Header graphic for print

Steptoe Cyberblog

Episode 281: Can the European Union order Twitter to silence President Trump?

Posted in China, European Union, International, Privacy Regulation

 

Today’s episode opens with a truly disturbing bit of neocolonial judicial lawmaking from the Court of Justice of the European Union. The CJEU ruled that an Austrian court can order Facebook to take down statements about an Austrian politician. Called an “oaf” and a “fascist,” the politician more or less proved the truth of the accusations by suing to keep that and similar statements off Facebook worldwide. Trying to find allies for my proposal to adopt blocking legislation to protect the First Amendment from foreign government interference, I argue that President Trump should support such a law. After all, if he were ever to insult a European politician on Twitter, this ruling could lead to litigation that takes his Twitter account off the air. True, he could criticize the judges responsible for the judgment as “French” or “German” without upsetting CNN, but that would be cold comfort. At last, a legislative and international agenda for the Age of Trump!

Continue Reading

Episode 280: Challenging Edward Snowden

Posted in International

 

In this episode I cross swords with John Samples of the Cato Institute on Silicon Valley’s efforts to disadvantage conservative speech and what to do about it. I accuse him of Panglossian libertarianism; he challenges me to identify any way in which bringing government into the dispute will make things better. I say government is already in it, citing TikTok’s PRC-friendly “community standards” and Silicon Valley’s obeisance to European standards on hate speech and terror incitement. Disagreeing on how deep the Valley’s bias runs, we agree to put our money where our mouths are: I bet John $50 that Donald J. Trump will be suspended or banned from Twitter by the end of the year in which he leaves office.

There’s a lot of news in the Roundup. David Kris explains the background of the first CLOUD Act agreement that may be signed this year with the UK.

Nate Jones and I ask, “What is the president’s beef with CrowdStrike, anyway?” And find a certain amount of common ground on the answer.

This Week in Counterattacks in the War on Terror: David and I recount the origins and ironies of Congress’s willingness to end the NSA 215 phone surveillance program. We also take time to critique the New York Times’s wide-eyed hook-line-and-sinker ingestion of an EFF attack on the FBI’s use of National Security Letters.

Edward Snowden’s got a new book out, and the Justice Department wants to make sure he never collects his royalties. Nate explains. I’m just relieved that I will be able to read it without having to shoplift it. And it seems to be an episode for challenges, as I offer Snowden a chance to be interviewed on the podcast – anytime, anywhere, Ed!

Matthew Heiman explains the latest NotPeya travail for FedEx: A shareholder suit alleging that the company failed to disclose how much damage the malware caused to its ongoing business.

Evan Abrams gives a hint about the contents of Treasury’s 300-page opus incorporating Congress’s overhaul of CFIUS into the CFR.

I credit David for inspiring my piece questioning how long end-to-end commercial encryption is going to last, and we note that even the New York Times seems to be questioning whether Silicon Valley’s latest enthusiasm is actually good for the world.

Matthew tells us that China may have a new tool in the trade war – or at least to keep companies toeing the party line: The government is assigning social credit scores to businesses.

Finally, Matthew outlines France’s OG take on international law and cyber conflict. France opens up some distance between its views and those of the United States, but everyone will get a chance to talk at even greater length on the topic, as the UN gears up two different bodies to engage in yet another round of cyber-norm-building.


 

Download the 280th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Episode 279: Blockchain Takes over the Podcast

Posted in Blockchain

 

In our 279th episode of The Cyberlaw Podcast, the Blockchain Group takes over the podcast. Host Alan Cohn is joined by Gary Goldsholle, Will Turner, and Evan Abrams to discuss:

  • The SEC has issued its second token-related no-action letter to Pocketful of Quarters, Inc., giving more guidance and opening a number of issues.
  • The SEC has brought a double-headed complaint against ICOBOX, an entity that both conducted an initial coin offering (ICO) and facilitated ICOs for others.
  • The US has brought the Financial Action Task Force along on its travel rule adventure.
  • The SEC and FINRA have custody guidance.
  • FinCEN has guidance on convertible virtual currencies.
  • The SEC has brought a complaint against FantasyCoin for what amounts to sheer, brazen fraud.
  • The SEC settlement in SimplyVital Health, with Steptoe as counsel, shows the SEC’s willingness to work with companies that voluntarily remediate errors.

 

Download the 279th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

 

Episode 278: Will international trade law prevent the US from regulating the security of the Internet of Things?

Posted in International, Security Programs & Policies

 

Joel Trachtman thinks it’s a near certainty that the WTO agreements will complicate US efforts to head off an IoT cybersecurity meltdown, and there’s a real possibility that a US cybersecurity regime could be held to violate our international trade obligations. Claire Schachter and I dig into the details of the looming disaster and how to avoid it.

In the news, Paul Rosenzweig analyzes the Ninth Circuit holding that scraping publicly available information doesn’t violate the CFAA.

The California legislature has adjourned, leaving behind a smoking ruin where Silicon Valley’s business models used to be. Mark MacCarthy elaborates: One new law would force companies like Uber and Lyft (and a boatload more) to treat workers as employees, not contractors. Another set of votes has left the California Consumer Privacy Act more or less unscathed as its 2020 effective date looms. Really, it’s beginning to look as though even California hates Silicon Valley.

Klon Kitchen and I discuss the latest round of Treasury sanctions on North Korean hacking groups. The sanctions won’t hit anyone in North Korea, but they might affect a few of their enablers on the Internet. The real question, though, is this: Since sanctions violations are punishable even when they aren’t intentional, will US companies whose money is stolen by the Lazarus Group be penalized for having engaged in a prohibited transaction with a sanctioned party? Maybe the Lazarus Group should steal a license too, just to be sure.

Klon also lays out in chilling detail what the Russians were really trying to do to Ukraine’s grid – and the growing risk that someone is going to launch a destructive cyberattack that leads to a cycle of serious real-world violence. The drone attack on Saudi oil facilities shows how big that risk can be.

Paul examines reports that Israel planted spy devices near the White House. He thinks it says more about the White House than about Israel.

Paul also reports on one of the unlikelier escapades of students from his alma mater: Trading 15 minutes at the keyboard for a lifetime of trouble on their permanent records. The lesson? If you try to access the president’s tax data online, you’re going to jail, prank or not.

I walk back the deepfake voice scam story, but Klon points out that it reflects a future that is coming for us soon, if not today.

Proving the old adage about a fool for a lawyer, the Mar-a-Lago trespasser has been found guilty after an ineffective pro se defense.

Klon digs into the long and thoughtful op-ed by NSA’s Glenn Gerstell about the effects of the “digital revolution” on national security.

I note the recent Carnegie report trying to move the encryption debate forward. I also plug my upcoming speech in Israel on the topic.


 

Download the 278th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Episode 277: Bankrupting National Security?

Posted in China, European Union, International

 

Camille Stewart talks about a little-known national security risk: China’s propensity to acquire US technology through the bankruptcy courts and the many ways in which the bankruptcy system isn’t set up to combat improper tech transfers. Published by the Journal of National Security Law & Policy, Camille’s paper is available here. Camille has enjoyed great success in her young career working with the Transformative Cyber Innovation Lab at the Foundation for Defense of Democracies, as a Cybersecurity Policy Fellow at New America, and as a 2019 Cyber Security Woman of the Year, among other achievements. We talk at the end of the session about life and advancement as an African American woman in cybersecurity.


Want to hear more from Camille on this topic? She’ll be speaking Friday, September 13, at a lunch event hosted by the Foundation for Defense of Democracies. She’ll be joined by fellow panelists Giovanna Cinelli, Jamil Jaffer, and Harvey Rishikof, along with moderator Dr. Samantha Ravich. The event will be livestreamed at www.fdd.org/events. If you would like to learn more about the event, please contact Abigail Barnes at FDD. If you are a member of the press, please direct your inquiries to press@fdd.org.


Continue Reading

Episode 276: Alex Stamos on Electoral Interference in Taiwan

Posted in China, International

 

In this bonus episode of the Cyberlaw Podcast, Alex Stamos of Stanford’s Freeman Spogli Institute talks about the Institute’s recent paper on the risk of Chinese social media interference with Taiwan’s upcoming presidential election. It’s a wide-ranging discussion of everything from a century of Chinese history to the reasons why WeChat lost a social media competition in Taiwan to a Japanese company.  Along the way, Alex notes that efforts to identify foreign government election interference have been seriously degraded by (what else?) privacy law, mixed with fear of commercial consequences when China is the attacker. If companies make data about foreign government and “inauthentic” users public, the risk of liability under GDPR as well as Chinese retaliation is real, and the benefits go more to the nation as a whole rather than to the companies taking the risk.

During the interview, Alex references a paper co-authored by his colleague, Jennifer Pan, regarding the “50c party.” You can find that paper here. He also mentions his recent op-ed in Lawfare, which you can find here.


 

Download the 276th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Episode 275: Trump Derangement and the Trading with the Enemy Act

Posted in China, International

 

And we’re back with an episode that tries to pick out some of the events of August that will mean the most for technology law and policy this year. Dave Aitel opens, telling us that Cyber Command gave the world a hint of what “defending forward” looks like with an operation that is claimed to have knocked the Iranian Revolutionary Guard’s tanker attacks for a long-lasting loop.

David Kris lifts the curtain on China’s approach to information warfare, driven by the Hong Kong protests and its regional hegemonic ambitions.

Speaking of China, it looks as though that government’s determination to bring the Uighur population to heel led it to create a website devoted to compromising iPhones, in the process disclosing a few zero-days and compromising anybody who viewed the site. Dave Aitel teases out some of the less obvious lessons. He criticizes Apple for not giving security-minded users the tools they need to protect themselves. But he resists my suggestion that the FBI, which first flagged the site for Google’s Project Zero, went to Google because Apple wasn’t responsive to the Bureau’s concerns. (Alternative explanation: If you embarrass the FBI in court, don’t be surprised if they embarrass you a few years later.)

The lesson of the fight over Chinese disinformation about Hong Kong on Twitter and Facebook and the awkwardness of Apple’s situation when faced with Chinese hacking is that the US-China trade war is a lot more than a trade war. It’s a grinding, continental decoupling drift that the trade war is driving but which the Trump Administration probably couldn’t stop now if the president wanted to. We puzzle over exactly what the president does want. Then I shift to mocking CNN for Trump derangement and inaccuracy (yes, it’s an easy target, but give me a break, I’ve been away for a month): Claims that the president couldn’t “hereby order” US companies to speed their decoupling from China are just wrong as a matter of law. In fact, the relevant law, still in effect with modest changes, used to be called the Trading with the Enemy Act. And it’s been used to “hereby order” the decoupling of the US economy from countries like Nazi Germany, among others. Whether such an order in the case of China would be “lawful but stupid” is another question.

August saw more flareups over alleged Silicon Valley censorship of conservative speech. Facebook has hired former Sen. Kyl to investigate claims of anticonservative bias in its content moderation, and the White House is reportedly drafting an executive order to tackle Silicon Valley bias. I ask whether either the FTC or FCC will take up their regulatory cudgels on this issue and suggest that Bill Barr’s Justice Department might have enough tools to enforce strictures against political bias in platform censorship.

We close with the most mocked piece of tech-world litigation in recent weeks – Crown Sterling’s lawsuit against BlackHat for not enforcing its code of conduct while the company was delivering a widely disparaged sponsored talk about its new crypto system. Dave Aitel, who runs a cybersecurity conference of his own, lays out the difficulties of writing and enforcing a conference code of conduct. I play Devil’s Advocate on behalf of Crown Sterling, and by the end, Dave finds himself surprised to feel just a bit of Sympathy for the Devil.


 

Download the 275th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

New York Adopts New Data Breach Law, Including Data Security Requirements

Posted in Data Breach, Privacy Regulation

Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances the state attorney general’s enforcement authority of the data breach notification law, and introduces data security requirements for the first time. The Shield Act was passed by the New York Legislature in June. The Act goes into effect on October 23, 2019, with the exception of the Act’s data security requirements, which go into effect on March 21, 2020. Continue Reading

Episode 274: Will Silicon Valley have to choose between end-to-end crypto and shutting down speech it hates?

Posted in AI, China, International, Russia

 

Our guests this week are Paul Scharre from the Center for a New American Security and Greg Allen from the Defense Department’s newly formed Joint Artificial Intelligence Center. Paul and Greg have a lot to say about AI policy, especially with an eye toward national security and strategic competition. Greg sheds some light on DOD’s activity, and Paul helps us understand how the military and policymakers are grappling with this emerging technology. But at the end of the day, I want to know: Are we at risk of losing the AI race with China? Paul and Greg tell me not all hope’s lost – and how we can retain technological leadership.

Continue Reading

Episode 273: What it’s like to live through a big data breach

Posted in China, Data Breach, European Union, International

 

Today, I interview Frank Blake, who as CEO brought Home Depot through a massive data breach. Frank’s a former co-clerk of mine, a former Deputy Secretary of Energy, and the current host of Crazy Good Turns, a podcast about people who have found remarkable, even crazy, ways to help others. In addition to his insights on what it takes to lead an organization, Frank offers his views on how technology can transform nonprofit charitable initiatives. Along the way, he displays his characteristic sense of humor, especially about himself.

In the News Roundup, I ask Matthew Heiman if Google could have had a worse week in Washington? First Peter Thiel raised the question of whether it’s treasonous for the company to work on AI with Chinese scientists, not the US Defense Department, then Richard Clarke, hardly a conservative, says he agrees with the criticism. And, inevitably, President Trump weighs in with a Thiel-supporting tweet. Meanwhile, on the Hill, Google’s VP says the company has “terminated” Project Dragonfly, an effort to build a search engine that the Chinese government would approve. But that doesn’t prevent conservatives from lambasting the company for bias against conservatives and an unfair subsidy in the form of Section 230 of the Communications Decency Act. The only good news for Google is that despite all the thunder, no lightning has yet struck. Or so we thought for about five minutes, at which time Gus Hurwitz noted that Google is likely to face multimillion-dollar fines in an FTC investigation of child Internet privacy violations, not to mention a rule-making designed to increase the probability of future fines.

Speaking of which, European lightning struck Amazon this week in the form of new competition law scrutiny. Gus offers skepticism about the EU’s theory, over my counter-skepticism.

Julian Assange has completed his transformation from free-speech crusader to feces-speech crusader. Nick Weaver is astonished at the way Julian Assange managed to turn the Ecuadorian embassy into a fist-fighting, feces-smearing, election-meddling command post.

Nick also predicts that Kazakhstan will lose its war with Silicon Valley browser makers over a man-in-the-middle certificate the Kazakh government is forcing on its citizens in order to monitor their Internet browsing.

And in short hits, Gus questions whether $650 million is a harsh settlement of Equifax’s data breach liability; Nick closes the books on NSA hoarder Hal Martin’s 9-year prison sentence; and Nick explains the latest doxing of an intelligence agency – this time a contractor for the Russian FSB.


 

Download the 273rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.