Skating on Stilts

Paul Rosenzweig leads off with This Week in China Tech Fear – an enduring and fecund feature in Washington these days. We cover the Trump Administration's plan to blacklist up to five Chinese surveillance companies, including Hikvision, for contributing to Uighur human rights violations in the West of China, DHS's rather bland warning that commercial Chinese drones pose a data risk for US users, and the difficulty US chipmakers are facing in getting "deemed export" licenses for Chinese nationals.

We delve deeper into a remarkably shallow and agenda-driven New York Times article by Nicole Perlroth and Scott Shane that blames NSA for Baltimore's ransomware problem without ever asking why the city failed for two years to patch its systems. David Kris uses the story to take us into the Vulnerabilities Equities Process – and its flaws.

There may be a lot – or nothing – to the Navy email "spyware" story, but David points out just how many of today's cyber issues it touches. With the added fillip of a "Go Air Force, Beat Navy" theme not usually sounded in cybersecurity stories.

Paul expands on what I have called Cheapfakes (as opposed to Deep Fakes) – the Pelosi video manipulated to make her sound impaired. And he manages to find something approaching good news in the advance of faked video – it may mean the end of (video) blackmail.

But not the end of "revenge porn" and revenge porn laws. I ask Gus Hurwitz whether those laws are actually protected by the Constitution, and the answer turns out to be highly qualified. But, surprisingly, media lawyers aren't objecting that revenge porn laws criminalizing the dissemination of true facts are on a slippery slope to criminalizing news media. Only a bit more persuasively, though, that is the argument they're making about the expanded charges of espionage against Wikileaks founder Julian Assange. David offers his view of the pros and cons of the indictment.

And Gus closes us out with some almost unalloyed good news. Despite my suspicion of any bipartisan bill in the current climate, he insists that the Senate-passed anti-robocalling bill is a straight victory for the Forces of Good. But, he warns, the House could still screw things up by adding a private right of action along the lines of the Telephone Consumer Protection Act, which has provided the plaintiffs bar with an endless supply of class actions without actually benefiting consumers.

Download the 265th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

We begin this episode with a quick tour of the 5-4 Apple antitrust decision that pitted two Trump appointees against each other. Matthew Heiman and I consider the differences in judging styles that produced the split -- and the role that 25 years of living with Silicon Valley “platform billionaires” may have played in the decision.

Eric Emerson joins us for the first time to talk about the legal fallout from the latest tariff increases on Chinese products. Short version: companies have some short-term tactics to explore (country of origin, drawback, valuation), but large importers/resellers will have to grapple with larger and costlier strategies of supply chain diversification and localization.

Meanwhile, China has not been taking the trade war lying down. In addition to its own tariff increases, it now seems to be enforcing its demanding cybersecurity law more aggressively against foreign firms. I suggest that we may also be seeing retaliation in Chinese courts as well.

In related news, Nick Weaver and I debate the potentially sweeping new Executive Order on Securing the Information and Communications Technology and Services Supply Chain.

Maury Shenk explains the UK Supreme Court ruling that expands the court’s authority over the UK’s intelligence agencies -- despite clear Parliamentary language to the contrary. Bottom line: Bad news for UK intelligence. Hidden good news for the US: Turns out that there is something worse than activist judges interpreting a written constitution – activist judges who can more or less make up the constitution they interpret.

It was a cybersecurity disaster week for some of the biggest names in tech. Nick helps me understand which bugs were worst, Cisco’s, Intel’s, or Microsoft’s. Then we review the equally bad week that the NSO Group and its WhatsApp exploit had.

Cleaning up in a lightning round:  We cover the order requiring the Chinese owner of Grindr to sell by mid-2020. We also cover Canada’s approach to social media, which spurs me to offer unwonted praise for France’s Macron and his moderation. The EU has a plan for sanctions on cyberattackers; Matthew and I doubt it will get much use. Is too much fuss being made over leak investigators using Web bugs to see if defense counsel at Guantanamo have been leaking; Nick and I disagree, at least a bit.

And the podcast closes with yet another installment in our long-running feature, “This Week in Internet Sex Toy Law.” Suffice it to say that the latest case can’t be understood without consulting both Orin Kerr and Jerry Seinfeld.

Download the 264th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to

[email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect their firms, clients, spouses, or families.

With apologies for the lateness of this post, Episode 263 of The Cyberlaw Podcast tells the sad tale of yet another US government leaker who unwisely trusted The Intercept not to compromise its source. As Nick Weaver points out, The Intercept also took forever to actually report on some of the material it received.

In other news, Brian Egan and Nate Jones agree that Israel broke no new ground in bombing the headquarters of Hamas’s rudimentary hacking operation during active hostilities.

Nick and I dig into the significance of China’s use of intrusion tools pioneered by NSA. We also question the New York Times’s grasp of the issue.

The first overt cyberattack on the US electric grid was a bust, I note, but that’s not much comfort.

How many years of being told “I’m washing my hair that night” does it take before you realize you’re not getting anywhere? The FCC probably thought China Mobile should have gotten the hint after eight years of no action on the company's application to provide US phone  service, but just in case the message didn’t get through, the Commission finally pulled the plug last week.

Delegating to Big Social the policing of terrorist content has a surprising downside, as Nate points out. Sometimes the government or civil society need that data to make a court case.

We touch briefly on Facebook’s FTC woes and whether Sen. Hawley (R-MO) should be using the privacy stick to beat a company he’s mad at for other reasons. I reprise my longstanding view that privacy law is almost entirely about beating companies that you’re mad at for other reasons.

Download the 263rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Have the Chinese hired American lawyers to vet their cyberespionage tactics – or just someone who cares about opsec? Probably the latter, and if you’re wondering why China would suddenly care about opsec, look no further than Supermicro’s announcement that it will be leaving China after a Bloomberg story claiming that the company’s supply chain was compromised by Chinese actors. Nick Weaver, Joel Brenner, and I doubt the Bloomberg story, but it has cost Supermicro a lot of sales – and even if it isn’t true this time, the scale and insouciance of past Chinese cyberespionage make it inherently believable. Hence the company’s shift to other sources (and, maybe, a new caution on the part of Chinese government hackers).

GDPR and the California Consumer Privacy Act (CCPA) may be the Dumb and Dumber of privacy law, but neither is going away. And for the next six months, California’s legislature will be struggling against a deadline to make sense of the CCPA. Meegan Brooks gives us an overview.

But we in Washington can’t get too smug about California’s deadline-driven dysfunction. Congress also faces a year-end deadline to renew the Section 215 program, and even the executive branch hasn’t decided what it wants. Joel takes us through the program’s history, its snake-bitten implementation, and the possible outcomes in Congress.

This week in Silicon Valley content control: Facebook dropped the link-ban hammer on Louis Farrakhan, Alex Jones, and Milo Yiannopoulos for being “dangerous.” But did it really? Once again, I volunteer to put my Facebook access at risk by testing Facebook’s censorship engine – posting a different Infowars story there every day. Not because I love the conspiracy-mongering Alex Jones but because banning links is a bad idea. (Among other things, you can’t really pile links up and burn them in cinematic pyres at rallies.) But both Facebook and Jones may have a codependent interest in overstating the ban, because as of Day 4 of my experiment, my Facebook account is still alive and well, as are the Infowars links.

The FBI has accused US scientists of sending intellectual property to China, running shadow labs, and (this part really appalls Nick) corrupting the peer review process at NIH. Sadly, Science magazine buys into easy claims that the flap is born of racial bias.

We close the episode with the latest and most shocking facial recognition scandal. It turns out face recognition researchers are chasing down unwilling subjects and restraining them to get the subjects’ pictures – all in service to untried and udderly unreliable technology. All we need to turn this into a major scandal is a public policy entrepreneur willing to work the intersection between the EFF and PETA.

Download the 262nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

I don't want to bury the lede here.

Probably the most interesting thing about this test is what hasn't happened. I haven't been suspended or warned by Facebook about linking to Infowars, and while Facebook has broken some of the links to Infowars, it has done so in a fashion so haphazard and incompetent that I doubt the breakage was intentional.

Has the Facebook censorship engine finally caught up with Facebook's censorship ambitions? My day 2 post, when it first went up, resolved to a deep link on Infowars about US unemployment reaching a 50-year low. When I reposted it with public access, though, the link resolved to a "Page Not Found" message -- on Infowars.com.

I thought maybe Facebook engineers had finally got their censorship engine up and running, but first I checked to see if Infowars had dropped the story. Nope, it still seems to be on the Infowars site, here: https://www.infowars.com/jobs-surge-unemployment-falls-to-…/

My latest Facebook post:

Day 2. I'm posting a link to an Infowars story taken from CNBC and headlined "JOBS SURGE, UNEMPLOYMENT FALLS TO LOWEST SINCE 1969." https://www.infowars.com/jobs-surge-unemployment-falls-to-…/ Unlike last time, though, the link does not end at Infowars's landing page. Could it be that I'm inadvertently helping to beta test Facebook's censorship engine?

https://www.facebook.com/stewart.a.baker

I'm conducting an experiment to see whether Facebook is really banning links to Alex Jones's nasty but not illegal site.  Unfortunately, it means putting my Facebook account at risk of suspension or disappearance.  Here's what I posted earlier today: