Our interview is with Sultan Meghji, CEO of Neocova. We cover the large Chinese investment in quantum technology and what it means for the United States. It’s possible that Chinese physicists are just better than American physicists at extracting funding from their government by hyping their science. Indeed, it looks as though some quantum tech, such as the use of entangled particles to identify eavesdropping, may turn out to have dubious military value. But not all. Sultan thinks the threat of special purpose quantum computing to break encryption poses a real, near-term threat to US financial institutions’ security.
In the News Roundup, we cover the new California Consumer Privacy Act regulations, which devote a surprising amount of their 24 pages to fixing problems caused by the Act’s feel-good promise that consumers can access and delete the information companies have on them.
Speaking of feel-good laws that are full of liability land mines, the Supreme Court has let stand a Ninth Circuit ruling that allows blind people to sue under the Americans with Disabilities Act if websites don’t accommodate their needs. Nick Weaver and I explore a few of the harder questions raised by this seemingly simple mandate (you can accommodate the blind by providing a "read aloud" option, but what about people who are blind and deaf?) and the risks of making law by retroactively imposing liability.
Weirdly for a populist administration that says it mistrusts the big social platforms for their restricting of conservative speech, the Trump trade negotiators are actually expanding Section 230 immunities for Silicon Valley that both left and right have begun to question. The expansion is buried in hard-to-amend and even-harder-to-repeal trade agreements. By way of explanation, I lay out the Realpolitik of trade deals. As if to prove my point, the US and Japan have signed a Digital Trade Agreement that has much the same provision.
Nick and I muse on the rise of Commerce Department sanctions on individual companies. In a way, such sanctions are a less harsh alternative to OFAC sanctions, which include property seizures, but they are also like antibiotics -- they either destroy the target or help it develop better resistance for the future.
Does TLS stand for “Tough Luck, Sucker?” That’s the message of a new and clever form of malware that has been, softly attributed to the Russian FSB.
Apple, having banned, and then unbanned, an app that locates police activity in Hong Kong, has now re-banned it. Tim Cook offers an explanation for the latest move that triggers Nick’s bovine excrement detection system. In a Final Four of Hypocritical Surrender to the PRC, LeBron James and the NBA give ESPN a run for its money. South Park fails to qualify.
Matthew Heiman and I discuss India’s effort to create a national facial recognition system. Naturally BuzzFeed thinks it’s Evil. Not enough people of color in the training set, apparently, or perhaps it’s too many. Or Modi is too much like Trump. Or some damn thing. Look, it’s Evil, okay? So shut up and leave BuzzFeed alone.
Nick and I consider DHS’s request for the power to subpoena ISPs to identify owners of compromised systems. I critique Herb Lin’s suggestion that the ISPs can solve the problem without giving data to DHS.
As Matthew notes, it was just last month that the French government gave the world a stiff-necked little lecture on respecting sovereignty in cyberspace. So why are French police helping reprogram computers in Latin America? Because it’s different when the French are doing it than when it’s done to them, I surmise.
A recent “good guy with a keyboard” story offers me one more chance to tout my views on hacking back. I ask why someone who’s rescued hundreds of victims from ransomware should have to worry for one minute about being prosecuted for compromising (again) the already compromised C2 machines that apparently held the keys.
Matthew and I try to simplify a complex ruling from two FISA courts. Among the takeaways: The FBI has been running a lot of searches against 702 databases (3.1 million a year!), which greatly complicates its compliance program, and the FISA courts are overusing the 4th amendment, which in FISA minimization cases is like trying to do brain surgery with a chainsaw.
Argh! That embarrassing Bloomberg Supermicro story is back. Sort of. Wired has shown that something like it could really be done. Which, Nick points out, we already knew.
I give a shoutout to Jennifer Daskal and Peter Swire for their useful overview of the UK-US CLOUD Act, but I wonder if the agreement's mutual “no targeting of the other country’s nationals” assurances are a scalable solution.
Finally, Matthew reviews the second volume of the SSCI report on its investigation into Russian election interference. The TL;DR? The Russians did what you think they did. The closest thing to a surprise? After starting out just trying to hurt Hillary, by the end the Russians seem to have been trying to help Trump too.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.