The theme this week is China’s growing confidence in using cyberweapons in new and sophisticated ways, as the US struggles to find an answer to China’s growing ambition to dominate technology. Our interview guest, Chris Bing of Reuters, talks about his deep dive story on Chinese penetration of managed service providers like HP Enterprise – penetration that allowed them access to hundreds of other companies that rely on managed service providers for most of their IT. Most chilling for the customers are strong suggestions that the providers often didn’t provide notice of the intrusions to their customers – or that the providers’ contracts may have prevented their customers from launching quick and thorough investigations when their own security systems detected anomalous behavior originating with the providers. Chris also tells the story of an apparent “Five Eyes” intrusion into Yandex, the big Russian search engine.


Continue Reading Episode 270: China’s cyber offense comes of age

Our News Roundup is hip deep in China stories. The inconclusive EU – China summit gives Matthew Heiman and me a chance to explain why France understands – and hates – China’s geopolitical trade strategy more than most.

Maury Shenk notes that the Pentagon’s reported plan to put a bunch of Chinese suppliers on a blacklist is a bit of a tribute to China’s own list of sectors not open to Western companies. In other China news, Matthew discloses that there’s reason to believe that China has finally begun to use all the US personnel data it stole from OPM. I’m so worried it may yet turn my hair pink, at least for SF-86 purposes.

And in a sign that it really is better to be lucky than to be good, Matthew and I muse on how the Trump Administration’s China policy is coinciding with broader economic trends to force US companies to reconsider their reliance on Chinese manufacturing.


Continue Reading Episode 259: Why France understands Chinese policy better than the rest of us

We share the program this week with Orin Kerr, a regular guest who knows at least as much as we do about most of these topics and who jumps in on many of them.  Orin, of course, is a professor of law at George Washington University and well-known scholar in computer crime law and

Our guest today is Rob Corbet, a partner and head of the Technology & Innovation group in Arthur Cox, a large Irish law firm.  Ireland is a uniquely important jurisdiction for US companies dealing with data protection issue.  I ask whether Ireland’s role is going to become more or less powerful under the proposed

With all the controversy surrounding the leaks regarding the PRISM program, there is at least one constituency that is likely rejoicing — Europe-based cloud computing companies.

For the past few years, cloud providers in Europe have tried to gain a competitive advantage over US-based providers in the European market by arguing that the Patriot Act

This is part of a multi-blog series to demonstrate that product design may have—and in many areas of Internet law and regulation, will have—a determining factor for how a product or service is regulated. This first part relates the treatment of cloud services.

Breathing a Little Easier in the Cloud

Recently, the Second Circuit handed