Dmitri Alperovitch joins the Cyberlaw Podcast to discuss the state of semiconductor decoupling between China and the West. It's a broad movement, fed by both sides. China has announced that it's investigating Micron to see if its memory chips should still be allowed into China's supply chain (spoiler: almost certainly not). Japan has tightened up its chip-making export control rules, aligning them with U.S. and Dutch restrictions, all with the aim of slowing China's ability to make the most powerful chips. Meanwhile, South Korea is boosting its chipmakers with new tax breaks, and Huawei is reporting a profit squeeze.
The Biden administration spent much of last week on spyware policy, Winnona DeSombre Berners reports. How much it actually accomplished isn't clear. The spyware executive order restricts U.S. government purchases of surveillance tools that threaten U.S. security or that have been misused against civil society targets. And a group of like-minded nations have set forth the principles they think should govern sales of spyware. But it's not as though countries that want spyware are going to have a tough time finding it, I observe, despite all the virtue signaling. Case in point: Iran is getting plenty of new surveillance tech from Russia these days. And spyware campaigns continue to proliferate.
Winnona and Dmitri nominate North Korea for the title "Most Innovative Cyber Power," acknowledging its creative use of social engineering to steal cryptocurrency and gain access to U.S. policy influencers.
Dmitri covers the Tiktok beat, including the prospects of the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act., which he still rates high despite criticism from the right. Winnona and I debate the need for another piece of legislation given the breadth of CFIUS review and International Emergency Economic Powers Act sanctions.
Dmitri and I note the arrival of GPT-4 cybersecurity, as Microsoft introduces "Security Copilot." We question whether this will turn out to be a game changer, but it does suggest that bespoke AI tools could play a role in cybersecurity (and pretty much everything else).
In other AI news, Dmitri and I wonder at Italy's decision to cut itself off from access to ChatGPT by claiming that it violates Italian data protection law. That may turn out to be a hard case to prove, especially since the regulator has no clear jurisdiction over OpenAI, which is now selling nothing in Italy. In the same vein, there may be a safety reason to be worried by how fast AI is proceeding these days, but the letter proposing a six-month pause for more safety review is hardly persuasive – especially in a world where "safety" seems to mostly be about stamping out bad pronouns.
In news Nick Weaver will kick himself for missing, Binance is facing a bombshell complaint from the Commodities Futures Trading Commission (CFTC). (The Binance response is here.) The CFTC clearly had access to the suicidally candid messages exchanged among Binance's compliance team. I predict criminal indictments in the near future and wonder if the CFTC's taking the lead on the issue has given it a jurisdictional leg up on the SEC in the turf fight over who regulates cryptocurrency.
Finally, we close with a review of a book arguing that pretty much anyone who ever uttered the words "China's peaceful rise" was the victim of a well-planned and highly successful Chinese influence operation.
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.