The Cyberlaw Podcast

Paul Rosenzweig leads off with an enduring and fecund feature in Washington these days: China Tech Fear. We cover the Trump administration’s plan to blacklist up to five Chinese surveillance companies, including Hikvision, for contributing to human rights violations against Uighurs in the Xinjiang province in China, the Department of Homeland Security’s rather bland warning that commercial Chinese drones pose a data risk for U.S. users, and the difficulty U.S. chipmakers are facing in getting “deemed export” licenses for Chinese nationals.

We delve deeper into a remarkably shallow and agenda-driven New York Times article by Nicole Perlroth and Scott Shane blaming the National Security Agency for Baltimore’s ransomware problem without ever asking why the city failed for two years to patch its systems. David Kris uses the story to talk about the vulnerabilities equities process and its flaws.

There may be a lot—or nothing—to the Navy email “spyware” story, but David points out just how many modern cyber issues it touches. With the added fillip of a “Go Air Force, Beat Navy” theme not usually sounded in cybersecurity stories.

Paul expands on what I have called “Cheap Fakes” (as opposed to “Deep Fakes”): the Pelosi video manipulated to make her sound impaired. And he manages to find something approaching good news in the advance of faked video—it may mean the end of (video) blackmail.

But not the end of “revenge porn” and revenge porn laws. I ask Gus Hurwitz whether those laws are actually protected by the Constitution, and the answer turns out to be highly qualified. But, surprisingly, media lawyers aren’t objecting that revenge porn laws that criminalize the dissemination of true facts are on a slippery slope to criminalizing news media. That is the argument they’re making about the expanded charges of espionage against WikiLeaks founder Julian Assange. David offers his view of the pros and cons of the indictment.

And Gus closes us out with some almost unalloyed good news. Despite my suspicion of any bipartisan bill in the current climate, he insists that the Senate-passed anti-robocalling bill is a straight victory for the Forces of Good. But, he warns, the House could still screw things up by adding a private right of action along the lines of the Telephone Consumer Protection Act, which has provided the plaintiffs bar with an endless supply of cases without actually benefiting consumers.

You can subscribe to The Cyberlaw Podcast using iTunesGoogle PlaySpotifyPocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-265.mp3
Category:general -- posted at: 6:09pm EST

We begin this episode with a quick tour of the Apple antitrust decision that pitted two Trump appointees against each other in a 5-4 decision. Matthew Heiman and I consider the differences in judging styles that produced the split and the role that 25 years of “platform billionaires” may have played in the decision.

Eric Emerson joins us for the first time to talk about the legal fallout from the latest tariff increases on Chinese products. Short version: Companies have some short-term tactics to explore (country of origin, drawback, valuation), but large importers and resellers have to grapple with larger and costlier strategies of supply chain diversification and localization.

Meanwhile, China has not been taking the trade war lying down. In addition to its own tariff increases, it seems to be enforcing its demanding cybersecurity law more aggressively against foreign firms. I ask whether we are also seeing retaliation in Chinese courts as well.

In related news, Nick Weaver and I debate the potentially sweeping new Executive Order on Securing the Information and Communications Technology and Services Supply Chain.

Maury Shenk explains the UK Supreme Court ruling that expands the court’s authority over the UK’s intelligence agencies despite clear Parliamentary language to the contrary. Bottom line: Bad news for UK intelligence. Hidden good news for the U.S.: Turns out that there is something worse than activist judges interpreting a written constitution—activist judges who can more or less make up the constitution they want.

It was a cybersecurity disaster week for some of the biggest names in tech. Nick helps me understand which bugs were worst, Cisco’s, Intel’s or Microsoft’s. Then we review the equally bad week that the NSO Group and its WhatsApp exploit had.

Cleaning up in a lightning round, we cover the order requiring the Chinese owner of Grindr to sell by mid-2020. We also cover Canada’s approach to social media, which spurs me to praise France’s Macron (!) for his moderation. The EU has a plan for sanctions on cyberattackers; Matthew and I doubt it will get much use. I think too much fuss is being made over leak investigators using Web bugs to see if defense counsel at Guantanamo have been leaking; Nick disagrees, at least a bit. And I close with yet another item in the long-running feature, “This Week in Internet Sex Toy Law.” Suffice it to say that the latest case can’t be understood without consulting both Orin Kerr and Jerry Seinfeld.

  

Download the 264th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-264.mp3
Category:general -- posted at: 3:46pm EST

With apologies for the late post, Episode 263 of The Cyberlaw Podcast tells the sad tale of another U.S. government leaker who unwisely trusted The Intercept not to compromise its source. As Nick Weaver points out, The Intercept also took forever to actually report on some of the material it received.

In other news, Brian Egan and Nate Jones agree that Israel broke no new ground in bombing the headquarters of Hamas’s rudimentary hacking operation during active hostilities.

Nick and I dig into the significance of China’s use of intrusion tools pioneered by NSA. We also question the New York Times’s grasp of the issue

The first overt cyberattack on the U.S. electric grid was a bust, I note, but that’s not much comfort.

How many years of being told “I’m washing my hair that night” should tell you you’re not getting anywhere? The FCC probably thought China Mobile should have gotten the hint after eight years of no action on its application to provide US service, but just in case the message didn’t get through, it finally pulled the plug last week.

Delegating to Big Social the policing of terrorist content has a surprising downside, as Nate points out. Sometimes the government or civil society need that data to make a court case.

We touch briefly on Facebook’s FTC woes and whether Sen. Hawley (R.-Mo.) should be using the privacy stick to beat a company he’s mad at for other reasons. I reprise my longstanding view that privacy law is almost entirely about beating companies that you’re mad at for other reasons.

 

Download the 263rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-263.mp3
Category:general -- posted at: 3:02pm EST

Has the Chinese government hired American lawyers to vet their cyberespionage tactics—or just someone who cares about opsec? Probably the latter, and if you’re wondering why China would suddenly care about opsec, look no further than Supermicro’s announcement that it will be leaving China after a Bloomberg story claiming that the company’s supply chain was compromised by Chinese actors. Nick Weaver, Joel Brenner and I doubt the Bloomberg story, but it has cost Supermicro a lot of sales—and even if it isn’t true this time, the scale and insouciance of past Chinese cyberespionage make it inherently believable. Hence the company’s shift to other sources (and, maybe, a new caution on the part of Chinese government hackers).

GDPR and the California Consumer Privacy Act (CCPA) may be the Dumb and Dumber of privacy law, but neither is going away. And for the next six months, California’s legislature will be struggling against a deadline to make sense of the CCPA. Meegan Brooks gives us an overview.

But we in Washington can’t get too smug about California’s deadline-driven dysfunction. Congress also faces a year-end deadline to renew the Section 215 program, and even the executive branch hasn’t decided what it wants. Joel takes us through the program’s history, its snake-bitten implementation, and the possible outcomes in Congress.

This week in Silicon Valley content control: Facebook dropped the link-ban hammer on Louis Farrakhan, Alex Jones and Milo Yiannopoulos for being “dangerous.” But did it really? Once again, I volunteer to put my Facebook access at risk by testing Facebook’s censorship engine—posting a different Infowars story there every day. Not because I love the conspiracy-mongering Alex Jones but because banning links is a bad idea. (Among other things, you can’t really pile links up and burn them in cinematic pyres at rallies.) But both Facebook and Jones may have a codependent interest in overstating the ban, because as of Day 4 of my experiment, my Facebook account is still alive and well, as are the Infowars links.

The FBI has accused U.S. scientists of sending intellectual property to China, running shadow labs and (this part really appalls Nick) corrupting the peer review process at NIH. Science magazine suggests that the flap is born of racial bias.

We close the episode with the latest and most shocking facial recognition scandal. It turns out face recognition researchers are chasing down unwilling subjects and restraining them to get the subjects’ pictures—all in service to untried and udderly unreliable technology. All we need to turn this into a major scandal is a public policy entrepreneur willing to work the intersection between the EFF and PETA. 

 

 

Download the 262nd Episode (mp3).

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts or our RSS feed!

 

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-262.mp3
Category:general -- posted at: 5:43pm EST

1