• This episode of the Cyberlaw Podcast is dominated by things that U.S. officials said in San Francisco last week at the Rivest-Shamir-Adleman (RSA) conference. We summarize what they said and offer our views of why they said it.
  • Bobby Chesney, returning to the podcast after a long absence, helps us assess Russian warnings that

Much of this episode is devoted to the new digital curtain falling across Europe. Gus Horwitz and Mark-MacCarthy review the tech boycott that has seen companies like Apple, Samsung, Microsoft and Adobe pull their service from Russia. Nick Weaver describes how Russia cracked down on independent Russian media outlets and blocked access to the

Our interview is with Alex Joel, former Chief of the Office of Civil Liberties, Privacy, and Transparency at the Office of the Director of National Intelligence. Alex is now at the American University law school’s Tech, Law, and Security Program. We share stories about the difficulties of government startups and how the ODNI carved out a role for itself in the Intelligence Community (hint: It involved good lawyering). We dive pretty deep on recent FISA court opinions and the changes they forced in FBI procedures. In the course of that discussion, I realize that every “reform” of intelligence dreamed up by Congress in the last decade has turned out to be a self-licking compliance trap, and I take back some of my praise for the DNI’s lawyering.

Continue Reading Episode 283: Is intelligence “reform” a self-licking ice cream cone and compliance trap?

What is the federal government doing to get compromised hardware and software out of its supply chain? That’s what we ask Harvey Rishikof, coauthor of “Deliver Uncompromised,” and Joyce Corell, who heads the Supply Chain and Cyber Directorate at the National Counterintelligence and Security Center. There’s no doubt the problem is being admired to a fare-thee-well, and some evidence it’s also being addressed. Listen and decide!

Continue Reading Episode 272: Illuminating supply chain security

Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.  John Lynch is the head of the Justice Department’s computer crime section.  We find more common ground than might be expected but plenty of conflict as well.  I suggest that Sheriff Arpaio in Arizona may soon be dressing hackers in pink while deputizing backhackers, while Jim Lewis focuses on the risk of adverse foreign government reactions.  We also consider when it’s lawful to use “web beacons” and whether trusted security professionals should be given more leeway to take action outside their customers’ networks.  In response to suggestions that those who break into hacker hop points might be sued by the third parties who nominally own those hop points, I suggest that those parties could face counterclaims for negligence.  We close with a surprisingly undogmatic discussion of Justice Department “no-action letters” for computer security practitioners considering novel forms of active defense.
Continue Reading Steptoe Cyberlaw Podcast – Interview with John Lynch

Still trying to dig out from under our hiatus backlog, we devote episode 80 to our regulars.  We’ll bring back a guest next week.  This week it’s a double dose of Jason Weinstein, Michael Vatis, Stewart Baker, and Congress-watcher Doug Kantor.

Michael offers an analysis of the Second Circuit’s oral argument

The wave of service disruptions to several major US financial institutions are widely attributed to Iran. These distributed denial of service attacks have grown so serious that US banks have asked the National Security Agency for help.

However, privacy advocates tell us who we should really be worried about: “’The dual mission of the