Header graphic for print
Steptoe Cyberblog

Category Archives: International

Subscribe to International RSS Feed

Retain Locally, Comply Globally

Posted in International, Privacy Regulation, Security Programs & Policies

We used to talk about the “borderless” environment of the Internet.  These days, that view is looking increasingly outmoded and utopian, in large part because of the intersection of law enforcement and privacy concerns.  Steady increases in regulation (and enforcement of existing regulation) in these areas is increasingly prompting two types of responses by global… Continue Reading

European Court Invalidates Data Retention Directive, Time to Rethink

Posted in International, Privacy Regulation

Depending on the new Commission’s level of ambition when it takes office in the Autumn, this week’s European Court of Justice preliminary ruling (Cases C-293/12 and C-594/12), which found a 2006 Directive invalid, could prove an opportunity to re-think the EU approach to privacy and protecting personal data. When we think about the EU and… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Allen

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our special guest this week is Michael Allen, former Majority Staff Director of the House intelligence committee.  Mike is the founder of Beacon Global Strategies and the author of Blinking Red, the story of the creation of the Director of National Intelligence. We drag him into the program from the beginning, getting his take on… Continue Reading

Debating Snowden

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

For some reason, debates about Snowden are thick on the ground these days, and I’ve joined a couple of them. The most fun was the Oxford Union, which has been preparing future Parliamentarians (and Prime Ministers) all around the British Commonwealth since 1823. The Oxford Union debate was “This House would call Edward Snowden a… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s cyberlaw podcast begins as always with the week in NSA. We suspect that a second tech exec meeting with the President (for two hours!) bodes ill for the intelligence community, or at least the 215 metadata program, as does the shifting position of usually stalwart NSA supporters like Dianne Feinstein and Dutch Ruppersberger…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Novack

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

This week’s podcast covers the latest on NSA.  We mock EFF overriding one of the privacy protections in NSA’s metadata program by killing the 5-year retention limit.  We puzzle over the New York Times story on “raw take.”  What exactly is the news there?  We also ask whether NSA and the telcos will end up… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Sedgewick

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

In our ninth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss: This week in NSA/Snowden: NSA weighs options for 215 data and the Office of the Director of National Intelligence will not disclose the study of storage options; GCHQ’s webcam captures; Canadian extradition flap; ABA President sends letter to… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Stroz

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

In our eighth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, Jason Weinstein and guest commentators Stephen Heifetz and Stephanie Roy discuss: This week in NSA/Snowden: Law Firm Surveillance Report Cited in Legal Challenge and Report: American law firm’s communications spied on; Merkel Backs Plan to Keep European Data in Europe and EU… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Chris Inglis

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

In our third episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss the Aereo case that the Supreme Court has decided to hear; share their reactions to the President’s NSA announcement; explain what went on with Apple’s refund of in-app purchases; discuss NIST’s announcement that they would reduce the privacy… Continue Reading

Tightening the Screws on Chinese Investment

Posted in China, International, Security Programs & Policies

The Committee on Foreign Investment in the United States, or CFIUS, reviews foreign investments for national security risks. It is now beyond doubt that Chinese investment is getting much closer scrutiny from CFIUS. A total of ten transactions failed to survive review in 2012, according to a just-released Treasury report. That may not sound like… Continue Reading

New Controls on Surveillance and Hacking Tools?

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

The old Cold War export control alliance, now known as the Wassenaar Arrangement, hasn’t exactly been a hotbed of new controls since Russia joined the club. But according to the Financial Times, the 41-nation group is preparing a broad new set of controls on complex surveillance and hacking software and cryptography. I suspect that the… Continue Reading

Hackback Backers’ Comeback?

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

The US-China Economic and Security Review Commission has issued its annual report. It reminds us that, while press and privacy campaigners have been hyperventilating over US intelligence programs, there are, you know, actual authoritarian governments at work in the United States — breaking into the networks of activists whom they dislike, newspapers whose sources they… Continue Reading

When Separation of Powers is a Matter of Life and Death

Posted in International, Security Programs & Policies

The Leahy-Sensenbrenner USA FREEDOM Act puts the Foreign Intelligence Surveillance (FIS) court in charge of shaping, overseeing, and enforcing minimization guidelines in connection with section 215, pen/trap orders, and section 702, largely taking the Attorney General out of the process of writing minimization guidelines. I’m appalled, because the FIS court has taken control of minimization… Continue Reading

Espionage and Allies

Posted in International, Security Programs & Policies

I contributed a short piece to the New York Times on the latest Snowden-generated flap over allegations that NSA targeted Angela Merkel’s mobile phone. Excerpts: To play the role it has played in the world for the last 70 years, the United States must be able to gather intelligence anywhere in the world with little… Continue Reading

European Webmail Privacy: Even Worse Than I Thought

Posted in International, Privacy Regulation, Security Programs & Policies

I’ve been critical of the claim that European privacy law offers more protection against government surveillance than American law. Apparently not critical enough. An Ars Technica reporter with a pro-privacy inclination decided to seriously investigate using a German email system to get the benefits of European privacy law. His tale of disillusionment revealed three privacy… Continue Reading

EU Data Protection – The Inconvenient Truth

Posted in Data Breach, International, Privacy Regulation, Security Programs & Policies

In the wake of the leaks about the NSA’s PRISM program and domestic data collection activities, EU officials have, quite predictably, raised alarms that the NSA’s programs pose a grave threat to the privacy of EU citizens. In recent days, European Parliament members have been quoted as calling the NSA programs “shocking” and tantamount to… Continue Reading

Using Attribution to Deter Cyberespionage

Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Foreign Policy has published my article on how attribution can be used to deter foreign governments’cyberespionage. Excerpts below: The Obama-Xi summit in Sunnylands ended without any Chinese concessions on cyber-espionage. This came as no surprise; cyber spying has been an indispensable accelerant for China’s military and economic rise. And though Beijing may someday agree that… Continue Reading

Support for Retribution and Active Defense Increases

Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Chinese hacking continues to build anger in American business and government circles. As a result, private companies may be encouraged to do more than passively defend their networks as evidenced by the recent report of a commission headed by two Obama appointees, former US Ambassador to China (and minor GOP Presidential candidate) Jon Huntsman and… Continue Reading

Lessons From the New York ATM Heist

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

The announcement yesterday of charges in New York against eight members of a cybercrime ring that stole $40 million from ATMs in 24 countries, all within 10 hours, is the latest in a series of episodes that illustrate the constant threat of cyber attacks against our corporate networks. This case should be a wake-up call… Continue Reading

The Question of ‘International Law of Cyberwar’

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

Will international law and diplomacy limit cyberwar? Those who believe in international “norms” for cyberwar usually argue that cyberattacks on financial institutions are beyond the pale. For example, Harold Koh has declared the State Department’s view that cyberwarriors “must distinguish military objectives … from civilian objects, which under international law are generally protected from attack.”… Continue Reading

Hacking Hollywood

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

That might sound like breaking news from 1983, but this time we’re not talking movie plots, we’re talking business. Specifically how Chinese cyberespionage could affect Hollywood’s bottom line. The Hollywood Reporter asked me to talk about that impact in a guest column, out this week. Here’s some of what I said: Hollywood might be blinded… Continue Reading

The Hackback Debate Revisited

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Last fall, Orin Kerr and I engaged in an online debate over the Computer Fraud and Abuse Act — specifically whether it is lawful for the victim of computer crime to follow his stolen data into networks controlled by the thief. The debate spread across several posts and into the comments, but it’s been pulled… Continue Reading

Found: The PLA’s University of Hacking

Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Bloomberg Businessweek has a remarkable story about the identification of another Chinese hacker. It’s a long, tangled, and fascinating tale of good sleuthing by several researchers, but the trail ends with Zhang Changhe, a digital entrepreneur and teacher — at a People’s Liberation Army school that is suspected of training PLA hackers. In the denouement,… Continue Reading