This episode features Nick Weaver, Dave Aitel and I covering a Pro Publica story (and forthcoming book) on the difficulties the FBI has encountered in becoming the nation’s principal resource on cybercrime and cybersecurity. We end up concluding that, for all its successes, the bureau’s structural weaknesses in addressing cybersecurity are going to haunt it for years to come.

Speaking of haunting us for years, the effort to decouple U.S. and Chinese tech sectors continues to generate news. Nick and Dave weigh in on the latest (rumored) initiative: cutting off China’s access to U.S. quantum computing and AI technology, and what that could mean for the U.S. semiconductor companies, among others.

We could not stay away from the Elon Musk-Twitter story, which briefly had a national security dimension, due to news that the Biden Administration was considering a Committee on Foreign Investment in the United States review of the deal. That’s not a crazy idea, but in the end, we are skeptical that this will happen.

Dave and I exchange views on whether it is logical for the administration to pursue cybersecurity labels for cheap Internet of things devices. He thinks it makes less sense than I do, but we agree that the end result will be to crowd the cheapest competitors from the market.

Nick and I discuss the news that Kanye West is buying Parler. Neither of us thinks much of the deal as an investment. 

And in updates and quick takes:

• I see a real risk for Google in the Texas attorney general’s lawsuit over the company’s us of facial recognition.
• Nick unpacks the dispute between Facebook and The Wire, India’s answer to Pro Publica, over The Wire’s claim of bias in favor of incumbent Indian politicians. If you had the impression that Facebook has the better of that argument, you’re right.

And in another platform v. press, story, TikTok’s parent ByteDance has been accused by Forbes of planning to use TikTok to monitor the location of specific Americans. TikTok has denied the story. I predict that neither the story nor the denial is enough to bring closure. We’ll be hearing more.

David Kris opens this episode of the Cyberlaw Podcast by laying out some of the massive disruption that the Biden Administration has kicked off in China’s semiconductor industry—and its Western suppliers. The reverberations of the administration’s new measures will be felt for years, and the Chinese government’s response, not to mention the ultimate consequences, remains uncertain.

Richard Stiennon, our industry analyst, gives us an overview of the cybersecurity market, where tech and cyber companies have taken a beating but cybersecurity startups continue to gain funding. 

Mark MacCarthy reviews the industry from the viewpoint of the trustbusters. Google is facing what looks like a serious AdTech platform challenge from several directions—the EU, the Justice Department, and several states. Facebook, meanwhile, is lucky to be a target of the Federal Trade Commission, which rather embarrassingly had to withdraw claims that the acquisition of Within would remove an actual (as opposed to hypothetical) competitor from the market. No one seems to have challenged Google’s acquisition of Mandiant, meanwhile. Richard suspects that is because Google is not likely to do anything with the company. 

David walks us through the new White House national security strategy—and puts it in historical context. 

Mark and I cross swords over PayPal’s determination to take my money for saying things Paypal doesn’t like. Visa and Mastercard are less upfront about their ability to boycott businesses they consider beyond the pale, but all money transfer companies have rules of this kind, he says. We end up agreeing that transparency, the measure usually recommended for platform speech suppression, makes sense for Paypal and its ilk, especially since they’re already subject to extensive government regulation.  

Richard and I dive into the market for identity security. It’s hot, thanks to zero trust computing. Thoma Bravo is leading a rollup of identity companies. I predict security troubles ahead for the merged portfolio.  

In updates and quick hits:

• The Texas social media law is on hold again, but do not get excited. It is a  voluntary deal designed to speed Supreme Court consideration of a review petition. 
• Now Ukraine knows how Twitter feels: Elon Musk has changed his mind again. He will not be demanding that Department of Defense pay for the Starlink service Elon rolled out at the start of the war with Russia.
• After catching Google red-handed in what looks like ideological use of a spam filter, the GOP now appears to be overplaying its hand. 

And I predict much more coverage, not to mention prosecutorial attention, will result from accusations that a powerful partner at the establishment law firm, Dechert, engaged in hack-and-dox attacks on adversaries of his clients.

It’s been a jam-packed week of cyberlaw news, but the big debate of the episode is triggered by the White House blueprint for an AI Bill of Rights. I’ve just released a long post about the campaign to end “AI bias” in general, and the blueprint in particular. In my view, the bill of rights will end up imposing racial and gender (and intersex!) quotas on a vast swath of American life. Nick Weaver argues that AI is in fact a source of secondhand racism and sexism, something that will not be fixed until we do a better job of forcing the algorithm to explain how it arrives at the outcomes it produces. We do not agree on much, but we do agree that lack of explainability is a big problem for the new technology.

President Biden has issued an executive order meant to resolve the U.S.-EU spat over transatlantic data flows. At least for a few years, until the anti-American EU Court of Justice finds it wanting again. Nick and I explore some of the mechanics. I think it’s bad for the privacy of U.S. persons and for the comprehensibility of U.S. intelligence reports, but the judicial system the order creates is cleverly designed to discourage litigant grandstanding.

Matthew Heiman covers the biggest CISO, or chief information security officer, news of the week, the month, and the year—the criminal conviction of Uber’s CSO, Joe Sullivan, for failure to disclose a data breach to the Federal Trade Commission. He is less surprised by the verdict than others, but we agree that it will change the way CISO’s do their job and relate to their fellow corporate officers.

Brian Fleming joins us to cover an earthquake in U.S.-China tech trade—the sweeping new export restrictions on U.S. chips and technology. This will be a big deal for all U.S. tech companies, we agree, and probably a disaster for them in the long run if U.S. allies don’t join the party. 

I go back to dig a little deeper on two cases we covered with just a couple of hours’ notice last week—the Supreme Court’s grant of review in two cases touching on Big Tech’s liability for hosting the content of terror groups. It turns out that only one of the cases is likely to turn on Section 230. That’s Google’s almost laughable claim that holding YouTube liable for recommending terrorist videos is holding it liable as a publisher. The other case will almost certainly turn on when distribution of terrorist content can be punished as “material assistance” to terror groups.

Brian walks us through the endless negotiations between TikTok and the U.S. over a security deal. We are both puzzled over the partisanization of TikTok security, although I suggest a reason why that might be happening.  

Matthew catches us up on a little-covered Russian hack and leak operation aimed at former MI6 boss Richard Dearlove and British Prime Minister Boris Johnson. Matthew gives Dearlove’s security awareness a low grade.

Finally, two updates: 

• Nick catches us up on the Elon Musk-Twitter fight. Nick's gloating now, but he is sure he'll be booted off the platform when Musk takes over.
• And I pass on some very unhappy feedback from a friend at the Election Integrity Partnership (EIP), who feels we were too credulous in commenting on a JustTheNews story that left a strong impression of unseemly cooperation in suppressing election integrity misinformation. The EIP’s response makes several good points in its own defense, but I remain concerned that the project as a whole raises real concerns about how tightly Silicon Valley embraced the suppression of speech “delegitimizing” election results.

We open today’s episode by teasing the Supreme Court’s decision to review whether section 230 protects big platforms from liability for materially assisting terror groups whose speech they distribute (or even recommend). I predict that this is the beginning of the end of the house of cards that aggressive lawyering and good press have built on the back of section 230. Why? Because Big Tech stayed out of the Supreme Court too long. Now, just when section 230 gets to the Court, everyone hates Silicon Valley and its entitled content moderators. Jane Bambauer, Gus Hurwitz, and Mark MacCarthy weigh in, despite the unfairness of having to comment on a cert grant that is two hours old.

Just to remind us why everyone hates Big Tech’s content practices, we do a quick review of the week’s news in content suppression. 

• A couple of conservative provocateurs prepared a video consisting of Democrats being “election deniers.” The purpose was to show the hypocrisy of those who criticize the GOP for a meme that belonged mainly to Dems until two years ago. And it worked. YouTube did a manual review before it was even released and demonetized the video because, well, who knows? An outcry led to reinstatement, too late for YouTube’s reputation. Jane has the story.
• YouTube also steps in the same mess by first suppressing then restoring a video by Giorgia Meloni, the biggest winner of Italy’s recent election. She’s on the right, but you already knew that from how YouTube dealt with her.
• Mark covers an even more troubling story, in which government officials point to online posts about election security that they don’t like, NGOs that the government will soon be funding take those complaints to Silicon Valley, and the platforms take a lot of the posts down. Really, what could possibly go wrong?
• Jane asks why Facebook is “moderating” private messages by the wife of an FBI whistleblower. I suspect that this is related to the government and big tech’s hyperaggressive joint pursuit of anything related to January 6. But it definitely requires investigation.
• Across the Atlantic, Jane notes, the Brits are hating Facebook for the content it let 14-year-old Molly Russell read before her suicide. Exactly what was wrong with the content is a little obscure, but we agree that the material served to minors is ripe for more regulation, especially outside the United States.

For a change of pace, Mark has some largely unalloyed good news. The International Telecommunication Union will not be run by a Russian; instead it elected an American, Doreen Bodan-Martin to lead it.  

Mark tells us that all the Sturm und Drang over tougher antitrust laws for Silicon Valley has wound down to a few modestly tougher provisions that have now passed the House. That may be all that can get passed this year, and perhaps in this Administration.

Gus gives us a few highlights from FTCland:

• The FTC is likely to strengthen enforcement tools for its consent decrees, mainly by tagging individuals with potential fines for violations. Gus doubts this will work out well in practice.
• The FTC is also end-running a recent Supreme Court decision that denied it the authority to impose certain financial penalties. Now the Commission will bring cases jointly with state agencies who have that authority.

Jane unpacks a California law prohibiting cooperation with subpoenas from other states without an assurance that the subpoenas aren’t investigating abortions that would be legal in California. I again nominate California as playing the role in federalism for the twenty-first century that South Carolina played in the nineteenth and twentieth centuries and predict that some enterprising red state attorney general is likely to enjoy litigating the validity of California’s law – and likely winning.

Gus notes that private antitrust cases remain hard to win, especially without evidence, as Amazon and major book publishers gain the dismissal of antitrust lawsuits over book pricing.

Finally, in quick hits and updates:

• Gus previews an upcoming executive order to cool off the fight over data transfers across the Atlantic
• I cover two U.S. espionage arrests, one of which is best summarized by the Babylon Bee

I also note a large privacy flap Down Under, as the exposure of lots of personal data from a telco database seems likely to cost the carrier, and its parent dearly.

Russian botmasters have suddenly discovered that extradition to the U.S. may be better than going home and facing mobilization.