The Cyberlaw Podcast

The next trade war will be over transatlantic data flows, and it will make the fight with China look like a picnic. That’s the subject of this episode’s interview. The European Court of Justice is poised to go nuclear – to cut off US companies’ access to European customer data unless the US lets European courts and data protection agencies refashion its intelligence capabilities according to standards no European government has ever been required to meet. Maury Shenk and I interview Peter Swire on the Schrems cases that look nearly certain to provoke a transatlantic trade and intelligence crisis. Actually, Maury interviews Peter, and I throw bombs into the conversation. But if ever there were a cyberlaw topic that deserves more bomb-throwing, this is it.

In the News Roundup, David Kris tells us that the trial of alleged Vault7 leaker Joshua Schulte is under way. And the star of the first day is our very own podcast regular, Paul Rosenzweig

If you’re wondering whether more cybersecurity regulation is what the country needs, you should be paying attention to the Pentagon, which has embraced cybersecurity regulation for its contractors. Matthew Heiman reports that DOD isn’t finding the path easy. DOD has released its final cybersecurity plan for contractors, but the audit process needed to enforce it remains a mystery.

That’s SNAKE spelled backwards: David tells us about a new strain of ransomware; ominously, it is targeting industrial control systems. I manage to find a very modest silver lining.

Nate Jones sums up the cybersecurity lessons from the voting debacle in Iowa

Nate also reports on the FCC’s latest half-step toward suing one or more telcos for selling phone-location data.

Matthew covers the Maze ransomware that has ravaged law firms in recent weeks. He argues that it’s only a matter of time before such attacks become dog-bites-man stories.

Matthew also notes that Google and Facebook have apparently dropped plans to terminate their transpacific cable in Hong Kong. US national security concerns seem to have driven the decision. Looks like the Great Decoupling could be spurring a very real physical decoupling.

Nate makes the best of the 2020 version of a Worthwhile Canadian Initiative: The Senate Intel Committee’s third volume of its Russian electoral interference report. It’s sober and responsible and bipartisan – and disappeared from the news cycle overnight.

And to bring you up to speed on past stories: 

  • A Brazilian judge has declined to accept charges against Glenn Greenwald, “for now.” 
  • The poster child for the facial recognition moral panic can’t catch a break: Clearview AI has been hit with cease-and-desist from Google and Facebook.
  • Tag-teaming with Bill Barr, child-welfare activists are attacking Facebook over its encryption plans and what that means for exploited kids. 
  • One of the first CCPA lawsuits has been filed, against Salesforce.
  • And This Week in Silicon Valley content moderation:
    • Letterboxd banned a black libertarian film critic’s reviews.
    • James O’Keefe’s Twitter account was suspended after he named a Bernie Sanders staffer who spoke fondly of gulags and electoral violence.
    • And Twitter banned the widely popular Zero Hedge account after it named a Chinese researcher who it thought might have a role in coronavirus.

Download the 299th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-299.mp3
Category:general -- posted at: 11:36am EDT

Nick Weaver and I debate Sens. Graham and Blumenthal’s EARN IT Act, a proposal to require that social media firms follow best practices on preventing child abuse. If they don’t, they won’t get full Section 230 immunity from liability for recklessly allowing the abuse. Nick thinks the idea is ill-conceived and doomed to fail. I think there’s a core of sense to the proposal, which simply asks that Silicon Valley firms who are reckless about child abuse on their networks pay for the social costs they’re imposing. Since the bill gives the attorney general authority to modify the best practices submitted by a commission of industry, academic, and civic representatives, critics are sure that the final product will reduce corporate incentives to offer end-to-end encryption. 

But before we get to that debate, Gus Hurwitz and I unpack the law and tactics behind Facebook’s decision to pay $550 million to settle a facial recognition class action. And Klon Kitchen and Nick ponder the shocking corruption and coverup alleged in the case of a Harvard chemistry chairman being prosecuted for hiding the large sums he was getting from the Chinese government to boost its research into nanomaterials. 

Klon gives us a feel for just how hard it can be to enforce Iranian sanctions, and the creativity that went into one app developer’s evasion scheme. 

Gus and Nick offer real hope that robocalling will start to get harder, and soon: DOJ has requested restraining orders to stop telephone companies from facilitating fraudulent robocalls; the FTC has put 19 VoIP providers on notice for facilitating robocalls; and SHAKEN/STIR is slowly making it harder to spoof a phone number.

Gus asks a question that had never occurred to me, and certainly not to millions of homeowners who may have committed inadvertent felonies by installing Ring doorbell cameras. It turns out that Ring recordings may be illegal intercepts in states with all-party consent laws. At least that’s what one enterprising New Hampshire defense lawyer is arguing.

First they cock a snook at Brussels, and now this: The UK government is on a roll. It’s proposing an IoT security law that Nick endorses with enthusiasm.

Maryland, not so much: Klon critiques a proposed state law that would make ransomware illegal – and maybe ransomware research, too.

In dog-bites-man news, the United Nations has suffered a breach – probably by a semi-competent government. Which doesn’t narrow things down much, since as Nick observes, everyone but the Germans has probably pwned the UN. And the Germans are just being polite.

A lot of old stories have come back for one more turn on stage: The Russian hacker that the Russian government was afraid would sing if extradited to the US has pleaded guilty here and is probably singing already. Avast has killed Jumpshot, its much-criticized data collection operation. The Bezosphone Saga continues, as Sen. Chris Murphy calls on the DNI and FBI to investigate the hacking allegations, and Bezos’s girlfriend’s brother is suing for defamation. Charges against the Iowa courthouse penetration testers have finally been dropped. LabMD’s Mike Daugherty should probably hang up his cleats. He won a great victory over the FTC, but his racketeering suit against Tiversa and lawyers is officially time-barred. Finally, it turns out that the FBI has been investigating NSO Group since 2017, though without bringing charges, so far. 

Download the 298th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-298.mp3
Category:general -- posted at: 11:59am EDT

This episode features an interview on the Bezos phone flap with David Kaye and Alex Stamos. David is a UN Special Rapporteur and clinical professor of law at UC Irvine who first drew attention to an FTI Consulting report concluding that the Saudis did hack Bezos’ phone. Alex is director of the Stanford Internet Observatory and was the CSO at Facebook; he thinks the technical case against the Saudis needs work, and he calls for a supplemental forensic review of the phone. 

In the news, Nate Jones unpacks the US-China “phase one” trade deal and what it means for the tech divide.

Nick Weaver and I agree that the King County (Seattle) Conservation District’s notion of saving postage by having everyone vote by phone is nuts. Nick in particular reacts as you’d expect him to. 

Nate talks about the profound hit the credibility of the FISA process has taken as a result of the Justice Department admitting that two of four Carter Page warrants were invalid. Among other things, it opens FISA to a kitchen sink full of proposals for handcuffing national security wiretaps. Like this one from Sen. Ron Wyden and Sen. Steve Daines.

Brazil has charged Glenn Greenwald with “cybercrimes” on evidence that would be thin at best in the US, Nate argues. Nick agrees and is only sad that the Bolsonaro government has put him in the position of defending Greenwald.

Google is redesigning its search results again, blurring even further the line between ads and organic results. Living up to its new motto (“Don’t be caught being evil”), Google announces that it’s just testing its design, and everyone should chill. Nick and I are skeptical that A/B testing will tell Google anything other than which redesign fools consumers most effectively and thus makes more protection money for Google.

And speaking of protection money, this episode was not brought to you by Avast, the company that probably would have paid the most not to be mentioned on the Cyberlaw Podcast this week. Because they’ve been caught getting largely uninformed consent to the monitoring of their customers’ Web activities. 

Download the 297th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-297.mp3
Category:general -- posted at: 3:01pm EDT

This week’s episode includes an interview with Bruce Schneier about his recent op-ed on privacy. Bruce and I are both dubious about the current media trope that facial recognition technology was spawned by the Antichrist. He notes that what we are really worried about is a lot bigger than facial recognition and offers ways in which the law could address our deeper worry. I’m less optimistic about our ability to write or enforce laws designed to restrict use of information that gets cheaper to collect, to correlate, and to store every year. It’s a good, civilized exchange.

The News Roundup is a little truncated due to a technical failure. (It was a glitch in Zencastr for those of you keeping score, and I definitely am). As a result, we lost Nick Weaver’s audio for about half the program, including a hammer and tongs debate over Apple’s fight with the FBI. (But never fear, opportunities for that fight come by about as often as the Red Line comes to Dupont Circle.)

That said, it’s still a feisty episode. It begins with Michael Vatis teeing off on the California Consumer Privacy Act, the worst-drafted law he’s worked with in over 30 years of practice—and not much better on policy grounds.

We then return to Illinois’s recent law regulating AI hiring interviews systems like HireVue, and sparks fly again as Mark MacCarthy and I mix it up over allegations of AI “bias.” (I’m a skeptic, to put it mildly.)

Matthew Heiman covers the surprisingly thin claim that the GRU has phished its way into Burisma Holdings. And Nick comments on (yet another!) Italian surveillance tech firm getting into trouble by misusing its capabilities.

Not-so-Big Tech has begun asking Congress for antitrust help against Big Tech. Mark is skeptical; I’m a little less so.

Matthew and I compliment frequent contributor David Kris on his speed in delivering an amicus report on the FBI’s Horowitz reforms between one episode and the next – and before his Congressional critics can finish a letter questioning his appointment. One lingering, and possibly salutary, effect of the kerfuffle is that questions are being directed at the FISA Court itself, asking why it didn’t do a better job of policing the Carter Page excesses.

Mark reports on an unusual effort by Europe’s chief privacy officer to exempt academic researchers from strict compliance with data protections laws.

In quick hits, Matthew notes that Erdogan has bowed to the Turkish Supreme Court and has reinstated access to Wikipedia. He also reports on the Department of the Interior permanently grounding its drone fleet over spying concerns. Nick chuckles over China’s APT 40 getting doxed, and we both give credit to NSA’s Anne Neuberger for disclosing and enabling the patch by Microsoft of a major vulnerability in the Crypt32 library. And I note the likelihood that Clearview will be sued for violating terms of service to obtain the facial recognition data it uses to provide identification services to law enforcement.

 

Download the 296th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-296.mp3
Category:general -- posted at: 3:48pm EDT

There’s a fine line between legislation addressing deepfakes and legislation that is itself a deep fake. Nate Jones reports on the only federal legislation addressing the problem so far. I claim that it is well short of a serious regulatory effort—and pretty close to a fake law.

In contrast, India seems serious about imposing liability on companies whose unbreakable end-to-end crypto causes harm, at least to judge from the howls of the usual defenders of such crypto. David Kris explains how the law will work. I ask why Silicon Valley gets to impose the externalities of encryption-facilitated crime on society without consequence when we’d never allow tech companies to say that society should pick up the tab for their pollution because their products are so cool. In related news, the FBI may be turning the Pensacola military terrorism attack into a slow-motion replay of the San Bernardino fight with Apple, this time with more top cover.

Poor Nate seems to draw all the fake legislation in this episode. He explains a 2020 appropriations rider requiring the State Department to report on how it issues export licenses for cyber espionage capabilities; this is a follow-up to investigative reporting on the way such capabilities in the UAE ended up being used against human rights activists. As we agree, it’s an interesting and likely unsolvable policy problem, so the legislation opts for the most meaningless of remedies, requiring the Directorate of Defense Trade Control to report “on cybertools and capabilities licensing, including licensing screening and approval procedures as well as compliance and enforcement mechanisms” within 90 days.

Nate also gets to cover some decidedly un-fake requirements in the 2019 NDAA, limiting how defense contractors can use Chinese technology. The other shoe is about to drop, and if the first one was a baby shoe, the second is a Clydesdale’s horseshoe.

It’s hard to call it fake, but the latest export control rule restricting sales of AI could hardly be narrower. Maury Shenk and I speculate that this is because a long-term turf war has broken out again in export control policy circles. Maury’s money is on the business side of that fight, and the narrowness of the AI rule gives weight to his views.

And here’s some Christmas cheer for DOJ and national security officials: A federal district court presented Edward Snowden with a lump of coal—the only royalties it thought he deserved from a book that violated his nondisclosure agreement. Nate thinks it’s time for me to buy one, but I’m waiting for appellate confirmation.

Less festive news comes from the European Court of Justice’s advocate general opinion in Schrems II, a case that could greatly complicate EU-US data transfers by purporting to put Europeans in charge of how the US defends itself from terrorism. Maury explains; I complain.

David unpacks with clarity a complex Second Circuit decision on the constitutionality of FISA 702 collection. On the whole, Judge Lynch did a creditable job with a messy and unprecedented set of claims, though I question the wisdom of erecting a baroque mansion of judge-made procedures on a slippery foundation like the Fourth Amendment’s requirement that searches be “reasonable.”

And in short hits, Maury tells us that Italy has imposed a French-style revenue tax on Internet companies, and Russia claims that it has successfully tested the ability to disconnect from the Internet. Now if we could only get them to stay that way. Illinois has a new, mostly fake law imposing modest regulations on the use of AI in video job interviews. The TRACED Act rises above fakeness in attacking robocalls but just barely. And the FAA released an NPRM calling for a pretty serious requirement for remote ID of drones.

And to put everyone back in the Christmas spirit, LabMD won nearly a million dollars in fees from the Federal Trade Commission for the FTC’s bullheaded pursuit of the company despite the many flaws in its case. The master’s opinion makes clear just how badly the FTC erred in hounding LabMD.

 

Download the 295th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-295.mp3
Category:general -- posted at: 2:19pm EDT

For this special edition of the Cyberlaw Podcast, we’ve convened a panel of experts on intelligence and surveillance legal matters. We take a look at the Department of Justice Inspector General’s report on the FBI’s use of FISA applications – and the many errors in those applications. We also touch on FBI Director Wray’s response, as well as a public order issued by the Foreign Intelligence Surveillance Court. We wrap up with thoughts on how to resolve some of the issues identified by the IG’s report and suggestions for improving the FISA process.

Joining me on the panel:

  • Bob Litt, former general counsel of the Office of the Director of National Intelligence.
  • David Kris, who wrote the book on FISA and previously headed the DOJ’s National Security Division, which is responsible for FISA warrants.
  • Bobby Chesney of the University of Texas School of Law, as well as a founder of Lawfare and co-host of the National Security Law Podcast.

The Cyberlaw Podcast is going on hiatus for the holidays. We’ll be back in January with more insights into the latest events in technology, security, privacy, and government.

Download the 294th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-294.mp3
Category:general -- posted at: 10:40am EDT

This week Maury Shenk guest hosts the podcast.

Even with a "phase one" trade deal with China apparently agreed upon, there's, of course, plenty still at stake between China and the US in the tech space. Nate Jones reports on the Chinese government order for government offices to purge foreign software and equipment within three years and the plans of Arm China to develop chips using “state-approved” cryptography. Nick Weaver and I agree that, while there are some technical challenges on this road, there's a clear Chinese agenda to lose dependency on US suppliers. 

In the Department of Hacking, the aptly-named Plundervolt allows hackers to steal data using the power supply of Intel chips. The immediate hole has been closed, but Nick thinks the hack suggests bigger problems for Intel down the road. We also discuss Apple's flirtation with the using DMCA to get Twitter to de-tweet an encryption key compromising a less-than-critical aspect of iPhone 11 security, and I report on an 11th Circuit decision on insurance coverage for losses from spear-phishing.

With Stewart Baker away, I point out that it's not just the EU that is going after Big Tech. Amazon's new-ish Ring subsidiary seems to have scored a couple of own-goals with privacy and security practices for its smart doorbells – Nick explains in detail. And I relate the Wall Street Journal report that the FTC is considering seeking an injunction of Facebook app integration, and the big 7.5% tax that Turkey will levy on digital services beginning in March.

Finishing up in the Gulf, we look at a “very big” cyberattack on Iranian banks that the Iranian government claims is state-sponsored. Nate doubts intimations that the US is involved, and we agree that political and commercial motives are difficult to disentangle in this type of attack. Across the Strait of Hormuz, we explore the involvement of former counterterrorism czar Richard Clarke in helping the United Arab Emirates build its DREAD (who thought that was a good name?) counterterrorism unit and the policy implications and slippery slope of allowing US expertise to be used for such efforts.

Download the 293rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-293.mp3
Category:general -- posted at: 8:24pm EDT

The apparent terror attack at Naval Air Station Pensacola spurs a debate among our panelists about whether the FISA Section 215 metadata program deserves to be killed, as Congress has increasingly signaled it intends to do. If the Pensacola attack involved multiple parties acting across US borders, still a live possibility as we talked, then it would be just about the first such attacks since 9/11 – and exactly the kind of attack the metadata program was designed to identify in advance. 

Nick Weaver tells us that China has resurrected the Great Cannon to attack a popular Hong Kong forum for protesters. I ask why Google hasn’t started issuing warnings to Web browsers who cross the Great Firewall into China without enabling HTTPS to foil the Great Cannon. Meanwhile, Microsoft is working hard to make GitHub, an early Great Cannon victim, an essential part of China’s IT infrastructure. GitHub was attacked because it hosted some content that China hated, including the New York Times, and we verify in real-time that, despite the lure of the Chinese market, Microsoft has not told GitHub to dump the offending content.

In more China news, the trial lawyers are circling TikTok like a wounded wildebeest on the veldt. A California class action alleges that TikTok harvested and sent data to China, and an Illinois class action charges the company with violating COPPA by marketing to children without sufficient privacy safeguards.

Paul Rosenzweig and I dig deep into the 20-year history behind the now-abandoned proposal to conduct airport facial scans on US citizens leaving the country. We reach broad agreement that this is one of the rare privacy versus national security debates in which there’s precious little privacy or national security at stake.

Matthew Heiman provides an overview of the remarkable international food fight over taxes on digital business. USTR is threatening big tariffs on French wine to counter France’s digital tax. Spain is apparently eager to join France in the fight. And the effort to work everything out at the OECD, where the EU has a 20-1 voting advantage over the US, has predictably not worked out well from the US point of view.

Cue the white cat: The United States has actually imposed sanctions on “Evil Corp.” Nick explains that this is part of criminal charges against two highly effective Russian bank hackers – and arguably a confession of weakness on the US government’s part.

Meanwhile, Amazon’s efforts to avoid tort liability for third-party sales on its site look to be suffering a long strategic defeat in the courts. The latest example is a Sixth Circuit ruling allowing plaintiffs to pursue product tort claims against the Internet giant.

I offer a quick update and some kind words for Nancy Pelosi, who is calling for modification of the North American free trade deal to drop the provision turning Section 230 of the Communications Decency Act into international law. This is a genuinely bipartisan complaint, so perhaps she’ll prevail. 

Paul gets stuck explaining two dog-bites-man stories. The FBI says any Russian app could be a counterintelligence threat. What else could they say? And the European Commission, when asked what US regulation of encryption would mean for Europe, says more or less that it may have to move from eyebrow-lifting to throat-clearing

And Nick closes the program with advice about the new Android exploit that works (in the right circumstances) to compromise apps running on a fully patched and up-to-date Android phone

Download the 292nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-292.mp3
Category:general -- posted at: 11:36am EDT

Algorithms are at the heart of the Big Data/machine learning/AI changes that are propelling computerized decision-making. In their book, The Ethical Algorithm, Michael Kearns and Aaron Roth, two Computer Science professors at Penn, flag some of the social and ethical choices these changes are forcing upon us. My interview with them touches on many of the hot-button issues surrounding algorithmic decision-making. Michael and Aaron may not agree with my formulation, but the conversation provides a framework for testing it – and leaves me more skeptical about “bias hacking” of algorithmic outputs.

Less controversial, but equally fun, is a dive into the ways in which Big Data and algorithms defeat old-school anonymization – and the ways in which that problem can be solved. Our guests from Philadelphia help me understand the value of differential privacy. And if you wondered why, say, much of the social science and nutrition research of the last 50 years doesn’t hold up to scrutiny, blame Big Data and algorithms that reliably generate significant correlations once in every 20 tries.

Michael and Aaron also take us deep into the unexpected social costs of algorithmic optimization. It turns out that a recommendation engine that produces exactly what we want, even when we didn’t know we wanted it, is great in the moment but maybe not so great for society. Creating markets in areas once governed by social norms can optimize individual choice but at a considerable social cost, and it turns out that algorithms can do the same – optimize individual gratification in the moment while roiling our social and political order in unpredictable ways. We would react badly to a proposal that dating choices become microeconomic transactions (otherwise known as prostitution) but we don’t feel the same way about reducing them to algorithms. Maybe we should.

Direct download: TheCyberlawPodcast-291.mp3
Category:general -- posted at: 11:12am EDT

This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that never once mention China. More accurately, the Department has rolled out a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude that the government is still fighting about the content of a policy it’s already announced. And to show that decoupling can go both ways, a U.S.-based chip-tech group is moving to Switzerland to reassure its Chinese participants. Nick Weaver and I conclude that there’s a little less here than Reuters seems to think.

Mark MacCarthy tells us that reports of the University of Chicago’s weather turning sunny and warm for hipster antitrust plaintiffs are probably overdone. Even so, Silicon Valley should be at least a little nervous that even Chicago School enforcers are taking a hard look at personal data and free services as sources of anti-competitive conduct.

Mark also highlights my favorite story of the week, as the Right to be Forgotten discredits itself in, where else, Germany. Turns out that you can kill two people and wound a third on a yacht in the Atlantic, get convicted, serve 20 years, and then demand that everybody just forget it happened. The doctrine hasn’t just jumped the shark. It’s doubled back and put a couple of bullets in the fish for good measure.

Nick explains why NSA is so worried about TLS inspection. And delivers a rant on bad cybersecurity software along the way.

It’s been a bad week for TikTok, which was caught blocking an American Muslim teen who posted about Uighurs in China and offered an explanation that was believable only because US social media companies have offered explanations that were even less credible. I suggest that all the criticism will just lead to more and sneakier ways to block disfavored content without getting caught. And Brian tells us how the flap might affect TikTok’s pending CFIUS negotiation.

Nick ladles out abuse for the bozo who thought it was a good idea to offer cryptocurrency advice on avoiding sanctions to Kim Jong Un’s cyber bank robbers. And Brian explains that the government’s prosecution of the bozo might have to tiptoe past the First Amendment.

Senate Democrats have introduced the Consumer Online Privacy Rights Act, an online privacy bill with an unfortunate acronym (think fossilized dinosaur poop). Mark and I conclude that the bill is more a sign that Washington isn’t going to do privacy before 2021.

Who can resist GPS crop circle spoofing by sand pirates? Not Nick. Or me. Arrr.

I update our story on DHS’s CISA, which has now issued in draft a binding operational directive on vulnerability disclosure policies for federal agencies. It’s now taking comments on GitHub.

And in quick hits: The death of the Hippie Internet, part 734: Apple changes its map to show Crimea as Russian, but only for Russians; Facebook accepts correction notice from the Singapore government; our own Paul Rosenzweig will be an expert witness in the government’s prosecution of the Vault 7 leaker; and Apple’s bad IT cost it $467,000 for sanctions violations. I ask whether we should be blaming Scooby-Doo for the error.

Join Steptoe for a complimentary webinar on Tuesday, December 10. We’ll be talking about the impacts on retailers of the newly implemented California Consumer Privacy Act and the EU’s General Data Protection Regulation. This is a fast-moving area of the law; we can keep you up to date. You can find out more and register here.

Download the 290th Episode (mp3).

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-290.mp3
Category:general -- posted at: 12:39pm EDT