Episode 213: RSA in 5 minutes

In a news-only episode, we get a cook’s tour of the RSA conference from attendees Paul Rosenzweig, Jim Lewis, and Stewart Baker. Short version: Top trends we saw at RSA: more nations attacking cybersecurity firms over attribution, more companies defending themselves outside their own networks (aka hackback), and growing (if still modest) respect for DHS’s role in cybersecurity. Oh, and Microsoft’s Digital Geneva Convention is still a mashup of profound naïveté and deep cynicism, but Microsoft’s Cyber Tech Accord may do better – at least until the FTC gets hold of it.

In other news, ZTE is going to be hammered for showing contempt for US export control enforcement. But the back-splatter on US suppliers will be severe as well. The United States is picking a big, big fight with China on the future of technology, and it’s going to need a strategy. Xi reads the writing on the wall.

Speaking of big fights, Telegram is in a doozy with Russia over its refusal to supply crypto keys to the government. It looks as though Telegram’s use of Google and other domains as proxies (“domain fronting”) is making it hard for Russia to work its will without harming other internet companies. So far, it looks as though Russia is willing to bring the pain, but the ban isn’t completely effective.

In what may be related news, Google is engineering domain fronting out of its products. The press whining about the civil liberties implications of Google’s moves triggers a classic Baker rant about how privacy zealots don’t really care about security – since domain fronting is a principal method by which network security is defeated and crime facilitated.

And while my rant is rolling, why not include the EU’s shameful drive-by execution of the WHOIS database. I call on the Obama NTIA officials who killed off our last leverage over ICANN to apologize to Ted Cruz for the debacle.

Maury lays out the remarkable parallelism between the US CLOUD Act and a new EU regulation on cross-border data sharing for law enforcement.

Finally, or nearly so, Paul unpacks the way in which liability for the SWIFT hacks may drive cybersecurity standards for banks.

And in closing, I note that China is now the clear leader in face recognition, having found a single suspect in a crowd of 60,000 concertgoers. It’s the leader not because of China’s technical strength, though that’s impressive, but because of Silicon Valley political correctness. Remember that when law enforcement agencies end up buying Chinese tech and paying the cybersecurity price.

Steptoe partner Stewart Baker with Jim Lewis

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, click here.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 213th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunesPocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.