Episode 65 would be ugly if it weren’t so much fun. Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility.
The news roundup covers Congress’s debate over NSA and section 215. The House is showing a dismaying efficiency in moving bad bills while the Senate is mired in what may turn out to be more productive confusion (see, e.g., S. 1035 and S. 1123).
We unpack the Supreme Court’s grant of certiorari in Spokeo, which looks like a no-lose opportunity for privacy class action defendants.
A new and troubling development in cyber insecurity in the form of the malware Cryptowall, which infected readers of the Huffington Post via ads for Hugo Boss, then encrypted the readers’ hard drives and held their data for ransom. We ask whether the ad networks or even the web publishers will eventually be held liable for transmitting the infected ads. The Senate Homeland Security Committee's report on malvertising risks and liabilities last year concluded that liability couldn’t be established because none of the participants in the online advertising industry is directly responsible for the harm. I think the Senate Homeland Security committee has never litigated in the Eastern District of Texas.
In quick news, Goldman’s “Flash Boy” has been convicted again. The FCC says it doesn’t regulate Stingrays, except to require FBI approval for purchasers. The US and Japan deepen their cyber defense relationship, and Prime Minister Abe gets standing O for calling out (shh! Chinese) cybertheft of IP. And DOJ releases cybersecurity guidance that is surprisingly good – but for what I call its fatally flawed view of hacking back (actually I called the authors “jackasses” but who's keeping track?).
As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.