The Cyberlaw Podcast

In Episode 226 of the Cyberlaw Podcast, Stewart departs for the wilderness, and the news-roundup team (Brian Egan with Matthew Heiman, Jim Lewis, and Megan Reiss) muddles through without him.

Matthew and Jim discuss Friday’s indictment of 12 Russian GRU personnel by the Department of Justice and Special Counsel Robert Mueller. Matthew explains that, while we shouldn’t expect extradition proceedings to take place any time soon (or ever), the Justice Department has a theory for pursuing these types of indictments in selected cases. Stewart weighs in by Twitter, bemoaning somewhat surprisingly (given the source) that the indictments reflect a poor interagency coordination process and a lack of appreciation for diplomacy. From Jim’s perspective, these indictments are about as good as diplomacy is going to get on this issue…

Matthew walks through the continued bipartisan work in the Senate on the Secure Elections Act, which would facilitate information sharing amongst the states on election threats and take other steps in an attempt to improve election cybersecurity. Matthew explains that federalism may well end up limiting what can be done (or what Congress will agree to do) on this issue.

Megan weighs in on Commerce’s announcement on Friday that it lifted the Denial Order against ZTE after ZTE paid an additional $1.4 billion in penalties and took other steps pursuant to the new settlement agreement reached in June. Megan forecasts continued pressure on ZTE from Capitol Hill, even if the additional penalties against ZTE are generally seen as significant. Jim thinks that the U.S. government’s approach to ZTE is shortsighted and may end up harming national security interests down the road.  

Megan and Jim also discuss the efforts of another Chinese company – the video surveillance camera company Hikvision—to fight back against U.S. government concerns related to espionage. We ask ourselves: Is there anything that a Chinese company can do to rebut US espionage and related concerns? And Jim weighs in on the “state of the state” of the 2015 "no commercial cyberespionage" handshake agreement between the U.S. and China, which the State Department confirms is the rare international deal entered into under President Obama that has not yet been ripped up by President Trump.

Elsewhere, Matthew explains why Twitter follower numbers dropped precipitously last week after Twitter’s latest attempts to clean up suspicious accounts. (Justin Bieber and Katy Perry were hit hard, but Stewart’s account may be down to zero.) Luckily, Jim has some practical tips for maintaining one’s Twitter follower numbers.

And finally, Jim weighs in on a workmanlike Government Accountability Office report on the Committee on Foreign Investment in the United States, the Department of Defense, and national security concerns—which concludes, among other things, that (1) technology transfers should be an area of concern for the U.S. government and (2) the U.S. government is poorly situated to identify the areas of technology transfer that should be of concern. Over to you, Congress!

Stewart takes over for the interview of Woody Hartzog, author of “Privacy’s Blueprint: The Battle to Control the Design of New Technologies,” and a professor of law and computer science at Northeastern. Woody’s thesis is that traditional privacy law has focused unduly on notice and consent, yielding unreadable privacy notices and consents that mean nothing but have great legal impact. Instead, he suggests a focus on how platforms design their user interfaces, borrowing from consumer protection and products liability law. Stewart’s skeptical of the open-ended nature of the obligations Woody would like Silicon Valley to undertake, but they both at least agree that designers and government are surprisingly well-matched bedfellows.

Download the 226th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: 176084.mp3
Category:general -- posted at: 4:41pm EDT

Our interview is with Gen. Michael Hayden, author of "The Assault on Intelligence: American National Security in an Age of Lies." Gen. Hayden is a former head of the CIA and NSA, and a harsh critic of the Trump Administration. We don’t agree on some of his criticisms, but we have a productive talk about how intelligence should function in a time of polarization and foreign intervention in our national debates.

In the news, David Kris reports that ZTE has gotten a limited life-support order from the Commerce Department. Meanwhile, Nate Jones tells us that China Mobile’s application to provide telecom service to Americans is also likely to bite the dust – after nearly seven years of dithering. On Facebook, Tony Rutkowski suggests we call this the revenge of the “neocoms.” So we do.

Remarkably, the European Parliament fails to live down to my expectations, showing second thoughts about self-destructive copyright maximalism. Nick Weaver thinks this outbreak of common sense may only be a temporary respite.

Paul Rosenzweig confesses to unaccustomed envy of EU security hardheadedness. Turns out that Europe has been rifling through immigrants’ digital data in a fashion the Trump Administration probably wouldn’t dare to try. More predictably, the Israelis are digging deep into social media to combat the stabbing attacks that afflicted the country until recently.

The DNC is trying to improve security, and it has trained 80% of its staff not to click on bad links. But as Nick Weaver and Paul Rosenzweig point out, that’s not good enough – even though there are few institutions that can get much above the DNC’s 80%. The answer? Nick says it’s two-factor authentication. We join forces to nudge Firefox toward offering the same level of support for 2FA as Google Chrome.

The feds are getting wise to the Dark Web, Nick tells us. They’re focusing on compromising the money launderers – and then their customers. This looks like a strategy that could work for the long haul.

Finally, David Kris revisits NSA’s still-troubled metadata program, asking whether “the juice is worth the squeeze.”

We’re going to keep tweeting and posting some of the week’s stories that look like candidates for the News Roundup. Please reply to or retweet those you think we should cover. Relevant feeds: @stewartbaker on Twitter, Stewart Baker on LinkedIn, and stewart.a.baker on Facebook. 

Download the 225th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-225.mp3
Category:general -- posted at: 12:14pm EDT

I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the U.S. should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand for the proposal. To no one’s surprise, Duncan and I disagree about the value of international law in the field, but we agree on the value of informal, agile, and “potluck” actions on the world stage. In support, I introduce Baker’s Law of International Institutions: “The secretariat always sees the United States as its natural enemy.” 

At the end, Duncan mentions in passing his work with Microsoft on international rulemaking, and I throw down on “Brad Smith’s godforsaken proposal.” Brad, if you are willing to come on the podcast to defend that proposal, I’ve promised Duncan a highly coveted Cyberlaw Podcast mug. 

California has a new privacy law, Laura Hillsman explains—though what it will look like when it finally takes effect in 2020 remains to be seen. (Laura is a Steptoe Summer Associate.)

Chris Conte reports that the SEC has charged a second Equifax manager with insider trading. I ask whether he shouldn’t have been charged with lousy site design too.

 The White House draws a line in the sand over ZTE in a letter to the Hill—but Maury and I suspect the real message is in the lack of a veto threat. Maury thinks President Trump’s “go big, then go deal” negotiating strategy is also at work in his decision only to beat up Chinese investments once rather than twice over trade tensions. 

NSA’s metadata program was restructured to rely on telecom companies rather than NSA’s own programmers. The ideologues who insisted on the formalism of leaving the metadata with the companies rather than in NSA’s computers predictably produced a private-sector meltdown. Which they’ll probably blame on NSA as well. Jamil Jaffer and I discuss. 

What do you know? Reality does win in the end, and Reality Winner finally got the hint (as well as a pretty good plea deal). 

Nextgov reveals an unimpressive showing for the Cybersecurity Information Sharing Act’s (CISA) information-sharing provisions, at least as far as sharing with the Department of Homeland Security goes. Jamil and I agree, though, that private-sector information sharing may be a better measure of CISA’s value.

In other news, the Intercept continues to pioneer relevance-free journalism. And trust in social media is collapsing, especially among Republicans, who (remarkably) also think tech companies need more regulation. 

Finally, in an experiment we may abandon at any moment, I’m going to start tweeting and posting some of this week’s stories that look like candidates for the News Roundup. Please reply to or retweet those you think we should cover. Relevant feeds: @stewartbaker on Twitter, Stewart Baker on LinkedIn, and stewart.a.baker on Facebook.

Download the 224th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

 

Direct download: PC_224.mp3
Category:general -- posted at: 9:50am EDT

I interview David Sanger in this episode on his new book, “The Perfect Weapon – War, Sabotage, and Fear in the Cyber Age.” It is an instant history of how the last five years have transformed the cyberwar landscape as dozens of countries follow a path first broken by Stuxnet. And then, to our horror, branch out into new and highly successful ways of waging cyberwar. Mostly against us.  David depicts an Obama administration paralyzed by the Rule of Lawyers and a fear that our opponents would always have one more rung than we did on the escalation ladder. The Trump administration also takes its lumps, sometimes fairly and sometimes not. At center stage in the book is Putin’s uniquely brazen and uniquely impactful use of information warfare, but the North Koreans and the Chinese also play major roles.  It is as close to frontline war reporting as cyber conflict is likely to get.

Stewart Baker with David Sanger.

Stewart Baker with David Sanger

Cyberlaw news this week is dominated by a couple of Supreme Court decisions: In Carpenter the Court held 5-4 that warrants are required to collect a week of location data from cell phone companies. Michael Vatis lays out the ruling, and I complain that the Court has kicked off a generation of litigation over the issues this decision opens up but fails to address. Tune in as Michael invokes James Madison and I counter with Ben Franklin. Who knew that the founding fathers had so much to say about the third-party doctrine?

Speaking of Court decisions that write checks for others to redeem, the 5-4 Wayfair decision is equally insouciant about triggering a generation of litigation about when internet companies must collect sales tax. After 50 years of waiting for Congress to decide a question that is clearly better resolved by legislation than judicial rule, the Court gave up and struck down the holding that a physical presence was required before sales tax had to be collected. Pat Derdenger explains just how much litigation he’ll be involved in. To his plea that Congress step in, I repeat a line I first used 25 years ago: Why should a Republican Congress enable the collection of taxes it can’t spend?

North Korea may be our president’s best bud these days, but it’s still hacking banks and conducting cyberespionage, Matthew Heiman points out. Jim Lewis advances a Darwinian justification for letting the North Koreans keep it up.

Matthew and Jim also agree that Chinese hackers are getting stealthier—probably in part because they’re chiseling around the edges of their agreement not to steal commercial secrets from US firms. We also ask whether the Chinese have begun releasing data from their OPM hack to criminal actors.

David Sanger thinks not.

Our lack of a coherent cyberwar strategy is becoming apparent not just to adversaries but also to Congress, which is in the process of mandating a new commission on cyberwar strategy. Whether calling it Project Solarium, a hallowed name in defense thinking, will make the commission more successful remains to be seen.

The Administration is struggling to come up with privacy principles that can compete with GDPR. Matthew and I predict that it won’t succeed.

One last note: David Sanger is on a book tour—if you’re in the Washington, D.C. area, he will be hosting a talk and book signing at Politics & Prose on Thursday, June 28, at 7pm.

Download the 223rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-223.mp3
Category:general -- posted at: 10:21am EDT

Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up pretty well under my skeptical questioning. 

In this week’s news, Congress and the executive branch continue to fight over the bleeding body of ZTE, which has already lost nearly 40 percent of its market value. The Commerce Department has extracted a demanding compliance and penalty package from the Chinese telecom equipment manufacturer. The Senate, meanwhile, has amended the NDAA to overturn the package and reimpose what amounts to a death penalty (see Section 1727). Brian Egan and I dig into the Senate’s language and conclude that it may do a lot less than the senators think it does—that may be the best news ZTE is going to get from Washington this year. 

Judge Richard Leon has approved the AT&T-Time Warner merger. Gus Hurwitz puts the ruling in context. His lesson: Next time, the Justice Department needs better evidence.

Brian gives us an update on what’s not in the CFIUS reform bill now that the CFIUS reform bill is in the NDAA and on its way to adoption. I suggest that the bill is a symptom of a new “Cool War,” and the beginning of a long, slow process of breaking the commercial world back into competing blocs. Complete with mirror-imaging, as both China and Pentagon start publishing lists of the technologies they expect to use in the burgeoning competition.

Kaspersky Labs is getting a lesson in Cool War-bloc dynamics, as the EU Parliament trashes the company as a malicious actor and the company acts out, terminating its cybersecurity arrangements with EU institutions.

Megan Stifel and I explore what it means that Chinese hackers are apparently back to their old tricks—stealing competitive secrets for commercial advantage. 

Given a choice between EFF and the EU, I come down on the EFF’s side, at least when the EU is snuggling up to Big Copyright and forcing internet companies to automatically scan customer-uploads for copyright violations. This is bad news for users, of course, since the tools are never perfect, and the incentives will be to err on the side of preventing speech. But, really, EU, if you were wondering why you’ll never have a vibrant tech startup scene, it’s time to look in the mirror. This measure may sound as though it will be tough on YouTube, but it will be fatal to its smaller competitors.

But surely, you say, the owners of intellectual property will be constrained by the need to keep their consumers happy. Yeah, right. If you believe that, you might want to take a closer look at the astonishing surveillance system that intellectual-property owners have dreamed up in Spain. At least nothing so intrusive could be done in Europe, where GDPR has created a privacy utopia …

More Cool War casualties: U.S. sanctions on Russia have hit a couple of companies that Silicon Valley thought of as friends and neighbors. This dividing-into-blocs business has some surprising costs. Brian, of course, wants to know how to square these sanctions with President Trump’s view of Russia. I supply the answer (two, actually), but you’ll have to listen to find out what they are.

Gus Hurwitz plugs his new privacy paper, which pantses privacy campaigners for hypocrisy. 

Gus also comments on Apple’s new USB-restricted mode, which law-enforcement support-contractors say they’ve already defeated.

In the good news of the week, the Southern Poverty Law Center gets a comeuppance in the form of an unconditional apology and $3.4 million libel settlement for including Maajid Nawaz in its nasty and irresponsible 2016 “Field Guide to Anti-Muslim Extremists.” If you’re keeping score at home, that’s $3.37 million down, $429 million to go before SPLC’s grotesquely swollen endowment is used up.

Speaking of comeuppances, I get mine for correcting Jennifer Quinn-Barabanov’s pronunciation of cy près as “sigh pray.” I’m a “see pray” guy. Alert listener Tim White decided to call up Brian Garner of “Garner’s Dictionary of Modern Legal Usage” for a ruling. In a moment straight out of a Woody Allen film, Garner responds through an editor that “Professor Garner is editing the entries in Black’s and Garner’s Dictionary of Legal Usage to reflect that /sigh/ is the traditional anglicized pronunciation and that /see/ is a repatriated French pronunciation. So both pronunciations will be listed, but /sigh/ will be listed first as the preferred one.” Short version: I’m condemned as an egregious grammar snob who doesn’t know a repatriated French pronunciation when he sees one. I think I owe Jennifer Quinn-Barabanov an apology—and $3.37.

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: PC222.mp3
Category:general -- posted at: 3:21pm EDT

The 11th Circuit’s LabMD decision is a dish served cold for Michael Daugherty, the CEO of the defunct company. The decision overturns decades of FTC jurisdiction, acquired over the years by a kind of bureaucratic adverse possession. Thanks to the LabMD opinion, practically all the FTC’s privacy and security consent decrees are at risk of being at least partly unenforceable—and if the dictum holds, the FTC may have to show that everything it views as an “unfair” lack of security is actually a negligent security practice.

Commerce says it has a deal with ZTE. Nate Jones wonders whether the bipartisan opposition to the deal from Congress is too late.

David Kris introduces a remarkable week for Justice Department responses to leaks of classified information. A long-time security director at the Senate intelligence committee succumbs first to the wiles of an aspiring reporter, and then to the temptation to lie about the romance to the FBI. James Wolfe will pay a heavy price for his leaks of classified information—without ever being tried for leaking classified information.

I can’t help asking how the FBI gathered as much information as they did from supposedly secure services like Signal and WhatsApp. Nick Weaver and David point to metadata as the fatal flaw in Wolfe’s security—and to cloud backup as the fatal flaw in Manafort’s (along with the problem that any secret shared with another is a hostage to that party’s inclinations).

The Chinese are having a hell of a run at U.S. secrets, David also reports, as evidenced by an espionage arrest, another espionage conviction, and a major story about another Chinese hack of Pentagon technology. The arrest of Hansen, who was in money trouble, may turn out to be the first fruits harvested by the Chinese from their trove of Office of Personnel Management files listing all the weaknesses of U.S. clearance holders.

The Departments of Justice and Homeland Security want new authority to regulate drones. Nick is supportive and offers some exciting and chilling video to support his view that drones will soon pose a wide variety of threats.

Nate reports on the Democrats’ effort to get a threat assessment of President Trump’s phone use.

Speaking of things we really need to worry about more, Nick tells us the Russian’s VPNFilter is worse than we thought, and we already thought it was bad. It’s time to take the security of your home router very seriously. 

I close with a quick rant, calling out Twitter, Facebook, Google, and Amazon for all accepting advice on who is a “hate” group from the irresponsible and irredeemably biased Southern Poverty Law Center. Really, guys, if you want half the country to hate Silicon Valley, this is exactly what you should be doing.

Download the 221st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. 

Direct download: PC221.mp3
Category:general -- posted at: 4:17pm EDT

GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is the WHOIS database, as German courts ride to the rescue of insecurity—in the name of privacy.

Also probably to be expected, at least for those who have paid attention to the history of technology regulation: The biggest companies are likely to end up boosting their market dominance.

Less expected: The decision of some big U.S. media to just say no to European readers, recognizing them as the Typhoid Marys of the internet, carrying a painful and stupid regulatory infection to every site they visit.

In other unsurprising news, Gus Hurwitz and Megan Reiss note, Kaspersky has now lost both its lawsuits against U.S. government bans in a single district court ruling.

In genuinely troubling news, Iran is signaling a willingness to attack U.S. industrial controls, which run the electric grid and pipelines and sewage systems, using the same malware it used against the Saudis. Since Iran was willing to launch DDoS attacks on U.S. banks the last time negotiations over its nuclear program hit a snag, this is a threat that needs to be taken seriously.

The good news is that the U.S. government released two reports this week on how to we’ll respond to both threats—cyberattacks on our grid and to DDoS attacks on our web companies. The bad news is that both reports suck. If you were feeling optimistic before this, I argue, a close reading of the reports will leave you with a sinking feeling that this is the fourth administration in a row without a clue about how to deal with such attacks.

Quick Hits

Russia wants Apple’s help in subduing Telegram, Maury reports. I predict that Tim Cook will fold like a cheap lawn chair. I’m guessing that it’s really only American law enforcement that he’s willing to thwart.

North Korea is getting credit for peacemaking while spreading malware to U.S. infrastructure. A lot of the attacks are enabled by phishing emails with news about the Trump-Kim summit. Which, come to think of it, may be the real reason Kim keeps turning the summit off and on: He’s got to generate clickbait for all those phishing emails.

Trump wants to relieve ZTE of its company-killing Commerce sanctions, but Congress may not let him. Hardest hit? Paul Ryan, who’ll have to decide whether to let the House take a free vote to thwart the President on national security grounds. At least that’s my quick assessment.

Gus takes us quickly through the next big security issueIMSI catchers and SS7 exploitation. This is a big problem, or really two big problems, that is bound to get real media attention—just as soon as civil liberties groups figure out how to blame it on Trump.

In other news, I’ll be hosting a Reddit AMA on r/legaladvice on June 6 starting at 2 p.m. EST. The best questions may be read in the next episode, so be sure to contribute. You can find more information in the announcement here.

You can subscribe to The Cyberlaw Podcast using iTunesPocket CastsGoogle Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: PC_220.mp3
Category:general -- posted at: 11:32am EDT

This episode features a conversation with Nick Bilton, author of “American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road.” His book, out in paperback, tells the story of Ross Ulbricht, the libertarian who created the hidden Tor site known as the Silk Road and rode it to massive wealth, great temptation, and, finally, a life sentence. It’s a fine read in its own right, but for those who know the federal government, the most entertaining parts concern the investigators who brought Ulbricht down. Each one has ambitions and flaws that mirror the stereotypes of their agencies, even—or perhaps especially—when the agents go bad. It’s got everything: sales of body parts, murder (maybe!), rogue cops, turf fights, and justice in the end.

Sadly, I predict this episode will generate more hate mail than any other. Why? You’ll have to listen to find out. Feel free to question my judgment with emails to CyberlawPodcast@steptoe.com.

You can subscribe to The Cyberlaw Podcast using iTunesPocket CastsGoogle Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions and suggestions for topics or interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-219.mp3
Category:general -- posted at: 6:24pm EDT

In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case that combines the worst of European crazy (“surely criminals have a right to be forgotten”) and California crazy (“profits are being earned here—surely that calls for a criminal investigation”). Markham explains why this may be a hard case for California to win—and then joins me in expressing schadenfreude for the owners, whose mugshots are even now spread all across the internet.

Meanwhile, the ZTE mess gets messier as Congress moves to block President Trump’s proposed sanctions relief. Democrats are joining national security Republicans to move legislation on the topic. Who says President Trump is the divider in chief?

Michael Vatis digs into the FBI’s latest high-profile problem: it grossly overstated the number of encrypted phones it encountered last year. Was it a mistake or a misrepresentation? Our panel leans toward mistake.

Michael and I also criticize President Trump’s decision to dump government security for his phone. Michael reminds us of the President’s scathing treatment of Hillary Clinton’s insecure email server and asks why an insecure cell phone is different.

And in a new feature that we still haven’t made up our mind about, we do a lightning round of stories we couldn’t get to:

Download the 218th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunesPocket CastsGoogle Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions and suggestions for topics or interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. 

Direct download: Cyberlaw_Podcast_218.mp3
Category:general -- posted at: 2:27am EDT

In our 217th episode of the Cyberlaw Podcast, the blockchain and cryptocurrency team takes over the podcast again.

Alan Cohn hosts another of the podcast’s periodic deep dives into all things blockchain and cryptocurrency to discuss recent regulatory developments and the current state of play of the industry.

Our episode begins by looking at the Treasury Department’s letter regarding initial coin-offerings (“ICOs”). Jack Hayes tells us the key takeaways from the letter, including that persons engaged in ICOs could be considered a Money Transmitter under FinCEN’s regulations. Not only does the letter address companies based in the U.S. that are issuing tokens, but also those based outside of the U.S. that may have a substantial part of their business in the U.S. or be issuing tokens to U.S. persons. The idea that FinCEN can reach outside of the U.S. border is not a new one. Last summer we saw a civil enforcement action against BTC-e, a foreign cryptocurrency exchange.

Jack and Alan also discuss the New York Attorney General’s recent voluntary transparency questionnaire sent to both U.S. and non-U.S. cryptocurrency exchanges. New York has seen its fair share of controversy with respect to cryptocurrency with the implementation of the BitLicense and the resulting exodus of a number of cryptocurrency companies.

Lisa Zarlenga provides an expert overview of the Internal Revenue Service’s (“IRS”) activity in the space starting with IRS Notice 2014-21. For tax purposes, convertible virtual currency (“CVC”) is treated as property, which means that every time you buy or sell CVC you are engaging in a taxable event and need to report capital gains or losses. The notice did not provide much guidance on accounting for and determining basis of cryptocurrency. Lisa also discusses whether exchanging one cryptocurrency for another cryptocurrency is a like-kind exchange and how the 2018 Tax Reform Bill changes things. With the increasing popularity of airdrops, Lisa and Alan tell us about the tax treatment of tokens received during an airdrop.

Chelsea Parker discusses trends coming out of New York Blockchain Week 2018. Consensus 2018 was three times bigger than Consensus 2017 and there were almost three dozen other official conferences and events that were part of NY Blockchain Week. Needless to say, interest in blockchain appears to be at an all-time high, and there was a particularly high international presence. Government officials from countries such as Gibraltar and Bermuda highlighted their proactive steps to implement regulation while still encouraging innovation and protecting consumers. This idea of balancing regulation while still encouraging innovation was a common theme across panels.

Alan highlights Steptoe’s panel “Blockchain in Supply Chain, Navigating the Legal Waters” and the key questions discussed during Alan Cohn and Lisa Zarlenga’s presentations on the tax treatment of digital currencies and tokens at the Accounting Blockchain Coalition’s conference. Finally, the panelists highlight where they see the industry going next in terms of adoption and regulation. Lisa discusses the possibility of additional guidance from the IRS while Jack discusses the future of sovereign cryptocurrencies and the resulting regulatory challenges.

Chelsea Parker, Lisa Zarlenga, Alan Cohn, and Jack Hayes (left to right)

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 217th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Direct download: TheCyberlawPodcast-217.mp3
Category:general -- posted at: 11:51am EDT