The Cyberlaw Podcast (general)

This is my favorite story of the episode. David Kris covers a report from the Privacy and Civil Liberties Oversight Board on the enormous value that European governments get in fighting terrorism from the same American surveillance programs that European institutions have been fighting for twenty years to shut down.  It’s a delightful takedown of European virtue-signaling, and I hope the Biden Administration gives the PCLOB a new name and mission in honor of the report.

But we begin the news roundup with a review of the U.S.-China tech relationship and how it might change under a Biden administration. The Justice Department has issued itself a glowing report card for its contribution to decoupling—the opening of new China-related counterintelligence case every 10 hours. I wonder how long this can go on before China starts arresting American businessmen—and kicks off another round of decoupling.

Speaking of decoupling, the latest legislation aimed at prison labor in China may be getting uncomfortably close to hitting Apple, which is quietly lobbying to water down a bill that most of us expect to pass soon by overwhelming majorities. Megan Stifel and I conclude that the provision that probably scares Apple most is an obligation to make representations about whether the company’s products include parts made with prison labor. That is increasingly difficult to figure out as China has limited audits for such purposes, putting Apple in an increasingly tight spot. Sympathy for Tim Cook is in short supply.

Speaking of legacy burnishing, the Trump White House has issued its own set of guidelines for federal agencies using artificial intelligence (AI). Nick Weaver thinks it’s actually not bad—light touch on most topics—which may be the nicest thing he’s said about a product of this White House in four years. Sticking with AI, Nick comments on the prospect for putting humans in the loop of AI decision making.  He thinks that’s a recipe for lousy AI, and that campaigns to get a “Human in the Loop” for lethal systems have already lost the technology fight. At best, we can hope to have our poky old brains “on the loop” in future AI conflicts.

More good news: There is an IOT security bill that Megan and I both like (Megan more than I) and that Congress has passed and sent to the President for signature. It only sets standards for IOT that the federal government buys, but that’s a good first step.

As a former NSAer, I explain “GCHQ envy” to David, and he provides the latest reason why it must be rampant at the Fort this year, as the agency introduces a new offensive cyber unit to take on organized crime and hostile states.

David also takes on the question whether there’s a legal problem with the U.S. military buying location data from apps companies.  Short answer: Nope.

Megan explains a now-patched Facebook Messenger bug that would have allowed hackers to listen in on users. Nick tells us why the FBI needed to hire robots to retrieve sensitive files. Megan gives us some staggering statistics about the prevalence of ransomware. Hint: if you thought COVID-19 was a pandemic, you ain’t seen nothin’ yet. I give a quick summary of the TikTok and WeChat ban litigation, where the government is unlimbering a host of new technical arguments.

I give a shoutout to Sean Joyce, whose principles led him to walk away from what is probably going to be serious money when Airbnb goes public. The company’s leadership let him argue against giving data about individual users to the Chinese government before the users actually move in.  But the debate ended when one of the execs opined, “We’re not here to promote American values.” That may not be a good look for Airbnb, but it is for Joyce, who left the company within weeks over the principle.

And, finally, it turns out that the FCC is in its last weeks of Trump legacy burnishing; facing a deadline in January 2020, it had to choose between starting to write regulations about the scope of section 230 and dealing with foreign products in the 5G infrastructure.  It chose 5G.

And more.

Download the 339th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-339.mp3
Category:general -- posted at: 8:57am EDT

Another week, another Trump administration initiative to hasten the decoupling from China. As with MIRV warheads, the theory seems to be that the next administration can’t shoot them all down.  Brian Egan lays out this week’s initiative, which lifts from obscurity a DoD list of Chinese military companies and excludes them from U.S. capital markets.

Our interview is with Frank Cilluffo and Mark Montgomery. Mark is a senior fellow at the Foundation for Defense of Democracies and senior advisor to the congressionally mandated Cyberspace Solarium Commission. Previously, he served as policy director for the Senate Armed Services Committee under Sen. John S. McCain—and before that served for 32 years in the U.S. Navy as a nuclear trained surface warfare officer, retiring as a rear admiral in 2017. Frank is director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. He also chaired the Homeland Security Advisory Council’s subcommittee on economic security. We talk about the unexpected rise of the industrial supply chain as a national security issue. Both Frank and Mark were moving forces in two separate reports highlighting the issue, as was I. So, if we seem suspiciously agreed on important issues, it’s because we are. Still, as an introduction to one of the surprise hot issues of the year, it’s not to be missed.

After our interview of a Justice Department official on how to read Schrems II narrowly, it was only a matter of time. Charles Helleputte reviews the EDPB’s effort to give more authoritative and less comfortable advice to U.S. companies that want to keep relying on the standard contractual clauses. Still, the Justice Department take on the topic manages to squeak through without a direct hit from the privacy bureaucrats.  Still, the EDPB (and the EDPS even more) makes clear that anyone following the DOJ’s lead is in for an uphill fight. For those who want more of Charles’s thinking on the topic, see this short piece.

Zoom has been allowed to settle a Federal Trade Commission (FTC) proceeding for deceptive conduct (claiming that its crypto was end to end when it wasn’t, and more). Mark MacCarthy gives us details. I rant about the FTC’s failure to ask any serious national security questions about a company that deserves some.

Brian brings us up to speed on TikTok.  Only one of the Trump administration penalties remains unenjoined. My $50 bet with Nick Weaver that CFIUS will overcome judicial skepticism that IEEPA could not is hanging by a thread. Casey Stengel makes a brief appearance to explain how TikTok might win.

Brian also reminds us that export control policymaking is even slower and less functional on the other side of the Atlantic, as Europe tries, mostly ineffectively, to adopt stricter limits on exports of surveillance tech.

Mark and I admire the new Aussie critical-infrastructure cybersecurity initiative, mostly for its clarity if not for its political appeal.

Charles explains and I decry the enthusiasm of European courts for telling Americans what they can say and read on line. Apparently, we aren’t allowed to use Facebook to call politicians “fascists”; but don’t worry about our liability.

So, in retrospect, how did we do in policing all the new cyber-ish threats to the 2020 election?  Brian gives the government credit for preventing foreign interference. I question the whole narrative of foreign interference (other than the hack and dump operation against the DNC) in 2016 and 2020, noting how conveniently it serves Democratic messaging (Hillary only lost because of the Russians! Ignore Trump’s corruption allegations because it’s more Russian interference!). Mark and I wonder what Silicon Valley thinks it’s accomplishing with its extended bans on political advertising after the election.  They’re going to find out it’s almost always election season somewhere (see, e.g., Georgia). DHS’s CISA produced a detailed rumor control site that may have corrected one too many of the President’s tweets.  Chris Krebs, familiar to Cyberlaw Podcast listeners, may be on the chopping block. That would be a shame for DHS and CISA; for Chris it’s probably a badge of honor. Frank Cilluffo and Mark Montgomery weigh in with praise for Chris as well.

And more.

Download the 338th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-338.mp3
Category:general -- posted at: 9:11am EDT

This episode’s interview with Dr. Peter Pry of the EMP Commission raises an awkward question: Is it possible that North Korea has already developed nuclear weapons that could cause the deaths of hundreds of millions of Americans by permanently frying the entire electrical infrastructure with a single high-altitude blast?  And if he doesn’t, could the sun accomplish pretty much the same thing?  The common factor in both scenarios is EMP—electro-magnetic pulse. And we explore the problem in detail, from the capabilities of adversaries to the controversy that has pitted Dr. Pry and the EMP Commission against the power industry and the Energy Department, which are decidedly more confident that the U.S. would withstand a major EMP event. And, for those disinclined to trust those sources, Dr. Pry offers a few tips on how to make it more likely that your systems will survive an EMP.

In the news, that the election turned out not to be hacked and not to be violence-plagued and not to be the subject of serious disinformation. That didn’t stop Twitter and YouTube from limiting Steve Bannon’s access to the platform when he used hyperbole (“heads on pikes”) to express his unhappiness with Dr. Fauci.

In legal tech news, Michael Weiner explains what’s at stake in the Justice Department’s antitrust lawsuit challenging Visa’s $5.3 billion acquisition of Plaid. I wonder if that means the department is out of antitrust-litigating ammo.  And it might, except you can buy a lot of ammo with $1 billion worth of Silk Road bitcoins, now being claimed by the U.S. Sultan Meghji says the real question is why it took the U.S. so long to lay claim to the coins.

Just when private companies have come up with plans to comply with California’s privacy law, the voters change everything. Well, maybe not everything. It looks, Dan Podair suggests, as though compliance with the new CPRA will mostly involve complying with the old CCPA plus a whole bunch more. I’m fascinated by the idea that the initiatives say, “Oh, and by the way, this law can’t be amended except to make it more privacy friendly.”

We bring Michael back to the conversation to brief us on the FTC’s plan to bring an antitrust case against Facebook using internal hearing procedure. Michael admits that some might call that a kangaroo court hearing; I suggest that LabMD’s Mike Dougherty be called as an expert witness.

Sultan and I note the ongoing failure of media and rights groups to toxify facial recognition; now it’s being used on “mostly peaceful” protestors. And it’s hard to argue with using face recognition when it confirms a picture ID left behind in Lafayette Square.

Next, Sultan and I take on Toxification II, the argument to make people believe that racist—as opposed to poorly trained—artificial intelligence is a thing.

Charles Helleputte analyzes the latest rumor that the EU is planning to prohibit end-to-end crypto. He notes that the EU is also pursuing more infrastructure security and wonders whether the two initiatives can be sustained together.

It turns out that other people on Zoom can, in theory and under the right conditions, guess what you’re typing.  It’s one more reason to be careful about webcams and security. I make the sort of cheap joke you’ve come to expect from me.

And more.

Download the 337th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-337.mp3
Category:general -- posted at: 10:39am EDT

Our interview this week is a deep dive into the mess created by the EU Court of Justice in Schrems II—and some pretty good ideas for how companies might avoid the mess as proposed in a U.S. Government white paper. I interview Brad Wiegmann, Senior Counselor for the National Security Division at the U.S. Department of Justice. We cover a host of arguments and new facts that may help companies navigate the wreckage of Privacy Shield and preserve the standard corporate clauses they’ve relied on for trans-Atlantic data transfers. And, yes, the phrase “hypocritical European imperialism” does cross my lips.

In the news, we can’t let election eve pass without a look at all the election security threats and countermeasures now being deployed.  I argue that the election security threat is the second coming of Y2K – a threat that is almost certainly an overhyped bogeyman, but one we can’t afford to ignore.  Jamil Jaffer and Pete Jeydel push back. Silicon Valley’s effort to ensure that no one questions the legitimacy of a Biden victory also comes in for some criticism on my end—and is defended by Nate Jones. My candidate for flakiest Silicon Valley technonostrum is banning post-election political ads. That just guarantees that speech about the election will default to the biggest “organic” voices on the internet and to the speech police at each platform.

Confused about all the TikTok and WeChat litigation? The cheat sheet guide is that the U.S. hasn’t won a single case, and it’s gone down hard in three separate opinions, the latest by U.S. District Judge Beetlestone of Philadelphia. This could be Trump Derangement at work, but the fact is that the Chinese platforms have a plausible argument that Congress prohibited IEEPA bans that indirectly regulate distribution of speech. Banning a social platform might seem to fit that exception, but the result is crazy: it implies that TikTok could replay all the Russian election interference memes from 2016, and the government would be helpless to stop it. On appeal, we may see the courts taking a broader view of the equities. Or they may be tempted to say, “Well, Congress screwed this up, let Congress unscrew it.” If Joe Biden wins the election, I can’t imagine an issue he’d most want to keep off his plate.

Nate and I try to sum up what we learned from the social media speech suppression hearing on the Hill. Nate sees no common ground emerging despite wide unhappiness with Silicon Valley’s role in regulating speech. I am more optimistic that a Congress looking to make progress could agree on first steps toward transparency in speech suppression practices on the platforms. The companies themselves seem to have decided that this is table stakes as they strive to avoid worse.

Nate gives us a quick view of the platform speech debate in Europe.  My summary: Silicon Valley is already incentivized by EU law to over-suppress; now they’re asking for immunity when they over-suppress, which means, of course, even less speech.

In quick hits, Pete talks about the ransomware threat to US health care. Nate explains the tensions between law enforcement and intelligence in Canada. And Pete tells us why fertility clinics are the latest national security concern for CFIUS.

And more!

Download the 336th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-336.mp3
Category:general -- posted at: 11:04am EDT

In this episode, I interview Rob Knake, Senior Fellow at the Council on Foreign Relations, about his recent report, “Weaponizing Digital Trade -- Creating a Digital Trade Zone to Promote Online Freedom and Cybersecurity.” The theme of the report is what the U.S. can salvage from the wreckage of the 1990s Magaziner Consensus about the democratizing and beneficent influence of Silicon Valley. I suggest that it really ought to be called “Digital Dunkirk,” rather than invoking a swaggering “weaponization” theme.  Rob and I disagree about the details but not the broad outlines of his proposal. 

In the news roundup, we finally have a Google antitrust complaint to pore over, and I bring Steptoe’s Michael Weiner on to explain what the complaint means. Bottom line: it’s a minimalist stub of a case, unlikely to frighten Google or produce structural changes in the market. Unless a new administration (or a newly incentivized Trump Justice Department) keeps adding charge after charge as the investigation goes on.

Speaking of Justice Department filings that may serve up less than meets the eye, DOJ has indicted GRU hackers for practically every bad thing that has happened on the internet in the last five years, other than the DNC hack. (In fact, I lost an unsaved Word document in 2017 that I’m hoping will be added to the charges soon.) The problem, of course, is that filing the charges is the easy part; bringing these state hackers to justice is unlikely in the extreme.  If so, one wonders whether a policy that requires an indictment for all the cyberattacks on the US and its allies is a wise use of resources. Maury Shenk thinks it might be, at least in demonstrating US attribution capabilities, which are indeed impressive.

While we are covering questionably effective U.S. retaliation for cyberattacks, Maury also notes that the Treasury Department has imposed sanctions on TsNIIKhM, a Russian institute that seems to have developed industrial control malware that caused massive outages in Saudi Arabia and may have been planted in U.S. energy systems as well. Again, no one doubts that heavy penalties should be imposed; the doubt is about whether these penalties will actually reach TsNIIKhM.

Nick Weaver celebrates the German government’s dawn raid on spyware exporter, FinFisher. Maury expresses modest hope for Facebook’s Oversight Board now that it has started reviewing content moderation cases. Color me skeptical.

Now that we’ve seen the actual complaint, Nick has his doubts about the Microsoft attack on Trickbot. It may be working, he says, but why is Microsoft doing something that the FBI could have done? I pile on, raising questions about the most recent legal theory Microsoft has rolled out in support of its proposed remedies.

Finally, in quick hits:  I hum a few bars from “John Henry” in response to a Bloomberg story suggesting that CEOs are successfully beating the AI engines parsing their analyst calls and trading on the results. Maury debunks the parts of the story that made it fun, but not before I’ve asked whether Spinal Tap was decades ahead of its time in repackaging failure. Maury also notes the ho-hum upcoming Judiciary Committee testimony of Twitter and Facebook CEOs about their suppression of the New York Post “laptop from hell” Hunter Biden story.  I’m much more interested in the Commerce Committee’s subpoenaing of contacts between the campaigns and those companies.  Because you just know the campaigns have a whole strategy for working the speech refs, and it would be an education to see how they do it.  Nick and I congratulate Edward Snowden on the confirmation that he’ll be in Russia forever. 

And more!

Download the 335th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-335.mp3
Category:general -- posted at: 3:09pm EDT

This episode features an interview with Ronald Deibert, Professor of Political Science, and Director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto. We talk about his new book, “Reset: Reclaiming the Internet for Civil Society.” We also talk about the unique Canadian talent for debate that is both bare-fisted and unusually polite. Ron gets to use both talents in our discussion of what’s wrong with the technology ecosystem and whether it can be improved by imposing “restraint” on governments and the private sector.

In the news roundup, I urge Twitter to bring back the Fail Whale to commemorate its whale of a fail in trying to suppress a New York Post story that is bad news for Joe Biden. It’s a disaster on all fronts, with Twitter unable to offer a satisfactory explanation for its suppression of the news report, or to hold to any particular enforcement policy for more than a day, and ended with an embarrassing insistence that the Post can’t have its account back until it deletes tweets that Twitter would probably allow the Post to post today.  

And not surprisingly, the episode is encouraging everyone to think that they can do this better than Twitter. The FCC is going to start work on an effort to add an administrative gloss to section 230. Mark MacCarthy thinks the Commission lacks authority to interpret the provision; I disagree. We do agree that Justice Thomas’s thoughts on section 230 are surprisingly detailed—and make Supreme Court review of the provision a lot more likely.

Megan Stifel tells us that the ransomware business is getting even more specialized. Together we wonder if that specialization opens the door to new, even more creative ways to take down organized cybercrime.

David Kris notes the pearl-clutching over search warrants that identify a pattern of conduct rather than an individual. He almost agrees with me that this is just what probable cause looks like in the twenty-first century.

This Week in Europe’s Tough Privacy Talk and Slow Privacy Walk: David teams with Charles Helleputte to make sense of two data protection rulings in Europe that bring a lot more thunder than lightning to the debate: First, an attack on the privacy standards, such as they are, for online advertiser  Real Time Bidding. Second, the proclamations of France’s top court and its DPA about sending data to US cloud providers.

Megan notes two stories that deepen trends we knew were coming: hackers chaining VPN and ZeroLogon bugs to attack US government networks, maybe including election agencies and Iranian state hacker group resorting to ransomware attacks.

We cover a few updates of past weeks’ stories: The fallout continues from OFAC’s ransomware advisory. (Rumors that the agency will be renamed WTF OFAC are unconfirmed). And Tik/Chat seems to be settling in for a longer court battlebefore the government’s arguments start to take hold. (As a bonus, our Cyberlaw grammarian makes a surprise appearance to announce the rule of English usage that prevents TikTok from ever being TokTik).

In quick hits, we boldly predict that the government will launch an antitrust suit against Google, some day. We speculate on why Tesla’s autopilot AI might be fooled by projected images. And note New York’s claim that Twitter is systemically important to the nation’s financial system. Which, I must admit, is a about the most 2020 thing I’ve heard in a while.

And more!

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

                                                                                                                                                           

Download the 334th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-334.mp3
Category:general -- posted at: 1:41pm EDT

In this week’s episode I interview David Ignatius about the technology in his latest spy novel, The Paladin. Actually, while we do cover such tech issues as deepfakes, hacking back, Wikileaks and internet journalism, the interview ranges more widely, from the steel industry of the 1970s, the roots of Donald Trump’s political worldview and the surprisingly important role played in the Trump-Obama-Russia investigation by one of David Ignatius’s own opinion pieces.

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

Download the 333rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

Direct download: TheCyberlawPodcast-333.mp3
Category:general -- posted at: 1:59pm EDT

It’s a law-heavy tech news week, so this episode is all news. If you come for the interviews, though, do not fear.  We’ll be releasing episode 333 tomorrow, and it’s all interview, as I talk with David Ignatius about the tech issues in his latest spy novel, The Paladin.

To kick things off, Matthew Heiman returns to the podcast to analyze a new decision of the Court of Justice of the EU. The CJEU claims in the headline to put limits on government mass collection of mobile and internet data, but both Matthew and I think the footnotes take away much of the doctrine the headlines proclaim – and maybe in a way that will add another arrow to the US quiver as it tries to work around the CJEU’s foolhardy decision in Schrems II.

Sultan Meghji tells us that Trickbot has attracted the attention of both Cyber Command and Microsoft’s lawyers.  Unfortunately, even that combination isn’t proving fatal, and I wonder whether Microsoft’s creative lawyering has gone a step too far.

The Democratic-controlled House Judiciary Committee has released a blockbuster tech antitrust report. It’s hardly news that Democrats and Republicans on this most partisan of committees disagree about this issue, but Matthew and I are struck by how modest the disagreements are.  In contrast, despite our conservative leanings, Matthew and I manage to disagree pretty profoundly on how antitrust principles should apply to Big Tech.

Sultan, meanwhile, draws the short straw and has to explain the mother of all metaphor bombs that exploded in the Supreme Court when the court took oral argument in Google v. Oracle. It was a discouraging argument for those of us who admire the Justices, whose skills at finding apt metaphors completely failed them. I offer my past experience as a Supreme Court advocate to critique the argument and lay odds on the outcome. (Short version: Google has a nearly 50-50 chance of winning, and the Court has about the same chance of producing a respectable opinion.

Brian Egan joins us to talk about the Justice Department’s sober report on how law enforcement can combat terrorist and criminal use of cryptocurrency.

I claim to have caught Twitter and Facebook in a clear example of improper suppression of conservative (or at least Trumpist) speech, as they label as misleading a Trump tweet that turns out to be, well, true.

Brian and I dig into the latest litigation over banning TikChat from US markets. Short version: the Justice Department has filed a strong brief seeking to overturn WeChat’s first amendment protection from the ban. If you’re looking for raw disagreement, listen for Brian coming out of his chair when I start comparing Silicon Valley and Chinese Communist Party net censorship regimes.

Matthew explains why Sweden and Switzerland are fighting over a crypto company widely reported to have been compromised by US and German intelligence fifty years ago.

And for our sensitive male listeners, this may be the point where you turn the podcast off, as I explain the dire consequences of bad IOT security and male chastity devices.  Though, come to think of it, an angle grinder would make a pretty effective chastity device by itself.

And more!

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

Download the 332nd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-332.mp3
Category:general -- posted at: 1:53pm EDT

In this episode, Jamil Jaffer, Bruce Schneier, and I mull over the Treasury announcement that really raises the stakes even higher for ransomware victim.  The message from Treasury seems to be that if the ransomware gang is the subject of OFAC sanctions, as many are, the victim needs to call Treasury and ask for a license to pay – a request that starts with a “presumption of denial.”   

Someone has been launching a series of coordinated attacks designed to disrupt Trickbot Bruce explains.

CFIUS is baring its teeth on more than one front. First comes news that a newly resourced CFIUS staff has begun retroactively scrutinizing past Chinese tech investments. This is the first widespread reconsideration of investments that escaped notice when they were first made, and it could turn ugly. Next comes evidence that the TikTok talks with CFIUS could be getting ugly themselves, as Nate Jones tells us that Treasury Secretary Mnuchin has laid down the elements the US must have if TikTok is to escape a shutdown. None of us think this ends well for TikTok, as China and the US try to prove how tough they are by asking for mutually exclusive structures.

The US government is giving US companies some free advice about how to keep sending their data to the U.S. despite the European Court of Justice decision in Schrems II: First-time participant Charles Helleputte offers a European counterpoint to my perspective, but we both agree that there’s a lot of value in the U.S. white paper. If nothing else, it offers a defensible basis for most companies to conclude that they can use the standard contractual clauses to send data to the US notwithstanding the court’s egregiously anti-American opinion. The court may not agree with the white paper, but the reasoning could buy everyone another three years and might be the basis of yet another U.S.-EU agreement.

The UK seems to be preparing to take Bruce’s advice on regulating IOT security plan, but he thinks that banning easy default passwords is just table stakes. 

Bruce and I once again review the bidding on voting by phone, and once again we agree: No. Just No. 

Nate questions the press stories (and FBI director testimony) claiming that the FBI is pivoting to a new strategy for punishing hackers by sending Cyber Command after them. He thinks it’s less a pivot and more good interagency citizenship, which I suspect is still a change of pace for the Bureau.

Bruce and I explore the possibility of attributing exploits to individuals based on their coding style. You might say that their quirks leave fingerprints for the authorities, except that at least one hapless hacker has one-upped them by leaving his actual fingerprints behind in an effort to get himself approved in a biometric authentication system. 

And in updates, we note that Microsoft has a new and unsurprising annual report on cyberattacks it has seen; the Senate will be subpoenaing the CEOs of Big Social to talk section 230 in an upcoming  hearing; and the House intel committee has a bunch of suggestions for improving the performance of the intelligence community against evolving threats from Beijing. 

And more! 

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

 

Download the 331st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-331-.mp3
Category:general -- posted at: 11:02am EDT

Our news roundup is dominated by the seemingly endless ways that the U.S. and China can find to quarrel over tech policy.  The Commerce Department’s plan to use an executive order to cut TikTok and WeChat out of the U.S. market have now been enjoined. But the $50 Nick Weaver bet me that TikTok could tie its forced sale up until January is still at risk, because the administration has a double-barreled threat to use against that company—not just the executive order but also CFIUS—and the injunction so far only applies to the first. 

I predict that President Xi is likely to veto any deal that appeals to President Trump, just to show the power of his regime to interfere with US plans. That could spell the end of TikTok, at least in the US. Meanwhile, Dave Aitel points out, a similar but even more costly fate could await much of the electronic gaming industry, where WeChat parent TenCent is a dominant player. 

And just to show that the U.S. is willing to do to U.S. tech companies what it’s doing to Chinese tech companies, leaks point to the imminent filing of at least one and perhaps two antitrust lawsuits against Google. Maury Shenk leads us through the law and policy options.

The panelists dismiss as PR hype the claim that it was a threat of “material support” liability that caused Zoom to drop support for a PFLP hijacker’s speech to American university students. Instead, it looks like garden variety content moderation aimed this time at a favorite of the far left.

Dave explains the good and the bad of the CISA order requiring agencies to quickly patch the critical Netlogon bug

Maury and I debate whether Vladimir Putin is being serious or mocking when he proposes an election hacking ceasefire and a “reset” in the cyber relationship. We conclude that there’s some serious mocking in the proposal. 

Dave and I also marvel at how Elon Musk, for all his iconoclasm, sure has managed to cozy up to both President Xi and President Trump, make a lot of money in both countries, and take surprisingly little flak for doing so.  The story that spurs this meditation is the news that Tesla is so dependent on Chinese chips for its autonomous driving engine that it’s suing the US to end the tariffs on its supply chain

 In quick hits and updates, we note a potentially big story: The Trump administration has slapped new restrictions on exports to Semiconductor Manufacturing International Corporation, China’s most advanced maker of computer chips. 

The press that lovingly detailed the allegations in the Steele dossier about President Trump’s ties to Moscow hasn’t been quite so loving in their coverage of the dossier’s astounding fall from grace. The coup de grace came last week when it was revealed that the main source for the juiciest bits was flagged by the FBI as a likely Russian foreign agent; he escaped a FISA order only because he left the country for a while in 2010. 

The FISA court has issued an opinion on what constitutes a “facility” that can be tapped with a FISA order. It rejected the advice of Cyberlaw Podcast regular David Kris in an opinion that includes all the court’s legal reasoning but remains impenetrable because the facts are all classified. Maury and I come up with a plausible explanation of what was at stake.

The Trump administration has proposed Section 230 reform legislation similar to the white paper we covered a couple of months ago. The proposal so completely occupies the reasonable middle of the content moderation debate that a Biden administration may not be able to come up with its own reforms without sounding fatally similar to President Trump. 

And in yet more China news, Maury and Dave explore the meaning of Nvidia’s bid for ARM and Maury expresses no surprise at all that WeWork is selling off a big chunk of its Chinese operations 

And more! 

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

Download the 330th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

Direct download: TheCyberlawPodcast-330.mp3
Category:general -- posted at: 11:54am EDT