In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he’s been identified, should British intelligence make it their business to execute Col. Chepiga?

On a lighter note, Uber is paying $148 million to state AGs for a data breach that apparently had no consequences and might not even have been a breach.

About a year too late for Congressional action, a consensus of sorts is emerging among Republicans that Silicon Valley needs broad privacy regulation. The Trump Administration is asking for comment on data privacy principles. And tech giants are pushing lawmakers for federal privacy rules. But the catalyst is an increasing need for federal preemption in the face of California’s new law, and the Dems who are expected to take the House will be hard to sell on preemption. So despite the emerging consensus, a log jam that lasts years could still be in our future.

The sentencing of an NSA employee for taking sensitive tools home – and getting them compromised by Kaspersky – leaves Nick with plenty of additional questions about the source of the tools compromised by Russian proxies in recent years.

Evan Abrams gives us a summary of the NY AG’s report on virtual markets and cryptocurrency. Bottom line: New York is likely to pursue regulation with vigor.

Meanwhile, West Virginia embraces a mobile voting app for the 2018 election. Remarkably, despite the deployment of blockchain buzzwords, none of us thinks the system is secure.

And in quick hits:

  • The GRU is taking the “P” in APT way too seriously.
  • A content moderator has sued Facebook, claiming that her job gave her PTSD.
  • India’s Supreme Court has upheld, with limits, the government’s massive Aadhaar digital ID program.
  • Facebook suffered a breach affecting 50 million user accounts and probably 40 million “log on with Facebook” accounts. We’re getting these facts piecemeal thanks to the EU’s dumb 72-hour deadline for reporting breaches under GDPR.
  • President Trump says China is interfering in the 2018 elections. But unlike Russia in 2016, all of China’s fake news is on actual newsprint.
  • Finally, a quick report roundup:
    • The EU is forcing Silicon Valley to police disinformation without actually defining it. Because we all know that in the EU, everything Trump tweets is classified as disinformation.
    • DOJ’s otherwise pretty good best practices report sadly doubles down on hating hackback. Now with added rationales!
    • China is back to stealing our stuff, but more quietly, think tanks report.
    • House AI report – pro: bipartisan; con: mostly content-free.
    • Yet another set of IoT security guidelines.



Download the 233rd Episode (mp3).

Download the transcript for the 233rd Episode (PDF).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!


The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.