Thu, 19 December 2019
For this special edition of the Cyberlaw Podcast, we’ve convened a panel of experts on intelligence and surveillance legal matters. We take a look at the Department of Justice Inspector General’s report on the FBI’s use of FISA applications – and the many errors in those applications. We also touch on FBI Director Wray’s response, as well as a public order issued by the Foreign Intelligence Surveillance Court. We wrap up with thoughts on how to resolve some of the issues identified by the IG’s report and suggestions for improving the FISA process. Joining me on the panel:
The Cyberlaw Podcast is going on hiatus for the holidays. We’ll be back in January with more insights into the latest events in technology, security, privacy, and government. Download the 294th Episode (mp3). You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. |
Mon, 16 December 2019
This week Maury Shenk guest hosts the podcast. Even with a "phase one" trade deal with China apparently agreed upon, there's, of course, plenty still at stake between China and the US in the tech space. Nate Jones reports on the Chinese government order for government offices to purge foreign software and equipment within three years and the plans of Arm China to develop chips using “state-approved” cryptography. Nick Weaver and I agree that, while there are some technical challenges on this road, there's a clear Chinese agenda to lose dependency on US suppliers. In the Department of Hacking, the aptly-named Plundervolt allows hackers to steal data using the power supply of Intel chips. The immediate hole has been closed, but Nick thinks the hack suggests bigger problems for Intel down the road. We also discuss Apple's flirtation with the using DMCA to get Twitter to de-tweet an encryption key compromising a less-than-critical aspect of iPhone 11 security, and I report on an 11th Circuit decision on insurance coverage for losses from spear-phishing. With Stewart Baker away, I point out that it's not just the EU that is going after Big Tech. Amazon's new-ish Ring subsidiary seems to have scored a couple of own-goals with privacy and security practices for its smart doorbells – Nick explains in detail. And I relate the Wall Street Journal report that the FTC is considering seeking an injunction of Facebook app integration, and the big 7.5% tax that Turkey will levy on digital services beginning in March. Finishing up in the Gulf, we look at a “very big” cyberattack on Iranian banks that the Iranian government claims is state-sponsored. Nate doubts intimations that the US is involved, and we agree that political and commercial motives are difficult to disentangle in this type of attack. Across the Strait of Hormuz, we explore the involvement of former counterterrorism czar Richard Clarke in helping the United Arab Emirates build its DREAD (who thought that was a good name?) counterterrorism unit and the policy implications and slippery slope of allowing US expertise to be used for such efforts. Download the 293rd Episode (mp3). You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. |
Tue, 10 December 2019
The apparent terror attack at Naval Air Station Pensacola spurs a debate among our panelists about whether the FISA Section 215 metadata program deserves to be killed, as Congress has increasingly signaled it intends to do. If the Pensacola attack involved multiple parties acting across US borders, still a live possibility as we talked, then it would be just about the first such attacks since 9/11 – and exactly the kind of attack the metadata program was designed to identify in advance. Nick Weaver tells us that China has resurrected the Great Cannon to attack a popular Hong Kong forum for protesters. I ask why Google hasn’t started issuing warnings to Web browsers who cross the Great Firewall into China without enabling HTTPS to foil the Great Cannon. Meanwhile, Microsoft is working hard to make GitHub, an early Great Cannon victim, an essential part of China’s IT infrastructure. GitHub was attacked because it hosted some content that China hated, including the New York Times, and we verify in real-time that, despite the lure of the Chinese market, Microsoft has not told GitHub to dump the offending content. In more China news, the trial lawyers are circling TikTok like a wounded wildebeest on the veldt. A California class action alleges that TikTok harvested and sent data to China, and an Illinois class action charges the company with violating COPPA by marketing to children without sufficient privacy safeguards. Paul Rosenzweig and I dig deep into the 20-year history behind the now-abandoned proposal to conduct airport facial scans on US citizens leaving the country. We reach broad agreement that this is one of the rare privacy versus national security debates in which there’s precious little privacy or national security at stake. Matthew Heiman provides an overview of the remarkable international food fight over taxes on digital business. USTR is threatening big tariffs on French wine to counter France’s digital tax. Spain is apparently eager to join France in the fight. And the effort to work everything out at the OECD, where the EU has a 20-1 voting advantage over the US, has predictably not worked out well from the US point of view. Cue the white cat: The United States has actually imposed sanctions on “Evil Corp.” Nick explains that this is part of criminal charges against two highly effective Russian bank hackers – and arguably a confession of weakness on the US government’s part. Meanwhile, Amazon’s efforts to avoid tort liability for third-party sales on its site look to be suffering a long strategic defeat in the courts. The latest example is a Sixth Circuit ruling allowing plaintiffs to pursue product tort claims against the Internet giant. I offer a quick update and some kind words for Nancy Pelosi, who is calling for modification of the North American free trade deal to drop the provision turning Section 230 of the Communications Decency Act into international law. This is a genuinely bipartisan complaint, so perhaps she’ll prevail. Paul gets stuck explaining two dog-bites-man stories. The FBI says any Russian app could be a counterintelligence threat. What else could they say? And the European Commission, when asked what US regulation of encryption would mean for Europe, says more or less that it may have to move from eyebrow-lifting to throat-clearing. And Nick closes the program with advice about the new Android exploit that works (in the right circumstances) to compromise apps running on a fully patched and up-to-date Android phone. Download the 292nd Episode (mp3). You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. |
Fri, 6 December 2019
Algorithms are at the heart of the Big Data/machine learning/AI changes that are propelling computerized decision-making. In their book, The Ethical Algorithm, Michael Kearns and Aaron Roth, two Computer Science professors at Penn, flag some of the social and ethical choices these changes are forcing upon us. My interview with them touches on many of the hot-button issues surrounding algorithmic decision-making. Michael and Aaron may not agree with my formulation, but the conversation provides a framework for testing it – and leaves me more skeptical about “bias hacking” of algorithmic outputs. Less controversial, but equally fun, is a dive into the ways in which Big Data and algorithms defeat old-school anonymization – and the ways in which that problem can be solved. Our guests from Philadelphia help me understand the value of differential privacy. And if you wondered why, say, much of the social science and nutrition research of the last 50 years doesn’t hold up to scrutiny, blame Big Data and algorithms that reliably generate significant correlations once in every 20 tries. Michael and Aaron also take us deep into the unexpected social costs of algorithmic optimization. It turns out that a recommendation engine that produces exactly what we want, even when we didn’t know we wanted it, is great in the moment but maybe not so great for society. Creating markets in areas once governed by social norms can optimize individual choice but at a considerable social cost, and it turns out that algorithms can do the same – optimize individual gratification in the moment while roiling our social and political order in unpredictable ways. We would react badly to a proposal that dating choices become microeconomic transactions (otherwise known as prostitution) but we don’t feel the same way about reducing them to algorithms. Maybe we should. |
Wed, 4 December 2019
This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that never once mention China. More accurately, the Department has rolled out a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude that the government is still fighting about the content of a policy it’s already announced. And to show that decoupling can go both ways, a U.S.-based chip-tech group is moving to Switzerland to reassure its Chinese participants. Nick Weaver and I conclude that there’s a little less here than Reuters seems to think. Mark MacCarthy tells us that reports of the University of Chicago’s weather turning sunny and warm for hipster antitrust plaintiffs are probably overdone. Even so, Silicon Valley should be at least a little nervous that even Chicago School enforcers are taking a hard look at personal data and free services as sources of anti-competitive conduct. Mark also highlights my favorite story of the week, as the Right to be Forgotten discredits itself in, where else, Germany. Turns out that you can kill two people and wound a third on a yacht in the Atlantic, get convicted, serve 20 years, and then demand that everybody just forget it happened. The doctrine hasn’t just jumped the shark. It’s doubled back and put a couple of bullets in the fish for good measure. Nick explains why NSA is so worried about TLS inspection. And delivers a rant on bad cybersecurity software along the way. It’s been a bad week for TikTok, which was caught blocking an American Muslim teen who posted about Uighurs in China and offered an explanation that was believable only because US social media companies have offered explanations that were even less credible. I suggest that all the criticism will just lead to more and sneakier ways to block disfavored content without getting caught. And Brian tells us how the flap might affect TikTok’s pending CFIUS negotiation. Nick ladles out abuse for the bozo who thought it was a good idea to offer cryptocurrency advice on avoiding sanctions to Kim Jong Un’s cyber bank robbers. And Brian explains that the government’s prosecution of the bozo might have to tiptoe past the First Amendment. Senate Democrats have introduced the Consumer Online Privacy Rights Act, an online privacy bill with an unfortunate acronym (think fossilized dinosaur poop). Mark and I conclude that the bill is more a sign that Washington isn’t going to do privacy before 2021. Who can resist GPS crop circle spoofing by sand pirates? Not Nick. Or me. Arrr. I update our story on DHS’s CISA, which has now issued in draft a binding operational directive on vulnerability disclosure policies for federal agencies. It’s now taking comments on GitHub. And in quick hits: The death of the Hippie Internet, part 734: Apple changes its map to show Crimea as Russian, but only for Russians; Facebook accepts correction notice from the Singapore government; our own Paul Rosenzweig will be an expert witness in the government’s prosecution of the Vault 7 leaker; and Apple’s bad IT cost it $467,000 for sanctions violations. I ask whether we should be blaming Scooby-Doo for the error. Join Steptoe for a complimentary webinar on Tuesday, December 10. We’ll be talking about the impacts on retailers of the newly implemented California Consumer Privacy Act and the EU’s General Data Protection Regulation. This is a fast-moving area of the law; we can keep you up to date. You can find out more and register here. Download the 290th Episode (mp3).
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. |
The Cyberlaw Podcast
Categories
generalArchives
AprilMarch
February
January
December
November
October
September
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
July
June
May
April
March
February
January
December
November
October
September
July
June
May
April
March
February
January
December
November
October
September
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
July
June
May
April
March
February
January
December
November
October
September
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
February
January
December
November
October
September
August
July
June
May
April
March
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
Syndication
