For decades, U.S. cyber exploits were notoriously lawyer-ridden, to the point where it became a key element in attributing US cybertools. But it looks like those days are gone. Today, Israel has matched and surpassed U.S. cyberwarriors on this essential measure. Nate Jones reports on an attack claimed by a vague "hacktivist" group but widely attributed to Israel. The hackers shut down several Iranian mills in a flood of sparks and molten steel. But the most interesting thing about the attack was the video pre-roll, which went out of its way to note that the mills were under international sanction and that the attackers had sent workers warnings to avoid casualties. Some of that was prudence; when you're escalating in cyberspace, it's a good idea to emphasize the limits you're observing. But a lot of it was lawyers advertising the attack's compliance with the law of armed conflict. Coming after an earlier campaign that cut off gasoline supplies but also warned emergency medical and fire services to gas up in advance, it sure looks as though some of the best cyber attacks now come with a phalanx of lawyers.
China, meanwhile, is putting resources into exporting its Fifty Cent Army to the United States. Sultan Meghji and Maury Shenk cover a Chinese social media campaign to turn American rare earths processing into an environmental controversy. In this case, I argue, China is taking a leaf from the Russian playbook; the Russians worked hard to make fracking controversial in the US because it was holding down the price of Russian oil. I urge someone to figure out just how many of those fake American accounts are also on TikTok, and how TikTok's algorithm is treating them.
Speaking of Chinese propaganda, Maury tells us that a well-known Chinese cybersecurity firm is accusing the U.S. of planting Trojans in hundreds of important Chinese information systems, a charge that might be interesting if the report actually provided some details.
Feeling the spur of competition from Israel's cyber lawyers, NSA's counsel has opened a new front. They've persuaded the US Justice Department to fight a merger on the grounds that it will reduce competition in bidding on a single NSA program. Nate and I get stuck on the market definition problems in the case, but Sultan thinks it's an investment opportunity.
This Week in Stupid Artificial Intelligence (AI) Research: We never lack for stories in this category, but this week the two contenders are well matched. Sultan tells us about a story that proves you can always find sex and race discrimination in AI if your study is designed badly enough. And Maury finds a group of researchers who went one better, designing a moderately effective crime prediction algorithm and then arguing that the police were racist if they put more police into high-crime neighborhoods and racist if they didn't send more police to neighborhoods with rising crime. Since the point of most AI bias research is apparently to get your story into the press by finding that AI is racist, being able to find racism no matter how the study turns out is a winning strategy.
Speaking of unimpressive journalism, Sultan flags a Wall Street Journal story that lazily dumps on AI research for not doing everything we want, while pretty much ignoring things it has done well.
Sultan also leads us through the wreckage of one cryptocurrency domino after another, but he thinks it's likely to put a firmer, and more regulated, foundation under the businesses that survive. Nate reprises the EU contribution to the issue – more regulation, natch – but in a surprise twist for the Cyberlaw Podcast, the Brussels proposal gets pretty high marks.
Updating a few stories from past weeks,
- Google is really getting hurt by the study showing its default spam filter favored Democratic fundraising messages over Republican messages by about 7 to 1. The GOP has always believed (correctly) that its views are being handicapped by Silicon Valley, but this time the evidence is hard to refute. Indeed, Google isn't really refuting it, just promising to do better in future, while Republicans are claiming that Gmail's bias cost them $2 billion in donations and proposing tough new transparency laws.
- The Justice Department is upping the stakes for Uber's former chief information security officer (CISO), charging Joe Sullivan with wire fraud for treating what looks like a data breach ransom as a bug bounty. The Department of Justice says this defrauded Uber drivers and customers. Sullivan is the first, but probably not the last, CISO who'll face this charge, as government stops touting "public-private partnership" as the reason for companies to report breaches and instead embraces fear of prosecution.
- And the Transportation Security Administration (TSA), after taking criticism for the harshness of its secret cybersecurity standards for pipelines, has now offered secret amendments to the standards. Is that a good thing? Who knows?
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.