Skating on Stilts

This is 2023's last and probably longest episode. To lead off, Megan Stifel takes us through a batch of stories about ways that AI, and especially AI "alignment" efforts, manage to look remarkably fallible. Anthropic has released a paper showing that race, gender, and age discrimination by AI models is real but could be dramatically reduced simply by instructing the model to "really, really, really" avoid such discrimination. (The Techcrunch headline writers had fun snarking on the idea that "racist" AI could be cured by asking nicely, but in fact the discrimination identified by Anthropic was severe bias against older white men, and so was the residual bias that asking nicely didn't eliminate.) The bottom line from Anthropic seems to be, "Our technology is a really cool toy, but it can't be used for for anything that matters.") In keeping with that theme, Google's highly touted OpenAI competitor Gemini was released to mixed reviews; the model couldn't correctly identify recent Oscar winners or a French word with six letters (it offered "amour"). There was good news for people who hate AI's ham-handed political correctness; it turns out you can ask another AI model how to jailbreak your model, a request that can make the task go 25 times faster.

This could be the week that determines the fate of FISA section 702, David Kris reported. When we recorded, it looked as though two bills would go to the House floor, and only one would survive. (Since then, that plan has been dropped, at least for now, in favor of a short-term extension of 702 into April.) The two bills reflect a split between the two committees overseeing the program. Judiciary's bill is a grudging renewal of 702 for a mere three years, full of procedures designed to cripple the program. The intelligence committee's bill also harries the FBI for its past failures but preserves the core of 702.

Gus Hurwitz looks at the FTC's last-ditch appeal to stop the Microsoft-Activision merger. The best case for the Commission, he suspects, is that the appeal will be rejected without actually repudiating the pet theories of the FTC's hipster antitrust lawyers.

Megan and I examine the latest HHS proposal to impose new cybersecurity requirements on hospitals. David, meanwhile, looks for possible motivations behind the FBI's procedures for companies who want help in delaying SEC cyber incident disclosures. Then Megan and I consider the tough new UK rules for establishing the age of online porn consumers. I argue that, if successful, they'll undermine Pornhub's litigation campaign against American states trying to regulate children's access to porn sites.

The race to 5G is over, Gus notes, and it looks like even the winners lost. Faced with the threat of Chinese 5G domination and an industry sure that 5G was the key to the future, many companies and countries devoted massive investments to the technology, but it's now widely deployed and no one sees much benefit. There is more than one lesson here for industrial policy and the unpredictable way technologies disseminate.

23andme gets some time in the barrel, with Megan and I both dissing its "lawyerly" response to a history of data breaches – namely changing its terms of service to make it harder for customers to sue over data breaches.

Gus reminds us that the Biden FCC, which only gained a working majority in the last month or two, is apparently determined to catch up with the FTC in advancing foolish and doomed regulatory initiatives. This week's example, remarkably, isn't net neutrality. It's worse. The Commission is building a sweeping regulatory structure on an obscure and laconic section of the 2021 infrastructure act that calls for the FCC to "facilitate equal access to broadband internet access service…": If you think we're hyperventilating, read Commissioner Brendan Carr's eloquent takedown of the whole initiative.

Senator Ron Wyden (D-OR) has a bee in his bonnet over government access to smartphone notifications. Megan and I do our best to understand his concern and how seriously to take it.

Wrapping up, Gus offers a quick take on Meta's broadening attack on the constitutionality of the FTC's current structure. David takes satisfaction from the Justice Department's patient and successful pursuit of Russian Hacker Vladimir Dunaev for his role in creating TrickBot. Gus notes that South Korea's law imposing internet costs on content providers is no match for the law of supply and demand.

And finally, in quick hits we cover:

• The guilty plea of the founder of a cryptocurrency exchange accused of money laundering
• Rumors that the ALPHV ransomware site has been taken down by law enforcement
• IBM's long-term quantum computing research milestones
• The UK's antitrust throat-clearing about the OpenAI-Microsoft tie-up
• And Europe's low-on-details announcement of a deal on the world's first comprehensive AI rules

Download 485th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In this episode, Paul Stephan lays out the reasoning behind U.S. District Judge Donald W. Molloy's decision enjoining Montana's ban on TikTok. There are some plausible reasons for such an injunction, and the court adopts them. There are also less plausible and redundant grounds for an injunction, and the court adopts those as well. Asked to predict the future course of the litigation, Paul demurs. It will all depend, he thinks, on the Supreme Court's effort to sort out social media and the first amendment in the upcoming term. In the meantime, watch for bouncing rubble in the District of Montana courthouse.  (Grudging credit for the graphics goes to Bing's Image Creator, which refused to accept the prompt until I said the rubble was bouncing because of a gas explosion and not a bomb. Way to discredit trust and safety, Bing!)

Jane Bambauer and Paul also help me make sense of the litigation between Meta and the FTC over children's privacy and the Commission's previous consent decrees. A recent judicial decision has opened the door for the FTC to modify an earlier court-approved order – on the surprising ground that the order was never incorporated into the judicial ruling that approved it. This in turn gave Meta a chance to make an existential constitutional challenge to the FTC's fundamental organization, a challenge that Paul thinks the Supreme Court is likely to take seriously.

Maury Shenk and Paul analyze the "AI security by design" principles drafted by the U.K. and adopted by an ad hoc group of nations that showed a split in the EU's membership and pulled in parts of the Global South. As diplomacy, it was a coup. As security policy, it's mostly unsurprising. I complain that there's little reason for special security rules to protect users of AI, since the threats are largely unformed, though Maury pushes back. What governments really seem to want is not security for users but  security from users, a paradigm that diverges from decades of technology policy.

Maury requests listener comments on his recent AI research and examines Meta's divergent view on open source AI technology. He offers his take on why the company's path might be different from Google's or Microsoft's.

Jane and I are in accord in dissing California's aggressive new AI rules, which appear to demand a public notice every time a company uses a spreadsheets containing personal data to make a business decision. I predict that it will be the most toxic fount of unanticipated tech liability since Illinois's Biometric Information Privacy Act.

Maury, Jane and I explore the surprisingly complicated questions raised by Meta's decision to offer an ad-free service for around $10 a month.

Paul and I explore the decline of global trade interdependence and the rise of a new mercantilism. Two cases in point: the U.S. decision not to trust the Saudis as partners in restricting China's AI ambitions and China's weirdly self-defeating announcement that it intends to be an unreliable source of graphite exports to the United States in future.

Jane and I puzzle over a rare and remarkable conservative victory in tech policy: the collapse of Biden administration efforts to warn social media about foreign election meddling.

Finally, in quick hits,

• I cover the latest effort to extend section 702 of FISA, if only for a short time.
• Jane notes the difficulty faced by Meta in trying to boot pedophiles off its platforms.
• Maury and I predict that the EU's IoT vulnerability reporting requirements will raise the cost of IoT.
• I comment on the Canadian government's deal with Google to implement the Online News Act

Download 484th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets