This week’s episode is a news roundup without an interview. We lead with the Senate’s overwhelming adoption of unexpectedly tough Russia sanctions along with the Iran sanctions bill. The mainstream press has emphasized that the bill will lock the Obama sanctions into legislation, but Anthony Rapa explains that the bigger story is just how tough the bill will be on investors in Russia’s energy sector, including European and other third-country firms. This is going to put heavy pressure on the House and its Republican majority, where enthusiasm for punishing Russia has been more tepid.
In other legislative news, the Freedom Caucus has announced that it doesn’t know what it wants from 702 renewal, but it wants something. At least that’s how I read the Caucus’s two sentence press release on section 702 renewal. In its entirety, the release says, “Government surveillance activities under the FISA Amendments Act have violated Americans’ constitutionally protected rights. We oppose any reauthorization of the FISA Amendments Act that does not include substantial reforms to the government’s collection and use of Americans’ data.” In a rare show of Cyberlaw podcast consensus, Michael Vatis agrees.
Meanwhile, NSA and GCHQ are now linking WannaCry to North Korea. The bad news is that North Korea is bringing the same spirit to cyberattacks that it has brought to nukes and missiles. The good news is that the North Koreans are still bad at cyberattacks. But they were bad at nukes and missiles once as well.
And we circle back to put the boot in on Reality Winner – the self-proclaimed “pretty, white, and cute” dingbat who leaked an NSA memo on Russia’s election hacking to the Intercept, which then managed to match her opsec cluelessness with its own.
The export of exploits for internal security purposes is getting plenty of press, as the BBC goes after exports from Denmark to the Arab world while the New York Times exposes misuse of exploits to compromise critics of the Mexican government.
As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.