The Cyberlaw Podcast

Our interview guests are Dick Clarke and Rob Knake, who have just finished their second joint book on cybersecurity, The Fifth Domain. We talk about what they got right and wrong in their original book. There are surprising flashes of optimism from Clarke and Knake about the state of cybersecurity, and the book itself is an up-to-date survey of the policy environment. Best of all, they have the courage to propose actual policy solutions to problems that many others just admire. I disagree with about half of their proposals, so much light and some heat are shed in the interview, which I end by bringing back the McLaughlin Group tradition of rapid-fire questions and an opinionated “you’re wrong” whenever the moderator disagrees. C’mon, you know the arguments are really why you listen, so enjoy this one!

In the news roundup, Gus Hurwitz covers the Supreme Court’s ruling on when a forum is subject to First Amendment limits. Short version: There is no Justice who thinks Silicon Valley’s platforms are public fora subject to the First Amendment. Sen. Hawley (R.-Mo.) is mocked, which prompts me to invite him to defend himself on a future episode (not because the First Amendment applies to the podcast but because it would be fun).

Matthew Heiman spells out the thinking behind Facebook’s proposed cryptocurrency. He thinks it’s all about the data; I think it’s all about WeChat. Whatever the motive, every regulatory body in Europe and the U.S. has descended on the company to extract concessions—or perhaps to kill it outright, as our own Nick Weaver has proposed.

Maury Shenk reports on the U.S. government’s threat to limit Indian H-1B visas if India persists in its extreme data localization policies. I suggest that the fight may be as much about terrorism finance as protectionism.

This week behind the Silicon Curtain: Apple is considering moving 15-30% of its production capacity out of China. Matthew and I agree that it’s easier said than done, but that the move is inevitable.

Gus lays out the difficulties that YouTube has had meeting the child protection requirements of the Child Online Privacy Protection Rule and the Federal Trade Commission’s growing interest in changing YouTube’s approach to videos aimed at kids.

Is China’s social credit rating system a Potemkin village? Bloomberg seems to think so, but Maury has his doubts. So, if you thought you could stop fearing the system and start laughing at it, better think again. 

Finally, this week in karma: The medical billing firm whose cybersecurity failings resulted in multiple medical data breaches has filed for bankruptcy, evidently the result of liabilities arising from the breach.

 

Download the 269th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-269.mp3
Category:general -- posted at: 8:19am EST

We kick off Episode 267 with Gus Hurwitz reading the runes to see whether a 50-year Chicago winter for antitrust plaintiffs is finally thawing in Silicon Valley. Gus thinks the predictions of global antitrust warming are overhyped. But he recognizes we’re seeing an awful lot of robins on the lawn: The rise of Margrethe Vestager in the EU, the enthusiasm of state AGs for suing Big Tech, and the piling on of Dem presidential candidates and the House of Representatives. Judge Koh’s Qualcomm decision is another straw in the wind, triggering criticism from Gus (“an undue extension of Aspen Skiing”) and me (“the FTC needs a national security minder in privacy and competition law”). Matthew Heiman tells me I’m on the wrong page in suggesting that Silicon Valley’s suppression of conservative speech is a detriment to consumer welfare that the antitrust laws should take it into account, even in a Borkian world

I mock Austrian Greens for suing to censor speech calling it a “fascist party”—and not just in Austria but around the world. That’ll show ‘em, guys. Less funny is the European Court of Justice’s advocate general, who more or less buys the Greens’ argument. And thereby reminds us why we miss Tom Wolfe, who famously said, “The dark night of fascism is always descending in the United States and yet lands only in Europe.”

Nate Jones answers the question, “Were the Russians much better at social media than we thought?” All the adjustments to that story, he notes, have increased the sophistication we’ve seen in Russia’s social media attacks.

This Week in Host Self-Promotion: I take advantage of the topic to urge my solution to the utterly unsolved problem of hack-and-dox attacks by foreign governments on U.S. candidates they don’t like: Ban the distribution of data troves stolen from candidates and officials. Nate agrees that the First Amendment doctrine here is a lot friendlier to my proposal than most people think, but he cautions that the details get messy fast.

Matthew comments on Baltimore’s tragedy of errors in handling its ransomware attack. The New York Times’ effort to pin the blame on NSA, which always looked tendentious and agenda-driven, now has another problem: It’s almost certainly dead wrong. EternalBlue doesn’t seem to have been used in the ransomware attack. Baltimore’s best case now is that its cybersecurity sucked so bad that other, completely unrelated hackers were using EternalBlue to wander the city’s system.

Speaking of cybersecurity, Matthew reminds us of two increasingly common and dangerous hacker tactics: (1) putting the “P” in APT by hanging around the system so long that you’ve downloaded all the manuals, taken all the online training, and know exactly when and how to scam the system; and (2) finding someone with lousy network security who’s connected to a harder target and breaking in through the third party.

Finally, Gary Goldsholle helps us make sense of the litigation between the SEC and Kik, which launched a cryptotoken that it insisted wasn’t a security offering and then crowdfunded its lawsuit against the SEC. So, good news for lawyers if nothing else, and perhaps for future Initial Popcorn Offerings. 

 

Download the 267th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-267.mp3
Category:general -- posted at: 5:41pm EST

If you’ve lost the Germans on privacy, you’ve lost Europe, and maybe the world. That’s the lesson that emerges from my conversation with David Kris and Paul Rosenzweig about the latest declaration that the German interior minister wants to force messaging apps to decrypt chats. This comes at the same time that industry and civil society groups are claiming that GCHQ’s “ghost proposal” for breaking end-to-end encryption should be rejected. The paper, signed by all the social media giants, says that GCHQ’s proposal will erode the trust that users place in Silicon Valley. I argue that that argument is well past its sell-by date.

Speaking of trust, Paul outlines the latest tit-for-tat in the growing Silicon Curtain between the US and China, as that country announces plans to publish an “unreliable entities” list. I note that the same spirit seems to be animating the announcement that China and Russia are transitioning their militaries from Microsoft Windows to other operating systems. Talk about a bonanza for the NSA: Just the coding errors will sustain its hackers for a generation – even in the unlikely event that the Chinese and Russians resist the temptation to seed the system with backdoors aimed at their erstwhile coding partners.

Maury Shenk highlights the latest German effort to regulate “broadcasting” of content on the Internet, which the German authority says will mandate transparency and diversity. I think it’s transparently about locking in the German establishment, a view hardly contradicted by the ham-handed way CDU leader Annegret Kramp-Karrenbauer responded to the CDU’s drubbing in the EU elections. The losses were widely attributed to YouTube influencers who urged young voters to reject the main parties. The solution, AKK suggested, was more regulation of YouTube influencers. Ja, natürlich.

David brings us up to date on Iran’s latest effort to engage in social media manipulation and Facebook’s response.

Alicia Loh parses a D.C. Circuit ruling that all the White House has to do to comply with laws on keeping records of official communications is send out a memo. That obligation was satisfied, the court ruled, by a memo telling White House staff who use “vanishing” messaging apps to take screenshots of any official communications and preserve the messages. Alicia is practically the only member of our panel who even knows how to take a screenshot on a phone, which suggests that White House staff compliance might be, well, underwhelming.

Maury gives us a quick update on US states imitating GDPR. Short version: Watch California and then New York. 

And in a lightning round, I am struck by the sight of an FTC commissioner begging the Ninth Circuit not to uphold the FTC’s position in the Qualcomm case on appeal. Maury and I note the growing demand for mass contract labor spurred by the need to train AI. And Paul and I speculate on the probability of antitrust cases against Google and Amazon. It’s been a long cold Chicago winter for antitrust plaintiffs, we conclude, but a change in the climate may be coming. 

Download the 266th Episode (mp3). 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-266.mp3
Category:general -- posted at: 4:55pm EST

1