Header graphic for print

Steptoe Cyberblog

Bonus: Interview with Bruce Schneier (2015)

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies


We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my May 2015 interview with Bruce about his earlier work, the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility.

We’ll be back in September with another edition of Blockchain Takes Over the Cyberlaw Podcast, followed by the new interview with Bruce Schneier.

Continue Reading

Webinar: The US-China Trade Relationship: Strategies for Coping with the New Normal

Posted in China

On August 28, Steptoe will host a webinar on US-China trade relations. From the announcement:

Over the past few months, US-China trade relations have radically changed. Under Section 301 of the Trade Expansion Act of 1962, the United States has imposed additional tariffs on billions worth of China imports and is threatening to import tariffs on billions more, and China has responded in kind. These tariffs have caused significant turmoil and uncertainty in the US business community.

We have prepared answers to some frequently asked questions to help companies cope with the most immediate consequences of these proceedings. But US companies must also start to consider the longer term repercussions of these tariffs. The landscape of US-China trade relations has been fundamentally altered, and US companies must consider how they can integrate this “new normal” into their business operations.

You can learn more and RSVP on the event page here.

Changes Afoot for CFIUS and US Export Controls as the Dust Settles on FIRRMA

Posted in CFIUS

After months of hearings and other deliberations, Congress passed, and President Trump signed into law on August 13, 2018, the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA). FIRRMA marks the first update to the Committee on Foreign Investment in the United States (CFIUS) in over a decade and will considerably expand the jurisdiction of the Committee and make other important changes to its rules. A text of the final version of FIRRMA (Sections 1701 to 1728 of the National Defense Authorization Act for Fiscal Year 2019 (NDAA)), is available here. The NDAA also includes comprehensive US export control reform legislation that (among other things) mandates increased US export controls over “emerging and foundational technologies” to address some of the US national security concerns that had led to calls for CFIUS reform. FIRRMA has gone through a number of revisions as it advanced in Congress and earlier versions of the bill are discussed in our previous International Law Advisories from June and January of this year.

The changes to CFIUS in FIRRMA are far-reaching. First, and most significantly, CFIUS’s jurisdiction will expand to cover additional investments in US critical infrastructure and critical technology companies and US companies that deal with substantial amounts of US personal data, certain real estate transactions, and concessions at ports and airports. This change will not go into effect until CFIUS updates its regulations and defines a number of key terms. Second, a new “declaration” filing mechanism could simplify the review process for some transactions – if CFIUS shows a willingness to accept these filings. Third, CFIUS is no longer a wholly voluntary process, as some transactions will now require filing with CFIUS. Fourth, the timeline for CFIUS review will be lengthened, and CFIUS will be authorized to charge “filing fees” for the first time.

For more information, please see our advisory.

Bonus: Interview with Joseph Nye (2015)

Posted in China, Cybersecurity and Cyberwar


We’re officially on hiatus this month, but we just couldn’t stay away that long. If you can’t live without The Cyberlaw Podcast in your life, then you’re in luck. We’re releasing a couple bonus episodes with some of my favorite past interviews.

Continue Reading

Episode 228: Best idea yet for derailing the Kavanaugh nomination

Posted in CFIUS, China, Cybersecurity and Cyberwar, European Union, Privacy Regulation, Security Programs & Policies
FTC Commissioner Noah Phillips

FTC Commissioner Noah Phillips

Our guest for the interview is Noah Phillips, recently appointed FTC Commissioner and former colleague of Stewart Baker at Steptoe. Noah fields questions about the European Union, privacy, and LabMD, about whether Silicon Valley suppression of conservative speech should be a competition law issue, about how foreign governments’ abuse of merger approvals can be disciplined, and much more.

Continue Reading

Episode 227: Defending against deep fakes with lifelogs, watermarks … and tatts?

Posted in China, Cybersecurity and Cyberwar, European Union
Patt Cannaday and Stewart Baker

Patt Cannaday and Stewart Baker

In this episode, Bobby Chesney explains the rapid emergence of undetectably forged videos. They’re not here yet, but before we’re ready the Internet will be awash with fake revenge porn, fake human rights atrocities, and fake political scandals. Our talk revolves around a recent paper by Bobby and Danielle Citron. I confess to having seriously considered federal support for a fake video involving Osama bin Laden and kumquats (not what you’re thinking, though that would have been good, too). Bobby and I discuss the ways in which the body politic – and particular political bodies – might protect themselves. This leads Bobby to propose a special Cyberlaw Podcast mug for best listener suggestions for what tattoo – and where – I should get as my last line of defense. He’s on. Send them to CyberlawPodcast@steptoe.com.

Continue Reading

Episode 226: Where are all my Twitter followers?

Posted in CFIUS, China, Cybersecurity and Cyberwar, Privacy Regulation, Russia

In Episode 226 of The Cyberlaw Podcast, Stewart departs for the wilderness, and the News Roundup team (Brian Egan with Matthew Heiman, Jim Lewis, and Dr. Megan Reiss) muddles through without him.

Continue Reading

Episode 225: Interview with General Michael Hayden

Posted in China, Data Breach, European Union, Security Programs & Policies
General Michael Hayden and Stewart Baker

General Michael Hayden and Stewart Baker

Our interview is with Gen. Michael Hayden, author of The Assault on Intelligence: American National Security in an Age of Lies. Gen. Hayden is a former head of the CIA and NSA, and a harsh critic of the Trump Administration. We don’t agree on some of his criticisms, but we have a productive talk about how intelligence should function in a time of polarization and foreign intervention in our national debates.

Continue Reading

Episode 224 with Duncan Hollis: Do we need an international “potluck” cyber coalition?

Posted in China, Data Breach, International, Privacy Regulation

I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand for the proposal. To no one’s surprise, Duncan and I disagree about the value of international law in the field, but we agree on the value of informal, agile, and “potluck” actions on the world stage. In support, I introduce Baker’s Law of International Institutions: “The secretariat always sees the United States as its natural enemy.”

At the end, Duncan mentions in passing his work with Microsoft on international rulemaking, and I throw down on “Brad Smith’s godforsaken proposal.” Brad, if you are willing to come on the podcast to defend that proposal, I’ve promised Duncan a highly coveted Cyberlaw Podcast mug.

Continue Reading

Episode 223 with David Sanger: A war reporter for the cyber age

Posted in China, Cybersecurity and Cyberwar, International, Russia

Episode 223 with David Sanger: A war reporter for the cyber age

I interview David Sanger in this episode on his new book, The Perfect Weapon – War, Sabotage, and Fear in the Cyber Age. It is an instant history of how the last five years have transformed the cyberwar landscape as dozens of countries follow a path first broken by Stuxnet. And then, to our horror, branch out into new and highly successful ways of waging cyberwar. Mostly against us.  David depicts an Obama administration paralyzed by the Rule of Lawyers and a fear that our opponents would always have one more rung than we did on the escalation ladder. The Trump administration also takes its lumps, sometimes fairly and sometimes not. At center stage in the book is Putin’s uniquely brazen and uniquely impactful use of information warfare, but the North Koreans and the Chinese also play major roles.  It is as close to frontline war reporting as cyber conflict is likely to get.

Continue Reading