Steptoe Cyberlaw Podcast

Everybody’s a critic, and everybody’s a censor, at least if you judge by today’s episode: Maury Shenk tells us the European Court of Justice will soon rule on its authority to censor what Americans read. Markham Erickson discusses the Ninth Circuit decision upholding national security letter gag orders. And Maury says that China is getting impressively good at deleting images it doesn’t like from citizens’ phones in real time.

In other news, Congressional sanctions on Russia look like a done deal; Anthony Rapa explains (contra the NYT) that the sanctions weren’t watered down in the House – and the fuss they’re likely to cause among our European trading partners.

Speaking of sanctions, how long before Putin decides to sanction the extended Trump family by going after their property, either with legal decrees or illegal hacks? The Trump hotels are already prime targets for credit card hacks; adding doxing and bricking to the mix wouldn’t be hard.

In fact, that’s a lesson Hollywood seems to have absorbed. To keep from getting hacked a la Sony, it looks as though other studios are airbrushing Vladimir Putin from their upcoming films.

Meanwhile, Reuters and others report that Silicon Valley’s Big Tech seems to be AWOL in the fight over section 702 renewal. Not necessarily out of patriotism but possibly also because the EU has tried to tie the fate of 702 with the Privacy Shield, which is the agreement that allows for free data flows between the regions.

As antidote, Stephanie Roy describes one profile in corporate courage – Microsoft’s lawsuit against Russia’s GRU (though they don’t of course name the intelligence agency). Microsoft is using trademark rights to take back some of the GRU’s command and control infrastructure.  It may not change the world, but it’s the best use of trademark enforcement in years.

Finally, our guest for the episode is Dave Aitel, Founder and CEO of Immunity, Inc. Dave combines deep cyber security expertise with a willingness to weigh in on policy issues.  A VEP expert (and contrarian), Dave thinks the recent Belfer Center paper on the topic is embarrassingly wrong and will have to be withdrawn. We cover other issues as well, from when a cyberweapon should be condemned as an indiscriminate violation of international humanitarian law to Kaspersky’s defenestration and the wisdom and proper regulation of private sector hacking back.  It’s a great tour of current issues in cybersecurity.

As always the Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 176th Episode (mp3).

Subscribe to the Cyberlaw Podcast here.  We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: SteptoeCyberlawPodcast-176.mp3
Category:general -- posted at: 6:34pm EDT

This episode is dominated by IT procurement news.  And it’s as irresistible as a twelve-car pileup on the Beltway.  We open the news with an exploration of the federal de-listing of Kaspersky Labs, and how seriously government contracts lawyers take such an action (h/t to Michael Mutek for that).

Then, in the interview, Eric Hysen, formerly of the DHS Digital Service, lays out his view of how DHS’s effort to bring agility and speed to big IT contracts came a cropper, with plenty of color commentary from procurement law guru, Michael Mutek.  If you care about reforming federal IT purchasing (and you should), this interview is a cautionary tale.

In other news, as Steptoe summer associate Quentin Johnson lays out, the Knight First Amendment Institute has brought a lawsuit to declare @realDonaldTrump a public forum from which trolls and griefers may never be excluded.  Gus Hurwitz overcomes his inclination to snark and instead treats the claim seriously, which only makes it sound more ridiculous.  Still, I’m looking forward to seeing White House press briefings moved to the Rose Bowl.

Alan Cohn and I note that Booz Allen has come up with the best explanation yet for NotPetya’s weirdly self-defeating ransomware pose.  The purpose wasn’t to cause Shamoon-style destruction or to collect ransom; the goal was to cover tracks left in earlier intrusions.

Meanwhile, Alan Cohn describes a remarkably functional homeland and cyber security White House and DHS process, including Jeanette Manfra’s swift appointment and Rob Joyce’s sober assessment of the value of norms talk.

China continues to crack down on its citizens, and to get cooperation from at least some US tech companies.   You want cyber norms as the tech sector would write them?  It’s easy:  the norm is whatever the government in the companies’ biggest markets wants.  That, at least, goes a long way to explain Apple’s conduct.

Subscribe to the Cyberlaw Podcast here.  We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: SteptoeCyberlawPodcast-175.mp3
Category:general -- posted at: 7:06pm EDT

In this episode, we interview Jim Miller, co-chair of a Defense Science Board panel that reported on how the US is postured for cyberconflict and the importance of deterrence. The short answer: deterring cyberconflict is important because our strategic cyberconflict posture sucks. The DSB report is thoughtful, detailed, and troubling. Jim Miller manages to convey its message with grace, good humor, and clarity.

In the news, Brian Egan and I find ourselves unable to turn away from the Trump-Putin meeting in Warsaw. Bottom line: by raising concerns with election hacking, Trump did and said more or less what any President would have said and done – except he failed to stick the landing with a self-serving debrief. Or if the President’s short-lived establishment of a “joint computer security unit” was self-serving, we missed it.

File this under dog bites man: Europeans are beating up on Google. The UK data protection commissioner says it was unlawful for the National Health Service to share medical data with Google’s DeepMind subsidiary, even if the goal was to provide new medical insights.

And the EU’s massive fine for Google’s abuse of its dominant position leads to musings on the regulatory foundations of some competition law doctrines – plus an enthusiastic book recommendation.

Speaking of regulating cyberspace, China’s regulatory association is demanding “core socialist values” and in-house auditors for internet content sites.

Finally, in a first, we invite Steptoe summer associate Josh Holtzman on the podcast. Josh does a fine job breaking down the issues in a court fight over warrants-and-gag-orders served on Facebook, probably as part of an investigation into violence accompanying Donald Trump’s inauguration.

As always the Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Subscribe to the Cyberlaw Podcast here.  We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: SteptoeCyberlawPodcast-174.mp3
Category:general -- posted at: 8:48pm EDT

Today we deliver the second half of our bifurcated holiday podcast with an interview of Richard Ledgett, recently retired from his tour as NSA’s deputy director. We cover much recent history, from Putin’s election adventurism to questions about whether NSA can keep control of the cyberweapons it develops.  Along the way, Rick talks about the difference between CIA and NSA approaches to hacking, the rise of NSA as an intelligence analysis force, the growing effort to keep Kaspersky products out of sensitive systems, and the divergence among intelligence agencies about whether Putin’s attack on the American election was intended mainly to hurt Hillary Clinton or to help Donald Trump.

As always the Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Subscribe to the Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: SteptoeCyberlawPodcast-173.mp3
Category:general -- posted at: 2:55pm EDT

In this news-only episode, we cover the irresistible story of the week: Trump, Russia, and the Media.  It’s especially irresistible for us because we’ve had two of the protagonists on as guests.  I make the bold prediction that Shane Harris’s stories on Russia collusion and the Trump campaign will be seen as the moment when the media OCD fascination with Russia collusion finally jumped the shark.  Though in this case, the shark had already consumed at least one Pulitzer-prize winning journalist, Eric Lichtblau.  (And for the record, CNN, I am not advocating that more journalists should be eaten by sharks, and I refuse to accept the blame when they are.)

Unfortunately, journalists chasing nonstories can’t devote any attention to some very real stories involving government and IT.  So we do it for them.  Stephen Heifetz reports on the CFIUS logjam that is blocking close to a dozen transactions because the administration has not filled the subcabinet positions that could sort through the filings with a coherent policy in mind.

In other cyberwar logjam news, the UN Government Group of Experts (GGE) has failed to produce a consensus report following up on earlier reports endorsing some application of the law of war to cyberattacks.  Brian Egan explains what that means for the UN, the Trump administration, and the future of international cooperation on cyber norms.

Finally, Stephanie Roy explains the significance of the latest spat between Ajit Pai and Mignon Clyburn over online privacy regulation.

As always, the Cyberlaw Podcast welcomes feedback.  Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: SteptoeCyberlawPodcast-172.mp3
Category:general -- posted at: 5:13pm EDT

1