On March 15, 2023, the European Data Protection Board (EDPB) announced the launch of a coordinated enforcement action regarding the designation and position of DPO across the European Economic Area (EEA). In practice, EEA Data Protection Authorities will send questionnaires to organizations in order to assess their compliance with GDPR requirements, open formal investigations, and/or
Uncategorized
Episode 322: Bill Barr Crosses the Rubicon
For the first time in twenty years, the Justice Department is finally free to campaign for the encryption access bill it has always wanted. Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced the Lawful Access To Encrypted Data Act. (Ars Technica, Press Release) As Nick…
Episode 321: Using the internet to cause emotional distress is a felony?
This is the week when the movement to reform Section 230 of the Communications Decency Act got serious. The Justice Department released a substantive report suggesting multiple reforms. I was positive about many of them (my views here). Meanwhile, Sen. Josh Hawley (R-MO) has proposed a somewhat similar set of changes in his…
Episode 319: Whaling at Scale
Our interview with Ben Buchanan begins with his report on how artificial intelligence may influence national and cybersecurity. Ben’s quick takes: better for defense than offense, and probably even better for propaganda. The best part, in my view, is Ben’s explanation of how to poison the AI that’s trying to hack you…
Episode 313: Is the international law of cyberwar a thing?
In today’s interview, I spar with Harriet Moynihan over the application of international law to cyberattacks, a topic on which she has written with clarity and in detail. We disagree politely but profoundly. I make the case that international law is distinct from what works in cyberspace and is inconsistent with either clarity or effectiveness in deterring cyberattacks. Harriet argues that international law has been a central principle of the post-1945 international system and one that has helped to keep a kind of peace among nations. It’s a good exchange.…
Continue Reading Episode 313: Is the international law of cyberwar a thing?
The Cyberlaw Podcast – News Roundup
Episode 221: Daugherty’s Revenge
The 11th Circuit’s LabMD decision is a dish served cold for Michael Daugherty, the CEO of the defunct company. The decision overturns decades of FTC jurisdiction, acquired over the years by a kind of bureaucratic adverse possession. Thanks to the LabMD opinion, practically all the FTC’s privacy and security consent decrees are at risk of being at least partly unenforceable — and if the dictum holds, the FTC may have to show that everything it views as an “unfair” lack of security is actually a negligent security practice.…
Steptoe Cyberlaw Podcast – Interview with David Sanger
168: Globalizing Censorship
Episode 168 features the Tinkers-to-Evers-to-Chance of global censorship, as Filipino contractors earning minimum wage delete posts in order to satisfy US tech companies who are trying to satisfy European governments. In addition to Maury Shenk, our panel of interlocutors includes David Sanger, Chief Washington Correspondent for the New York Times, and…
Steptoe Cyberlaw Podcast — Interview with Susan Munro
Episode 163
With our sound system back on line, episode 163 is already a big step up from Lost Episode 162. (Transcripts of 162 are available for those who wish by sending email to CyberlawPodcast@steptoe.com.)
Our interview is with Susan Munro, of Steptoe’s Beijing office. Susan unwinds the complex spool of cyberlaw measures promulgated…
Steptoe Cyberlaw Podcast – Interview with Jason Healey
149: Thigh-high boots and defense dominance
Our guest for episode 149 of the podcast is Jason Healey, whose Atlantic Council paper, “A Nonstate Strategy for Saving Cyberspace,” advocates for an explicit bias toward cyber defense and the private sector. He responds well to my skeptical questioning, and even my suggestion that his vision…
Steptoe Cyberlaw Podcast – News Roundup
Posse Comitatus: Latin for “Get off my turf”?
Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity? Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight.
Should the FDA allow implants of…