This episode features an interview with Jason Fagone, journalist and author of The Woman Who Smashed Codes: A True Story of Love, Spies, and the Unlikely Heroine Who Outwitted America’s Enemies. I wax enthusiastic about Jason’s book, which features remarkable research, a plot like a historical novel, and deep insights into what I call NSA’s “pre-history” – the years from 1917 through 1940 when the need for cryptanalysis was only dimly perceived by the US government. Elizebeth and William Friedman more or less invented American cryptanalysis in those years, but the full story was never known, even to NSAers. It was protected by a force even stronger even than classification – J. Edgar Hoover’s indomitable determination to get good press for the FBI even when all the credit belonged elsewhere. And, at all its crucial stages, that prehistory is a love story that lasted, literally, right to the grave. Don’t miss this (long!) interview with Jason Fagone, or his book.

Meanwhile, in the news roundup. Dmitri Alperovitch covers the latest events in what we just can’t call the SolarWinds hack any more. There’s no doubt that Microsoft code is at the center of the hack, though not because of unintended features; the hackers showed great interest in Microsoft’s code. Dmitri predicts multiple executive orders from Anne Neuberger’s review, and he hopes it means more centralization of federal civilian security monitoring and policy under CISA. Dmitri and I agree that the Congressional effort to turn the cybersecurity director position into a Senate-confirmed White House office is more trouble than it’s worth.

The Maryland law imposing taxes on Google and Facebook ad revenue is ground-breaking, and for that reason is will also be heavily litigated. First time caller, first time listener David Fruchtman explains the tax and the litigation it has already spawned.

Which came first, China’s dream of a rare-earth boycott or US nightmares of a rare-earth boycott? We ask Jordan Schneider, who suggests that neither the dream nor the nightmare is likely to come true any time soon.

Is Australia going to war with Big Tech? I take on Oz’s link fee and end up siding, improbably, with Mike Masnick and Facebook and against the fee. Meanwhile, the Australian infrastructure protection bill is drawing fire from Microsoft. Dmitri leans toward Microsoft’s view that the law should not give government authority to intervene when a private sector entity is unable or unwilling to respond to an attack. I lean toward the government.

Jordan Schneider reviews the latest stories of tech companies getting a little too close for comfort to the Chinese surveillance state. The ByteDance censorship story is compelling but not new. The Oracle story is compelling, new, and a clever piece of journalism by another alumna of the podcast, Mara Hvistendahl.

Finally, in a series of quick bites, we cover:

And more.

Download the 350th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunesGoogle PlaySpotifyPocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Our interview this week is with Nicole Perlroth, The New York Times reporter and author of This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. It’s wide-ranging, occasionally confrontational, and a great tour of the issues raised in the book about 0-day exploits, US responsibility for the global cyber arms race, and the colorful personalities whose hard choices helped shape the cybersecurity environment we all now live in.

In the news roundup, Nate Jones serves up a second helping of the SuperMicro story, a rerun of a much-maligned Bloomberg report from two years ago that SuperMicro gear had been elaborately compromised by China. This time, Nate reports, Bloomberg offers much more evidence, but probably not enough to completely satisfy the critics. Still, as we conclude, even giving the critics their due, this is a very bad story for SuperMicro – and for its customers.

It seemed like a classic cybersecurity horror story, with hackers using access to the industrial control system to nearly poison Oldsmar’s water supply. But Nate and I both suspect that it will turn out to be a much more mundane horror story, one where the call is always coming from inside the house – and untraceable because all the employees use the same password and no firewall.

Paying for news links is suddenly all the rage among Western governments. I’d link to the Australian stories about their new law, but I’m afraid they’d want me to pay them. Mark MacCarthy says that risk is overrated, but the prospect for such payment schemes is pretty good. Not just Australia, but also the EU are moving in this direction.

And Microsoft has expressed its willingness to let Google pay such a fee in the US. I suggest that this is all part of restoring an Establishment of “authoritative narrative shapers,” in an internet age, noting that the critical question will be which publishers can attach themselves to the flow of internet funding – a question already causing angst among French publishers.

Paul Rosenzweig summarizes the work done by a lot of smart people on the question of how to think about Chinese technology platforms operating in the United States. He also summarizes the current state of litigation over Chinese technology platforms operating in the United States. In a word, it’s mostly on hold, waiting for the Biden administration to run a laborious interagency review.

Nate says the process has already begun for a related topic – how to secure the US tech supply chain, particularly manufacturing semiconductor.

Meanwhile, the First Circuit has taken on the question of border searches of mobile phones, ruling against a coalition of cyberleft organizations. There is now a circuit conflict that could bring the Supreme Court into the fray – soon if the cyberleft losers are imprudent enough to seek cert but not much longer than that if the Solicitor General picks a favorable case to lose in the Ninth Circuit.

In short hits, I wonder at just how bad open source security has gotten, noting a clever hack that pawned many companies by providing a public (and compromised) package in a public repository, thereby trumping the companies’ private packages.

Luckily, NIST is all over open source security. Or not. It turns out that NIST is actually offering a host of insecure open source products with known flaws. The purpose of the products? Better computer security, naturally.

The creative policing award of the week goes to the Beverly Hills cop who expresses his unhappiness with being filmed on the job by playing background snippets of songs that will get the video taken down by copyright bots if it is ever posted.

In the “about time” category, a Canadian woman who defamed dozens of ordinary people in online vendettas has been arrested in Toronto.

And EncroChat, the phone that promised criminals absolute security but delivered them into the hands of law enforcement has spawned a complicated debate about whether stealing messages from memory was wiretapping or hacking.

Finally, either The Cyberlaw Podcast has hit a new height or the Harvard Law Review has hit a new low: Looking for a way to sum up the European Court of Justice’s ruling in Schrems II, a student note in the review quotes from the podcast, characterizing Schrems II as “solipsistic Europocrisy meets judicial imperialism.” Couldn’t have said it better myself!

And more.

Download the 349th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunesGoogle PlaySpotifyPocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

On February 4, 2021, the New York State Department of Financial Services (NYDFS) released a Cyber Insurance Risk Framework (the Framework) to assist property and casualty insurers in managing their cyber insurance risk. The Framework comes on the heels of an increased demand for cyber insurance coverage from businesses to protect against the growing and ever-changing threat posed by cyberattacks.

To help issuers effectively manage the increased risk associated with issuing cyber insurance policies, the Framework recommends that insurers adopt seven “best practices,” which are discussed in this post.

Continue Reading New York Adopts Cybersecurity Framework for Insurers

On January 29, 2021 and February 3, 2021, respectively, the Virginia House of Delegates and Virginia Senate passed the Virginia Consumer Data Protection Act (VCDPA). The legislation, if signed into law by the governor, would be the first comprehensive privacy law enacted by a state since California enacted the California Consumer Privacy Act (CCPA) and, more recently, the California Privacy Rights Act (CPRA). Though the VCDPA is not slated to take effect until January 1, 2023, it will be important for companies to understand the complicated provisions of the VCDPA much earlier, so they can begin instituting any necessary changes in their internal and public-facing policies and their information practices. The VCDPA’s passage may also spur other states to enact their own privacy laws, which until now have been mired in legislative purgatory.

Some of the more significant aspects of the VCDPA are summarized in this post.

Continue Reading Virginia Poised to Become Second State with Comprehensive Privacy Law

This episode features a deep dive into the National Security Agency’s self-regulatory approach to overseas signals intelligence, or SIGINT. Frequent contributor David Kris takes us into the details of the SIGINT Annex that governs NSA’s collections outside the US. It turns out to be a surprising amount of fun as we stop to examine the SIGINT turf wars of the 40s, the intelligence scandals of the 70s, and how they shaped NSA’s corporate culture.

In the news roundup, Bruce Schneier and I review the Privacy Commissioner’s determination that Clearview AI violated Canadian privacy law by scraping Canadians’ photos from social media.

Bruce thinks Clearview had it coming; I’m skeptical, since it appears that pretty much everyone has been scraping public face data for their machine learning collections for years.

David Kris explains why a sleepy investment review committee with practically no staff is now being compared to a SWAT team. The short answer is “CFIUS.”

More and more, Gus Hurwitz and I note, Big Tech CEOs are being treated in Washington like comic book supervillains. But have they met their match? Sen. Amy Klobuchar is clearly campaigning to be, if not Attorney General, then their nemesis. Like Doc Ock, she’s throwing punch after punch at Big Tech, not just in antitrust legislation but Section 230 reform as well.

We’re not done with Solar Winds yet, and Bruce Schneier thinks that’s fair. He critiques the company for milking profits from its software niche without reinvesting in security.

Gus revives the theme of Big Tech at bay, noting that Australia may start charging Google when it links to Australian news stories noting that Australia may start charging Google when it links to Australian news stories and that the new administration seems quite willing to join the rest of the world in imposing more taxes more taxes on tech profits.

David covers the flap between India and Twitter, which is refusing to follow an Indian order to suppress several Twitter accounts. That’s probably, I suggest, because there is insufficient proof that the accounts in question belong to Republicans.

IBM seems to be bailing on blockchain, and Bruce thinks it’s about time. In some ways, IBM is the most interesting of tech companies, since it has less of a moat around its business than most and must live by its wits, which are formidable. Bruce offers quantum computing as an example of IBM doing the right things well.

Bruce and Gus help me with a preview of an upcoming interview of Nicole Perlroth as we cover an op-ed pulled from her new book. Bruce also offers a quick assessment of the draft report of the National Security Commission on Artificial Intelligence The short version: there isn’t enough there there.

Finally, Gus reminds us that a prophet who predicts the attention economy but then refuses to play by its rules is almost guaranteed to end up as an attention Cassandra, as Michael Goldhaber has.

And more.

Download the 348th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunesGoogle PlaySpotifyPocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The US has never really had a “cyberczar.” Arguably, though, the UK has. The head of the National Cyber Security Center combines the security roles of NSA and DHS’s CISA. To find out how cybersecurity issues look from that perspective, we interview Ciaran Martin, the first director of the NCSC.

In the news roundup, Paul Rosenzweig sums up recent successes in taking down the NetWalker and Emotet hacking networks: It’s a win, and that’s good, but we will need more than this to change the overall security status of the country.

Jordan Schneider explains the remarkable trove of leaked Chinese police records and the extraordinary surveillance now being imposed on the Uyghur minority in China.

Enthusiasts for end-to-end encryption should be worried, Mark MacCarthy and I conclude. First, the EU – once a firm advocate of unbreakable encryption – is now touting “security through encryption and security despite encryption.” You can only get the second with some sort of lawful access, an idea that has now achieved respectability inside Brussels government circles, despite lobbying by e2e messaging firms based in Europe. On top of that, there’s a growing fifth column of encryption skeptics inside the firms, whose sentiments can be summarized as, “I’m all for cop-proof encryption as long as it isn’t used by lawbreakers who voted for Trump.”

Paul brings us up to speed on the Office 36 – I mean the SolarWinds – attack. Turns out lots of companies were compromised without any connection to SolarWinds. The episode shows that information sharing about exploits still has a ways to go. And if you’re a lawyer who’s been paying ten cents a page for downloads from the federal courts’ electronic filing system, whatever you’ve been paying for, it isn’t security. The attackers got in there, and as a result, we’ll be making sensitive filings on paper. First voting, then suing – more and more of our lives are heading off line.

Does China want your DNA, and why? I have a truly scary suggestion, and Jordan tries to talk me down.

The Facebook Oversight Board has issued its first Paul and Mark touch on the highlights. I predict that the board will overrule Trump’s deplatforming, to surprisingly little dissent. Jordan and I dig into two overviews of US tech and military competition. It starts to feel a little incestuous when it turns out we all know the authors – and that Jordan has invited them all to be on his excellent podcast, ChinaTalk.

In short hits:

  • I predict that Beijing will fight CFIUS to the last dollar of TikTok revenue. And could easily win.
  • I question YouTube’s demonetization of the Epoch Times, but Jordan has less sympathy for the paper.
  • I’m less flexible about Google’s hard-to-justify decision to block the ads of a group that (like most Americans) opposes Democratic proposals to pack the Supreme Court.
  • And if you’re wondering how dumb stuff like this happens, The LA Times gives an object lesson. Faced with a campaign to recall California governor Newsom, the Times dug into the online organizations supporting recall. Remarkably, it found that the groups included a lot of the same kinds of folks who came to Washington in January to protest President Biden’s victory. Shortly after that drive-by festival of guilt by association, Facebook banned ads supporting the recall movement.
  • And more.

Download the 347th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

It’s a story that has everything, except a reporter able to tell it. A hostile state attacking the US power grid is a longstanding and quite plausible national security concern.

The Trump administration was galvanized by the threat, even seizing Chinese power equipment at the port to do a detailed breakdown and then issuing an executive order and follow-up rulings designed to cut Chinese products from the supply chain.

Yet the Biden administration suspended this order for 90 days – the only Trump cybersecurity Order to be called into question so far.

Industry lobbying? Chinese maneuvering? Tech uncertainty? No one knows, but Brian Egan and I at least sketch the outlines of an irresistible story that will have to wait for a persistent journalist.

The SolarWinds story needs a new moniker, as the compromises spread beyond the scope of SolarWinds distributions to victims like Malwarebytes.

Increasingly, it looks as though Microsoft and its cloud are the common denominators, Sultan Meghji and I observe, but that’s one moniker the story will never acquire.

In other cyber TTP news, the Chinese are stealing airline passenger reservation data, Sultan notes.

Maybe they’re just trying to find out when Mike Pompeo next plans to come to China so they can meet him at the airport and enforce their latest sanctions – no Great Wall tours for you, Mr. Secretary!

This is our last week of Trumpian cyber news, so we wallow in it. The President issued a last-minute order calling for an assessment of the security risks of Chinese drones, Maury Shenk tells us.

And Brian unpacks the other last-minute order requiring US cloud providers to know which foreigners they are selling virtual machines to.

I claim victory in my short letter to Secretary Mnuchin, suggesting that, instead of jamming a cryptocurrency regulation through on his watch, he concentrates on convincing Secretary-designate Yellen to carry through. If he took my advice, it seems to have worked. Sultan reports that she is showing signs of wanting to “curtail” cryptocurrency.

In other news, Sultan boldly predicts the advent of interplanetary cryptocurrency in Elon Musk’s lifetime.

Brian and I unpack the latest Cyberspace Solarium Commission product – Transition Book – its persuasive for the Biden administration.

I predict that the statutorily mandated cybersecurity director will have to be subordinated to the Deputy National Security Adviser for cybersecurity for the office to be accepted in the administration.

And in quick hits, Maury covers the surprisingly robust European enforcement of employee protections against video surveillance.

I explain Parler’s loss in trying to overturn the AWS ban that pushed it off the internet.

Sultan explains why the Biden Peloton is a cybersecurity risk, and I tip my hat to the President’s physical fitness.

I summarize the Mike Ellis story; he held the job NSA’s general counsel for about a day before a political witch-hunt caught up with him, and may never serve another day.

And, finally, a little schadenfreude for the European Parliament, which is being investigated by the EU’s lead data regulator for poor cookie notices on a website it set up for MEPs to book coronavirus tests. The complainant? Max Schrems, who is on his way to becoming as unpopular with European politicos as he is in the US.

And more.

Download the 346th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

We interview Jane Bambauer on the failure of COVID-tracking phone apps. She and Brian Ray are the author of “COVID-19 Apps Are Terrible—They Didn’t Have to Be,” a paper for Lawfare’s Digital Social Contract project. It turns out that, despite high hopes, the failure of these apps was overdetermined, mainly by twenty years of privacy scandalmongering and privacy laws. In essence, Google and Apple set far too strict rules for the apps in an effort to avoid privacy-based political attacks, and the governments that could have reined them in surrendered instead, in order to avoid privacy-based political attacks. So, we have no one to blame but ourselves, and our delusional enthusiasm for privacy.

In the news roundup, suddenly face recognition isn’t toxic at all, since it can be used to identify pro-Trump protestors. And, of course, we have always been at war with Oceania. Dave Aitel explains why face recognition might work even with a mask but still not be very good. And Jane Bambauer reprises her recent amicus argument that Illinois’s biometric privacy law is a violation of the first amendment.

If you heard last week’s episode about Silicon Valley speech suppression, you might be interested in seeing the proposal I came up with then, now elaborated into a Washington Post Op-Ed. Meanwhile, Dave reports that Parler may be back from the dead but dependent on Russian infrastructure. Dave wants to know if that means Parler can be treated by the Biden team like TikTok was treated by the Trump administration.

Dave also brings us up to speed on the latest SolarWinds news. He also casts a skeptical eye on a recent New York Times article pointing fingers at JetBrains as a possible avenue of attack. The story was anonymously sourced and remains conspicuously unconfirmed by other reporting.

Not dead yet, the Trump administration has delivered regulations for administering the executive order allowing the exclusion of risky components from the national IT and communications infrastructure. Maury Shenk explains the basics.

Speaking of which, China is getting ready to strike back at such measures, borrowing the basic blocking statute rubric invented by the Europeans. Blocking statutes can be effective, but only by putting private companies in a vise between two inconsistent legal duties. Bad news for the companies, but more work for lawyers.

I ride one more hobbyhorse, critiquing Mozilla’s decision to protect “user privacy” while imposing new burdens and risks on enterprise security. The object of my ire is Firefox’s Encrypted Client Hello. Dave corrects my tech but more or less confirmed that this is one more nail in the coffin for CISO control of corporate networks.

Matthew Heiman and I dig into the latest ransomware gang tactics – going after top executive emails to raise the pressure to pay. The answer? I argue for more fake emails.

In a few quick hits, Maury tells us about the CNIL’s decision that privacy law prevents France from using drones to enforce its coronavirus rules.

I note a new FDIC cybersecurity rule that isn’t (yay!) grounded in personal data protection.

Maury explains the recently EU advocate general’s opinion, which would probably make Schrems II even less negotiable than it is now. If it’s adopted by the European Court of Justice, which I argue it will be unless the Court can find some resolution that is even more anti-American can the advocate general’s proposal.

And, finally, Matthew tells us that the State Department has reorganized to deal with cyber issues – a reorganization that may not last longer than a few months.

And more.

Download the 345th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In this episode, I interview Zach Dorfman about his excellent reports in Foreign Policy about US-China intelligence competition in the last decade. Zach is a well-regarded national security journalist, a Senior Staff Writer at the Aspen Institute’s Cyber and Technology program, and a Senior Fellow at the Carnegie Council for Ethics in International Affairs. We dive deep into his tale of how the CIA achieved remarkable penetration of the Chinese government and then lost it, inspiring China to build a far more professional and formidable global intelligence network.

In the news roundup, we touch on the disgraceful demonstration-cum-riot at the Capitol this week and the equally disgraceful Silicon Valley rush to score points on the right in a way they never did with the BLM demonstrations-cum-riots last summer. Nate Jones has a different take, but we manage to successfully predict Parler’s shift from platform to (antitrust) plaintiff and to bond over my proposal to impose heavy taxes on social media with more than ten million users. Really, why spend three years in court trying to break ‘em up when you can get them to do it themselves and raise money to boot?

SolarWinds keep blowing. Sultan Meghji and Zach give us the latest on the attribution to Russia, the fine difference between attack and espionage, and the likelihood of direct or indirect regulation.

Pete Jeydel and Sultan cover the latest round of penalties imposed by the rapidly dwindling Trump administration on Chinese companies.

Nate dehypes the UK High Court decision supposedly ruling mass hacking He previews some Biden appointments, and we talk about the surprising rise of career talent and why that might be happening. Nate also critiques DNI Grenell after accusations of politicization of intelligence. I’m kinder. But not when I condemn Distributed Denial of Services for joining forces with ransomware gangs to punish victims; it’s hard to believe that anyone could make Julian Assange and Wikileaks look responsible, but they do. Speaking of Julian, he’s won another Pyrrhic victory in court – likely extending his imprisonment with another temporizing win.

And more.

Download the 344th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Episode 343 of the Cyberlaw Podcast is a long meditation on the ways in which technology is encouraging other nations to exercise soft power inside the United States. I interview Nina Jankowicz, author of How to Lose the Information War on how Russian disinformation has affected Poland, Ukraine, and the rest of Eastern Europe – and the lessons, if any, those countries can offer a divided United States.

In the news, Bruce Schneier and I dig for more lessons in the rubble left behind by the SolarWinds hack. Nobody comes out looking good. Persistent engagement and defending forward only works if you’re actually, you know, engaged and defending, and Russia’s cyberspies managed (not surprisingly) to have hidden their achievement from NSA and Cyber Command.

More and better defense is another answer (not that it’s worked for the last 40 years it’s been tried). But whatever solution we pursue, Bruce makes clear, it’s going to be expensive.

Taking a quick break from geopolitics, Michael Weiner gives us a rundown on the new charges and details (mostly redacted) in the Texas case against Google for monopolization and conspiring with competitor Facebook. The scariest thing about the case from Google’s point of view, though, may be where it’s been filed. Not Washington but Beaumont, Texas, the most notoriously pro-plaintiff, anti-corporate jurisdiction in the country.

Returning to ways in which foreign governments are using our technology against us, David Kris tells the story of the Zoom executive who used pretextual violations of terms of service to take down speech the Chinese government didn’t like, censoring American efforts to hold a Tiananmen memorial. The good news: he was indicted by the Justice Department. The bad news: I can’t help suspecting that China learned this trick from lefty ideologues in Silicon Valley.

Aaand, right on cue, it turns out that China’s been accused of using its 50-cent army to file complaints of racism and video game violence to get YouTube to demonetize Americans using the platform to criticize China’s government.

Then Bruce points us toward a deep and troubling series of Zach Dorfman articles about how effectively China is using technology to vault over US intelligence agencies in the global spying competition.

And in quick succession, David Kris explains what’s new and what’s not in Israel’s view of international law and cyberconflict.

I note that President Trump’s NDAA veto has been overridden, making the cyberczar and DHS’s CISA the biggest winners in the cyber policy arena.

Bruce and I give a lick and a promise to the FinCen proposed rule regulating. We’re both inclined to think more reregulation is worth pursuing, but we agree it’s too late for this administration to get anything on the books.

David Kris notes that Twitter has been fined around $550K over a data breach filing that was a few days late – by the Irish data protection office, in a GDPR ruling that is a few years late.

Apple has lost its bullying copyright battle against security start-up Corellium but the real risk to Corellium may be in the as-yet unresolved claim for violation of the DMCA.

And Trump’s DHS is leaving office with new warnings about the cyber risks of Chinese technology, this time touching on backdoors in TCL smart TVs and spillage from Chinese data services.

And More!

—-

Download the 343rd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunesSpotifyPocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.