Header graphic for print

Steptoe Cyberblog

The Final Countdown – The EU General Data Protection Regulation

Posted in Data Breach, European Union, Privacy Regulation

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018.

The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the GDPR will apply to the processing of personal data (information relating to an identified or identifiable natural person); processing includes the collection, recording, storage and structuring of that data or other operations performed with respect to it. However, one of the principal differences under the new regime relates to its extra territorial application.

In a recent Steptoe update, we therefore seek to address the questions of whether the GDPR will apply to your organization and, if so, what immediate steps need to be taken to ensure compliance.

The Cyberlaw Podcast – News Roundup

Posted in China, Cybersecurity and Cyberwar, Data Breach, Russia

Episode 216: Every President gets the White House he deserves

The Cyberlaw Podcast has now succumbed to an irresistible media trend: We begin the episode with a tweet from President Trump. In this one, he promises to get ZTE “back in business, fast.” Paul Rosenzweig and Nick Weaver provide the backstory, and a large helping of dismay, at the President’s approach to the issue.

I question the assumption that this will make the life of Chinese telecom equipment makers easier in the US. If anything it could be worse. The 2019 NDAA being drafted in the House will make it very difficult for telecom companies that do business with the Pentagon to rely on Chinese (or Russian) equipment (see page 259 et seq.). If anything, the President probably ensured a unanimous Democratic vote for the measure.

The cyber coordinator position in the White House is on the endangered list. Paul explains why it should survive. His take is not completely snark-free. Summing up the first two stories, I suggest that every President gets the White House he deserves.

Nick explains how badly American democracy could be harmed by a relatively trivial Russian (or Iranian, or North Korean) cyberattack on voter registration databases later in 2018. Indeed, they had a chance to launch such an attack in 2016, according to the Senate Intelligence Committee. This is an avoidable disaster if election officials take action now, I point out, but Paul doubts they will.

Paul and I lament the insouciance and ahistoricity of the Fourth Circuit’s new ruling adding half a dozen new judicial constraints to border searches of cell phones.

Speaking of cyberattacks, you’d better buckle up, because Iranian retribution for US withdrawal from the Joint Comprehensive Plan of Action is probably being prepared as you read this. And according to a highly educational Recorded Future/Insikt report, Iran’s semi-privatized hacking ecosystem is likely to err on the side of escalation.

The Iranians aren’t the only ones upping their game. Nick reports on an excellent Crowdstrike report on the new sophistication of Nigerian scammers.

We close with Nick’s dissection of the troubling code decisions underlying a pedestrian death caused by Uber’s autonomous vehicle.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 216th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The Cyberlaw Podcast – Interview with Nicholas Schmidle

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 215:  The Zelig of Hacking Back

Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up in all the best hackback stories.

In the news, Jamil Jaffer reports on domain fronting, a weird form of protection for people hiding the site they’re connecting to behind some bland Google or AWS site. Some of those people are dissidents in authoritarian lands; many are authoritarian governments hacking secrets out of corporate networks.  In any event, domain fronting is disappearing before it had even made an impression on the public’s mind. I say good riddance, bolstered in my opinion by the wailing of professional privacy groups that, do I have to remind you?, don’t care about your security at all.

The Supreme Court takes a case of great interest to social media and other tech firms who attract class actions. Jennifer Quinn-Barabanov explains the law and the likely outcome. I mostly quibble about how to pronounce “cy pres.”

Move fast and break things probably isn’t the best motto if the thing you’re likely to break is, um, you. Megan Reiss talks about the death of Aaron Traywick, and the risks of bringing the hacking ethic to genetic engineering.

Europol and a host of allies were bragging last week about taking down ISIS’s online recruiting and propaganda infrastructure. But this week they’ve had to admit that ISIS is back on line. Jamil and I talk about what lessons can be drawn from cyber-whac-a-molery.

For Chinese phone makers, it never rains but it pours. Fresh off a ban on Chinese phones from US military retail stores, there may be even more pain in the works for ZTE and other Chinese mobile infrastructure providers.

Finally, Megan Reiss and I dig deep into Rep. Ruppersberger’s thoughtful take on cybersecurity, information sharing and DHS.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices.

Jennifer Quinn-Barabanov with Dr. Megan Reiss

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 215th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

 

The Cyberlaw Podcast — News Roundup

Posted in China, Cybersecurity and Cyberwar, Privacy Regulation, Russia

214: Dumbest privacy issue of the decade?

This episode features a new technology-and-privacy flap. The police finally catch a sadistic serial killer, and the press can’t stop whining about DNA privacy. I argue that DNA privacy is in the running for Dumbest Privacy Issue of the Decade. Because privacy is all about making sure the police can’t use your data to catch killers. Paul Rosenzweig refuses to take the other side of that debate.

Ray Ozzie has released a technical riposte to the condescending Silicon Valley claim that math proves the impossibility of securely accommodating law enforcement access. Paul and I muse on the aftermath, in which Silicon Valley will actually have to win the debate rather than claiming that there is none.

Jim Lewis and I note the likelihood that ZTE is contemplating litigation against the US ban on technology sales to the company.  What really bothers Jim, though, is the likelihood that the US sanction will accelerate China’s move to complete self-sufficiency in the technology sphere. That’s something that neither the US government nor US industry is really ready for.

The House intel committee’s report on Russia and the election is out. It finds no scandal, other than Russia’s shocking attack on our institutions, though it does criticize “ill-advised” action by Trump campaign officials. The minority report says that the investigation should have gone on even longer. Paul and I have different takes on the value of the exercise.

Gen. Paul Nakasone is about to take over at NSA, after a remarkably easy ride to confirmation. Jim Lewis finds comfort and diversion in the effort of privacy campaigners to add some bumps to  the general’s road.

Finally, Paul and I debate whether Donald J. Trump Jr. committed a Computer Fraud and Abuse Act felony by logging on to an opposition website with “guessed” credentials supplied by Wikileaks.  Actually, there isn’t much debate about whether that’s a crime, but I question whether criminalizing such a trivial violation of network mores raises more questions about the CFAA than about DJT Jr.

And a bit of special pleading: How can there possibly not be any reviews of The Cyberlaw Podcast on Stitcher Radio?  Yet it appears to be true. Please get out there and comment, loyal Stitcher listeners to the podcast!

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 214th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The Cyberlaw Podcast — News Roundup

Posted in Cybersecurity and Cyberwar, European Union, Privacy Regulation

Episode 213: RSA in 5 minutes

In a news-only episode, we get a cook’s tour of the RSA conference from attendees Paul Rosenzweig, Jim Lewis, and Stewart Baker. Short version: Top trends we saw at RSA: more nations attacking cybersecurity firms over attribution, more companies defending themselves outside their own networks (aka hackback), and growing (if still modest) respect for DHS’s role in cybersecurity. Oh, and Microsoft’s Digital Geneva Convention is still a mashup of profound naïveté and deep cynicism, but Microsoft’s Cyber Tech Accord may do better – at least until the FTC gets hold of it.

In other news, ZTE is going to be hammered for showing contempt for US export control enforcement. But the back-splatter on US suppliers will be severe as well. The United States is picking a big, big fight with China on the future of technology, and it’s going to need a strategy. Xi reads the writing on the wall.

Speaking of big fights, Telegram is in a doozy with Russia over its refusal to supply crypto keys to the government. It looks as though Telegram’s use of Google and other domains as proxies (“domain fronting”) is making it hard for Russia to work its will without harming other internet companies. So far, it looks as though Russia is willing to bring the pain, but the ban isn’t completely effective.

In what may be related news, Google is engineering domain fronting out of its products. The press whining about the civil liberties implications of Google’s moves triggers a classic Baker rant about how privacy zealots don’t really care about security – since domain fronting is a principal method by which network security is defeated and crime facilitated.

And while my rant is rolling, why not include the EU’s shameful drive-by execution of the WHOIS database. I call on the Obama NTIA officials who killed off our last leverage over ICANN to apologize to Ted Cruz for the debacle.

Maury lays out the remarkable parallelism between the US CLOUD Act and a new EU regulation on cross-border data sharing for law enforcement.

Finally, or nearly so, Paul unpacks the way in which liability for the SWIFT hacks may drive cybersecurity standards for banks.

And in closing, I note that China is now the clear leader in face recognition, having found a single suspect in a crowd of 60,000 concertgoers. It’s the leader not because of China’s technical strength, though that’s impressive, but because of Silicon Valley political correctness. Remember that when law enforcement agencies end up buying Chinese tech and paying the cybersecurity price.

Steptoe partner Stewart Baker with Jim Lewis

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, click here.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 213th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The Cyberlaw Podcast — News Roundup

Posted in China, European Union, International, Privacy Regulation

In episode 212 of The Cyberlaw Podcast, Stewart Baker is at RSA, and Brian Egan, Maury Shenk, and Pete Jeydel of Steptoe are joined by David Kris and Nate Jones of Culper Partners LLC to cover the good, the bad and the ugly of the week that was.

UK cyber issues: Brian, Maury, David and Nate discuss the US-UK-France weekend airstrikes against Syria’s chemical weapons program, and reported threats of Russian “cyber retaliation” against the UK. We also note the continued trends of intelligence disclosures (aiding the development of international norms?) reflected in last week’s speech by the GCHQ director condemning Russia over the Skripal attack and disclosing UK offensive cyber operations against ISIS.

David provides insights into the government’s proposed use of a US government “taint team” to conduct a privilege review of the materials seized during the FBI’s raid of Michael Cohen’s offices. Bottom line: (1) warrants to seize evidence from attorneys are relatively rare but not unprecedented, (2) President Trump’s and Mr. Cohen’s requests to conduct their own screening of the materials probably won’t fly, and (3) a scenario in which an independent special master oversees the review is quite possible (but has been delayed for the moment).

Maury discusses the latest in the Schrems data protection litigation against Facebook: last week’s unsurprising decision by the Irish high court to refer questions related to the EU Standard Contractual Clauses to the European Court of Justice. Maury explains why he remains skeptical that the EU court will invalidate the use of these clauses.

Pete explains why Treasury is probably considering its (very broad) options under the International Emergency Economic Powers Act in answering President Trump’s call for more restrictions on Chinese Investments.

And David and Nate discuss the latest in the encryption debates, including an FBI Inspector General’s report criticizing the FBI’s mishandled attempts to break the encryption of the San Bernadino shooter’s iPhone, and the latest in encryption/decryption litigation before the lower courts.

Steptoe Partner Brian Egan (right) with Nate Jones

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, click here.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 212th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The Cyberlaw Podcast – Interview with Chris Bing and Patrick Howell O’Neill

Posted in China, CIFIUS, Cybersecurity and Cyberwar

The Cyberlaw Podcast – Interview with Chris Bing and Patrick Howell O’Neill

Episode 211: Senators Markey and Blumenthal bury the lede

Our interview is with Chris Bing and Patrick Howell O’Neill of Cyberscoop. They’ve broken two cyberscoops in the last week or so. First, an in-depth look at Kaspersky’s outing of a US cyberespionage program aimed at foreign terrorists. Hint to Kaspersky: Bringing out a brass band to warn terrorists that they’re being tracked by the US government is not likely to help you win your PR and legal battles in the United States. Chris Bing also covers his other scoop – the surprisingly advanced talks among the leaders of the Senate Judiciary Committee on a bill to address the FBI’s “going dark” problem.

In the news, Jennifer Quinn-Barabanov and I debate the impact of two recent incidents on the future of self-driving cars. She thinks they’ll weather these events, and that the lives such cars save will outweigh the deaths. I’m less sure, mainly because the mistakes that lead to autonomous vehicle deaths are so different from the usual human-driver error and therefore inherently compelling and disquieting.

Nick Weaver and I cover the Grindr security flap and the company’s transmission of HIV status without complete encryption protection. I think there’s less to the story than meets the eye, and that Grindr is getting more heat than it deserves.

Senators Markey and Blumenthal, on the other hand, deserve a lot more heat than they’ve gotten so far. How clueless can they be to send thirteen “when did you stop beating your husband” questions to Grindr’s CEO and not notice that he’s based in Hong Kong? In fact, Grindr was bought last year by a Chinese company. Neither senator, though, bothers to ask where the database of gay Americans is stored and what access the Chinese government has to it? Or how that deal got through CFIUS. Sad! To coin a phrase.

Nick covers the big new IOT botnet’s tryout and asks why it was the banks that got attacked. I’ve got some theories, as does Nick. Along the way, he dispenses advice for people who have just realized that their router is probably the weakest link in their home network’s security.

When does the first amendment allow researchers to violate websites’ terms of service? Judge Bates has some preliminary answers in the Sandvik case, says Brian Egan, who thinks the case may turn into an important and perhaps unhappy ruling for websites in the future.

In other topics, Softbank is getting a CFIUS workout.

YouTube’s demonetization policy leads to a mass shooting and suicide at company headquarters. Stingrays blanket DC. And Keeper can’t even get through a news cycle about its lame lawsuit without another story about its lame security.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 211th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Steptoe partner Stewart Baker with Chris Bing

The Cyberlaw Podcast – Interview with David Sanger

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Episode 210: Keeper: Loser, Weeper

In the news roundup, Nick Weaver, Ben Wittes, and I talk about the mild reheating of the encryption debate, sparked not just by renewed FBI pleading but by the collapse of the left-lib claim that building in access is impossible because math. The National Academy report on encryption access has demonstrated that access is practicable, with support from a group of prominent tech experts, such as Ray Ozzie, all of whom know math.

Speaking of law enforcement, it was a good week for cybercrime enforcement. Nick and I touch on two victories for the good guys, with the Carbanak mastermind busted in Spain and Yevgeny Nikulin extradited to the US over Russian objections.

Meanwhile, DHS is moving forward on one of the more significant efforts to prevent terrorist travel across borders by using social media data effectively. The agency will be requiring social media names (but not passwords) from visa applicants, according to a proposed rule now gathering comments. Maury Shenk, Ben, Nick, and I talk about the privacy and first amendment issues implicated by the policy. We don’t agree on most of those issues.

But we find surprising unanimity in mocking Julian Assange for deservedly losing his internet access at the Ecuador embassy. The panel even endorses Matt Green’s wicked suggestion for trolling Assange from the sidewalk outside Assange’s Ecuadoran squat.

We close with a quick sack dance over the prone form of Keeper Security, which has dropped its libel suit against Dan Goodin and Ars Technica, probably because it was going to lose; the defendants’ coverage of Keeper’s serious security problems was straight and fair. Bottom line: there are plenty of good password managers; why use one whose management sues to suppress news of its product’s security holes? When that sinks in, Keeper won’t just be a loser; here’s hoping it will be a weeper too.

Our interview with David Sanger covers the vulnerability of the US grid, the psychic income and electoral popularity that Vladimir Putin gets from crossing the West’s red lines, and whether we’d be better off sparking an escalating set of cyberattacks now or later.

If the last question reminds you that John Bolton will soon be the National Security Adviser, you’re not alone. We take a few minutes off from plumbing cyberlaw to exploring just what kind of national security adviser Bolton will be. My bottom line: better than his reputation, and maybe much better.

Maury Shenk, Ben Wittes and Stewart Baker (left to right)

Steptoe partner Stewart Baker with David Sanger

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, visit our website at Steptoe.com/careers.

Download the 210th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The Cyberlaw Podcast – Interview with Michael Page

Posted in AI, China, CIFIUS, Security Programs & Policies

Episode 209

It was a cyberlaw-packed week in Washington. Congress jammed the CLOUD Act into the omnibus appropriations bill, and boom, just like that, it’s law. Say good-bye to the Microsoft Ireland case just argued in the Supreme Court. Maury Shenk offers a view of the Act from the United Kingdom, the most likely and maybe the only beneficiary of the Act. Biggest losers? For sure the ACLU and EFF and their ilk, who were more or less rendered irrelevant when they lost the funding and implicit backing of Silicon Valley business interests.

But wait, there’s more Congressional action, and it’s bad news for Silicon Valley business interests. For the first time, the immunity conferred on social media platforms by Section 230 of the Communications Decency Act has been breached. Jamil Jaffer and I discuss FOSTA/SESTA, adopted this week. In theory the act only criminalizes media platforms that intentionally promote or facilitate prostitution, but any platforms that actually read their own content are likely at risk. Which is what Craigslist concluded, killing its personals section in response to the act. Worse for Silicon Valley, this may just be the beginning, as its unpopularity with left and right alike starts coming home to roost.

Not to be upstaged by Congress, President Trump announces a plan to impose $60 billion in tariffs on Chinese goods and new investment limits on Chinese money. Sue Esserman explains the plan and just how serious an issue it’s addressing.

Jim Lewis tells us about the FCC’s rumored plan to pile on Chinese telecom manufacturers, adopting a rule to bar the use of Universal Service funds to purchase Chinese telecom infrastructure gear. If we want to keep China out of our telecom infrastructure, he says, we should be prepared to pay a hefty price.

In any other week, Jim and Jamil would get to spend quality time chewing over the indictment and sanctioning of Iranian hackers charged with massive thefts of IP. Not this week. They give their bottom line up front: indictments and sanctions are a good first step but can’t be our only response.

Speaking of hating Silicon Valley, there’s a wave of criticism – and a lawsuit – building against Uber in what may be a self-driving car accident that better tech could have prevented. Jamil urges caution in reaching conclusions.

We barely have time for the massive flap over Facebook and Cambridge Analytica. Still I can’t help noting that in 2012, when the Obama campaign bragged about stripping the social graph of its Facebook followers, there was no privacy scandal. Today, after Cambridge Analytica made dubious claims to have done something similar, the EU’s ineffable Vera Jourova sees a “threat to democracy.” If you’re a conservative who supports new privacy attacks on Facebook, don’t blame me when it turns out that the new privacy law is weaponized against the right, just as the old one has been.

And, as a token bit of international news, China’s social credit system is being implemented in a totalitarian fashion that reminds me of Lyft’s embrace of the McCarthyite Southern Poverty Law Center, in that both systems deny transportation to those suffering from wrongthink. Maury Shenk says it also tells us something about the efficiency and clarity of authoritarian uses of new technology.

Speaking of wrongthink, Google’s YouTube is banning firearms demo videos. Some of the banned videos may soon be hosted on pornhub, which at least allows all those guys who used to read Playboy “for the articles” to visit pornhub “for the gun instructional videos.”

Finally, for our interview, Cyberlaw Podcast joins forces with the hosts of National Security Law Today, a podcast of the ABA Standing Committee on Law and National Security.

We interview Michael Page of OpenAI, a nonprofit devoted to a nonprofit devoted to developing safe and beneficial artificial intelligence. It’s a deep conversation, but lawyers will want to spend time with the latest study suggesting that AI reads contracts faster and better than most lawyers. Brrr!

Stewart Baker (right) with Elisa and Michael

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, visit our website at Steptoe.com/careers.

Download the 209th Episode (mp3).

Subscribe to The Cyberlaw Podcast here.  We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

The Cyberlaw Podcast – Interview with Pete Chronis

Posted in China, Privacy Regulation, Virtual Currency

Episode 208: Washington’s one-minute hate for Silicon Valley

All of Washington is mad at Silicon Valley these days, as our news roundup reveals. Dems and the media have moved on from blaming Hillary Clinton’s loss on Vladimir Putin; now they’re blaming Facebook and Cambridge Analytica. Gus Hurwitz and I have doubts about the claims of illegality, but I reprise my frequent critique of privacy laws: they are uniquely likely to be enforced against those who annoy governing elites (because they’re so vague and disconnected from objectionable conduct that they can be enforced against almost anyone).

Alan Cohn describes the many regulatory agencies now feeling emboldened to take a whack at cryptocurrencies. He’s hopeful that only bad actors will actually feel the blow.

I lay out the remarkably aggressive, and novel, enforcement philosophy behind CFIUS’s rejection of the Broadcom-Qualcomm deal – and the steadily advancing Congressional effort to regulate Silicon Valley’s Chinese connections more closely. That effort has featured some remarkably harsh political attacks on tech giants like IBM and GE.

Is all this hate for techies good or bad for the effort to reimpose net neutrality through the courts? The states? Stephanie Roy maps the terrain, which turns out to be every bit as muddled as you thought the last time you read about it.

Need another reason to hate technology? How about this: it’s soon going to kill someone. I explain the latest scary reports from Saudi Arabia’s industrial control system – and America’s.

Pressed for time, we do quick hits on stories that deserved more but got crowded out:

  • Why you won’t go wrong betting that privacy zealots hate cybersecurity.
  • Trouble in AMD’s chipsets raises backdoor and supply chain worries.
  • Treasury sanctions the usual Russians for election meddling.
  • Hal Martin’s dumb argument for making mass theft of classified documents harder (“Geez, who can keep track of a single document when you’re stealing terabytes?”) is rejected.
  • And for those who wonder why the right is starting to hate Big Tech as much as the left, here’s one week’s worth of stories from Silicon Valley that got heavy attention from conservative sites:
  • Twitter suspends comedian Steven Crowder for a video in which an intern crashed an LGBTQ meeting in SXSW claiming to identify as a computer.
  • YouTube follows suit.
  • Yet somehow Louis Farrakhan keeps both his Twitter account and its coveted blue check while tweeting crap like this: “the FBI has been the worst enemy of Black advancement. The Jews have control over those agencies of government.”
  • At the same time that it’s broadcasting Farrakhan, Twitter seems to be blocking much of the Drudge Report.
  • And Western Journal (WJ) says Facebook’s new algorithm for “giving a boost to quality news” reduced lefty site traffic by 2 percent and righty site traffic by 14 percent. As an example, comparing two NY tabloids with very different politics, WJ says the change boosted Facebook’s traffic to the lefty Daily News by 24 percent and cut the righty NY Post’s traffic by 11 percent. (Similar claims were made by another conservative site using a different methodology.

Finally, our interview is with Pete Chronis, Turner’s Chief Information Security Officer, and author of the new book, The Cyber Conundrum. Pete lays out his vision for a cybersecurity moon shot, and the two of us explore particular cybersecurity remedies that make up the effort. We take detours to explore the vulnerabilities equities process, both here and in China. We also touch on the unwise purist stand being taken by IETF on TLS 1.3, which seems determined to offer internet users what might be called “Privacy and Insecurity – By Design.” (And to bring this post full circle, if you were wondering why ordinary people are getting sick of dancing to the tune of Silicon Valley engineers, the IETF’s stiff-necked and counterproductive position on security for corporate network users would be a good place to start.)

As always The Cyberlaw Podcast is open to feedback.  Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, visit our website at Steptoe.com/careers.

Download the 208th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.