J.P. Morgan once responded to Teddy Roosevelt’s charge that his railway trust violated federal law by telling the President, “If we have done anything wrong, send your man to see my man, and we’ll fix it up.” That used to be the gold standard for monopolist arrogance in dealing with government, but Google and Apple have put J.P. Morgan in the shade with their latest instruction to the governments of the world: You can’t use our app to trace COVID-19 infections unless you promise not to use it for quarantine or law enforcement purposes.
The two companies are able to dictate this policy because between them they have about 99% of the phone OS market. That’s more control than Morgan had of US railways, and their dominance apparently gives them the clout to send a message that improves on Morgan's: “If you think we’ve done something wrong, don’t bother to send your man; ours is too busy to meet.”
Nate Jones and I discuss Silicon Valley overreach in this episode. (In that vein, I apologize unreservedly to John D. Rockefeller, to whom I mistakenly attributed the Morgan quote.) The sad result is that what began as a promising technological adjunct to covid-19 contact tracing has been delayed and muddled by ideological engineers in the Valley to the point where it isn’t likely to be deployed and used in a timely way.
Another lesson we draw in today’s episode is for authoritarian governments: Worry less about Cyber Command and more about NGOs. Citizen Lab has released a great paper making the case that WeChat monitors its users outside China, not to suppress their speech but to flag documents and images for later suppression inside China. Ironically, Matthew Heiman notes, Western users of WeChat who circulate human rights material are giving China’s censors the ability to hash and block that material as soon as it crosses the Great Firewall -- where it's really needed.
Meanwhile, Nate points out, Bellingcat has done for Russia’s GRU what Citizen Lab did for China. Perhaps inspired by Germany’s indictment of Dmitry Badin for hacking the Bundestag, Bellingcat doxes him to a fare-thee-well, finding his phone number, car registration, wife's home page, GRU office address, and preposterously bad password.
David Kris, meanwhile, explains the intersection of export control law and the Law of Unintended Consequences, as the US Commerce Department finds that its efforts to isolate Huawei may be excluding US firms from some standards bodies.
Anthony Anscombe joins us from Steptoe’s class action practice to unpack the recent Seventh Circuit decision on Article III standing and the second dumbest privacy law in the country – Illinois’s Biometric Information Privacy Act.
I note that Israel’s passive-aggressive Supreme Court, meanwhile, has found a second way to say, “Meh,” to the Israeli government’s use of intelligence capabilities to do contact tracing.
Matthew lays out what’s at stake as the Senate rewards the House’s “corona-cation” by trying again to pass its FISA bill. That may happen as early as today.
In short hits, every government's hackers are adding COVID-19 to their targets, going after everyone from the WHO to coronavirus researchers. And I make an effort to explain why Apple has brought a DMCA copyright lawsuit against Corellium. It’s all about the “chilling effect” on security research. And maybe one particular Five Eyes researcher, Azimuth. I make the case for Justice Department intervention on Corellium’s behalf – or at least Azimuth’s. Following up on last week's story, Banjo’s CEO finds himself canceled for his (bad) acts as a 17-year-old. And, finally, where is Jean-Paul Sartre when you need him? He’s the only one who can resolve the odd dispute over “authenticity” between Twitter and the US State Department.
Download the 315th Episode (mp3).
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.