November 2015

The NSA metadata program that is set to expire in two weeks was designed to provide early warning of a terror attack planned in a foreign safe haven and carried out inside the United States.  Those are some of the most deadly terror attacks we’ve seen, from 9/11 to Mumbai.  And now Paris.

So should the United States be terminating the 215 program just as the Paris attacks show why it was created?  That’s the question I ask in Episode 89 of the podcast as we watch the DC circuit cut short Judge Leon’s undignified race to give the program one last kick before it’s terminated. 
Continue Reading Steptoe Cyberlaw Podcast – Interview with Mark Shuttleworth

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would be rolling out technical measures to defeat the intrusion. But when China injects malware into 2% of all the computers whose queries cross into Chinese territory, no one says boo. Not the US government, not CDT or EFF, and not the big browser companies. That’s the lesson I draw from episode 88 of the podcast, featuring an in-depth discussion of China’s Great Cannon with Adam Kozy and Johannes Gilger of Crowdstrike. They expand on their 2015 Blackhat talk about China’s deployment of Great Firewall infrastructure to hijack American and Taiwanese computers and use them in a DDOS attack against Github.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Adam Kozy and Johannes Gilger

What good is CISA, anyway?

Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good.  But what changes, and how much difference will they make to network defenders?  That’s the topic we explore in episode 87 with our guest, Ari Schwartz.  Ari has just finished a tour as senior director for cybersecurity on the United States National Security Council Staff at the White House.  He and I and Alan Cohn go deep into the weeds so you won’t have to.  Our conclusion?  The main value of the bill is that it frees some companies from aging privacy rules that prevented information sharing with groups that include the government.  It also enables companies to monitor their networks without fear of liability under even older privacy laws preventing interception of communications without all parties’ consent.  The other lesson to be drawn from the bill is that privacy groups are still something of a paper tiger without business support.  More than seventy senators voted for CISA over the bleeding bodies of every privacy group in the country. 
Continue Reading Steptoe Cyberlaw Podcast – Interview with Ari Schwartz