In our last episode before the August break, the Cyberlaw Podcast drills down on the AI industry leaders’ trip to Washington, where they dutifully signed up to what Gus Hurwitz calls “a bag of promises.” Gus and I parse the promises, some of which are empty, others of which have substance. Along the way, we examine the EU’s struggling campaign to lobby other countries to adopt its AI regulation framework. Really, guys, if you don’t want to be called regulatory neocolonialists, maybe you shouldn’t go around telling former European colonies to change their laws to match Europe’s.

Jeffery Atik picks up the AI baton, unpacking Senate Majority Leader Chuck Schumer’s (D-N.Y.) overhyped set of AI amendments to the National Defense Authorization Act (NDAA), and panning authors’ claim that AI models have been “stealing” their works. Also this week, another endless and unjustified claim of high-tech infringement came to a likely close with appellate rejection of the argument that linking to a site violates the site’s copyright. We also cover the industry’s unfortunately well-founded fear of enabling face recognition and Meta’s unusual open-source AI strategy.

Richard Stiennon pulls the podcast back to the National Cybersecurity Implementation Plan, which I praised last episode for its disciplined format. Richard introduces us to an Atlantic Council report allowing several domain experts to mark up the text. This exposes flaws not apparent on first read; it turns out that the implementation plan took a few remarkable dives, even omitting all mention of one of the strategy’s more ambitious goals.  

Gus gives us a regulatory lawyer’s take on the FCC’s new cybersecurity label for IoT devices and the EPA’s beleaguered regulations for water system cybersecurity. He doubts that either program can be grounded in a grant of regulatory jurisdiction. Richard points out that CISA managed to get new cybersecurity concessions from Microsoft without even a pretense of regulatory jurisdiction. 

Gus gives us a quick assessment of the latest DOJ/FTC draft merger review guidelines. He thinks it’s an overreach that will tarnish the prestige and persuasiveness of the guidelines.

In quick hits:

• Richard updates us on the latest U.S. sanctions on European spyware firms. I offer a dissent from the whole campaign.

• Jeffery covers the brain drain in semiconductors from Europe to China, and we ask when it will hit the U.S. 

• Gus covers the latest technopanic and media handwringing over the use of technology to catch serial killers and drug dealers.

• Speaking of technopanics, I question the latest narrative expressing shock that an FBI agent searched the 702 database

Download 469th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast kicks off with a stinging defeat for the Federal Trade Commission (FTC), which could not persuade the courts to suspend the Microsoft-Activision Blizzard acquisition. Mark MacCarthy says that the FTC’s loss will pave the way for a complete victory for Microsoft, as other jurisdictions trim their sails. We congratulate Brad Smith, Microsoft’s President, whose policy smarts likely helped to construct this win.

Meanwhile, the FTC is still doubling down on its determination to pursue aggressive legal theories. Maury Shenk explains the agency’s investigation of OpenAI, which raises issues not usually associated with consumer protection. Mark and Maury argue that this is just a variation of the tactic that made the FTC the de facto privacy regulator in the U.S. I ask why policing ChatGPT’s hallucinatory libel problem constitutes consumer protection, and they answer, plausibly, that libel is a kind of deception, which the FTC does have authority to police.

Mark then helps us drill down on the Associated Press deal licensing its archives to OpenAI, a deal that may turn out to be good for both companies.

Nick Weaver and I try to make sense of the district court ruling that Ripple’s XRP is a regulated investment contract when provided to sophisticated buyers but not when sold to retail customers in the market. It is hard to say that it makes policy sense, since the securities laws are there to protect the retail customers more than sophisticated buyers. But it does seem to be at least temporary good news for the cryptocurrency exchanges, who now have a basis for offering what the SEC has been calling an unregistered security. And it’s clearly bad news for the SEC, which may not be able to litigate its way to the Cryptopocalypse it has been pursuing.

Andy Greenberg makes a guest appearance to discuss his WIRED story about the still mysterious mechanism by which Chinese cyberspies acquired the ability to forge Microsoft authentication tokens. 

Maury tells us why Meta’s Twitter-killer, Threads, won’t be available soon in Europe. That leads me to reflect on just how disastrously Brussels has managed the EU’s economy. Fifteen years ago, the U.S. and EU had roughly similar GDPs, at about $15 trillion each. Now the EU GDP has scarcely grown, while U.S. GCP is close to $25 trillion. It’s hard to believe that EU tech policy hasn’t contributed to this continental impoverishment, which Maury points out is even making Brexit look good. 

Maury also explains the French police drive to get explicit authority to conduct surveillance through cell phones. Nick offers his take on FISA section 702 reform. Stories. And Maury evaluates Amazon’s challenge to new EU content rules, which he thinks have more policy than legal appeal.

Not content with his takedown of the Ripple decision, Nick reviews all the criminal cases in which cryptocurrency enthusiasts are embroiled. These include a Chinese bust of Multichain, the sentencing of Variety Jones for his role in the Silk Road crime market, and the arrest of Alex Mashinsky, CEO of the cryptocurrency exchange Celsius.

Finally, in quick hits, 

• Mark and I duel over the lawsuit claiming that Texas’s TikTok Ban on government phones will threaten academic freedom.

• I praise the surprisingly good National Cybersecurity-Strategy Implementation Plan and puzzle over the decision not to nominate the acting head of that office to head the office permanently.

• And I note that the Allow States and Victims to Fight Online Sex Trafficking Act, also known as FOSTA-SESTA, reviled by the left, has withstood a constitutional challenge in the DC Circuit.

Download 468th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It’s surely fitting that a decision released on July 4 would set off fireworks on the Cyberlaw Podcast. The source of the drama was U.S. District Court Judge Terry Doughty’s injunction prohibiting multiple federal agencies from leaning on social media platforms to suppress speech the agencies don’t like. Megan Stifel, Paul Rosenzweig, and I could not disagree more about the decision, which seems quite justified to me, given the aggressive White House communications telling the platforms whose speech the government wanted suppressed. Paul and Megan argue that it’s not censorship, that the judge got standing law wrong, and that I ought to invite a few content moderation aficionados on for a full hour episode on the topic.  

That all comes after a much less lively review of recent stories on artificial intelligence. Sultan Meghji downplays OpenAI’s claim that they’ve taken a step forward in preventing the emergence of a “misaligned”—in other words evil—superintelligence. We note what may be the first real-life “liar’s dividend” from deep faked voice. Even more interesting is the prospect that large language models will end up poisoning themselves by consuming their own waste—that is, by being trained on recent internet discourse that includes large volumes of text created by earlier models. That might stall progress in AI, Sultan suggests. But not, I predict before government regulation tries to do the same; as witness, New York City’s law requiring companies that use AI in hiring to disclose all the evidence needed to sue them for discrimination. Also vying to load large language models with rent-seeking demands are Big Content lawyers. Sultan and I try to separate the few legitimate intellectual property claims against AI from the many bogus ones.  I channel a recent New York gubernatorial candidate in opining that the rent-seeking is too damn high. 

Paul dissects China’s most recent and self-defeating effort to deter the West from decoupling from Chinese supply chains. It looks as though China was so eager to punish the West that it rolled out supply chain penalties before it had the leverage to make the punishment stick. Speaking of self-defeating Chinese government policies, it looks as though the government’s two-minute hate directed at China’s fintech giants is coming to an end.

Sultan walks us through the wreckage of the American cryptocurrency industry, pausing to note the executive exodus from Binance and the end of the view that cryptocurrency could be squared with U.S. regulatory authorities. Not in this administration, and maybe not in any, and outcome that will delay financial modernization here for years. I renew my promise to get Gus Coldebella on the podcast to see if he can turn the tide of negativism. 

In quick hits and updates:

• There’s an effort afoot to amend the National Defense Authorization Act  to prevent American government agencies, and only American government agencies, from buying data available to everyone else. We are skeptical that it will pass. 

• The EU and the U.S. have reached a (third) transatlantic data transfer deal, and just in time for Meta, which was facing a new set of competition attacks on its data protection compliance.

• And Canada, which already looks ineffectual for passing a link tax that led Facebook and Google to simply drop links to Canadian media, now looks ineffectual and petty, announcing it has pulled its paltry advertising budget from Facebook.

• Oh, and last year’s social media villain is this year’s social media hero, at least on the left, as Meta launches Threads and threatens Twitter’s hopes for a recovery.

Download 467th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Geopolitics has always played a role in prosecuting hackers. But it’s getting a lot more complicated, as Kurt Sanger reports. Responding to a U.S. request, a Russian cybersecurity executive has been arrested in Kazakhstan, accused of having hacked Dropbox and Linkedin more than ten years ago. The executive, Nikita Kislitsin, has been hammered by geopolitics in that time. The firm he joined after the alleged hacking, Group IB, has seen its CEO arrested by Russia for treason—probably for getting too close to U.S. investigators. Group IB sold off all its Russian assets and moved to Singapore, while Kislitsin stayed behind, but showed up in Kazakhstan recently, perhaps as a result of the Ukraine war. Now both Russia and the U.S. have dueling extradition requests before the Kazakh authorities; Paul Stephan points out that Kazakhstan’s tenuous independence from Russia will be tested by the tug of war. 

In more hacker geopolitics, Kurt and Justin Sherman examine the hacking of a Russian satellite communication system that served military and civilian users. It’s reminiscent of the Viasat hack that complicated Ukrainian communications, and a bunch of unrelated commercial services, when Russia invaded. Kurt explores the law of war issues raised by an attack with multiple impacts. Justin and I consider the claim that the Wagner group carried it out as part of their aborted protest march on Moscow. We end up thinking that this makes more sense as the Ukrainians serving up revenge for Viasat at a time when it might complicate Russian’s response to the Wagner group.  But when it’s hacking and geopolitics, who really knows?

Paul outlines the legal theory—and antitrust nostalgia—behind the  FTC’s planned lawsuit targeting Amazon’s exploitation of its sales platform.  

We also ask whether the FTC will file the case in court or before the FTC’s own administrative law judge. The latter may smooth the lawsuit’s early steps, but it will also bring to the fore arguments that Lina Khan should recuse herself because she’s already expressed a view on the issues to be raised by the lawsuit. I’m not Chairman Khan’s biggest fan, but I don’t see why her policy views should lead to recusal; they are, after all, why she was appointed in the first place.

Justin and I cover the latest Chinese law raising the risk of doing business in that country by adopting a vague and sweeping view of espionage. 

Paul and I try to straighten out the EU’s apparently endless series of laws governing data, from General Data Protection Regulation (GDPR) and the AI Act to the Data Act (not to be confused with the Data Governance Act). This week, Paul summarizes the Data Act, which sets the terms for access and control over nonpersonal data. It’s based on a plausible idea—that government can unleash the value of data by clarifying and making fair the rules for who can use data in new businesses. Of course, the EU is unable to resist imposing its own views of fairness, thus upsetting existing commercial arrangements without really providing any certainty about what will replace them. The outcome is likely to reduce, not improve, the certainty that new data businesses want. 

Speaking of which, that’s the critique of the AI Act now being offered by dozens of European business executives, whose open letter slams the way the AI Act kludged the regulation of generative AI into a framework where it didn’t really fit. They accuse the European Parliament of “wanting to anchor the regulation of generative AI in law and proceeding with a rigid compliance logic [that] is as bureaucratic …  as it is ineffective in fulfilling its purpose.” And you thought I was the EU-basher. 

Justin recaps an Indian court’s rejection of Twitter’s lawsuit challenging the Indian government’s orders to block users who’ve earned the government’s ire. Kurt covers a matching story about whether Facebook should suspend Hun Sen’s Facebook account for threatening users with violence. I take us to Nigeria and question why social media thinks governments can be punished for threatening violence.

Finally, in two updates,

• I note that Google has joined Facebook in calling Canada’s bluff by refusing to link to Canadian news media in order to avoid the Canadian link tax. 

• And I do a victory lap for the Cyberlaw Podcast’s Amber Alert feature. One week after we nominated the Commerce Department’s IT supply chain security program for an Amber Alert, the Department answered the call by posting the supply chain czar position in USAJOBS.

Download 466th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Max Schrems is the lawyer and activist behind two (and, probably soon, a third) legal challenge to the adequacy of U.S. law to protect European personal data. Thanks to the Federalist Society’s Regulatory Transparency Project, Max and I were able to spend an hour debating the law and policy behind Europe’s generation-long fight with the United States over transatlantic data flows.  It’s civil, pointed, occasionally raucous, and wide-ranging – a fun, detailed introduction to the issues that will almost certainly feature in the next round of litigation over the latest agreement between Europe and the U.S. Don’t miss it!

Download 465th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Sen. Schumer (D-N.Y.) has announced an ambitious plan to produce a bipartisan AI regulation program in a matter of months. Jordan Schneider admires the project; I’m more skeptical. The rest of our commentators, Chessie Lockhart and Michael Ellis, also weigh in on AI issues. Chessie lays out the case against panicking over existential AI threats, this week canvassed in the MIT Technology Review. I suggest that anyone complaining that the EU or China is getting ahead of the U.S. in AI regulation (lookin’ at you, Sen. Warner!) doesn’t quite understand the race we’re running. Jordan explains the difficulty the U.S. faces in trying to keep China from surprising us in AI.

Michael catches us up on Canada’s ill-advised effort to force Google and Meta to pay Canadian media whenever a user links to a Canadian story. Meta has already said it would rather end such links. The end result could be that even more Canadian news gets filtered through American media, hardly a popular outcome north of the border.

Speaking of ill-advised regulatory initiatives, Michael and I comment on Australia’s threatening Twitter with a fine for allowing too much hate speech on the platform post-Elon.  

Chessie gives an overview of the Data Elimination and Limiting Extensive Tracking and Exchange Act or the DELETE Act, a relatively modest bipartisan effort to regulate data brokers’ control of personal data. Michael and I talk about the growing tension between EU member states with real national security tasks to complete and the Brussels establishment, which has enjoyed a 70-year holiday from national security history and expects the next 70 to be more of the same. The latest conflict is over how much leeway to give member states when they feel the need to plant spyware on journalists’ phones. Remarkably, both sides think the government should have such leeway; the fight is over how much.  

Michael and I are surprised that the BBC feels obliged to ask, “Why is it so rare to hear about Western cyber-attacks?” Because, BBC, the agencies carrying out those attacks are on our side and mostly respect rules we support.

In updates and quick hits:

• I bring listeners up to date on how things turned out for the lawyers who filed a ChatGPT-hallucinated brief in federal court: Not well. 

• Chessie flags the creation of a new Justice Department section in the National Security Division: Natsec Cyber

• Chessie also welcomes the growing recognition, some of it in cold, hard cash, for cyber security clinics. 

Download 464th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Senator Ron Wyden (D-Ore.) is to moral panics over privacy what Andreessen Horowitz is to cryptocurrency startups. He’s constantly trying to blow life into them, hoping to justify new restrictions on government or private uses of data. His latest crusade is against the intelligence community’s purchase of behavioral data, which is generally available to everyone from Amazon to the GRU. He has launched his campaign several times, introducing legislation, holding up Avril Haines’s confirmation over the issue, and extracting a Director of National Intelligence report on the topic that has now been declassified. It was a sober and reasonable explanation of why commercial data is valuable for intelligence purposes, so naturally WIRED magazine’s headline summary was, “The U.S. Is Openly Stockpiling Dirt on All Its Citizens.” Matthew Heiman takes us through the story, sparking a debate that pulls in Michael Karanicolas and Cristin Flynn Goodwin.

Next, Michael explains IBM’s announcement that it has made a big step forward in quantum computing. 

Meanwhile, Cristin tells us, the EU has taken another incremental step forward in producing its AI Act—mainly by piling even more demands on artificial intelligence companies. We debate whether Europe can be a leader in AI regulation if it has no AI industry. (I think it makes the whole effort easier, pointing to a Stanford study suggesting that every AI model we’ve seen is already in violation of the AI Act’s requirements.)

Michael and I discuss a story claiming persuasively that an Amazon driver’s allegation of racism led to an Amazon customer being booted out of his own “smart” home system for days. This leads us to the question of how Silicon Valley’s many “local” monopolies enable its unaccountable power to dish out punishment to customers it doesn’t approve of.

Matthew recaps the administration’s effort to turn the debate over renewal of section 702 of FISA. This week, it rolled out some impressive claims about the cyber value of 702, including identifying the Colonial Pipeline attackers (and getting back some of the ransom). It also introduced yet another set of FBI reforms designed to ensure that agents face career consequences for breaking the rules on accessing 702 data. 

Cristin and I award North Korea the “Most Improved Nation State Hacker” prize for the decade, as the country triples its cryptocurrency thefts and shows real talent for social engineering and supply chain exploits. Meanwhile, the Russians who are likely behind Anonymous Sudan decided to embarrass Microsoft with a DDOS attack on its application level. The real puzzle is what Russia gains from the stunt. 

Finally, in updates and quick hits, we give deputy national cyber director Rob Knake a fond sendoff, as he moves to the private sector, we anticipate an important competition decision in a couple of months as the FTC tries to stop the Microsoft-Activision Blizzard merger in court, and I speculate on what could be a Very Big Deal – the possible breakup of Google’s adtech business.

Download 463rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It was a disastrous week for cryptocurrency in the United States, as the Securities Exchange Commission (SEC) filed suit against the two biggest exchanges, Binance and Coinbase, on a theory that makes it nearly impossible to run a cryptocurrency exchange that is competitive with overseas exchanges. Nick Weaver lays out the differences between “process crimes” and “crime crimes,” and how they help distinguish the two lawsuits. The SEC action marks the end of an uneasy truce, but not the end of the debate. Both exchanges have the funds for a hundred-million-dollar defense and lobbying campaign. So you can expect to hear more about this issue for years (and years) to come.

I touch on two AI regulation stories. First, I found Mark Andreessen’s post trying to head off AI regulation pretty persuasive until the end, where he said that the risk of bad people using AI for bad things can be addressed by using AI to stop them. Sorry, Mark, it doesn’t work that way. We aren’t stopping the crimes that modern encryption makes possible by throwing more crypto at the culprits. 

My nominee for the AI Regulation Hall of Fame, though, goes to Japan, which has decided to address the phony issue of AI copyright infringement by declaring that it’s a phony issue and there’ll be no copyright liability for their AI industry when they train models on copyrighted content. This is the right answer, but it’s also a brilliant way of borrowing and subverting the EU’s GDPR model (“We regulate the world, and help EU industry too”). If Japan applies this policy to models built and trained in Japan, it will give Japanese AI companies at least an arguable immunity from copyright claims  around the world. Companies will flock to Japan to train their models and build their datasets in relative regulatory certainty. The rest of the world can follow suit or watch their industries set up shop in Japan. It helps, of course, that copyright claims against AI are mostly rent-seeking by Big Content, but this has to be the smartest piece of international AI regulation any jurisdiction has come up with so far.

Kurt Sanger, just back from a NATO cyber conference in Estonia, explains why military cyber defenders are stressing their need for access to the private networks they’ll be defending. Whether they’ll get it, we agree, is another kettle of fish entirely.

David Kris turns to public-private cooperation issues in another context. The Cyberspace Solarium Commission has another report out. It calls on the government to refresh and rethink the aging orders that regulate how the government deals with the private sector on cyber matters.

Kurt and I consider whether Russia is committing war crimes by DDOSing emergency services in Ukraine at the same time as its bombing of Ukrainian cities. We agree that the evidence isn’t there yet. 

Nick and I dig into two recent exploits that stand out from the crowd. It turns out that Barracuda’s security appliance has been so badly compromised that the only remedial measure involve a woodchipper. Nick is confident that the tradecraft here suggests a nation-state attacker. I wonder if it’s also a way to move Barracuda’s customers to the cloud. 

The other compromise is an attack on MOVEit Transfer. The attack on the secure file transfer system has allowed ransomware gang Clop to download so much proprietary data that they have resorted to telling their victims to self-identify and pay the ransom rather than wait for Clop to figure out who they’ve pawned.

Kurt, David, and I talk about the White House effort to sell section 702 of FISA for its cybersecurity value and my effort, with Michael Ellis, to sell 702 (packaged with intelligence reform) to a conservative caucus that is newly skeptical of the intelligence community. David finds himself uncomfortably close to endorsing our efforts.

Finally, in quick updates:

• Nick talks about Tesla’s Full Self Driving, and the accidents it has been involved in

• I warn listeners that Virginia has joined the ranks of states that require an ID proving age to access Pornhub. I predict that twenty states will adopt such a requirement in the next year

Download 462nd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast kicks off with a spirited debate over AI regulation. Mark MacCarthy dismisses AI researchers’ recent call for attention to the existential risks posed by AI; he thinks it’s a sci-fi distraction from the real issues that need regulation—copyright, privacy, fraud, and competition. I’m utterly flummoxed by the determination on the left to insist that existential threats are not worth discussing, at least while other, more immediate regulatory proposals have not been addressed. Mark and I cross swords about whether anything on his list really needs new, AI-specific regulation when Big Content is already pursuing copyright claims in court, the FTC is already primed to look at AI-enabled fraud and monopolization, and privacy harms are still speculative. Paul Rosenzweig reminds us that we are apparently recapitulating a debate being held behind closed doors in the Biden administration. Paul also points to potentially promising research from OpenAI on reducing AI hallucination.

Gus Hurwitz breaks down the week in FTC news. Amazon settled an FTC claim over children’s privacy and another over security failings at Amazon’s Ring doorbell operation. The bigger story is the FTC’s effort to issue a commercial death sentence on Meta’s children’s business for what looks to Gus and me more like a misdemeanor. Meta thinks, with some justice, that the FTC is looking for an excuse to rewrite the 2019 consent decree, something Meta says only a court can do.

 Paul flags a batch of China stories:

• China’s version of Bloomberg has begun quietly limiting the information about China’s economy that is available to overseas users.

•  TikTok is accused of storing influencers’ sensitive financial information In China, contrary to its promises.

•  Malaysia won’t ban Huawei from it 5G network. 

• The former Harvard chair convicted of lying about taking Chinese money has been sentenced to just two days in prison.

• And another professor charged and then exonerated of commercial espionage has won the right to sue the FBI for his arrest.

Gus tells us that Microsoft has effectively lost a data protection case in Ireland and will face a fine of more than $400 million. I seize the opportunity to plug my upcoming debate with Max Schrems over the Privacy Framework. 

Paul is surprised to find even the State Department rising to the defense of section 702 of Foreign Intelligence Surveillance Act (“FISA"). 

Gus asks whether automated tip suggestions should be condemned as “dark patterns” and whether the FTC needs to investigate the New York Times’s stubborn refusal to let him cancel his subscription. He also previews California’s impending Journalism Preservation Act.

Download 461st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In this bonus episode of the Cyberlaw Podcast, I interview Jimmy Wales, the cofounder of Wikipedia. Wikipedia is a rare survivor from the Internet Hippie Age, coexisting like a great herbivorous dinosaur with Facebook, Twitter, and the other carnivorous mammals of Web 2.0. Perhaps not coincidentally, Jimmy is the most prominent founder of a massive internet institution not to become a billionaire. We explore why that is, and how he feels about it. 

I ask Jimmy whether Wikipedia’s model is sustainable, and what new challenges lie ahead for the online encyclopedia. We explore the claim that Wikipedia has a lefty bias, whether a neutral point of view can be maintained by including only material from trusted sources, and I ask Jimmy about a concrete, and in my view weirdly biased, entry in Wikipedia on “Communism.”

We close with an exploration of the opportunities and risks posed for Wikipedia from ChatGPT and other large language AI models.  

Download 460th Episode (mp3) 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.