Today we interview Doug, the chief legal officer of GCHQ, the British equivalent of NSA. It’s the first time we’ve interviewed someone whose full identify is classified. Out of millions of possible pseudonyms, he’s sticking with “Doug.” Listen in as he explains why. More seriously, Doug covers the now-considerable oversight regime that governs GCHQ’s intercepts and other intelligence collection, Britain’s view of how the law of war applies in cyberspace, the prospects for UN talks on that topic, the value of attribution, and whether a national security agency should be responsible for civilian cybersecurity (the UK says yes, the US says no).
In the news, Nick Weaver and Matthew Heiman comment on the undying dumpster fire that is Bloomberg’s Chinese supply-chain-attack story. We may not know for sure whether the story is bogus, at least not for a while. But it’s not too late, I argue, to fund a journalist version of the Ig-Nobel Prize. Call it the Bullitzer, for the story with the most potent mix of consequences and BS. Right now, Bloomberg is definitely in the running.
Matthew tells us that Treasury has announced its CFIUS pilot program, which will require the filing of notices for Chinese acquisitions in 27 critical industries. I argue that this is one more sign that a predisposed bureaucracy has made President Trump a transformational president in terms of relations with China.
Speaking of bureaucratic predispositions, DOJ is carrying out its predisposition to haul Chinese spies into court. What’s remarkable is that it was able to do that from across the Atlantic. While not a cyberespionage case, the recent arrest and extradition of an accused Chinese economic spy is easy to read as DOJ's answer to those who say that indictments of government spies are ineffectual and a sign of weakness.
Everybody’s going to have to choose sides as Trump and Xi continue on their collision course. Except Google. At least according to Google, which bailed out of a Pentagon program because it didn’t meet Google’s values --oh, and because Google had no chance of winning the contract. Talk about virtue signaling on the cheap!
The EU’s virtue signaling isn’t nearly as cheap, at least for Google, which is now appealing a massive EU competition fine. I can’t help wondering who the hell uses Google Shopping to buy stuff; the EU fine feels like it must be $1 billion for every Google Shopping search ever conducted.
Nick reports on two troubling government reports. He believes one — worrying about the cybersecurity of DOD weapons systems . He’s less impressed by White House concerns about the health of the defense industrial base, having recently done some “Buy America” electronics procurement himself.
Finally, in the latest dog-bites-man story, Vietnam will force local data storage despite Silicon Valley’s protests. Nick, Matthew, and I explore the continuing delusion of US foreign policymakers that the Internet must be borderless and open and free.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!