We begin with a new US measure to secure its supply chain for a critical infrastructure – the bulk power grid. David Kris unpacks a new Executive Order restricting purchases of foreign equipment for the grid.

Nick Weaver, meanwhile, explains the remarkable extent of surveillance built into Xiaomi phones and questions the company’s claim that it was merely acquiring pseudonymous ad-related data like others in the industry.

It wouldn’t be the Cyberlaw Podcast if we didn’t wrangle over mobile phones and the coronavirus. Mark MacCarthy says that several countries – Australia, the UK, and perhaps France – are deviating from the Gapple model for using phones for infection tracing. Several have bought in. India, meanwhile, is planning a much more government-driven approach to using phone apps to combat the pandemic.


Continue Reading Episode 314: Mirror-Image Decoupling

We open the episode with David Kris’s thoughts on the two-years-late CFIUS investigation of TikTok, its Chinese owner, ByteDance, and ByteDance’s US acquisition of the lip-syncing company Musical.ly. Our best guess is that this unprecedented reach-back investigation will end in a more or less precedented mitigation agreement.


Continue Reading Episode 285: ByteDance bitten by CFIUS

You knew we’d go there. I talk about Congresswoman Katie Hill’s “throuple” pics and whether the rush to portray her as a victim of revenge porn raises questions about revenge porn laws themselves. Paul Rosenzweig, emboldened by twin tweets – from President Trump calling Never-Trumpers like him “human scum” and from Mark Hamill welcoming him to the Rebel Scum Alliance – takes issue with me.


Continue Reading Episode 284: A throuple can keep a secret – if a couple of them are dead

Our interview is with Sultan Meghji, CEO of Neocova. We cover the large Chinese investment in quantum technology and what it means for the United States. It’s possible that Chinese physicists are even better than American physicists at extracting funding from their government. Indeed, it looks as though some quantum tech, such as the use of entangled particles to identify eavesdropping, may turn out to have dubious military value. But not all. Sultan thinks the threat of special purpose quantum computing to break encryption poses a real, near-term threat to US financial institutions’ security.


Continue Reading Episode 282: Has China opened a quantum hype lead over the US?

Our interview guests are Dick Clarke and Rob Knake, who have just finished their second joint book on cybersecurity, The Fifth Domain. We talk about what they got right and wrong in their original book. There are surprising flashes of optimism from Clarke and Knake about the state of cybersecurity, and the book itself is an up-to-date survey of the policy environment. Best of all, they have the courage to propose actual policy solutions to problems that many others just admire. I disagree with about half of their proposals, so much light and some heat are shed in the interview, which I end by bringing back the McLaughlin Group tradition of rapid-fire questions and an opinionated “You’re wrong” whenever the moderator disagrees. C’mon, you know the arguments are really why you listen, so enjoy this one!


Continue Reading Episode 269: A McLaughlin Group for cybersecurity

We interview Dmitri Alperovitch of CrowdStrike on the company’s 2019 Global Threat Report, which features a ranking of Western cyber adversaries based on how long it takes each of them to turn a modest foothold into code execution on a compromised network. The Russians put up truly frightening numbers – from foothold to execution in less than twenty minutes – but the real surprise is the North Koreans, who clock in at 2:20. The Chinese take the bronze at just over 4 hours. Dmitri also gives props to a newcomer – South Korea – whose skills are substantial.


Continue Reading Episode 252: In the cyber adversary Olympics, it’s Russia for the gold and North Korea (!) for the silver