Bloomberg Businessweek’s claim that the Chinese buggered Supermicro motherboards leads off our News Roundup. The story is controversial not because it couldn’t happen and not because the Chinese wouldn’t do it but because the story has been denied by practically everyone close to the controversy, including DHS. Bloomberg Businessweek stands by the story. Maybe it’s time for the law, in the form of a libel action, to ride to the rescue.


Continue Reading

Patt Cannaday and Stewart Baker
Patt Cannaday and Stewart Baker

In this episode, Bobby Chesney explains the rapid emergence of undetectably forged videos. They’re not here yet, but before we’re ready the Internet will be awash with fake revenge porn, fake human rights atrocities, and fake political scandals. Our talk revolves around a recent paper by Bobby and Danielle Citron. I confess to having seriously considered federal support for a fake video involving Osama bin Laden and kumquats (not what you’re thinking, though that would have been good, too). Bobby and I discuss the ways in which the body politic – and particular political bodies – might protect themselves. This leads Bobby to propose a special Cyberlaw Podcast mug for best listener suggestions for what tattoo – and where – I should get as my last line of defense. He’s on. Send them to CyberlawPodcast@steptoe.com.


Continue Reading

General Michael Hayden and Stewart Baker
General Michael Hayden and Stewart Baker

Our interview is with Gen. Michael Hayden, author of The Assault on Intelligence: American National Security in an Age of Lies. Gen. Hayden is a former head of the CIA and NSA, and a harsh critic of the Trump Administration. We don’t agree on some of his criticisms, but we have a productive talk about how intelligence should function in a time of polarization and foreign intervention in our national debates.


Continue Reading

I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand for the proposal. To no one’s surprise, Duncan and I disagree about the value of international law in the field, but we agree on the value of informal, agile, and “potluck” actions on the world stage. In support, I introduce Baker’s Law of International Institutions: “The secretariat always sees the United States as its natural enemy.”

At the end, Duncan mentions in passing his work with Microsoft on international rulemaking, and I throw down on “Brad Smith’s godforsaken proposal.” Brad, if you are willing to come on the podcast to defend that proposal, I’ve promised Duncan a highly coveted Cyberlaw Podcast mug.


Continue Reading

Episode 222: In which I get to play that guy in line for the movie with Woody Allen

Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up pretty well under my skeptical questioning.

In this week’s news, Congress and the Executive branch continue to fight over the bleeding body of ZTE, which has already lost nearly 40% of its market value. The Commerce Department has extracted a demanding compliance and penalty package from the Chinese telecom equipment manufacturer. The Senate, meanwhile, has amended the NDAA to overturn the package and re-impose what amounts to a death penalty (see section 1727). Brian Egan and I dig into the Senate’s language and conclude that it may do a lot less than the Senators think it does, and that may be the best news ZTE is going to get from Washington this year.

Judge Leon has approved the AT&T-Time Warner merger. Gus Hurwitz puts the ruling in context. His lesson: next time, the Justice Department needs better evidence.


Continue Reading

Episode 221: Daugherty’s Revenge

The 11th Circuit’s LabMD decision is a dish served cold for Michael Daugherty, the CEO of the defunct company. The decision overturns decades of FTC jurisdiction, acquired over the years by a kind of bureaucratic adverse possession. Thanks to the LabMD opinion, practically all the FTC’s privacy and security consent decrees are at risk of being at least partly unenforceable — and if the dictum holds, the FTC may have to show that everything it views as an “unfair” lack of security is actually a negligent security practice.


Continue Reading

This is the claim of former Pentagon analyst F. Michael Maloof that stories and podcasts are repeating but provide much new supporting evidence. Maloof’s own report is interesting and extensive, and it does indeed make the claim I’ve headlined:

The Chinese government has “pervasive access” to some 80 percent of the world’s communications, giving it

ZTE, the huge Chinese telecom equipment manufacturer, has found themselves in a kind of perfect storm. A storm largely of their own making.

First, ZTE and its larger Chinese rival, Huawei, have been the subjects of great national security concern for years.  As I discussed last month the US intelligence community is worried that, if

The House Intelligence Committee is conducting a remarkably detailed and bipartisan investigation (subscription required) of ties between two Chinese telecom equipment giants, Huawei and ZTE, and the Chinese government. Widespread security fears have been targeted at these companies over concerns that their equipment would enable Chinese interception of US telephone calls, expanding American cybervulnerabilities