David Kris opens this episode of the Cyberlaw Podcast by laying out some of the massive disruption that the Biden Administration has kicked off in China’s semiconductor industry—and its Western suppliers. The reverberations of the administration’s new measures will be felt for years, and the Chinese government’s response, not to mention the ultimate consequences, remains uncertain.

Richard Stiennon, our industry analyst, gives us an overview of the cybersecurity market, where tech and cyber companies have taken a beating but cybersecurity startups continue to gain funding. 

Mark MacCarthy reviews the industry from the viewpoint of the trustbusters. Google is facing what looks like a serious AdTech platform challenge from several directions—the EU, the Justice Department, and several states. Facebook, meanwhile, is lucky to be a target of the Federal Trade Commission, which rather embarrassingly had to withdraw claims that the acquisition of Within would remove an actual (as opposed to hypothetical) competitor from the market. No one seems to have challenged Google’s acquisition of Mandiant, meanwhile. Richard suspects that is because Google is not likely to do anything with the company. 

David walks us through the new White House national security strategy—and puts it in historical context. 

Mark and I cross swords over PayPal’s determination to take my money for saying things Paypal doesn’t like. Visa and Mastercard are less upfront about their ability to boycott businesses they consider beyond the pale, but all money transfer companies have rules of this kind, he says. We end up agreeing that transparency, the measure usually recommended for platform speech suppression, makes sense for Paypal and its ilk, especially since they’re already subject to extensive government regulation.  

Richard and I dive into the market for identity security. It’s hot, thanks to zero trust computing. Thoma Bravo is leading a rollup of identity companies. I predict security troubles ahead for the merged portfolio.  

In updates and quick hits:

• The Texas social media law is on hold again, but do not get excited. It is a  voluntary deal designed to speed Supreme Court consideration of a review petition. 
• Now Ukraine knows how Twitter feels: Elon Musk has changed his mind again. He will not be demanding that Department of Defense pay for the Starlink service Elon rolled out at the start of the war with Russia.
• After catching Google red-handed in what looks like ideological use of a spam filter, the GOP now appears to be overplaying its hand. 

And I predict much more coverage, not to mention prosecutorial attention, will result from accusations that a powerful partner at the establishment law firm, Dechert, engaged in hack-and-dox attacks on adversaries of his clients.

It’s been a jam-packed week of cyberlaw news, but the big debate of the episode is triggered by the White House blueprint for an AI Bill of Rights. I’ve just released a long post about the campaign to end “AI bias” in general, and the blueprint in particular. In my view, the bill of rights will end up imposing racial and gender (and intersex!) quotas on a vast swath of American life. Nick Weaver argues that AI is in fact a source of secondhand racism and sexism, something that will not be fixed until we do a better job of forcing the algorithm to explain how it arrives at the outcomes it produces. We do not agree on much, but we do agree that lack of explainability is a big problem for the new technology.

President Biden has issued an executive order meant to resolve the U.S.-EU spat over transatlantic data flows. At least for a few years, until the anti-American EU Court of Justice finds it wanting again. Nick and I explore some of the mechanics. I think it’s bad for the privacy of U.S. persons and for the comprehensibility of U.S. intelligence reports, but the judicial system the order creates is cleverly designed to discourage litigant grandstanding.

Matthew Heiman covers the biggest CISO, or chief information security officer, news of the week, the month, and the year—the criminal conviction of Uber’s CSO, Joe Sullivan, for failure to disclose a data breach to the Federal Trade Commission. He is less surprised by the verdict than others, but we agree that it will change the way CISO’s do their job and relate to their fellow corporate officers.

Brian Fleming joins us to cover an earthquake in U.S.-China tech trade—the sweeping new export restrictions on U.S. chips and technology. This will be a big deal for all U.S. tech companies, we agree, and probably a disaster for them in the long run if U.S. allies don’t join the party. 

I go back to dig a little deeper on two cases we covered with just a couple of hours’ notice last week—the Supreme Court’s grant of review in two cases touching on Big Tech’s liability for hosting the content of terror groups. It turns out that only one of the cases is likely to turn on Section 230. That’s Google’s almost laughable claim that holding YouTube liable for recommending terrorist videos is holding it liable as a publisher. The other case will almost certainly turn on when distribution of terrorist content can be punished as “material assistance” to terror groups.

Brian walks us through the endless negotiations between TikTok and the U.S. over a security deal. We are both puzzled over the partisanization of TikTok security, although I suggest a reason why that might be happening.  

Matthew catches us up on a little-covered Russian hack and leak operation aimed at former MI6 boss Richard Dearlove and British Prime Minister Boris Johnson. Matthew gives Dearlove’s security awareness a low grade.

Finally, two updates: 

• Nick catches us up on the Elon Musk-Twitter fight. Nick's gloating now, but he is sure he'll be booted off the platform when Musk takes over.
• And I pass on some very unhappy feedback from a friend at the Election Integrity Partnership (EIP), who feels we were too credulous in commenting on a JustTheNews story that left a strong impression of unseemly cooperation in suppressing election integrity misinformation. The EIP’s response makes several good points in its own defense, but I remain concerned that the project as a whole raises real concerns about how tightly Silicon Valley embraced the suppression of speech “delegitimizing” election results.

We open today’s episode by teasing the Supreme Court’s decision to review whether section 230 protects big platforms from liability for materially assisting terror groups whose speech they distribute (or even recommend). I predict that this is the beginning of the end of the house of cards that aggressive lawyering and good press have built on the back of section 230. Why? Because Big Tech stayed out of the Supreme Court too long. Now, just when section 230 gets to the Court, everyone hates Silicon Valley and its entitled content moderators. Jane Bambauer, Gus Hurwitz, and Mark MacCarthy weigh in, despite the unfairness of having to comment on a cert grant that is two hours old.

Just to remind us why everyone hates Big Tech’s content practices, we do a quick review of the week’s news in content suppression. 

• A couple of conservative provocateurs prepared a video consisting of Democrats being “election deniers.” The purpose was to show the hypocrisy of those who criticize the GOP for a meme that belonged mainly to Dems until two years ago. And it worked. YouTube did a manual review before it was even released and demonetized the video because, well, who knows? An outcry led to reinstatement, too late for YouTube’s reputation. Jane has the story.
• YouTube also steps in the same mess by first suppressing then restoring a video by Giorgia Meloni, the biggest winner of Italy’s recent election. She’s on the right, but you already knew that from how YouTube dealt with her.
• Mark covers an even more troubling story, in which government officials point to online posts about election security that they don’t like, NGOs that the government will soon be funding take those complaints to Silicon Valley, and the platforms take a lot of the posts down. Really, what could possibly go wrong?
• Jane asks why Facebook is “moderating” private messages by the wife of an FBI whistleblower. I suspect that this is related to the government and big tech’s hyperaggressive joint pursuit of anything related to January 6. But it definitely requires investigation.
• Across the Atlantic, Jane notes, the Brits are hating Facebook for the content it let 14-year-old Molly Russell read before her suicide. Exactly what was wrong with the content is a little obscure, but we agree that the material served to minors is ripe for more regulation, especially outside the United States.

For a change of pace, Mark has some largely unalloyed good news. The International Telecommunication Union will not be run by a Russian; instead it elected an American, Doreen Bodan-Martin to lead it.  

Mark tells us that all the Sturm und Drang over tougher antitrust laws for Silicon Valley has wound down to a few modestly tougher provisions that have now passed the House. That may be all that can get passed this year, and perhaps in this Administration.

Gus gives us a few highlights from FTCland:

• The FTC is likely to strengthen enforcement tools for its consent decrees, mainly by tagging individuals with potential fines for violations. Gus doubts this will work out well in practice.
• The FTC is also end-running a recent Supreme Court decision that denied it the authority to impose certain financial penalties. Now the Commission will bring cases jointly with state agencies who have that authority.

Jane unpacks a California law prohibiting cooperation with subpoenas from other states without an assurance that the subpoenas aren’t investigating abortions that would be legal in California. I again nominate California as playing the role in federalism for the twenty-first century that South Carolina played in the nineteenth and twentieth centuries and predict that some enterprising red state attorney general is likely to enjoy litigating the validity of California’s law – and likely winning.

Gus notes that private antitrust cases remain hard to win, especially without evidence, as Amazon and major book publishers gain the dismissal of antitrust lawsuits over book pricing.

Finally, in quick hits and updates:

• Gus previews an upcoming executive order to cool off the fight over data transfers across the Atlantic
• I cover two U.S. espionage arrests, one of which is best summarized by the Babylon Bee

I also note a large privacy flap Down Under, as the exposure of lots of personal data from a telco database seems likely to cost the carrier, and its parent dearly.

Russian botmasters have suddenly discovered that extradition to the U.S. may be better than going home and facing mobilization.

This episode features a much deeper, and more diverse, examination of the Fifth Circuit decision upholding Texas’s social media law. We devote the last half of the episode to a structured dialogue about the opinion between Adam Candeub and Alan Rozenshtein. Both have written about it already, Alan critically and Adam supportively. I lead off, arguing that, contrary to legal Twitter’s dismissive reaction, the opinion is a brilliant and effective piece of Supreme Court advocacy. Alan thinks that is exactly the problem; he objects to the opinion’s grating self-certainty and refusal to acknowledge the less convenient parts of past case law. Adam is closer to my view. We all seem to agree that the opinion succeeds as an audition for Judge Andrew Oldham to become Justice Oldham in the DeSantis Administration.  

We walk through the opinion and what its critics don’t like, touching on the competing free expression interests of social media users and of the platforms themselves, whether there’s any basis for an injunction today, given the relative weakness of the overbreadth argument and the fundamental disagreement over whether “exercising editorial discretion” is a fundamental right under the first amendment or just an artifact of older technologies. Most intriguing, we find unexpected consensus that Judge Oldham’s (and Clarence Thomas’s) common carrier argument may turn out to be the most powerful point in the opinion and when the case reaches the Court.

In the news roundup, we focus on the Congressional sprint to pass additional legislation before the end of the Congress. Michael Ellis explains the debate between the Cyberspace Solarium Commission alumni and business lobbyists over enacting a statutory set of obligations for systemically critical infrastructure companies. Adam outlines a strange-bedfellows bill that has united Sens. Amy Klobuchar (D-Minn.) and Ted Cruz (R-Texas) in an effort to give small media companies and broadcasters an antitrust immunity to bargain with the big social media platforms over the use of their content. Adam is a skeptic, Alan less so.

The Pentagon, reliably braver when facing bullets than a bad Washington Post story, is performing to type in the flap over fake social media accounts. Michael tells us that the accounts pushed pro-U.S. stories but met with little success before Meta and Twitter caught on and kicked them off their platforms. Now the Department of Defense is conducting a broad review of military information operations. I predict fewer such efforts and don’t mourn their loss.

Adam and I touch on a decision of Meta’s Oversight Board criticizing Facebook’s automated image takedowns. I offer a new touchstone for understanding content regulation at the Big Platforms: They just don’t care, so they’ve turned to whole project over to second-rate AI and second-rate employees.

Michael walks us through the Department of the Treasury’s new flexibility on sending communications software and services to Iran. 

And, in quick hits, I note that:

• The Justice Department’s China Initiative continues to suffer from pushback. 
• We should all expect bad things from the emergence of  violence as a service

Russian botmasters have suddenly discovered that extradition to the U.S. may be better than going home and facing mobilization.

The big news of the week was a Fifth Circuit decision upholding Texas social media regulation law. It was poorly received by the usual supporters of social media censorship but I found it both remarkably well written and surprisingly persuasive. That does not mean it will survive the almost inevitable Supreme Court review but Judge AndyOldham wrote an opinion that could be a model for a Supreme Court decision upholding Texas law. 

The big hacking story of the week was a brutal takedown of Uber, probably by the dreaded Advanced Persistent Teenager. Dave Aitel explains what happened and why no other large corporation should feel smug or certain that it cannot happen to them. Nick Weaver piles on.

Maury Shenk explains the recent European court decision upholding sanctions on Google for its restriction of Android phone implementations.

Dave points to some of the less well publicized aspects of the Twitter whistleblower’s testimony before Congress. We agree on the bottom line—that Twitter is utterly incapable of protecting either U.S. national security or even the security of its users’ messages. If there were any doubt about that, it would be laid to rest by Twitter’s dependence on Chinese government advertising revenue.

Maury and Nick tutor me on The Merge, which moves Ethereum from “proof of work‘ to “proof of stake,” massively reducing the climate footprint of the cryptocurrency. They are both surprisingly upbeat about it.

Maury also lays out a new European proposal for regulating the internet of things—and, I point out—for massively increasing the cost of all those things.

China is getting into the attribution game. It has issued a report blaming the National Security Agency for intruding on Chinese educational institution networks. Dave is not impressed.

The Department of Homeland security, in breaking news from 2003, has been keeping the contents of phones it seizes on the border. Dave predicts that the Department of Homeland Security will have to further pull back on its current practices. I’m less sure.

Now that China is regulating vulnerability disclosures, are Chinese companies reluctant to disclose vulnerabilities outside China? The Atlantic Council has a report on the subject, but Dave thinks the results are ambiguous at best.

In quick hits:

• The Senate has confirmed Nate Fick as the first U.S. cyber ambassador
• I offer data confirming my cynical view that Apple is not so much concerned about your privacy as it is eager to take over the role of Google and Facebook in the advertising market
• Nick lays out the latest Treasury Department guidance on sanctions and tornado cash
• Maury explains how the Indian government persuaded 50 million Indians to geotag their homes

And I explain why it is in fact possible that the FBI and Silicon Valley are working together to identify conservatives for potential criminal investigation.

This is our return-from-hiatus episode. Jordan Schneider kicks things off by recapping passage of a major U.S. semiconductor-building subsidy bill, while new contributor Brian Fleming talks with Nick Weaver about new regulatory investment restrictions and new export controls on (artificial Intelligence (AI) chips going to China. Jordan also covers a big corruption scandal arising from China’s big chip-building subsidy program, leading me to wonder when we’ll have our version.

Brian and Nick cover the month’s biggest cryptocurrency policy story, the imposition of OFAC sanctions on Tornado Cash. They agree that, while the outer limits of sanctions aren’t entirely clear, they are likely to show that sometimes the U.S. Code actually does trump the digital version. Nick points listeners to his bracing essay, OFAC Around and Find Out.

Paul Rosenzweig reprises his role as the voice of reason in the debate over location tracking and Dobbs. (Literally. Paul and I did an hour-long panel on the topic last week. It’s available here.) I reprise my role as Chief Privacy Skeptic, calling the Dobb/location fuss an overrated tempest in a teapot.

Brian takes on one aspect of the Mudge whistleblower complaint about Twitter security: Twitter’s poor record at keeping foreign spies from infiltrating its workforce and getting unaudited access to its customer records. In a coincidence, he notes, a former Twitter employee was just convicted of “spying lite”, proves it’s as good at national security as it is at content moderation.

Meanwhile, returning to U.S.-China economic relations, Jordan notes the survival of high-level government concerns about TikTok. I note that, since these concerns first surfaced in the Trump era, TikTok’s lobbying efforts have only grown more sophisticated. Speaking of which, Klon Kitchen has done a good job of highlighting DJI’s increasingly sophisticated lobbying in Washington D.C.

The Cloudflare decision to deplatform Kiwi Farms kicks off a donnybrook, with Paul and Nick on one side and me on the other. It’s a classic Cyberlaw Podcast debate. 

In quick hits and updates:

• Nick and I cover the sad story of the Dad who photographed his baby’s private parts at a doctor’s request and, thanks to Google’s lack of human appellate review, lost his email, his phone number, and all of the accounts that used the phone for 2FA. 
• Paul brings us up to speed on the U.S.-EU data fight: and teases tomorrow’s webinar on the topic.
• Nick explains the big changes likely to come to the pornography world because of a lawsuit against Visa. And why Twitter narrowly averted its own child sex scandal. 
• I note that Google’s bias against GOP fundraising emails has led to an unlikely result: less spam filtering for all such emails. 

And, after waiting too long, Brian Krebs retracts the post about a Ubiquity “breach” that led the company to sue him.

Just when you thought you had a month free of the Cyberlaw Podcast, it turns out that we are persisting, at least a little. This month we offer a bonus episode, in which Dave Aitel and I interview Michael Fischerkeller, one of three authors of "Cyber Persistence Theory: Redefining National Security in Cyberspace." 

The book is a detailed analysis of how cyberattacks and espionage work in the real world—and a sharp critique of military strategists who have substituted their models and theories for the reality of cyber conflict. We go deep on the authors’ view that conflict in the cyber realm is all about persistent contact and faits accomplis rather than compulsion and escalation risk. Dave pulls these threads with enthusiasm. 

I recommend the book and interview in part because of how closely the current thinking at United States Cyber Command is mirrored in both.

As Congress barrels toward an election that could see at least one house change hands, efforts to squeeze big bills into law are mounting. The one with the best chance (and better than I expected) would drop $52 billion in cash and a boatload of tax breaks on the semiconductor industry. Michael Ellis points out that this is industrial policy without apology, and a throwback to the 1980s, when the government organized SEMATECH, a name derived from “Semiconductor Manufacturing Technology” to shore up U.S. chipmaking. Thanks to a bipartisan consensus on the need to fight a Chinese challenge, and a trimming of provisions that tried to hitch a ride on the bill, there now looks to be a clear path to enactment for this bill. 

And if there were doubt about how serious the Chinese challenge in chips will be, an under-covered story revealed that China’s chipmaking champion, SMIC, has been making 7-nanometer chips for months without an announcement. That’s a diameter that Intel and GlobalFoundries, the main U.S. producers, have yet to reach in commercial production. 

The national security implications are plain. If commercial products from China are cheap enough to sweep the market, even security-minded agencies will be forced to buy them, as it turns out the FBI and Department of Homeland Security have both been doing with Chinese drones. Nick Weaver points to his Lawfare piece showing just how cheaply the United States (and Ukraine) could be making drones.

Responding to the growing political concern about Chinese products, TikTok’s owner ByteDance, has increased its U.S. lobbying spending to more than $8 million a year, Christina Ayiotis tells us—about what Google spends on lobbying. 

In the same vein, Nick and Michael question why the government hasn’t come up with the extra $3 billion to fund “rip and replace” for Chinese telecom gear. That effort will certainly get a boost from reports that Chinese telecom sales were offered on especially favorable terms to carriers who service America’s nuclear missile locations. I offer an answer: The Obama administration actually paid these same rural carriers to install Chinese equipment as part of the 2009 stimulus law. I cannot help thinking that the rural carriers ought to bear some of the cost of their imprudent investments and not ask U.S. taxpayers to pay them both for installing and ripping out the same gear.

In news not tied to China, Nick tells us about the House Energy and Commerce Committee’s serious progress on a compromise federal data privacy bill. It is still a doomed bill, given resistance from Dems and GOP in the Senate. I argue that that’s a good thing, given the effort to impose “disparate impact” quotas for race, color, religion, national origin, sex, and disability on every algorithm that processes even a little personal data. This is a transformative social engineering project that just one section (208) of  the “privacy” bill will impose without any serious debate. 

Christina grades Russian information warfare based on its latest exploit: hacking a Ukrainian radio broadcaster to spread fake news about Ukrainian President Volodymyr Zelenskyy’s health.  As a hack, it gets a passing grade, but as a believable bit of information warfare, it is a bust. 

Tina, Michael and I evaluate YouTube’s new policy on removing “misinformation” related to abortion, and the risk that this policy, like so many Silicon Valley speech suppression schemes, will start out sounding plausible and end in political correctness.  

Nick and I celebrate the Department of Justice's increasing success in sometimes seizing cryptocurrency from hackers and ransomware gangs. It may just be Darwin at work, but it’s nice to see.

Nick offers the recommended long read of the week—Brian Krebs’s takedown of the VPN malware supplier, 911.

And in updates and quick hits: 

• That Twitter worker arrested for spying on behalf of Saudi Arabia is going to trial.
• the United Kingdom’s Government Communications Headquarters’s cryptoskeptics have returned to ask how we can square end-to-end encryption with child safety. I think the answer is “Not well.”
• The General Data Protection Regulation has consequences: Turns out that schoolkids in Denmark won’t be able to use Chromebooks or Google Workspace.
• And Nick takes a moment to dunk on the Three Arrows founders, whose cryptocurrency company went under in the bust and who are now giving interviews from an undisclosed location.

*An obscure Rhode Island tribute to the Industrial Trust Building that was known to a generation of children as the ‘Dusty Old Trust” building until a new generation christened it the “Superman Building.”

Kicking off a packed episode, the Cyberlaw Podcast calls on Megan Stifel to cover the first Cyber Safety Review Board (CSRB) Report. The CSRB does exactly what those of us who supported the idea hoped it would do—provide an authoritative view of how the Log4J incident unfolded along with some practical advice for cybersecurity executives and government officials.

Jamil Jaffer tees up the second blockbuster report of the week, a Council on Foreign Relations study called “Confronting Reality in Cyberspace Foreign Policy for a Fragmented Internet.” I think the study’s best contribution is its demolition of the industry-led claim that we must have a single global internet. That has not been true for a decade, and pursuing that vision means that the U.S. is not defending its own interests in cyberspace. I call out the report for the utterly wrong claim that the United States can resolve its transatlantic dispute with Europe by adopting a European-style privacy law. Europe’s beef with us on privacy reregulation of private industry is over (we surrendered); now the fight is over Europe’s demand that we rewrite our intelligence and counterterrorism laws. Jamil Jaffer and I debate both propositions.

Megan discloses the top cybersecurity provisions added to the House defense authorization bill—notably the five year term for the head of Cybersecurity and Infrastructure Security Agency (CISA) and a cybersecurity regulatory regime for systemically critical industry. The Senate hasn’t weighed in yet, but both provisions now look more likely than not to become law.

Regulatory cybersecurity measures look like the flavor of the month. The Biden White House is developing a cybersecurity strategy that is expected to encourage more regulation. Jamil reports on the development but is clearly hoping that the prediction of more regulation does not come true.

Speaking of cybersecurity regulation, Megan kicks off a discussion of Department of Homeland Security’s CISA weighing in to encourage new regulation from the Federal Communication Commission (FCC) to incentivize a shoring up of the Border Gateway Protocol’s security. Jamil thinks the FCC will do better looking for incentives than punishments. 

Tatyana Bolton and I try to unpack a recent smart contract hack and the confused debate about whether “Code is Law” in web3. Answer: it is not, and never was, but that does not turn the hacking of a smart contract into a violation of the Computer Fraud and Abuse Act.

Megan covers North Korea’s tactic for earning dollars while trying to infiltrate U.S. crypto firms—getting remote work employment at the firms as coders. I wonder why LinkedIn is not doing more to stop scammers like this, given the company’s much richer trove of data about job applicants using the site.

Not to be outdone, other ransomware gangs are now adding to the threat of doxing their victims by making it easier to search their stolen data. Jamil and I debate the best way to counter the tactic.

Tatyana reports on Sen. Mark Warner’s, effort to strongarm the intelligence community into supporting Sen. Amy Klobuchar’s antitrust law aimed at the biggest tech platforms— despite its inadequate protections for national security.

Jamil discounts as old news the Uber leak. We didn’t learn much from the coverage that we didn’t already know about Uber’s highhanded approach in the teens to taxi monopolies and government.  

Jamil and I endorse the efforts of a Utah startup devoted to following China’s IP theft using China’s surprisingly open information. Why Utah, you ask? We’ve got the answer.

In quick hits and updates: 

• Josh Schulte has finally been convicted for one of the most damaging intelligence leaks in history. 
• Google gets grudging respect from me for its political jiu-jitsu. Faced with a smoking gun of political bias after spam-blocking GOP but not Dem fundraising messages, Google managed to kick off outrage by saying it wanted to fix the problem by forcing political spam on all its users. Now the GOP will have to explain that it’s not trying to send us more spam; it just wants Gmail to stop favoring lefty spam. 

And, finally, we all get to enjoy the story of the bored Chinese housewife who created a complete universe of fake Russian history on China’s Wikipedia. She’s promised to stop, but I suspect she’s just been hired to work for the world’s most active producer of fake history—China’s Ministry of State Security.

Dave Aitel introduces a deliciously shocking story about lawyers as victims and—maybe—co-conspirators in the hacking of adversaries’ counsel to win legal disputes. The trick, it turns out, is figuring out how to benefit from hacked documents without actually dirtying one’s hands with the hacking. And here too, a Shakespearean Henry (II this time) has the answer: hire a private investigator and ask “Will no one rid me of this meddlesome litigant?” Before you know it, there’s a doxing site full of useful evidence on the internet.

But first Dave digs into an intriguing but flawed story of how and why the White House ended up bigfooting a possible acquisition of NSO by L3Harris. Dave spots what looks like a simple error, and we are both convinced that the New York Times got only half the story. I suspect the White House was surprised by the leak, popped off about how bad an idea the deal was, and then was surprised to discover that the intelligence community had signaled interest. 

That leads us to the reason why NSO has continuing value – its ability to break Apple’s phone security. Apple is now trying to reinforce its security with the new, more secure and less convenient, lockdown mode. Dave gives it high marks and challenges Google to match Apple’s move. 

Next, we dive into the U.S. effort to keep Dutch firm ASML from selling chip-making machines to China. Dmitri Alperovich makes a special appearance to urge more effective use of export controls; he and Dave both caution, however, that the U.S. must impose the same burdens on its own firms as on its allies’.

Jane Bambauer introduces the latest government proposal to take a bite out of crime by taking a bite out of end-to-end encryption (“e2e”). The U.K. has introduce an amendment to its pending online safety bill that would require regulated user-to-user services to identify and swiftly take down terrorism and child sex abuse material. The identifying isn’t easy in an e2e environment, Jane notes, so this bill could force adoption of the now-abandoned Apple proposal to do local scanning on your phone. I’m usually a cheap date for crypto-skeptical laws, but I can’t help noticing that this proposal will stir up 90 percent as much opposition as requiring companies to be able to intercept communications when they get a court order while it probably addresses only 10 percent of the crimes that occur on e2e networks.

Jane and I take turns pouring cold water on journalists, NGOs, and even Congress for their feverish effort to turn the Supreme Court’s abortion ruling into a reason to talk about privacy. Dumbest of all, in my view, is the claim that location services will be used to gather evidence and prosecute women who visit out of state abortion clinics. As I point out, such prosecutions won’t even muster five votes on this Court.

Dave spots another doubtful story about Russian government misuse of a red team hacking tool. He thinks it’s a case of a red team hacking tool being used by … a red team. 

Jane notes that Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has announced a surprisingly anodyne (and arguably unnecessary) post-quantum cryptography initiative.  I’m a little less hard on DHS, but only a little.

Finally, in updates and quick hits:

• I point out that the U.S.-EU transatlantic data deal is looking a lot like vaporware. That’s a worry now that Ireland is on the verge of ordering Facebook to stop moving data across the Atlantic.
• Jane and I take a whack at predicting Elon Musk’s Twitter bid. I argue that Musk may escape with less than $1 billion in penalties but for years he will be to mergers what Google is to new digital products.

And, finally, some modest good news on Silicon Valley’s campaign to suppress politically “incorrect” speech. Twitter suspended former NYT reporter Alex Berenson for saying several true but inconvenient things about the coronavirus vaccine (it doesn’t stop infection or transmission, and it has side effects, all of which raises real doubts about the wisdom of mandating vaccinations). Berenson sued and Twitter has now settled, unsuspending his account. The lawsuit had narrowed down the point where Twitter probably felt it could settle without creating a precedent, but any chink in Big Social’s armor is worth celebrating.