The Cyberlaw Podcast

Gus Hurwitz brings us up to speed on tech bills in Congress. They are all dead, but some of them don’t know it yet. The big privacy bill, American Data Privacy and Protection Act, was killed by the left, but I argue that it’s the right that should be celebrating, since the bill would have imposed race and gender preferences all across the economy, and the GOP members who supported the measure in the House were likely sold a bill of goods by industry lobbyists. Read more: https://www.steptoecyberblog.com/2022/09/12/episode-421-congressional-session-of-the-living-dead/

This is our return-from-hiatus episode. Jordan Schneider kicks things off by recapping passage of a major U.S. semiconductor-building subsidy bill, while new contributor Brian Fleming talks with Nick Weaver about new regulatory investment restrictions and new export controls on (artificial Intelligence (AI) chips going to China. Jordan also covers a big corruption scandal arising from China’s big chip-building subsidy program, leading me to wonder when we’ll have our version. Brian and Nick cover the month’s biggest cryptocurrency policy story, the imposition of OFAC sanctions on Tornado Cash. They agree that, while the outer limits of sanctions aren’t entirely clear, they are likely to show that sometimes the U.S. Code actually does trump the digital version. Nick points listeners to his bracing essay, OFAC Around and Find Out. Paul Rosenzweig reprises his role as the voice of reason in the debate over location tracking and Dobbs. (Literally. Paul and I did an hour-long panel on the topic last week. It’s available here.) I reprise my role as Chief Privacy Skeptic, calling the Dobb/location fuss an overrated tempest in a teapot. Brian takes on one aspect of the Mudge whistleblower complaint about Twitter security: Twitter’s poor record at keeping foreign spies from infiltrating its workforce and getting unaudited access to its customer records. In a coincidence, he notes, a former Twitter employee was just convicted of “spying lite”, proves it’s as good at national security as it is at content moderation. Meanwhile, returning to U.S.-China economic relations, Jordan notes the survival of high-level government concerns about TikTok. I note that, since these concerns first surfaced in the Trump era, TikTok’s lobbying efforts have only grown more sophisticated. Speaking of which, Klon Kitchen has done a good job of highlighting DJI’s increasingly sophisticated lobbying in Washington D.C. The Cloudflare decision to deplatform Kiwi Farms kicks off a donnybrook, with Paul and Nick on one side and me on the other. It’s a classic Cyberlaw Podcast debate. In quick hits and updates: Nick and I cover the sad story of the Dad who photographed his baby’s private parts at a doctor’s request and, thanks to Google’s lack of human appellate review, lost his email, his phone number, and all of the accounts that used the phone for 2FA. Paul brings us up to speed on the U.S.-EU data fight: and teases tomorrow’s webinar on the topic. Nick explains the big changes likely to come to the porn world because of a lawsuit against Visa. And why Twitter narrowly averted its own child sex scandal. I note that Google’s bias against GOP fundraising emails has led to an unlikely result: less spam filtering for all such emails. And, after waiting too long, Brian Krebs retracts the post about a Ubiquity “breach” that led the company to sue him.

Just when you thought you had a month free of the Cyberlaw Podcast, it turns out that we are persisting, at least a little. This month we offer a bonus episode, in which Dave Aitel and I interview Michael Fischerkeller, one of three authors of "Cyber Persistence Theory: Redefining National Security in Cyberspace." The book is a detailed analysis of how cyberattacks and espionage work in the real world – and a sharp critique of military strategists who have substituted their models and theories for the reality of cyber conflict. We go deep on the authors’ view that conflict in the cyber realm is all about persistent contact and faits accomplis rather than compulsion and escalation risk. Dave pulls these threads with enthusiasm.I recommend the book and interview in part because of how closely the current thinking at United States Cyber Command is mirrored in both.

As Congress barrels toward an election that could see at least one house change hands, efforts to squeeze big bills into law are mounting. The one with the best chance (and better than I expected) would drop $52 billion in cash and a boatload of tax breaks on the semiconductor industry. Read more: https://www.steptoecyberblog.com/2022/07/25/episode-418-dusty-old-industrial-policy-gets-dusted-off/

Kicking off a packed episode, the Cyberlaw Podcast calls on Megan Stifel to cover the first Cyber Safety Review Board (CSRB) report. The CSRB does exactly what those of us who supported the idea hoped it would do – provide an authoritative view of how the Log4J incident unfolded along with some practical advice for cybersecurity executives and government officials. Read more here: https://www.steptoecyberblog.com/2022/07/19/episode-417-cybersecuritys-first-crash-report/

Dave Aitel introduces a deliciously shocking story about lawyers as victims and – maybe – co-conspirators in the hacking of adversaries' counsel to win legal disputes. The trick, it turns out, is figuring out how to benefit from hacked documents without actually dirtying one's hands with the hacking. And here too, a Shakespearean Henry (II this time) has the answer: hire a private investigator and ask "Will no one rid me of this meddlesome litigant?" Before you know it, there's a doxing site full of useful evidence on the internet. Read more: https://www.steptoecyberblog.com/2022/07/11/episode-416-the-first-thing-we-do-lets-hack-all-the-lawyers/

For decades, U.S. cyber exploits were notoriously lawyer-ridden, to the point where it was a key element of attribution. But it looks like Israel has matched and surpassed U.S. cyberwarriors. In an attack claimed by some "hacktivist" group but widely attributed to Israel, Nate Jones reports, several Iranian mills shut down in a flood of sparks and molten steel. Read more: https://www.steptoecyberblog.com/2022/07/05/episode-415-and-the-prize-for-most-lawyer-whipped-cyberforce-on-the-planet-goes-to/

It’s that time again on the Congressional calendar. All the big, bipartisan tech initiatives that looked so good a few months ago are beginning to compete for time on the floor like fat men desperate to get through a small door. And tech lobbyists are doing their best to handicap the bills they hate while advancing those they like. Read more: https://www.steptoecyberblog.com/2022/06/27/episode-414-a-small-door-and-too-many-fat-men-congresss-tech-agenda/

This episode of the Cyberlaw Podcast begins by digging into a bill more likely to transform tech regulation than most of the proposals you’ve actually heard of – a bipartisan effort to repeat U.S. Senator John Cornyn's bipartisan success in transforming the Committee on Foreign Investment in the United States (CFIUS) four years ago. Read more: https://www.steptoecyberblog.com/2022/06/21/episode-413-is-this-podcast-sentient/

This bonus episode of the Cyberlaw Podcast is an interview with Amy Gajda, author of “Seek and Hide: The Tangled History of the Right to Privacy.” Her book is an accessible history of the often obscure and sometimes “curlicued” interaction between the individual right to privacy and the public’s (or at least the press’s) right to know. Gajda, a former journalist, turns what could have been a dry exegesis on two centuries of legal precedent into a lively series of stories behind the case law. Read more:

This episode of the Cyberlaw Podcast is dominated by things that U.S. officials said in San Francisco last week at the Rivest-Shamir-Adleman (RSA) conference. We summarize what they said and offer our views of why they said it. Bobby Chesney, returning to the podcast after a long absence, helps us assess Russian warnings that the U.S. should expect a "military clash" if it conducts cyberattacks against Russian critical infrastructure. Read more: https://www.steptoecyberblog.com/2022/06/07/episode-410-game-play-trumps-chinese-national-security/

If you’ve been worrying about how a leaky U.S. government can possibly compete with China’s combination of economic might and autocratic government, this episode of the Cyberlaw Podcast has a few scraps of good news. The funniest, supplied by Dave Aitel, is the tale of the Chinese gamer who was so upset at the online performance of China’s tanks that he demanded an upgrade. When it didn’t happen, he bolstered his argument by leaking apparently classified details of Chinese tank performance. I suggest that U.S. intelligence should be subtly degrading the online game performance of other Chinese weapons systems we need more information about. Read more: https://www.steptoecyberblog.com/2022/06/07/episode-410-game-play-trumps-chinese-national-security/

At least that’s the lesson that Paul Rosenzweig and I distill from the recent 11th Circuit decision mostly striking down Florida’s law regulating social media platforms’ content “moderation” rules. We disagree flamboyantly on pretty much everything else – including whether the Court will intervene before judgment in a pending 5thCircuit case where the appeals court stayed a district court’s injunction and allowed Texas’s similar law to remain in effect. Read more: https://www.steptoecyberblog.com/2022/05/31/episode-409-silicon-valley-speech-suppression-is-going-to-the-supreme-court/

This week's Cyberlaw Podcast covers efforts to pull the Supreme Court into litigation over the Texas law treating social media platforms like common carriers and prohibiting them from discriminating based on viewpoint when they take posts down. I predict that the Court won't overturn the appellate decision staying an unpersuasive district court opinion. Mark MacCarthy and I both think that the transparency requirements in the Texas law are defensible, but Mark questions whether viewpoint neutrality is sufficiently precise for a law that trenches on the platforms' free speech rights. Read more: https://www.steptoecyberblog.com/2022/05/23/episode-408-but-was-the-sex-viewpoint-neutral/

Is the European Union (EU) about to rescue the FBI from Going Dark? Jamil Jaffer and Nate Jones tell us that a new directive aimed at preventing child sex abuse might just do the trick, a position backed by people who've been fighting the bureau on encryption for years. Read more: https://www.steptoecyberblog.com/2022/05/16/episode-407-an-end-to-end-to-end-encryption/