Today we interview Doug, the chief legal officer of GCHQ, the British equivalent of NSA. It’s the first time we’ve interviewed someone whose full identify is classified. Out of millions of possible pseudonyms, he’s sticking with “Doug.” Listen in as he explains why. More seriously, Doug covers the now-considerable oversight regime that governs GCHQ’s intercepts and other intelligence collection, Britain’s view of how the law of war applies in cyberspace, the prospects for UN talks on that topic, the value of attribution, and whether a national security agency should be responsible for civilian cybersecurity (the UK says yes, the US says no).
Bloomberg Businessweek’s claim that the Chinese buggered Supermicro motherboards leads off our News Roundup. The story is controversial not because it couldn’t happen and not because the Chinese wouldn’t do it but because the story has been denied by practically everyone close to the controversy, including DHS. Bloomberg Businessweek stands by the story. Maybe it’s time for the law, in the form of a libel action, to ride to the rescue.
The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.
At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.
These guidelines should help provide a common interpretation of the broad territorial scope of the GDPR, often referred to as its long-arm jurisdiction, and further clarify how the GDPR applies to data controllers or processors established outside of the EU – for example, in the US – targeting individuals in the EU. The Guidelines will include guidance on the requirement to designate a representative in the EU. This is required unless the processing is carried out by a private entity or natural person and (i) is occasional, (ii) does not include, on a large scale, processing of special categories of data or data relating to criminal convictions and offences, and (iii) is unlikely to result in a risk to the rights and freedoms of natural persons.
The guidelines will be subject to public consultation, via the EDPB’s consultation link available here.
In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he’s been identified, should British intelligence make it their business to execute Col. Chepiga?
Earlier this month, Stewart appeared as a guest on Episode 434 of This Week in Law with Denise Howell.
Members of Congress want to know the potential impact of deepfakes, India’s Aadhaar ID database is hacked, EU could fine companies for not removing terrorist content in an hour, U.S. policy on Cyber warfare, vending machines DDoS a University and more!
Our guest is Peter W. Singer, co-author with Emerson T. Brooking of LikeWar: The Weaponization of Social Media. Peter’s book is a fine history of the way the Internet went wrong in the Age of Social Media. He thinks we’re losing the Like Wars, and I tend to agree. It’s a deep conversation that turns contentious when we come to his prescriptions, which I see as reinstating the lefty elite that ran journalism for decades, this time empowered by even less self-doubt – and AI that can reproduce its prejudices at scale and without transparency.
Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in the decade since he left government. He’s a little friendlier to European notions of data protection, a little more cautious about government authority to access data, and even a bit more open to the idea of letting the victims of cyberattacks leave their networks to find their attackers (under government supervision, that is). It’s a thoughtful, practical meditation on where the digital revolution is taking us and how we should try to steer it.
We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more than I agree with. But his latest book opens new common ground between us, and we both foresee a darker future for a world that has digitally connected things that can kill people without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution.
On September 4th, Alan Cohn hosted the 229th episode of The Cyberlaw Podcast. We took a deep dive into all things blockchain and cryptocurrency discussing recent regulatory developments and best practices for users of exchanges.
The United States may have pioneered the idea of fighting wars in cyberspace, but it’s our adversaries who are using cyberattacks most effectively. To deter them, the country needs creative new ways to punish nations if they launch the devastating attacks that are within their grasp.