This is my favorite story of the episode. David Kris covers a report from the Privacy and Civil Liberties Oversight Board on the enormous value that European governments get in fighting terrorism from the same American surveillance programs that European institutions have been fighting for twenty years to shut down. It’s a delightful takedown
Government Contracts
Episode 338: Trump’s Multiple Re-Entry China Policy Vehicles
Another week, another Trump administration initiative to hasten the decoupling from China. As with MIRV warheads, the theory seems to be that the next administration can’t shoot them all down. Brian Egan lays out this week’s initiative, which lifts from obscurity a DoD list of Chinese military companies and excludes them from U.S. capital…
Episode 328: Jane’s Fighting Nerds
In our 328th episode of the Cyberlaw Podcast, Stewart is joined by Bruce Schneier (@schneierblog), Sultan Meghji @sultanmeghji), and Nate Jones (@n8jones81). The Belfer Center has produced a distinctly idiosyncratic report ranking the world’s cyber powers – a kind of Jane’s Fighting Nerds report. Bruce Schneier and I puzzle over its oddities, but…
Episode 327: “I’ll Take Hacking Tesla for One Million Dollars, Alex”
In our 327th episode of the Cyberlaw Podcast, Stewart is joined by Nick Weaver (@ncweaver), David Kris (@DavidKris), and Dave Aitel (@daveaitel). We are back from hiatus, with a one-hour news roundup to cover the big stories of the last month. Pride of place goes to the WeChat/Tiktok mess, which just gets messier…
Episode 324: TikTok on the Clock
Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain. His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new…
CMMC in the Age of COVID-19
While attention is necessarily focused on the nation’s response to COVID-19, defense contractors should not put aside the need to prepare to meet DoD’s Cybersecurity Maturity Model Certification (CMMC) requirements. In fact, early this month the CMMC Accreditation Body announced on its website it had signed a Memorandum of Understanding (MOU) with DoD related to…
Episode 235: It’s a Bird, It’s a Plane, It’s … Doug?
Today we interview Doug, the chief legal officer of GCHQ, the British equivalent of NSA. It’s the first time we’ve interviewed someone whose full identify is classified. Out of millions of possible pseudonyms, he’s sticking with “Doug.” Listen in as he explains why. More seriously, Doug covers the now-considerable oversight regime that governs GCHQ’s intercepts and other intelligence collection, Britain’s view of how the law of war applies in cyberspace, the prospects for UN talks on that topic, the value of attribution, and whether a national security agency should be responsible for civilian cybersecurity (the UK says yes, the US says no).…
Continue Reading Episode 235: It’s a Bird, It’s a Plane, It’s … Doug?
The Cyberlaw Podcast — Interview with Shane Harris
Episode 198 — Interview with Shane Harris
It turns out that the most interesting policy story about Kaspersky software isn’t why the administration banned its products from government use. It’s why the last administration didn’t. Shane Harris is our guest for the podcast, delving into the law and politics of the Kaspersky ban. Along the…
Defense Contractors Take Note: NIST’s Compliance Deadline is Almost Here!
Steptoe’s Government Contracts Group recently issued an interesting advisory for defense contractors:
The end of the year approaches and that means Department of Defense (DoD) contractors must make changes to their own unclassified information systems to comply with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal…