I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand for the proposal. To no one’s surprise, Duncan and I disagree about the value of international law in the field, but we agree on the value of informal, agile, and “potluck” actions on the world stage. In support, I introduce Baker’s Law of International Institutions: “The secretariat always sees the United States as its natural enemy.”
At the end, Duncan mentions in passing his work with Microsoft on international rulemaking, and I throw down on “Brad Smith’s godforsaken proposal.” Brad, if you are willing to come on the podcast to defend that proposal, I’ve promised Duncan a highly coveted Cyberlaw Podcast mug.
California has a new privacy law, Laura Hillsman explains, though what it will look like when it finally takes effect in 2020 remains to be seen. (Laura is a Steptoe Summer Associate.)
Chris Conte reports that the SEC has charged a second Equifax manager with insider trading. I ask whether he shouldn’t have been charged with lousy site design too.
The White House draws a line in the sand over ZTE in a letter to the Hill – but Maury and I suspect the real message is in the lack of a veto threat. Maury thinks President Trump’s “go big, then go deal” negotiating strategy is also at work in his decision only to beat up Chinese investments once rather than twice over trade tensions.
NSA’s metadata program was restructured to rely on telecom companies rather than NSA’s own programmers. The ideologues who insisted on the formalism of leaving the metadata with the companies rather than in NSA’s computers predictably produced a private-sector meltdown. Which they’ll probably blame on NSA as well. Jamil Jaffer and I discuss.
What do you know? Reality does win in the end, and Reality Winner finally got the hint (as well as a pretty good plea deal).
Nextgov reveals an unimpressive showing for the Cybersecurity Information Sharing Act’s (CISA) information-sharing provisions, at least as far as sharing with DHS goes. Jamil and I agree, though, that private-sector information sharing may be a better measure of CISA’s value.
In other news, The Intercept continues to pioneer relevance-free journalism. And trust in social media is collapsing, especially among Republicans, who (remarkably) also think tech companies need more regulation.
Finally, in an experiment we may abandon at any moment, I’m going to start tweeting and posting some of this week’s stories that look like candidates for the News Roundup. Please reply to or retweet those you think we should cover. Relevant feeds: @stewartbaker on Twitter, Stewart Baker on LinkedIn, and stewart.a.baker on Facebook.
As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.