I occasionally report here on interviews that I’ve been doing for the Steptoe Cyberlaw Podcast. This week’s guest is David Sanger, the New York Times reporter who broke the detailed story of Stuxnet in his book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power. His appearance on the podcast is particularly timely because it allowed David to talk about his latest story for the Times. The story recounts how North Korea developed its cyberattack network, and how the National Security Agency managed to compromise that network and attribute the Sony attack. He explains that understanding the Obama White House helped him break a story that seemed to be about NSA and the FBI. I explain why I think North Korean hackers resemble East German Olympic swimmers, and we meditate on the future of cyberwar.
For those who like such things, Michael Vatis and I also cover a news-rich week, beginning with capsule summaries of the President’s State of the Union proposals for legislation on cybersecurity information sharing, breach notification, and Computer Fraud and Abuse Act amendments. We touch on Europe’s new commitment to antiterrorism surveillance, which officially puts a still-Snowden-ridden United States out of step with just about every developed nation. I try to summarize the new National Academy of Sciences study on why there isn’t an easy software substitute for bulk collection. (Short answer: If you want to recreate the past, you have to bulk-collect the present.)
We ask whether the DEA was the inspiration for NSA’s 215 bulk collection program, call out Rep. Sensenbrenner, who evidently skipped the DEA briefings as well as NSA’s, and wonder why Justice didn’t explain to Congress last year that NSA’s program wasn’t that big a leap from the Justice Department’s own bulk collection – instead of quietly trying to bury its program when the heat built up on NSA. (OK, we didn’t really wonder why Justice did that.)
If you judge by their joint press conference, Prime Minister Cameron seems to have done more to convert President Obama to skepticism about widespread unbreakable encryption than Jim Comey did. Save your Clipper Chips, key escrow will rise again!
Finally, Centcom’s public affairs team, which can’t keep ISIS sympathizers out of its Twitter and YouTube feeds, deserves 24 hours of deep embarrassment, which is surprisingly exactly what it gets.
The Podcast welcomes feedback, either by voicemail (+1 202 862 5785) or email (CyberlawPodcast@steptoe.com).