This episode features a much deeper, and more diverse, examination of the Fifth Circuit decision upholding Texas’s social media law. We devote the last half of the episode to a structured dialogue about the opinion between Adam Candeub and Alan Rozenshtein. Both have written about it already, Alan critically and Adam supportively. I lead off, arguing that, contrary to legal Twitter’s dismissive reaction, the opinion is a brilliant and effective piece of Supreme Court advocacy. Alan thinks that is exactly the problem; he objects to the opinion’s grating self-certainty and refusal to acknowledge the less convenient parts of past case law. Adam is closer to my view. We all seem to agree that the opinion succeeds as an audition for Judge Andrew Oldham to become Justice Oldham in the DeSantis Administration.

We walk through the opinion and what its critics don’t like, touching on the competing free expression interests of social media users and of the platforms themselves, whether there’s any basis for an injunction today, given the relative weakness of the overbreadth argument and the fundamental disagreement over whether “exercising editorial discretion” is a fundamental right under the first amendment or just an artifact of older technologies. Most intriguingly, we find unexpected consensus that Judge Oldham’s (and Clarence Thomas’s) common carrier argument may turn out to be the most powerful point in the opinion and when the case reaches the Court.

In the news roundup, we focus on the Congressional sprint to pass additional legislation before the end of the Congress. Michael Ellis explains the debate between the Cyberspace Solarium Commission alumni and business lobbyists over enacting a statutory set of obligations for systemically critical infrastructure companies. Adam outlines a strange-bedfellows bill that has united Sens. Amy Klobuchar (D-Minn.) and Ted Cruz (R-Texas) in an effort to give small media companies and broadcasters an antitrust immunity to bargain with the big social media platforms over the use of their content. Adam is a skeptic, Alan less so.

The Pentagon, reliably braver when facing bullets than a bad Washington Post story, is performing to type in the flap over fake social media accounts. Michael tells us that the accounts pushed pro-U.S. stories but met with little success before Meta and Twitter caught on and kicked them off their platforms. Now the Department of Defense is conducting a broad review of military information operations. I predict fewer such efforts and don’t mourn their loss.

Adam and I touch on a decision of Meta’s Oversight Board criticizing Facebook’s automated image takedowns. I offer a new touchstone for understanding content regulation at the Big Platforms: They just don’t care, so they’ve turned to whole project over to second-rate AI and second-rate employees.

Michael walks us through the Department of the Treasury’s new flexibility on sending communications software and services to Iran.

And, in quick hits, I note that:

                                                                                                                           

Download the 423rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The big news of the week was a Fifth Circuit decision upholding Texas social media regulation law. It was poorly received by the usual supporters of social media censorship but I found it both remarkably well written and surprisingly persuasive. That does not mean it will survive the almost inevitable Supreme Court review but judge Oldham wrote an opinion that could be a model for a Supreme Court decision upholding Texas law.

The big hacking story of the week was a brutal takedown of Uber, probably by the dreaded Advanced Persistent Teenager. Dave Aitel explains what happened and why no other large corporation should feel smug or certain that it cannot happen to them. Nick Weaver piles on.

Maury Shenk explains the recent European court decision upholding sanctions on Google for its restriction of Android phone implementations.

Dave points to some of the less well publicized aspects of the Twitter whistleblower’s testimony before Congress. We agree on the bottom line – that Twitter is utterly incapable of protecting either U.S. national security or even the security of its users’ messages. If there were any doubt about that, it would be laid to rest by Twitter’s dependence on Chinese government advertising revenue.

Maury and Nick tutor me on The Merge, which moves Ethereum from “proof of work” to “proof of stake,” massively reducing the climate footprint of the cryptocurrency. They are both surprisingly upbeat about it.

Maury also lays out a new European proposal for regulating the internet of things – and, I point out, for massively increasing the cost of all those things.

China is getting into the attribution game. It has issued a report blaming the National Security Agency for intruding on Chinese educational institution networks. Dave is not impressed.

The Department of Homeland security, in breaking news from 2003, has been keeping the contents of phones it seizes on the border. Dave predicts that DHS will have to further pull back on its current practices. I’m less sure.

Now that China is regulating vulnerability disclosures, are Chinese companies reluctant to disclose vulnerabilities outside China? The Atlantic Council has a report on the subject, but Dave thinks the results are ambiguous at best.

In quick hits:

                                                                                                                           

Download the 422nd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

  • Gus Hurwitz brings us up to speed on tech bills in Congress. They are all dead, but some of them don’t know it yet. The big privacy bill, American Data Privacy and Protection Act, was killed by the left, but I argue that it’s the right that should be celebrating, since the bill would have imposed race and gender preferences all across the economy, and the GOP members who supported the measure in the House were likely sold a bill of goods by industry lobbyists. The big antitrust bill, American Innovation and Choice Online Act, is also a zombie, Gus argues, lurching undead toward the Senate floor but unlikely to muster the GOP votes needed to pass, mainly because content moderation has become a simple partisan issue: the GOP wants less (or fairer) moderation, Dems want more of what Silicon Valley has been dishing out for the past few years. If the bill doesn’t produce viewpoint competition in the tech sector, it has nothing for the GOP, and industry lobbyists are happily driving wedges into that divide. The same divide also caused a stutter in the bill allowing newspapers to bargain collectively with the big platforms. It may make it to the floor, but it’s already losing body parts. Meanwhile, the White House is having a weirdly inconclusive “listening session” that might better have been called a “talking but not really proposing anything session.”
  • When Iran launched a wiper attack on Albania because of its harboring of Mujahedin-e-Kalq, Albania broke relations with Iran and the U.S. promised consequences. In fact, all the U.S. seems to have done is impose meaningless sanctions on the already-sanctioned Iranian spy ministry. What was Iran’s response? A second cyberattack on Albania. Nate Jones runs down the story. Jamil Jaffer and I question whether governmental sanctions on foreign intelligence agencies, which never promised much, are now delivering more an appearance of haplessness than of strength.
  • Jamil and I dwell on the criminal trial of Joe Sullivan for how he handled some hackers who got access to personal data stored by Uber. He decided to pay the hackers a bug bounty in exchange for their promising to destroy the data. That allowed Uber to avoid treating (and reporting) the incident as a breach on trial. Creative lawyering or too creative by half? Either way, calling it obstruction of justice and wire fraud seems like a reach, but that’s what the Justice is charging in a case ongoing today. This is a heavily politicized case, and all the politics – corporate and governmental – line up against Sullivan. Whether the jury will is another question. Meanwhile, everyone from other CISOs to former New York Times reporter Nicole Perlroth are questioning the prosecution’s merits and likely consequences. However, the case comes out, I predict that the biggest loser will be the FBI, which will never again get the kind of welcome from CISOs that it has come to expect.
  • Jamil critiques Apple’s decision to support China’s chip industry with new orders – and its claim that the chips it puts in its phones for the China market will stay in China.
  • The sanctions on Tornado Cash come back for a second week in a row, Nate tells us, this time as litigation, as Coinbase funds an APA and constitutional challenge to the sanctioning of a pile of code rather than a person or other entity. My money is on the Deparment of the Treasury (Treasury) winning in the end.
  • In quicker hits, Nate and I talk about the many cryptocurrency policy papers coming out of the administration these days. Treasury plans to warn the White House that cryptocurrency needs regulation. And the White House science office thinks proof-of-work crypto mining is warming the planet unnecessarily. Gus and I wonder out loud whether Lina Khan’s Federal Trade Commission has a fatal case of “eyes bigger than stomach.” Nate cover’s the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) request for public feedback on its mandatory incident reporting rule. Gus and I note new criticism of the EU’s AI Act as well as the opening round in what could turn out to be an important Justice Department case trying to end Google’s large payments to be the default search engine on popular platforms like the iPhone.

                                                                                                           

 

Download the 421st Episode (mp3)

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

This is our return-from-hiatus episode. Jordan Schneider kicks things off by recapping passage of a major U.S. semiconductor-building subsidy bill, while new contributor Brian Fleming talks with Nick Weaver about new regulatory investment restrictions and new export controls on (artificial Intelligence (AI) chips going to China. Jordan also covers a big corruption scandal arising from China’s big chip-building subsidy program, leading me to wonder when we’ll have our version.

Brian and Nick cover the month’s biggest cryptocurrency policy story, the imposition of OFAC sanctions on Tornado Cash. They agree that, while the outer limits of sanctions aren’t entirely clear, they are likely to show that sometimes the U.S. Code actually does trump the digital version. Nick points listeners to his bracing essay, OFAC Around and Find Out.

Paul Rosenzweig reprises his role as the voice of reason in the debate over location tracking and Dobbs. (Literally. Paul and I did an hour-long panel on the topic last week. It’s available here.) I reprise my role as Chief Privacy Skeptic, calling the Dobb/location fuss an overrated tempest in a teapot.

Brian takes on one aspect of the Mudge whistleblower complaint about Twitter security: Twitter’s poor record at keeping foreign spies from infiltrating its workforce and getting unaudited access to its customer records. In a coincidence, he notes, a former Twitter employee was just convicted of “spying lite”, proves it’s as good at national security as it is at content moderation.

Meanwhile, returning to U.S.-China economic relations, Jordan notes the survival of high-level government concerns about TikTok. I note that, since these concerns first surfaced in the Trump era, TikTok’s lobbying efforts have only grown more sophisticated. Speaking of which, Klon Kitchen has done a good job of highlighting DJI’s increasingly sophisticated lobbying in Washington D.C.

The Cloudflare decision to deplatform Kiwi Farms kicks off a donnybrook, with Paul and Nick on one side and me on the other. It’s a classic Cyberlaw Podcast debate.

In quick hits and updates:

And, after waiting too long, Brian Krebs retracts the post about a Ubiquity “breach” that led the company to sue him.

                                                                                                                          

Download the 420th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Just when you thought you had a month free of the Cyberlaw Podcast, it turns out that we are persisting, at least a little. This month we offer a bonus episode, in which Dave Aitel and I interview Michael Fischerkeller, one of three authors of “Cyber Persistence Theory: Redefining National Security in Cyberspace.”

The book is a detailed analysis of how cyberattacks and espionage work in the real world – and a sharp critique of military strategists who have substituted their models and theories for the reality of cyber conflict. We go deep on the authors’ view that conflict in the cyber realm is all about persistent contact and faits accomplis rather than compulsion and escalation risk. Dave pulls these threads with enthusiasm.

I recommend the book and interview in part because of how closely the current thinking at United States Cyber Command is mirrored in both.

                                                                                                           

Download the 419th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

As Congress barrels toward an election that could see at least one house change hands, efforts to squeeze big bills into law are mounting. The one with the best chance (and better than I expected) would drop $52 billion in cash and a boatload of tax breaks on the semiconductor industry. Michael Ellis points out that this is industrial policy without apology, and a throwback to the 1980s, when the government organized SEMATECH, a name derived from “Semiconductor Manufacturing Technology” to shore up U.S. chipmaking. Thanks to a bipartisan consensus on the need to fight a Chinese challenge, and a trimming of provisions that tried to hitch a ride on the bill, there now looks to be a clear path to enactment for this bill.

And if there were doubt about how serious the Chinese challenge in chips will be, an under covered story revealed that China’s chipmaking champion, SMIC has been making 7-nanometer chips for months without an announcement. That’s a diameter that Intel and GlobalFoundries, the main U.S. producers, have yet to reach in commercial production.

The national security implications are plain. If commercial products from China are cheap enough to sweep the market, even security-minded agencies will be forced to buy them, as it turns out the FBI and DHS have both been doing with Chinese drones. Nick Weaver points to his Lawfare piece showing just how cheaply the U.S. (and Ukraine) could be making drones.

Responding to the growing political concern about Chinese products, TikTok’s owner ByteDance, has increased its U.S. lobbying spending to more than $8 million a year, Christina Ayiotis tells us — an amount, I point out, that just about matches what Google spends on lobbying.

In the same vein, Nick and Michael question why the government hasn’t come up with the extra $3 billion to fund “rip and replace” for Chinese telecom gear. That effort will certainly get a boost from reports that Chinese telecom sales were offered on especially favorable terms to carriers who service America’s nuclear missile locations. I offer an answer: The Obama administration actually paid these same rural carriers to install Chinese equipment as part of the 2009 stimulus law. I cannot help thinking that the rural carriers ought to bear some of the cost of their imprudent investments and not ask U.S. taxpayers to pay them both for installing and ripping out the same gear.

In news not tied to China, Nick tells us about the House Energy and Commerce Committee’s serious progress on a compromise federal data privacy bill. It is still a doomed bill, given resistance from Dems and GOP in the Senate. I argue that that’s a good thing, given the egregious effort to impose “disparate impact” quotas for race, color, religion, national origin, sex, and disability on every algorithm that processes even a little personal data. This is a transformative social engineering project that just one section (208) of  the “privacy” bill will impose without any serious debate.

Christina grades Russian information warfare based on its latest exploit: hacking a Ukrainian radio broadcaster to spread fake news about Zelensky’s health, As a hack, it gets a passing grade, but as a believable bit of information warfare, it is a bust.

Tina, Michael and I evaluate YouTube’s new policy on removing “misinformation” related to abortion, and the risk that this policy, like so many Silicon Valley speech suppression schemes, will start out sounding plausible and end in political correctness.

Nick and I celebrate the Department of Justice’s increasing success in sometimes seizing cryptocurrency from hackers and ransomware gangs. It may just be Darwin at work, but it’s nice to see.

Nick offers the recommended long read of the week –  Brian Krebs’s takedown of the VPN malware supplier, 911.

And in updates and quick hits:

                                                                                                                           

Download the 418th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Kicking off a packed episode, the Cyberlaw Podcast calls on Megan Stifel to cover the first Cyber Safety Review Board (CSRB) report. The CSRB does exactly what those of us who supported the idea hoped it would do – provide an authoritative view of how the Log4J incident unfolded along with some practical advice for cybersecurity executives and government officials.

Jamil Jaffer tees up the second blockbuster report of the week, a Council on Foreign Relations study called “Confronting Reality in Cyberspace Foreign Policy for a Fragmented Internet.” I think the study’s best contribution is its demolition of the industry-led claim that we must have a single global internet. That has not been true for a decade, and pursuing that vision means that the U.S. is not defending its own interests in cyberspace. I call out the report for the utterly wrong claim that the U.S. can resolve its transatlantic dispute with Europe by adopting a European-style privacy law. Europe’s beef with us on privacy reregulation of private industry is over (we surrendered); now the fight is over Europe’s demand that we rewrite our intelligence and counterterrorism laws. Jamil Jaffer and I debate both propositions.

Megan discloses the top cybersecurity provisions added to the House defense authorization bill – notably the five year term for the head of Cybersecurity and Infrastructure Security Agency (CISA) and a cybersecurity regulatory regime for systemically critical industry. The Senate hasn’t weighed in yet, but both provisions now look more likely than not to become law.

Regulatory cybersecurity measures look like the flavor of the month. The Biden White House is developing a cybersecurity strategy that is expected to encourage more regulation. Jamil reports on the development but is clearly hoping that the prediction of more regulation does not come true.

Speaking of cybersecurity regulation, Megan kicks off a discussion of Department of Homeland Security’s CISA weighing in to encourage new regulation from the Federal Communication Commission (FCC) to incentivize a shoring up of the Border Gateway Protocol’s security. Jamil thinks the FCC will do better looking for incentives than punishments.

Tatyana Bolton and I try to unpack a recent smart contract hack and the confused debate about whether “Code is Law” in web3. Answer: it is not, and never was, but that does not turn the hacking of a smart contract into a violation of the Computer Fraud and Abuse Act.

Megan covers North Korea’s tactic for earning dollars while trying to infiltrate U.S. crypto firms – getting remote work employment at the firms as coders. I wonder why LinkedIn is not doing more to stop scammers like this, given the company’s much richer trove of data about job applicants using the site.

Not to be outdone, other ransomware gangs are now adding to the threat of doxing their victims by making it easier to search their stolen data. Jamil and I debate the best way to counter the tactic.

Tatyana reports on Mark Warner’s D-Va., effort to strongarm the intelligence community into supporting Sen. Amy Klobuchar’s, D-Minn., antitrust law aimed at the biggest tech platforms – despite its inadequate protections for national security.

Jamil discounts as old news the Uber leak. We didn’t learn much from the orgy of coverage that we didn’t already know about Uber’s highhanded approach in the teens to taxi monopolies and government.

Jamil and I endorse the efforts of a Utah startup devoted to following China’s IP theft using China’s surprisingly open information. Why Utah, you ask? We’ve got the answer.

In quick hits and updates:

                                                                                                           

Download the 417th Episode (mp3)

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

 

 

 

 

 

 

 

Dave Aitel introduces a deliciously shocking story about lawyers as victims and – maybe – co-conspirators in the hacking of adversaries’ counsel to win legal disputes. The trick, it turns out, is figuring out how to benefit from hacked documents without actually dirtying one’s hands with the hacking. And here too, a Shakespearean Henry (II this time) has the answer: hire a private investigator and ask “Will no one rid me of this meddlesome litigant?” Before you know it, there’s a doxing site full of useful evidence on the internet.

But first Dave digs into an intriguing but flawed story of how and why the White House ended up bigfooting a possible acquisition of NSO by L3Harris. Dave spots what looks like a simple error, and we are both convinced that the New York Times got only half the story. I suspect the White House was surprised by the leak, popped off about how bad an idea the deal was, and then was surprised to discover that the intelligence community had signaled interest.

That leads us to the reason why NSO has continuing value – its ability to break Apple’s phone security. Apple is now trying to reinforce its security with the new, more secure and less convenient, lockdown mode. Dave gives it high marks and challenges Google to match Apple’s move.

Next, we dive into the US effort to keep Dutch firm ASML from selling chip-making machines to China. Dmitri Alperovich makes a special appearance to urge more effective use of export controls; he and Dave both caution, however, that the U.S. must impose the same burdens on its own firms as on its allies’.

Jane Bambauer introduces the latest government proposal to take a bite out of crime by taking a bite out of end-to-end encryption (“e2e”). The U.K. has introduce an amendment to its pending online safety bill that would require regulated user-to-user services to identify and swiftly take down terrorism and child sex abuse material. The identifying isn’t easy in an e2e environment, Jane notes, so this bill could force adoption of the now-abandoned Apple proposal to do local scanning on your phone. I’m usually a cheap date for crypto-skeptical laws, but I can’t help noticing that this proposal will stir up 90% as much opposition as requiring companies to be able to intercept communications when they get a court order while it probably addresses only 10% of the crimes that occur on e2e networks.

Jane and I take turns pouring cold water on journalists, NGOs, and even Congress for their feverish effort to turn the Supreme Court’s abortion ruling into a reason to talk about privacy. Dumbest of all, in my view, is the claim that location services will be used to gather evidence and prosecute women who visit out of state abortion clinics. As I point out, such prosecutions won’t even muster five votes on this Court.

Dave spots another doubtful story about Russian government misuse of a red team hacking tool. He thinks it’s a case of a red team hacking tool being used by … a red team.

Jane notes that Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has announced a surprisingly anodyne (and arguably unnecessary) post-quantum cryptography initiative. I’m a little less hard on DHS, but only a little.

Finally, in updates and quick hits:

                                                                                                           

Download the 416th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

 

 

For decades, U.S. cyber exploits were notoriously lawyer-ridden, to the point where it was a key element of attribution. But it looks like Israel has matched and surpassed U.S. cyberwarriors. In an attack claimed by some “hacktivist” group but widely attributed to Israel, Nate Jones reports, several Iranian mills shut down in a flood of sparks and molten steel. But the most interesting thing about the attack was the video pre-roll, which went out of its way to note that the mills were under international sanction and that the attackers sent workers warnings to avoid casualties. Some of that was prudence; when you’re escalating cyber tactics, it’s a good idea to emphasize the limits you’re observing. But a lot of it was lawyers worried about the law of armed conflict. On top of an earlier campaign that cut off gasoline supplies but also warned emergency medical and fire services to gas up in advance, it looks as though lawyers are shaping some of the best cyber attacks.

China, meanwhile, is putting resources into exporting its Fifty Cent Army to the United States. Sultan Meghji and Maury Shenk cover a Chinese campaign on social media to turn American rare earths processing into an environmental controversy. In this case, I argue, China is taking a leaf from the Russian playbook for driving up costs for American frackers who were holding down the price of Russian oil. I urge someone to do the research necessary to figure out just how many of those fake American accounts are also on TikTok, and how TikTok’s algorithm is treating them. Speaking of Chinese propaganda, Maury tells us that one of its cybersecurity firms is accusing the U.S. of planting Trojans in hundreds of important Chinese information systems, which might be interesting if the report actually provided some details.

Feeling the spur of competition from Israel’s cyber lawyers, NSA’s counsel has opened a new front. They persuaded the Justice Department to fight a merger on the grounds that it will reduce competition in the bidding on a single NSA program. Nate and I are stuck on the market definition problems for the case, but Sultan thinks it’s an investment opportunity.

This Week in Stupid Artificial Intelligence (AI) Research: We never lack for stories in this category, but this week the two contenders are evenly matched. Sultan tells us about a story that proves you can always find sex and race discrimination in AI if your study is designed badly enough. But Maury finds another group of researchers who went one better, designing a moderately effective crime prediction algorithm and then arguing that the police were racist if they put more police into high-crime neighborhoods and racist if they didn’t send more police to neighborhoods with rising crime. Since the whole point of most AI bias research is to get your story into the press by finding racism, being able to find it no matter how the study  turns out is a pretty impressive strategy.

Speaking of unimpressive journalism, Sultan flags a Wall Street Journal story that lazily dumps on AI research for not doing everything we want, while pretty much ignoring things it has done well.

Sultan also leads us through the wreckage of one cryptocurrency domino after another, but he thinks it’s likely to put a firmer, and more regulated, foundation under the businesses that survive. Nate reprises the EU contribution to the issue – more regulation, natch – but in a surprise twist for the Cyberlaw Podcast, the Brussels proposal gets pretty high marks.

Updating a few stories from past weeks,

  • Google is really getting hurt by the study showing it favoring Democratic fundraising messages over Republicans by about 7 to 1. The GOP has always believed (correctly) that its views are being handicapped by Silicon Valley, but this time the evidence is hard to refute. Indeed, Google isn’t really refuting it, just promising to do better in future, while Republicans are claiming that Gmail bias cost them $2 billion in donations and proposing tough new transparency laws.
  • The Justice Department is upping the stakes for Uber’s former chief information security officer (CISO) with the trial court’s permission, charging Joe Sullivan with wire fraud for treating what looks like a data breach ransom as a bug bounty. The Department of Justice says this defrauded Uber drivers and customers. Sullivan is the first, but probably not the last, CISO who’ll face this charge, as government slips away from “public-private partnership” as the reason to report breaches and instead embraces fear of prosecution.
  • And the Transportation Security Administration (TSA), after taking criticism for the harshness of its secret cybersecurity standards for pipelines, had offered some secret amendments to those standards. Is that a good thing? Who knows?

                                                                                                           

Download the 415th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It’s that time again on the Congressional calendar. All the big, bipartisan tech initiatives that looked so good a few months ago are beginning to compete for time on the floor like fat men desperate to get through a small door. And tech lobbyists are doing their best to handicap the bills they hate while advancing those they like.

We open the Cyberlaw Podcast by reviewing a few of the top contenders. Justin (Gus) Hurwitz tells us that the big bipartisan compromise on privacy is probably dead for this Congress, killed by Senator Maria Cantwell (D-WA) and the new politics of abortion. The big subsidy for domestic chip fabs is still alive, Jamil Jaffer but beset by House and Senate differences, plus a proposal to regulate outward investment by U.S. firms that would benefit China and Russia. And Senator Amy Klobuchar’s (D-MIN) platform anti-self-preferencing bill is being picked to pieces by lobbyists trying to cleave away GOP votes over content moderation and national security.

David Kris unpacks the First Circuit decision on telephone pole cameras and the fourth amendment. Technology and Fourth Amendment law is increasingly agoraphobic, I argue, as aging boomers find themselves on a vast featureless constitutional plain, with no precedents to guide them and forced to fall back on their sense of what was creepy in their day.

Speaking of creepy, the Australian Strategic Policy Institute (ASPI) has a detailed report on just how creepy content moderation and privacy protections are at TikTok and WeChat. Jamil gives the highlights.

Not that Silicon Valley has anything to brag about. I sum up This Week in Big Tech Censorship with two newly emerging rules for conservatives on line: First, obeying Big Tech’s rules is no defense; it just takes a little longer before your business revenue is cut off. Second, having science on your side is no defense. As a Brown University doctor discovered, citing a study that undermines Centers for Disease Control and Prevention (CDC) orthodoxy will get you suspended. Who knew we were supposed to follow the science with enough needle and thread to sew its mouth shut?

If Sen. Klobuchar fails, all eyes will turn to Lina Khan’s Federal Trade Commission, Gus tells us, and its defense of the “right to repair” may give a clue to how it will regulate.

David flags a Google study of zero-days sold to governments in 2021. He finds it a little depressing, but I note that at least some of the zero-days probably require court orders to implement.

Jamil also reviews a corporate report on security, Microsoft’s analysis of how Microsoft saved the world from Russian cyber espionage – or would have if you ignoramuses would just buy more cloud services. OK, it’s not quite that bad, but the marketing motivations behind the report show a little too often in what is otherwise a useful review of Russian tactics.

In quick hits:

Gus tells us about a billboard that can pick your pocket: In NYC, naturally.

                                                                                               

Download the 414th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.