Header graphic for print
Steptoe Cyberblog

Tag Archives: security

The Cyberlaw Podcast — Election Cybersecurity Panel with Chris Krebs and Ed Felten

Posted in Security Programs & Policies

191: Election security may be better than you think.  Unless you live in New Jersey. Episode 191 is our long-awaited election security podcast before a live, and lively, audience.  Our panel consists of Chris Krebs, formerly of Microsoft and now the top cybersecurity official at DHS (with the longest title in the federal government as proof),… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 132, our threepeat guest is Ellen Nakashima, star cyber reporter for the Washington Post.  Markham Erickson and I talk to her about Vladimir Putin’s endless appetite for identifying ‒ and crossing ‒ American red lines, the costs and benefits of separating NSA from Cyber Command, and the chances of a pardon for Edward… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Congressman Will Hurd (R-TX)

Posted in Cybersecurity and Cyberwar, International

What’s the difference between serving in Congress and spying in the back alleys of a Middle Eastern bazaar? Why not ask the one Congressman who’s done both – Rep. Will Hurd (R-TX). He also has cybersecurity chops from his career in industry, so he makes the perfect guest for episode 124a of the podcast. Just running through… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Fred Kaplan

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Was Iran’s cyberattack that bricked vast numbers of Saudi Aramco computers justified by a similar attack on the National Iranian Oil Company a few months’ earlier?  Does NSA have the ability to “replay” and attribute North Korean attacks on companies like Sony? And how do the last six NSA directors stack up against each other? … Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Live from RSA, it’s episode 104, with special guest Jim Lewis, CSIS’s renowned cybersecurity expert and Steptoe’s own Alan Cohn.  We do an extended news roundup before an RSA audience that yields several good questions for the panel.  We had invited Bruce Sewell, Apple’s General Counsel, to participate, but he didn’t show.  So we felt… Continue Reading

FinTech Bits: Are Bitcoin and Other Digital Currencies Securities?

Posted in Blockchain, Security Programs & Policies, Virtual Currency

Anyone who has tried to explain bitcoin around their kitchen table knows that it is not easy to put your finger on what exactly the technology is.  Because of their innovative nature, digital currencies don’t have obvious analogs or fit easily into existing categories.  Bitcoin is part currency, part digital payment system, and part immutable… Continue Reading

FinTech Bits: Bitcoin and Terrorist Financing

Posted in Blockchain, Security Programs & Policies, Virtual Currency

Following the attacks in Paris and San Bernardino, polls show that Americans identify terrorism—more than any other issue—as the most important problem facing the US.  In this environment, some media outlets have predicted a pending “crackdown” on digital currencies, particularly by European governments, because of the risk that the technology could be used to fund… Continue Reading

The GitHub Attack, Part 1: Making International Cyber Law the Ugly Way

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Over the past few years, the US government has invested heavily in trying to create international norms for cyberspace. We’ve endlessly cajoled other nations to agree on broad principles about internet freedom and how the law of war applies to cyberconflicts. Progress has been slow, especially with countries that might actually face us in a cyberwar…. Continue Reading

Why Tort Liability Won’t Produce Good Cybersecurity

Posted in Data Breach, Security Programs & Policies

Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. Those who see tort law as… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Our guest for the first podcast of 2015 is Jim Lewis, a senior fellow and director of the Strategic Technologies Program at CSIS, where he writes on technology, security, and the international economy. We try a new, slightly shorter format for 2015, with quick takes on a batch of headlines: Will fingerprint phone locks protect… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dmitri Alperovich

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

This week in NSA: We take a look at the other half of the Lofgren amendment, which prohibits NSA and CIA from asking a company to “alter its product or service to permit electronic surveillance.”  So if Mullah Omar orders a phone from Amazon, the government can’t ask Amazon to put a bug in it… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ralph Langner

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week in NSA: The House passes an NDAA amendment to regulate “secondary” searches of 702 data, and the prize for Dumbest NSA Story of the Month Award goes to Andrea Peterson of the Washington Post for exposing NSA’s shocking use of “Skilz points” to encourage its analysts to use new tools to do their… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Paul Rosenzweig

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Our guest for the week, Paul Rosenzweig, is as knowledgeable as anyone about cybersecurity and intelligence law.  He blogs on the topics for Lawfare, writes for the Homeland Security Institute, consults for Red Branch Consulting, and lectures for the Great Courses on Audible. So this week we let him comment on the stories of the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Congressman Mike Pompeo

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s interview is with Rep. Mike Pompeo, a member of the House Intelligence Committee who joined the House in 2010 after three careers, any one of which would have been enough for an ordinary man.  First in his class in West Point, he left the Army to study law at Harvard, where he made… Continue Reading

The NYT makes the case for surveillance cameras

Posted in Privacy Regulation

The ACLU and EPIC have campaigned long and hard against surveillance cameras in public spaces, and they’ve had considerable success — despite a paucity of actual serious privacy abuses.  So it’s worth remembering that all this privacy theater imposes real costs on crime victims. This story, headlined “After Boy and Girl Are Stabbed, Anger Over… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ron Deibert

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

We begin this week’s podcast with Edward Snowden’s NBC interview and the kerfuffle over his claim to have raised concerns about the agency’s intelligence programs before he launched his campaign of leaks.  That leads us (or me, at least) to a meditation on Snowden’s style of truth-telling, which turns out to be almost indistinguishable from,… Continue Reading

“Groundhog Day” for Data Breaches

Posted in Data Breach, Security Programs & Policies

Here we go again.  A prominent company suffers a data breach.  The company publicly alerts its customers.  The company almost immediately finds itself the subject of inquiries from Congress and the target of investigations by regulators.  Before long, class action lawyers will crank out complaints as if they’re Mad Libs, filling in the name of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Chris Painter

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This episode of the Steptoe Cyberlaw Podcast features an interview with Chris Painter, the State Department’s Coordinator for Cyber Issues.  Chris had a long and distinguished career at the Justice Department and the White House before joining State.  Our interview ranges widely.  Are there really norms in cyberconflict, and should the US really encourage the… Continue Reading

Steptoe Cyberlaw Podcast – An Interview with Brian Krebs

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s podcast features Brian Krebs, the noted security researcher behind Krebs on Security.  Brian comments on the week’s news before giving us an interview on the latest in Russian cybercrime.  We talk about why Microsoft is still patching XP – and why that probably gives its lawyers heartburn.  Brian unpacks Covert Redirection, the latest… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Elana Broitman and Shawn Cooley

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

We begin the podcast with This week in NSA, but how long that feature will survive is in doubt.  Because what’s most newsworthy this week is that there was practically no news about NSA.  Or at least no new scandal stories.  The principal new release came from the US government and consisted of a FISA… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Benjamin Wittes

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

This week’s podcast features a conversation with none other than Lawfare’s own Ben Wittes. But it begins as usual with This Week in NSA: A Reuters story claims that researchers showed something bad about the way NSA influenced the Dual EC encryption standard.  The story glided insouciantly over two of the more newsworthy aspects of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Allen

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our special guest this week is Michael Allen, former Majority Staff Director of the House intelligence committee.  Mike is the founder of Beacon Global Strategies and the author of Blinking Red, the story of the creation of the Director of National Intelligence. We drag him into the program from the beginning, getting his take on… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s cyberlaw podcast begins as always with the week in NSA. We suspect that a second tech exec meeting with the President (for two hours!) bodes ill for the intelligence community, or at least the 215 metadata program, as does the shifting position of usually stalwart NSA supporters like Dianne Feinstein and Dutch Ruppersberger…. Continue Reading