If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast—the Justice Department’s indictment of a couple of kids whose hacker chops are modest but whose social engineering skills are remarkable. They used those skills to bribe or bamboozle phone companies into changing the phone numbers of their victims, allowing them to intercept all the two-factor authentication they needed to steal boatloads of cryptocurrency. For those with better hacking chops than social skills, there’s always exploitation of SS7 vulnerabilities, which allow interception of text messages without all the muss and fuss of changing SIM cards.

Okay, it ain’t “When Harry Met Sally,” but for a degraded age, “When Bezos Exposed Pecker” will have to do. David keeps us focused on the legal questions: Was the “Enquirer” letter really extortion? Would publication of the pics be actionable? And is there any way the “Enquirer” could get those text messages without someone committing a crime? And, of course, whether the best way to woo your new girlfriend is to send her brother to jail.

Social media—privacy law threat or competition law menace? That’s the question European (naturally) regulators are weighing. But Matthew Heiman and I have a pretty good idea what their answer will be: Both! We look at the Twitter-mobbing of Facebook by regulators and ask whether the competition charges make more sense than the privacy claims.

Looks like the net effect of the Obama-Xi agreement on not stealing commercial secrets is that a better class of Chinese officials is stealing our commercial secrets. President Xi kicked the People’s Liberation Army (PLA) to the curb and brought in the professionals from China’s Ministry of State Security (MSS). So now Chinese tradecraft is a little better, and the Justice Department is indicting MSS officials instead of PLA soldiers. David sums up.

NERC is proposing a $10 million fine for cybersecurity violations on a utility reported to be Duke Energy. Matthew and I are shocked. Not by the fine, which was negotiated, or by the violations, many of them self-reported, but by the cheese-paring, penny-ante nature of so-called cybersecurity enforcement at NERC and FERC. All this Sturm und Drang to make sure utilities use six-character passwords? When security guys complain about compliance trumping security, these NERC rules will be Exhibit A.

Finally, add another chapter to the Annals of Failed Civil Liberties Campaigns, as EFF and likeminded reporters try to get us outraged about the FBI using court orders to identify a North Korean botnet. Nick points out that academics have been conducting research that is more intrusive for years without unduly disturbing university lawyers.

Okay, one more: I celebrate HoyaSaxaSD for a podcast review that honors our own inimitable Nick Weaver:

“I got a fever, and the only cure is more Weaver. Love the show. I’m a lawyer but not in tech or security law, but it’s still fascinating. My teenage sons also like most episodes, especially the Nick Weaver segments. And I concur. There needs to be Weaver in every episode, and more of him. In fact, an hour of Weaver and Baker debating/discussing would be the perfect show.” 

I am moved to channel Peggy Lee. And if more good reviews don’t pour in, I may make that performance a weekly feature. David Kris, I’m sure, would consider that extortion, on the ground that no one has a right to butcher Peggy Lee’s oeuvre like that.

Download the 250th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! 

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to U.S. cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of a few years.

In the news, I ask my partner Phil Khinda whether the $29 million Yahoo breach settlement is a new front in breach derivative litigation or a black swan. He says it’s more of a red herring—and explains why.

This week in black ops: I ask Nate Jones to comment on the tradecraft used in an apparent effort to smear Citizen Lab for its reports on NSO. My take: This feels a lot like what BlackCube did for Harvey Weinstein, except that this was the budget version.

The Russians are so far from being shamed for their hacking that now they’re faking it. Dr. Megan Reiss notes Special Counsel Mueller’s recent claim that Russians are leaking discovery materials and pretending they came from a hack of the counsel’s office. We are reminded of the Russians’ recent unveiling of a remarkably adroit robot that turned out to be a man in a robot suit.

Maury Shenk and I discuss Google’s latest imitation of Apple’s “law enforcement lockout” feature and its claim that hurting law enforcement was “unintended side effect.”

Maury also notes the flap over a flaw in Apple’s FaceTime that allows for eavesdropping. Predictably, New York State is investigating.

And in possibly related news, Apple went out of its way to publicly embarrass Facebook and Google over their use of corporate certificates to sideload apps that recorded the browsing habits of paid volunteers.

Quick hits:

This week in dogs biting men: Ukraine says Russia is trying to disrupt its upcoming election, and the Pentagon is reportedly failing to stay ahead of cyber threats. Megan covers the first and Nate the second.

I offer one and a half cheers for Japan’s pioneering and mildly intrusive survey of bot-vulnerable IoT devices. 

Finally, EPIC et al. are calling on FTC to impose a $2 billion fine, structural changes and more on Facebook, claiming that “the algorithmic bias of the [Facebook] news feed reflects a predominantly Anglo, male world view.” If you still need evidence that privacy law is the legal equivalent of a Twitter mob—an always-ready tool for punishing unpopular views—EPIC’s filing should be all you need.

Download the 249th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

If the surgeon about to operate on you has been disciplined for neglecting patients, wouldn’t you like to know? Well, the mandarins of the European Union privacy lobby beg to differ. Google has been told by a Dutch court not to index that story, and there seems to have been a six-month lag in disclosing even the court ruling. That’s part of this week’s News Roundup. Gus Hurwitz and I are appalled. I tout my long-standing view that in the end, privacy law just protects the privileged. Gus agrees.

The interview is with John Carlin, author of “Dawn of the Code War.” It’s a great inside story of how we came to indict China’s hacker-spies for attacking US companies.

In other news, the Illinois Supreme Court has demonstrated how bad Illinois’ biometric privacy law is—by the simple expedient of applying it the way it’s written.

Dr. Megan Reiss and I air our ambivalence about the latest site hosting collections of doxed messages. We lack enthusiasm for indiscriminate doxing of the kind highlighted on Distributed Denial of Secrets, but if it’s got to happen, it couldn’t happen to a nicer Russian dictator.

Nick Weaver explains the DHS emergency order telling civilian agencies to protect themselves against DNS hijacking, and why the shutdown may have made those agencies more vulnerable.

Nick and I debate YouTube’s latest algorithmic tweak to avoid recommending “borderline” material. He notes that the algorithm used to push people to extremes. I note that this is a suspiciously good way for YouTube Social Justice Warriors to suppress videos they don’t like but can’t actually show to be violating YouTube’s terms of service.

Speaking of which, maybe the real singularity is when Silicon Valley joins forces with Beijing to produce new technology that will suppress the peasants once and for all. If so, the singularity is nigh, as a Chinese app allows you to identify people around you who deserve to be shamed.

Download the 248th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

So says the remarkable Jeff Jonas, CEO of Senzing. And he’s got a claim to be doing just that. A data scientist before data science was cool, Jeff has used his technical skills and an intuitive grasp of complex data problems to stop card counters in Las Vegas and terrorists targeting the U.S., and then to launch an initiative making voter registration more accurate and widespread. Most recently, in the course of an effort to improve maritime security around Singapore, he also found a key to identifying asteroids due to collide with each other so they can be watched. Because when this happens, who knows where their new course will take them?

The media has been hyping a strikingly bad magistrate judge’s opinion giving 5th Amendment protection to biometric phone security. This leads Gus Hurwitz and me to question why Congress ever promoted U.S. magistrates to “magistrate judges” in the first place. We suggest striking the word “judge” from the title given to these Article I judicial aides; call it the Truth in Judging Act.

Congress and the president can’t even agree on a compromise that would end the partial government shutdown. So what genius decided that our security from terrorist attacks should depend on Congress and the president agreeing every couple of years on yet another part of our counterterrorism legislation? Like it or not, though, 2019 will feature another cliffhanger, as several national security provisions of FISA come to an end unless renewed. Jamil Jaffer and David Kris talk about the provisions and possible outcomes. I plead for a compromise that takes seriously the Trumpist concern about partisan abuse of the law.

If the SEC didn't own EDGAR, I suspect the government would have imposed serious fines on the owner of EDGAR for enabling a new form of insider trading. Jamil and Gus debate the real question: How can hackers with access to guaranteed market moving info manage to make only $4 million in six months of trading?

The Department of Justice’s Office of Legal Counsel has reversed an Obama-era interpretation limiting the scope of federal criminal laws governing online gambling. David provides the background; I introduce our listeners to the Baptist-bootlegger coalition. 

If you would like to hear more from Jeff Jonas and you’ll be in London on January 29, be sure to attend his talk, “AI for Entity Resolution,” at the SAGE Ocean speaker series. Event details can be found here.

Download the 247th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Brazen Russian intrusions into the U.S. electricity grid lead our episode. I ask Matthew Heiman and Nick Weaver whether Russia intended for us to know about their intrusions (duh, yes!) and how we should respond to the implicit threat to leave Americans freezing in the dark. Their answers and mine show creativity if not exactly sobriety.

In what may be good news about emerging European sobriety, Google gets a favorable opinion from the advocate general to the European Court of Justice (ECJ) on the question of whether to extend Europe’s “right to be forgotten” censorship regime to benighted Americans, and Turks, and Russians and Chinese. Most of those countries would be glad to impose their censorship regime on Europeans, consideration of which may be enough to overcome the America Derangement Syndrome the ECJ has displayed in earlier tech privacy cases.

DHS was right, and EFF was wrong. That’s the lesson Maury Shenk, Nick and I derive from the latest drone crisis at Gatwick Airport. In response, the UK is seeking police powers that DHS recently obtained—over EFF’s bitter opposition.

Matthew unpacks the Fourth Circuit ruling that a politician cannot block constituents on her official Facebook page because it has become a public forum.

Nick explains how the Hal Martin Saga keeps getting weirder—and we try on the full aluminum foil hat to explain how the whole thing could have been orchestrated by the GRU to turn Kaspersky Lab into a hero.

Ron Wyden and Motherboard combined to get mobile phone companies to stop selling location data to third parties. I wonder whether we’ll regret the result. Nobody else does.

Happy New Year from Big Brother: Vietnam takes a leaf from the EU and Chinese playbooks, threatening Facebook with fines for allowing prohibited posts and failing to localize data.

For comic relief, we cover the cybersecurity misadventures of “El Chapo.” Nick Weaver sums up the lesson: Bespoke security is almost always bad security. Oh, and never take a phone from a paranoid boss.

We close with a quick review of how China has misused the Great Firewall to launch cyberattacks and what Silicon Valley (or the rest of us) can do in response. 

Download the 246th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Nate Jones, David Kris and I kick off 2019 with a roundup of the month of news since we took our Christmas break. First, we break down the utterly predictable but undismissable Silicon Valley claim that the administration’s new export control strategy will hurt the emerging AI industry.

Then we draw on our guests’ expertise in counterintelligence prosecutions to review the APT10 indictment – and the claim by Jack Goldsmith and Robert Williams that the strategy is a failure. We conclude that it isn’t a magic bullet, but that’s not quite the same as a failure. I tease my plan to introduce two dozen more or less unthinkable retaliatory responses the U.S. could deploy if and when it decides to get more serious about deterring adversarial cyber operations.

We quickly cover three new hacks that once looked as though they might be government sponsored. Now it looks as though two were less strategic than that. The denial of service attack on newspaper printing may have been a profit-motivated ransomware attack, and the guy who doxxed the German political establishment may have been a lone hacker (hopefully not one weighing 400 pounds or we’ll never hear the end of it).

We quickly review the bidding on the U.S.-China “quantum arms race,” which may be a bit less critical than the press suggests.

David and Nate also review the mixed bag of rulings on three motions to suppress in Hal Martin’s NSA theft case, which just gets weirder and weirder. David and I are in surprising agreement (along with the judge) that the FBI overreached in using handcuffs, a flashbang and a SWAT team to conduct “noncustodial” questioning of Martin.

Today’s forecast: Windy with a high probability of litigation as Los Angeles sues The Weather Company for collecting and sharing location information in its apps. We suspect that, in claiming a lack of adequate disclosure about location collection, Los Angeles is relying on the ancient legal maxim, “Damned if you do and damned if you don’t.”

In other litigation news, Illinois’s biometric privacy law continues to encounter judicial skepticism. But the Illinois state courts, unburdened by federal standing law, may yet give teeth to this seriously dumb law as Rosenbach v. Six Flags lives on in the Illinois Supreme Court.

In Quick Hits, I am intrigued by the idea that a clever generative adversarial AI “cheated” at a mapping task. In fact, the lesson is both less exciting and more troubling: If you don’t understand how your AI is accomplishing the task you’ve set for it, you need to expect some rude surprises.

Despite all the talk of stasis and crisis in Washington, Congress is still passing modestly useful legislation on cyber issues. Nate describes the SECURE Technology Act, which sets vulnerability disclosure policy and calls for bug bounties at DHS.

And, finally, I recommend a fascinating and deeply ambivalating report on the many ways third-party sellers game Amazon’s Marketplace rules.

Download the 245th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

On December 17th, Alan Cohn hosted the 244th episode of The Cyberlaw Podcast. We took a deep dive into all things blockchain and cryptocurrency, discussing recent regulatory developments and projections for 2019.

Our episode begins with Alan welcoming Will Turner to Steptoe’s Corporate and Blockchain Practice. Turner joins the firm’s Chicago office as partner, bringing with him with more than two decades of experience in corporate and securities law, primarily with application to cryptocurrency, fund formation, investment transactions and mergers and acquisitions. Turner also handles matters involving capitalizations, project finance, restructurings and joint ventures. Will Turner explains why the crypto market became bear in 2018, associating this development with the increase in mergers and acquisitions activity in the crypto market. Moving into 2019, Will projects the “hot items” will be anti-money laundering and securities compliance. In addition, Will presents a more general overview of how the blockchain industry is no different from other industries.

Evan Abrams discusses the joint statement issued by the Federal Reserve, the Federal Deposit Insurance Corporation, the Treasury’s Financial Crimes Enforcement Network, the Office of the Comptroller of the Currency and the National Credit Union Administration urging use of technology to bolster anti-money laundering compliance. Abrams states that banks can and should be engaging with the industry and the importance of striking a balance between technology and privacy. Abrams also discusses the U.S. Department of Treasury’s Office of Foreign Assets Control sanctions compliance risks for cryptocurrency companies. In 2019, Abrams projects increased attention on digital counterparts as blockchain-related financial institutions continue to grow. Evan Abrams also highlights the New York Department of Financial Services recent announcement authorizing Signature Bank, a New York State-chartered bank, to offer a digital payment platform called Signet that leverages blockchain technology.

Finally, Josh Oppenheimer covers recent LabCFTC updates from the Commodity Futures Trading Commission (CFTC). On November 27, 2018, the Commodity Futures Trading Commission’s LabCFTC FinTech initiative released A Primer On Smart Contracts. This is the first time since 2017 that the CFTC opined on issues relating to blockchain. The agency released its first primer on virtual currencies on October 17, 2017. Oppenheimer also discusses the pledge the G20 nations made earlier this month regarding their commitment to regulate crypto-assets to further a resilient and open global financial system. In so doing, they agreed to follow standards set forth by the Financial Action Task Force, or FATF. Oppenheimer notes this is significant because FATF, as the global standard setter, has insight into different regulatory approaches and constantly receives input from industry stakeholders. Lastly, Oppenheimer talks about how Ohio is set to become the first state in the country to accept tax payments using cryptocurrency.

For the interview portion of our podcast, Alan welcomes back Gary Goldsholle, who joins the firm as partner, after serving nearly four years as deputy director and senior adviser of the Securities and Exchange Commission’s (SEC) Division of Trading and Markets. Goldsholle brings more than two decades of experience as an executive in the federal government and securities self-regulatory organizations. Goldsholle is working with Steptoe’s Financial Services, Public Policy, and Blockchain and Cryptocurrency practices. Goldsholle discusses the Securities and Exchange Commission’s noteworthy announcement, just days before Thanksgiving, with significant implications for the network marketing industry regarding regulatory oversight and enforcement of cryptocurrency companies. In its Public Statement, the SEC referred to two recent enforcement actions against Paragon Coin, Inc. and CarrierEQ, Inc. (dba Airfox). Both companies sold tokens that the SEC determined to be unregistered securities. Goldsholle also provided insight into EtherDelta, the SEC order concerning trading Ether against other ERC-20 tokens. Moving into 2019, Goldsholle hopes the SEC will define and issue guidance on what the industry calls “utility tokens” and “consumption tokens.” He projects that a custody failure, or similarly significant event, will spur deeper discussion on the issue of taking custody of crypto-assets and promote guidance in the custody space.

Download the 244th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In the News Roundup, Nick Weaver and I offer very different assessments of Australia’s controversial encryption bill. Nick’s side of the argument is bolstered by Denise Howell, the original legal podcaster, with 445 weekly episodes of This Week in Law to her credit.

Later in the program, I interview Rep. Jim Langevin (D-RI), who’s a force for cybersecurity both on the Homeland Security Committee and on the Armed Services subcommittee that oversees Cyber Command and DARPA—a subcommittee that insiders expect him to be chairing in the next Congress.

Turning back to news, the Marriott hack, already one of the biggest in history, has developed a new and more interesting angle, Gus Hurwitz explains. It may have been a Chinese intelligence operation.

The Khashoggi killing has backfired on… Israeli and Italian state hacking companies? Yes, indeed. Hacking Team and NSO are now immersed in legal hot water. And as a sign of how much the Middle East has changed, Nate Jones tells us that a Saudi dissident is now waging lawfare in Tel Aviv.

We touch on what the detention in Canada of Huawei’s CFO means for U.S.-China technology relations as well as on a new DOD report on the risks of EMP. Nick explains why he doesn’t worry about EMP but nonetheless loves the EMP alarmists.

Download the 243rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

This episode features an interview with Michael Tiffany, the co-founder and president of White Ops and a deep student of how to curtail adtech fraud. Michael explains the adtech business, how fraudsters take advantage of its structure, and what a coalition of law enforcement and tech companies did to wreck one of the most successful fraud networks, known as 3ve. You can read more about the take down in the joint White Ops and Google report, “The Hunt for 3ve.”

In the news, David Kris covers the Supreme Court argument in the Apple antitrust standing case. At stake: whether Illinois Brick should apply outside a brick-and-mortar context. Our panel guesses that it won’t.

You knew this was coming: Megan Reiss covers U.S. proposals to screen Chinese students for espionage risk before giving them visas. We think it’s a good idea, but really wish there were a way to score every student in China for how compliant they are with government wishes…oh, wait…

Nobody trolls like the Russians troll. David Kris covers a Russian trollsuit claiming that Facebook has unfairly censored Russian speech. Showing that they know their opponents’ weakness, the suit includes broad hints that censoring Russians is … racist. Maury Shenk covers the bookend—Russian government threats to sue Google for not complying with Russian censorship demands. And I suggest that Putin’s Data Protection law will be just that—a law to protect Putin’s data. Speaking of privacy law always protecting the powerful, Michael Tiffany offers several reasons why GDPR has been good for Google and Facebook ad market share and bad for European competitors. It’s the tragedy of EU mercantilism: always aiming at the United States and usually hitting itself in the foot.

Another day, another Iranian hacking/ransomware indictment. What’s different about this one, Megan tells us, is that it includes a Treasury order freezing the bitcoin the Iranians collected. That’s a potentially new and powerful law enforcement tool. With only a little cajoling, David Kris acknowledges that this is one Trump administration initiative that is both novel and a good idea.

Wrapping up, David Kris ponders the surprisingly straightforward Fourth Amendment issues raised when the police have to stop an autonomous-mode Tesla going 70 on the 101 with a passed out “driver.” And Megan and I ponder the difficulty posed for social media by the “yellow-vest” riots in Paris. Which model applies: Arab Spring or Russian interference? You know what the Macron administration will say. Buckle up, Big Tech. To paraphrase Peter Parker’s Uncle Ben, with great power comes utter confusion.

Download the 242nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

I propose this episode’s title as Baker’s Law of Evil Technology, something that explains Twitter’s dysfunctional woke-ness, Yahoo’s crappy security and Uber’s deadly autonomous vehicles. Companies with lots of revenue can afford to offer a lot of stuff they don’t much care about, including protection of minority voices; security; and, um, not killing people. But as Uber’s travails show, all that can get tossed out the window when corporate survival is at stake. And here’s Baker’s Law in action: Airline algorithms that deliberately break up families sitting on the plane so they can charge to put the kids back in the same row.

I do a mini-interview of Adam Candeub, who has disclosed that the supposedly populist, supposedly Silicon Valley-skeptical Trump Administration has written a massive and antidemocratic subsidy for conservative-censoring social platforms into NAFTA 2.0. I rant (briefly) about it and pray that Congress kills it in the lame duck.

Merrick Garland may now be available. But, we ask Jamil Jaffer and Gus Hurwitz, is a Facebook Supreme Content Court a good idea?

Speaking of Facebook, even the 98-lb weaklings seem to be kicking sand in the company’s face. I lay out the latest, incredible tale about how an app that finds all your friends’ bikini pics ended up spurring an international breach of U.S. confidentiality orders—at the order of the UK Parliament’s sergeant at arms. And when I say incredible, I mean it; the story told by the participants is extraordinarily hard to believe.

Jamil and Gus note that Commerce has begun identifying an enormous list of “emerging” technologies to be restricted for export. Is this defense-industrial policy? And will it work? The panel disagrees.

Paul Rosenzweig reports that Airbnb now has its own (woker-than-thou, naturally) foreign policy. He thinks it may violate a host of state anti-BDS laws.

Nick Weaver gives us the latest Bear Facts. Both Cozy and Fancy are back with a vengeance—and not much concern about avoiding attribution.

Download the 241st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed! 

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.