This week’s episode includes an interview with Bruce Schneier about his recent op-ed on privacy. Bruce and I are both dubious about the current media trope that facial recognition technology was spawned by the Antichrist. He notes that what we are really worried about is a lot bigger than facial recognition, and he offers ways in which the law could address that deeper worry. I’m less optimistic about our ability to write or enforce laws designed to restrict use of personal information , which after all gets cheaper to collect, to correlate, and to store every year. It’s a good, civilized exchange.
The News Roundup is a little truncated due to a technical failure. (It was a glitch in Zencastr for those of you keeping score, and I definitely am). As a result, we lost Nick Weaver’s audio for about half the program, including a hammer and tongs debate with me over Apple’s fight with the FBI. (But never fear, opportunities for that debate come by about as often as the Red Line comes to Dupont Circle.)
That said, it’s still a feisty episode. It begins with Michael Vatis teeing off on the California Consumer Privacy Act, the worst-drafted law he’s worked with in over 30 years of practice – and not much better on policy grounds.
We then return to Illinois’s recent law regulating AI hiring interviews systems like HireVue, and sparks fly again as Mark MacCarthy and I mix it up over allegations of AI “bias.” (I’m a skeptic, to put it mildly.)
Matthew Heiman covers the surprisingly thin claim that the GRU has phished its way into Burisma Holdings. And Nick comments on (yet another!) Italian surveillance tech firm getting into trouble by misusing its capabilities.
Not-so-Big Tech has begun asking Congress for antitrust help against Big Tech. Mark is skeptical; I’m a little less so.
Matthew and I compliment frequent contributor David Kris on his speed in delivering an amicus report on the FBI’s Horowitz reforms -- between one Cyberlaw Podcast episode and the next – and before his Congressional critics can even finish a letter questioning his appointment. One lingering, and possibly salutary, effect of the kerfuffle is that some good questions are now being directed at the FISA Court itself, asking why it didn’t do a better job of policing the Carter Page excesses.
Mark reports on an unusual effort by Europe’s chief privacy officer to exempt academic researchers from strict compliance with data protections laws. Privacy law, as I've said for years, is all about privileging the powerful, and academics qualify, so of course they deserve a data protection exemption.
In quick hits, Matthew notes that Erdogan has bowed to the Turkish Supreme Court and reinstated access to Wikipedia. He also reports on the U.S. Department of the Interior permanently grounding its drone fleet over spying concerns. Nick chuckles over China’s APT 40 getting doxxed, and we both give credit to NSA’s Anne Neuberger for disclosing and enabling the patch by Microsoft of a major vulnerability in the Crypt32 library. Finally, I predict that Clearview will be sued for violating terms of service to obtain the facial recognition data it uses to provide identification services to law enforcement. Because privacy law is all about protecting the privileged, and crime victims don't qualify.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of our institutions, clients, spouses, families, or pets