The Cyberlaw Podcast

Our news roundup is dominated by the seemingly endless ways that the U.S. and China can find to quarrel over tech policy.  The Commerce Department’s plan to use an executive order to cut TikTok and WeChat out of the U.S. market have now been enjoined. But the $50 Nick Weaver bet me that TikTok could tie its forced sale up until January is still at risk, because the administration has a double-barreled threat to use against that company—not just the executive order but also CFIUS—and the injunction so far only applies to the first. 

I predict that President Xi is likely to veto any deal that appeals to President Trump, just to show the power of his regime to interfere with US plans. That could spell the end of TikTok, at least in the US. Meanwhile, Dave Aitel points out, a similar but even more costly fate could await much of the electronic gaming industry, where WeChat parent TenCent is a dominant player. 

And just to show that the U.S. is willing to do to U.S. tech companies what it’s doing to Chinese tech companies, leaks point to the imminent filing of at least one and perhaps two antitrust lawsuits against Google. Maury Shenk leads us through the law and policy options.

The panelists dismiss as PR hype the claim that it was a threat of “material support” liability that caused Zoom to drop support for a PFLP hijacker’s speech to American university students. Instead, it looks like garden variety content moderation aimed this time at a favorite of the far left.

Dave explains the good and the bad of the CISA order requiring agencies to quickly patch the critical Netlogon bug

Maury and I debate whether Vladimir Putin is being serious or mocking when he proposes an election hacking ceasefire and a “reset” in the cyber relationship. We conclude that there’s some serious mocking in the proposal. 

Dave and I also marvel at how Elon Musk, for all his iconoclasm, sure has managed to cozy up to both President Xi and President Trump, make a lot of money in both countries, and take surprisingly little flak for doing so.  The story that spurs this meditation is the news that Tesla is so dependent on Chinese chips for its autonomous driving engine that it’s suing the US to end the tariffs on its supply chain

 In quick hits and updates, we note a potentially big story: The Trump administration has slapped new restrictions on exports to Semiconductor Manufacturing International Corporation, China’s most advanced maker of computer chips. 

The press that lovingly detailed the allegations in the Steele dossier about President Trump’s ties to Moscow hasn’t been quite so loving in their coverage of the dossier’s astounding fall from grace. The coup de grace came last week when it was revealed that the main source for the juiciest bits was flagged by the FBI as a likely Russian foreign agent; he escaped a FISA order only because he left the country for a while in 2010. 

The FISA court has issued an opinion on what constitutes a “facility” that can be tapped with a FISA order. It rejected the advice of Cyberlaw Podcast regular David Kris in an opinion that includes all the court’s legal reasoning but remains impenetrable because the facts are all classified. Maury and I come up with a plausible explanation of what was at stake.

The Trump administration has proposed Section 230 reform legislation similar to the white paper we covered a couple of months ago. The proposal so completely occupies the reasonable middle of the content moderation debate that a Biden administration may not be able to come up with its own reforms without sounding fatally similar to President Trump. 

And in yet more China news, Maury and Dave explore the meaning of Nvidia’s bid for ARM and Maury expresses no surprise at all that WeWork is selling off a big chunk of its Chinese operations 

And more! 

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

Download the 330th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

Direct download: TheCyberlawPodcast-330.mp3
Category:general -- posted at: 11:54am EDT

John Yoo, Mark MacCarthy, and I kick off episode 329 of the Cyberlaw Podcast diving deep into what I call the cyberspace equivalent of a dumpster fire. There is probably a pretty good national security case for banning TikTok. In fact, China did a lot better than the Trump administration when it declared, “You know that algorithm that tells all your kids what to watch all day? That’s actually a secret national security asset of the People’s Republic.” But the administration’s process for addressing the national security issue was unable to keep up with President Trump’s eagerness to announce some kind of deal. The haphazard and easily stereotyped process probably also contributed to the casual decision of a magistrate in San Francisco to brush aside US national security interests in the WeChat case, postponing the order on dubious first amendment grounds that John Yoo rightly takes to task.

 

Megan Stifel tells us that the bill for decoupling from China is going to be high – up to $50 billion if you listen to the Semiconductor Industry Association. 

 

Speaking of big industry embracing big government, Pete Jeydel explains IBM’s slightly jarring suggestion that the government should slap export controls on a kind of face recognition technology that Big Blue doesn’t sell any more. Actually, when you put it like that, it kind of explains itself.

Megan tells us that the House has passed a bill on the security of IOT devices. The bill, which has also moved pretty far in the Senate, is pretty modest, setting only standards for what the federal government will buy, but Megan has hopes that it will prove to be the start of a broader movement to address IOT security.

I reprise three of the latest demonstrations of just how much Silicon Valley hates conservatives and how far it will go to suppress their speech.  My favorite is Facebook deciding that a political ad that criticizes transwomen competing in women’s sports must be taken down because it lacks context. Unlike every other political ad since the beginning of time. Although Twitter’s double standard for a “manipulated media” label is pretty rich too: Turns out that splicing Trump’s remarks to make him say what the Biden camp is sure he meant is fair comment, but splicing a Biden interview so he says what the Trump camp is sure he meant is Evil Incarnate. 

Finally, Megan rounds out the week with a host of hacker news. The North Koreans are in bed with Russian cybercrime gangs.  (I can’t help wondering who wakes up with fleas.) The Iranians are stealing 2FA codes and some of them were indicted, though not apparently for the 2FA exploit.  And a long-running Chinese cybergang is indicted too.  Not that that will actually stop them, but it could be hard on their Malaysian accomplices, who are in jail, contemplating the value of government top cover.

Our interview this week is with Michael Brown, a remarkably influential defense technologist. He’s been CEO of Symantec, cowrote the report that led to passage of FIRRMA and the transformation of CFIUS, and now runs the Defense Innovation Unit in Silicon Valley. He explains what DIU does and some of the technological successes it has already made possible.

And more!

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

Download the 329th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-329.mp3
Category:general -- posted at: 10:37pm EDT

In our 328th episode of the Cyberlaw Podcast, Stewart is joined by Bruce Schneier (@schneierblog), Sultan Meghji @sultanmeghji), and Nate Jones (@n8jones81). The Belfer Center has produced a distinctly idiosyncratic report ranking the world’s cyber powers – a kind of Jane’s Fighting Nerds report. Bruce Schneier and I puzzle over its oddities, but at least the authors provided the underlying assessments to led them to rank the Netherlands No. 5, and Israel nowhere in the top ten. The US is number one, but that’s partly due to the Center’s insistence that we’re a norms superpower. In my book, that would require a 20% discount off our offensive capabilities ranking.  Don’t agree? Download the report and pick your own fight!

 

Our interview today is with Cory Doctorow, diving deep on his pamphlet/book, “How to Destroy Surveillance Capitalism.” It’s a robust and entertaining three-cornered fight – me, Cory, and the absent Shoshana Zuboff, whose 700-page tome launched the surveillance capitalism meme. You’ll enjoy hearing me explain to Cory, a Red Diaper Baby born to Trotskyists, that his solution to tech’s overreach is surprisingly similar to Attorney General Bill Barr’s.

 

Elsewhere in the news roundup, Nate Jones and I unpack the Pandora’s Box of pain unleashed by the European Court of Justice in Schrems II

 

Facebook is fighting a multilevel rearguard action – in the courts, in two capitals, and in its terms of service -- to try to salvage its current business model.

 

I cover the latest Tok in the TikTok saga.  Oracle has won … something or other. Sultan Meghji and I puzzle over how the TikTok algorithm can stay in China while the dataset it’s training on remains in the United States. 

 

The Justice Department's antitrust lawsuit against Google is getting nearer and nearer, judging from the thrashing in the underbrush. But we still don’t have a good idea what part of Google’s business will be targeted. Sultan explains the state of play. 

 

In a news flash that I liken in shock value to the report that the weather in San Diego will be sunny and fair, Microsoft has confirmed that the Chinese, Iranians, and Russians have launched cyber-attacks on Biden and Trump campaigns. For reasons unknown, the press can’t get enough of this thin gruel.

 

Bruce and Sultan chart the reasons and tactics behind the rise of ransomware and the importance of being a reliable criminal if you want to make money in extortion. 

 

Nate unpacks China’s global data security initiative so you don’t have to waste your time. The tl;dr is that other countries shouldn’t do any of the things China is doing or aspiring to do. 

 

Speaking of things you don’t have to read because we took the hit, Bruce tells us what’s in the new White House cyber-security policy for space systems. Really, it’s all “shoulds” and puts nobody in charge of enforcement. It would be kind to call it the beta version of a space cybersecurity policy.

 

Sultan argues that there may after all be a limit to the EU’s ability to get every company on the internet to enforce its speech codes, and the domain name registries hope they’re on the other side of that line. 

 

You probably saw the “op-ed” that AI “wrote,” explaining why humans need not fear it.   Bruce, Sultan, and I have plenty of fun mocking Open AI’s penchant for Open Hype.  But Bruce reminds us that sooner or later the hype will be real, and more than half of Twitter will be machines talking to other machines.  Judging from my Twitter feed, that will be an improvement. 

 

Finally,  This Week in Sore Losing: In honor of Jeff Bezos’s AWS and its brief complaining that it should have beat Microsoft to the lucrative JEDI contract, I update an old lawyer’s motto: If you’ve got the law on your side, pound the law. If you’ve got the facts, pound the facts. And if you’ve got neither, pound the Orange Man.

 

And more!

                                                   

 

Download the 328th Episode (mp3)

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: TheCyberlawPodcast-328.mp3
Category:general -- posted at: 12:27pm EDT

In our 327th episode of the Cyberlaw Podcast, Stewart is joined by Nick Weaver (@ncweaver), David Kris (@DavidKris), and Dave Aitel (@daveaitel). We are back from hiatus, with a one-hour news roundup to cover the big stories of the last month.  Pride of place goes to the WeChat/Tiktok mess, which just gets messier as the deadline for action draws near. TikTok is getting all the attention but WeChat is by far the thorniest policy and technical problem. I predict delays as Commerce wrestles with them. Nick Weaver predicts that TikTok’s lawsuit will push resolution of its situation into January.  I’ve got fifty bucks that says it won’t. Lawfare wins either way.

Dave Aitel digs into the attempted Tesla hack. Second best question in the segment: Who’s the insider that enabled an attack on his employer and is still working there three years later?  Best question: How many CSO’s can say with confidence that none of their employees would take $1 million to plug a USB stick into the company network? 

This Month in Overhyped Judicial Decisions about FISA: David Kris lays out the seven-years-late Ninth Circuit decision that has been billed as striking at the FISA warrantless surveillance law. Talk about overtaken by events. The opinion grumbles about the Fourth Amendment but doesn’t actually rule (and its analysis is so partial that it isn’t even persuasive dicta). It boldly finds that the collection violated a statute that has been repealed anyway. And then it says that doesn’t matter because suppression of the evidence isn’t a remedy and the violation didn’t taint the trial.  The only really good news for the civil liberties community is that Justice can’t appeal to the Supreme Court because, well, it won.

David also takes on the other overhyped FISA decision, a lengthy FISA court review of agencies’ minimization practices with respect to Americans’ data collected under section 702. The court approved practically everything but was predictably and not improperly upset at the FBI’s inability to design social and IT systems that prevent dumb violations of the rules. 

Speaking of FISA, important national security provisions remain unsettled, in large part because of Trump’s misguided opposition. Who, David asks, could possibly persuade GOP members that there’s a FISA reform that responds to their sense of grievance over the Russian collusion investigation?  I volunteer, with lengthy testimony to the PCLOB and a shorter piece in Lawfare.

Dave Aitel asks why we’re surprised that Iranian hackers are monetizing access to networks that don’t offer national security value to their government. Or that hackers are following their targets into specialized software markets. If you know your target is a law firm, he suggests, you’d be better off looking for flaws in Relativity than in Windows…. Excuse me, I just felt someone walk over my grave.

Nick and Dave are both critical of the Justice Department’s indictment of Joe Sullivan for obstruction of justice and misprision of felony. That is beginning to look like a case Sullivan can win, and he just might take it to trial. 

Nick thinks the Justice Department is playing a long game in pretending it can seize 280 cryptocurrency accounts used by hackers. It can’t get the funds, but it sure can make it hard for the hackers to get them. 

U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021. 

And more!

Download the 327th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Direct download: 327-ill-take-hacking-tesla-for-one-million-dollars-alex.
Category:general -- posted at: 10:56am EDT

1