The Cyberlaw Podcast

In our 242nd episode of The Cyberlaw Podcast, Stewart Baker interviews Michael Tiffany, co-founder and president of White Ops. They discuss the joint White Ops – Google white paper, “The Hunt for 3ve: Taking down a major ad fraud operation through industry collaboration.” Stewart and Michael are joined for the News Roundup by Maury Shenk, Dr. Megan Reiss (@MegReiss), and David Kris (@DavidKris) to discuss: Supreme Court mulls new damages doctrine for coopetitive markets.; Chinese students to be scrutinized for espionage risk before visas are issued.; Russian Federal Agency of News LLC – home of the trolling accountant – files trolling lawsuit against Facebook for allegedly “censoring” it as fake news.; Russia has opened a civil case against Google for failing to comply with legal requirements to censor search results – and soon may assess fines.; New Russian privacy legislation aimed at Bellingcat confirms Baker’s view that privacy law mostly just protects the powerful.; The Department of Justice has charged two Iranians with installing ransomware in the US, and Treasury has sanctioned the hackers’ Bitcoin addresses.; Police arrested a man who was passed out while his Tesla drove in autopilot mode.; Social media faces a perplexing problem in France’s Yellow Vest protests. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 241st episode of The Cyberlaw Podcast, Stewart Baker is joined by special guest commentator Professor Adam Candeub of Michigan State University. They are joined by Paul Rosenzweig (@RosenzweigP), Jamil Jaffer (@jamil_n_jaffer), Gus Hurwitz (@GusHurwitz), and Nick Weaver (@NCWeaver) to discuss: A new Baker’s Law: “You’ll never know how evil a technology can be until the engineers deploying it fear for their jobs.”; Is Facebook’s Supreme Court of Content a good idea?; Commerce has begun identifying “emerging” technologies to be restricted for export.; The Bears are back: Cozy Bear and Fancy Bear have some new tricks.; Airbnb has its own foreign policy.; The highly suspicious UK Parliamentary end run on a US judicial confidentiality decree.; China’s social credit AI had a hilarious fail.; Acqui-hacks? JavaScript crypto stealers? The perils of open source development.; The United States-Mexico-Canada Agreement may have some implications for media discrimination.The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 240th episode of The Cyberlaw Podcast, Stewart Baker interviews Mieke Eoyang, Vice President for the National Security Program at Third Way and co-author of the new report, “To Catch a Hacker: Toward a Comprehensive Strategy to Identify, Pursue, and Punish Malicious Cyber Actors.” Stewart and Mieke are joined for the News Roundup by Maury Shenk, Dr. Megan Reiss (@megreiss), and Matthew Heiman to discuss: Russia is helping to shape sovereign immunity and hacking law in the DNC hacking lawsuit.; That’s one way to get Julian Assange out of the “intolerable” conditions of the Ecuadorian embassy in Britain.; Judge rules Amazon must make available Echo recordings in a double murder case.; 50+ states and corporations have signed onto an agreement on a cyber pact – China, Russia, Iran, Israel, and the US are not among them. Also, the US and Russia are jockeying to influence the international conversation on cyber norms.; Soft power: Chinese-style social credit is coming to a Venezuela near you.; Sweet justice: California SWATter has pleaded guilty and now faces 20+ years in prison.; The National Protection and Programs Directorate of DHS is finally renamed the Cybersecurity and Infrastructure Security Agency. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 239th episode of The Cyberlaw Podcast, Stewart Baker moderates an ABA panel on CFIUS law and policy. Stewart is joined for the News Roundup by Dr. Megan Reiss (@megreiss), David Kris (@davidkris), and Nate Jones (@n8jones81) to discuss: Cyberlaw Podcast victory lap: Bold prediction of no successful election hacking looks good despite claims from the Internet Research Agency in a new meta-trolling propaganda campaign.; Challenges to FISA are on the rise as it starts playing a role in more criminal cases.; China develops and deploys gait recognition software to supplement face recognition, taking what looks like a global lead in the technology.; China is reportedly exporting its cyber surveillance activities to Africa.; Aussies accuse Chinese People’s Liberation Army of sending its scientists to the West to study cutting-edge defense technology.; Silicon Valley vs. conservatives: Facebook and broadcast media refuse to run a Trump campaign ad.; Gab is back, by the skin of its teeth.; The left comes for LinkedIn posts.; Suppressing speech is harder than Silicon Valley thought.; Iran continues to accuse Israel of perpetrating its most recent Stuxnet-like incident.; Dutch police managed to decrypt 258,000 messages in the IronChat app.; Pakistan says “almost all” its banks have been hacked – with data stolen. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 238th episode of The Cyberlaw Podcast, Stewart Baker moderates a panel during Homeland Security Week. Stewart is joined for the News Roundup by Matthew Heiman, David Kris (@davidkris), and Nick Weaver (@ncweaver) to discuss: China hijacked the Border Gateway Protocol; The Supreme Court is skeptical of Google’s cy pres settlement that treated 129 million class members like bystanders; Failures in CIA communications severely affected human intelligence operations; The anti-Semitic ramblings of the Pittsburgh terrorist have renewed interest in updating Section 230 of the Communications Decency Act; A Florida Appeals Court quashed the “foregone conclusion” doctrine for compelled passcode disclosure; New Department of Justice indictments of Chinese intelligence officers, persons, and businesses; Will the 2018 elections be disrupted by information operations? The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 237th episode of The Cyberlaw Podcast, Stewart Baker interviews Dr. Dipayan Ghosh (@ghoshd7) of Harvard’s Shorenstein Center and co-author of “Digital Deceit II: A Policy Agenda to Fight Disinformation on the Internet.” Stewart is also joined by Nate Jones (@n8jones81) and David Kris (@davidkris) to discuss: Another indictment of a Russian – complete with a trolling video; China Telecom hijacked the Border Gateway Protocol (BGP); President Trump’s phones have been tapped?; Tim Cook, privacy, and the EU; FireEye has uncovered the provenance of TRITON; Yahoo has reached a settlement in its breach class action – to the tune of ~25 cents per account; Facebook got hit with a fine by the UK Information Commissioner’s Office for the Cambridge Analytica debacle; The Brits and Brussels are getting along – can they clear up the Belgacom/Proximus misunderstanding?; What goes around comes around for the Uber “bounty” hackers. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 236th episode of The Cyberlaw Podcast, Stewart Baker interviews Christopher Krebs (@nppd_krebs), Under Secretary for the National Protection and Programs Directorate – and soon to be Director of the Cybersecurity and Infrastructure Security Agency – at the Department of Homeland Security. Stewart is also joined by Maury Shenk and Jamil Jaffer (@jamil_n_jaffer) to discuss: The Khashoggi killing compromises Saudi Twitter manipulation effort; The Intercept sends another source to jail, despite considerable effort spent on tradecraft; The effects of the EU’s attack on Google Android; The Securities and Exchange Commission flags email fraud costing nine firms $100 million and hints at enforcement in the future; China’s tech startup boom is attracting US venture capital (VC) money just as the flood of Chinese VC money into the US starts looking iffy; The ABA finds ethical mandate for breach disclosure to clients, and more; Do names on doorbells violate GDPR? Vienna: yes; Berlin: no; Equifax insider trading by data breach engineer leads to eight months of home confinement – and a $50,000 fine. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 235th episode of The Cyberlaw Podcast, Stewart Baker interviews Doug, the chief legal officer of the UK’s Government Communications Headquarters (GCHQ). Stewart is also joined by Nick Weaver (@ncweaver) and Matthew Heiman to discuss: The Supermicro story that refuses to die; The Committee on Foreign Investment in the United States (CFIUS) is running a pilot program for Chinese acquisitions in 27 critical industries; The Department of Justice has an answer to those who say indictments of government officials are a sign of weakness; Google’s recent military contract announcement; Google’s massive EU fine; The Department of Defense’s weapons cybersecurity measures are questioned by the Government Accountability Office; The White House has concerns over the defense industrial base; Vietnam will force local data storage to Silicon Valley’s dismay. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 234th episode of The Cyberlaw Podcast, Stewart Baker is joined by Gus Hurwitz (@GusHurwitz) and Dr. Megan Reiss (@MegReiss) to discuss: Is the Supermicro story true? Can either side be believed?; The FAA bill gives the government authority to down drones; US judge slams ZTE for violating probation; US restarting talks on cyber norms with a more select audience; State net neutrality law faces lawsuit – is there a possibility California won’t lose?; Will the charges never end? US indicts GRU (Russian intelligence) for hacking the doping authorities; Speaking of GRU, Bellingcat has outed the other nerve agent operative; California says bots have to disclose their botitude; Wiretap assistance order reportedly rejected by court in US suit against Facebook; North Korea is getting rich by robbing (mostly non-US) banks; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 233rd episode of The Cyberlaw Podcast, Stewart Baker is joined by Evan Abrams and Nicholas Weaver (@ncweaver) to discuss: Uber to pay $148 million in 2016 data breach settlement; Bellingcat discovers the identity of Col. Chepiga in the Russian nerve agent attack; Silicon Valley and the Trump Administration are embracing privacy law; A former NSA developer is sentenced for bringing home highly classified tools and documents; The New York attorney general has issued a report on virtual markets and cryptocurrency; West Virginia wants to use blockchain for mobile voting; The GRU is taking the “P” in APT way too seriously; And more! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 232nd episode of The Cyberlaw Podcast, Stewart Baker interviews Peter W. Singer, strategist at New America, national security expert, and award-winning author. Stewart and Peter discuss his new book, co-authored with Emerson T. Brooking, LikeWar: The Weaponization of Social Media. They are joined by Maury Shenk, Dr. Megan Reiss (@MegReiss), and Nicholas Weaver (@ncweaver) to discuss: The White House and DOD cyber strategies have been released; Punching above their weight in cyberspace – Dutch intel catches Russian spies planning cyberattacks on Swiss institute investigating nerve agent attack in Britain; The downside of sanctions – China joins Russia in protesting sanctions on Russian companies over election; Is it reckless to speculate about the Massachusetts gas explosion being a possible cyberattack?; Amazon may be probed by the EU over their data practices?; Robert Zarate, a Steptoe alum, makes the honor roll of people who’ve pissed off the GRU; The Mirai botnet kids have been sentenced to help theFBI in its cyber investigations; Marco Rubio asks Apple about an app sending American user data to China. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 231st episode of The Cyberlaw Podcast, Stewart Baker interviews former Secretary of the Department of Homeland Security Michael Chertoff. Stewart and Secretary Chertoff discuss his new book Exploding Data: Reclaiming Our Cyber Security in the Digital Age. They are joined by Paul Rosenzweig (@RosenzweigP), Matthew Heiman, and Gus Hurwitz (@gushurwitz) to discuss: National Academy assesses what is needed to secure the vote; Those wacky Europeans are at it again: UK Government Communications Headquarters caught up in Snowden’s web; Europe could fine tech companies that don’t remove terrorist content in one hour; Sweeping copyright bill passed by the European Parliament; European Commission fights France in ECJ over right to be forgotten extraterritorial scope; Looking for social media bias: New frontiers in hate speech; Baker offers up his Facebook account in the name of science; And who knew the Weekly Standard was doing social media fact checks? Phony scandal of the week: IBM developed tech to search footage by skin color; California has passed a new IoT security bill, which awaits the governor’s signature.The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 230th episode of The Cyberlaw Podcast, Stewart Baker interviews internationally renowned technologist and security and privacy guru Bruce Schneier. Stewart and Bruce discuss his new book Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Stewart is also joined by Jamil Jaffer (@jamil_n_jaffer), David Kris (@DavidKris), and Nate Jones (@n8jones81) to discuss: NotPetya and Maersk; The North Korea indictment – and the payback; Intrusion Truth has worked to expose government APTs – and Crowdstrike has verified some of its disclosures; The Five Country Ministerial has issued a statement on encryption that seems to threaten action; The US has extradited a Russian hacker from Georgia. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 229th episode of The Cyberlaw Podcast, Alan Cohn, Maury Shenk, Charles Mills, Claire Blakey, and Evan Abrams take over the podcast.Charles Mills provides an overview of the recent New York federal court decision and Commodity Futures Trading Commission (CFTC) victory against Cabbage Tech, Corp. d/b/a Coin Drop Markets and Patrick K. McDonnell of Staten Island, New York, ordering McDonnell to pay over $1.1 million in civil monetary penalties and restitution in connection with a lawsuit brought by the CFTC alleging fraud in connection with virtual currencies, including Bitcoin and Litecoin. In addition, Charles presents a more general overview of CFTC regulations.; Claire Blakey discusses the US Securities and Exchange Commission’s (SEC) August 23, 2018 announcement to reconsider a recent decision to reject nine Bitcoin-based exchange traded funds. Earlier this month, SEC staff delayed a decision on the SolidX proposal, stating it needs more time to consider the proposal – the deadline for this decision is Sept. 30.; Evan Abrams highlights the four takeaways from the Department of Treasury’s Financial Enforcement Network (FinCEN) director’s speech on cryptocurrency. On August 9, 2018, FinCEN Director Kenneth Blanco delivered a speech on the agency’s approach to cryptocurrency. In addition, Evan discusses the Office of the Comptroller of the Currency’s proposed charter for online lenders and other FinTech companies in the coming months.; Maury Shenk covers the recent reports about the EU finance ministers’ plan to discuss the possibility of cryptocurrency regulation at a meeting in early September. In addition, Maury discusses the European Blockchain Partnership.;Sarah Compani, Legal Counsel at Bitfinex, discusses the best security practices for users of exchanges, focusing on security settings that users can customize, such as 2FA. More generally, Sarah provides insight into the industry and the potential role of exchanges in the future. Download the 229th Episode (mp3). As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm

In this bonus episode of The Cyberlaw Podcast, Stewart Baker revisits his May 2015 interview with Bruce Schneier. Stewart and Bruce discuss hacking back, government surveillance, and Edward Snowden, among other things. The Cyberlaw Podcast will return from hiatus with another edition of Blockchain Takes Over the Cyberlaw Podcast on September 4. Stewart will return the following week with a new interview with Bruce Schneier. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.