The Cyberlaw Podcast

If the surgeon about to operate on you has been disciplined for neglecting patients, wouldn’t you like to know? Well, the mandarins of the European Union privacy lobby beg to differ. Google has been told by a Dutch court not to index that story, and there seems to have been a six-month lag in disclosing even the court ruling. That’s part of this week’s News Roundup. Gus Hurwitz and I are appalled. I tout my long-standing view that in the end, privacy law just protects the privileged. Gus agrees.

The interview is with John Carlin, author of “Dawn of the Code War.” It’s a great inside story of how we came to indict China’s hacker-spies for attacking US companies.

In other news, the Illinois Supreme Court has demonstrated how bad Illinois’ biometric privacy law is—by the simple expedient of applying it the way it’s written.

Dr. Megan Reiss and I air our ambivalence about the latest site hosting collections of doxed messages. We lack enthusiasm for indiscriminate doxing of the kind highlighted on Distributed Denial of Secrets, but if it’s got to happen, it couldn’t happen to a nicer Russian dictator.

Nick Weaver explains the DHS emergency order telling civilian agencies to protect themselves against DNS hijacking, and why the shutdown may have made those agencies more vulnerable.

Nick and I debate YouTube’s latest algorithmic tweak to avoid recommending “borderline” material. He notes that the algorithm used to push people to extremes. I note that this is a suspiciously good way for YouTube Social Justice Warriors to suppress videos they don’t like but can’t actually show to be violating YouTube’s terms of service.

Speaking of which, maybe the real singularity is when Silicon Valley joins forces with Beijing to produce new technology that will suppress the peasants once and for all. If so, the singularity is nigh, as a Chinese app allows you to identify people around you who deserve to be shamed.

 

Download the 248th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-248.mp3
Category:general -- posted at: 11:46am EST

So says the remarkable Jeff Jonas, CEO of Senzing. And he’s got a claim to be doing just that. A data scientist before data science was cool, Jeff has used his technical skills and an intuitive grasp of complex data problems to stop card counters in Las Vegas and terrorists targeting the U.S., and then to launch an initiative making voter registration more accurate and widespread. Most recently, in the course of an effort to improve maritime security around Singapore, he also found a key to identifying asteroids due to collide with each other so they can be watched. Because when this happens, who knows where their new course will take them?

The media has been hyping a strikingly bad magistrate judge’s opinion giving 5th Amendment protection to biometric phone security. This leads Gus Hurwitz and me to question why Congress ever promoted U.S. magistrates to “magistrate judges” in the first place. We suggest striking the word “judge” from the title given to these Article I judicial aides; call it the Truth in Judging Act.

Congress and the president can’t even agree on a compromise that would end the partial government shutdown. So what genius decided that our security from terrorist attacks should depend on Congress and the president agreeing every couple of years on yet another part of our counterterrorism legislation? Like it or not, though, 2019 will feature another cliffhanger, as several national security provisions of FISA come to an end unless renewed. Jamil Jaffer and David Kris talk about the provisions and possible outcomes. I plead for a compromise that takes seriously the Trumpist concern about partisan abuse of the law.

If the SEC didn't own EDGAR, I suspect the government would have imposed serious fines on the owner of EDGAR for enabling a new form of insider trading. Jamil and Gus debate the real question: How can hackers with access to guaranteed market moving info manage to make only $4 million in six months of trading?

The Department of Justice’s Office of Legal Counsel has reversed an Obama-era interpretation limiting the scope of federal criminal laws governing online gambling. David provides the background; I introduce our listeners to the Baptist-bootlegger coalition. 

If you would like to hear more from Jeff Jonas and you’ll be in London on January 29, be sure to attend his talk, “AI for Entity Resolution,” at the SAGE Ocean speaker series. Event details can be found here.

 

Download the 247th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-247.mp3
Category:general -- posted at: 11:12am EST

Brazen Russian intrusions into the U.S. electricity grid lead our episode. I ask Matthew Heiman and Nick Weaver whether Russia intended for us to know about their intrusions (duh, yes!) and how we should respond to the implicit threat to leave Americans freezing in the dark. Their answers and mine show creativity if not exactly sobriety.

In what may be good news about emerging European sobriety, Google gets a favorable opinion from the advocate general to the European Court of Justice (ECJ) on the question of whether to extend Europe’s “right to be forgotten” censorship regime to benighted Americans, and Turks, and Russians and Chinese. Most of those countries would be glad to impose their censorship regime on Europeans, consideration of which may be enough to overcome the America Derangement Syndrome the ECJ has displayed in earlier tech privacy cases.

DHS was right, and EFF was wrong. That’s the lesson Maury Shenk, Nick and I derive from the latest drone crisis at Gatwick Airport. In response, the UK is seeking police powers that DHS recently obtained—over EFF’s bitter opposition.

Matthew unpacks the Fourth Circuit ruling that a politician cannot block constituents on her official Facebook page because it has become a public forum.

Nick explains how the Hal Martin Saga keeps getting weirder—and we try on the full aluminum foil hat to explain how the whole thing could have been orchestrated by the GRU to turn Kaspersky Lab into a hero.

Ron Wyden and Motherboard combined to get mobile phone companies to stop selling location data to third parties. I wonder whether we’ll regret the result. Nobody else does.

Happy New Year from Big Brother: Vietnam takes a leaf from the EU and Chinese playbooks, threatening Facebook with fines for allowing prohibited posts and failing to localize data.

For comic relief, we cover the cybersecurity misadventures of “El Chapo.” Nick Weaver sums up the lesson: Bespoke security is almost always bad security. Oh, and never take a phone from a paranoid boss.

We close with a quick review of how China has misused the Great Firewall to launch cyberattacks and what Silicon Valley (or the rest of us) can do in response. 

 

 

Download the 246th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-246.mp3
Category:general -- posted at: 10:44am EST

Nate Jones, David Kris and I kick off 2019 with a roundup of the month of news since we took our Christmas break. First, we break down the utterly predictable but undismissable Silicon Valley claim that the administration’s new export control strategy will hurt the emerging AI industry.

Then we draw on our guests’ expertise in counterintelligence prosecutions to review the APT10 indictment – and the claim by Jack Goldsmith and Robert Williams that the strategy is a failure. We conclude that it isn’t a magic bullet, but that’s not quite the same as a failure. I tease my plan to introduce two dozen more or less unthinkable retaliatory responses the U.S. could deploy if and when it decides to get more serious about deterring adversarial cyber operations.

We quickly cover three new hacks that once looked as though they might be government sponsored. Now it looks as though two were less strategic than that. The denial of service attack on newspaper printing may have been a profit-motivated ransomware attack, and the guy who doxxed the German political establishment may have been a lone hacker (hopefully not one weighing 400 pounds or we’ll never hear the end of it).

We quickly review the bidding on the U.S.-China “quantum arms race,” which may be a bit less critical than the press suggests.

David and Nate also review the mixed bag of rulings on three motions to suppress in Hal Martin’s NSA theft case, which just gets weirder and weirder. David and I are in surprising agreement (along with the judge) that the FBI overreached in using handcuffs, a flashbang and a SWAT team to conduct “noncustodial” questioning of Martin.

Today’s forecast: Windy with a high probability of litigation as Los Angeles sues The Weather Company for collecting and sharing location information in its apps. We suspect that, in claiming a lack of adequate disclosure about location collection, Los Angeles is relying on the ancient legal maxim, “Damned if you do and damned if you don’t.”

In other litigation news, Illinois’s biometric privacy law continues to encounter judicial skepticism. But the Illinois state courts, unburdened by federal standing law, may yet give teeth to this seriously dumb law as Rosenbach v. Six Flags lives on in the Illinois Supreme Court.

In Quick Hits, I am intrigued by the idea that a clever generative adversarial AI “cheated” at a mapping task. In fact, the lesson is both less exciting and more troubling: If you don’t understand how your AI is accomplishing the task you’ve set for it, you need to expect some rude surprises.

Despite all the talk of stasis and crisis in Washington, Congress is still passing modestly useful legislation on cyber issues. Nate describes the SECURE Technology Act, which sets vulnerability disclosure policy and calls for bug bounties at DHS.

And, finally, I recommend a fascinating and deeply ambivalating report on the many ways third-party sellers game Amazon’s Marketplace rules.

 

Download the 245th Episode (mp3).

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

 

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-245.mp3
Category:general -- posted at: 9:56am EST

1