October 2015

Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth?  That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think).  Mikko is the Chief Research Officer at F-Secure and a long-time expert in computer security who has spoken and consulted around the world for over 20 years.  His company recently published a lengthy paper on Russian government cyberspies, which F-Secure calls “the Dukes.”  Mikko describes the Dukes’ targets and tactics, including a remarkably indiscriminate attack on a Tor exit node.  I press him on whether attribution is really getting better, and on whether F-Secure’s paper eases or heightens concerns about Kaspersky’s ties to Russian intelligence.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Mikko Hypponen

Want to see cyber attribution and deterrence in action? In August, a hacker pulled the names of US military personnel and others out of a corporate network and passed them to ISIL. British jihadist Junaid Hussain exulted when ISIL released the names. “They have us on their ‘hit list,’ and we have them on ours too…,” he tweeted. On the whole, I’d rather be on theirs. Two weeks after his tweet, Hussain was killed in a US airstrike, and two months after that, the hacker was arrested in Malaysia (subscription required) on a US warrant.

We explore that story and more with Gen. Michael Hayden, the only person to serve as both Director of the National Security Agency and of the Central Intelligence Agency. Gen. Hayden explains why he differs with FBI director Comey on encryption and with the European Court of Justice on whether the US sufficiently respects privacy rights, along with other topics.


Continue Reading Steptoe Cyberlaw Podcast – Interview with Gen. Michael Hayden

In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog.  Before coming to Harvard, he served as Assistant Attorney General, Office of Legal Counsel and Special Counsel to the Department of Defense.  From cyberespionage to the right to be forgotten and the end of the Safe Harbor, we explore the many ways in which a globalized economy has tied the US government’s hands in cybersecurity matters – and subjected the United States to extensive extraterritorial “soft power” at the hands of Europeans.

In the news roundup, the headline news is the continuing fallout from the ECJ’s attack on the Safe Harbor.  Michael Vatis and Maury Shenk bring us up to date.  Jason Weinstein explains why the latest convicted hacker thinks he should be a civil liberties hero/victim – and how weev has found yet another outlet for his bitterness at DOJ.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Jack Goldsmith

Bruce Schneier joins Stewart Baker and Alan Cohn for an episode recorded live in front of an audience of security and privacy professionals.  Appearing at the conference Privacy.Security.Risk. 2015., sponsored by the IAPP and the Cloud Security Alliance, Bruce Schneier talks through recent developments in law and technology.

The three of us stare into the pit opened by an overwrought (and overdue and overweening) European Court of Justice advisor.  If the European Court of Justice follows his lead (and what seems to be its inclinations), we could face a true crisis in transatlantic relations.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Bruce Schneier