The episode features a vigorous and friendly debate between me and Frank Cilluffo over his new report on active defense, titled “Into the Gray Zone.” It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University. My fear: the report creates gray zones for computer defense that should be seen as purely lawful — and turns far too many genuine gray zones black.
Maury Shenk returns after missing last week due to the British determination not to follow US daylight savings practice. After my rant in favor of Sunday Daylight Hoarding Time, he updates us on challenges to the Privacy Shield Agreement in EU courts by privacy true believers (two and counting) and EU court challenges to government data practices in China, Russia, Algeria, and Saudi Arabia (none in evidence). Speaking of which, China has actually adopted the cybersecurity law it’s been threatening Western tech companies with for months, if not years.
Congress is starting to notice the FDA’s hapless response to medical device security. I predict that the FDA will not take serious notice until heart implants start tweeting: “I’d give this guy cardiac arrest, but I’m too busy DDOSing the DNC.”
Michael Vatis tells us what’s in the FTC’s Business Guide to Data Breach Response. It’s pretty good, but even if it weren’t, no one can ignore it, since it’s as close to rulemaking as the FTC gets in this field.
A remarkable official leak says that US Cyber Command has pwned Russia’s IT infrastructure, from its power grid to its military command system, and is ready to strike if the Russians mess with the US election. Is it true? Clint Eastwood has the best answer.
As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.