Skating on Stilts

Our guest is Peter W. Singer, co-author with Emerson T. Brooking of LikeWar: The Weaponization of Social Media. Peter’s book is a fine history of the way the Internet went wrong in the Age of Social Media. He thinks we’re losing the Like Wars, and I tend to agree. It’s a deep conversation that turns contentious when we come to his prescriptions, which I see as reinstating the lefty elite that ran journalism for decades, this time with even less self-doubt – and bolstered by AI that can reproduce elite prejudices at scale and without transparency.

In the News Roundup, Dr. Megan Reiss and Peter Singer join me in commenting on the White House and DOD cyber strategies. Bottom line: better than last time, plenty more room to improve.

God bless the Dutch. They’ve pwned Putin’s GRU again. In a truly multinational caper, as Nick Weaver explains, Dutch intel caught Russian spies planning cyberattacks on the Swiss institute that is investigating Russia’s nerve agent attack in Britain.

The downside of sanctions: China has joined with Russia in protesting sanctions on Russian weapons sellers that spilled over to the Chinese military. Maury Shenk and I worry about the risk that overuse of sanctions will create a powerful alliance of countries determined to neutralize the sanctions weapon.

Is it reckless to speculate that the gas fires in Massachusetts could be a cyberattack? I think it’s a fair question, to which we may not have the answer. Nick Weaver (mostly) persuades me I’m wrong.

Amazon finds itself in the sights of the European Commission over its dual role in hosting third party sellers. Maury explains why.

Putin’s enemies list, or a part of it, is disclosed when Google warns Senate staffers that their Gmail has been attacked. Maury and I congratulate Steptoe alum Robert Zarate for making the cut.

Looks like the Mirai botnet kids will be sentenced to help the FBI on cyber investigations.

And Megan sees the hand of Robert Zarate – now officially the Zelig of cyber conflict – in Marco Rubio’s letter to Apple asking why it was so slow to stop an app from sending American user data to China.

Download the 232nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

Our interview this week (in our new studio!) is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in the decade since he left government. He’s a little friendlier to European notions of data protection, a little more cautious about government authority to access data, and even a bit more open to the idea of letting the victims of cyberattacks leave their networks to find their attackers (under government supervision, that is). It’s a thoughtful, practical meditation on where the digital revolution is taking us and how we should try to steer it.

The News Roundup features Paul Rosenzweig, Matthew Heiman, and Gus Hurwitz – whom we congratulate for his move to tenured status at Nebraska. We all marvel at Europe’s misplaced enthusiasm for regulating the Internet. This fall the Europeans returned from their August vacation to embrace a boatload of gobsmackingly unrealistic tech mandates – so unrealistic that you might almost think they’re designed to allow the endless imposition of crippling fines on Silicon Valley.

In the last week or so, European institutions have pretty much shot the regulatory moon: Matthew sets out the European Parliament’s expensive and wrongheaded copyright rules. Paul covers the European Commission’s proposal that social media take down all terror-inciting speech within one hour, on pain of massive fines. Gus discusses the European Court of Human Rights’ ruling that GCHQ’s bulk data collection practices fail to meet human rights standards, though they can be fixed without dumping bulk collection. And I marvel that France is urging the European Court of Justice, which needs little encouragement to indulge its anti-Americanism, to impose Europe’s “right to be forgotten” censorship regime on Americans and on other users around the world. That’s a position so extreme that it was even opposed by the European Commission. Gus explains.

In other news, Paul outlines the National Academy of Sciences’ report, offering a sensible set of security measures for American voting systems. We all unpack the new California IoT security bill, which is now on the governor’s desk. I predict that, flawed though it is, ten more state legislatures could adopt the bill in the next year.

This Week in Social Media Bias: Paul tells us that Twitter has found a deep well of hate speech in … the United States Code. I tell the ambiguous story of offering up my Facebook account to verify claims of social media censorship.  And Gus reports that the Left has discovered a problem with fact checking for social media posts; to their surprise, it doesn’t always work in their favor.

In closing, we quickly touch on the meltdown of the world’s biggest identity database and The Intercept’s endlessly tendentious article trying to make a scandal out of IBM’s face recognition software, which can apparently search footage by skin color.

Download the 231st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

For those who've been waiting (and maybe hoping) that I'd be suspended from Facebook after I linked to infowars.com, we have an answer.

I began the experiment when a guy named Brandon Straka, leader of the conservative #WalkAway initiative, announced that he had been given a 30-day account suspension for linking from Facebook to his upcoming interview on infowars.  I couldn't believe Facebook was banning people for mentioning Alex Jones or his site, so I decided to put my own account at risk by doing the same. (If I were Cory Booker, I'd call it my "I am Spartacus" moment. But I'm not.)

A few hours later, with Straka getting a lot of clicks for his complaint, Facebook rescinded the ban, calling it a mistake. Straka claims Facebook didn't tell him the ban was lifted but did tell a hostile journalist, who then wrote a snarky article about the incident. 

So that's where things stand. Facebook's messages to Straka clearly show that his link to infowars triggered a 30-day suspension. Then the suspension was quickly reversed. Why? Presumably, whoever pulled the plug on Straka was overruled. But we don't know who issued the ban, or who lifted it, or why. Facebook apparently hasn't said anything publicly.

Lessons? First, now that being censored on social media is a surefire way to win conservative clicks, it's fair to assume that claims of censorship will proliferate, and not all of them will be true. Second, that doesn't mean they're all false, either. When it comes to the right, Silicon Valley almost certainly suffers from what the Valley used to call "epistemic closure" before the Valley embraced it. In that climate, "Sorry, mistake" isn't likely to mollify anyone.

So the right has good reason for its suspicion, and no way to get good evidence that might rebut it. To see if Alex Jones had indeed been turned into Voldemort, I had to put my Facebook account -- and a bit of my reputation -- at risk. And even then,  the fact that my account stayed up might simply show that the censors saw it as a trap that they were smart enough to avoid.

Bottom line: conservative concern about platform bias will continue to grow, and only radical transparency about platform standards and due process is likely to address that concern.

We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone  whom I respect a lot more than I agree with. But his latest book opens new common ground between us, as we both foresee a darker future for a world that is digitally connecting things that can kill people -- without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution.

In the News Roundup, I ask Jamil Jaffer, Nate Jones, and David Kris for the stories that people who took August off should go back and read. Jamil nominates the fascinating-as-a-slow-motion-car-wreck story of Maersk’s losing battle with NotPetya. We speculate on whether the Russians caused $10 billion in worldwide damage by mistake or on purpose, and whether anyone other than a US government lawyer would call that indiscriminate attack a war crime.

David nominates the 179-page complaint against a North Korean hacker behind most of that country’s famous hacks. And, as a palate cleanser, the remarkable, score-settling, where-are-they-now story of the companies that challenged the FBI’s attribution of the Sony hack to North Korea.

Finally, I suggest spending some time with what might be called DCLeaks for good guys: Intrusion Truth, a website devoted to outing personal details about the government hackers who have been attacking Western companies. It (and Crowdstrike) provides an old-fashioned pantsing of China’s Ministry of State Security (MSS) – the sort of embarrassing doxing that allowed the MSS to take over much of China’s cyberespionage portfolio from the hapless People’s Liberation Army after it was outed several years ago.

In other news, a Five Country Ministerial (homeland security and immigration ministers from the US, UK, Australia, Canada, and New Zealand) issued a statement on encryption that seemed to threaten action, saying that if tech companies don’t address the ministers’ concerns, “we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.” While this group isn’t really the “Five Eyes” of SIGINT fame, that’s not very comforting for Big Tech, since the statement suggests a wider coalition and another step forward in the effort to bring Big Tech to heel on the issue.

Download the 230th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

Allowing me to extend my August hiatus by a week, Alan Cohn hosts the 229th episode of The Cyberlaw Podcast. He takes a deep dive into all things blockchain and cryptocurrency discussing recent regulatory developments and best practices for users of exchanges.

The episode begins by looking at the landmark decision coming out of the New York Eastern District Court in favor of the Commodity Futures Trading Commission (CFTC). Charles Mills provides an overview of the recent New York federal court decision and CFTC victory against Cabbage Tech, Corp. d/b/a Coin Drop Markets and Patrick K. McDonnell of Staten Island, New York, ordering McDonnell to pay over $1.1 million in civil monetary penalties and restitution in connection with a lawsuit brought by the CFTC alleging fraud in connection with virtual currencies, including Bitcoin and Litecoin. In addition, Charles presents a more general overview of CFTC regulations.

Claire Blakey presents a timeline of the US Securities and Exchange Commission’s (SEC) recent actions regarding ETFs. On August 23, 2018, SEC announced that it would reconsider a decision to reject nine Bitcoin-based exchange traded funds. Earlier this month, SEC staff delayed a decision on the SolidX proposal, stating it needs more time to consider the proposal – the deadline for this decision is September 30, 2018. Claire also discusses CBOE’s filing with SEC for a bitcoin ETF.

Evan Abrams highlights the four takeaways from the Department of Treasury’s Financial Enforcement Network (FinCEN) director’s speech on cryptocurrency. On August 9, 2018, FinCEN Director Kenneth Blanco delivered a speech on the agency’s approach to cryptocurrency where he made a few unexpected remarks. Evan states that this speech offered helpful clarifications and insights, but also left a number of important questions unanswered. In addition, Evan discusses the Office of the Comptroller of the Currency’s proposed charter for online lenders and other FinTech companies in the coming months.  

Finally, Maury Shenk covers the recent reports about the EU finance ministers’ plan to discuss the possibility of cryptocurrency regulation at a meeting in early September. As part of a leaked confidential note, it is expected that EU ministers will discuss anti-money laundering issues amongst other things. Alan and Maury note that while the EU takes a heavier regulatory approach than the US in this area, the process is slow moving but steadily developing. In addition, Maury discusses the European Blockchain Partnership, describing it as an integrated effort for a great blockchain future.

For the interview, the Steptoe team was joined by Sarah Compani, Legal Counsel at Bitfinex. Bitfinex is a full-featured spot trading platform for major digital assets and cryptocurrencies, including Bitcoin, Ethereum, and many more. Bitfinex offers leveraged margin trading through a peer-to-peer funding market, allowing users to securely trade with up to 3.3-times leverage. Sarah took us through the best security practices for users of exchanges, particularly focusing on security settings that users can customize, such as Google Authenticator 2FA, Universal 2nd Factor (U2F), and IP address whitelisting. Sarah provides listeners with three takeaways as she responds to Alan’s questions regarding the future of exchanges, the Bitfinex platform, and potential challenges going forward.

Download the 229th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!