Did you ever wonder where all that tech money came from all of a sudden? Turns out, a lot of it comes from online programmatic ads, an industry that gets little attention even from the companies, such as Google, that it made wealthy. That lack of attention is pretty ironic, because lack of attention

There’s a fine line between legislation addressing deepfakes and legislation that is itself a deep fake. Nate Jones reports on the only federal legislation addressing the problem so far. I claim that it is well short of a serious regulatory effort – and pretty close to a fake law.

In contrast, India seems serious about imposing liability on companies whose unbreakable end-to-end crypto causes harm, at least to judge from the howls of the usual defenders of such crypto. David Kris explains how the law will work. I ask why Silicon Valley gets to impose the externalities of encryption-facilitated crime on society without consequence when we’d never allow tech companies to say that society should pick up the tab for their pollution because their products are so cool. In related news, the FBI may be turning the Pensacola military terrorism attack into a slow-motion replay of the San Bernardino fight with Apple, this time with more top cover.


Continue Reading Episode 295: The line between deepfake legislation and deeply fake legislation

This Week in Mistrusting Google: Klon Kitchen points to a Wall Street Journal story about all the ways Google tweaks its search engine to yield results that look machine-made but aren’t. He and I agree that most of these tweaks have understandable justifications – but you have to trust Google not to misuse them. And increasingly no one does. The same goes for Google’s foray into amassing and organizing health data on millions of Americans. It’s a nothing-burger with mayo, unless you mistrust Google. Since mistrusting Google is a growth industry, it’s getting a lot of attention, including from HHS investigators. Matthew Heiman explains, and when he’s done, my money is on Google surviving that investigation comfortably. The capital of mistrusting Google is Brussels, and not surprisingly, Maury Shenk tells us that the EU has forced Google to modify its advertising protocols to exclude data on health-related sites visited by its customers.


Continue Reading Episode 288: Mistrusting Google

I propose this episode’s title as Baker’s Law of Evil Technology, something that explains Twitter’s dysfunctional woke-ness, Yahoo’s crappy security, and Uber’s deadly autonomous vehicles. Companies with lots of revenue can afford to offer a lot of stuff they don’t much care about, including protection of minority voices, security, and, um, not killing people. But as Uber’s travails show, all that can get tossed out the window when corporate survival is at stake. And here’s Baker’s Law in action: Airline algorithms that deliberately break up families sitting on the plane so they can charge to put the kids back in the same row.


Continue Reading Episode 241: “You’ll never know how evil a technology can be until the engineers deploying it fear for their jobs”

Nuala O'Connor & Stewart Baker
Nuala O’Connor & Stewart Baker

It’s an extended news roundup with plenty of debate between me and Nuala O’Connor, the President and CEO of the Center for Democracy and Technology (CDT).  We debate whether and how CDT should pay more attention to Chinese technology abuses and examine the EU ministers’ long list of privacy measures to be rolled back and security measures to be beefed up in the wake of the Brussels and Paris Daesh attacks.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Nuala O’Connor

Back for a rematch, John Lynch and I return to the “hackback” debate in episode 97, with Jim Lewis of CSIS providing color commentary.  John Lynch is the head of the Justice Department’s computer crime section.  We find more common ground than might be expected but plenty of conflict as well.  I suggest that Sheriff Arpaio in Arizona may soon be dressing hackers in pink while deputizing backhackers, while Jim Lewis focuses on the risk of adverse foreign government reactions.  We also consider when it’s lawful to use “web beacons” and whether trusted security professionals should be given more leeway to take action outside their customers’ networks.  In response to suggestions that those who break into hacker hop points might be sued by the third parties who nominally own those hop points, I suggest that those parties could face counterclaims for negligence.  We close with a surprisingly undogmatic discussion of Justice Department “no-action letters” for computer security practitioners considering novel forms of active defense.
Continue Reading Steptoe Cyberlaw Podcast – Interview with John Lynch