Our interview is with Alex Joel, former Chief of the Office of Civil Liberties, Privacy, and Transparency at the Office of the Director of National Intelligence. Alex is now at the American University law school’s Tech, Law, and Security Program. We share stories about the difficulties of government startups and how the ODNI carved out a role for itself in the Intelligence Community (hint: It involved good lawyering). We dive pretty deep on recent FISA court opinions and the changes they forced in FBI procedures. In the course of that discussion, I realize that every “reform” of intelligence dreamed up by Congress in the last decade has turned out to be a self-licking compliance trap, and I take back some of my praise for the DNI’s lawyering.


Continue Reading

What is the federal government doing to get compromised hardware and software out of its supply chain? That’s what we ask Harvey Rishikof, coauthor of “Deliver Uncompromised,” and Joyce Corell, who heads the Supply Chain and Cyber Directorate at the National Counterintelligence and Security Center. There’s no doubt the problem is being admired to a fare-thee-well, and some evidence it’s also being addressed. Listen and decide!


Continue Reading

Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.  John Lynch is the head of the Justice Department’s computer crime section.  We find more common ground than might be expected but plenty of conflict as well.  I suggest that Sheriff Arpaio in Arizona may soon be dressing hackers in pink while deputizing backhackers, while Jim Lewis focuses on the risk of adverse foreign government reactions.  We also consider when it’s lawful to use “web beacons” and whether trusted security professionals should be given more leeway to take action outside their customers’ networks.  In response to suggestions that those who break into hacker hop points might be sued by the third parties who nominally own those hop points, I suggest that those parties could face counterclaims for negligence.  We close with a surprisingly undogmatic discussion of Justice Department “no-action letters” for computer security practitioners considering novel forms of active defense.
Continue Reading

Still trying to dig out from under our hiatus backlog, we devote episode 80 to our regulars.  We’ll bring back a guest next week.  This week it’s a double dose of Jason Weinstein, Michael Vatis, Stewart Baker, and Congress-watcher Doug Kantor.

Michael offers an analysis of the Second Circuit’s oral argument

The wave of service disruptions to several major US financial institutions are widely attributed to Iran. These distributed denial of service attacks have grown so serious that US banks have asked the National Security Agency for help.

However, privacy advocates tell us who we should really be worried about: “’The dual mission of the