As promised, the Cyberlaw Podcast devoted half of this episode to an autopsy of Gonzalez v. Google LLC , the Supreme Court’s first opportunity in a quarter century to construe section 230 of the Communications Decency Act. And an autopsy is what our panel—Adam Candeub, Gus Hurwitz, Michael Ellis and Mark MacCarthy—came to perform. I had already laid out my analysis and predictions in a separate article for the Volokh Conspiracy, contending that both Gonzalez and Google would lose. All our panelists agreed that Gonzalez was unlikely to prevail, but no one followed me in predicting that Google’s broad immunity claim would fall, at least not in this case. The general view was that Gonzalez’s lawyer had hurt his case with shifting and opaque theories of liability, that Google’s arguments raised concerns among the Justices but not enough to induce them to write an opinion in such a muddled case. Evaluating the Justices’ performance, Justice Neil Gorsuch’s search for a textual answer drew little praise and some derision while Justice Ketanji Jackson won admiration even from the more conservative panelists. More broadly, there was a consensus that, whatever the fate of this particular case, the court will find a way to push the lower courts away from a sweeping immunity for platforms and toward a more nuanced protection. But because returning to the original intent of section 230 is not likely after 25 years of investment based on a lack of liability, this more nuanced protection will not have much grounding in the actual statutory language. Call it a return to the Rule of Reason.

In other news, Michael summed up recent developments in cyber war between Russia and Ukraine, including imaginative attacks on Russia’s communications system. I wonder whether these attacks—which are sexy but limited in impact—make cyber the modern equivalent of using motorcycles as a weapon in 1939. 

Gus brings us up to date on recent developments in competition law, including a likely Department of Justice's challenge to Adobe’s $20 Billion Figma deal, new airline merger challenge, the beginnings of opposition to the Federal Trade Commission’s (FTC) proposed ban on noncompete clauses, and the third and final nail in the coffin of the FTC’s challenge to the Meta-Within merger. 

In European cyber news, the European Union is launching a consultation designed to make U.S. platforms pay more of European telecom networks’ costs. Adam and Gus note the rent-seeking involved but point out that rent-seeking in U.S. network construction is just as bad, but seems to be extracting rents from taxpayers instead of Silicon Valley.

The EU is also getting ready to fix the General Data Protection Regulation (GDPR), in the sense that gamblers fix a prize fight. The new fix will make sure Ireland never again wins a fight with the rest of Europe over how aggressively to extract privacy rents from U.S. technology companies.

I am excited about Apple’s progress in devising a blood glucose monitor that could go into a watch. Adam and Gus tell me not to get too excited until we know how many roadblocks The Food and Drug Administration (FDA) will erect to the use and analysis of the monitors’ data.

In quick hits, 

• Gus confirms our suspicion that generative AI Is coming for the lawyers’ jobs

• And that Illinois’ biometric privacy law has gone from a really bad idea to a social, economic, and litigation catastrophe.  The Illinois Supreme Court could have staved this one off and didn’t. 

Download 445th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast opens with a look at some genuinely weird behavior by the Bing AI chatbot – dark fantasies, professions of love, and lies on top of lies – plus the factual error that wrecked the rollout of Google’s AI search bot. Chinny Sharma and Nick Weaver explain how we ended up with AI that is better at BS’ing than at accurately conveying facts. This leads me to propose a scheme to ensure that China’s autocracy never gets its AI capabilities off the ground. 

One thing that AI is creepily good at is faking people’s voices. I try out ElevenLabs’ technology in the first advertisement ever to run on the Cyberlaw Podcast.

The upcoming fight over renewing section 702 of FISA has focused Congressional attention on FBI searches of 702 data, Jim Dempsey reports. That leads us to the latest compliance assessment on agencies’ handling of 702 data. Chinny wonders whether the only way to save 702 will be to cut off the FBI’s access – at great cost to our unified approach to terrorism intelligence,  I complain that the compliance data is older than dirt. Jim and I come together around the need to provide more safeguards against political bias in the intelligence community. 

Nick brings us up to date on cyber issues in Ukraine, as summarized in a good Google report. He puzzles over Starlink’s effort to keep providing service to Ukraine without assisting offensive military operations. 

Chinny does a victory lap over reports that the (still not released) national cyber strategy will recommend imposing liability on the companies that distribute tech products – a recommendation she made in a paper released last year. I cannot quite understand why Google thinks this is good for Google.

Nick introduces us to modern reputation management. It involves a lot of fake news and bogus legal complaints. The Digital Millennium Copyright Act and European Union (EU) and California privacy law are the censor’s favorite tools. What is remarkable to my mind is that a business taking so much legal risk charges so little.

Jim and Chinny bring us up to date on the charm offensive being waged in Washington by TikTok’s CEO and the broader debate over China’s access to the personal data of Americans, including health data. Jim cites a recent Duke study, which I complain is not clear about when the data being sold is individual and when it is aggregated. Nick reminds us all that aggregate data is often easy to individualize. 

Finally, we make quick work of a few more stories:

• This week’s oral argument in Gonzalez v. Google is a big deal, but we will cover it in detail once the Justices have chewed it over.  

• If you want to know why conservatives think the whole “disinformation” scare is a scam to suppress conservative speech, look no further than the scandal over the State Department’s funding of an non-governmental organization (NGO) devoted to cutting off ad revenue for “risky” purveyors of “disinformation” like Reason (presumably including the Volokh Conspiracy), Real Clear Politics, the N.Y. Post, and the Washington Examiner – all outlets that can only look like disinformation to the most biased judge. The National Endowment for Democracy has already cut off funding, but Microsoft’s ad agency still seems to be boycotting these conservative outlets.

• EU Lawmakers are refusing to endorse the latest EU-U.S. data deal. But it is all virtue signaling.

• Leaving Twitter over Elon Musk’s ownership turns out to be about as popular as leaving the U.S. over Trump’s presidency.

• Chris Inglis has finished his tour of duty as national cyber director.

• And the Federal Trade Commission’s humiliation over its effort to block Meta’s acquisition of Within is complete. Meta closed the deal last week.

Download 443rd Episode (mp3) 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The latest episode of The Cyberlaw Podcast gets a bit carried away with the China spy balloon saga. Guest host Brian Fleming, along with guests Gus Hurwitz, Nate Jones, and Paul Rosenzweig, share insights (and bad puns) about the latest reporting on the electronic surveillance capabilities of the first downed balloon, the Biden administration’s “shoot first, ask questions later” response to the latest “flying objects,” and whether we should all spend more time worrying about China’s hackers and satellites. Gus then shares a few thoughts on the State of the Union address and the brief but pointed calls for antitrust and data privacy reform. Sticking with big tech and antitrust, Gus recaps a significant recent loss for the Federal Trade Commission (FTC) and discusses what may be on the horizon for FTC enforcement later this year. Pivoting back to China, Nate and Paul discuss the latest reporting on a forthcoming (at some point) executive order intended to limit and track U.S. outbound investment in certain key aspects of China’s tech sector. They also ponder how industry may continue its efforts to narrow the scope of the restrictions and whether Congress will get involved. Sticking with Congress, Paul takes the opportunity to explain the key takeaways from the not-so-bombshell House Oversight Committee hearing featuring former Twitter executives. Gus next describes his favorite ChatGPT jailbreaks and a costly mistake for an artificial intelligence (AI) chatbot competitor during a demo. Paul recommends a fascinating interview with Sinbad.io, the new Bitcoin mixer of choice for North Korean hackers, and reflects on the substantial portion of the Democratic People's Republic of Korea’s gross domestic product attributable to ransomware attacks. Finally, Gus questions whether AI-generated “Nothing, Forever” will need to change its name after becoming sentient and channeling Dave Chapelle. To wrap things up in the week’s quick hits, Gus briefly highlights where things stand with Chip Wars: Japan edition and Brian covers coordinated U.S./UK sanctions against the Trickbot cybercrime group, confirmation that Twitter’s sale will not be investigated by the Committee on Foreign Investment in the United States (CFIUS), and the latest on Security and Exchange Commission (SEC) v. Covington.    

Download 442nd Episode (mp3) 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode of the Cyberlaw Podcast is dominated by stories about possible cybersecurity regulation. David Kris points us first to an article by the leadership of the Cybersecurity and Infrastructure Security Administration in Foreign Affairs. Jen Easterly and Eric Goldstein seem to take a tough line on “Why Companies Must Build Safety Into Tech Products.“ But for all the tough language, one word, “regulation,” is entirely missing from the piece. Meanwhile, the cybersecurity strategy that the White House has been reportedly drafting for months seems to be hung up over how enthusiastically to demand regulation.

All of which seems just a little weird in a world where Republicans hold the House. Regulation is not likely to be high on the GOP to-do list, so calls for tougher regulation are almost certainly more symbolic than real.

Still, this is a week for symbolic calls for regulation. David also takes us through an National Telecommunications and Information Administration (NTIA) report on the anticompetitive impact of Apple’s and Google’s control of their mobile app markets. The report points to many problems and opportunities for abuse inherent in their headlock on what apps can be sold to phone users. But, as Google and Apple are quick to point out, they do play a role in regulating app security, so breaking the headlock could be bad for cybersecurity. In any event, practically every recommendation for action in the report is a call for Congress to step in—almost certainly a nonstarter for reasons already given.

Not to be outdone on the phony regulation beat, Jordan Schneider and Sultan Meghji explore some of the policy and regulatory proposals for AI that have been inspired by the success of ChatGPT. The EU’s AI Act is coming in for lots of attention, mainly from parts of the industry that want to be regulation-free. Sultan and I trade observations about who’ll be hollowed out first by ChatGPT, law firms or investment firms.

Sultan also tells us why the ION ransomware hack matters. Jordan and Sultan find a cybersecurity angle to The Great Chinese Balloon Scandal of 2023. And I offer an assessment of Matt Taibbi’s story about the Hamilton 68 “Russian influence” reports. If you have wondered what the fuss was about, do not expect mainstream media to tell you; the media does not come out looking good in this story. Unfortunately for Matt Taibbi, he does not look much better than the reporters his story criticizes. David thinks it is a balanced and moderate take, for which I offer an apology and a promise to do better next time.