Skating on Stilts

This episode’s should be titled "Baker’s Law of Evil Technology," as it explains Twitter’s dysfunctional woke-ness, Yahoo’s crappy security, and Uber’s deadly autonomous vehicles. Companies with lots of revenue can afford to offer benefits that they don’t much care about, including protection of minority voices, network security, and, um, not killing people. But as Uber’s travails show, all that gets tossed out the window when corporate survival is at stake. And here’s Baker’s Law in action: Airline algorithms that deliberately break up families sitting on the plane so they can charge to put the kids back in the same row.

I do a mini-interview of Adam Candeub, who has disclosed that the supposedly populist, supposedly Silicon-Valley-skeptical Trump Administration has proposed a massive and antidemocratic subsidy for conservative-censoring social platforms.  Worse, it's written into the virtually unamendable NAFTA 2.0. I rant (briefly) about it and pray that Congress kills the provision in the lame duck.

Merrick Garland may now be available. But, we ask Jamil Jaffer and Gus Hurwitz, is a Facebook Supreme Content Court a good idea?

Speaking of Facebook, even 98-lb weaklings seem to be kicking sand in the company’s face. I lay out the latest, incredible tale about how an app that finds all your friends’ bikini pics ended up spurring an international breach of US confidentiality orders – at the behest of the UK Parliament’s serjeant at arms. And when I say it's an incredible tale, I mean just that; the story told by the participants is extraordinarily hard to believe.

Jamil and Gus note that Commerce has begun identifying an enormous list of “emerging” technologies to be restricted for export. Is this a kind of defense-industrial policy? And will it work? The panel disagrees.

Paul Rosenzweig reports that Airbnb now has its own (woker-than-thou, naturally) foreign policy. He thinks it may violate a host of state anti-BDS laws.

Nick Weaver gives us the latest Bear Facts. Both Cozy and Fancy are back with a vengeance – and not much concern about avoiding attribution.

Download the 241st Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

Mieke Eoyang joins us for aninterview about Third Way’s “To Catch a Hacker” report. We agree on the importance of what I call “attribution and retribution” as a way to improve cybersecurity. But we disagree on some of the details. Mieke reveals that this report is the first in a series that will hopefully address my concerns about a lack of detail and innovation in the report’s policy prescriptions.

Russia’s lawyers are almost as good as its hackers, to judge by a “letter” from the Russian government in the DNC’s hacking case against it. Matthew Heiman and I conclude that the DNC is going to face an uphill fight trying to overcome Russia’s sovereign immunity arguments.

It’s not cybersecurity, but it is cyberhygiene: Never do a global “find and replace” on a sensitive court filing without making sure the “replace” part actually worked. That seems to be the failure that disclosed to the world that the US has filed criminal charges against Julian Assange under seal. Maury Shenk comments.

“As an additional service to Alexa users, we promise to protect the privacy of anyone who murders you.” Okay, maybe that’s an unfair summary of Amazon’s position on whether to release Echo recordings in a double murder case. It’s not surprising that Amazon wants a court order before handing over the recordings, or that it got one, or that it seems to have complied promptly.  The real news, I argue, would be if the company had handled the matter any other way.

Dr. Megan Reiss explains the significance, if any, of the Paris Call for Trust and Security in Cyberspace, where more than 50 states and companies – the United States not among them – have signed onto a mostly Mom-and-apple-pie agreement on cyber principles.

Soft power update: Chinese-style social credit scoring is coming to a Venezuela near you. Megan comments.

Sweet justice: California SWATter has pleaded guilty and now faces 20+ years in prison.

Looks like DHS finally made it, so I can stop talking about Congress approving the renaming of NPPD to be the Cybersecurity and Infrastructure Security Agency.

And for the lightning round, Matthew confirms that remotely wiping your iPhone constitutes destruction of evidence; I note that Phineas Finn has officially gotten away with the doxing of Hacking Team; and Megan comments on yet another diversion of Western traffic through Russia and China. This time, though, we may have to blame the Nigerians.

Download the 240th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

Today’s interview is a deep (and long – about an hour) dive into new investment review regulations for the Committee on Foreign Investment in the United States (CFIUS). It’s excerpted from an ABA panel discussion on the topic, featuring: Tom Feddo, who currently oversees CFIUS; Aimen Mir, who used to oversee CFIUS; Sanchi Jayaram, who is in charge of the Justice Department’s CFIUS and Team Telecom work; David Fagan, a noted CFIUS practitioner; and me as moderator. It turns out the new CFIUS law may be the most innovative – and sweeping – piece of legislation on national security in years.   

In the news, it’s time for a Cyberlaw Podcast victory lap, as our bold election-eve prediction that foreign governments would not successfully hack the election seems to hold up well, despite laughable Internet Research Agency claims in a new meta-trolling propaganda campaign.

I note that challenges to FISA are increasing as it starts to play a role in more criminal cases. I ask David Kris whether Bob Mueller took unwise risks with intelligence equities when he charged a Russian company with criminal election trolling, since that company is now seeking discovery of intelligence intercepts.

Dr. Megan Reiss notes that China is making what might be called great strides in “gait recognition” software to supplement face recognition, taking what looks like a global lead in the technology. This reminds me that fifteen years ago, when DARPA was researching gait recognition for terrorist identification, the left/lib NGOs got Congress to kill funding by lampooning what they called “a Monty Python-esque ‘Ministry of Silly Walks.’” Not so funny now, is it guys? Especially in light of evidence that China is exporting its cyber surveillance tech to Africa.

How does China do it? According to the Australian Strategic Policy Institute, with plenty of help from the universities of the English-speaking world. Apparently the People’s Liberation Army has been sending its scientists to the West under light cover to study cutting edge defense tech.

Nate Jones and I examine the latest chapters in the now-encyclopedic tale of Silicon Valley v. Conservatives. We take a look at a Trump immigration campaign ad that Facebook and broadcast media (Fox included) refused to run. Gab is back, but just by the skin of its teeth. Meanwhile, the pitchforks and torches are being mustered for LinkedIn, which apparently hasn’t been sufficiently cowed by lefty censors. And Facebook’s effort to suppress Alex Jones’s InfoWars site is running into trouble.

Megan and I talk about the prospect that Iran is getting ready to launch cyberattacks on the US and Israel.

Nate covers the collapse of IronChat security as Dutch police managed to decrypt 258,000 messages in the app. Maybe spurred by my taunting, Edward Snowden denies that he ever endorsed the product, notwithstanding the claim on IronChat’s website. (My tweet on same: “Hey, @Snowden, IronChat sold secure phones at exorbitant prices because of your endorsement.”)

Pakistan says “almost all” its banks have been hacked.  Wouldn’t it be ironic if North Korea was buying nuclear and missile technology from Pakistan with money stolen from Pakistani banks?

Download the 239th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

This episode puts our experts on the spot with an election-eve question: Will foreign governments attack US electoral rolls or vote-counting machinery in 2018? Remarkably, no one on our panel (Matthew Heiman, Nick Weaver, David Kris, and I) thinks they will. So if you want cybersecurity news, you can stop listening to election coverage and tune in to Episode 238 of The Cyberlaw Podcast.

Our interview features Steve Rice (Deputy CIO for DHS) and Max Everett (CIO for the Department of Energy) and was originally taped at a session of the Homeland Security Week conference.

In the news, Nick evaluates the report that China hijacked the Border Gateway Protocol; he thinks we need more data. David agrees with me that one way to get the data would be a Justice Department subpoena.

Matthew Heiman explains why SCOTUS is skeptical of Google’s cy pres settlement that treated 129 million class members like bystanders at someone else’s party – and why that skepticism may not appear in US Reports any time soon.

Nick and David lay out the painful story of how failures in CIA communications with their assets may have severely compromised HUMINT operations in Iran and China.

Matthew and I talk about the string of right-wing killers in the past few weeks and the tech implications, including the defenestration of Gab and a lot of throat-clearing about amending Section 230 of the Communications Decency Act.

Matthew also explains, then casts doubt on, a Florida Appeals Court decision that rejects the “foregone conclusion” doctrine for compelled passcode disclosure.

After all the Internet-enabled vibrator stories we’ve covered on the podcast, I think we’re obliged by gender equity to cover this effort to use artificial intelligence to improve male sex toys. For those who may face confirmation before the Senate Judiciary Committee any time in the next decade, Nick explains that Markov chain techniques have nothing to do with the Devil’s Triangle.

More hostilities in the US-China Cool War: DOJ has indicted a Chinese-state owned company as well as UMC and three individuals for stealing trade secrets from US companies; and in a coordinated move, the Department of Commerce has placed limits on US businesses interacting with the Chinese company. I wonder whether the Cool War between China and the US is increasingly forcing big foreign tech companies to choose between the two as they develop new technology.

Download the 238th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!