This episode features an in-depth (and occasionally contentious) interview with Bart Gellman about his new book, Dark Mirror: Edward Snowden and the American Surveillance State, which can be found on his website and on Amazon. I’m tagged in the book as having been sharply critical of Gellman’s Snowden stories, and I live

There’s a fine line between legislation addressing deepfakes and legislation that is itself a deep fake. Nate Jones reports on the only federal legislation addressing the problem so far. I claim that it is well short of a serious regulatory effort – and pretty close to a fake law.

In contrast, India seems serious about imposing liability on companies whose unbreakable end-to-end crypto causes harm, at least to judge from the howls of the usual defenders of such crypto. David Kris explains how the law will work. I ask why Silicon Valley gets to impose the externalities of encryption-facilitated crime on society without consequence when we’d never allow tech companies to say that society should pick up the tab for their pollution because their products are so cool. In related news, the FBI may be turning the Pensacola military terrorism attack into a slow-motion replay of the San Bernardino fight with Apple, this time with more top cover.


Continue Reading Episode 295: The line between deepfake legislation and deeply fake legislation

Brad Smith is President of Microsoft and author (with Carol Ann Browne) of Tools and Weapons: The Promise and Peril of the Digital Age. The book is a collection of vignettes of the tech policy battles in the last decade or so. Smith had a ringside seat for most of them, and he recounts what he learned in a compelling and good-natured way in the book – and in this episode’s interview. Starting with the Snowden disclosures and the emotional reaction of Silicon Valley, through the CLOUD Act, Brad Smith and Microsoft displayed a relatively even keel while trying to reflect the interests of its many stakeholders. In that effort, Smith makes the case for more international cooperation in regulating digital technology. Along the way, he discloses how the Cyberlaw Podcast’s own Nate Jones and Amy Hogan-Burney became “Namy,” achieving a fame and moniker inside Microsoft that only Brangelina has achieved in the wider world. Finally, he sums up Microsoft’s own journey in the last quarter century as a recognition that humility is a better long-term strategy than hubris.


Continue Reading Episode 289: Brad Smith on Microsoft’s Journey from Hubris to Humility

Today’s interview is a deep (and long – over an hour) dive into new investment review regulations for the Committee on Foreign Investment in the United States (CFIUS). It’s excerpted from an ABA panel discussion on the topic, featuring: Tom Feddo, who currently oversees CFIUS; Aimen Mir, who used to oversee CFIUS; Sanchi Jayaram, who is in charge of the Justice Department’s CFIUS and Team Telecom work; David Fagan, a noted CFIUS practitioner; and me as moderator. It turns out the new CFIUS law may be the most innovative – and sweeping – piece of legislation on national security in years.


Continue Reading Episode 239: The Ministry of Silly Talk

We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my May 2015 interview with Bruce about his earlier work, the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility.

We’ll be back in September with another edition of Blockchain Takes Over the Cyberlaw Podcast, followed by the new interview with Bruce Schneier.


Continue Reading Bonus: Interview with Bruce Schneier (2015)

In this episode, we interview Jim Miller, co-chair of a Defense Science Board panel that reported on how the US is postured for cyberconflict and the importance of deterrence. The short answer: deterring cyberconflict is important because our strategic cyberconflict posture sucks. The DSB report is thoughtful, detailed, and troubling. Jim Miller manages to

Edward Snowden criticizes Russia’s mass surveillance law, and a Russian official retaliates by outing him ‒ as a Russian intelligence source.  Silent Circle, the phone company that built its marketing on fear and loathing of the NSA, is nearing bankruptcy. And members of the dominant European Parliament faction are asking the Commission,

Want to see cyber attribution and deterrence in action? In August, a hacker pulled the names of US military personnel and others out of a corporate network and passed them to ISIL. British jihadist Junaid Hussain exulted when ISIL released the names. “They have us on their ‘hit list,’ and we have them on ours too…,” he tweeted. On the whole, I’d rather be on theirs. Two weeks after his tweet, Hussain was killed in a US airstrike, and two months after that, the hacker was arrested in Malaysia (subscription required) on a US warrant.

We explore that story and more with Gen. Michael Hayden, the only person to serve as both Director of the National Security Agency and of the Central Intelligence Agency. Gen. Hayden explains why he differs with FBI director Comey on encryption and with the European Court of Justice on whether the US sufficiently respects privacy rights, along with other topics.


Continue Reading Steptoe Cyberlaw Podcast – Interview with Gen. Michael Hayden