but giving support to Microsoft’s suit to overturn discovery gag orders en masse. His opinion allows Microsoft to proceed with a lawsuit claiming that gag orders violated the First Amendment.

The Trump Administration could soon begin asking foreigners coming to the United States—particularly from some Muslim-majority countries—to turn over their social media accounts and passwords. This is a policy begun under the Obama administration and supported by bipartisan homeland security groups.  I predict that it will nonetheless soon be trashed by the press as an Evil Trump Initiative.

Tallinn 2.0 is out. It applies international law to cyber activity at and below the threshold of armed conflict. Color me skeptical.

The cybersecurity Executive Order that’s been hanging fire for weeks is still hanging fire. A new draft has been leaked, though, and it’s better.

Hal Martin is indicted for stealing massive amounts of data from NSA and perhaps others. According to a Washington Post report, US officials think Martin may have stolen 75%of the NSA’s hacking tools. Ouch.

In other news, Rick Ledgett, the No. 2 official at the NSA is leaving but not because of TrumpAnd Google has told several prominent journalists that state-sponsored hackers are trying to break into their inboxes.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-150.mp3
Category:general -- posted at: 2:38pm EST

Our guest for episode 149 of the podcast is Jason Healey, whose Atlantic Council paper, “A Nonstate Strategy for Saving Cyberspace,” advocates for an explicit bias toward cyber defense and the private sector.  He responds well to my skeptical questioning, and even my suggestion that his vision of “defense dominance” would be more marketable if paired with thigh-high leather boots and a bull whip. #50ShadesofCyber.

In the news roundup, we experiment with, uh, actual legal discussion.  The Microsoft Ireland case has company; Google recently lost a similar argument before a magistrate judge – maybe because it couldn’t say where the data it wanted to protect from disclosure actually was.  Michael Vatis explains.

Meredith Rathbone and I take a victory lap over CNN and its reporters, noting that if they’d listened to the podcast, they’d have known a month early that US sanctions had unexpectedly prevented US companies from filing license applications with Russian intelligence agencies – and that allowing companies to make such filings wasn’t an opportunity for hyperventilating about President Trump’s bromance with Putin.

Michael and I also deconstruct Supreme Court nominee Neil Gorsuch’s opinion in US v. Ackerman.  The opinion calmly and clearly puts a hole below the waterline in a longstanding approach to collecting evidence in child porn cases.  If this case gives a clue to his jurisprudence, it seems unlikely that a Justice Gorsuch will be a pushover for government arguments.

Can American companies sue governments that hack them in the US?  I hope so, but that depends on whether the Foreign Sovereign Immunities Act provides protection for malware sent from abroad that does its damage here.  In an unlikely-bedfellows moment, I’m depending on EFF to make that argument to the DC Circuit.

And, to follow up on two stories we covered earlier, Brexit authority slips quickly through the House of Commons, while Google’s penny-pinching settlement of a massive “wiretapping” class action is approved over objections to the cy pres payments to the usual NGOs.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

Direct download: SteptoeCyberlawPodcast-149.mp3
Category:general -- posted at: 5:13pm EST

Our guest for episode 148 of the podcast is Corin Stone, the Executive Director of the National Security Agency.  Corin handles some tough questions – should the new team dump PPD-28, how is morale at the agency after the Snowden and Shadowbroker leaks, and will fully separating Cyber Command from NSA mean new turf fights?  I give Corin plenty of free advice and, more usefully, our first in-person award of the coveted Steptoe Cyberlaw Podcast coffee mug.

In the news, Alan Cohn and I cover the Second Circuit’s much-ado-about-nothing package of opinions on rehearing the Microsoft-Ireland case.

Maury and I discuss what the new White House executive order on the privacy rights of foreigners means – as well as Donald Trump’s meeting with Theresa May (including whether they talked about Russia sanctions).  Also on the agenda:  Has Donald Trump already surpassed Barack Obama’s lifetime record for holding hands with prominent White House visitors?

Speaking of Peter Thiel, Jennifer Quinn-Barabanov and I speculate about whether FTC commissioner Maureen Ohlhausen will pull the FTC back from the ledge on suing companies for security flaws that don’t cause demonstrable consumer harm.  And whether Peter Thiel is looking for someone else to chair the FTC.

In other news, no new executive order on cybersecurity yet, despite (or because of) the leaks China disses attribution.  And ADT settles an early IOT security class action.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

Direct download: Episode_148.mp3
Category:general -- posted at: 12:37pm EST

1