This week’s Cyberlaw Podcast covers efforts to pull the Supreme Court into litigation over the Texas law treating social media platforms like common carriers and prohibiting them from discriminating based on viewpoint when they take posts down. I predict that the court won’t overturn the appellate decision staying an unpersuasive district court opinion. Mark MacCarthy and I both think that the transparency requirements in the Texas law are defensible, but Mark questions whether viewpoint neutrality is sufficiently precise for a law that trenches on the platforms’ free speech rights. I talk about a story that probably tells us more about content moderation in real life than ten Supreme Court amicus briefs—the tale of an OnlyFans performer who got her Instagram account restored by using alternative dispute resolution on Instagram staff: “We met up and like I f***ed a couple of them and I was able to get my account back like two or three times,” she said. 

Meanwhile, Jane Bambauer unpacks the Justice Department’s new policy for charging cases under the Computer Fraud and Abuse Act. It’s a generally sensible extension of some positions the department has taken in the Supreme Court, including refusing to prosecute good faith security research or to allow companies to create felonies by writing use restrictions into their terms of service. Unless they also write those restrictions into cease and desist letters, I point out. Weirdly, the Justice Department will treat violations of such letters as potential felonies. 

Mark gives a rundown of the new, Democrat-dominated Federal Trade Commission’s first policy announcement—a surprisingly uncontroversial warning that the commission will pursue educational tech companies for violations of the Children’s’ Online Privacy Protection Act. 

Maury Shenk explains the recent United Kingdom Attorney General speech on international law and cyber conflict. 

Mark celebrates the demise of Department of Homeland Security’s widely unlamented Disinformation Governance Board. 

Should we be shocked when law enforcement officials create fake accounts to investigate crime on social media?  The Intercept is, of course. Perhaps equally predictably, I’m not. Jane offers some reasons to be cautious—and remarks on the irony that the same people who don’t want the police on social media probably resonate to the New York Attorney General’s claim that she’ll investigate social media companies, apparently for not responding like cops to the Buffalo shooting. 

Is it "game over” for humans worried about artificial intelligence (AI) competition? Maury explains how Google Deep Mind’s new generalist AI works and why we may have a few years left.

Jane and I manage to disagree about whether federal safety regulators should be investigating Tesla’s fatal autopilot accidents. Jane has logic and statistics on her side, so I resort to emotion and name-calling.

Finally, Maury and I puzzle over why Western readers should be shocked (as we’re clearly meant to be) by China’s requiring that social media posts include the poster’s location or by India’s insistence on a “know your customer” rule for cloud service providers and VPN operators.

Download the 408th Episode (mp3)  

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Is the European Union (EU) about to rescue the FBI from Going Dark? Jamil Jaffer and Nate Jones tell us that a new directive aimed at preventing child sex abuse might just do the trick, a position backed by people who’ve been fighting the bureau on encryption for years. 

The Biden administration is prepping to impose some of the toughest sanctions ever on Chinese camera maker Hikvision, Jordan Schneider reports. No one is defending Hikvision’s role in China’s Uyghur policy, but I’m skeptical that we should spend all that ammo on a company that probably isn’t the greatest national security threat we face. Jamil is more comfortable with the measure, and Jordan reminds me that China’s economy is shaky enough that it may not pick a fight to save Hikvision. Speaking of which, Jordan schools me on the likelihood that Xi Jinping’s hold on power will be loosened by the plight of Chinese tech platforms, harsh pandemic lockdowns or the grim lesson provided by Putin’s ability to move without check from tactical error to strategic blunder and on to historic disaster.

Speaking of products of more serious national security than Hikvision, Nate and I try to figure out why the effort to get Kaspersky software out of U.S. infrastructure is still stalled. I think the Commerce Department should take the fall. 

In a triumph of common sense and science, the wave of laws attacking face recognition may be receding as lawmakers finally notice what’s been obvious for five years: The claim that face recognition is “racist” is false. Virginia, fresh off GOP electoral gains, has revamped its law on face recognition so it more or less makes sense. In related news, I puzzle over why Clearview AI accepted a settlement of the ACLU’s lawsuit under Illinois’s biometric law. 

Nate and I debate how much authority Cyber Command should have to launch actions and intrude on third country machines without going through the interagency process. A Biden White House review of that question seems to have split the difference between the Trump and Obama administrations. 

Quelle surprise! Jamil concludes that the EU’s regulation of cybersecurity is an overambitious and questionable expansion of the U.S. approach. He’s more comfortable with the Defense Department’s effort to keep small businesses who take its money from decamping to China once they start to succeed. Jordan and I fear that the cure may be worse than the disease.

I get to say I told you so about the unpersuasive and cursory opinion by United States District Judge Robert Pitman, striking down Texas' social media law. The Fifth Circuit has overturned his injunction, so the bill will take effect, at least for a while. In my view some of the provisions are constitutional and others are a stretch; Judge Pitman’s refusal to do a serious severability analysis means that all of them will get a try-out over the next few weeks. 

Jamil and I debate geofenced search warrants and the reasons why companies like Google, Microsoft and Yahoo want them restricted. 

In quick hits, 

• Jamil and I trade views on whether the Biden White House has effectively managed the lagging implementation of its landmark cybersecurity executive order. 
• I note the important new protocol for implementing the Budapest Convention. On the principle that you can judge a policy by its enemies, this protocol is looking pretty good. 
• Jamil highlights a study—by Europeans, no less—that suggests that General Data Protection Regulation (GDPR) is killing innovation in the Android app market.  
• Jamil also flags a new study of the Chinese Offensive Cyber Landscape.
• And I suggest that the event with the biggest tech policy impact last week may have been none of these things; the real impact may be the meltdown in tech stocks generally and in cryptocurrency values in particular.  

Download the 407th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Retraction: An earlier episode of the Cyberlaw Podcast may have left the impression that I think Google hates mothers. I regret the error. It appears that, in reality, Google only hates Republican mothers who are running for office. But to all appearances, Google really, really hates them. A remarkable, and apparently damning study disclosed that during the most recent federal election campaign, Google’s Gmail sent roughly two-thirds of GOP campaign emails to users’ spam inboxes while downgrading less than ten percent of the Dems’ messages. Jane Bambauer lays out the details, which refute most of the excuses Google might offer for the discriminatory treatment. Notably, neither Outlook nor Yahoo! mail showed a similar pattern. Tatyana thinks we should blame Google’s algorithm, not its personnel, but we’re all eager to hear Google’s explanation, whether it’s offered in the press, Federal Election Commission (FEC), in court, or in front of Congressional investigators after the next election.

Jordan Schneider helps us revisit China’s cyber policies after a long hiatus. Things have NOT gotten better for the Chinese government, Jordan reports. Stringent lockdowns in Shanghai are tanking the economy and producing a surprising amount of online dissent, but with Hong Kong’s death toll in mind, letting omicron spread unchecked is a scary prospect, especially for a leader who has staked his reputation on dealing with the virus better than the rest of the world. The result is hesitation over what had been a strong techlash regulatory campaign.

Tatyana Bolton pulls us back to the Russian-Ukrainian war. She notes that Russia Is not used to being hacked at anything like the current scale, even if most of the online attacks are pinpricks. She also notes Microsoft’s report on Russia’s extensive use of cyberattacks in Ukraine. All that said, cyber operations remain a minor factor in the war.

Michael Ellis and I dig into the ODNI’s intelligence transparency report, which inspired several differed takes over the weekend. The biggest story was that the FBI had conducted “up to” 3.4 million searches for U.S. person data in the pool of data collected under section 702 of the Foreign Intelligence Surveillance Act (FSA). Sharing a brief kumbaya moment with Sen. Ron Wyden, Michael finds the number “alarming or meaningless,” probably the latter. Meanwhile, FISA Classic wiretaps dropped again in the face of the coronavirus. And the FBI conducted four searches without going to the FISA court when it should have, probably by mistake. 

We can’t stay away from the pileup that is Elon Musk’s Twitter bid. Jordan offers views on how much leverage China will have over Twitter by virtue of Tesla’s dependence on the Chinese market. Tatyana and I debate whether Musk should have criticized Twitter’s content moderators for their call on the Biden laptop story. Jane Bambauer questions whether Musk will do half the things that he seems to be hinting. 

I agree, if only because European law will force Twitter to treat European sensibilities as the arbiter of what can be said in the public square. Jane outlines recent developments showing, in my view, that Europe isn’t exactly running low on crazy. A new court decision opens the door to what amounts to class actions to enforce European privacy law without regard for the jurisdictional limits that have made life easier for big U.S. companies. I predict that such lawsuits will also mean trouble for big Chinese platforms.

And that’s not half of it. Europe’s Digital Services Act, now nearly locked down, is the mother lode of crazy. Jane spells out a few of the wilder provisions – only some of which have made it into legal commentary.

Orin Kerr, the normally restrained and professorial expert on cyber law, is up in arms over a recent 9th Circuit decision holding that a preservation order is not a seizure requiring a warrant. Michael, Jane, and I dig into Orin’s agita, but we have trouble sharing it.  

In quick hits:

• Jane looks at a report expressing shock that Amazon uses data from Alexa smart speakers pretty much exactly the way you’d expect it to.  
• Michael and I unpack the latest move in the prosecution of Uber’s former Chief Security Officer, Joe Sullivan. Jane lays out what’s different in Colorado‘s new privacy law. Spoiler:  Just enough to make the likelihood of a federal privacy law with preemption look good to business.
• Michael and I wish the Biden administration well in its effort to get much-needed new authorities to address the risks of drone attacks here at home.

Download the 405th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.