What good is CISA, anyway?

Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good.  But what changes, and how much difference will they make to network defenders?  That’s the topic we explore in episode 87 with our guest, Ari Schwartz.  Ari has just finished a tour as senior director for cybersecurity on the United States National Security Council Staff at the White House.  He and I and Alan Cohn go deep into the weeds so you won’t have to.  Our conclusion?  The main value of the bill is that it frees some companies from aging privacy rules that prevented information sharing with groups that include the government.  It also enables companies to monitor their networks without fear of liability under even older privacy laws preventing interception of communications without all parties’ consent.  The other lesson to be drawn from the bill is that privacy groups are still something of a paper tiger without business support.  More than seventy senators voted for CISA over the bleeding bodies of every privacy group in the country. 
Continue Reading Steptoe Cyberlaw Podcast – Interview with Ari Schwartz

Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth?  That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think).  Mikko is the Chief Research Officer at F-Secure and a long-time expert in computer security who has spoken and consulted around the world for over 20 years.  His company recently published a lengthy paper on Russian government cyberspies, which F-Secure calls “the Dukes.”  Mikko describes the Dukes’ targets and tactics, including a remarkably indiscriminate attack on a Tor exit node.  I press him on whether attribution is really getting better, and on whether F-Secure’s paper eases or heightens concerns about Kaspersky’s ties to Russian intelligence.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Mikko Hypponen

In episode 84 our guest is Jack Goldsmith, Professor at Harvard Law School, a Senior Fellow at the Hoover Institution at Stanford University, and co-founder of the Lawfare blog.  Before coming to Harvard, he served as Assistant Attorney General, Office of Legal Counsel and Special Counsel to the Department of Defense.  From cyberespionage to the right to be forgotten and the end of the Safe Harbor, we explore the many ways in which a globalized economy has tied the US government’s hands in cybersecurity matters – and subjected the United States to extensive extraterritorial “soft power” at the hands of Europeans.

In the news roundup, the headline news is the continuing fallout from the ECJ’s attack on the Safe Harbor.  Michael Vatis and Maury Shenk bring us up to date.  Jason Weinstein explains why the latest convicted hacker thinks he should be a civil liberties hero/victim – and how weev has found yet another outlet for his bitterness at DOJ.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Jack Goldsmith

Bruce Schneier joins Stewart Baker and Alan Cohn for an episode recorded live in front of an audience of security and privacy professionals.  Appearing at the conference Privacy.Security.Risk. 2015., sponsored by the IAPP and the Cloud Security Alliance, Bruce Schneier talks through recent developments in law and technology.

The three of us stare into the pit opened by an overwrought (and overdue and overweening) European Court of Justice advisor.  If the European Court of Justice follows his lead (and what seems to be its inclinations), we could face a true crisis in transatlantic relations.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Cyberlaw negotiations are the theme of episode 82, as the US and China strike a potentially significant agreement on commercial cyberespionage and Europeans focus on tearing up agreements with the US and intruding on US sovereignty.

Our guest for the episode is Jim Lewis, a senior fellow and director of the Strategic Technologies Program at the Center for Strategic and International Studies.  Most importantly, Jim is one of the most deeply informed and insightful commentators on China and cybersecurity.  He offers new perspectives on the Obama-Xi summit and what it means for cyberespionage.
Continue Reading Steptoe Cyberlaw Podcast – Interview with Jim Lewis