The Cyberspace Solarium Commission’s report was released into the teeth of the COVID-19 crisis and hasn’t attracted the press it probably deserved. But the commissioners included four sitting Congressmen who plan to push for adoption of its recommendations. And the Commission is going to be producing more material – and probably more press attention – over the coming weeks. In this episode, I interview Sen. Angus King, co-chair of the Commission, and Dr. Samantha Ravich, one of the commissioners.

We focus almost exclusively on what the Commission’s recommendations mean for the private sector. The Commission has proposed a remarkably broad range of cybersecurity measures for business. The Commission recommends a new products liability regime for assemblers of final goods (including software) who don’t promptly patch vulnerabilities. It proposes two new laws requiring notice not only of personal data breaches but also of other significant cyber incidents. It calls for a federal privacy and security law – without preemption. It updates Sarbanes-Oxley to include cybersecurity principles. And lest you think the Commission is in love with liability, it also proposed liability immunities for critical infrastructure owners operating under government supervision during a crisis. We cover all these proposals, plus the Commission’s recommendation of a new role for the Intelligence Community in providing support to critical US companies.


Continue Reading Episode 311: What the Cyberspace Solarium Report Means for the Private Sector

Nick Weaver and I debate Sens. Graham and Blumenthal’s EARN IT Act, a proposal to require that social media firms follow best practices on preventing child abuse. If they don’t, they won’t get full Section 230 immunity from liability for recklessly allowing the abuse. Nick thinks the idea is ill-conceived and doomed to fail. I think there’s a core of sense to the proposal, which simply asks that Silicon Valley firms who are reckless about child abuse on their networks pay for the social costs they’re imposing on society. Since the bill gives the attorney general authority to modify the best practices submitted by a commission of industry, academic, and civic representatives, critics are sure that the final product will reduce corporate incentives to offer end-to-end encryption.


Continue Reading Episode 298: Bill Barr as Bogeyman

The Foreign Agent Registration Act is having a moment – in fact its best year since 1939, as the Justice Department charges three people with spying on Twitter users for Saudi Arabia. Since they were clearly acting like spies but not stealing government secrets or company intellectual property, FARA seems to be the only law that they could be charged with violating. Nate Jones and I debate whether the Justice Department can make the charges stick.


Continue Reading Episode 287: Plumbing the depths of artificial stupidity

Joel Trachtman thinks it’s a near certainty that the WTO agreements will complicate US efforts to head off an IoT cybersecurity meltdown, and there’s a real possibility that a US cybersecurity regime could be held to violate our international trade obligations. Claire Schachter and I dig into the details of the looming

We begin this episode with a quick tour of the Apple antitrust decision that pitted two Trump appointees against each other in a 5-4 decision. Matthew Heiman and I consider the differences in judging styles that produced the split and the role that 25 years of “platform billionaires” may have played in the decision.


Continue Reading Episode 264: Unpacking the Supreme Court’s decision in Pepper v. Apple

Our interview is with two men who overcame careers as lawyers and journalists to become serial entrepreneurs now trying to solve the “fake news” problem. Gordon Crovitz and Steve Brill co-founded NewsGuard to rate news sites on nine journalistic criteria. Using, of all things, real people instead of algorithms. By the end of the interview, I’ve confessed myself a reluctant convert to the effort. This is despite NewsGuard’s treatment of Instapundit, which Gordon Crovitz and I both read regularly but which has not received a green check.


Continue Reading Episode 253: Where angels fear to tread: NewsGuard takes on fake news

In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to US cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of a few years.


Continue Reading Episode 249: Black swans, black ops, BlackCube, and red herrings

Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in the decade since he left government. He’s a little friendlier to European notions of data protection, a little more cautious about government authority to access data, and even a bit more open to the idea of letting the victims of cyberattacks leave their networks to find their attackers (under government supervision, that is). It’s a thoughtful, practical meditation on where the digital revolution is taking us and how we should try to steer it.

Michael Chertoff and Stewart Baker
Michael Chertoff and Stewart Baker


Continue Reading Episode 231: Ah, September, when Europe unleashes a summer’s worth of crazy

The Cyberlaw Podcast – Interview with Chris Bing and Patrick Howell O’Neill

Episode 211: Senators Markey and Blumenthal bury the lede

Our interview is with Chris Bing and Patrick Howell O’Neill of Cyberscoop. They’ve broken two cyberscoops in the last week or so. First, an in-depth look at Kaspersky’s outing of a US cyberespionage program