Episode 134 features John Carlin’s swan song as assistant attorney general for national security. We review the highs and lows of his tenure from a cybersecurity point of view and then look to the future, including how the US should respond to Russia’s increasingly uninhibited use of cyberpower. I introduce John to Baker’s Law of Post-Government Policy Advice: “The good news about leaving government is that you can say what you want. The bad news is that you can say what you want because nobody cares.”
In the news roundup, we explore the Geofeedia flap, in which large Silicon Valley companies are claiming the right to deny law enforcement access to public postings, even when that access is limited to particular geographic areas, such as the location of an ongoing riot. Remarkably, they seem to think we ought to be praising them for this antisocial stand. Michael Vatis and I consider whether law enforcement can subpoena the same data from antisocial media.
Michael and I also mull over the troubling news that Carbanak is targeting SWIFT endpoints. The G7 has financial cybersecurity guidelines, but it seems unlikely that they’ll turn the tide of an increasingly at-risk banking system.
Michael and I also touch on an Akamai report confirming that the Internet of things isn’t exclusively used to launch DDOS attacks on Brian Krebs; sometimes it’s used to launch mass credential theft attacks as well. I volunteer to bring the first lawsuit.
Maury Shenk updates us on the UK’s new privacy guidelines – and China’s effort to make its internet more protective of children, and the state.
As always, the Cyberlaw Podcast welcomes feedback. Send email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.