Header graphic for print
Steptoe Cyberblog

Category Archives: Security Programs & Policies

Subscribe to Security Programs & Policies RSS Feed

Episode 256: National Bloviation Strategy

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

  I know. That could be any national strategy written in the last 15 years. And that’s the point. In our interview, Dr. Amy Zegart and I discuss the national cyber strategy and what’s wrong with it, along with the culture clash between DOD and Silicon Valley (especially Google), and whether the Mueller report should… Continue Reading

Episode 250: We give you Weaver

Posted in China, European Union, International, Privacy Regulation, Security Programs & Policies

  If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast – DOJ’s indictment of a couple of kids whose hacker chops are modest but whose… Continue Reading

Episode 249: Black swans, black ops, BlackCube, and red herrings

Posted in Data Breach, International, Russia, Security Programs & Policies

  In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to US cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of… Continue Reading

Episode 241: “You’ll never know how evil a technology can be until the engineers deploying it fear for their jobs”

Posted in International, Security Programs & Policies

  I propose this episode’s title as Baker’s Law of Evil Technology, something that explains Twitter’s dysfunctional woke-ness, Yahoo’s crappy security, and Uber’s deadly autonomous vehicles. Companies with lots of revenue can afford to offer a lot of stuff they don’t much care about, including protection of minority voices, security, and, um, not killing people…. Continue Reading

Episode 239: The Ministry of Silly Talk

Posted in CFIUS, China, International, Security Programs & Policies

  Today’s interview is a deep (and long – over an hour) dive into new investment review regulations for the Committee on Foreign Investment in the United States (CFIUS). It’s excerpted from an ABA panel discussion on the topic, featuring: Tom Feddo, who currently oversees CFIUS; Aimen Mir, who used to oversee CFIUS; Sanchi Jayaram,… Continue Reading

Episode 238: Bold Prediction Episode: Foreign governments will not hack this election

Posted in China, International, Security Programs & Policies

  This episode puts our experts on the spot with an election-eve question: Will foreign governments attack US electoral rolls or vote-counting machinery in 2018? Remarkably, no one on our panel (Matthew Heiman, Nick Weaver, David Kris, and I) thinks they will. So if you want cybersecurity news, you can stop listening to election coverage… Continue Reading

Episode 236: Twitterlaw and the Khashoggi killing

Posted in China, Data Breach, European Union, International, Security Programs & Policies

  In this episode’s interview we ask whether the midterm elections are likely to suffer as much foreign hacking and interference as we saw in 2016. The answer, from Christopher Krebs, Under Secretary for National Protection and Programs Directorate (soon to be the Cybersecurity and Infrastructure Security Agency), is surprisingly comforting, though hardly guaranteed. Briefly,… Continue Reading

Episode 235: It’s a Bird, It’s a Plane, It’s … Doug?

Posted in CFIUS, China, European Union, Government Contracts, International, Security Programs & Policies

  Today we interview Doug, the chief legal officer of GCHQ, the British equivalent of NSA. It’s the first time we’ve interviewed someone whose full identify is classified. Out of millions of possible pseudonyms, he’s sticking with “Doug.” Listen in as he explains why. More seriously, Doug covers the now-considerable oversight regime that governs GCHQ’s intercepts… Continue Reading

European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)

Posted in Data Breach, European Union, International, Security Programs & Policies

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR. At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope. These guidelines should help provide a common interpretation of… Continue Reading

Stewart Baker Appears on This Week in Law

Posted in Cybersecurity and Cyberwar, European Union, International, Security Programs & Policies

Earlier this month, Stewart appeared as a guest on Episode 434 of This Week in Law with Denise Howell. Members of Congress want to know the potential impact of deepfakes, India’s Aadhaar ID database is hacked, EU could fine companies for not removing terrorist content in an hour, U.S. policy on Cyber warfare, vending machines… Continue Reading

Episode 230: Click Here to Kill Everybody

Posted in International, Privacy Regulation, Security Programs & Policies

  We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more… Continue Reading

Bonus: Interview with Bruce Schneier (2015)

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

  We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my… Continue Reading

Episode 228: Best idea yet for derailing the Kavanaugh nomination

Posted in CFIUS, China, Cybersecurity and Cyberwar, European Union, Privacy Regulation, Security Programs & Policies

Our guest for the interview is Noah Phillips, recently appointed FTC Commissioner and former colleague of Stewart Baker at Steptoe. Noah fields questions about the European Union, privacy, and LabMD, about whether Silicon Valley suppression of conservative speech should be a competition law issue, about how foreign governments’ abuse of merger approvals can be disciplined,… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in China, International, Privacy Regulation, Security Programs & Policies

Episode 218: The Mugshots.com Case: California Crazy Meets European Crazy In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case… Continue Reading

The Cyberlaw Podcast – Interview with Nicholas Schmidle

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 215:  The Zelig of Hacking Back Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up… Continue Reading

The Cyberlaw Podcast – Interview with Michael Page

Posted in AI, CFIUS, China, Security Programs & Policies

Episode 209 It was a cyberlaw-packed week in Washington. Congress jammed the CLOUD Act into the omnibus appropriations bill, and boom, just like that, it’s law. Say good-bye to the Microsoft Ireland case just argued in the Supreme Court. Maury Shenk offers a view of the Act from the United Kingdom, the most likely and maybe the only… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in Blockchain, Cybersecurity and Cyberwar, International, Security Programs & Policies

Episode 205: Scandularity Today’s news roundup begins with Maury Shenk and Brian Egan offering their views about the Supreme Court oral argument in the Microsoft Ireland case. We highlight some of the questions that may tip the Justices’ hand. Brian and I dig into the Dems’ reply memo on the Carter Page FISA application. I’m mostly unshocked… Continue Reading

The Cyberlaw Podcast – Interview with Glenn Gerstell

Posted in Privacy Regulation, Security Programs & Policies

Episode 203: Interview with Glenn Gerstell This episode consists of Jamil Jaffer and I interviewing Glenn Gerstell, the General Counsel of the National Security Agency. Glenn explains what it was like on the inside of the effort to reauthorize section 702 of FISA. Jamil and I ask him whether the FISA court has the authority to deal… Continue Reading

The Cyberlaw Podcast – The News Roundup

Posted in International, Security Programs & Policies

Cyberlaw Podcast alumnus Marten Mickos was called before the Senate Commerce Committee to testify about HackerOne’s bug bounty program. But the unhappy star of the hearings was Uber, which was heavily criticized for having paid out a large bonus under cloudy circumstances. Sen. Blumenthal and others on the Hill treated the payment as more ransom than bounty… Continue Reading