The Cyberlaw Podcast

In this episode, Jamil Jaffer, Bruce Schneier, and I mull over the Treasury announcement that really raises the stakes even higher for ransomware victim.  The message from Treasury seems to be that if the ransomware gang is the subject of OFAC sanctions, as many are, the victim needs to call Treasury and ask for a license to pay – a request that starts with a “presumption of denial.” Someone has been launching a series of coordinated attacks designed to disrupt Trickbot Bruce explains.; CFIUS is baring its teeth on more than one front. First comes news that a newly resourced CFIUS staff has begun retroactively scrutinizing past Chinese tech investments. This is the first widespread reconsideration of investments that escaped notice when they were first made, and it could turn ugly. Next comes evidence that the TikTok talks with CFIUS could be getting ugly themselves, as Nate Jones tells us that Treasury Secretary Mnuchin has laid down the elements the US must have if TikTok is to escape a shutdown. None of us think this ends well for TikTok, as China and the US try to prove how tough they are by asking for mutually exclusive structures.; The US government is giving US companies some free advice about how to keep sending their data to the US despite the European Court of Justice decision in Schrems II: First-time participant Charles Helleputte offers a European counterpoint to my perspective, but we both agree that there’s a lot of value in the US white paper. If nothing else, it offers a defensible basis for most companies to conclude that they can use the standard contractual clauses to send data to the US notwithstanding the court’s egregiously anti-American opinion. The court may not agree with the white paper, but the reasoning could buy everyone another three years and might be the basis of yet another US-EU agreement.; The UK seems to be preparing to take Bruce’s advice on regulating IOT security plan, but he thinks that banning easy default passwords is just table stakes.; Bruce and I once again review the bidding on voting by phone, and once again we agree: No. Just No.; Nate questions the press stories (and FBI director testimony) claiming that the FBI is pivoting to a new strategy for punishing hackers by sending Cyber Command after them. He thinks it’s less a pivot and more good interagency citizenship, which I suspect is still a change of pace for the Bureau.; Bruce and I explore the possibility of attributing exploits to individuals based on their coding style. You might say that their quirks leave fingerprints for the authorities, except that at least one hapless hacker has one-upped them by leaving his actual fingerprints behind in an effort to get himself approved in a biometric authentication system.; And in updates, we note that Microsoft has a new and unsurprising annual report on cyberattacks it has seen; the Senate will be subpoenaing the CEOs of Big Social to talk section 230 in an upcoming hearing; and the House intel committee has a bunch of suggestions for improving the performance of the intelligence community against evolving Chinese threats.; And more!

Our news roundup is dominated by the seemingly endless ways that the US and China can find to quarrel over tech policy. The Commerce Department's plan to use an executive order to cut TikTok and WeChat out of the US market have now been enjoined. But the $50 Nick Weaver bet me that TikTok could tie its forced sale up until January is still at risk, because the administration has a double-barreled threat to use against that company – not just the executive order but also CFIUS – and the injunction so far only applies to the first. I predict that President Xi is likely to veto any deal that appeals to President Trump, just to show the power of his regime to interfere with US plans. That could spell the end of TikTok, at least in the US. Meanwhile, Dave Aitel points out, a similar but even more costly fate could await much of the electronic gaming industry, where WeChat parent TenCent is a dominant player.; And just to show that the US is willing to do to US tech companies what it's doing to Chinese tech companies, leaks point to the imminent filing of at least one and perhaps two antitrust lawsuits against Google. Maury Shenk leads us through the law and policy options.; The panelists dismiss as PR hype the claim that it was a threat of "material support" liability that caused Zoom to drop support for a PFLP hijacker's speech to American university students. Instead, it looks like garden variety content moderation aimed this time at a favorite of the far left.; Dave explains the good and the bad of the CISA order requiring agencies to quickly patch the critical Netlogon bug.; Maury and I debate whether Vladimir Putin is being serious or mocking when he proposes an election hacking ceasefire and a "reset" in the cyber relationship. We conclude that there's some serious mocking in the proposal.; Dave and I also marvel at how Elon Musk, for all his iconoclasm, sure has managed to cozy up to both President Xi and President Trump, make a lot of money in both countries, and take surprisingly little flak for doing so. The story that spurs this meditation is the news that Tesla is so dependent on Chinese chips for its autonomous driving engine that it’s suing the US to end the tariffs on its supply chain.; In quick hits and updates, we note a potentially big story: The Trump administration has slapped new restrictions on exports to Semiconductor Manufacturing International Corporation, China's most advanced maker of computer chips.; The press that lovingly detailed the allegations in the Steele dossier about President Trump's ties to Moscow hasn't been quite so loving in their coverage of the dossier's astounding fall from grace. The coup de grace came last week when it was revealed that the main source for the juiciest bits was flagged by the FBI as a likely Russian foreign agent; he escaped a FISA order only because he left the country for a while in 2010.; The FISA court has issued an opinion on what constitutes a "facility" that can be tapped with a FISA order. It rejected the advice of Cyberlaw Podcast regular David Kris in an opinion that includes all the court's legal reasoning but remains impenetrable because the facts are all classified. Maury and I come up with a plausible explanation of what was at stake.; The Trump administration has proposed section 230 reform legislation similar to the white paper we covered a couple of months ago. The proposal so completely occupies the reasonable middle of the content moderation debate that a Biden administration may not be able to come up with its own reforms without sounding fatally similar to President Trump.; And in yet more China news, Maury and Dave explore the meaning of Nvidia's bid for ARM and Maury expresses no surprise at all that WeWork is selling off a big chunk of its Chinese operations.; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets. 

John Yoo, Mark MacCarthy, and I kick off episode 329 of the Cyberlaw Podcast diving deep into what I call the cyberspace equivalent of a dumpster fire. There is probably a pretty good national security case for banning TikTok. In fact, China did a lot better than the Trump administration when it declared, "You know that algorithm that tells all your kids what to watch all day? That's actually a secret national security asset of the People's Republic." But the administration’s process for addressing the national security issue was unable to keep up with President Trump’s eagerness to announce some kind of deal. The haphazard and easily stereotyped process probably also contributed to the casual decision of a magistrate in San Francisco to brush aside US national security interests in the WeChat case, postponing the order on dubious first amendment grounds that John Yoo rightly takes to task.; Megan Stifel tells us that the bill for decoupling from China is going to be high – up to $50 billion if you listen to the Semiconductor Industry Association.; Speaking of big industry embracing big government, Pete Jeydel explains IBM's slightly jarring suggestion that the government should slap export controls on a kind of face recognition technology that Big Blue doesn't sell any more. Actually, when you put it like that, it kind of explains itself.; Megan tells us that the House has passed a bill on the security of IOT devices. The bill, which has also moved pretty far in the Senate, is pretty modest, setting only standards for what the federal government will buy, but Megan has hopes that it will prove to be the start of a broader movement to address IOT security.; I reprise three of the latest demonstrations of just how much Silicon Valley hates conservatives and how far it will go to suppress their speech. My favorite is Facebook deciding that a political ad that criticizes transwomen competing in women's sports must be taken down because it lacks context. Unlike every other political ad since the beginning of time. Although Twitter's double standard for a "manipulated media" label is pretty rich too: Turns out that splicing Trump's remarks to make him say what the Biden camp is sure he meant is fair comment, but splicing a Biden interview so he says what the Trump camp is sure he meant is Evil Incarnate.; Finally, Megan rounds out the week with a host of hacker news. The North Koreans are in bed with Russian cybercrime gangs. (I can't help wondering who wakes up with fleas.) The Iranians are stealing 2FA codes and some of them were indicted, though not apparently for the 2FA exploit. And a long-running Chinese cybergang is indicted too. Not that that will actually stop them, but it could be hard on their Malaysian accomplices, who are in jail, contemplating the value of government top cover.; Our interview this week is with Michael Brown, a remarkably influential defense technologist. He's been CEO of Symantec, cowrote the report that led to passage of FIRRMA and the transformation of CFIUS, and now runs the Defense Innovation Unit in Silicon Valley. He explains what DIU does and some of the technological successes it has already made possible.; And more! Oh, and we have new theme music, courtesy of Ken Weissman of Weissman Sound Design. Hope you like it!

In our 328th episode of the Cyberlaw Podcast, Stewart is joined by Bruce Schneier (@schneierblog), Sultan Meghji (@sultanmeghji), and Nate Jones (@n8jones81). The Belfer Center has produced a distinctly idiosyncratic report ranking the world’s cyber powers – a kind of Jane’s Fighting Nerds report. Bruce Schneier and I puzzle over its oddities, but at least the authors provided the underlying assessments to led them to rank the Netherlands No. 5, and Israel nowhere in the top ten. The US is number one, but that’s partly due to the Center’s insistence that we’re a norms superpower. In my book, that would require a 20% discount off our offensive capabilities ranking. Don’t agree? Download the report and pick your own fight!

In our 327th episode of the Cyberlaw Podcast, Stewart is joined by Nick Weaver (@ncweaver), David Kris (@DavidKris), and Dave Aitel (@daveaitel). We are back from hiatus, with a one-hour news roundup to cover the big stories of the last month. Pride of place goes to the WeChat/Tiktok mess, which just gets messier as the deadline for action draws near. TikTok is getting all the attention but WeChat is by far the thorniest policy and technical problem. I predict delays as Commerce wrestles with them. Nick Weaver predicts that TikTok’s lawsuit will push resolution of its situation into January. I’ve got fifty bucks that says it won’t. Lawfare wins either way. The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 326th episode of the Cyberlaw Podcast, Stewart Baker interviews Lauren Willard, who serves as Counselor to the Attorney General. Stewart is also joined Nick Weaver (@ncweaver), David Kris (@DavidKris), and Paul Rosenzweig (@RosenzweigP). Our interview this week focuses on section 230 of the Communications Decency Act and features Lauren Willard, counsel to the Attorney General and a moving force behind the well-received Justice Department report on section 230 reform. Among the surprises: Just how strong the case is for FCC rulemaking jurisdiction over section 230.; In the news, David Kris and Paul Rosenzweig talk through the fallout from Schrems II, the Court of Justice decision that may yet cut off all data flows across the Atlantic.; Paul and I speculate on the new election interference threat being raised by House Democrats. We also pause to praise the Masterpiece Theatre of intelligence reports on Russian cyber-attacks.; Nick Weaver draws our attention to a remarkable lawsuit against Apple. Actually, it’s not the lawsuit, it’s the conduct by Apple that is remarkable, and not in a good way. Apple gift cards are being used to cash out scams that defraud consumers in the US, and Apple’s position is that, gee, it sucks to be a scam victim but that’s not Apple’s problem, even though Apple is in the position to stop these scams and actually keeps 30% of the proceeds. I point out the Western Union – on better facts than that – ended up paying hundreds of millions of dollars in an FTC enforcement action - and still facing harsh criminal sanctions.; Paul and David talk us through the 2021 National Defense Authorization Act, which is shaping up to make a lot of cybersecurity law, particularly law recommended by the Cyber Solarium Commission. On one of its recommendations – legislatively creating a White House cyber coordinator – we all end up lukewarm at best.; David analyzes the latest criminal indictment of Chinese hackers, and I try to popularize the concept of crony cyberespionage.; Paul does a post-mortem on the Twitter hack. And speaking only for myself, I can’t wait for Twitter to start charging for subscriptions to the service, for reasons you can probably guess.; David digs into the story that gives this episode its title – an academic study claiming that face recognition systems can be subverted by poisoning the training data with undetectable bits of cloaking data that wreck the AI model behind the system. How long, I wonder, before Facebook and Instagram start a “poisoned for your protection” service on their platforms?; In quick takes, I ask Nick to comment on the claim that US researchers will soon be building an “unhackable” quantum Internet. Remarkably his response is both pithy and printable.; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 325th episode of the Cyberlaw Podcast, Stewart Baker interviews Darrell West, political commentator and author of Turning Point – Policymaking in the Era of Artificial Intelligence. Stewart is also joined Sultan Meghji (@sultanmeghji), Paul Hughes, Nate Jones (@n8jones81), Mark MacCarthy (@Mark_MacCarthy) to discuss: The big news of the week was the breathtakingly arrogant decision of the European Court of Justice, announcing that it would declare how governments could use personal data in fighting crime and terrorism.; Even more gobsmacking, the court decided that it was imposing those rules on every government on the planet – except the members of the European Union, who are beyond its reach. Oh, and by the way the court blew up the Privacy Shield, exposing every transatlantic business to massive liability, and put the EU on a collision course with China about how China organizes its most sensitive domestic security operations. This won't end well. Paul Hughes helps me make sense of the ruling.; Iranian cyberspies make pretty good training videos, Sultan Meghji tells us, but they're not taking any bows after leaving the videos exposed online.; If you thought Twitter's content resembled middle school, wait until you see their security measures in action.  Nate Jones has the details, but my takeaway is that middle school science projects are usually handled more responsibly than Twitter's "god mode" dashboard.; BIPA, the Illinois biometric privacy act, has inspired lawsuits against users of a database assembled to reduce AI bias. Mark MacCarthy explains that the law prohibits use of biometrics (like your face) without consent. I observe that this makes BIPA the COVID-19 of privacy law. Anyone who touches this database is infected with liability, at least if the plaintiff’s surprisingly plausible theory holds up.; Sultan reminds us that the PRC has now been caught twice requiring companies in China to use tax software with built-in malware. You know what they say: "Once is happenstance. Twice is coincidence. Three times is enemy action." I don't think we'll wait long for number three.; Nate gives us a former government lawyer's take on the CIA's new authority to conduct cyber covert action. Ordinarily he'd be skeptical of keeping those decisions away from the White House, but in this case, he'll make an exception. My take: If unshackling the CIA has produced the APT34 and FSB hacks and data dumps, what's not to like?; In short takes, I mock the Justice Department spokesperson who claimed that Ghislaine Maxwell was engaged in "a misguided effort to evade detection" when she wrapped her cellphone in tin foil.; And Mark and I cross swords over Reddit's capture by the Intolerant Left. You make the call: When Reddit declares that exposing fake hate crimes as hoaxes is a form of hate speech, is that anecdotal evidence of left-wing bias or stone cold evidence of a mindset that refuses to be disturbed by facts that deviate from today's Left Narrative?; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 324th episode of the Cyberlaw Podcast, Stewart Baker interviews Bruce Schneier, internationally recognized security technologist, lecturer, and author, including the works Click Here to Kill Everybody. Stewart is also joined by Megan Stifel (@MeganStifel), Nate Jones (@n8jones81), and David Kris (@DavidKris). Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain. His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new liabilities, but we conclude that it's doable. In fact, the real question is who'll get there first, a combination of DHS's CISA and the FTC or the California Secretary of State. We also discuss: How it must feel to TikTok as though the shot clock is winding down. Administration initiatives that could hurt or kill its US business are proliferating. Nate Jones, Megan Stifel, and I explore the government’s options. The most surprising, and devastating, of them is a simple ban on Tik Tok as a threat to national security or the security of Americans. That’s the standard under Executive Order 13873, a brand-new (the regs aren’t yet final) implementation of the well-tested tools under IEEPA. A straightforward application of IEEPA remedies would cut TikTok off from the US market, I argue.; Meanwhile, another little-advertised but equally sweeping rule for government contractors is on its way to implementation. It will deny federal contracts, not just to certain Chinese products but to contractors who themselves use those products.; Not to be outdone by the contracting officers, the Federal Trade Commission and Justice Department are attacking TikTok from a different direction – investigating claims that the company failed to live up to last year’s consent decree on the privacy of children using the app.; And, on top of everything, private sector CISOs are drawing a bead on the app, as Wells Fargo and (briefly) Amazon tell their employees to take the app off their work phones.; It’s no surprise in the face of these developments that TikTok is working overtime to decouple itself in the public’s mind from China, including going so far as to join the rest of Silicon Valley in signaling discomfort with Hong Kong’s new security rules (and ruler). Megan and I question whether this strategy will succeed.; If Chief Justice Roberts were running for office, he couldn’t have produced a better result than the Court’s latest tech decision – upholding most of a law that makes robocalls illegal while striking down the one part of the law that authorizes robocalls – for collection of government debt. David Kris explains.; Nate unpacks a new Florida DBA privacy law prohibiting life, disability and long-term care insurance companies from using genetic tests for coverage purposes. I express skepticism.; Nate also explains the mysteriously quiet launch of the UK-US Bilateral Data Access Agreement. Four years in the making, and neither side wanted to announce that it was in effect – what’s with that, I wonder?; FBI Director Wray gives a compelling speech on the counterintelligence and economic espionage threat from China.; He says the bureau opens a new such case every ten hours. And right on schedule come charges against a professor charged with taking $4M in US grant money to conduct research -- for China.; David and I puzzle over the surprisingly lenient sentence handed to a former Yahoo engineer for hacking the personal accounts of more than 6,000 Yahoo Mail users to search to collect sexually explicit images and videos.; I out Reddit as a particularly fanatical convert to SJW orthodoxy in speech suppression, as the service apparently tells its moderators that it’s hate speech to post stories or video showing a person of color as the aggressor in a confrontation.; And Nate closes us out with a bottomless feature on all the problems faced by technological contact tracing.; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 323rd episode of the Cyberlaw Podcast, Stewart Baker is joined by Dave Aitel (@daveaitel), Mark MacCarthy (@Mark_MacCarthy), and Nick Weaver (@ncweaver) to discuss: French and Dutch investigators pulled off the coup of the year this April; The EARN IT Act went from Washington-controversial to Washington consensus in the usual way; The bad week TikTok had in its second biggest market. How it was banned in India and its days may be numbered elsewhere; Claims that being labeled a “hate speech” platform won’t just get you boycotted in Silicon Valley but by the credit card associations as well; Trump is deplatformed by Twitch this week and Reddit dumped his enormous subreddit for failure to observe its censorship rules; A questionable Trump administration effort to redirect $10 million in “freedom tool” funding from cryptolibertarians to Falun Gong coders; The latest man in the middle attack that requires the phone user to do nothing but visit a website; The strikingly sophisticated and massive international surveillance system now aimed by China at Uighers all around the world; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 322nd episode of the Cyberlaw Podcast, Stewart Baker interviews Chris Krebs, the first and current Director of DHS’ new Cybersecurity and Infrastructure Security Agency. Stewart is also joined by Maury Shenk, James Carafano (@JJCarafano), and Nick Weaver (@ncweaver) to discuss: Facebook Loses Antitrust Decision in Germany Over Data Collection; Bill Barr gets the encryption bill Justice has been seeking for 15 years; Chinese bank requires foreign firm to install tax app with covert backdoor; Assange prosecution update; Demonizers of face recognition find their poster case; Facebook advertiser boycott gains adherents; Wobbling, Zuckerberg promises to better enforce The Narrative; The US Department of Homeland Security sent a letter to chief executives of five large tech companies asking them to ensure social media platforms are not used to incite violence in the wake of nationwide protests following George Floyd's death; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 321st episode of the Cyberlaw Podcast, Stewart Baker is joined by Gus Hurwitz (@GusHurwitz), Nate Jones (@n8jones81), and Nick Weaver (@ncweaver) to discuss: Section 230 gets serious proposals from DOJ and Sen. Josh Hawley; The National Security Agency has launched a pilot program on securing Domain Name System use for US defense contractors; EU discovers there’s law in cyberlaw; Hackers posed as recruiters on LinkedIn to break into the networks of at least two defense and aerospace firms; Former eBay Execs Allegedly Made Life Hell for Critics; EBay’s former CEO denies any link to the cyberstalking of a blogger. But he did want to create a competitor to challenge her. Relevant law is kinda broad, no?; And more!

In our 320th episode of the Cyberlaw Podcast, Stewart Baker interviews Reuters cybersecurity reporter Chris Bing and Citizen Lab Senior Researcher John Scott-Railton. Stewart is also joined by David Kris (@DavidKris), Nate Jones (@n8jones81), and Nick Weaver (@ncweaver) to discuss: How long before this shows up in NSO’s briefs? Facebook Helped the FBI Exploit Vulnerability in a Secure Linux Distro for Child Predator Sting; Battling anti-encryption drive, tech companies pledge new child abuse disclosures; Zoom bombs: China’s complaint terminates Tiananmen Square commemorative Zoom sessions and (briefly) organizers’ accounts.; This week in content moderation: Sen. Josh Hawley drafting legislation derived from Trump EO.; Republican senators push FCC to act on Trump social media order.; EU cloud independence project, powered by … Microsoft? France and Germany launch GAIA-X EU cloud independence project.; To monopolize the supply chain early? Why spies are targeting vaccine research.; ARM wrestling: UK chip designer ARM fights its JV “partner” for control of its Chinese joint venture.; Universal Plug n Pwn: Millions of routers, printers, and other devices can be remotely commandeered by a new attack that exploits a security flaw in the Universal Plug and Play network protocol, a researcher said.; Updates to past stories: Israel Halts Controversial Coronavirus Surveillance. Sorta.; Internet hippie falls asleep at Woodstock, wakes up at Altamont: The Internet Archive is ending its program of offering free, unrestricted copies of e-books; A thousand talents, but honesty was not one. Harvard University Professor indicted on False Statement Charges.; Clearing the field for Clearview AI – three big face recognition projects flinch in face of demonization: Microsoft face recognition denied to police.; IBM’s too.; And Amazon’s as well.; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 319th episode of the Cyberlaw Podcast, Stewart Baker interviews Georgetown academic Ben Buchanan, whose recent writings include The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics, and A National Security Research Agenda for Cybersecurity and Artificial Intelligence. Stewart is also joined by Paul Rosenzweig (@RosenzweigP), Mark MacCarthy (@Mark_MacCarthy), Charles Michael, and Maury Shenk to discuss: Zoom plans to enable end-to-end encrypted video conferencing solely for paying customers, Alex Stamos comments; Judge rules Capital One must hand over Mandiant's forensic data breach report; Christopher Krebs, the director of DHS’s cybersecurity agency says to expect 'every intelligence service' to target COVID-19 research, GCHQ agrees; This Week in internet copyright fights: Ideological copyright enforcement meets world’s dumbest AI copyright bots: Twitter removed a Trump campaign video tribute to George Floyd due to a copyright claim. The video is still available on Trump’s YouTube channel; Instagram does not provide users of its embedding API a copyright license to display embedded images on other websites, the company said in a Thursday email to Ars Technica. The announcement could come as an unwelcome surprise to users who believed that embedding images, rather than hosting them directly, provides insulation against copyright claims.; Four of the nation's leading book publishers have sued the Internet Archive, the online library best known for maintaining the Internet Wayback Machine. The Internet Archive makes scanned copies of books—both public domain and under copyright—available to the public on a site called the Open Library.; Content mediation: Center for Democracy and Technology filed a lawsuit claiming Trump violated tech companies’ right to free speech with his executive order.; Trump’s lawyers used Section 230 in 2017 to defend him against a defamation suit.; Working the ref: Facebook and its CEO, Mark Zuckerberg, are facing criticism from users, competitors, civil rights organizations.; About three dozen of the company's earliest employees today signed on to a letter to Zuckerberg calling his choice a "betrayal" of the site's early ideals.; Facebook to block ads from state-controlled media entities in the US; Snap will stop promoting Trump’s account after concluding his Tweets incited violence; Twitter user conducts experiment to show Trump is treated differently than others by the platform – he Tweets exactly what Trump Tweets and gets banned.; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 318th episode of the Cyberlaw Podcast, Stewart Baker interviews author and journalist Bart Gellman, who recently wrote Dark Mirror: Edward Snowden and the American Surveillance State. Stewart is also joined by Nate Jones (@n8jones81), Nick Weaver (@ncweaver), and Evelyn Douek (@evelyndouek) to discuss: Twitter fact checks Trump’s opinion about voter fraud and mail-in ballots, is rewarded with Executive Order targeting Section 230; FISA Follies, Part 673: A House-Senate conference where no one knows what the house they represent will actually vote for; NSA calls out Russian military hackers targeting mail relay software; The Rest of the Week in Content Moderation: YouTube says China-linked comment deletions weren’t caused by outside parties and Twitter, Facebook win appeal in anti-conservative bias suit; US charges North Korean officials with illegally transferring $2.5 billion; Legal privilege for forensics reports: Not so fast, says court; Tensions flare as US signals broader crackdown on Chinese telecoms; Related? US seizure of Chinese-built transformer raises specter of closer scrutiny; Feds arrest member of Fin7, group tied to a billion dollars worth of hacks; eBay port scans visitors' computers for remote access programs; Twitter, Reddit file amicus to challenge US rules forcing visa applicants to disclose their social media handles; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

In our 317th episode of The Cyberlaw Podcast, Stewart Baker interviews Mara Hvistendahl, investigative journalist at The Intercept and author of the new book, The Scientist and the Spy. Stewart is also joined by Matthew Heiman, Gus Hurwitz (@gushurwitz), and Nick Weaver (@ncweaver) to discuss: Apple is going after Corellium in a lawsuit.; NSO Group allegedly posed as Facebook to facilitate hacks.; A German court ruled that German intelligence can no longer freely spy on global Internet traffic.; The Copyright Office declared that the DMCA takedown system is broken.; YouTube censored an epidemiologist, Google suspended a popular podcast app for cataloging COVID-19 content, Google is tripped up by fraudulent DMCA takedown requests, and classical musicians are fighting the copyright bots.; Malwarebytes asked the Supreme Court to adopt a broad interpretation of Section 230.; The Supreme Court denied cert to a lawsuit against Facebook for hosting terrorists.; Israel is likely behind a disruptive attack against an Iranian port facility.; Malware authors can now hire their own pentesters.; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.