This episode offers an economical overview of the six antitrust reform bills reported out of the House Judiciary Committee last week. Michael Weiner and Mark MacCarthy give us the top line for all six (though only four would make substantial new policy). We then turn quickly to the odd-couple alliances supporting and opposing the bills, including my brief cameo appearance, in Rep. Jim Jordan’s opposition, on the gratifying ground (ok, among others) that Microsoft had never explained its suppression of my recent LinkedIn post. On the whole, I think Rep. Jordan is right; there’s very little in these bills that will encourage a diversity of viewpoints on social media or among its “trust and safety” bureaucrats.

Nick Weaver trashes the FBI for its prosecution of AnMing Hu. I’m more sympathetic, but neither of us thinks this will end well for the bureau or the China Initiative.

Adam Candeub makes his second appearance and does a fine job unpacking three recent decisions on the scope of Section 230. The short version: Facebook only partly beat the rap for sex trafficking in the Texas Supreme Court; SnapChat got its head handed to it in the speed filter case; and all the Socials won but faced persuasive dissents in a case over assistance to terrorist groups.

The long version: Silicon Valley has sold the courts a bill of goods on Section 230 for reasons that sounded good when the Internet was shiny and democratic and new. Now that disillusion has set in, the sweeping subsidy conferred by the courts is looking a lot less plausible. The wheels aren’t coming off Section 230 yet, but the paint is peeling, and Big Tech’s failure to get their reading of the law blessed by the Supreme Court ten years ago is going to cost them—mainly because their reading is inconsistent with some basic rules of statutory interpretation.

Nick and I engage on the torture indictments of executives who sold internet wiretapping capabilities to the Qaddafi regime.

Mark is unable to hose down my rant over Canada’s bone-stupid effort to impose Canadian content quotas on the internet and to write an online hate speech law of monumental vagueness. 

And in closing, Nick and I bid an appropriately raucous and conflicted adieu to the Hunter Thompson of Cybersecurity:  John McAfee.

And more!

Download the 368th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

We could not avoid President Biden’s trip to Europe this week. He made news (but only a little progress) on cybersecurity at every stop. Nick Weaver and I dig into the President’s consultations with Vladimir Putin, which featured veiled threats and a modest agreement on some sort of continuing consultations on protecting critical infrastructure.

Jordan Schneider sums up the G7 and NATO statements aligning with U.S. criticisms of China.

And our newest contributor, Michael Ellis, critiques the EU-U.S. consultations on technology, which featured a complete lack of U.S. resolve on getting an outcome on transatlantic data flows that would preserve US intelligence capabilities.

Michael also recaps the latest fallout from the Colonial Pipeline ransomware shutdown—new regulatory initiatives from TSA and a lot of bipartisan regulatory proposals in Congress.

I note the very unusual (or, maybe, all too usual) meaning given to “bipartisanship” on Capitol Hill.

Nick is not exactly mourning the multiple hits now being suffered by ransomware insurers, from unexpected losses to the ultimate in concentrated loss – gangs that hack the insurer first and then systematically extort all its ransomware insurance customers.

Jordan sums up China’s new data security law. He suggests that, despite the popular reporting on the law, which emphasizes the government control narrative, the motive for the law may be closer to the motive for data protection laws in the West—consumer suspicion over how private data is being used. I’m less convinced, but we have a nice discussion of how bureaucratic imperatives and competition work in the Peoples Republic of China.

Michael and Nick dig into the White Paper on FISA applications published by the outgoing chairman of the Privacy and Civil Liberties Oversight Board. Notably, in my mind, the White Paper does not cast doubt on the Justice Department’s rebuttal to a Justice Inspector General’s report suggesting that the FISA process is riddled with error. The paper also calls urgently for renewal of the expired FISA section 215 authority and suggests several constructive changes to the FISA paperwork flow.

In quick hits, Michael brings us up to date on the FCC’s contribution to technology decoupling from China: a unanimous vote to exclude Chinese companies from the U.S. telecom infrastructure and a Fifth Circuit decision upholding its decision to exclude Chinese companies from subsidized purchases by U.S. telecom carriers.  And Jordan reminds us just how much progress China has made in exploring space.

And more!

Download the 367th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This week the Business Software Alliance issued a new report on AI bias. Jane Bambauer and I come to much the same conclusion: It is careful, well-written, and a policy catastrophe in the making. The main problem? It tries to turn one of the most divisive issues in American life into a problem to be solved by technology. Apparently because that has worked so well in areas like content suppression. In fact, I argue, the report will be seen by many, especially in the center and on the right, as an effort to impose proportional representation quotas by stealth in a host of places that have never been the objects of such policies before. Less controversial, but only a little, is the U.S. government’s attempt to make government data available for training more AI algorithms. Jane more or less persuades me that this effort too will end in tears or stasis. 

In cheerier news, the good guys got a couple of surprising wins this week. While encryption and bitcoin have posed a lot of problems for law enforcement in recent years, the FBI has responded with imagination and elan, at least if we can judge by two stories from last week. First, Nick Weaver takes us through the laugh-out-loud facts behind a, government-run encrypted phone for criminals complete with influencers, invitation-only membership, and nosebleed pricing to cement the phone’s exclusive status. Jane Bambauer unpacks some of the surprisingly complicated legal questions raised by the FBI’s creativity.

Paul Rosenzweig lays out the much more obscure facts underlying the FBI’s recovery of much of the ransom paid by Colonial Pipeline. There’s no doubt that the government surprised everyone by coming up with the private key controlling the bitcoin account. We’d like to celebrate the ingenuity behind the accomplishment, but the how it pulled it off, probably because it hopes to do the same thing again and can’t if it blows the secret. FBI isn’t actually explaining.

The Biden administration is again taking a shaky and impromptu Trump policy and giving it a sober interagency foundation.  This time it’s the TikTok and WeChat bans; these have been rescinded. But a new process has been put in place that could restore and even expand those bans in a matter of months. Paul and I disagree about whether the Biden administration will end up applying the Trump policy to TikTok or WeChat or to a much larger group of Chinese apps.

For comic relief, Nick regales us with Brian Krebs’s wacky story of the FSB’s weird and counterproductive attempt to secure communications to the FSB’s web site. 

Jane and I review the latest paper by Bruce Schneier (and Henry Farrell) on how to address the impact of technology on American democracy. We are not persuaded by its suggestion that our partisan divide can best be healed by more understanding, civility, and aggressive prosecutions of Republicans.

Finally, everyone confesses to some confusion about the claim that the Trump Justice Department breached norms in its criminal discovery motions that turned up records relating to prominent Democratic congressmen and at least one Trump administration official.

Best bet: this flap will turn out to be less interesting the more we learn. But I renew my appeal, this time aimed at outraged Democrats, for more statutory guardrails and safeguards against partisan misuse of national security authorities. Because that’s what we’ll need if we want to keep those authorities on the books.

And more!

Download the 366th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The Biden administration is pissing away one of the United States’ most important counterterrorism intelligence programs. At least that’s my conclusion from this episode’s depressing review of the administrations halting and delusion-filled approach to the transatlantic data crisis. The EU thinks time is on its side, and it’s ignoring Jamil Jaffer’s heartfelt plea to be a better ally in the face of Russian and Chinese pressure. Every day, Silicon Valley companies whose data stores in the U.S. have been a goldmine for counterterrorism are feeling legal pressure to move that data to Europe. Those companies care little whether the U.S. gets good intelligence from its section 702 requests, at least compared to the prospects of massive fines and liability in Europe. So, unless the administration creates a countervailing incentive, the other actors will simply present Washington with a fait accompli. The Biden administration, like the Trump administration before it, seems unable to grasp the need for action. When Trump was in charge, we could call him incompetent. When we wake up to what we’ve lost under Biden, that’s what we’ll call him, too.

For companies struggling with their role in this global drama, Charles Helleputte has moderately good news. The European Commission, contrary to the dogmatic approach of the data protection agencies, has opened a door for transfers using the new standard contractual clauses. If your data has not been requested by the U.S. under section 702 or similar intelligence programs and you can offer good reason to think they won’t be requested in the future, you could avoid the hammer of a data export ban while using the standard corporate clauses if they have never received a 702 or similar request and can offer good reason to think they won’t in future.

In other news, Jamil and I cross swords on whether the Colonial pipeline hack should have ended TSA’s light-touch oversight of pipeline cybersecurity.

And Nate Jones and I dig deep into the state trend toward regulating police access to DNA ancestry databases. After some fireworks, we come close to agreement that some state law provision on database access is inevitable and workable, but that the Maryland law is so hostile to solving brutal crimes with DNA searches that it is hard to distinguish from a ban.

Jamil explains the Biden administration’s decision to provide a new foundation for the Trump ban on investment in Chinese military companies. Treasury will take the program away from the Department of Defense, which had handled its responsibilities with the delicacy of Edward Scissorhands.

Nate limbers up the DeHype Machine to put in perspective the Department of Justice's claim to be giving ransomware hacks the same priority as terrorism. Jamil takes on autonomous drones and pours cold water on the notion that the Pentagon will be procuring some of its drones from China.

In a moment of weakness I fail to attack or even mock the UN GGE’s latest report on norms for cyberconflict.

And in a series of quick hits: 

• Jamil reviews Facebook’s latest antitrust problems in the EU and UK.
• I bring back the Congresswoman whose failed lawsuit over a newspaper’s publication of her nude photos is now set to cost her over $100,000.
• In case you haven’t heard, Facebook might let Trump come back in January 2023, and his blog page has shut down for good.
• The European Commission has proposed a trusted and secure Digital Identity for all Europeans but Charles thinks there’s less there than meets the eye.
• And Nigeria has suspended Twitter after the platform shut down the President’s account for obliquely threatening military action against secessionists.

And more!

Download the 365th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

We don’t get far into my interview with the authors of a widely publicized Ransomware Task Force report, before I object that most of its recommendations are “boring” procedural steps that don’t directly address the ransomware scourge. That prompts a vigorous dialogue with Philip Reiner, the Executive Director of the Institute for Security and Technology (IST), the report’s sponsoring organization, from Megan Stifel, of the Global Cyber Alliance, and Chris Painter, of The Global Forum on Cyber Expertise Foundation. And we, in fact, find several new and not at all boring recommendations among the nearly 50 put forward in the report.

In the news roundup, Dmitri Alperovitch has an answer to my question, “Is Putin getting a handle on U.S. social media?” Not just Putin, but every other large authoritarian government is finding ways to bring Google, Twitter and Facebook to heel. In Russia’s case, the method is first a token fine, then a gradual throttling of service delivery that makes domestic competitors look better in comparison to the Silicon Valley brand.

Mark MacCarthy handicaps the Epic v. Apple lawsuit. The judge is clearly determined to give both sides reason to fear that the case won’t go well. And our best guess is that Epic might get some form of relief but not the kind of outcome they hoped for.

Dmitri and I marvel at the speed and consensus around regulatory approaches to the Colonial Pipeline ransomware event. It’s highly likely that the attack will spur legislation mandating reports of cyber incidents (and without any liability protection) as well as aggressive security regulation from the agency with jurisdiction—TSA.  I offer a cynical Washington perspective on why TSA has acted so decisively. 

Mark and I dig into the signing and immediate court filing against Florida’s social media regulation attacking common content moderation issues. Florida will face an uphill fight, but neither of us is persuaded by the tech press’s claim that the law will be “laughed out of court.”  There is a serious case to be made for almost everything in the law, with the exception of the preposterous (and probably severable) exemption for owners of Florida theme parks.

Dmitri revs up the DeHyping Machine for reports that the Russians responded to Biden administration sanctions by delivering another cyberpunch in the form of hijacked USAID emails. It turns out that the attack was garden variety cyberespionage, that the compromise didn’t involve access to USAID networks, that it was launched before sanctions, and that it didn’t get very far. 

Jordan Schneider explains the impact of U.S. government policy on the cellular-equipment industry, and the appeal of Open RAN as a way of end-running the current incumbents. U.S. industrial policy could be transformed by the shape-shifting Endless Frontier Act. 

Jordan and Dmitri explain how. I ask whether we’re seeing a deep convergence on industrial policy on both sides of the Pacific, now that President Xi has given a speech on tech policy that could have been delivered by half a dozen Republican or Democratic senators. 

Finally, Dmitri reviews the bidding in cryptocurrency regulation both at the White House White House and in London. 

In short hits, we cover:

The European Court of Human Rights decision squeezing but not quite killing GCHQ’s mass data interception programs and cooperation with the U.S. I offer a possible explanation for the court’s caution.

A court filing strongly suggesting that the Biden administration will not be abandoning a controversial Trump administration rule that requires visa applicants to register their social media handles with the U.S. government.  I speculate on why.

A WhatsApp decision not to threaten its users to get them to accept the company’s new privacy terms. Instead, I suspect, WhatsApp will annoy them into submission.

And, finally, a festival of EU competition law Brussels attacks on Silicon Valley, from Germany and France. 

And More!