On December 17th, Alan Cohn hosted the 244th episode of The Cyberlaw Podcast. We took a deep dive into all things blockchain and cryptocurrency, discussing recent regulatory developments and projections for 2019.

Our episode begins with Alan welcoming Will Turner to Steptoe’s Corporate and Blockchain Practice. Turner joins the firm’s Chicago office as partner, bringing with him with more than two decades of experience in corporate and securities law, primarily with application to cryptocurrency, fund formation, investment transactions and mergers and acquisitions. Turner also handles matters involving capitalizations, project finance, restructurings and joint ventures. Will Turner explains why the crypto market became bear in 2018, associating this development with the increase in mergers and acquisitions activity in the crypto market. Moving into 2019, Will projects the “hot items” will be anti-money laundering and securities compliance. In addition, Will presents a more general overview of how the blockchain industry is no different from other industries.

Evan Abrams discusses the joint statement issued by the Federal Reserve, the Federal Deposit Insurance Corporation, the Treasury’s Financial Crimes Enforcement Network, the Office of the Comptroller of the Currency and the National Credit Union Administration urging use of technology to bolster anti-money laundering compliance. Abrams states that banks can and should be engaging with the industry and the importance of striking a balance between technology and privacy. Abrams also discusses the U.S. Department of Treasury’s Office of Foreign Assets Control sanctions compliance risks for cryptocurrency companies. In 2019, Abrams projects increased attention on digital counterparts as blockchain-related financial institutions continue to grow. Evan Abrams also highlights the New York Department of Financial Services recent announcement authorizing Signature Bank, a New York State-chartered bank, to offer a digital payment platform called Signet that leverages blockchain technology.

Finally, Josh Oppenheimer covers recent LabCFTC updates from the Commodity Futures Trading Commission (CFTC). On November 27, 2018, the Commodity Futures Trading Commission’s LabCFTC FinTech initiative released A Primer On Smart Contracts. This is the first time since 2017 that the CFTC opined on issues relating to blockchain. The agency released its first primer on virtual currencies on October 17, 2017. Oppenheimer also discusses the pledge the G20 nations made earlier this month regarding their commitment to regulate crypto-assets to further a resilient and open global financial system. In so doing, they agreed to follow standards set forth by the Financial Action Task Force, or FATF. Oppenheimer notes this is significant because FATF, as the global standard setter, has insight into different regulatory approaches and constantly receives input from industry stakeholders. Lastly, Oppenheimer talks about how Ohio is set to become the first state in the country to accept tax payments using cryptocurrency.

For the interview portion of our podcast, Alan welcomes back Gary Goldsholle, who joins the firm as partner, after serving nearly four years as deputy director and senior adviser of the Securities and Exchange Commission’s (SEC) Division of Trading and Markets. Goldsholle brings more than two decades of experience as an executive in the federal government and securities self-regulatory organizations. Goldsholle is working with Steptoe’s Financial Services, Public Policy, and Blockchain and Cryptocurrency practices. Goldsholle discusses the Securities and Exchange Commission’s noteworthy announcement, just days before Thanksgiving, with significant implications for the network marketing industry regarding regulatory oversight and enforcement of cryptocurrency companies. In its Public Statement, the SEC referred to two recent enforcement actions against Paragon Coin, Inc. and CarrierEQ, Inc. (dba Airfox). Both companies sold tokens that the SEC determined to be unregistered securities. Goldsholle also provided insight into EtherDelta, the SEC order concerning trading Ether against other ERC-20 tokens. Moving into 2019, Goldsholle hopes the SEC will define and issue guidance on what the industry calls “utility tokens” and “consumption tokens.” He projects that a custody failure, or similarly significant event, will spur deeper discussion on the issue of taking custody of crypto-assets and promote guidance in the custody space.

Download the 244th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In the News Roundup, Nick Weaver and I offer very different assessments of Australia’s controversial encryption bill. Nick’s side of the argument is bolstered by Denise Howell, the original legal podcaster, with 445 weekly episodes of This Week in Law to her credit.

Later in the program, I interview Rep. Jim Langevin (D-RI), who’s a force for cybersecurity both on the Homeland Security Committee and on the Armed Services subcommittee that oversees Cyber Command and DARPA—a subcommittee that insiders expect him to be chairing in the next Congress.

Turning back to news, the Marriott hack, already one of the biggest in history, has developed a new and more interesting angle, Gus Hurwitz explains. It may have been a Chinese intelligence operation.

The Khashoggi killing has backfired on… Israeli and Italian state hacking companies? Yes, indeed. Hacking Team and NSO are now immersed in legal hot water. And as a sign of how much the Middle East has changed, Nate Jones tells us that a Saudi dissident is now waging lawfare in Tel Aviv.

We touch on what the detention in Canada of Huawei’s CFO means for U.S.-China technology relations as well as on a new DOD report on the risks of EMP. Nick explains why he doesn’t worry about EMP but nonetheless loves the EMP alarmists.

Download the 243rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

This episode features an interview with Michael Tiffany, the co-founder and president of White Ops and a deep student of how to curtail adtech fraud. Michael explains the adtech business, how fraudsters take advantage of its structure, and what a coalition of law enforcement and tech companies did to wreck one of the most successful fraud networks, known as 3ve. You can read more about the take down in the joint White Ops and Google report, “The Hunt for 3ve.”

In the news, David Kris covers the Supreme Court argument in the Apple antitrust standing case. At stake: whether Illinois Brick should apply outside a brick-and-mortar context. Our panel guesses that it won’t.

You knew this was coming: Megan Reiss covers U.S. proposals to screen Chinese students for espionage risk before giving them visas. We think it’s a good idea, but really wish there were a way to score every student in China for how compliant they are with government wishes…oh, wait…

Nobody trolls like the Russians troll. David Kris covers a Russian trollsuit claiming that Facebook has unfairly censored Russian speech. Showing that they know their opponents’ weakness, the suit includes broad hints that censoring Russians is … racist. Maury Shenk covers the bookend—Russian government threats to sue Google for not complying with Russian censorship demands. And I suggest that Putin’s Data Protection law will be just that—a law to protect Putin’s data. Speaking of privacy law always protecting the powerful, Michael Tiffany offers several reasons why GDPR has been good for Google and Facebook ad market share and bad for European competitors. It’s the tragedy of EU mercantilism: always aiming at the United States and usually hitting itself in the foot.

Another day, another Iranian hacking/ransomware indictment. What’s different about this one, Megan tells us, is that it includes a Treasury order freezing the bitcoin the Iranians collected. That’s a potentially new and powerful law enforcement tool. With only a little cajoling, David Kris acknowledges that this is one Trump administration initiative that is both novel and a good idea.

Wrapping up, David Kris ponders the surprisingly straightforward Fourth Amendment issues raised when the police have to stop an autonomous-mode Tesla going 70 on the 101 with a passed out “driver.” And Megan and I ponder the difficulty posed for social media by the “yellow-vest” riots in Paris. Which model applies: Arab Spring or Russian interference? You know what the Macron administration will say. Buckle up, Big Tech. To paraphrase Peter Parker’s Uncle Ben, with great power comes utter confusion.

Download the 242nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

I propose this episode’s title as Baker’s Law of Evil Technology, something that explains Twitter’s dysfunctional woke-ness, Yahoo’s crappy security and Uber’s deadly autonomous vehicles. Companies with lots of revenue can afford to offer a lot of stuff they don’t much care about, including protection of minority voices; security; and, um, not killing people. But as Uber’s travails show, all that can get tossed out the window when corporate survival is at stake. And here’s Baker’s Law in action: Airline algorithms that deliberately break up families sitting on the plane so they can charge to put the kids back in the same row.

I do a mini-interview of Adam Candeub, who has disclosed that the supposedly populist, supposedly Silicon Valley-skeptical Trump Administration has written a massive and antidemocratic subsidy for conservative-censoring social platforms into NAFTA 2.0. I rant (briefly) about it and pray that Congress kills it in the lame duck.

Merrick Garland may now be available. But, we ask Jamil Jaffer and Gus Hurwitz, is a Facebook Supreme Content Court a good idea?

Speaking of Facebook, even the 98-lb weaklings seem to be kicking sand in the company’s face. I lay out the latest, incredible tale about how an app that finds all your friends’ bikini pics ended up spurring an international breach of U.S. confidentiality orders—at the order of the UK Parliament’s sergeant at arms. And when I say incredible, I mean it; the story told by the participants is extraordinarily hard to believe.

Jamil and Gus note that Commerce has begun identifying an enormous list of “emerging” technologies to be restricted for export. Is this defense-industrial policy? And will it work? The panel disagrees.

Paul Rosenzweig reports that Airbnb now has its own (woker-than-thou, naturally) foreign policy. He thinks it may violate a host of state anti-BDS laws.

Nick Weaver gives us the latest Bear Facts. Both Cozy and Fancy are back with a vengeance—and not much concern about avoiding attribution.

Download the 241st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed! 

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Mieke Eoyang joins us for the interview about Third Way’s “To Catch a Hacker” report. We agree on the importance of what I call “attribution and retribution” as a way to improve cybersecurity. But we disagree on some of the details. Mieke reveals that this report is the first in a series that will hopefully address my concerns about a lack of detail and innovation in the report’s policy prescriptions.

Russia’s lawyers are almost as good as its hackers, to judge by a “letter” the Russian government sent in the DNC’s hacking case against Putin’s intelligence agents. Matthew Heiman and I conclude that the DNC is going to face an uphill fight trying to overcome Russia’s sovereign immunity arguments.

It’s not cybersecurity, but it is cyberhygiene. Never do a global “find and replace” on a sensitive court filing without making sure the “replace” part actually worked. That seems to be the failure that disclosed to the world that the U.S. has filed criminal charges against Julian Assange under seal. Maury Shenk comments.

“As an additional service to Alexa users, we will protect the privacy of anyone who murders you.” Okay, that’s an unfair summary of Amazon’s position on whether to release Echo recordings in a double murder case. In fact, it’s not the least surprising that Amazon wants a court order before handing over the recordings, if any, or that it got one, or that it seems to have complied promptly.

Dr. Megan Reiss explains the significance, if any, of the Paris Call for Trust and Security in Cyberspace, where more than 50 states and companies—the United States not among them—have signed onto a mostly Mom-and-apple-pie agreement on cyber principles.

Soft power update: Chinese-style social credit is coming to a Venezuela near you. Megan comments.

Sweet justice: California SWATter has pleaded guilty and now faces 20+ years in prison.

Looks like DHS finally made it, so I can stop talking about Congress approving the renaming of NPPD as the Cybersecurity and Infrastructure Security Agency.

And for the lightning round, Matthew confirms that remotely wiping your iPhone constitutes destruction of evidence; I note that Phineas Finn has officially gotten away with the doxing of Hacking Team; and Megan comments on yet another diversion of Western traffic through Russia and China. This time, though, we may have to blame the Nigerians. 

Download the 240th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

This week’s interview is a deep (and long—over an hour) dive into new investment review regulations for the Committee on Foreign Investment in the United States (CFIUS). It’s excerpted from an ABA panel discussion on the topic, featuring: Tom Feddo, who currently oversees CFIUS; Aimen Mir, who used to oversee CFIUS; Sanchi Jayaram, who is in charge of the Justice Department’s CFIUS and Team Telecom work; David Fagan, a noted CFIUS practitioner; and me as moderator. It turns out the new CFIUS law may be the most innovative—and sweeping—piece of legislation on national security in years.  

In the news, it’s time for a Cyberlaw Podcast victory lap, as our bold election-eve prediction that foreign governments would not successfully hack the election seems to hold up well, despite laughable Internet Research Agency claims in a new meta-trolling propaganda campaign.

I note that challenges to FISA are increasing as it starts to play a role in more criminal cases. I ask David Kris whether Bob Mueller took unwise risks with intelligence equities when he charged a Russian company with criminal election trolling, since that company is now seeking discovery of intelligence intercepts.

Dr. Megan Reiss notes that China is making what might be called great strides in “gait recognition” software to supplement face recognition, taking what looks like a global lead in the technology. This reminds me that fifteen years ago, when DARPA was researching gait recognition for terrorist identification, the left/lib NGOs got Congress to kill funding by lampooning what they called “a Monty Python-esque ‘Ministry of Silly Walks.’” Not so funny now, is it guys? Especially in light of evidence that China is exporting its cyber surveillance tech to Africa.

How does China do it? According to the Australian Strategic Policy Institute, with plenty of help from the universities of the English-speaking world. Apparently the People’s Liberation Army has been sending its scientists to the West under light cover to study cutting edge defense tech.

Nate Jones and I examine the latest chapters in the now-encyclopedic tale of Silicon Valley v. Conservatives. We take a look at a Trump immigration campaign ad that Facebook and broadcast media (Fox included) refused to run. Gab is back, but just by the skin of its teeth. Meanwhile, the pitchforks and torches are being mustered for LinkedIn, which apparently hasn’t been sufficiently cowed by lefty censors. And Facebook’s effort to suppress Alex Jones’s InfoWars site is running into trouble.

Megan and I talk about the prospect that Iran is getting ready to launch cyberattacks on the US and Israel.

Nate covers the collapse of IronChat security as Dutch police managed to decrypt 258,000 messages in the app. Maybe spurred by my taunting, Edward Snowden denies that he ever endorsed the product, notwithstanding the claim on IronChat’s website. My tweet on same: “Hey, @Snowden, IronChat sold secure phones at exorbitant prices because of your endorsement.”

Pakistan says “almost all” its banks have been hacked.  Wouldn’t it be ironic if North Korea was buying nuclear and missile technology from Pakistan with money stolen from Pakistani banks? 

Download the 239th Episode (mp3).

 You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

This episode puts our experts on the spot with an election-eve question: Will foreign governments attack US electoral rolls or vote-counting machinery in 2018? Remarkably, no one on our panel (Matthew Heiman, Nick Weaver, David Kris, and I) thinks they will. So if you want cybersecurity news, you can stop listening to election coverage and tune in to Episode 238 of The Cyberlaw Podcast.

Our interview features Steve Rice (Deputy CIO for DHS) and Max Everett (CIO for the Department of Energy) and was originally taped at a session of the Homeland Security Week conference.

In the news, Nick evaluates the report that China hijacked the Border Gateway Protocol; he thinks we need more data. David agrees with me that one way to get the data would be a Justice Department subpoena.

Matthew Heiman explains why SCOTUS is skeptical of Google’s cy pres settlement that treated 129 million class members like bystanders at someone else’s party – and why that skepticism may not appear in US Reports any time soon.

Nick and David lay out the painful story of how failures in CIA communications with their assets may have severely compromised HUMINT operations in Iran and China.

Matthew and I talk about the string of right-wing killers in the past few weeks and the tech implications, including the defenestration of Gab and a lot of throat-clearing about amending Section 230 of the Communications Decency Act.

Matthew also explains, then casts doubt on, a Florida Appeals Court decision that rejects the “foregone conclusion” doctrine for compelled passcode disclosure.

After all the Internet-enabled vibrator stories we’ve covered on the podcast, I think we’re obliged by gender equity to cover this effort to use artificial intelligence to improve male sex toys. For those who may face confirmation before the Senate Judiciary Committee any time in the next decade, Nick explains that Markov chain techniques have nothing to do with the Devil’s Triangle.

More hostilities in the US-China Cool War: DOJ has indicted a Chinese-state owned company as well as UMC and three individuals for stealing trade secrets from US companies; and in a coordinated move, the Department of Commerce has placed limits on US businesses interacting with the Chinese company. I wonder whether the Cool War between China and the US is increasingly forcing big foreign tech companies to choose between the two as they develop new technology.

Download the 238th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The theme of this week’s podcast seems to be the remarkable reach of American soft power: Really, we elect Donald Trump, and suddenly everybody’s trolling. The Justice Department criminally charges a Russian troll factory’s accountant, and before David Kris can finish explaining it, she’s on YouTube, trolling the prosecutors with a housewife schtick. She’s not alone. Faced with the news that President Trump is using a commercial iPhone for many of his calls—and, Nate Jones points out, getting tapped by China, Russia, and others as a result—China has a suggestion that scores at the top of the POTUS Troll Scale. Tim Cook goes to Europe to troll Android—and me—with a speech that touches all my buttons: Europhilia, Apple sanctimony in pursuit of profit and blind enthusiasm for privacy regulation. And when the Belgians ask for British help investigating a suspected GCHQ hack of a Belgian ISP, as David and I discuss, the British respond with what can only be described as understated trolling.

This week’s interview is with Dr. Dipayan Ghosh, Pozen Fellow at Harvard’s Shorenstein Center and co-author of a new report, “Digital Deceit II: A Policy Agenda to Fight Disinformation on the Internet.” I find it an interesting mix of good insights and warmed-over Obama-era nostrums (Carly Rae Jepsen makes a brief appearance). Dipayan and I tangle on privacy but struggle toward common ground on the question of limiting the power of the Big Platforms. He’s open-minded and flexible about the details of the proposal, so for fans of civil policy debate (especially those worried about where the platforms’ dominance and ad revenue are taking us), this episode is a keeper.

Why would a Russian technical institute design malware used in an effort to sabotage a major petrochemical plant in Saudi Arabia? Nate Jones lays out the story. Originally suspected of being an Iranian operation, the attack may have originated in Iran, but FireEye persuasively links the underlying (and flawed) malware to Moscow. One possibility is that it’s a Russian false flag job, minus the embarrassing GRU operatives’ Uber receipts. My guess, though, is that the Russian institute is just amortizing malware development costs by selling off exploits developed for the GRU. If so, this may turn out to be another slow motion disaster for the thugs in the Aquarium.

In other news, Yahoo settled a class action over the enormous breach affecting 200 million people and three billion accounts. The price of that settlement? After the lawyers have been paid, the $50 million settlement will work out to about 25 cents per victim. Seems pretty cheap to me.

For a brief moment, reality has descended on the left coast. It looks like California isn’t eager for a judicial ruling on its campaign to nullify federal net neutrality law.

In the UK, Facebook is fined the maximum under pre-GDPR law, for what the privacy agency calls a failure to protect personal data from Cambridge Analytica—but what I suspect is the unspeakable crime of not having prevented the election of Donald Trump. And now that GDPR is in effect, the bien pensants of Europe have served notice; failure to prevent the president’s re-election will cost Silicon Valley billions.

Finally, what goes around comes around for the Uber “bounty” hackers. David and I think that pretty much answers the question whether they were just confused bounty hunters or extortionists with a clever line of patter.

Download the 237th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In this episode’s interview we ask whether the midterm elections are likely to suffer as much foreign hacking and interference as we saw in 2016. The answer, from Christopher Krebs, Under Secretary for National Protection and Programs Directorate (soon to be the Cybersecurity and Infrastructure Security Agency), is surprisingly comforting, though hardly guaranteed. Briefly, it’s beginning to look as though the Russians (and maybe the Iranians) are holding their fire for the main event in 2020.

In the News Roundup, Maury Shenk highlights the role of Twitter, trolls and Saudi royals in the Khashoggi killing. He also explains the apparently ridiculous result in the EU Android competition matter. It may be a case of Google giving the EU what it asked for – good and hard.

Terry Albury certainly got it good and hard from a federal judge. He was sentenced to four years in prison for leaking classified documents to The Intercept. Jamil Jaffer explains why Albury’s claim of being a whistleblower didn’t win him much relief. I suggest that the only people who read Intercept articles to the end are federal agents trying to find clues to the leakers’ identities; whatever they’re doing, it’s working.

Maury and I marvel over the flood of venture capital money into China—and a potential ebb tide for Chinese money in Silicon Valley.

Jamil explains the latest SEC report flagging the cost of email fraud; nine firms lost $100 million to cyberfraud. And to add insult to injury, the SEC hints broadly that future victims may be tagged for violating SEC accounting standards, which should be sufficient to prevent such fraud.

I point to the ABA’s recent ethics opinion mandating breach disclosure to clients – and quite a bit more. Maury instructs me on the question of whether putting names on doorbells violates GDPR. Vienna says yes; Germany, no. Maury is sure the Germans have this right.

Finally, I update listeners on the Equifax data breach engineer who figured out that his company must have been breached and traded on his suspicion. In an act of relative mercy for the clueless engineer, he was fined and sentenced to eight months of home confinement.

Download the 236th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Today we interview Doug, the chief legal officer of GCHQ, the British equivalent of NSA. It’s the first time we’ve interviewed someone whose full identify is classified. Out of millions of possible pseudonyms, he’s sticking with “Doug.” Listen in as he explains why. More seriously, Doug covers the now-considerable oversight regime that governs GCHQ’s intercepts and other intelligence collection, Britain’s view of how the law of war applies in cyberspace, the prospects for UN talks on that topic, the value of attribution, and whether a national security agency should be responsible for civilian cybersecurity (the UK says yes, the U.S. says no).

In the news, Nick Weaver and Matthew Heiman comment on the ongoing controversy surrounding Bloomberg Businessweek’s Chinese supply-chain-attack story.

Matthew tells us that Treasury has announced its CFIUS pilot program, which will require the filing of notices for Chinese acquisitions in 27 critical industries. I argue that a predisposed bureaucracy has made President Trump a transformational president in terms of relations with China.

Speaking of bureaucratic predispositions, DOJ is showing enthusiasm in carrying out its predisposition to haul Chinese spies into court. What’s remarkable is that it was able to do that from across the Atlantic. While not a cyberspy, the recent arrest and extradition of an accused Chinese economic spy is easy to read as DOJ's answer to those who say indictments of government spies are a sign of weakness.

Everybody’s going to have to choose sides as Trump and Xi continue on their collision course. Except Google. At least according to Google, which bailed out of a Pentagon program because it didn’t meet Google’s values. Oh, and because Google had no chance of winning the contract. Talk about virtue signaling on the cheap!

The EU’s virtue signaling isn’t nearly as cheap, at least for Google, which is now appealing a massive EU competition fine. I can’t help wondering who the hell uses Google Shopping searches; the EU fine must be $1 billion for every biased search.

Nick reports on two troubling government reports. He believes one — the cybersecurity of DOD weapons systems really is a problem. He’s less impressed by White House concerns about the health of the defense industrial base, having recently done some “Buy America” electronics procurement himself.

Finally, Vietnam will force local data storage over Silicon Valley’s protests. Nick, Matthew and I explore the continuing delusion of U.S. foreign policymakers in insisting that the Internet must be borderless and open and free. 

Download the 235th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.