Skating on Stilts

In this episode, I interview Rob Knake, Senior Fellow at the Council on Foreign Relations, about his recent report, "Weaponizing Digital Trade -- Creating a Digital Trade Zone to Promote Online Freedom and Cybersecurity." The theme of the report is what the US can salvage from the wreckage of the 1990s Magaziner Consensus about the democratizing and beneficent influence of an unregulated Silicon Valley. I suggest that, when you're retreating from global ambition to a battered band of democratic nations, talking about "weaponization"  is delusional; what the paper really proposes is a kind of "Digital Dunkirk." Rob and I proceed to disagree about the details but not the broad outlines of his proposal.

In the news roundup, we finally have a Google antitrust complaint to pore over, and I bring Steptoe's Michael Weiner on to explain what the complaint means. Bottom line: it's a minimalist stub of a case, unlikely to frighten Google or produce structural changes in the market -- unless a new administration (or a newly incentivized Trump Justice Department) keeps adding to the charges as the investigation wears on.

Speaking of Justice Department filings that serve up less than meets the eye, DOJ has indicted GRU hackers for practically every bad thing that has happened on the internet in the last five years, other than the DNC hack. (In fact, I lost an unsaved Word document in 2017 that I'm hoping will be added to the charges soon.) The problem, of course, is that filing the charges is the easy part; bringing these state hackers to justice is so hard as to be more or less inconceivable.  So one wonders (along with Jack Goldsmith) whether a policy that requires a stream of indictments for all the cyberattacks on the US and its allies is a wise use of resources. Maury Shenk thinks it might be, at least as a way of demonstrating US attribution capabilities, which are indeed impressively showcased in the indictment.

While we're on the subject of questionably effective US retaliation for cyberattacks, Maury notes that the Treasury Department has imposed sanctions on the unpronounceable Russian institute, TsNIIKhM, that seems to have developed the industrial control malware that caused massive outages in Saudi Arabia and that may still be planted in US energy systems as well. Again, no one doubts that heavy penalties should be imposed; the question is whether these penalties will actually ever reach TsNIIKhM.

In another law enforcement action against cyberattacks, Nick Weaver celebrates the German government's dawn raid on spyware exporter, FinFisher. And Maury expresses modest hope for Facebook's Oversight Board now that it has started reviewing content moderation cases. Color me skeptical.

Now that we've seen the actual complaint, Nick has his doubts about Microsoft's legal attack on Trickbot. It may be working, he says, but why is Microsoft doing something that the FBI could have done? I pile on, raising questions about the most recent legal theory Microsoft has rolled out in support of its proposed remedies.

Finally, in quick hits:  I hum a few bars from "John Henry" in response to a Bloomberg story suggesting that CEOs are successfully beating the AI engines parsing their analyst calls and trading on the results. Maury then debunks the parts of the story that made it fun, but not before I've asked whether Spinal Tap was decades ahead of its time in repackaging failure for AI consumption. Maury notes what I predict will be ho-hum Judiciary Committee testimony of Twitter and Facebook CEOs about their suppression of the New York Post "laptop from hell" Hunter Biden story.  I'm much more interested in the Commerce Committee's subpoenaing of contacts between the campaigns and those companies.  Because you just know the campaigns have a whole strategy for working the speech referees of Silicon Valley, and it would be an education to see how they do it.  Nick and I congratulate Edward Snowden on the confirmation that he'll be in Russia forever. And I mock the Portland City Council as well as all the journalists who tried to make face recognition toxic – until it turned out that face recognition might help antifa dox the police.  Suddenly we can't expect to stop the march of technology.

Download the 335th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This episode features an interview with Ronald Deibert, Professor of Political Science, and Director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto. We talk about his new book, Reset: Reclaiming the Internet for Civil Society. We also talk about the unique Canadian talent for debating with bare-fisted politesse. Ron gets to use that talent often in our discussion of what’s wrong with the technology ecosystem and whether it can be improved by imposing “restraint” on government and the private sector.

In the news roundup, I urge Twitter to bring back the Fail Whale to commemorate its whale of a fail in trying to suppress a New York Post story that is bad news for Joe Biden. It’s a disaster on all fronts, with Twitter unable to offer a satisfactory explanation for its suppression of the news report, or to hold to any particular enforcement policy for more than a day, and it ended with an embarrassing insistence that the Post can’t have its account back until it deletes tweets that Twitter would probably allow the Post to post today.  

And not surprisingly, the episode is encouraging everyone to think that they can do this better than Twitter.  The FCC is going to start work on an effort to add an administrative gloss to section 230. Mark MacCarthy thinks the Commission lacks authority to interpret the provision; I disagree. We do agree that Justice Thomas’s thoughts on section 230 are surprisingly detailed – and make Supreme Court review of the provision a lot more likely. 

Megan Stifel tells us that the ransomware business is getting even more specialized.  Together we wonder if that specialization opens the door to new, even more creative, ways to take down organized cybercrime. 

David Kris notes the pearl-clutching over search warrants that identify a pattern of conduct rather than an individual.  He almost agrees with me that this is just what probable cause looks like in the twenty-first century. 

This week puts on display Europe’s trademarked "Tough Privacy Talk and Slow Privacy Walk" policy approach: David teams with Charles Helleputte to make sense of two data protection rulings in Europe that bring a lot more thunder than lightning to the debate: First, an attack on the privacy standards, such as they are, for online advertiser  real time bidding. Second, the proclamations of France’s top court and its DPA about sending health data to US cloud providers. 

Megan notes two stories that deepen trends we knew were coming: hackers chaining VPN and ZeroLogon bugs to attack US government networks, maybe including election agencies,   and Iranian state hacker group resorting  to ransomware attacks. 

We cover a few updates of past weeks’ stories: The fallout continues from OFAC’s ransomware advisory. (Rumors that the agency will be renamed WTF OFAC are unconfirmed.) And Tik/Chat seems to be settling in for a longer court battle before the government’s arguments start to take hold. (As a bonus, our Cyberlaw grammarian makes a surprise appearance to announce the rule of English usage that prevents TikTok from ever being TokTik). 

In quick hits, we boldly predict that the government will launch an antitrust suit against Google, some day. We speculate on why Tesla’s autopilot AI might be fooled by projected images. And we note New York’s claim that Twitter is systemically important to the nation’s financial system -- which is just about the most 2020 thing I’ve heard in a while.

And more! 

 Download the 334th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! And thanks for our new theme music to Ken Weissman of Weissman Sound Design.

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our latest episode I interview David Ignatius about the technology in his latest spy novel, The Paladin. Actually, while we do cover such tech issues as deepfakes, hacking back, Wikileaks, and internet journalism, the interview ranges more widely, from the steel industry of the 1970s, the roots of Donald Trump’s political worldview, and the surprisingly important role played in the Trump-Obama-Russia investigation by one of David Ignatius’s own opinion pieces.

Download the 333^rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! Our thanks to Ken Weissman of Weissman Sound Design for the new theme music.  

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It’s a law-heavy tech news week, so this episode is all news. If you come for the interviews, though, do not fear.  We’ll be releasing episode 333 tomorrow, and it’s all interview, as I talk with David Ignatius about the tech issues in his latest spy novel, The Paladin.

To kick things off in episode 332, Matthew Heiman returns to the podcast; he analyzes a new decision of the Court of Justice of the EU. The CJEU claims in its headline holding to put limits on governments' mass collection of mobile and internet data, but both Matthew and I think the court's footnotes take away much of the doctrine the headlines proclaims – and maybe in a way that will help the US as it tries to work around the CJEU’s foolhardy decision in Schrems II.

Sultan Meghji tells us that Trickbot has attracted the attention of both Cyber Command and Microsoft’s lawyers.  Unfortunately, even that combination isn’t proving fatal, and I wonder whether Microsoft’s creative lawyering has gone a step too far.

The Democrat-controlled House Judiciary Committee has released a blockbuster tech antitrust report. It’s hardly news that Democrats and Republicans on this most partisan of committees disagree about the issue, but Matthew and I are struck by how modest the disagreements are.  In contrast, despite our conservative leanings, Matthew and I manage to disagree pretty profoundly on how antitrust principles should apply to Big Tech.

Sultan, meanwhile, draws the short straw and has to explain the mother of all metaphor bombs that exploded in the Supreme Court during oral argument in Google v. Oracle. It was a discouraging argument for those of us who admire the Justices, whose skills at finding apt metaphors completely failed them. I offer my past experience as a Supreme Court advocate to critique the argument and lay odds on the outcome. (Short version: Google has a nearly 50-50 chance of winning, and the Court has about the same chance of producing a respectable opinion.

Brian Egan joins us to talk about the Justice Department’s sober report on how law enforcement can combat terrorist and criminal use of cryptocurrency.

I claim to have caught Twitter and Facebook in a clear example of improper suppression of conservative (or at least Trumpist) speech, as they suppress as misleading a Trump tweet that turns out to be, well, true.

Brian and I dig into the latest litigation over banning TikChat from US markets. Short version: the Justice Department has filed a strong brief seeking to overturn WeChat’s first amendment protection from the ban. If you’re looking for raw disagreement, listen for Brian coming out of his chair when I start comparing Silicon Valley and Chinese Communist Party net censorship regimes.

Matthew explains why Sweden and Switzerland are fighting over a crypto company widely reported to have been compromised by US and German intelligence fifty years ago.

And for our sensitive male listeners, this may be the point where you turn the podcast off, as I explain the dire consequences of combining bad IOT security and male chastity devices.  Though, come to think of it, an angle grinder would make a pretty effective chastity device by itself.

And more!

Download the 332^nd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug. Thanks to Ken Weissman of Weissman Sound Design for our theme music.

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In this episode, Jamil Jaffer, Bruce Schneier, and I mull over the Treasury announcement that really raises the stakes even higher for ransomware victim.  The message from Treasury seems to be that if the ransomware gang is the subject of OFAC sanctions, as many are, the victim needs to call Treasury and ask for a license to pay – a request that starts with a “presumption of denial.”  

Someone has been launching a series of coordinated attacks designed to disrupt Trickbot. Bruce explains.

CFIUS is baring its teeth on more than one front. First comes news that a newly resourced CFIUS staff has begun retroactively scrutinizing past Chinese tech investments. This is the first widespread reconsideration of investments that escaped notice when they were first made, and it could turn ugly. Next comes evidence that the TikTok talks with CFIUS could be getting ugly themselves, as Nate Jones tells us that Treasury Secretary Mnuchin has laid down the elements the US must have if TikTok is to escape a shutdown. None of us think this ends well for TikTok, as China and the US try to prove how tough they are by asking for mutually exclusive structures.

The US government is giving US companies some free advice about how to keep sending their data to the US despite the European Court of Justice decision in Schrems II: First-time participant Charles Helleputte offers a European counterpoint to my perspective, but we both agree that there’s a lot of value in the US white paper. If nothing else, it offers a defensible basis for most companies to conclude that they can use the standard contractual clauses to send data to the US notwithstanding the court’s egregiously anti-American opinion. The court may not agree with the white paper, but the reasoning could buy everyone another three years and might be the basis of yet another US-EU agreement.

The UK seems to be preparing to take Bruce’s advice on regulating IOT security, but he thinks that banning easy default passwords is just table stakes.

Bruce and I once again review the bidding on voting by phone, and once again we agree: No. Just No.

Nate questions the press stories (and FBI director testimony) claiming that the FBI is pivoting to a new strategy for punishing hackers by sending Cyber Command after them. He thinks it’s less a pivot and more good interagency citizenship, which I suspect is still a change of pace for the Bureau.

Bruce and I explore the possibility of attributing exploits to individuals based on their coding style. You might say that their quirks leave fingerprints for the authorities, except that at least one hapless hacker has one-upped them by leaving his actual fingerprints behind in an effort to get himself approved in a biometric authentication system.

And in updates, we note that Microsoft has a new and unsurprising annual report on cyberattacks it has seen; the Senate will be subpoenaing the CEOs of Big Social to talk section 230 in an upcoming  hearing; and the House intel committee has a bunch of suggestions for improving the performance of the intelligence community against evolving Chinese threats.

And more!

Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design.  Hope you like it!

Download the 331^st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.