Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in the decade since he left government. He’s a little friendlier to European notions of data protection, a little more cautious about government authority to access data, and even a bit more open to the idea of letting the victims of cyberattacks leave their networks to find their attackers (under government supervision, that is). It’s a thoughtful, practical meditation on where the digital revolution is taking us and how we should try to steer it.
We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more than I agree with. But his latest book opens new common ground between us, and we both foresee a darker future for a world that has digitally connected things that can kill people without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution.
On September 4th, Alan Cohn hosted the 229th episode of The Cyberlaw Podcast. We took a deep dive into all things blockchain and cryptocurrency discussing recent regulatory developments and best practices for users of exchanges.
The United States may have pioneered the idea of fighting wars in cyberspace, but it’s our adversaries who are using cyberattacks most effectively. To deter them, the country needs creative new ways to punish nations if they launch the devastating attacks that are within their grasp.
We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my May 2015 interview with Bruce about his earlier work, the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility.
We’ll be back in September with another edition of Blockchain Takes Over the Cyberlaw Podcast, followed by the new interview with Bruce Schneier.
On August 28, Steptoe will host a webinar on US-China trade relations. From the announcement:
Over the past few months, US-China trade relations have radically changed. Under Section 301 of the Trade Expansion Act of 1962, the United States has imposed additional tariffs on billions worth of China imports and is threatening to import tariffs on billions more, and China has responded in kind. These tariffs have caused significant turmoil and uncertainty in the US business community.
We have prepared answers to some frequently asked questions to help companies cope with the most immediate consequences of these proceedings. But US companies must also start to consider the longer term repercussions of these tariffs. The landscape of US-China trade relations has been fundamentally altered, and US companies must consider how they can integrate this “new normal” into their business operations.
You can learn more and RSVP on the event page here.
After months of hearings and other deliberations, Congress passed, and President Trump signed into law on August 13, 2018, the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA). FIRRMA marks the first update to the Committee on Foreign Investment in the United States (CFIUS) in over a decade and will considerably expand the jurisdiction of the Committee and make other important changes to its rules. A text of the final version of FIRRMA (Sections 1701 to 1728 of the National Defense Authorization Act for Fiscal Year 2019 (NDAA)), is available here. The NDAA also includes comprehensive US export control reform legislation that (among other things) mandates increased US export controls over “emerging and foundational technologies” to address some of the US national security concerns that had led to calls for CFIUS reform. FIRRMA has gone through a number of revisions as it advanced in Congress and earlier versions of the bill are discussed in our previous International Law Advisories from June and January of this year.
The changes to CFIUS in FIRRMA are far-reaching. First, and most significantly, CFIUS’s jurisdiction will expand to cover additional investments in US critical infrastructure and critical technology companies and US companies that deal with substantial amounts of US personal data, certain real estate transactions, and concessions at ports and airports. This change will not go into effect until CFIUS updates its regulations and defines a number of key terms. Second, a new “declaration” filing mechanism could simplify the review process for some transactions – if CFIUS shows a willingness to accept these filings. Third, CFIUS is no longer a wholly voluntary process, as some transactions will now require filing with CFIUS. Fourth, the timeline for CFIUS review will be lengthened, and CFIUS will be authorized to charge “filing fees” for the first time.
We’re officially on hiatus this month, but we just couldn’t stay away that long. If you can’t live without The Cyberlaw Podcast in your life, then you’re in luck. We’re releasing a couple bonus episodes with some of my favorite past interviews.
Our guest for the interview is Noah Phillips, recently appointed FTC Commissioner and former colleague of Stewart Baker at Steptoe. Noah fields questions about the European Union, privacy, and LabMD, about whether Silicon Valley suppression of conservative speech should be a competition law issue, about how foreign governments’ abuse of merger approvals can be disciplined, and much more.
In this episode, Bobby Chesney explains the rapid emergence of undetectably forged videos. They’re not here yet, but before we’re ready the Internet will be awash with fake revenge porn, fake human rights atrocities, and fake political scandals. Our talk revolves around a recent paper by Bobby and Danielle Citron. I confess to having seriously considered federal support for a fake video involving Osama bin Laden and kumquats (not what you’re thinking, though that would have been good, too). Bobby and I discuss the ways in which the body politic – and particular political bodies – might protect themselves. This leads Bobby to propose a special Cyberlaw Podcast mug for best listener suggestions for what tattoo – and where – I should get as my last line of defense. He’s on. Send them to CyberlawPodcast@steptoe.com.