The latest episode of The Cyberlaw Podcast was not created by chatbots (we swear!). Guest host Brian Fleming, along with guests Jay Healey, Maury Shenk, and Nick Weaver, discuss the latest news on the AI revolution including Google’s efforts to protect its search engine dominance, a fascinating look at the websites that feed tools like ChatGPT (leading some on the panel to argue that quality over quantity should be goal), and a possible regulatory speed bump for total AI world domination, at least as far as the EU’s General Data Privacy Regulation is concerned. Next, Jay lends some perspective on where we’ve been and where we’re going with respect to cybersecurity by reflecting on some notable recent and upcoming anniversaries. The panel then discusses recent charges brought by the Justice Department, and two arrests, aimed at China’s alleged attempt to harass dissidents living in the U.S. (including with fake social media accounts) and ponders how much of Russia’s playbook China is willing to adopt. Nick and Brian then discuss the Securities and Exchange Commission’s complaint against Bittrex and what it could portend for others in the crypto space and, more broadly, the future of crypto regulation and enforcement in the U.S. Maury then discusses the new EU-wide crypto regulations, and what the EU’s approach to regulating this industry could mean going forward. The panel then takes a hard look at an alarming story out of Taiwan and debates what the recent “invisible blockade” on Matsu means for China’s future designs on the island and Taiwan’s ability to bolster the resiliency of its communications infrastructure. Finally, Nick covers a recent report on the Mexican government’s continued reliance on Pegasus spyware. To wrap things up in the week’s quick hits, Jay proposes updating the Insurrection Act to avoid its use as a justification for deploying military cyber capabilities against U.S. citizens, Nick discusses the dangers of computer generated swatting services, Brian highlights the recent Supreme Court argument that may settle whether online stalking is a “true threat” v. protected First Amendment activity, and, last but not least, Nick checks in on Elon Musk’s threat to sue Microsoft after Twitter is dropped from its ad platform.

Download 454th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Every government on the planet announced last week an ambition to regulate artificial intelligence. Nate Jones and Jamil Jaffer take us through the announcements. What’s particularly discouraging is the lack of imagination, as governments dusted off their old prejudices to handle this new problem. Europe is obsessed with data protection, the Biden administration just wants to talk and wait and talk some more, while China must have asked ChatGPT to assemble every regulatory proposal for AI ever made by anyone and translate it into Chinese law. 

Meanwhile, companies trying to satisfy everyone are imposing weird limits on their AI, such as Microsoft’s rule that asking for an image of Taiwan’s flag is a violation of its terms of service. (For the record, so is asking for China’s flag but not asking for an American or German flag.)

Matthew Heiman and Jamil take us through the strange case of the airman who leaked classified secrets on Discord. Jamil thinks we brought this on ourselves by not taking past leaks sufficiently seriously.

Jamil and I cover the imminent Montana statewide ban on TikTok. He thinks it’s a harbinger; I think it may be a distraction that, like Trump’s ban, produces more hostile judicial rulings.

Nate unpacks the California Court of Appeals’ unpersuasive opinion on law enforcement use of geofencing warrants.

Matthew and I dig into the unanimous Supreme Court decision that should have independent administrative agencies like the Federal Trade Commission and Securities and Exchange Commission trembling. The court held that litigants don’t need to wend their way through years of proceedings in front of the agencies before they can go to court and challenge the agencies’ constitutional status. We both think that this is just the first shoe to drop. The next will be a full-bore challenge to the constitutionality of agencies beholden neither to the executive or Congress. If the FTC loses that one, I predict, the old socialist realist statue “Man Controlling Trade” that graces its entry may be replaced by one that PETA and the Chamber of Commerce would like better. Bing’s Image Creator allowed me to illustrate that possible outcome. See attached.

 In quick hits: 

• I update listeners on the fight over renewal of Section 702 of the Foreign Intelligence Surveillance Act and the FBI’s search of its 702 database for messages about Congressman Darin LaHood (R-Ill.). It’s far from a scandal, and it may show that the whole effort to treat such searches as shocking privacy intrusions is bogus. 

• Hackers have claimed deep access to Western Digital systems. The good news is that they seem unable to encrypt it all, so they’re relying on doxing threats to earn the ransom they want.

• The Indian government has given itself authority to “fact check and order the deletion of social media posts. Nobody thinks that’s a good idea, but when I ask whether it’s all that different from the CDC/social media alliance that suppressed true information during COVID times, Jamil disagrees. If you’ve missed our conservative catfights, this is a taste of things to come.

Download 453rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

We do a long take on some of the AI safety reports that have been issued in recent weeks. Jeffery Atik first takes us through the basics of attention based AI, and then into reports from OpenAI and Stanford on AI safety. Exactly what AI safety covers remains opaque (and toxic, in my view, after the ideological purges committed by Silicon Valley’s “trust and safety” bureaucracies) but there’s no doubt that a potential existential issue lurks below the surface of the most ambitious efforts. Whether ChatGPT’s stochastic parroting will ever pose a threat to humanity or not, it clearly poses a threat to a lot of people’s reputations, Nick Weaver reports.

One of the biggest intel leaks of the last decade may not have anything to do with cybersecurity. Instead, the disclosure of multiple highly classified documents seems to have depended on the ability to fold, carry, and photograph the documents. While there’s some evidence that the Russian government may have piggybacked on the leak to sow disinformation, Nick says, the real puzzle is the leaker’s motivation. That leads us to the question whether being a griefer is grounds for losing your clearance.  

Paul Rosenzweig educates us about the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act, which would empower the administration to limit or ban TikTok. He highlights the most prominent argument against the bill, which is, no surprise, the discretion the act would confer on the executive branch. The bill’s authors, Sen. Mark Warner (D-Va.) and Sen. John Thune (R-S.D.), have responded to this criticism, but it looks as though they’ll be offering substantive limits on executive discretion only in the heat of Congressional action. 

Nick is impressed by the law enforcement operation to shutter Genesis Market, where credentials were widely sold to hackers. The data seized by the FBI in the operation will pay dividends for years.  

I give a warning to anyone who has left a sensitive intelligence job to work in the private sector: If your new employer has ties to a foreign government, the Director of National Intelligence has issued a new directive that (sort of) puts you on notice that you could be violating federal law. The directive means the intelligence community will do a pretty good job of telling its employees when they take a job that comes with post-employment restrictions, but IC alumni are so far getting very little guidance. 

Nick exults in the tough tone taken by the Treasury in its report on the illicit finance risk in decentralized finance.

Paul and I cover Utah’s bill requiring teens to get parental approval to join social media sites. After twenty years of mocking red states for trying to control the internet’s impact on kids, it looks to me as though Knowledge Class parents are getting worried for their own kids. When the idea of age-checking internet users gets endorsed by the UK, Utah, and the New Yorker, I suggest, those arguing against the proposal may have a tougher time than they did in the 90s. 

And in quick hits: 

• Nick comments on the massive 3CX supply-chain hack, which seems to have been a fishing-with-dynamite effort to steal a few people’s cryptocurrency.

• I raise doubts about a much-cited claim that a Florida city’s water system was the victim of a cyber attack.

• Nick unloads on Elon Musk for drawing a German investigation over Twitter’s failure to promptly remove hate speech.

• Paul and I note the UK’s most recent paper on how to exercise cyber power responsibly.  

• And Nick and I puzzle over the conflict between the Biden administration and the New York Times about a spyware contract that supposedly undermined the administration’s stance on spyware.

Download 452nd Episode (mp3) 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Dmitri Alperovitch joins the Cyberlaw Podcast to discuss the state of semiconductor decoupling between China and the West. It’s a broad movement, fed by both sides. China has announced that it’s investigating Micron to see if its memory chips should still be allowed into China’s supply chain (spoiler: almost certainly not). Japan has tightened up its chip-making export control rules, which will align it with U.S. and Dutch restrictions, all with the aim of slowing China’s ability to make the most powerful chips. Meanwhile, South Korea is boosting its chipmakers with new tax breaks, and Huawei is reporting a profit squeeze.

The Biden administration spent much of last week on spyware policy, Winnona DeSombre Berners reports. How much it actually accomplished isn’t clear. The spyware executive order restricts U.S. government purchases of surveillance tools that threaten U.S. security or that have been misused against civil society targets. And a group of like-minded nations have set forth the principles they think should govern sales of spyware. But it’s not as though countries that want spyware are going to have a tough time finding, I observe, despite all the virtue signaling. Case in point: Iran is getting plenty of new surveillance tech from Russia these days. And spyware campaigns continue to proliferate. 

Winnona and Dmitri nominate North Korea for the title “Most Innovative Cyber Power,” acknowledging its creative use of social engineering to steal cryptocurrency and gain access to U.S. policy influencers.

Dmitri covers the TikTok beat, including the prospects of the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act., which he still rates high despite some criticism from the right. Winnona and I debate the need for another piece of legislation given the breadth of CFIUS review and International Emergency Economic Powers Act sanctions. 

Dmitri and I note the arrival of GPT-4 cybersecurity, as Microsoft introduces “Security Copilot.” We question whether this will turn out to be a game changer, but it does suggest that bespoke AI tools could play a role in cybersecurity (and pretty much everything else.) 

In other AI news, Dmitri and I wonder at Italy’s decision to cut itself off from access to ChatGPT by claiming that it violates Italian data protection law. That may turn out to be a hard case to prove, especially since the regulator has no clear jurisdiction over OpenAI, which is now selling nothing in Italy. In the same vein, there may be a safety reason to be worried by how fast AI is proceeding these days, but the letter proposing a six-month pause for more safety review  is hardly persuasive—specially in a world where “safety” seems to mostly be about stamping out bad pronouns. 

In news Nick Weaver will kick himself for missing, Binance is facing a bombshell complaint from the Commodities Futures Trading Commission (CFTC) (the Binance response is here). The CFTC clearly had access to the suicidally candid messages exchanged among Binance’s compliance team. I predict criminal indictments in the near future and wonder if the CFTC’s taking the lead on the issue has given it a jurisdictional leg up on the SEC in the turf fight over who regulates cryptocurrency.

Finally, we close with a review of a  book arguing that pretty much anyone who ever uttered the words  “China’s peaceful rise” was the victim of a well-planned and highly successful Chinese influence operation.

Download 451st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.