In episode 133, our guest is The Grugq, famous in hacker circles but less so among Washington policymakers. We talk about the arrest of an NSA employee for taking malware and other classified materials home, the Shadow Broker leak of Equation Group tools, and the Grugq’s view that the United States has fundamentally misunderstood the nature of cyberconflict.
In the news, Alan Cohn and I discuss the DHS/DNI fingering of Russia – and Putin – for the DNC hack. We ask whether this means that sanctions will follow, and I characterize the administration’s stance so far as an updating of Groucho Marx’s position: “These are my red lines. If you cross them, well, I have others.”
I award “stupidest privacy scandal of the year” to the complaints that Yahoo! (gasp!) scanned email content in a search for a terror-related signature.
Continuing what will become a rant-filled episode, I nominate the Third Circuit for membership in a Hall of Judicial Shame. The court of appeals has joined the European Court of Justice in giving legal effect to the early Guardian articles claiming that PRISM allowed NSA to scan all emails in US webmail services. That might have been a mistake in 2013, but in 2016, it can only be characterized as a lie, and not one the judiciary should be party to. Katie Cassel hoses me down.
Maury Shenk, back from honeymoon in Jordan, explains why the TalkTalk case has such prominence in the UK – and why the company was lucky to be assessed one of the highest fines ever imposed by the UK data protection authority.
And, to end the roundup on a choleric note, Alan goads me with HHS’s latest and most astonishingly nit-picking fine ‒ $400,000 for having a supplier contract that hadn’t been updated since the HI-TECH Act modified HIPAA.
As always, the Cyberlaw Podcast welcomes feedback. Send email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.