Steptoe Cyberlaw Podcast

Our interview is with Michael Daniel, former Special Assistant to the President and Cybersecurity Coordinator at the White House and current President of the Cyber Threat Alliance. We ask Michael how the new guys are doing in his job, what he most regrets not getting done, why we didn’t float thumb drives filled with “The Interview” into North Korea on balloons, and any number of other politically incorrect questions. His answers are considerably more nuanced.

In the news roundup, we note that the second Wikileaks release is a damp squib, full of outmoded Apple exploits.

Michael Vatis and I unpack the Third Circuit ruling upholding imposition of contempt penalties on a defendant who has “forgotten” the password to his child porn trove.  It turns out that the case offers a road map for prosecutors and police who want to make sure no one ever forgets a password in their jurisdiction.

Stephanie Roy notes that Congress has begun the process of repealing the ISP privacy and security regulations adopted under Chairman Wheeler.  What, if anything, will replace them, and when, is a matter for lengthy speculation.

I note that the privacy zealots of Silicon Valley have fatally miscalculated the kind of support they’ll get in Europe for end-to-end encryption. Face it, guys, Europe hates you no matter what you do, and they’ll happily impose massive fines both for violating user privacy and for protecting it too well.

Does GCHQ spy on Americans for NSA? Nope. The real question is whether Rick Ledgett, number two at NSA, has already stopped sounding like a government employee when he talks to the press.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-156.mp3
Category:general -- posted at: 4:10pm EST

Episode 155 of the podcast offers something new: equal time for opposing views. Well, sort of, anyway.  In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week.  I argue that U.S. companies should be allowed to hack back; I’m opposed by Greg Nojeim, Senior Counsel at the Center for Democracy & Technology and Jamil Jaffer, Vice President for Strategy & Business Development of IronNet Cybersecurity.  (Jeremy Rabkin, who was supposed to join me in arguing the affirmative, was trapped in Boston by a snowstorm.)

In the news, we can’t avoid the unedifying—and cynical—spat between press and White House over wiretapping. Turning to legal news, I note the D.C. Circuit’s adoption of a cursory and unpersuasive reading of the Foreign Sovereign Immunities Act in the context of state-sponsored hacking of activists in the United States. Maury Shenk unpacks the latest ECJ opinion refusing to apply the “right to be forgotten” across the board to government databases. So far, the only clear application is to American tech giants. That’s also true of the latest German proposal to make the internet safe for censors, government and nongovernment alike. As Maury explains, the German Justice Minister is proposing fines up to $50 million for tech giants that don’t censor online speech fast enough or hire enough European private censors to keep up with the workload.

The Justice Department’s indictments in the Yahoo! hack show just how remarkably intertwined Russian intelligence and Russian cybercrime have become.

Alan Cohn and I chew over the latest developments in the new administration’s approach to cybersecurity—a determination to cripple botnets more effectively, and a willingness to exempt SHS cyber programs from what looks like a drastic set of budget cuts for nondefense agencies. Whether the administration can make progress on botnets while sticking to voluntary measures is uncertain; equally uncertain is whether the plus-ups for DHS cyber reflects satisfaction with the agency’s performance on that mission in recent years. 

Finally, Maury and I ask whether the German government is surrendering to reality in pursuing more effective video surveillance of possible criminals and terrorists.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-155.mp3
Category:general -- posted at: 5:40am EST

In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers.

Joining us for the news round-up is Carrie Cordero, a Washington lawyer who focuses on national security law, homeland security law, cybersecurity and data protection issues.  She is also an adjunct professor of Law at Georgetown University.

Topping the news is the Wikileaks Vault7 release, including Assange’s mischievous offer to work with Silicon Valley to fix vulnerabilities before they’re disclosed.  Carrie, Markham Erickson, and I comment.

Stephanie Roy reports that the FCC is investigating a 911 outage at AT&T; so far the agency has been tight-lipped about the details.

Home Depot is nearing the finish line in its data breach ordeal, Jennifer Quinn-Barabanov reports. The banks that had to reissue credit cards were among the last holdouts; they’re getting $25 million, which sounds like a lot until you do the math and realize it’s two bucks a card.

Jennifer tells us that another defense effort to moot a TCPA class action by picking off a named plaintiff has been thwarted—this time by the Second Circuit.

Tom Graves (R-GA) has introduced a hackback defense to CFAA liability. Markham and I trade barbs over the wisdom of allowing hackback defenses, but we reach agreement on the depth of Uber’s greyballing problems—and the risk that more companies will use big data to disfavor some customers without telling them.

Carrie reports on developments in the FBI-Geek Squad imbroglio, and I mock the reporters who have bought the deeply unappealing defendant’s claim to be a civil liberties victim.

Last, and well worth the wait, Jennifer and I update our listeners on the latest in CyberSexToy privacy.  Turns out the records of interactions with your internet-enabled vibrator can be compromised for a surprisingly low settlement price. Maybe now we really ought to call the time of death for internet privacy.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-154.mp3
Category:general -- posted at: 1:57pm EST

In this episode, Matt Tait, aka @PwnAllTheThings, takes us on a tour of Russia’s cyberoperations. Ever wonder why there are three big Russian intel agencies but only two that have nicknames in cybersecurity research? Matt has the answer to this and all your other Russian cyberespionage questions.

In the news, we mourn the loss of Howard Schmidt, the first cyber czar and one of the most decent men in government. Then we descend into the depths of the Trump wiretap story. I reprise some of my views from Lawfare. Michael Vatis is not persuaded.

After Microsoft’s refusal to provide data stored in the cloud outside the U.S. was upheld in the Second Circuit, things looked rosy for its position. But now two magistrates in a row have rejected that position.  Michael and I discuss the latest ruling.

Maury Shenk is now our official commentator on the legal consequences of Internet-enabled toys. This time it’s teddy bears, whose interactions with children and parents were exposed by hackers.

More seriously, Maury praises an impressive new analysis of China’s 50c army of tweeters. It turns out that everything we thought we knew about the 50c army is wrong. 

Just in time for an early spring, we have harbingers of the coming fight over reauthorization of the 702 intercept program. Director of National Intelligence candidate Dan Coats promises to put a number on the US persons whose communications are caught up in the program, the Electronic Frontier Foundation (EFF) and other NGOs turn on both the US government and Silicon Valley to urge that Privacy Shield be held hostage to changes in the program. And the incoming Commerce Secretary, Wilbur Ross, endorses Privacy Shield, a move that may validate EFF’s tactics.

As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785

Direct download: SteptoeCyberlawPodcast-153.mp3
Category:general -- posted at: 11:52am EST

1