Skating on Stilts

Today’s news roundup begins with Maury Shenk and Brian Egan offering their views about the Supreme Court oral argument in the Microsoft Ireland case. We highlight some of the questions that may tip the Justices’ hand.

Brian and I dig into the Dems' reply memo on the Carter Page FISA application. I’m mostly unshocked by the outcome of the dueling memos, though I find one sentence of the application utterly implausible. I also foresee a possible merging of the Clinton-Obama Trump-smearing scandal with the Trump-Russia collusion scandal – call it the scandularity!

In other Russia news, the Justice Department is standing up a task force on all things cyber. Jim Lewis and I disagree about whether Russian hacking of the electoral infrastructure is likely to be a serious problem in 2018. We agree that the Twitter bot war on the American body politic will continue, since it seems to be a pretty cheap hobby for Putin’s favorite supplier of catered meals.  Indeed, he seems to have gotten into the business as a way of squelching online protests that his school lunches were lousy. I suggest that Michelle Obama probably wishes she’d heard about that tactic sooner.

Google has announced an Advanced Protection program for people who think they may be high value targets for government cyberespionage. In a Cyberlaw Podcast first, I offer a product review. Short version: I’m still using it, despite some flaws in what looks like a beta program, but as a supply chain buff, I can’t help wondering who the hell Feitian Technologies is and what ties they have to the Chinese government.

March 1 is D-Day for Apple moving the crypto keys for Chinese IPhones' iCloud data to China.  

And Keeper continues to pursue its misguided STFU libel suit against Ars Technica. Ars Technica’s answering brief is here. While security researchers have been wasting their time on politically correct whining about the Computer Fraud and Abuse Act, libel suits are turning into far more effective tools for chilling security research.

Finally, for fans of the podcast in the Washington area, Steptoe is thinking of hiring a part-time intern to handle much of the organizational work associated with the podcast. If you’re interested, keep an eye on www.Steptoe.com/careers , which is where we’ll post the position if this idea bears fruit.

As always The Cyberlaw Podcast is open to feedback.  Send your questions, suggestions for interview candidates or topics to [email protected] or leave a message at +1 202 862 5785.

Download the 205th Episode (mp3).

Subscribe to The Cyberlaw Podcast here.  We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

Looking for a Baker-free episode of The Cyberlaw Podcast?  This is your week; I miss the podcast to teach grandchildren how to ski cross country.  Brian Egan and Jamil Jaffer hold the fort, covering a few implications of Special Counsel Mueller’s indictment from Friday – the legal theories of the case and what the indictment does and doesn’t cover – as well as the follow-on false statement indictment against a former associate of a major law firm. In an amazing convergence of viewpoints, everyone, from Presidents Obama and Trump to Brian and Jamil – agrees that Russia appears to be winning, and the US is losing, when it comes to interference with US elections.

At the same time, the state secretaries of state gathered in Washington last week to discuss cybersecurity and US elections – coming in the face of a fairly damning report published by the Council on American Progress on shortcomings in US election-related cyber defenses. In light of these threats, we ponder whether a return to the old – paper ballots, or even the  “mail only” approach that is operative in a few states, is better than an electronic ballot.

In other Russia-related news, Kaspersky turned to (literally) one of the oldest pages in the book – the Bill of Attainder clause in the US Constitution – in suing to block the application of a provision in the NDAA that prohibits federal agencies from using Kaspersky products. Jamil posits that the case is less frivolous than may appear at first blush, while Brian muses about the history of Bill of Attainder litigation in the United States.

Finally, Jamil and Brian discuss the US and UK decision to attribute the NotPetya attack to Russia and the continued trend in the Obama and Trump Administrations to publicly identify perpetrators of state-sponsored cyber attacks (along with the risks inherent in this approach). Notwithstanding the NotPetya attribution, as well as a recent White House report on the increased economic costs of cyberattacks and Congressional hearings on data breaches, we explain why we believe it to be unlikely that Congress will pass federal data breach/data notification legislation any time soon.

As always The Cyberlaw Podcast is open to feedback.  Send your questions, suggestions for interview candidates or topics to [email protected] or leave a message at +1 202 862 5785.

Download the 204th Episode (mp3).

Subscribe to The Cyberlaw Podcast here.  We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

In this episode, Jamil Jaffer and I interview Glenn Gerstell, the General Counsel of the National Security Agency. Glenn explains what it was like inside the effort to reauthorize section 702 of FISA. Jamil and I ask him whether the FISA court has the authority to deal with material omissions in FISA applications, and he actually answers. Glenn also touches on how it feels to discover that data subject to a judicial retention order has been inadvertently deleted, on his secret exercise regime, on his future plans, and on how the United States should respond to the cybersecurity crisis.

Download the 203rd Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

Cyberlaw Podcast alumnus Marten Mickos was called before the Senate Commerce Committee to testify about HackerOne’s bug bounty program. But the unhappy star of the hearings was Uber, which was heavily criticized for having paid out a large bonus under cloudy circumstances. Sen. Blumenthal and others on the Hill treated the payment as more ransom than bounty and pilloried Uber for not disclosing what they called a breach. Even Uber, under new management, was critical of its performance.

As the only cyberlaw podcast with a Davos correspondent, we ask Alan Cohn to give highlights of the event from a cybersecurity point of view. I bring the color commentary and snark.

With Microsoft Ireland case heading to argument, the Justice Department and Big Tech are hoping to head the Court off with a legislative solution. Jamil Jaffer explains what the CLOUD Act will do. I point out who’s missing from the Grand Coalition and question whether Big Privacy has the clout to stop the act.

Fancy Bear hackers seeking high-tech weapons data from US defense contractors get lucky – up to 40% of their phishing links strike paydirt. Michael Mutek explains what this likely means for the Defense Department – more regulation, probably. Whether more regs and more compliance will produce more security is the question no one can answer.

A cyberdiplomacy office is back from the dead, sort of:  Secretary Tillerson now says he’ll create a bureau for cyberspace headed by an Assistant Secretary. And, as Jamil explains, the fight switches to which undersecretary will oversee the office.

Nick Weaver and Jamil comment on the news that Justice has pulled in an impressive haul of cyber-fraudsters, bookended by doubts whether any hackers can ever be extradited from places like the UK and Ireland. Because, face it, how many can’t claim to be on the spectrum?

I close with a tribute to John Perry Barlow, who died last week. If you wanted to know how many women would fall for a combination Grateful Dead lyricist, technologist, and cowboy, John could tell you. Exactly.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to [email protected] or leave a message at +1 202 862 5785.

Download the 202nd Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

The crypto wars return to The Cyberlaw Podcast in episode 201, as I interview Susan Landau about her new book on the subject, Listening In: Cybersecurity in an Insecure Age. Susan and I have been debating each other for decades now, and this interview is no exception.

In the news roundup, Brian Egan and Nick Weaver join me for the inevitable mastication of the Nunes memo. (My take: the one clear scandal here is the way Glenn Simpson and Chris Steele treated the US national security apparatus, including the national security press, as just another agency to be lobbied – and the success they had in milking it for partisan advantage and private profit.)

Meanwhile, if you needed a reminder of just how enthusiastically and ham-handedly China conducts its espionage, just ask the African Union, whose Chinese-built headquarters is pwned from top to bottom.

Brian lays out a significant Ninth Circuit Anti-Terrorism Act case absolving Twitter of liability for providing “material assistance” to ISIS by requiring a more direct relationship between Twitter’s acts and the harm suffered by the private plaintiffs. Not a surprise, but a relief for Silicon Valley.

Nick fulminates about the security threat posed by a sophisticated recent malvertising campaign and wonders when enterprises will start requiring ad blockers on corporate internet software. In a related story, we wonder how much incentive Twitter really has to kill off its armies of fake followers.

Are the Dutch paying the price for punching above their weight in the cyberespionage game? And did American leaks kill their success? All we can do is speculate, unfortunately.

You know you’ve missed This Week in Sex Toy Security, so we bring it back to cover yet another internet-connected vibrator company trying to shake off a privacy class action. At least half of our audience will enjoy my stumbling effort to understand the appeal of the product.

Finally, as a sign that we’ve finally reached Peak Cybersecurity and Peak Privacy, both topics are ending up on the agendas of international trade negotiators.  The EU says its privacy rules are untouchable in negotiations (although other countries’ overly protectionist data flow policies are fair game) and the NAFTA negotiators have reportedly agreed to add to NAFTA cyber security “principles” based on the NIST Cyber Security Framework.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to [email protected] or leave a message at +1 202 862 5785.

Download the 201st Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!