Our interview is with Alex Stamos, who lays out a complex debate over child sexual abuse that’s now roiling Brussels. The application of European privacy standards and artificial intelligence (AI) hostility to internet communications providers has called into question the one tool that has reduced online child sex predation. Scanning for sex abuse images works well, and even scanning for signs of “grooming” is surprisingly effective. But they depend on automated monitoring of communications content, something that has come as a surprise to European lawmakers hoping to impose more regulation on American tech platforms. Left unchanged, the new European rules could make it easier to abuse children.  Alex explains the rushed effort to head off that disaster—and tells us what Ashton Kutcher has to do with it (a lot, it turns out).

Meanwhile, in the news roundup, Michael Weiner breaks down the Federal Trade Commission's (FTC) (and the states’) long-awaited antitrust lawsuit against Facebook. Maybe the government will come up with something as the case moves forward, but its monopolization claims don’t strike me as overwhelming.  And, Mark MacCarthy points out, the likelihood that the lawsuit will do something good on the privacy front is vanishingly small. 

Russia’s SVR, heir of the KGB, is making headlines with a remarkably sophisticated and well-hidden cyberespionage attack on a lot of institutions that we hoped were better at defense than they turned out to be. Nick Weaver lays out the depressing story, and Alex offers a former CISO’s perspective, arguing for a federal breach notification law that goes well beyond personal data and includes disciplined after-action reports that aren’t locked up in post-litigation gag orders. Jamil Jaffer tells us that won’t happen in Congress any time soon.

Jamil also comments on the prospects for the National Defense Authorization Act (NDAA), chock full of cyber provisions and struggling forward under a veto threat. If you’re not watching the European Parliament tie itself in knots trying to avoid helping child predators, tune in to watch American legislators tie themselves into knots trying to pass an important defense bill without drawing the ire of the President.

The Federal Communications Commission (FCC), in an Ajit Pai farewell, has been hammering Chinese telecoms companies. In one week, Jamil reports, the FCC launched proceedings to kick China Telecom out of the U.S. infrastructure, reaffirmed its exclusion of Huawei from the same infrastructure and adopted a “rip and replace” mandate for U.S. providers who still have Chinese gear in their networks.

Nick and I clash over the latest move by Apple and Google to show their contempt for US counterterrorism efforts—the banning of a location data company whose real crime was selling the data to (gasp!) the Pentagon.

Mark explains the proposals for elaborate new regulation of digital intermediaries now working their way through—where else? Brussels. I offer some cautious interest in regulation of “gatekeeper” platforms, if only to prevent Brussels and the gatekeepers from combining to slam the Overton window on conservatives’ fingers. 

Mark also reports on the Trump administration's principles for U.S. government use of AI, squelching as premature my celebration at the absence of “fairness” and “bias” can’t.

Those who listen to the roundup for the porn news won’t be disappointed, as Mark and I dig into the details of Pornhub’s brush with cancellation at the hands of Visa and Mastercard—and how the site might overcome the attack.

In short hits, Nick and I disagree about Timnit Gebru, the “ethicist” who was let go at Google after threatening to quit. I report on the enactment of a modest but useful internet-of-things cybersecurity law and on the doxxing of the Chinese Communist Party membership rolls as well as the adoption of the most law-enforcement-hostile technology yet to come out of Big Tech—Amazon’s Sidewalk. 

And More!

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Did you ever wonder where all that tech money came from all of a sudden? Turns out, a lot of it comes from online programmatic ads, an industry that gets little attention even from the companies, such as Google, that it made wealthy. That lack of attention is pretty ironic, because lack of attention is what’s going to kill the industry, according to Tim Hwang, former Google policy maven and current research fellow at the Center for Security and Emerging Technology (CSET).

In our interview, Tim Hwang explains the remarkably complex industry and the dynamics that are gradually leaching the value out of its value proposition. Tim thinks we’re in an attention bubble, and the popping will be messy.  I’m persuaded the bubble is here but not that its end will be disastrous outside of Silicon Valley.

Sultan Meghji and I celebrate what seems like excellent news about a practical artificial intelligence (AI) achievement in predicting protein folding. It’s a big deal, and an ideal problem for AI, with one exception.  The parts of the problem that AI hasn’t solved would be a lot easier for humans to work on if AI could tell us how it solved the parts it did figure out.  Explainability, it turns out, is the key to collaborative AI-human work.

We welcome first time participant and long-time listener Jordan Schneider to the panel. Jordan is the host of the unmissable ChinaTalk podcast. Given his expertise, we naturally ask him about … Australia.  Actually, it’s natural, because Australia is now the testing ground for many of China’s efforts to exercise power over independent countries using cyber power along with trade. Among the highlights: Chinese tweets highlighting a report about Australian war crimes followed by a ham-handed tweet-boosting bot campaigns. And in a move that ought to be featured in future justifications of the Trump administration’s ban on WeChat, the platform refused to carry the Australian prime minister’s criticism of the war-crimes tweet. 

Ted Cruz, call your office! And this will have to be Sen. Cruz’s fight, because it looks more and more as though the Trump administration has thrown in the towel. Its claim that it is negotiating a TikTok sale after ordering divestment is getting thinner; now the divestment deadline has completely disappeared, as the government simply says that negotiations continue. Nick Weaver is on track to win his bet with me that CFIUS won’t make good on its order before the mess is shoveled onto Joe Biden’s plate.

Whoever was in charge of beating up WeChat and TikTok may have left the government early, but the team that’s sticking pins in other Chinese companies is still hard at work. Jordan and Brian Egan talk about the addition of SMIC to the amorphous defense blacklist. And Congress has passed a law (awaiting the president’s signature) that will make life hard for Chinese firms listed on U.S. exchanges. 

China, meanwhile, isn’t taking this lying down, Jordan reports. It is mirror-imaging all the Western laws that it sees as targeting China, including bans on exports of Chinese products and technology. It is racing (on what Jordan thinks is a twenty-year pace) to create its own chip design capabilities. And with some success. Sultan takes some of the hype out of China’s claims to quantum supremacy.  Though even dehyped, China’s achievement should be making those who rely on RSA-style crypto just a bit nervous (that’s all of us, by the way).

Michael Weiner previews the still veiled state antitrust lawsuit against Facebook and promises to come back with details as soon as it’s filed. 

In quick hits, I explain why we haven’t covered the Iranian claim that their scientist was rubbed out by an Israeli killer robot machine gun: I don’t actually believe them. Brian explains that another law aimed at China and its use of Xinjian forced labor is attracting lobbyists but likely to pass. Apple, Nike, and Coca-Cola have all taken hits for lobbying on the bill; none of them say they oppose the bill, but it turns out there’s a reason for that. Lobbyists have largely picked the bones clean.

President Trump is leaving office in typical fashion—gesturing in the right direction but uninteresting in actually getting there. In a “Too Much Too Late” negotiating move, the President has threatened to veto the defense authorization act if it doesn’t include a repeal of Section 230 of the Communications Decency Act. If he’s yearning to wield the veto, the Democrats and GOP alike seem willing to give him the chance.  They may even override, or wait until January 20 to pass it again. 

Finally, I commend to interested listeners the oral argument in the Supreme Court’s Van Buren case, about the Computer Fraud and Abuse Act. The solicitor general’s footwork in making up quasi textual limitations on the more sweeping readings of the act is admirable, and it may well be enough to keep van Buren in jail, where he probably belongs for some crime, if not this one. 

And more.

Download the 341st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Our interview in this episode is with Michael Daniel, formerly the top cybersecurity adviser in the Obama administration’s National Security Council and currently the CEO of the Cyber Threat Alliance (CTA).  Michael lays out CTA’s mission. Along the way he also offers advice to the Biden cyber team—drawing in part on the wisdom of Henry Kissinger.

In the news roundup, Michael joins Jamil Jaffer and Nate Jones to mull the significance of Bruce Reed’s appointment to coordinate technology issues in the Biden White House.  Reed’s tough take on Silicon Valley companies and Section 230 may form the basis of a small-ball deal with Republicans on things like child sex abuse material, but none of us think a broader reconciliation on content moderating obligations is in the offing.

When it comes to regulating the tech sector, Brussels is a fount of proposals. The latest, unpacked by Jamil and Maury Shenk, is intended to build on the dubious success of GDPR in jumpstarting the EU’s technology industry.

Maury and I puzzle over exactly how a Russian divorcee won a court order allowing access to her estranged son’s Gmail account. Our guess: the court stretched a point to conclude that the son had consented.

Another day, another China-punishing measure from the Trump administration: Jamil explains the administration’s vision of a bloc of countries that will unite in resistance to China’s punitive trade retaliation against inconvenient Western countries, most notably Australian, now getting hit hard by China.

Meanwhile, Maury reports that the administration has identified nearly 90 Chinese companies that are too closely tied to the Chinese military for purposes of export control licenses. The only good news for U.S. exporters is that the list eliminates some ambiguity about the status of some companies.

Maury also gives an overview of what most of us think is an oxymoron: Privacy in China. In fact, there is growing attention to protecting privacy at least from commercial companies. And harsh enforcement, as always, makes observers wonder “who did that company piss off?” before they wonder “what did that company do wrong?”

Maury also reports on the effort to revive Privacy Shield—and on just how little the negotiators have to work with.

Jamil comments on the ever-rising cost of cybersecurity, and possible implications for bank consolidation.

Nate reviews the privacy and security doubts about Amazon’s Sidewalk feature, which turns Alexa devices into neighborhood WiFi networks.

Maury and I note that the deadline for a TikTok sale is still a week away and maybe always will be.

Jamil wonders why ZTE asked the Federal Communications Commission (FCC) to reconsider its exclusion of the company from the U.S. telecoms infrastructure. The FCC order denying the request was not exactly a marketing triumph.

Jamil and I have fun asking how much snooping will go on in a proposed new fiber-optic network linking Saudi Arabia and Israel.

Nate is not surprised that France is pushing its tax for the (U.S.) tech sector, but we debate whether the timing will turn out to be good for France or bad. I claim that the White House’s short attention span is France’s best friend.

Maury and I try to figure out whether there’s a public policy case in favor of the Rivada plan to take over a bunch of the Department of Defense spectrum and rent out whatever is excess to the department needs. Maybe there is, but we can’t find it.

And more.

Download the 340th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families or pets.