In this episode I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative (PSI) a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck cyber policy” as shorthand for the proposal. To no one’s surprise, Duncan and I disagree about the value of international law in the field, but we agree on the value of informal, agile, and “potluck” actions on the world stage -- pretty much what PSI represents. In further support, I offer Baker’s Law of International Institutions: “The secretariat is the natural enemy of the United States.”
In closing, Duncan briefly mentions his work with Microsoft on international rulemaking, leading me to throw down on “Brad Smith’s godforsaken proposal.” Brad, if you are willing to come on the podcast to defend that proposal, I’ve promised Duncan a highly coveted Cyberlaw Podcast mug.
In the news, California has a new privacy law, as Steptoe summer associate Laura Hillsman explains, though what it will look like when it finally takes effect in 2020 remains to be seen.
Chris Conte reports that the SEC has charged a second Equifax manager with insider trading. I ask whether he shouldn’t also have been charged with lousy site design.
The White House draws a line in the sand over ZTE in a letter to the Hill – but Maury and I suspect the real message is in the lack of a veto threat. Maury thinks President Trump’s “go big, then go deal” negotiating strategy is also at work in his decision only to beat up Chinese investments once rather than twice over trade tensions.
NSA’s metadata program was restructured to rely on telecom companies rather than NSA’s own programmers. Congressional ideologues' insistence on leaving the metadata with the companies rather than in NSA’s computers predictably produced a private-sector meltdown. Which they’ll probably blame on NSA. Jamil Jaffer and I discuss.
What do you know? Reality does win in the end, and Reality Winner finally got the hint (as well as a pretty good plea deal).
Nextgov reveals an unimpressive showing for the Cybersecurity Information Sharing Act’s (CISA) information-sharing provisions, at least as far as sharing with DHS goes. Jamil and I agree, though, that information sharing within the private sector may be a better measure of CISA’s value.
In other news, The Intercept continues to pioneer relevance-free journalism. And trust in social media is collapsing, especially among Republicans, who (remarkably) now think tech companies need more regulation.
Finally, in an experiment we may abandon at any moment, I’m going to start tweeting and posting some the stories this week that look like candidates for the News Roundup. Please reply to or retweet those you think we should cover. Relevant feeds: @stewartbaker on Twitter, Stewart Baker on LinkedIn, and stewart.a.baker on Facebook.
As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!