• Gus Hurwitz brings us up to speed on tech bills in Congress. They are all dead, but some of them don’t know it yet. The big privacy bill, American Data Privacy and Protection Act, was killed by the left, but I argue that it’s the right that should be celebrating, since the bill would have imposed race and gender preferences all across the economy, and the GOP members who supported the measure in the House were likely sold a bill of goods by industry lobbyists. The big antitrust bill, American Innovation and Choice Online Act, is also a zombie, Gus argues, lurching undead toward the Senate floor but unlikely to muster the GOP votes needed to pass, mainly because content moderation has become a simple partisan issue: the GOP wants less (or fairer) moderation, Dems want more of what Silicon Valley has been dishing out for the past few years. If the bill doesn’t produce viewpoint competition in the tech sector, it has nothing for the GOP, and industry lobbyists are happily driving wedges into that divide. The same divide also caused a stutter in the bill allowing newspapers to bargain collectively with the big platforms. It may make it to the floor, but it’s already losing body parts. Meanwhile, the White House is having a weirdly inconclusive “listening session” that might better have been called a “talking but not really proposing anything session.”
  • When Iran launched a wiper attack on Albania because of its harboring of Mujahedin-e-Kalq, Albania broke relations with Iran and the U.S. promised consequences. In fact, all the U.S. seems to have done is impose meaningless sanctions on the already-sanctioned Iranian spy ministry. What was Iran’s response? A second cyberattack on Albania. Nate Jones runs down the story. Jamil Jaffer and I question whether governmental sanctions on foreign intelligence agencies, which never promised much, are now delivering more an appearance of haplessness than of strength.
  • Jamil and I dwell on the criminal trial of Joe Sullivan for how he handled some hackers who got access to personal data stored by Uber. He decided to pay the hackers a bug bounty in exchange for their promising to destroy the data. That allowed Uber to avoid treating (and reporting) the incident as a breach on trial. Creative lawyering or too creative by half? Either way, calling it obstruction of justice and wire fraud seems like a reach, but that’s what the Justice is charging in a case ongoing today. This is a heavily politicized case, and all the politics – corporate and governmental – line up against Sullivan. Whether the jury will is another question. Meanwhile, everyone from other CISOs to former New York Times reporter Nicole Perlroth are questioning the prosecution’s merits and likely consequences. However, the case comes out, I predict that the biggest loser will be the FBI, which will never again get the kind of welcome from CISOs that it has come to expect.
  • Jamil critiques Apple’s decision to support China’s chip industry with new orders – and its claim that the chips it puts in its phones for the China market will stay in China.
  • The sanctions on Tornado Cash come back for a second week in a row, Nate tells us, this time as litigation, as Coinbase funds an APA and constitutional challenge to the sanctioning of a pile of code rather than a person or other entity. My money is on the Deparment of the Treasury (Treasury) winning in the end.
  • In quicker hits, Nate and I talk about the many cryptocurrency policy papers coming out of the administration these days. Treasury plans to warn the White House that cryptocurrency needs regulation. And the White House science office thinks proof-of-work crypto mining is warming the planet unnecessarily. Gus and I wonder out loud whether Lina Khan’s Federal Trade Commission has a fatal case of “eyes bigger than stomach.” Nate cover’s the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) request for public feedback on its mandatory incident reporting rule. Gus and I note new criticism of the EU’s AI Act as well as the opening round in what could turn out to be an important Justice Department case trying to end Google’s large payments to be the default search engine on popular platforms like the iPhone.

                                                                                                           

 

Download the 421st Episode (mp3)

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

Just when you thought you had a month free of the Cyberlaw Podcast, it turns out that we are persisting, at least a little. This month we offer a bonus episode, in which Dave Aitel and I interview Michael Fischerkeller, one of three authors of “Cyber Persistence Theory: Redefining National Security in Cyberspace.”

The book is a detailed analysis of how cyberattacks and espionage work in the real world – and a sharp critique of military strategists who have substituted their models and theories for the reality of cyber conflict. We go deep on the authors’ view that conflict in the cyber realm is all about persistent contact and faits accomplis rather than compulsion and escalation risk. Dave pulls these threads with enthusiasm.

I recommend the book and interview in part because of how closely the current thinking at United States Cyber Command is mirrored in both.

                                                                                                           

Download the 419th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Dave Aitel introduces a deliciously shocking story about lawyers as victims and – maybe – co-conspirators in the hacking of adversaries’ counsel to win legal disputes. The trick, it turns out, is figuring out how to benefit from hacked documents without actually dirtying one’s hands with the hacking. And here too, a Shakespearean Henry (II this time) has the answer: hire a private investigator and ask “Will no one rid me of this meddlesome litigant?” Before you know it, there’s a doxing site full of useful evidence on the internet.

But first Dave digs into an intriguing but flawed story of how and why the White House ended up bigfooting a possible acquisition of NSO by L3Harris. Dave spots what looks like a simple error, and we are both convinced that the New York Times got only half the story. I suspect the White House was surprised by the leak, popped off about how bad an idea the deal was, and then was surprised to discover that the intelligence community had signaled interest.

That leads us to the reason why NSO has continuing value – its ability to break Apple’s phone security. Apple is now trying to reinforce its security with the new, more secure and less convenient, lockdown mode. Dave gives it high marks and challenges Google to match Apple’s move.

Next, we dive into the US effort to keep Dutch firm ASML from selling chip-making machines to China. Dmitri Alperovich makes a special appearance to urge more effective use of export controls; he and Dave both caution, however, that the U.S. must impose the same burdens on its own firms as on its allies’.

Jane Bambauer introduces the latest government proposal to take a bite out of crime by taking a bite out of end-to-end encryption (“e2e”). The U.K. has introduce an amendment to its pending online safety bill that would require regulated user-to-user services to identify and swiftly take down terrorism and child sex abuse material. The identifying isn’t easy in an e2e environment, Jane notes, so this bill could force adoption of the now-abandoned Apple proposal to do local scanning on your phone. I’m usually a cheap date for crypto-skeptical laws, but I can’t help noticing that this proposal will stir up 90% as much opposition as requiring companies to be able to intercept communications when they get a court order while it probably addresses only 10% of the crimes that occur on e2e networks.

Jane and I take turns pouring cold water on journalists, NGOs, and even Congress for their feverish effort to turn the Supreme Court’s abortion ruling into a reason to talk about privacy. Dumbest of all, in my view, is the claim that location services will be used to gather evidence and prosecute women who visit out of state abortion clinics. As I point out, such prosecutions won’t even muster five votes on this Court.

Dave spots another doubtful story about Russian government misuse of a red team hacking tool. He thinks it’s a case of a red team hacking tool being used by … a red team.

Jane notes that Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has announced a surprisingly anodyne (and arguably unnecessary) post-quantum cryptography initiative. I’m a little less hard on DHS, but only a little.

Finally, in updates and quick hits:

                                                                                                           

Download the 416th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

 

 

This bonus episode of the Cyberlaw Podcast is an interview with Amy Gajda, author of “Seek and Hide: The Tangled History of the Right to Privacy.” Her book is an accessible history of the often obscure and sometimes “curlicued” interaction between the individual right to privacy and the public’s (or at least the press’s) right to know. Gajda, a former journalist, turns what could have been a dry exegesis on two centuries of legal precedent into a lively series of stories behind the case law. All the familiar legal titans of press and privacy — Louis Brandeis, Samuel Warren, Oliver Wendell Holmes – are there, but Gajda’s research shows that they weren’t always on the side they’re most famous for defending. You may come for deep thoughts about the law of privacy and press, but you’ll stick around for generous helpings of sex and hypocrisy (which, it turns out, is pretty much the core of privacy and, often, journalism).

This interview is just a taste of what Gajda’s book offers, but lawyers who are used to a summary of argument at the start of everything they read should listen to this episode first if they want to know up front where all the book’s stories are taking them.

                                                                                                                                               

Download the 412th Episode (mp3).

  • This episode of the Cyberlaw Podcast is dominated by things that U.S. officials said in San Francisco last week at the Rivest-Shamir-Adleman (RSA) conference. We summarize what they said and offer our views of why they said it.
  • Bobby Chesney, returning to the podcast after a long absence, helps us assess Russian warnings that the U.S. should expect a “military clash” if it conducts cyberattacks against Russian critical infrastructure. Bobby, joined by Michael Ellis sees this as a routine Russian PR response to U.S. Cyber Command and Director, Paul M. Nakasone’s talk about doing offensive operations in support of Ukraine.
  • Bobby also notes the FBI analysis of the NetWalker ransomware gang, an analysis made possible by seizure of the gang’s back office computer system in Bulgaria.  The unfortunate headline summary of the FBI’s work was a claim that “just one fourth of all NetWalker ransomware victims reported incidents to law enforcement.” Since many of the victims were outside the United States and would have had little reason to report to the Bureau, this statistic undercounts private-public cooperation. But it may, I suggest, reflect the Bureau’s increasing sensitivity about its long-term role in cybersecurity.
  • Michael notes that complaints about a dearth of private sector incident reporting is one of the themes from the government’s RSA appearances. A Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) executive also complained about a lack of ransomware incident reporting, a strange complaint considering that CISA can solve much of the problem by publishing the reporting rule that Congress authorized last year.
  • In a more promising vein, two intelligence officials underlined the need for intel agencies to share security data more effectively with the private sector. Michael sees that as the one positive note in an otherwise downbeat cybersecurity report from Avril Haines, Director of National Intelligence. And David Kris points to a similar theme offered by National Security Agency official Rob Joyce who believes that sharing of (lightly laundered) classified data is increasing, made easier by the sophistication and cooperation of the cybersecurity industry.
  • Michael and I are taking with a grain of salt the New York Times’ claim that Russia’s use of U.S. technology in its weapons has become a vulnerability due to U.S. export controls. We think it may take months to know whether those controls are really hurting Russia’s weapons production.
  • Bobby explains why the Department of Justice (DOJ) was much happier to offer a “policy” of not prosecuting good-faith security research under the Computer Fraud and Abuse Act instead of trying to draft a statutory exemption. Of course, the DOJ policy doesn’t protect researchers from civil lawsuits, so Leonard Bailey of DOJ may yet find himself forced to look for a statutory fix. (If it were me, I’d be tempted to dump the civil remedy altogether.)
  • Michael, Bobby, and I dig into the ways in which smartphones have transformed both the war and, perhaps, the law of war in Ukraine. I end up with a little more understanding of why Russian troops who’ve been flagged as artillery targets in a special Ukrainian government phone app might view every bicyclist who rides by as a legitimate target.
  • Finally, David, Bobby and I dig into a Forbes story, clearly meant to be an expose, about the United States government’s use of the All Writs Act to monitor years of travel reservations made by an indicted Russian hacker until he finally headed to a country from which he could be extradited.

                                                                                                                                               

Download the 411th Episode (mp3).

 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

  • If you’ve been worrying about how a leaky U.S. government can possibly compete with China’s combination of economic might and autocratic government, this episode of the Cyberlaw Podcast has a few scraps of good news. The funniest, supplied by Dave Aitel, is the tale of the Chinese gamer who was so upset at the online performance of China’s tanks that he demanded an upgrade. When it didn’t happen, he bolstered his argument by leaking apparently classified details of Chinese tank performance. I suggest that U.S. intelligence should be subtly degrading the online game performance of other Chinese weapons systems we need more information about.
  • There may be similar comfort in the story of Gitee, a well-regarded Chinese competitor to Github that ran into a widespread freeze on open source projects. Jane Bambauer and I speculate that the source of the freeze was government objections to something in the code or the comments in several projects. But guessing at what it takes to avoid a government freeze will handicap China’s software industry and make Western companies more competitive than one would expect.
  • In other news, Dave unpacks the widely reported and largely overhyped story of Cyber Command conducting “hunt forward” operations in support of Ukraine. Mark MacCarthy digs into Justice Samuel A. Alito Jr.’s opinion explaining why he would not have reinstated the district court injunction against Texas’s social media regulation. Jane and I weigh in. The short version is that the Alito opinion offers a plausible justification for upholding the law. It may not be the law now, but it could be the law if Justice Alito can find two more votes. And getting those votes may not be all that hard for a decision imposing more transparency requirements on social media companies.
  • Mark and Jane also dig deep on the substance and politics of national privacy legislation. Short version: House Democrats have made substantial concessions in the hopes of getting a privacy bill enacted before they must face what’s expected to be a hostile electorate. But Senate Democrats may not be willing to swallow those concessions, and Republican members may think they will do better to wait until after November. Impressed by the concessions, Jane and Mark hold out hope for a deal this year. I don’t.
  • Meanwhile, Jane notes, California is driving forward with regulations under its privacy law that are persuading Republicans that preemption has lots of value for business.
  • Finally, revisiting two stories from earlier weeks, Dave notes

                                                                                                                                               

Download the 410th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

This week’s Cyberlaw Podcast covers efforts to pull the Supreme Court into litigation over the Texas law treating social media platforms like common carriers and prohibiting them from discriminating based on viewpoint when they take posts down. I predict that the Court won’t overturn the appellate decision staying an unpersuasive district court opinion. Mark MacCarthy and I both think that the transparency requirements in the Texas law are defensible, but Mark questions whether viewpoint neutrality is sufficiently precise for a law that trenches on the platforms’ free speech rights. I linger on a story that probably tells us more about content moderation in real life than ten Supreme Court amicus briefs – the tale of an OnlyFans performer who got her Instagram account restored by using alternative dispute resolution on Instagram staff: “We met up and like I f***ed a couple of them and I was able to get my account back like two or three times,” she said. Really, that explains so much.

Meanwhile, Jane Bambauer unpacks the Justice Department’s new policy for charging cases under the Computer Fraud and Abuse Act. It’s a generally sensible extension of some positions the Department has taken in the Supreme Court, including refusing to prosecute good faith security research or to allow companies to create felonies by writing use restrictions into their terms of service. Unless they also write those restrictions into cease and desist letters, I point out. Weirdly, the Justice Department will treat violations of such letters as potential felonies.

Mark gives a rundown of the new, Democrat-dominated Federal Trade Commission’s first policy announcement – asurprisingly uncontroversial warning that the commission will pursue educational tech companies for violations of the Children’s Online Privacy Protection Act.

Maury Shenk explains the recent United Kingdom Attorney General speech on international law and cyber conflict

Mark celebrates the demise of Department of Homeland Security’s widely unlamented Disinformation Governance Board.

Should we be shocked when law enforcement officials create fake accounts to investigate crime on social media? The Intercept is, of course. Perhaps equally predictably, I’m not. Jane offers some reasons to be cautious – and remarks on the irony that the same people who don’’t want the police on social media probably resonate to the New York Attorney General’s claim that she’ll investigate social media companies, apparently for not responding like cops to the Buffalo shooting.

Is it “game over” for humans worried about Artificial Intelligence (AI) competition? Maury explains how Google Deep Mind’s new generalist AI works and why we may have a few years left.

Jane and I manage to disagree about whether federal safety regulators should be investigating Tesla’s fatal autopilot accidents. Jane has logic and statistics on her side, so I resort to emotion and name-calling.

Finally, Maury and I puzzle over why Western readers should be shocked (as we’re clearly meant to be) by China’s requiring that social media posts include the poster’s location or by India’s insistence on a “know your customer” rule for cloud service providers and VPN operators.

                                                                                                                                               

Download the 408th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

 

 

 

 

Is the European Union (EU) about to rescue the FBI from Going Dark? Jamil Jaffer and Nate Jones tell us that a new directive aimed at preventing child sex abuse might just do the trick, a position backed by people who’ve been fighting the bureau on encryption for years.

The Biden administration is prepping to impose some of the toughest sanction ever on Chinese camera maker Hikvision, Jordan Schneider No one is defending Hikvision’s role in China’s Uyghur policy, but I’m skeptical that we should spend all that ammo on a company that probably isn’t the greatest national security threat we face. Jamil is more comfortable with the measure, and Jordan reminds me that China’s economy is shaky enough that it may not pick a fight to save Hikvision. Speaking of which, Jordan schools me on the likelihood that Xi Jin Ping’s hold on power will be loosened by the plight of Chinese tech platforms, harsh pandemic lockdowns, or the grim lesson provided by Putin’s ability to move without check from tactical error to strategic blunder and on to historic disaster.

Speaking of products of more serious national security than Hikvision, Nate and I try to figure out why the effort to get Kaspersky software out of U.S. infrastructure is still stalled. I think the Commerce Department should take the fall.

In a triumph of common sense and science, the wave of dumb laws attacking face recognition may be receding as lawmakers finally notice what’s been obvious for five years: The claim that face recognition is “racist” is false. Virginia, fresh off GOP electoral gains, has revamped its law on face recognition so it more or less makes sense. In related news, I puzzle over why Clearview AI accepted a settlement of the ACLU’s lawsuit under Illinois’s biometric law.

Nate and I debate how much authority Cyber Command should have to launch actions and intrude on third country machines without going through the interagency process. A Biden White House review of that question seems to have split the difference between the Trump and Obama administrations.

Quelle surprise! Jamil concludes that the EU’s regulation of cybersecurity is an overambitious and questionable expansion of the U.S. approach. He’s more comfortable with the Defense Department’s effort to keep small businesses who take its money from decamping to China once they start to succeed. Jordan and I fear that the cure may be worse than the disease.

I get to say I told you so about the unpersuasive and cursory opinion by United States Judge Robert Pitman, striking down Texas’ social media law. The Fifth Circuit has overturned his injunction, so the bill will take effect, at least for a while. In my view some of the provisions are constitutional and others are a stretch; Judge Pitman’s refusal to do a serious severability analysis means that all of them will get a try-out over the next few weeks.

Jamil and I debate geofenced search warrants and the reasons why companies like Google, Microsoft and Yahoo want them restricted.

In quick hits,

                                                                                                                                               

Download the 407th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Whatever else the pundits are saying about the use of cyberattacks in the Ukraine war, Dave Aitel notes, they all believe it confirms their past predictions about cyberwar. Not much has been surprising about the cyber weapons the parties have deployed, Scott Shapiro agrees. The Ukrainians have been doxxing Russia’s soldiers in Bucha and its spies around the world. The Russians have been attacking Ukraine’s grid. What’s surprising is that the grid attacks have not seriously degraded civilian life, and how hard the Russians have had to work to have any effect at all. Cyberwar isn’t a bust, exactly, but it is looking a little overhyped. In fact, Scott suggests, it’s looking more like a confession of weakness than of strength: “My military attack isn’t up to the job, so I’ll throw in some fancy cyberweapons to impress The Boss.”

Would it have more impact here? We can’t know until the Russians (or someone else) gives it a try. But we should certainly have a plan for responding, and Dmitri Alperovitch and Sam Charap have offered theirs: Shut down Russia’s internet for a few hours just to show we can. It’s better than no plan, but we’re not ready to say it’s the right plan, given the limited impact and the high cost in terms of exploits exposed.

Much more surprising, and therefore interesting, is the way Ukrainian mobile phone networks have become an essential part of Ukrainian defense. As discussed in a very good blog post, Ukraine has made it easy for civilians to keep using their phones without paying no matter where they travel in the country and no matter which network they find there. At the same time, Russian soldiers are finding the network to be a dangerous honeypot. Dave and I think there are lessons there for emergency administration of phone networks in other countries.

Gus Hurwitz draws the short straw and sums up the second installment of the Elon Musk v. Twitter story. We agree that Twitter’s poison pill probably kills Musk’s chances of a successful takeover. So what else is there to talk about? In keeping with the confirmation bias story, I take a short victory lap for having predicted that Musk would try to become the Rupert Murdoch of the social oligarchs. And Gus helps us enjoy the festschrift of hypocrisy from the Usual Sources, all declaring that the preservation of democracy depends on internet censorship, administered by their friends.

Scott takes us deep on pipeline security, citing a colleague’s article for Lawfare on the topic. He thinks responsibility for pipeline security should be moved from Transportation Security Administration (TSA) to (FERC), because, well, TSA. The Biden administration is similarly inclined, but I’m not enthusiastic; TSA may not have shown much regulatory gumption until recently, but neither has FERC, and TSA can borrow all the cyber expertise it needs from its sister agency, CISA. An option that’s also open to FERC, Scott points out.

You can’t talk pipeline cyber security without talking industrial control security, so Scott and Gus unpack a recently discovered ICS malware package that is a kind of Metasploit for attacking operational tech systems. It’s got a boatload of features, but Gus is skeptical that it’s the best tool for causing major havoc in electric grids or pipelines. Also, remarkable: it seems to have been disclosed before the nation state that developed it could actually use it against an adversary. Now that’s Defending Forward!

As a palate cleanser, we ask Gus to take us through the latest in EU cloud protectionism. It sounds like a measure that will hurt U.S. intelligence but do nothing for Europe’s effort to build its own cloud industry. I recount the broader story, from subpoena litigation to the CLOUD Act to this latest counter-CLOUD attack. The whole thing feels to me like Microsoft playing both sides against the middle.

Finally, Dave takes us on a tour of the many proposals being launched around the world to regulate the use of Artificial Intelligence (AI) systems. I note that Congressional Dems have their knives out for face recognition vendor id.me. And I return briefly to the problem of biased content moderation. I look at research showing that Republican Twitter accounts were four times more likely to be suspended than Democrats after the 2020 election. But I find myself at least tentatively persuaded by further research showing that the Republican accounts were four times as likely to tweet links to sites that a balanced cross section of voters considers unreliable. Where is confirmation bias when you need it?

                                                                                                                                     

Download the 403rd Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The theme of this episode of the Cyberlaw Podcast is, “Be careful what you wish for.” Techlash regulation is burgeoning around the world. Mark MacCarthy takes us through a week’s worth of regulatory enthusiasm.  Canada is planning to force Google and Facebook to pay Canadian news media for links. It sounds simple, but arriving at the right price – and the right recipients – will require a hefty dose of discretionary government intervention. Meanwhile, South Korea’s effort to regulate Google’s Android app store policies, which also sounds simple, is quickly devolving into such detail that the government might as well call it price regulation – because that’s what it is. And, Mark notes, even in China, which seemed to be moderating its hostility to tech platforms, just announced algorithm compliance audits for TenCent and ByteDance.

Nobody is weeping for Big Tech, but anybody who thinks this kind of thing will hurt Big Tech has never studied the history of AT&T – or Rupert Murdoch. Incumbent tech companies have the resources to protect themselves from regulatory harm – and to make sure their competitors will be crushed by the burdens they bear. The one missing chapter in the mutual accommodation of Big Tech and Big Government, I argue, is a Rupert Murdoch figure – someone who will use his platform unabashedly to curry favor not from the left but from the right. It’s an unfilled niche, but a moderately conservative Big Tech company is likely to find all the close regulatory calls being made in its favor if (or, more likely, when) the GOP takes power. If you think that’s not possible, you missed the last week of tech news. Elon Musk, whose entire business empire is built on government spending, is already toying with occupying a Silicon Valley version of the Rupert Murdoch niche. His acquisition of nearly 10% of Twitter is an opening gambit that is likely to make him the man that conservatives hail as the antidote to Silicon Valley’s political monoculture. Axios’s complaint that the internet is becoming politically splintered is wildly off the mark today, but it may yet come true.

Nick Weaver brings us back to earth with a review of the FBI’s successful (for now) takedown of the Cyclops Blink botnet – a Russian cyber weapon that was disabled before it could be fired. Nick reminds us that the operation was only made possible by a change in search and seizure procedures that the Electronic Frontier Foundation (EFF) and friends condemned as outrageous just a decade ago. Last week, he reports, Western law enforcement also broke the Hydra dark market. In more good news, Nick takes us through the ways in which bitcoin’s traceability has enabled authorities to bust child sex rings around the globe.

Nick also brings us This Week in Bad News for Surveillance Software: FinFisher is bankrupt. Israeli surveillance software smuggled onto EU ministers’ phones is being investigated; and Google has banned apps that use particularly intrusive data collection tools, outed by Nick’s colleagues at the International Computer Science Institute.

Finally, Europe is building a vast network to do face recognition across the continent. I celebrate the likely defeat of ideologues who’ve been trying to toxify face recognition for years. And I note that one of my last campaigns at the Department of Homeland Security (DHS) was a series of international agreements that lock European law enforcement into sharing of such data with the United States. Defending those agreements, of course, should be a high priority for the State Department’s on-again-off-again new cyber bureau.

                                                                                                            

Download the 402nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.