Download the 272nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! 

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

This week I interview Glenn Reynolds, of Instapundit and the University of Tennessee at Knoxville law school, about his new book, “The Social Media Upheaval.” In a crisp 64 pages, Glenn analogizes social media to a primeval city, where new proximity produces periodic outbreaks of diseases that more isolated people never experienced; traces social media’s toxicity to the desperate pursuit of engagement; and proposes remedies both for individual users and for society whole.  All that plus thoughtful advice on dietary supplements and deadlifts!

In the news roundup, Matthew Heiman dissects a recent Third Circuit ruling that Amazon can be held strictly liable for products it markets for third parties. Unlike Matthew, I am largely persuaded by the court’s ruling on products liability—but Matthew and I both have doubts about its use of Section 230 of the Communications Decency Act to protect Amazon from failure to warn liability.

Maury Shenk and Nick Weaver review the progress of the War on Facial Recognition. Opponents have rolled out the ultimate weapon in modern left ideology—ICE is using it! But facial recognition is still winning, mostly because its opponents are peddling undifferentiated fear of a technology that’s already being used for many very different purposes, from anonymously tracking shoppers moving through a store (where the store doesn’t need to know the shoppers’ identities) to boarding planes (where the airline damn well better know the passengers’ identities, and the tech only has a couple of hundred faces to match).

Matthew and Nick consider China’s seizing and installing spyware on travelers’ devices. Turns out, China’s practice isn’t all that different from most government efforts to extract data from phones, except that the Chinese leave the code on Android devices so that security researchers can reverse engineer China’s deepest fears. And what do they fear most? Japanese heavy metal, apparently. Almost makes you feel a bit of empathy for Beijing…

Maury also highlights Big Tech’s concerns about the UK’s particularly aggressive proposal for an online “duty of care.”

Nick and I follow the problem of fake cancer cures being advertised on Facebook and YouTube down the usual ratholes—who should be responsible in the first place, and why does Silicon Valley think that algorithms will ever be able to discipline such content?

This Week in the U.S.-China trade war: No one seems to know exactly what President Trump’s concessions at the G-20 meeting amount to, but more and more U.S. tech companies have decided that moving 30% of their tech sourcing out of China is a good idea no matter how the trade war ends. This war isn’t good for U.S. companies, but it’s really not good for China’s. Which, come to think of it, is what President Trump has said right from the start.

Finally, if you’re looking for tough government action against contractors with bad cybersecurity, Customs and Border Patrol is your agency.  It has cut ties with Perceptics, the firm that was breached by Boris the Bullet-Dodger, and seems to be readying a debarment proceeding that will cut the firm off from future contracts. Matthew and I speculate that there may be something more behind this harsh remedy—perhaps a lack of prompt contractor candor about the breach. Whatever the context, this proceeding is likely to set a precedent that haunts other contractors long into future.

Download the 271st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Download the 270th Episode (mp3). 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Download the 269th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

We kick off Episode 267 with Gus Hurwitz reading the runes to see whether a 50-year Chicago winter for antitrust plaintiffs is finally thawing in Silicon Valley. Gus thinks the predictions of global antitrust warming are overhyped. But he recognizes we’re seeing an awful lot of robins on the lawn: The rise of Margrethe Vestager in the EU, the enthusiasm of state AGs for suing Big Tech, and the piling on of Dem presidential candidates and the House of Representatives. Judge Koh’s Qualcomm decision is another straw in the wind, triggering criticism from Gus (“an undue extension of Aspen Skiing”) and me (“the FTC needs a national security minder in privacy and competition law”). Matthew Heiman tells me I’m on the wrong page in suggesting that Silicon Valley’s suppression of conservative speech is a detriment to consumer welfare that the antitrust laws should take it into account, even in a Borkian world. 

I mock Austrian Greens for suing to censor speech calling it a “fascist party”—and not just in Austria but around the world. That’ll show ‘em, guys. Less funny is the European Court of Justice’s advocate general, who more or less buys the Greens’ argument. And thereby reminds us why we miss Tom Wolfe, who famously said, “The dark night of fascism is always descending in the United States and yet lands only in Europe.”

Nate Jones answers the question, “Were the Russians much better at social media than we thought?” All the adjustments to that story, he notes, have increased the sophistication we’ve seen in Russia’s social media attacks.

This Week in Host Self-Promotion: I take advantage of the topic to urge my solution to the utterly unsolved problem of hack-and-dox attacks by foreign governments on U.S. candidates they don’t like: Ban the distribution of data troves stolen from candidates and officials. Nate agrees that the First Amendment doctrine here is a lot friendlier to my proposal than most people think, but he cautions that the details get messy fast.

Matthew comments on Baltimore’s tragedy of errors in handling its ransomware attack. The New York Times’ effort to pin the blame on NSA, which always looked tendentious and agenda-driven, now has another problem: It’s almost certainly dead wrong. EternalBlue doesn’t seem to have been used in the ransomware attack. Baltimore’s best case now is that its cybersecurity sucked so bad that other, completely unrelated hackers were using EternalBlue to wander the city’s system.

Speaking of cybersecurity, Matthew reminds us of two increasingly common and dangerous hacker tactics: (1) putting the “P” in APT by hanging around the system so long that you’ve downloaded all the manuals, taken all the online training, and know exactly when and how to scam the system; and (2) finding someone with lousy network security who’s connected to a harder target and breaking in through the third party.

Finally, Gary Goldsholle helps us make sense of the litigation between the SEC and Kik, which launched a cryptotoken that it insisted wasn’t a security offering and then crowdfunded its lawsuit against the SEC. So, good news for lawyers if nothing else, and perhaps for future Initial Popcorn Offerings. 

Download the 267th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

If you’ve lost the Germans on privacy, you’ve lost Europe, and maybe the world. That’s the lesson that emerges from my conversation with David Kris and Paul Rosenzweig about the latest declaration that the German interior minister wants to force messaging apps to decrypt chats. This comes at the same time that industry and civil society groups are claiming that GCHQ’s “ghost proposal” for breaking end-to-end encryption should be rejected. The paper, signed by all the social media giants, says that GCHQ’s proposal will erode the trust that users place in Silicon Valley. I argue that that argument is well past its sell-by date.

Speaking of trust, Paul outlines the latest tit-for-tat in the growing Silicon Curtain between the US and China, as that country announces plans to publish an “unreliable entities” list. I note that the same spirit seems to be animating the announcement that China and Russia are transitioning their militaries from Microsoft Windows to other operating systems. Talk about a bonanza for the NSA: Just the coding errors will sustain its hackers for a generation – even in the unlikely event that the Chinese and Russians resist the temptation to seed the system with backdoors aimed at their erstwhile coding partners.

Maury Shenk highlights the latest German effort to regulate “broadcasting” of content on the Internet, which the German authority says will mandate transparency and diversity. I think it’s transparently about locking in the German establishment, a view hardly contradicted by the ham-handed way CDU leader Annegret Kramp-Karrenbauer responded to the CDU’s drubbing in the EU elections. The losses were widely attributed to YouTube influencers who urged young voters to reject the main parties. The solution, AKK suggested, was more regulation of YouTube influencers. Ja, natürlich.

David brings us up to date on Iran’s latest effort to engage in social media manipulation and Facebook’s response.

Alicia Loh parses a D.C. Circuit ruling that all the White House has to do to comply with laws on keeping records of official communications is send out a memo. That obligation was satisfied, the court ruled, by a memo telling White House staff who use “vanishing” messaging apps to take screenshots of any official communications and preserve the messages. Alicia is practically the only member of our panel who even knows how to take a screenshot on a phone, which suggests that White House staff compliance might be, well, underwhelming.

Maury gives us a quick update on US states imitating GDPR. Short version: Watch California and then New York. 

And in a lightning round, I am struck by the sight of an FTC commissioner begging the Ninth Circuit not to uphold the FTC’s position in the Qualcomm case on appeal. Maury and I note the growing demand for mass contract labor spurred by the need to train AI. And Paul and I speculate on the probability of antitrust cases against Google and Amazon. It’s been a long cold Chicago winter for antitrust plaintiffs, we conclude, but a change in the climate may be coming. 

Download the 266th Episode (mp3). 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Paul Rosenzweig leads off with an enduring and fecund feature in Washington these days: China Tech Fear. We cover the Trump administration’s plan to blacklist up to five Chinese surveillance companies, including Hikvision, for contributing to human rights violations against Uighurs in the Xinjiang province in China, the Department of Homeland Security’s rather bland warning that commercial Chinese drones pose a data risk for U.S. users, and the difficulty U.S. chipmakers are facing in getting “deemed export” licenses for Chinese nationals.

We delve deeper into a remarkably shallow and agenda-driven New York Times article by Nicole Perlroth and Scott Shane blaming the National Security Agency for Baltimore’s ransomware problem without ever asking why the city failed for two years to patch its systems. David Kris uses the story to talk about the vulnerabilities equities process and its flaws.

There may be a lot—or nothing—to the Navy email “spyware” story, but David points out just how many modern cyber issues it touches. With the added fillip of a “Go Air Force, Beat Navy” theme not usually sounded in cybersecurity stories.

Paul expands on what I have called “Cheap Fakes” (as opposed to “Deep Fakes”): the Pelosi video manipulated to make her sound impaired. And he manages to find something approaching good news in the advance of faked video—it may mean the end of (video) blackmail.

But not the end of “revenge porn” and revenge porn laws. I ask Gus Hurwitz whether those laws are actually protected by the Constitution, and the answer turns out to be highly qualified. But, surprisingly, media lawyers aren’t objecting that revenge porn laws that criminalize the dissemination of true facts are on a slippery slope to criminalizing news media. That is the argument they’re making about the expanded charges of espionage against WikiLeaks founder Julian Assange. David offers his view of the pros and cons of the indictment.

And Gus closes us out with some almost unalloyed good news. Despite my suspicion of any bipartisan bill in the current climate, he insists that the Senate-passed anti-robocalling bill is a straight victory for the Forces of Good. But, he warns, the House could still screw things up by adding a private right of action along the lines of the Telephone Consumer Protection Act, which has provided the plaintiffs bar with an endless supply of cases without actually benefiting consumers.

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

We begin this episode with a quick tour of the Apple antitrust decision that pitted two Trump appointees against each other in a 5-4 decision. Matthew Heiman and I consider the differences in judging styles that produced the split and the role that 25 years of “platform billionaires” may have played in the decision.

Eric Emerson joins us for the first time to talk about the legal fallout from the latest tariff increases on Chinese products. Short version: Companies have some short-term tactics to explore (country of origin, drawback, valuation), but large importers and resellers have to grapple with larger and costlier strategies of supply chain diversification and localization.

Meanwhile, China has not been taking the trade war lying down. In addition to its own tariff increases, it seems to be enforcing its demanding cybersecurity law more aggressively against foreign firms. I ask whether we are also seeing retaliation in Chinese courts as well.

In related news, Nick Weaver and I debate the potentially sweeping new Executive Order on Securing the Information and Communications Technology and Services Supply Chain.

Maury Shenk explains the UK Supreme Court ruling that expands the court’s authority over the UK’s intelligence agencies despite clear Parliamentary language to the contrary. Bottom line: Bad news for UK intelligence. Hidden good news for the U.S.: Turns out that there is something worse than activist judges interpreting a written constitution—activist judges who can more or less make up the constitution they want.

It was a cybersecurity disaster week for some of the biggest names in tech. Nick helps me understand which bugs were worst, Cisco’s, Intel’s or Microsoft’s. Then we review the equally bad week that the NSO Group and its WhatsApp exploit had.

Cleaning up in a lightning round, we cover the order requiring the Chinese owner of Grindr to sell by mid-2020. We also cover Canada’s approach to social media, which spurs me to praise France’s Macron (!) for his moderation. The EU has a plan for sanctions on cyberattackers; Matthew and I doubt it will get much use. I think too much fuss is being made over leak investigators using Web bugs to see if defense counsel at Guantanamo have been leaking; Nick disagrees, at least a bit. And I close with yet another item in the long-running feature, “This Week in Internet Sex Toy Law.” Suffice it to say that the latest case can’t be understood without consulting both Orin Kerr and Jerry Seinfeld.

Download the 264th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

With apologies for the late post, Episode 263 of The Cyberlaw Podcast tells the sad tale of another U.S. government leaker who unwisely trusted The Intercept not to compromise its source. As Nick Weaver points out, The Intercept also took forever to actually report on some of the material it received.

In other news, Brian Egan and Nate Jones agree that Israel broke no new ground in bombing the headquarters of Hamas’s rudimentary hacking operation during active hostilities.

Nick and I dig into the significance of China’s use of intrusion tools pioneered by NSA. We also question the New York Times’s grasp of the issue. 

The first overt cyberattack on the U.S. electric grid was a bust, I note, but that’s not much comfort.

How many years of being told “I’m washing my hair that night” should tell you you’re not getting anywhere? The FCC probably thought China Mobile should have gotten the hint after eight years of no action on its application to provide US service, but just in case the message didn’t get through, it finally pulled the plug last week.

Delegating to Big Social the policing of terrorist content has a surprising downside, as Nate points out. Sometimes the government or civil society need that data to make a court case.

We touch briefly on Facebook’s FTC woes and whether Sen. Hawley (R.-Mo.) should be using the privacy stick to beat a company he’s mad at for other reasons. I reprise my longstanding view that privacy law is almost entirely about beating companies that you’re mad at for other reasons.

Download the 263rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Has the Chinese government hired American lawyers to vet their cyberespionage tactics—or just someone who cares about opsec? Probably the latter, and if you’re wondering why China would suddenly care about opsec, look no further than Supermicro’s announcement that it will be leaving China after a Bloomberg story claiming that the company’s supply chain was compromised by Chinese actors. Nick Weaver, Joel Brenner and I doubt the Bloomberg story, but it has cost Supermicro a lot of sales—and even if it isn’t true this time, the scale and insouciance of past Chinese cyberespionage make it inherently believable. Hence the company’s shift to other sources (and, maybe, a new caution on the part of Chinese government hackers).

GDPR and the California Consumer Privacy Act (CCPA) may be the Dumb and Dumber of privacy law, but neither is going away. And for the next six months, California’s legislature will be struggling against a deadline to make sense of the CCPA. Meegan Brooks gives us an overview.

But we in Washington can’t get too smug about California’s deadline-driven dysfunction. Congress also faces a year-end deadline to renew the Section 215 program, and even the executive branch hasn’t decided what it wants. Joel takes us through the program’s history, its snake-bitten implementation, and the possible outcomes in Congress.

This week in Silicon Valley content control: Facebook dropped the link-ban hammer on Louis Farrakhan, Alex Jones and Milo Yiannopoulos for being “dangerous.” But did it really? Once again, I volunteer to put my Facebook access at risk by testing Facebook’s censorship engine—posting a different Infowars story there every day. Not because I love the conspiracy-mongering Alex Jones but because banning links is a bad idea. (Among other things, you can’t really pile links up and burn them in cinematic pyres at rallies.) But both Facebook and Jones may have a codependent interest in overstating the ban, because as of Day 4 of my experiment, my Facebook account is still alive and well, as are the Infowars links.

The FBI has accused U.S. scientists of sending intellectual property to China, running shadow labs and (this part really appalls Nick) corrupting the peer review process at NIH. Science magazine suggests that the flap is born of racial bias.

We close the episode with the latest and most shocking facial recognition scandal. It turns out face recognition researchers are chasing down unwilling subjects and restraining them to get the subjects’ pictures—all in service to untried and udderly unreliable technology. All we need to turn this into a major scandal is a public policy entrepreneur willing to work the intersection between the EFF and PETA. 

Download the 262nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.