The OpenAI corporate drama came to a sudden end last week. So sudden, in fact, that the pundits never quite figured out What It All Means. Jim Dempsey and Michael Nelson take us through some of the possibilities. It was all about AI accelerationists v. decelerationists. Or it was all about effective altruism. Or maybe it was Sam Altman’s slippery ambition. Or perhaps a new AI breakthrough – a model that can actually do more math than the average American law student. The one thing that seems clear is that the winners include Sam Altman and Microsoft, while the losers include illusions about using corporate governance to engage in AI governance.

The Google antitrust trial is over – kind of. Michael Weiner tells us that all the testimony and evidence has been gathered on whether Google is monopolizing search, but briefs and argument will take months more – followed by years more fighting about remedy if Google is found to have violated the antitrust laws. He sums up the issues in dispute and makes a bold prediction about the outcome, all in about ten minutes.

Returning to AI, Jim and Michael Nelson dissect the latest position statement from Germany, France, and Italy. They see it as a repudiation of the increasingly kludgey AI Act pinballing its way through Brussels, and a big step in the direction of the “light touch” AI regulation that is mostly being adopted elsewhere around the globe. I suggest that the AI Act be redesignated the OBE Act in recognition of how thoroughly and frequently it’s been overtaken by events.

Meanwhile, cyberwar is posing an increasing threat to civil aviation. Michael Ellis covers the surprising ways in which GPS spoofing has begun to render even redundant air navigation tools unreliable. Iran and Israel come in for scrutiny. And it won’t be long before Russia and Ukraine develop similarly disruptive drone and counterdrone technology. It turns out, Michael Ellis reports, that Russia is likely ahead of the U.S. in this war-changing technology. 

Jim brings us up to date on the latest cybersecurity amendments from New York’s department of financial services. On the whole, they look incremental and mostly sensible.

Senator Ron Wyden (D-OR) is digging deep into his Golden Oldies collection, sending a letter to the White House expressing shock to have discovered a law enforcement data collection that the New York Times (and the rest of us) discovered in 2013. The program in question allows law enforcement to get call data but not content from AT&T with a subpoena. The only surprise is that AT&T has kept this data for much more than the industry-standard two or three years and that federal funds have helped pay for the storage.

Michael Nelson, on his way to India for cyber policy talks, touts that nation’s creative approach to the field, as highlighted in Carnegie’s series on India and technology. He’s less impressed by the UK’s enthusiasm for massive new legislative initiatives on technology. I think this is Prime Minister Rishi Sunak trying to show that Brexit really did give the UK new running room to the right of Brussels on data protection and law enforcement authority.

Download 483rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Paul Rosenzweig brings us up to date on the debate over renewing section 702, highlighting the introduction of the first credible “renew and reform” measure by the House Intelligence Committee. I’m hopeful that a similarly responsible bill will come soon from Senate Intelligence and that some version of the two will be adopted. Paul is less sanguine. And we all recognize that the wild card will be House Judiciary, which is drafting a bill that could change the renewal debate dramatically.

Jordan Schneider reviews the results of the Xi-Biden meeting in San Francisco and speculates on China’s diplomatic strategy in the global debate over AI regulation. No one disagrees that it makes sense for the U.S. and China to talk about the risks of letting AI run nuclear command and control; perhaps more interesting (and puzzling) is China’s interest in talking about AI and military drones.

Speaking of AI, Paul reports on Sam Altman’s defenestration from OpenAI and soft landing at Microsoft. Appropriately, Bing Image Creator provides the artwork for the defenestration but not the soft landing.  

Nick Weaver covers Meta’s not-so-new policy on political ads claiming that past elections were rigged. I cover the flap over TikTok videos promoting Osama Bin Laden’s letter justifying the 9/11 attack.

Jordan and I discuss reports that Applied Materials is facing a criminal probe over shipments to China's SMIC. 

Nick reports on the most creative ransomware tactic to date: compromising a corporate network and then filing an SEC complaint when the victim doesn’t disclose it within four days. This particular gang may have jumped the gun, he reports, but we’ll see more such reports in the future, and the SEC will have to decide whether it wants to foster this business model. 

I cover the effort to disclose a bitcoin wallet security flaw without helping criminals exploit it.

And Paul recommends the week’s long read: The Mirai Confession – a detailed and engaging story of the kids who invented Mirai, foisted it on the world, and then worked for the FBI for years, eventually avoiding jail, probably thanks to an FBI agent with a paternal streak.

Download 482nd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

That, at least, is what I hear from my VC friends in Silicon Valley. And they wouldn’t get an argument this week from EU negotiators facing what looks like a third rewrite of the much-too -early AI Act. Mark MacCarthy explains that negotiations over an overhaul of the act demanded by France and Germany led to a walkout by EU parliamentarians. The cause? In their enthusiasm for screwing American AI companies, the drafters inadvertently screwed a French and a German AI aspirant

Mark is also our featured author for an interview about his book, "Regulating Digital Industries: How Public Oversight Can Encourage Competition, Protect Privacy, and Ensure Free Speech" I offer to blurb it as “an entertaining, articulate and well-researched book that is egregiously wrong on almost every page.” Mark promises that at least part of my blurb will make it to his website. I highly recommend it to Cyberlaw listeners who mostly disagree with me – a big market, I’m told.

Kurt Sanger reports on what looks like another myth about Russian cyberwarriors – that they can’t coordinate with kinetic attacks to produce a combined effect. Mandiant says that’s exactly what Sandworm hackers did in Russia’s most recent attack on Ukraine’s grid.

Adam Hickey, meanwhile, reports on a lawsuit over internet sex that drove an entire social media platform out of business. Meanwhile, Meta is getting beat up on the Hill and in the press for failing to protect teens from sexual and other harms. I ask the obvious question: Who the heck is trying to get naked pictures of Facebook’s core demographic?

Mark explains the latest EU rules on targeted political ads – which consist of several perfectly reasonable provisions combined with a couple designed to cut the heart out of online political advertising. 

Adam and I puzzle over why the FTC is telling the U.S. Copyright Office that AI companies are a bunch of pirates who need to be pulled up short. I point out that copyright is a multi-generational monopoly on written works. Maybe, I suggest, the FTC has finally combined its unfairness and its anti-monopoly authorities to protect copyright monopolists from the unfairness of Fair Use. Taking an indefensible legal position out of blind hatred for tech companies? Now that I think about it, that is kind of on-brand for Lina Khan’s FTC. 

Adam and I disagree about how seriously to take press claims that AI generates images that are biased. I complain about the reverse: AI that keeps pretending that there are a lot of black and female judges on the European Court of Justice.  

Kurt and Adam reprise the risk to CISOs from the SEC's SolarWinds complaint – and all the dysfunctional things companies and CISOs will soon be doing to save themselves.

In updates and quick hits: 

• Adam and I flag some useful new reports from Congress on the disinformation excesses of 2020. We both regret the fact that those excesses now make it unlikely the U.S. will do much about foreign government attempts to influence the 2024 election. 

• I mourn the fact that we won’t be covering Susannah Gibson again. Gibson raised campaign funds by doing literally what most politicians only do metaphorically. She has, gone down to defeat in her Virginia legislative race. 

• In Cyberlaw Podcast alumni news, Alex Stamos and Chris Krebs have sold their consulting firm to SentinelOne. They will only be allowed back on the podcast if they bring the Gulfstream.  

• I also note that Congress is finally starting to put some bills to renew section 702 of FISA into the hopper. Unfortunately, the first such bill, a merger of left and right extremes called the Government Surveillance Reform Act, probably should have gone into the chipper instead. 

Download 481st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In a law-packed Cyberlaw Podcast episode, Chris Conte walks us through the long, detailed, and justifiably controversial SEC enforcement action against SolarWinds and its top infosec officer, Tim Brown. It sounds to me as though the SEC’s explanation for its action will (1) force companies to examine and update all of their public security documents, (2) transmit a lot more of their security engineers’ concerns to top management, and (3) quite possibly lead to disclosures beyond those required by the SEC’s new cyber disclosure rules that would alert network attackers to what security officials know about the attack in something close to real time. 

Jim Dempsey does a deep dive into the administration’s executive order on AI, adding details not available last week when we went live. It’s surprisingly regulatory, while still trying to milk jawboning and public-private partnership for all they’re worth. The order more or less guarantees a flood of detailed regulatory and quasiregulatory initiatives for the rest of the President’s first term. Jim resists our efforts to mock the even more in-the-weeds OMB guidance, saying it will drive federal AI contracting in significant ways. He’s a little more willing, though, to diss the Bletchley Park announcement on AI principles that was released by a large group of countries. It doesn’t say all that much, and what it does say isn’t binding. 

David Kris covers the Supreme Court’s foray into cyberlaw this week – oral argument in two cases about when politicians can curate the audience that interacts with their social media sites. This started as a Trump issue, David reminds us, but it has lost its predictable partisan valence, so now it’s just a surprisingly hard constitutional controversy that, as Justice Elena Kagan almost said, left the Supreme Court building littered with first amendment rights.

Finally, I drop in on Europe to see how that Brussels Effect is doing. Turns out that, after years of huffing and puffing, the privacy bureaucrats are dropping the hammer on Facebook’s data-fueled advertising model. In a move that raises doubts about how far from Brussels the Brussels Effect can reach, Facebook is changing its business model, but just for Europe, where kids won’t get ads and grownups will have the dubious option of paying about ten bucks a month for Facebook and Insta. Another straw in the wind: Ordered by the French government to drop Russian government news channels, YouTube competitor Rumble has decided to drop France instead.

Download 480th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.