Another week, another Trump administration initiative to hasten the decoupling from China. As with MIRV warheads, the theory seems to be that the next administration can’t shoot them all down. Brian Egan lays out this week’s initiative, which lifts from obscurity a DoD list of Chinese military companies and excludes them from U.S. capital
In this episode, Jamil Jaffer, Bruce Schneier, and I mull over the Treasury announcement that really raises the stakes even higher for ransomware victim. The message from Treasury seems to be that if the ransomware gang is the subject of OFAC sanctions, as many are, the victim needs to call Treasury…
John Yoo, Mark MacCarthy, and I kick off episode 329 of the Cyberlaw Podcast diving deep into what I call the cyberspace equivalent of a dumpster fire. There is probably a pretty good national security case for banning TikTok. In fact, China did a lot better than the Trump administration when it …
This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that never once mention China. More accurately, the Department has rolled out a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude that the government is still fighting about the content of a policy it’s already announced. And to show that decoupling can go both ways, a US-based chip-tech group is moving to Switzerland to reassure its Chinese participants. Nick Weaver and I conclude that there’s a little less here than Reuters seems to think.
We open the episode with David Kris’s thoughts on the two-years-late CFIUS investigation of TikTok, its Chinese owner, ByteDance, and ByteDance’s US acquisition of the lip-syncing company Musical.ly. Our best guess is that this unprecedented reach-back investigation will end in a more or less precedented mitigation agreement.
The theme this week is China’s growing confidence in using cyberweapons in new and sophisticated ways, as the US struggles to find an answer to China’s growing ambition to dominate technology. Our interview guest, Chris Bing of Reuters, talks about his deep dive story on Chinese penetration of managed service providers like HP Enterprise – penetration that allowed them access to hundreds of other companies that rely on managed service providers for most of their IT. Most chilling for the customers are strong suggestions that the providers often didn’t provide notice of the intrusions to their customers – or that the providers’ contracts may have prevented their customers from launching quick and thorough investigations when their own security systems detected anomalous behavior originating with the providers. Chris also tells the story of an apparent “Five Eyes” intrusion into Yandex, the big Russian search engine.
Our News Roundup is hip deep in China stories. The inconclusive EU – China summit gives Matthew Heiman and me a chance to explain why France understands – and hates – China’s geopolitical trade strategy more than most.
Maury Shenk notes that the Pentagon’s reported plan to put a bunch of Chinese suppliers on a blacklist is a bit of a tribute to China’s own list of sectors not open to Western companies. In other China news, Matthew discloses that there’s reason to believe that China has finally begun to use all the US personnel data it stole from OPM. I’m so worried it may yet turn my hair pink, at least for SF-86 purposes.
And in a sign that it really is better to be lucky than to be good, Matthew and I muse on how the Trump Administration’s China policy is coinciding with broader economic trends to force US companies to reconsider their reliance on Chinese manufacturing.
Our News Roundup leads with the long, slow death of Section 230 immunity. Nick Weaver explains why he thinks social media’s pursuit of engagement has led to a poisonous online environment, and Matthew Heiman replays the astonishing international consensus that Silicon Valley deserves the blame – and the regulation – for all that ails the Internet. The UK is considering holding social media execs liable for “harmful” content on their platforms. Australia has already passed a law to punish social media companies for failure to remove “abhorrent violent material.” And Singapore is happily drafting behind the West, avoiding for once the criticism that its press controls are out of step with the international community. Even Mark Zuckerberg is reading the writing on the wall and asking for regulation. I note that lost in the one-minute hate directed at social media is any notion that other countries shouldn’t be able to tell Americans what they can and can’t read. I also wonder whether the consensus that platforms should be editors will add to conservative doubts about maintaining Section 230 at all – and in the process endanger the US-Mexico-Canada Agreement that would enshrine Section 230 in US treaty obligations.