Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up pretty well under my skeptical questioning.
In this week’s news, Congress and the Executive branch continue to fight over the bleeding body of ZTE, which has already lost nearly 40% of its market value. The Commerce Department has extracted a demanding compliance and penalty package from the Chinese telecom equipment manufacturer. The Senate, meanwhile, has amended the NDAA to overturn the package and re-impose what amounts to a death penalty (see section 1727). Brian Egan and I dig into the Senate’s language and conclude that it may do a lot less than the Senators think it does, and that may be the best news ZTE is going to get from Washington this year.
Judge Leon has approved the AT&T-Time Warner merger. Gus Hurwitz puts the ruling in context. His lesson: next time, the Justice Department needs better evidence.
Brian gives us an update on what’s not in the CFIUS reform bill now that the CFIUS reform bill is in the NDAA and on its way to adoption. I suggest that the bill is a symptom of a new Cool War, and the beginning of a long, slow process of breaking the commercial world back into competing blocs. Complete with mirror-imaging, as both China and DOD start publishing lists of the technologies they expect to use in the burgeoning competition.
Kaspersky is getting a lesson in Cool War bloc dynamics, as the EU Parliament trashes the company as a malicious actor and the company acts out, terminating its cybersecurity arrangements with EU institutions.
Megan Stifel and I explore what it means that Chinese hackers are apparently back to their old tricks – stealing competitive secrets for commercial advantage.
Given a choice between EFF and the EU, I come down on the EFF’s side, at least when the EU is snuggling up to Big Copyright and forcing Internet companies to automatically scan customer uploads for copyright violations. This is bad news for users, of course, since the tools are never perfect, and the incentives will be to err on the side of preventing speech. But, really, EU, if you were wondering why you’ll never have a vibrant tech startup scene, it’s time to look in the mirror. This measure may sound as though it will be tough on YouTube, but it will be fatal to its smaller competitors.
But surely, you say, the owners of intellectual property will be constrained by the need to keep their consumers happy. Yeah, right. If you believe that, you might want to take a closer look at the astonishing surveillance system that IP owners have dreamed up in Spain. At least nothing so intrusive could be done in Europe, where GDPR has created a privacy utopia …
More Cool War casualties: US sanctions on Russia have hit a couple of companies that Silicon Valley thought of as friends and neighbors. This dividing-into-blocs business has some surprising costs. Brian, of course, wants to know how to square these sanctions with the president’s view of Russia. I supply the answer (two, actually), but you’ll have to listen to find out what they are.
Gus Hurwitz plugs his new privacy paper, which pantses privacy campaigners for hypocrisy.
Gus also comments on Apple’s new USB restricted mode, which law enforcement support contractors say they’ve already defeated.
In the good news of the week, the Southern Poverty Law Center gets a comeuppance in the form of an unconditional apology and $3.4m libel settlement for including Maajid Nawaz in its nasty and irresponsible 2016 “Field Guide to Anti-Muslim Extremists.” If you’re keeping score at home, that’s $3.37 million down, $429 million to go before SPLC’s grotesquely swollen endowment is used up.
Speaking of comeuppances, I get mine for correcting Jennifer Quinn-Barabanov’s pronunciation of cy près as “sigh pray.” I’m a “see pray” guy. Alert listener Tim White decided to call up Brian Garner of Garner’s Dictionary of Modern Legal Usage for a ruling. In a moment straight out of a Woody Allen film, Garner responds through an editor that “Professor Garner is editing the entries in Black’s and Garner’s Dictionary of Legal Usage to reflect that /sigh/ is the traditional anglicized pronunciation and that /see/ is a repatriated French pronunciation. So both pronunciations will be listed, but /sigh/ will be listed first as the preferred one.” Short version: I’m condemned as an egregious grammar snob who doesn’t know a repatriated French pronunciation when he sees one. I think I owe Jennifer Quinn-Barabanov an apology – and $3.37.
As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!