Steptoe Cyberlaw Podcast

In this episode, Alan Cohn and Maury Shenk look at questions in Europe and elsewhere in Stewart’s absence. Maury delves into why Google was ordered to turn over foreign data accessible from U.S., a decision that seems at odds with the Microsoft Ireland case. Alan considers claims made by David Sanger and William Broad in The New York Times that U.S. blew up North Korea’s most recent missile test, and Jeffrey Lewis’s rebuttal in Foreign Policy.  Alan and Maury both remain skeptical.

Leaving the Korean peninsula, Maury discusses the current effort by EU data protection regulators to enact e-privacy regulations that would, among other things, put in place detailed standards for location tracking and content associated with metadata.  No surprises, but potentially more headaches for US industry.   And back on U.S. soil, Alan comments on the U.S. Justice Department’s apparent decisions to reconsider criminal charges against Wikileaks for the CIA cyber-tools leak.  Maury provides some color on the Trump Administration’s (lack of) views on Privacy Shield.

Finally, Alan reviews the bidding on dual-use export controls and cyber technologies, explaining both the most recent negotiations under the Wassenaar Arrangement and the EU’s efforts to amend its dual-use export controls to include cyber-surveillance technologies. 

As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-161.mp3
Category:general -- posted at: 2:16pm EDT

This week the podcast features an extended news roundup with two guest commentators—Julian Sanchez of the Cato Institute and Gus Hurwitz of Nebraska Law School.  

We talk about the latest, mostly overhyped, Shadowbrokers dump, and whether Google Translate can be taught to render plain text into Shadowbrokerese as well as Klingon.

Stephanie Roy kicks off speculation about the future of net neutrality in the Pai FCC. The future looks bright for litigators.

Abbott Labs takes a short but brutal session in the woodshed from the FDA. Looks like Abbott’s now-subsidiary, St. Jude Medical, knew for years that its backdoor could be found by outsiders, but it stuck to the view that hardcoded access was a feature not a bug. Too bad Uber has already trademarked the name, because if ever there were a feature that deserved to be called “God mode,” this is it.

Burger King triggers a technical battle with Google and an editing war with Wikipedia with a commercial that begins, “Okay, Google, what’s a Whopper burger?” But, law nerds that we are, all we can talk about is whether Burger King is liable under the Computer Fraud and Abuse Act.  

As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

Direct download: SteptoeCyberlawPodcast-160.mp3
Category:general -- posted at: 12:00pm EDT

Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute.  It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a bank’s entire online presence, to the pwning of Dallas’s emergency sirens and a successful campaign to compromise the outsourcing firms that supply IT to small and medium sized businesses.

In the news roundup, Maury Shenk, and Jamil Jaffer, of George Mason’s National Security Law & Policy Program, talk with me about the likely outcome of the European movement to regulate encryption.  The bad news for Silicon Valley is that the US isn’t likely to play much of a moderating role when the Europeans tighten the screws.

In other news, Jennifer Quinn-Barabanov explains the two-front battle that Wendy’s is facing (and mostly losing) over data breach liability.

I acknowledge the latest Silicon Valley fad:  filing lawsuits on behalf of their customers’ privacy.  So far, Twitter has chalked up a win, and Facebook a loss. 

LabMD has also chalked up another win, this time in a Bivens action to hold FTC officials personally liable for aggressively enforcing the law against the company as punishment for its outspoken critique of the Commission.  The case has mostly survived a motion to dismiss.  

Meanwhile in Massachusetts, outmoded privacy laws continue to burden would-be undercover journalists, and Jennifer reports that the prospects for invalidating a law banning recordings of oral conversations on first amendment grounds took a hit last week, at least as it relates to public officials.

Finally, in other computer security news around the globe, Germany’s security services are claiming a lack of authority to take needed action in response to cyber threats.  In India, in contrast, enthusiasts for better attribution of India’s populace are forcing everyone to register in a detailed identity database – despite the efforts of India’s top court to ensure that the system remains voluntary.  The death of anonymity will be a prolonged affair, but the outcome seems inevitable.
As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-159.mp3
Category:general -- posted at: 10:04am EDT

Episode 157 digs into the security of the medical internet of things.  Which, we discover, could be described more often than we’d like as an internet of things that want to kill us.  Joshua Corman of the Atlantic Council and Justine Bone, CEO of MedSec, talk about the culture clash that has made medical cybersecurity such a treacherous landscape for security researchers, manufacturers, regulators, and, unfortunately, a lot of patients who remain in the dark about the security of devices they carry around inside them.  

In the news roundup, Phil Khinda takes us through the likely trend in SEC cybersecurity enforcement in the new administration.  Stephen Heifetz does the same for the Committee on Foreign Investment in the United States, or CFIUS.

I claim that Eli Lake’s Bloomberg story finally explains why Republicans think that Obama administration surveillance and unmasking of Trump team members needs to be investigated.  Stephen calls it a distraction.

In other news, Buzzfeed gets taken down by a lawyer with a sense of humor, big claims are made for the impact of the third Wikileaks Vault7 document dump, and Donald Trump may have forgiven Apple.  Finally, Jim Comey’s twitter account may have been outed; that’s the story, because the tweets themselves are anodyne in the extreme.

For those wanting to dig deeper into medical device cybersecurity, Joshua Corman recommends the following links, all referenced in the interview:

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Direct download: SteptoeCyberlawPodcast-157.mp3
Category:general -- posted at: 10:02am EDT

1