In our last episode before the August break, the Cyberlaw Podcast drills down on the AI industry leaders’ trip to Washington, where they dutifully signed up to what Gus Hurwitz calls “a bag of promises.” Gus and I parse the promises, some of which are empty, others of which have substance. Along the way, we examine the EU’s struggling campaign to lobby other countries to adopt its AI regulation framework. Really, guys, if you don’t want to be called regulatory neocolonialists, maybe you shouldn’t go around telling former European colonies to change their laws to match Europe’s.

Jeffery Atik picks up the AI baton, unpacking Senate Majority Leader Chuck Schumer’s (D-N.Y.) overhyped set of AI amendments to the National Defense Authorization Act (NDAA), and panning authors’ claim that AI models have been “stealing” their works. Also this week, another endless and unjustified claim of high-tech infringement came to a likely close with appellate rejection of the argument that linking to a site violates the site’s copyright. We also cover the industry’s unfortunately well-founded fear of enabling face recognition and Meta’s unusual open-source AI strategy.

Richard Stiennon pulls the podcast back to the National Cybersecurity Implementation Plan, which I praised last episode for its disciplined format. Richard introduces us to an Atlantic Council report allowing several domain experts to mark up the text. This exposes flaws not apparent on first read; it turns out that the implementation plan took a few remarkable dives, even omitting all mention of one of the strategy’s more ambitious goals.  

Gus gives us a regulatory lawyer’s take on the FCC’s new cybersecurity label for IoT devices and the EPA’s beleaguered regulations for water system cybersecurity. He doubts that either program can be grounded in a grant of regulatory jurisdiction. Richard points out that CISA managed to get new cybersecurity concessions from Microsoft without even a pretense of regulatory jurisdiction. 

Gus gives us a quick assessment of the latest DOJ/FTC draft merger review guidelines. He thinks it’s an overreach that will tarnish the prestige and persuasiveness of the guidelines.

In quick hits:

• Richard updates us on the latest U.S. sanctions on European spyware firms. I offer a dissent from the whole campaign.

• Jeffery covers the brain drain in semiconductors from Europe to China, and we ask when it will hit the U.S. 

• Gus covers the latest technopanic and media handwringing over the use of technology to catch serial killers and drug dealers.

• Speaking of technopanics, I question the latest narrative expressing shock that an FBI agent searched the 702 database

Download 469th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast kicks off with a stinging defeat for the Federal Trade Commission (FTC), which could not persuade the courts to suspend the Microsoft-Activision Blizzard acquisition. Mark MacCarthy says that the FTC’s loss will pave the way for a complete victory for Microsoft, as other jurisdictions trim their sails. We congratulate Brad Smith, Microsoft’s President, whose policy smarts likely helped to construct this win.

Meanwhile, the FTC is still doubling down on its determination to pursue aggressive legal theories. Maury Shenk explains the agency’s investigation of OpenAI, which raises issues not usually associated with consumer protection. Mark and Maury argue that this is just a variation of the tactic that made the FTC the de facto privacy regulator in the U.S. I ask why policing ChatGPT’s hallucinatory libel problem constitutes consumer protection, and they answer, plausibly, that libel is a kind of deception, which the FTC does have authority to police.

Mark then helps us drill down on the Associated Press deal licensing its archives to OpenAI, a deal that may turn out to be good for both companies.

Nick Weaver and I try to make sense of the district court ruling that Ripple’s XRP is a regulated investment contract when provided to sophisticated buyers but not when sold to retail customers in the market. It is hard to say that it makes policy sense, since the securities laws are there to protect the retail customers more than sophisticated buyers. But it does seem to be at least temporary good news for the cryptocurrency exchanges, who now have a basis for offering what the SEC has been calling an unregistered security. And it’s clearly bad news for the SEC, which may not be able to litigate its way to the Cryptopocalypse it has been pursuing.

Andy Greenberg makes a guest appearance to discuss his WIRED story about the still mysterious mechanism by which Chinese cyberspies acquired the ability to forge Microsoft authentication tokens. 

Maury tells us why Meta’s Twitter-killer, Threads, won’t be available soon in Europe. That leads me to reflect on just how disastrously Brussels has managed the EU’s economy. Fifteen years ago, the U.S. and EU had roughly similar GDPs, at about $15 trillion each. Now the EU GDP has scarcely grown, while U.S. GCP is close to $25 trillion. It’s hard to believe that EU tech policy hasn’t contributed to this continental impoverishment, which Maury points out is even making Brexit look good. 

Maury also explains the French police drive to get explicit authority to conduct surveillance through cell phones. Nick offers his take on FISA section 702 reform. Stories. And Maury evaluates Amazon’s challenge to new EU content rules, which he thinks have more policy than legal appeal.

Not content with his takedown of the Ripple decision, Nick reviews all the criminal cases in which cryptocurrency enthusiasts are embroiled. These include a Chinese bust of Multichain, the sentencing of Variety Jones for his role in the Silk Road crime market, and the arrest of Alex Mashinsky, CEO of the cryptocurrency exchange Celsius.

Finally, in quick hits, 

• Mark and I duel over the lawsuit claiming that Texas’s TikTok Ban on government phones will threaten academic freedom.

• I praise the surprisingly good National Cybersecurity-Strategy Implementation Plan and puzzle over the decision not to nominate the acting head of that office to head the office permanently.

• And I note that the Allow States and Victims to Fight Online Sex Trafficking Act, also known as FOSTA-SESTA, reviled by the left, has withstood a constitutional challenge in the DC Circuit.

Download 468th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It’s surely fitting that a decision released on July 4 would set off fireworks on the Cyberlaw Podcast. The source of the drama was U.S. District Court Judge Terry Doughty’s injunction prohibiting multiple federal agencies from leaning on social media platforms to suppress speech the agencies don’t like. Megan Stifel, Paul Rosenzweig, and I could not disagree more about the decision, which seems quite justified to me, given the aggressive White House communications telling the platforms whose speech the government wanted suppressed. Paul and Megan argue that it’s not censorship, that the judge got standing law wrong, and that I ought to invite a few content moderation aficionados on for a full hour episode on the topic.  

That all comes after a much less lively review of recent stories on artificial intelligence. Sultan Meghji downplays OpenAI’s claim that they’ve taken a step forward in preventing the emergence of a “misaligned”—in other words evil—superintelligence. We note what may be the first real-life “liar’s dividend” from deep faked voice. Even more interesting is the prospect that large language models will end up poisoning themselves by consuming their own waste—that is, by being trained on recent internet discourse that includes large volumes of text created by earlier models. That might stall progress in AI, Sultan suggests. But not, I predict before government regulation tries to do the same; as witness, New York City’s law requiring companies that use AI in hiring to disclose all the evidence needed to sue them for discrimination. Also vying to load large language models with rent-seeking demands are Big Content lawyers. Sultan and I try to separate the few legitimate intellectual property claims against AI from the many bogus ones.  I channel a recent New York gubernatorial candidate in opining that the rent-seeking is too damn high. 

Paul dissects China’s most recent and self-defeating effort to deter the West from decoupling from Chinese supply chains. It looks as though China was so eager to punish the West that it rolled out supply chain penalties before it had the leverage to make the punishment stick. Speaking of self-defeating Chinese government policies, it looks as though the government’s two-minute hate directed at China’s fintech giants is coming to an end.

Sultan walks us through the wreckage of the American cryptocurrency industry, pausing to note the executive exodus from Binance and the end of the view that cryptocurrency could be squared with U.S. regulatory authorities. Not in this administration, and maybe not in any, and outcome that will delay financial modernization here for years. I renew my promise to get Gus Coldebella on the podcast to see if he can turn the tide of negativism. 

In quick hits and updates:

• There’s an effort afoot to amend the National Defense Authorization Act  to prevent American government agencies, and only American government agencies, from buying data available to everyone else. We are skeptical that it will pass. 

• The EU and the U.S. have reached a (third) transatlantic data transfer deal, and just in time for Meta, which was facing a new set of competition attacks on its data protection compliance.

• And Canada, which already looks ineffectual for passing a link tax that led Facebook and Google to simply drop links to Canadian media, now looks ineffectual and petty, announcing it has pulled its paltry advertising budget from Facebook.

• Oh, and last year’s social media villain is this year’s social media hero, at least on the left, as Meta launches Threads and threatens Twitter’s hopes for a recovery.

Download 467th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Geopolitics has always played a role in prosecuting hackers. But it’s getting a lot more complicated, as Kurt Sanger reports. Responding to a U.S. request, a Russian cybersecurity executive has been arrested in Kazakhstan, accused of having hacked Dropbox and Linkedin more than ten years ago. The executive, Nikita Kislitsin, has been hammered by geopolitics in that time. The firm he joined after the alleged hacking, Group IB, has seen its CEO arrested by Russia for treason—probably for getting too close to U.S. investigators. Group IB sold off all its Russian assets and moved to Singapore, while Kislitsin stayed behind, but showed up in Kazakhstan recently, perhaps as a result of the Ukraine war. Now both Russia and the U.S. have dueling extradition requests before the Kazakh authorities; Paul Stephan points out that Kazakhstan’s tenuous independence from Russia will be tested by the tug of war. 

In more hacker geopolitics, Kurt and Justin Sherman examine the hacking of a Russian satellite communication system that served military and civilian users. It’s reminiscent of the Viasat hack that complicated Ukrainian communications, and a bunch of unrelated commercial services, when Russia invaded. Kurt explores the law of war issues raised by an attack with multiple impacts. Justin and I consider the claim that the Wagner group carried it out as part of their aborted protest march on Moscow. We end up thinking that this makes more sense as the Ukrainians serving up revenge for Viasat at a time when it might complicate Russian’s response to the Wagner group.  But when it’s hacking and geopolitics, who really knows?

Paul outlines the legal theory—and antitrust nostalgia—behind the  FTC’s planned lawsuit targeting Amazon’s exploitation of its sales platform.  

We also ask whether the FTC will file the case in court or before the FTC’s own administrative law judge. The latter may smooth the lawsuit’s early steps, but it will also bring to the fore arguments that Lina Khan should recuse herself because she’s already expressed a view on the issues to be raised by the lawsuit. I’m not Chairman Khan’s biggest fan, but I don’t see why her policy views should lead to recusal; they are, after all, why she was appointed in the first place.

Justin and I cover the latest Chinese law raising the risk of doing business in that country by adopting a vague and sweeping view of espionage. 

Paul and I try to straighten out the EU’s apparently endless series of laws governing data, from General Data Protection Regulation (GDPR) and the AI Act to the Data Act (not to be confused with the Data Governance Act). This week, Paul summarizes the Data Act, which sets the terms for access and control over nonpersonal data. It’s based on a plausible idea—that government can unleash the value of data by clarifying and making fair the rules for who can use data in new businesses. Of course, the EU is unable to resist imposing its own views of fairness, thus upsetting existing commercial arrangements without really providing any certainty about what will replace them. The outcome is likely to reduce, not improve, the certainty that new data businesses want. 

Speaking of which, that’s the critique of the AI Act now being offered by dozens of European business executives, whose open letter slams the way the AI Act kludged the regulation of generative AI into a framework where it didn’t really fit. They accuse the European Parliament of “wanting to anchor the regulation of generative AI in law and proceeding with a rigid compliance logic [that] is as bureaucratic …  as it is ineffective in fulfilling its purpose.” And you thought I was the EU-basher. 

Justin recaps an Indian court’s rejection of Twitter’s lawsuit challenging the Indian government’s orders to block users who’ve earned the government’s ire. Kurt covers a matching story about whether Facebook should suspend Hun Sen’s Facebook account for threatening users with violence. I take us to Nigeria and question why social media thinks governments can be punished for threatening violence.

Finally, in two updates,

• I note that Google has joined Facebook in calling Canada’s bluff by refusing to link to Canadian news media in order to avoid the Canadian link tax. 

• And I do a victory lap for the Cyberlaw Podcast’s Amber Alert feature. One week after we nominated the Commerce Department’s IT supply chain security program for an Amber Alert, the Department answered the call by posting the supply chain czar position in USAJOBS.

Download 466th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Max Schrems is the lawyer and activist behind two (and, probably soon, a third) legal challenge to the adequacy of U.S. law to protect European personal data. Thanks to the Federalist Society’s Regulatory Transparency Project, Max and I were able to spend an hour debating the law and policy behind Europe’s generation-long fight with the United States over transatlantic data flows.  It’s civil, pointed, occasionally raucous, and wide-ranging – a fun, detailed introduction to the issues that will almost certainly feature in the next round of litigation over the latest agreement between Europe and the U.S. Don’t miss it!

Download 465th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.