The Cyberlaw Podcast

Brad Smith is President of Microsoft and author (with Carol Ann Browne) of Tools and Weapons: The Promise and Peril of the Digital Age.” The book is a collection of vignettes of the tech policy battles in the last decade or so. Smith had a ringside seat for most of them, and he recounts what he learned in a compelling and good-natured way in the book—and in this episode’s interview. Starting with the Snowden disclosures and the emotional reaction of Silicon Valley, through the CLOUD Act, Brad Smith and Microsoft displayed a relatively even keel while trying to reflect the interests of its many stakeholders. In that effort, Smith makes the case for more international cooperation in regulating digital technology. Along the way, he discloses how the Cyberlaw Podcast’s own Nate Jones and Amy Hogan-Burney became “Namy,” achieving a fame and moniker inside Microsoft that only Brangelina has achieved in the wider world. Finally, he sums up Microsoft’s own journey in the last quarter century as a recognition that humility is a better long-term strategy than hubris.

Turning to the news, it looks like the surveillance renewal debate will be pushed to March 15 instead of Dec. 15. That’s thanks to impeachment, David Kris assesses. We summarize what’s up for renewal before turning to the hottest of FISA topics: The Justice Department’s inspector general report on bias in the FBI’s investigation of the Trump-Russia connection in 2016. All we’re getting at this point is self-serving leaks, but it sounds as though the report is finding real misbehavior only in the lower rungs of the Bureau. The IG finds no political bias at the top, but criminal charges against one lawyer look possible.

David sums up China’s Vulnerability Equities Process: “You can disclose the vulns when MSS is done using them.”

Nick Weaver, meanwhile, tells us that China’s dependence on U.S.-origin AI frameworks is more a matter of bragging rights rather than real disadvantage—unless you think that being unable to deny access to GitHub is a real disadvantage. And if you’re Xi Jinping, you might.

Nate Jones, already immortalized as the quiet half of Namy, reveals that Iran’s APT33 is targeting industrial control systems—and that Iran has shut down its Internet for several days in the face of civil unrest. I suggest that we keep track of the regime-essential links that stay up—so we can take them down if Iran decides to use its new upstream access to industrial control systems.

Nate and I ask why a majority of the UN General Assembly bought into a Russian proposal for a “cybercrime” resolution. Hint: Many of the governments that support it couldn’t survive a democratic election and a free press.

Speaking of Russians, Nick flags a Brian Krebs explainer on why the Russians really, really didn’t want their accused cybercriminal extradited from Israel to the US.

David and I gape in wonder at the chutzpah of the Indiana police force that accused a suspected drug dealer of theft for removing a police GPS tracker from his car—and then used that theft to justify a search of his home.

And in quick hits, Nick covers the new Russian law that prohibits sale of devices without preinstalled “alternative” software. And Nick and I debate the value and legality of Uber’s plan to introduce audio recordings during rides.

 

Join Steptoe for a complimentary webinar on Tuesday, Dec. 10. We’ll be talking about the impacts on retailers of the newly implemented California Consumer Privacy Act and the EU’s General Data Protection Regulation. This is a fast-moving area of the law; we can keep you up to date. You can find out more and register here.

 

Download the 289th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunesGoogle PlaySpotifyPocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-289.mp3
Category:general -- posted at: 11:56am EDT

This Week in Mistrusting Google: Klon Kitchen points to a Wall Street Journal story about all the ways Google tweaks its search engine to yield results that look machine-made but aren’t. He and I agree that most of these tweaks have understandable justifications – but you have to trust Google not to misuse them. And increasingly no one does. The same goes for Google’s foray into amassing and organizing health data on millions of Americans. It’s a nothingburger with mayo, unless you mistrust Google. Since mistrusting Google is a growth industry, it’s getting a lot of attention, including from HHS investigators. Matthew Heiman explains, and when he’s done, my money is on Google surviving that investigation comfortably. The capital of mistrusting Google is Brussels, and not surprisingly, Maury Shenk tells us that the EU has forced Google to modify its advertising protocols to exclude data on health-related sites visited by its customers.

A Massachusetts federal district court says suspicionless device searches at borders are not okay. Matthew and I dig into the details. Bottom line: Requiring reasonable suspicion for electronics searches isn’t a tough standard, but reason to believe the phone contains contraband is likely to stop a lot of searches. But that’s only good news for US citizens. Foreign travelers’ phones can also be searched if there’s reason to believe they contain evidence relevant to whether they should be admitted to the country, and reasonable suspicion that such evidence will be found is not hard to come by.

The US Supreme Court will be deciding whether APIs can be copyrighted (or whether copying them is fair use). I put my Supreme Court maven cred on the line, predicting that the Court is going to reverse the federal circuit and reject Oracle’s claim that it can extract hefty rent payments from Google for Android’s use of Oracle APIs.

An injunction against disseminating violent and inciting speech is causing angst in Hong Kong. Maury explains why.

Klon unpacks the story of the Chinese hackers who’ve been spying on the US National Association of Manufacturers

Maury and I throw shade at the federal court’s claim that it’s arbitrary and capricious for the Trump Administration to conclude that it couldn’t really administer an export control ban on the release of 3D gun plans. 

In a lightning round, no one should be surprised that Microsoft is making CCPA the law of the land. Nor that Amazon sells a lot of stuff directly from China. Or, frankly, that the hullabaloo over “sophisticated” DDoS attacks on British political parties is just campaign grist.

Download the 288th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-288.mp3
Category:general -- posted at: 12:17pm EDT

The Foreign Agent Registration Act is having a moment – in fact its best year since 1939, as the Justice Department charges three people with spying on Twitter users for Saudi Arabia. Since they were clearly acting like spies but not stealing government secrets or company intellectual property, FARA seems to be the only law that they could be charged with violating. Nate Jones and I debate whether the Justice Department can make the charges stick.

Nick Weaver goes off on NSO Group for its failure to supervise the way its customers intrude on cell phone contents. I’m less sure that NSO deserves its bad rap, and I wonder whether WhatsApp should have compromised what looks like 1100 legitimate law enforcement investigations because it questions 100 other uses of NSO malware.

Speaking of Facebook’s judgment, Paul Rosenzweig and I turn out to be surprisingly sympathetic to the company’s stand on political ads and whether “Mama Facebook” should decide their truthfulness. Twitter, darling of the press, has gotten away with a no-political-ads stance that is at least as problematical.

Nate, Paul, and I go pretty far down the rabbit hole arguing whether search warrants should give police access to DNA databases.

The National Security Commission on Artificial intelligence has published its interim report, and Nick, Nate, and I can’t really quarrel with its contents, except to complain that it doesn’t break a lot of new ground.

And maybe all this AI is still a little overrated. Remember that AI fake news text generator that OpenAI claimed was “too dangerous to release”? Well it’s been released, and it turns out to be bone stupid. We test it live, and the results would have to have been a lot better to scratch their way up to “underwhelming.”

Nick tells us why nobody who ever worked with the US government should even change planes in Russia these days.

And in a lightning round, Paul and I ask when blowing off Congress became a thing anybody could do. Nick dumps on both sides in the Great DOH debate. Ted Cruz has called out USTR for sticking Section 230 into trade deals.

And This Week in Pew! Pew! Pew! It really is the 21st Century now that we’re using lasers to attack computers. Nick explains how to order fifty copies of Skating on Stilts using your neighbor’s Amazon account and a laser.

Download the 287th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-287.mp3
Category:general -- posted at: 6:06pm EDT

This episode is a wide-ranging interview with Andy Greenberg, author of Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book contains plenty of original reporting, served up with journalistic flair. It digs deep into some of the most startling and destructive cyberattacks of recent years, from two dangerous attacks on Ukraine’s power grid, to the multibillion-dollar NotPetya, and then to a sophisticated but largely failed effort to bring down the Seoul Olympics and pin the blame on North Korea. Apart from sophisticated coding and irresponsibly indiscriminate targeting, all these episodes have one thing in common. They are all the work of Russia's GRU.

Andy persuasively sets out the attribution and then asks what kind of corporate culture supports such adventurism – and whether there is a strategic vision behind the GRU’s attacks. The interview convinced me at least that the GRU is pursuing a strategy of muscular nihilism – "our system doesn't work, but yours too is based on fragile illusions." It's a kind of global cyber intifada, with all the dangers and all the self-defeating tactics of the original intifadas. Don't disagree until you've listened!

Download the 286th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-286.mp3
Category:general -- posted at: 12:52pm EDT

We open the episode with David Kris’s thoughts on the two-years-late CFIUS investigation of TikTok, its Chinese owner, ByteDance, and ByteDance’s US acquisition of the lip-syncing company Musical.ly. Our best guess is that this unprecedented reach-back investigation will end in a more or less precedented mitigation agreement.

I cover the WhatsApp suit against NSO Group over the use of spyware on WhatsApp’s network. I predict that this is going to be a highwire act given the applicable precedents on whether violating terms of service also violates the Computer Fraud and Abuse Act. I also muse on whether NSO will find ways to make this a much less comfortable lawsuit for WhatsApp to pursue.

I award the ACLU the prize for making a PR and fundraising mountain out of a molehill of a lawsuit. Matthew Heiman and I try to decide which took less effort – cutting and pasting the ACLU’s generic FOIA complaint or cutting and pasting the ACLU’s generic “Oh my God, it’s a surveillance dystopia” press release. 

I comment on a heart-warming story about a geek in Normal, Illinois, who runs the most successful ransomware-rescue site in the world – and is going broke doing it. Advice to DHS’s CISA: Why not sponsor prizes for people who post ransomware decryptors with real impact? 

Mark MacCarthy discusses the guidance provided by the Defense Innovation Board on building ethical AI. I complain that political correctness seems to outweigh things like, you know, winning wars.

Matthew tells us that Israel is creating its own CFIUS-like panel, and we note the longstanding tension between the US and Israel over Chinese access to Israeli technology.

David notes more decoupling: The Interior Department has grounded its entire drone fleet, citing the risk from Chinese manufacturers.

Mark and I find common ground in thinking the Facebook got the political ad censorship question more right than wrong. Twitter rises to the challenge, naturally. 

Matthew fills us in on a story suggesting that North Korea breached an Indian nuclear plant’s network. He and I also briefly note that Georgia was the victim of a massive case of cyber vandalism.

In updates of past stories, I cover Coalfire’s persuasive critique of the sheriff who arrested the company’s pentesters in an Iowa courthouse. In another even longer-running story, the latest and perhaps the last word on the LabMD-Tiversa-FTC imbroglio can be found in an excellent New Yorker story that leaves LabMD looking good, the FTC looking bad, and Tiversa looking like a candidate for criminal prosecution. Finally, David updates the story of the 2016 Uber hack that cost the company’s chief security officer his job. It’s also going to cost the hackers their freedom, as they plead guilty to CFAA violations. 

Download the 285th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-285.mp3
Category:general -- posted at: 11:31am EDT

I talk about the photographs of Congresswoman Katie Hill and whether the rush to portray her as a victim of revenge porn raises questions about revenge porn laws themselves. Paul Rosenzweig, emboldened by twin tweets – from President Trump calling Never-Trumpers like him “human scum” and from Mark Hamill welcoming him to the Rebel Scum Alliance – takes issue with me.

In a more serious vein, Brian Egan, Paul, and I dig deep into the roots of the battle over how to keep “emerging technology” out of Chinese hands. 

Paul explains a Georgia Supreme Court ruling that cops need a warrant to access automobile data after an accident.

Brian and I talk about why DHS might issue a binding operational directive requiring federal agencies to adopt vulnerability disclosure programs.

Maury Shenk tells us to look for tougher cybersecurity rules in China starting December 1.

Paul unpacks the thinking behind a finding of bias in a widely used algorithm found in a healthcare system.

Maury tells us that “going dark is not going dark.” India’s Supreme Court is consolidating the legal fights over WhatsApp’s end-to-end encryption. In Afghanistan, meanwhile, the New York Times says that WhatsApp has become a key tool for communication by the government

I note a well-written study that contradicts the media narrative that YouTube’s recommendation engine is what’s radicalizing Americans. According to the authors, the problem isn’t YouTube’s recommendations but an audience that is looking for the kinds of alternative content that conservatives (not to mention the Alt-Right and the Alt-Lite) are offering.

In shorter takes, Paul and I cover Microsoft beating AWS for an enormous Pentagon cloud contract, and Brian takes on the question of lies in political ads on Facebook. I ask whether we would be wise to follow Russia’s example and disconnect from the Internet from time to time. 

Finally, Maury and I explore the challenge that TikTok poses not just to the US government but also to the Chinese government. Short take: TikTok can get away with more pro-Hong-Kong-protest speech in the US than the NBA can. 

Download the 284th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-284.mp3
Category:general -- posted at: 3:30pm EDT

Our interview is with Alex Joel, former Chief of the Office of Civil Liberties, Privacy, and Transparency at the Office of the Director of National Intelligence. Alex is now at the American University law school’s Tech, Law, and Security Program. We share stories about the difficulties of government startups and how the ODNI carved out a role for itself in the Intelligence Community (hint: It involved good lawyering). We dive pretty deep on recent FISA court opinions and the changes they forced in FBI procedures. In the course of that discussion, I realize that every “reform” of intelligence dreamed up by Congress in the last decade has turned out to be a self-licking compliance trap, and I take back some of my praise for the DNI’s lawyering.

In the News Roundup, we’re inundated by serious new reports on cyberattacks. Dave Aitel admits that the hacking group he envies most is Turla, which was recently discovered to have totally pwned and stolen the entire attack infrastructure of an Iranian government team. Dave notes that Avast has succumbed to a second, far-reaching intrusion into its network, reminiscent of the last attack, which led to the company sending out a compromised CCleaner application: We may never know whether Avast got the intruder out, Dave suggests, but his hat is off to the company’s PR team. In still more pwnage news, Dave praises two new detailed reports from security companies: FireEye’s report on APT41’s combination of espionage and cybercrime and Crowdstrike’s report on amazingly successful Chinese efforts to steal aircraft intellectual property. And one more: Cyber Command has leaked the bare minimum of information designed to show that Iran’s strike against Saudi oil facilities did not go unpunished. Dave and I take our hats off to Iran’s PR team, which responded to the vague leak by claiming that Cyber Command “must have dreamt it.”

In other news, Gus Hurwitz breaks down a recent Ninth Circuit decision construing the Section 230 immunity for tools that filter content on the Internet. Remarkably, two judges thought that the immunity for preventing access to “objectionable” content would allow a company to cut off consumers’ access to its competitor’s products. Luckily, the two judges were a district court judge and the Ninth Circuit dissenter. But the close call shows how broadly the “objectionable” immunity sweeps. Which raises the question whether our trade agreements should broaden the immunity and turn it into international law that can’t be amended easily, or at all. That was a point of rare bipartisan agreement at a recent House hearing. But there’s no sign yet that Congress is going to reject the trade deals that do this. Gus and I also touch on the latest flaps over social media content monitoring. 

Dan Podair explains what’s good and what’s missing from the California Attorney General’s rules implementing California’s new, sweeping privacy act.

Poor Equifax: Just when they were hoping the worst had passed, the plaintiff’s bar doxxed even more embarrassing security failings. Dave offers this cold comfort: All the mistakes that were offered to show that Equifax security was bad could be found in pretty much any network in the country. More cold than comfort, Dave!

And, finally, we close with This Week in Puerile Jokes: All inspired, of course, by the UK Government’s decision to drop its plan to require ID to watch sex videos online.

Download the 283rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-283_1.mp3
Category:general -- posted at: 10:37am EDT

Our interview is with Sultan Meghji, CEO of Neocova. We cover the large Chinese investment in quantum technology and what it means for the United States. It’s possible that Chinese physicists are even better than American physicists at extracting funding from their government. Indeed, it looks as though some quantum tech, such as the use of entangled particles to identify eavesdropping, may turn out to have dubious military value. But not all. Sultan thinks the threat of special purpose quantum computing to break encryption poses a real, near-term threat to U.S. financial institutions’ security.

In the News Roundup, we cover the new California Consumer Privacy Act regulations, which devote a surprising amount of their 24 pages to fixing problems caused by the Act’s feel-good promise that consumers can access and delete the information companies have on them. Speaking of feel-good laws that are full of liability land mines for companies, the Supreme Court has let stand a Ninth Circuit ruling that allows blind people to sue under the Americans with Disabilities Act if websites don’t accommodate their needs. Nick Weaver and I explore the risks of making law by retroactively imposing liability.

Weirdly for a populist administration that says it hates the big social platforms for restricting speech, the Trump trade negotiators are actually expanding Section 230 immunities for Silicon Valley that both left and right have begun to question. The expansion is buried in hard-to-amend and even-harder-to-repeal trade agreements. By way of explanation, I explain the Realpolitik of trade deals. As if to prove my point, the U.S. and Japan have signed a Digital Trade Agreement that has much the same provision.

Nick and I muse on the rise of Commerce Department sanctions on individual companies. In a way, such sanctions are a less harsh alternative to OFAC boycotts, but like antibiotics, they either destroy the target or teach it to develop better resistance for the future.

Does TLS stand for “Tough Luck, Sucker?” That’s the message of a new and clever form of malware, softly attributed to the Russian FSB.

Apple, having banned, then unbanned an app that locates police activity in Hong Kong, has re-banned it. Tim Cook’s explanation triggers Nick’s bovine excrement detection system. In a Final Four of Hypocritical Surrender, LeBron and the NBA give ESPN a run for its money. South Park fails to qualify.

Matthew Heiman and I discuss India’s effort to create a national facial recognition system. Naturally BuzzFeed News thinks it’s evil.

Nick and I consider DHS’s request for the power to subpoena ISPs to identify owners of compromised systems. I critique Herb Lin’s suggestion that the ISPs can solve the problem without giving data to DHS.

As Matthew notes, it was just last month that the French government gave the world a stiff-necked little lecture on respecting sovereignty in cyberspace. So why are French police helping reprogram computers in Latin America? Because it’s different when the French are doing it than when it’s done to them, I surmise.

A recent “good guy with a keyboard” story offers me one more chance to ask why someone who’s rescued hundreds from ransomware should have to worry for one minute about liability for the compromised C2 machines he re-compromised in the rescue.

Matthew and I try to simplify a complex ruling from two FISA courts. Among the takeaways: The FBI has been running a lot of searches against 702 databases (3.1 million a year!), and the FISA courts are overusing the Fourth Amendment, which in FISA minimization cases is like trying to do brain surgery with a chainsaw.

Argh! That embarrassing Bloomberg Supermicro story is back. Sort of. Wired has shown that something like this could really be done. Which, Nick points out, we already knew.

I give a shoutout to Jennifer Daskal and Peter Swire for their useful overview of the U.K.-U.S. CLOUD Act, but I wonder if mutual “no targeting of the other country’s nationals” assurances are a scalable solution.

Finally, Matthew reviews the second volume of the Senate Intelligence Committee’s investigation into Russian election interference. The TL;DR? The Russians did what you think they did. Mildly surprising: After starting out just trying to hurt Hillary, by the end the Russians seem to have been trying to help Trump too.

 

Download the 282nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-282.mp3
Category:general -- posted at: 6:20pm EDT

Today’s episode opens with a truly disturbing bit of neocolonial judicial lawmaking from the Court of Justice of the European Union. The CJEU ruled that an Austrian court can order Facebook to take down statements about an Austrian politician. Called an “oaf” and a “fascist,” the politician more or less proved the truth of the accusations by suing to keep that and similar statements off Facebook worldwide. Trying to find allies for my proposal to adopt blocking legislation to protect the First Amendment from foreign government interference, I argue that President Trump should support such a law. After all, if he were ever to insult a European politician on Twitter, this ruling could lead to litigation that takes his Twitter account offline. True, he could criticize the judges responsible for the judgment as “French” or “German” without upsetting CNN, but that would be cold comfort. At last, a legislative and international agenda for the Age of Trump!

Nick Weaver returns to give the FDA a better report card than I expected on its approach to cybersecurity. But we agree that the state of medical device and implant security remains parlous.

I try my hand at explaining the D.C. Circuit’s Net Neutrality ruling in Mozilla v. FCC. There are still some rounds to be played, but Net Neutrality, if not dead, may at least be pining for the fjords.

Introducing a new feature: This Week in Elizabeth Warren. She has a plan to revive the Congressional Office of Technology Assessment. Nick likes the idea. I’m less enthusiastic, perhaps because I actually did some work for OTA before it disappeared.

Nick also helps unpack the flap over Google’s proposal to do DNS-over-HTTPS, and why ISPs aren’t happy about it. Bottom line: If you haven’t been paying much attention to the issue, you’ve made the right choice. Just think of how much time you saved by listening to the podcast!

Nick explains how Uzbekistan managed to give cyberattacks an aura, not of menace or invincibility, but of clownish incompetence.

David Kris explains the objections from privacy advocates and NGOs to the French government’s use of nationwide facial recognition for its ID program. I suggest that this may be the dumbest face recognition privacy “scandal” in history.

The cops shut down a Dark Web data center operating from… a NATO bunker? Nick reveals that the main reason to operate from a NATO bunker is, well, marketing.

Apparently channeling Stewart Baker, Attorney General Bill Barr is all-in on discouraging mass-market warrant-proof encryption. Nick thinks he’s picked the wrong fight. And maybe Nick’s right, since the civil-liberties shine on Apple is looking a little scuffed these days.

David tells us that NSA has launched a new defense directorate with Anne Neuberger at its helm. I promise to have her on the podcast early next year.

David talks about the California man charged with delivering classified information to China’s Ministry of State Security.

A Yahoo engineer pleads guilty to hacking emails for pornographic images. I’m surprised this doesn’t happen every month.

And in a sign that Congress can reach bipartisan agreement on bills that do more or less nothing, both the House and the Senate have adopted bills authorizing (but not funding) DHS “cyber hunt” teams to help local governments suffering from cyber ransom and other attacks.

Bringing back an old favorite, I cover the hacking of an electronic billboard to play porn.

 

Download the 281st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-281.mp3
Category:general -- posted at: 12:53pm EDT

In this episode I cross swords with John Samples of the Cato Institute on Silicon Valley’s efforts to disadvantage conservative speech and what to do about it. I accuse him of Panglossian libertarianism; he challenges me to identify any way in which bringing government into the dispute will make things better. I say government is already in it, citing TikTok’s People’s Republic of China-friendly “community standards” and Silicon Valley’s obeisance to European standards on hate speech and terror incitement. Disagreeing on how deep the Valley’s bias runs, we agree to put our money where our mouths are: I bet John $50 that Donald J. Trump will be suspended or banned from Twitter by the end of the year in which he leaves office.

There’s a lot of news in the Roundup. David Kris explains the background of the first CLOUD Act agreement that may be signed this year with the UK.

Nate Jones and I ask, “What is the president’s beef with CrowdStrike, anyway?” And find a certain amount of common ground on the answer.

This Week in Counterattacks in the War on Terror: David and I recount the origins and ironies of Congress’s willingness to end the NSA 215 phone surveillance program. We also take time to critique the New York Times’s wide-eyed hook-line-and-sinker ingestion of an EFF attack on the FBI’s use of National Security Letters.

Edward Snowden’s got a new book out, and the Justice Department wants to make sure he never collects his royalties. Nate explains. I’m just relieved that I will be able to read it without having to shoplift it. And it seems to be an episode for challenges, as I offer Snowden a chance to be interviewed on the podcast—anytime, anywhere, Ed!

Matthew Heiman explains the latest NotPeya travail for FedEx: A shareholder suit alleging that the company failed to disclose how much damage the malware caused to its ongoing business. 

Evan Abrams gives a hint about the contents of Treasury’s 300-page opus incorporating Congress’s overhaul of CFIUS into the CFR.

I credit David for inspiring my piece questioning how long end-to-end commercial encryption is going to last, and we note that even the New York Times seems to be questioning whether Silicon Valley’s latest enthusiasm is actually good for the world.

Matthew tells us that China may have a new tool in the trade war—or at least to keep companies toeing the party line: The government is assigning social credit scores to businesses. 

Finally, Matthew outlines France’s OG take on international law and cyber conflict. France opens up some distance between its views and those of the United States, but everyone will get a chance to talk at even greater length on the topic, as the U.N. gears up two different bodies to engage in yet another round of cyber-norm-building.

 

Download the 280th Episode (mp3). 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-280.mp3
Category:general -- posted at: 11:44am EDT