Our interview is another in our series on section 702 reform, featuring Mieke Eoyang of the National Security Program at Third Way and Jamil Jaffer of George Mason University and IronNet Security. They begin with the history of the program but quickly focus on proposals to require warrants for FBI criminal searches of already collected 702 data, which Mieke broadly supports and Jamil broadly opposes. The debate ends up in a surprising place -- Las Vegas. Because the shootings there raise the question, "Are we really going to make the FBI wait for a warrant before it checks its own 702 database to see whether Stephen Paddock has been in communication with terror groups and what he's been saying?"
In the news roundup, Jim Lewis of the Center for Strategic and International Studies and Brian Egan nerd out with me on the DOD's objections to section 1621(f) of the National Defense Authorization Act. Neither Jim nor Brian finds them persuasive.
I give a preview of my plans to celebrate Halloween as a Russian Twitter troll, and Jim predicts that the main fallout from the entirely predictable Russian use of Twitter will be on Silicon Valley: What I call the Magaziner Consensus, already dying abroad, is starting to look a little peaked here at home.
Meanwhile, the North Korean hackers are still robbing banks, semisuccessfully. And, remarkably, they're finding studios even more willing to cave to cyberblackmail than Sony. It turns out Nork hackers apparently were able to kill a BBC show they found objectionable. Jim insists that these kinds of attacks tell us more about the calculating rationality of Kim Jong Un than his craziness. And, since Kim's getting away with both kinds, maybe Jim is right.
I riff on the latest in sex toy security, introducing our audience to an entirely new internet vocabulary. Though I'm not sure that "Make screwdrivers, not wardrivers" will ever outpoll the original.
Also, the medical profession seems to be putting its collective head in the sand about medical device security. Jim is sure that liability for producers — and for doctors — will solve that problem before Congress does. Knowing the FDA's shaky grasp of the issue, I’m not so sure.
Finally, Brian reports that the EU's first Privacy Shield report found US data protection practices "adequate" under EU law. He thinks it's because the administration is taking the EU process seriously; I think it's because the EU is taking President Trump seriously — and has decided he's not someone whose adequacy you want to question lightly.
As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.