February 2017

Episode 152: “Alexa, do you have first amendment rights?”

Our guest for episode 152 is Paul Rosenzweig, and we tour the horizon with him.

In the news roundup, Stephanie Roy outlines the deregulatory tangle around ISPs, privacy, security, and the FCC.  Maury Shenk briefs us on the European legislation authorizing the quashing of terrorist

In this episode, Stewart Baker goes to RSA and interviews the people that everyone at RSA is hoping to sell to – CISOs. In particular, John “Four” Flynn of Uber, Heather Adkins of Google, and Troels Oerting of Barclays Bank. We ask them what trends at RSA give them hope for the future, which make

Cyber threats move at Internet speed and so must cyber responders, to protect networks and data across the globe. Imagine the impact on cybersecurity if responders, innovators, and developers were told to pause and apply for an export license before responding to a threat. With a new round of international negotiations about to begin for the Wassenaar Arrangement, now is the time to press hard to arrive at a workable international standard that protects, rather than undermines, cybersecurity.

In 2013, the Wassenaar Arrangement, a 41-country international forum that seeks consensus among its members on dual-use export controls, adopted new controls on “intrusion software” and “carrier class network surveillance tools.” The purpose behind these controls is worthy: protecting human rights activists and political dissidents from surveillance by authoritarian governments.

Unfortunately, the approach proposed by the Wassenaar regulation misses the mark, and indeed, the controls would ultimately undermine that goal by making it harder for cyber responders to defend against the use of surveillance technologies. Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly-identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance. It would also require an onerous licensing process for sales of strong cybersecurity tools and services by companies around the world, and in some cases, could prohibit their sale altogether.
Continue Reading Cybersecurity and the Wassenaar Arrangement — What Needs to Be Done in 2017?

Our interview features a classic “please don’t read this” headline: “Worthwhile Canadian Initiatives.”  We explore multiple worthwhile Canadian initiatives with Dominic Rochon, deputy chief of policy and communications for CSE, Canada’s version of the NSA and with Patricia Kosseim, general counsel and director general for policy at the Office of Canada’s Privacy Commissioner. 

The growing dependence of states and societies on ICT systems means they face a higher risk of cyberattacks. Increasingly sophisticated hacking attacks target not only individual people and companies, but also highly developed countries. Although cyberattacks can have disastrous consequences, research shows that we still miss the mark in preparedness. Acknowledging the magnitude of the

149:  Thigh-high boots and defense dominance

Our guest for episode 149 of the podcast is Jason Healey, whose Atlantic Council paper, “A Nonstate Strategy for Saving Cyberspace,” advocates for an explicit bias toward cyber defense and the private sector.  He responds well to my skeptical questioning, and even my suggestion that his vision