Privacy Regulation

Subscribe to Privacy Regulation

This is the week when the movement to reform Section 230 of the Communications Decency Act got serious. The Justice Department released a substantive report suggesting multiple reforms. I was positive about many of them (my views here). Meanwhile, Sen. Josh Hawley (R-MO) has proposed a somewhat similar set of changes in his

Our interview this week is with Chris Bing, a cybersecurity reporter with Reuters, and John Scott-Railton, Senior Researcher at Citizen Lab and PhD student at UCLA. John coauthored Citizen Lab’s report last week on BellTroX and Indian hackers for hire, and Chris reported for Reuters on the same organization’s activities –

On July 1, 2020, the California attorney general is expected to begin enforcing the California Consumer Privacy Act (CCPA), California’s groundbreaking new privacy law which has been in effect since January 1, 2020. In addition, the attorney general is also finalizing regulations that interpret and build upon the CCPA. To minimize the risk of potentially

This episode features an in-depth (and occasionally contentious) interview with Bart Gellman about his new book, Dark Mirror: Edward Snowden and the American Surveillance State, which can be found on his website and on Amazon. I’m tagged in the book as having been sharply critical of Gellman’s Snowden stories, and I live

Our interview is with Mara Hvistendahl, investigative journalist at The Intercept and author of a new book, The Scientist and the Spy: A True Story of China, the FBI, and Industrial Espionage, as well as a deep WIRED article on the least known Chinese AI champion, iFlytek. Mara’s book raises

David Kris, Paul Rosenzweig, and I dive deep on the big tech issue of the COVID-19 contagion: Whether (but mostly how) to use mobile phone location services to fight the virus. We cover the Israeli approach, as well as a host of solutions adopted in Singapore, Taiwan, South Korea, and elsewhere. I’m a big fan of Singapore, which produced in a week an app that Nick Weaver thought would take a year.

In our interview, evelyn douek, currently at the Berkman Klein Center and an SJD candidate at Harvard, takes us deep into content moderation. Displaying a talent for complexifying an issue we all want to simplify, she explains why we can’t live with social platform censorship and why we can’t live without it. She walks us through the growth of content moderation, from spam, through child porn, and on to terrorism and “coordinated inauthentic behavior” – the identification of which, evelyn assures me, does not require an existentialist dance instructor. Instead, it’s the latest and least easily defined category of speech to be suppressed by Big Tech. It’s a mare’s nest, but I, for one, intend to aggravate our new Tech Overlords for as long as possible.

Continue Reading Episode 308: Location, location, location. And the virus.

That’s the question I debate with David Kris and Nick Weaver as we explore the ways in which governments are using location data to fight the spread of COVID-19. Phone location data is being used to enforce quarantines and to track contacts with infected people. It’s useful for both, but Nick thinks the second application may not really be ready for a year – too late for this outbreak.

Our interview subject is Jason Healey, who has a long history with Cyber Command and a deep recent oeuvre of academic commentary on cyber conflict. Jay explains Cyber Command’s doctrine of “persistent engagement” and “defending forward” in words that I finally understand. It makes sense in terms of Cyber Command’s aspirations as well as the limitations it labored under in the Obama Administration, but I end up wondering whether it’s going to be different from “deterrence through having the best offense.” Nothing wrong with that, in my view – as long as you have the best offense by a long shot, something that is by no means proven.

Continue Reading Episode 307: Is privacy in pandemics like atheism in foxholes?

On March 11, California Attorney General (AG) Xavier Becerra released a third version of draft regulations implementing the California Consumer Privacy Act (CCPA). The third draft contains relatively minor changes from the second draft, which was released in February, suggesting that the AG is  close to finalizing the regulations, and that enforcement is likely to begin on schedule on July 1, 2020.

Continue Reading California Attorney General Releases Third Draft of CCPA Regulations

The NSA’s use of call detail records to spot cross-border terror plots has a long history. It began life in deepest secrecy, became public (and controversial) after Edward Snowden’s leaks and was then reformed in the USA Freedom Act. Now it’s up for renewal, and the Privacy and Civil Liberties Oversight Board, or PCLOB, has weighed in with a deep report on how the program has functioned – and why NSA has suspended it. In this episode I interview Travis LeBlanc, a PCLOB Member, about the report and the program. Travis is a highly effective advocate, bringing me around on several issues, including whether the program should be continued and even whether the authority to revive it would be useful. It’s a superb guide to a program whose renewal is currently being debated (against a March 15 deadline!) in Congress.

Continue Reading Episode 305: NSA’s call detail records program: Travis LeBlanc of the PCLOB

This is a bonus episode of the Cyberlaw Podcast – a freestanding interview of Noah Phillips, a Commissioner of the Federal Trade Commission. The topic of the interview is whether privacy and antitrust analysis should be merged, especially in the context of Silicon Valley and its social media platforms. Commissioner Phillips, who has devoted considerable attention to the privacy side of the FTC’s jurisdiction, recently delivered a speech on the topic and telegraphed his doubts in the title: “Should We Block This Merger? Some Thoughts on Converging Antitrust and Privacy.” Subject to the usual Cyberlaw Podcast injunction that he speaks only for himself and not his institution or relatives, Commissioner Phillips lays out the very real connections between personal data and industry dominance as well as the complexities that come from trying to use antitrust to solve privacy problems. Among the complexities: the key to more competition among social media giants could well be more sharing between companies of the personal data that fuels their network effects, and corporate sharing of personal data is what privacy advocates have spent a decade crusading against. It’s a wide-ranging interview, touching on, among other things, whether antitrust can be used to solve Silicon Valley’s censorship problem (he’s skeptical) and what he thinks of suggestions in Europe that perhaps the Schrems problem can be solved by declaring that post-CCPA California meets EU data privacy standards. Commissioner Phillips is bemused; I conclude that this is just Europe seeking revenge for President Trump’s Brexit support by promoting “Calexit.”

Continue Reading Episode 303: Another merger the FTC should block