This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
In an earlier post I talked about how the Chinese government has used its “Great Firewall” censorship machinery on an expanded list of targets – from its own citizens to ordinary Americans who happen to visit internet sites in China. By intercepting the ad and analytics scripts that Americans downloaded from Chinese sites, the Chinese government was able to infect the Americans’ machines with malware. Then the government used that malware to create a “Great Cannon” that aimed a massive number of packets at the US company Github. The goal was to force the company to stop making news sites like the New York Times and Greatfire.org available to Chinese citizens. The Great Cannon violated a host of US criminal laws, from computer fraud to extortion. The victims included hundreds of thousands of Americans. And to judge from a persuasive Citizen Lab report, China’s responsibility was undeniable. Yet the US government has so far done nothing about it. US inaction is thus setting a new norm for cyberspace. In the future, it means that many more Americans can expect to be attacked in their homes and offices by foreign governments who don’t like their views. The US government should be... Continue reading
Posted Aug 19, 2015 at Skating on Stilts
Over the past few years, the US government has invested heavily in trying to create international norms for cyberspace. We’ve endlessly cajoled other nations to agree on broad principles about internet freedom and how the law of war applies to cyberconflicts. Progress has been slow, especially with countries that might actually face us in a cyberwar. But the bigger problem with the US effort is simple: Real international law is not made by talking. It’s made by doing. “If you want to know the law … you must look at it as a bad man,” Oliver Wendell Holmes Jr. once observed. A bad man only cares whether he’ll be punished or not. If you tell him that an act is immoral but won’t be punished, Holmes argued, you’re telling him that it’s lawful. When it comes to international law, Holmes nailed it. In dealings between nations, norms are established by what governments do. If countries punish a novel attack effectively, that builds an international norm against the attack. And if they tolerate the attack without retaliating, they are creating an international norm that permits it. By that measure, the United States has been establishing plenty of norms lately. After accusing... Continue reading
Posted Aug 16, 2015 at Skating on Stilts
In this bonus episode of the podcast, Dmitri Alperovitch, Harvey Rishikof, Stewart Baker, and Melanie Teplinsky debate whether the United States should start doing commercial espionage I know, I know, we promised that the Cyberlaw Podcast would go on hiatus for the month of August. But we also hinted that there might be a bonus episode. And here it is, a stimulating panel discussion sponsored by the Atlantic Council and moderated by Melanie Teplinsky. The topic is whether the United States should abandon its longstanding policy of refusing to steal the commercial secrets of foreigners to help American companies compete. The discussion is lively, with plenty of disagreements and an audience vote at the start and finish of the discussion to gauge how persuasive we were. Enjoy! The Cyberlaw Podcast is now open to feedback. Send your questions, suggestions for interview candidates, or topics to CyberlawPodcast@steptoe.com. If you’d like to leave a message by phone, contact us at +1 202 862 5785. Download the seventy-eighth episode (mp3). Subscribe to the Cyberlaw Podcast here. We are also now on iTunes and Pocket Casts! Continue reading
Posted Aug 13, 2015 at Skating on Stilts
Our guest for episode 77 is Bruce Andrews, the deputy secretary of the Commerce Department. Alan Cohn and I pepper Bruce with questions about export controls on cybersecurity technology, stopping commercial cyberespionage, the future of the NIST cybersecurity framework, and how we can get on future cybersecurity trade missions, among other things. In the news roundup, Alan and I puzzle over the administration’s reluctance to blame China for its hacks of US agencies. The furor over cybersecurity export controls continues unabated, with a couple of hundred hostile comments filed and Congress beginning to stir. Alan Cohn fills us in. The UK high court ruling on data retention makes history but maybe only the most evanescent of law. Alan and I discuss whether the ruling will resemble Marbury v. Madison in more ways than one. France finalizes expansion of surveillance. Bush administration figures come out against back doors. Cyberweek begins and, the cyber left hopes, ends without progress on CISA. This Week in Prurient Cybersecurity: The first Ashley Madison subscriber is outed. And he’s Canadian. Looks like the nights really are longer up there. Ottawa apparently leads the world in percentage of would-be adulterers, followed by Washington, DC. No further comment... Continue reading
Posted Jul 28, 2015 at Skating on Stilts
When industry opposes a new regulation, it can offer many arguments for its position. Here are three. Which one is real? “We share EPA's commitment to ending pollution,” said a group of utility executives. “But before the government makes us stop burning coal, it needs to put forward detailed plans for a power plant that is better for the environment and just as cheap as today's plants. We don't think it can be done, but we're happy to consider the government's design – if it can come up with one.” “We take no issue here with law enforcement’s desire to execute lawful surveillance orders when they meet the requirements of human rights and the rule of law,” said a group of private sector encryption experts, “Our strong recommendation is that anyone proposing regulations should first present concrete technical requirements, which industry, academics, and the public can analyze for technical weaknesses and for hidden costs.” “Building an airbag that doesn't explode on occasion is practically impossible,” declared a panel of safety researchers who work for industry. “We have no quarrel with the regulators' goal of 100% safety. But if the government thinks that goal is achievable, it needs to present a... Continue reading
Posted Jul 12, 2015 at Skating on Stilts
Our guest commentator for episode 74 is Catherine Lotrionte, a recognized expert on international cyberlaw and the associate director of the Institute for Law, Science and Global Security at Georgetown University. We dive deep on the United Nations Group of Government Experts, and the recent agreement of that group on a few basic norms for cyberspace. Predictably, I break out in hives at the third mention of “norms” and default to jokes about “Cheers.” In the news roundup, Michael Vatis and I sort through China’s ever-growing list of vague laws expressing determination to control technology for security purposes. Jason Weinstein explains the FTC’s settlement with the makers of a stealthy digital currency mining app. He and Michael also note the remarkably belated filing of a class action arising from the Anthem hack – and cast doubt on whether the class can be sustained. Speaking of class actions, the OPM hack has also led to litigation. All the Cyberlaw commentators are in the class, and none of us expect the litigation to succeed. And speaking of the FTC, it has released new security guidance, a kind of Restatement of FTC Security Law, explaining just how wisely the FTC settled its 50-plus... Continue reading
Posted Jul 10, 2015 at Skating on Stilts
Our guest for Episode 73 is Rob Knake, currently the Council on Foreign Relations Senior Fellow for Cyber Policy and formerly with DHS, the White House, and the Richard Clarke finishing school for cybersecurity policymakers. Rob and I are quickly embroiled in disagreement; as usual, I mock the cyberspace “norms” that Rob supports and disagree with his surprisingly common view that the US shouldn’t react strongly to Chinese hacking of the OPM database. But we come together to condemn the gobsmackingly limp US response to China’s attack on Github. In the news roundup, Alan Cohn and Jason Weinstein explain attribution problems in the Cardinals-Astros hacking case. Somehow the Broncos also figure in the discussion. Want to know why President Obama was foolish to promise he wouldn’t spy on the French President’s communications? The answer is supplied by WikiLeaks, which discloses that the last French President was caught trying to end run the United States on Palestinean issues. WikiLeaks of course thinks that shows American perfidy. Google, meanwhile, fought the good fight to overcome a gag order and disclose an investigation of WikiLeaks soulmate Jake Applebaum. Most interesting item in the 300 pages of documents released by the Justice Department? The... Continue reading
Posted Jun 30, 2015 at Skating on Stilts
James Baker, General Counsel of the FBI, is our guest on this week’s podcast. He fearlessly tackles the FBI’s aerial surveillance capabilities, stingrays, “Going Dark,” encryption, and the bureau’s sometimes controversial attribution of cyberattacks. But he prudently punts on the Hack of the Century, refusing to reveal details of the FBI investigation into the Houston Astros network intrusion. Alan Cohn leaps into the breach, starting with a reminder for me of which sport the Astros play. In the news roundup, Michael Vatis and I highlight growing threats to free speech, from France’s censorship of what Americans read, to the European Court of Human Rights’ claim to punish even forums for allowing speech it deems hateful. And in a move that would have tickled George Orwell’s funny bone, the Right to Be Forgotten returns to Russia, original home of the memory hole. I mock US CTO Tony Scott for descending to “privacy theater” in requiring SSL encryption for all government websites, even those that require none. Michael Vatis explains the court’s recent ruling in the Sony employees’ breach law suit, which will continue despite a lack of demonstrated injury to most individual employees. I express satisfaction that hacking back has taken... Continue reading
Posted Jun 23, 2015 at Skating on Stilts
Privacy advocates are embracing a recent report recommending that the government require bulk data retention by carriers and perhaps web service providers, exercise extraterritorial jurisdiction over data stored abroad, and expand reliance on classified judicial warrants. In what alternative universe is this true, you ask? No need to look far. That’s the state of the debate in our closest ally. The recommendations were given to the United Kingdom by an independent reviewer, David Anderson. He’s our guest for Episode 71 of the Cyberlaw Podcast, and he provides a refreshingly different perspective on surveillance policy, one that makes us realize that it’s US civil libertarians , not the US government, who are out of step with the world. In the news roundup, I bring Edward Snowden back for one last time – the fifteenth time I’ve done that, Michael Vatis points out. This time it’s a British government leak claiming that both Russia and China have decrypted the entire corpus of Snowden’s stolen files – including the enormous number of files that have nothing to do with surveillance and everything to do with military operations. The OPM hack has now reached Target status, Jason Weinstein argues. It’s not the first, it’s... Continue reading
Posted Jun 18, 2015 at Skating on Stilts
Our guest for Episode 70 of the Cyberlaw Podcast is Dan Kaminsky, a famous cybersecurity researcher who found and helped fix a DNS security flaw. Dan is now the Chief Scientist at WhiteOps, but I got to know him in an unlikely-bedfellows campaign against SOPA because of its impact on DNS security. Dan and I spend most of the podcast disagreeing, largely about trust, Snowden, and security, but we do explore in detail the fact that, contrary to the Received Canon of Silicon Valley, end-to-end encryption is broken to improve security thousands if not millions of times a day by responsible corporate CISOs. Dan also describes WhiteOps’s promising new take on identifying hackers and clickfraud on the internet. In the news roundup, we bring back This Week in NSA for old times’ sake, highlighting the enactment of the USA FREEDOM Act and exploring its likely impact. We mock Charlie Savage for his overwrought New York Times article claiming that NSA’s cybersecurity monitoring is a privacy issue. (We apologize to Julia Angwin, Jeff Larson, and Henrik Moltke, who shared Charlie’s byline; we’ll mock you next time, I promise.) NSA is apparently inspecting traffic from foreign sources for malware and other signatures... Continue reading
Posted Jun 10, 2015 at Skating on Stilts
Our guests for Episode 68 include Julian Sanchez, senior fellow at the CATO Institute where he studies issues at the busy intersection of technology, privacy, and civil liberties, with a particular focus on national security and intelligence surveillance. They also include the entire May meeting of ISSA- NOVA, which kindly invited the Cyberlaw Podcast to go walkabout once again. The audience provides useful feedback on several of the topics covered in this episode. We begin with This Week in NSA. And even though we had no idea how the Senate process would end up,neither it turns out did Majority Leader McConnell or anyone else. Our remarks on the Congressional dynamic remain as relevant now as when we made them, despite our intimations of obsolescence. We also cover an early judicial decision on insurance coverage for data breaches (subscription required), the US indictment of (another!) six Chinese economic espionage agents, and the personal data orphaned by Radio Shack’s bankruptcy. More importantly, we seize on a flimsy pretext to revisit Max Mosley’s five-hour, five hooker sadomasochistic orgy (subscription required) and his self-defeating efforts to wipe it from the internet by threats of lawsuit. It turns out he’s now reached a settlement with... Continue reading
Posted May 27, 2015 at Skating on Stilts
Our guest for Episode 67 is Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel. We review Dan’s recommendations for improving computer security, including mandatory reporting of intrusions, liability for proprietary software, striking back at hackers, at least in some ways, and getting the government to purchase and fix vulnerabilities. We agree on the inherent foolishness of the Internet voting movement, but I disagree with Dan on the right to be forgotten, and I predict that net neutrality will lead to the opposite of what he wants – both more regulation of operators and more limits on what the operators are allowed to carry. As with Bruce Schneier, I accuse Dan of a kind of digital Romanticism for advocating improbable personal defenses like using Tor for no reason, having multiple online identities, swapping affinity cards, and paying your therapist under an assumed name. But Dan makes me eat my words. More from Dan can be found here, here, and here. In the news roundup, we introduce Alan Cohn, yet another recent alumnus of the DHS Policy office now at Steptoe. We also revive This Week in NSA , pooling our collective inability to predict what the week... Continue reading
Posted May 21, 2015 at Skating on Stilts
Episode 65 would be ugly if it weren’t so much fun. Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility. The news roundup covers Congress’s debate over NSA and section 215. The House is showing a dismaying efficiency in moving bad bills while the Senate is mired in what may turn out to be more productive confusion (see, e.g., S. 1035 and S. 1123). We unpack the Supreme Court’s grant of certiorari in Spokeo, which looks like a no-lose opportunity for privacy class action defendants. A new and troubling development in cyber insecurity in the form of the malware Cryptowall, which infected readers of the Huffington Post via ads for Hugo Boss, then encrypted... Continue reading
Posted May 5, 2015 at Skating on Stilts
Our guest for episode 64 of the Cyberlaw Podcast is Mary DeRosa, the chief lawyer for the National Security Council during the early years of the Obama Administration, and now a Distinguished Visitor at Georgetown University Law Center. We ask Mary to walk us through a hypothetical set of NSC meetings on the Sony breach and the US response, flagging the legal issues and offices that come to the table. She helps me unpack the differences between the use of force, countermeasures, and an armed attack – and confirms that I have no future at the State Department – an overdetermined outcome if ever there was one. It’s a great primer on the practical ways in which cyberconflict is lawyered (or, in my view, overlawyered). In the news roundup, I have to choose between defending the New York Times and defending Hillary Clinton. I choose Hillary, arguing that despite NYT innuendo the Russians aren’t dumb enough to pay tens of millions for a State Department “yes’ vote in CFIUS. Because as far as anyone knows, the State Department has never voted anything but “yes” in CFIUS. The House has passed two cyber information sharing bills ‒ H.R. 1560 and H.R.... Continue reading
Posted Apr 28, 2015 at Skating on Stilts
Our guest for episode 63 of the Cyberlaw Podcast is Alan Cohn, former Assistant Secretary for Strategy, Planning, Analysis & Risk in the DHS Office of Policy and a recent addition at Steptoe. Alan brings to bear nearly a decade of experience at DHS to measure the Department’s growth. He explains how it has undertaken and largely delivered a new civilian cybersecurity infrastructure. And, while Congress dithers, it has begun to build an information sharing network quite independent of the legislative incentives now on offer. Alan also offers his insights into emerging technologies and the risks they may pose, including drones, sensors, and cryptocurrencies. In the news roundup, the consensus story of the week is the return of Jason Weinstein from a five-week absence, only some of it justified by family vacation and other worthwhile endeavors. In second place is the concerted European attack on Google and the rest of the US tech sector. Michael Vatis and I mull over a high-ranking European official’s astonishing "Washington gaffe" -- usually defined as admitting a politically incorrect truth, in this case that Brussels intends to regulate US technology until European industry can compete. Good luck with that. In the House, Doug Kantor... Continue reading
Posted Apr 21, 2015 at Skating on Stilts
Our guest for Episode 62 is is Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc. and former Vice President of Threat Research at McAfee. Dmitri unveils a new Crowdstrike case study in which his company was able to impose high costs on an elite Chinese hacking team. The hackers steadily escalated the sophistication of their attacks on one of Crowdstrike’s customers without success, until they finally unlimbered a zero-day. When even that failed, and the producer was alerted to the vulnerability, the attackers found themselves still locked out -- and down one zero-day. We mull the possibility that there’s a glimmer of hope for defenders. Dmitri and I also unpack the Great Cannon – China’s answer to 4Chan’s Low-Orbit Ion Cannon. Citizen Lab’s report strongly suggests that the Chinese government used its censorship system to deliberately infect about 2% of the Baidu queries coming from outside China. The government injected a script into the outsiders’ machines. The script then DDOSed Github, a US entity that had been making the New York Times available to Chinese readers along with numerous open source projects. The attack is novel, showing a creative and dangerous use of China’s Great Firewall, and it provoked not... Continue reading
Posted Apr 14, 2015 at Skating on Stilts
Image
Our guest for episode 61 of the Cyberlaw podcast is Joseph Nye, former dean of the Kennedy School at Harvard and three-time national security official for State, Defense, and the National Intelligence Council. We get a magisterial overview of the challenge posed by cyberweapons, how they resemble and differ from nuclear weapons, and (in passing) some tips on how to do cross-country skiing in the White Mountains. In the news roundup, Meredith Rathbone explains details of the new sanctions program for those who carry out cyber attacks on US companies. I mock the tech press reporters who think this must be about Snowden because, well, everything is about Snowden. Michael Vatis endorses John Oliver’s very funny interview of Edward Snowden. Not just funny, it’s an embarrassment to all the so-called journalists who’ve interviewed Snowden for the last year without once asking him a question that made him squirm. In contrast, Oliver almost effortlessly exposes Snowden’s dissembling and irresponsibility. He hits NSA below the belt as well. Ben Cooper explains the Ninth Circuit decision refusing to apply disability accommodation requirements to web-only businesses (he filed an amicus brief in the case), and we speculate on the likelihood of a cert grant.... Continue reading
Posted Apr 7, 2015 at Skating on Stilts
The executive order allowing the President to impose OFAC sanctions on hackers is good news. I've been calling on the government for several years to go beyond attribution to retribution. See, for example this post from 2012 (caution: cleavage is involved), this Foreign Policy article (sadly, no cleavage), and this recent podcast with Juan Zarate (again no cleavage, you'll be relieved to hear). Similar sentiments were expressed in a 2013 report by the American Bar Association. The good news from the Sony case is how much better and faster we've gotten at attributing network espionage and network attacks. But that won't do much good until we can also punish those we identify. This order offers a real possibility that we can. Even the hackers don't want to work for government forever; they hope to run startups just like everybody else, but that will be hard with an OFAC sanction hanging over their heads. And the companies that benefit from stolen trade secrets could also find themselves sanctioned, since the order extends to them as well. Sanctions can be applied to any company that is: responsible for or complicit in, or to have engaged in, the receipt or use for commercial... Continue reading
Posted Apr 1, 2015 at Skating on Stilts
Derek, Thanks for the thoughtful response. One question: What is TLP sanitization? I'm not sure we disagree much on the limitations of automated collection of threat information. I agree that such collection is sometimes very accurate and that even accurate information ages rapidly. But I can't help believing that some of the automated systems are collecting information about behavior that is almost always evidence of bad intent. But not always; mistakes and randomness happen. In fact, one of the Critical Stack sources says pretty much exactly that: "The following IP addresses have been detected performing TCP SYN to 206.82.85.196/30 to a non-listening service or daemon. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts." Maybe the conduct in question is almost certainly malicious, at the 95% confidence level. We would surely be willing to block addresses if there's a 95% chance that they're bad, but a company sharing information of that kind is taking a legal risk; it doesn't have a "reasonable belief" that all the personally identifying address data it's sharing is directly related to a threat. In fact, it has a pretty good idea that 5% is not; it just doesn't know which 5%. That's going to give the company lawyer pause when the time comes to share. And this bill will introduce that pause into information-sharing forums that are working smoothly now. That's not progress. Stewart
Image
Episode 60 of the Cyberlaw Podcast features Paul Rosenzweig, founder of Red Branch Consulting PLLC and Senior Advisor to The Chertoff Group. Most importantly he was a superb Deputy Assistant Secretary for Policy in the Department of Homeland Security when I was Assistant Secretary. Paul discourses on the latest developments in ICANN, almost persuading me that I should find them interesting. He expresses skepticism about the US government’s effort to win WTO scrutiny of China’s indigenous bank technology rules; he also sees the DDOS attack on GitHub as a cheap exercise in Chinese extraterritorial censorship. Michael Vatis, meanwhile, fills us in on two new cyberlaw cases whose importance is only outweighed by their weirdness. And I dissect the House cybersecurity information sharing bill, concluding that it has gone so far to appease the unappeasable privacy lobby that it may actually discourage information sharing. As always, send your questions and suggestions for interview candidates toCyberlawPodcast@steptoe.comor leave a message at +1 202 862 5785. Download the sixtieth episode (mp3). Subscribe to the Cyberlaw Podcast here. We are also now on iTunes and Pocket Casts!:: Continue reading
Posted Mar 31, 2015 at Skating on Stilts
The House Intelligence Committee has now adopted a manager's amendment to what it's now calling the "Protecting Cyber Networks Act." Predictably, privacy groups are already inveighing against it. I fear that the House bill is indeed seriously flawed, but not because it invades privacy. Instead, it appears to pile unworkable new privacy regulations on the private sector information-sharing that's already going on. The key point to remember is that plenty of private sector sharing about cybersecurity is already going on. There aren't a lot of legal limits on such sharing, unless the government is getting access to the information. If it is, providers of internet and telecom services can't join the sharing because an old privacy law bars them from providing subscriber information to the government in the absence of a subpoena. The House bill solves that problem by allowing sharing to occur, "notwithstanding any other law." But overriding even a dysfunctional and aging privacy law quickens the antibodies of the privacy lobby. So they've been pressing for kind of "privacy tax" on information sharing -- specifically, they want assurances that personal data will be removed from any threat information that companies share. Everyone recognizes, at least in theory, that... Continue reading
Posted Mar 30, 2015 at Skating on Stilts
Image
Richard Bejtlich and Stewart Baker Richard Bejtlich is our guest for episode 59 of the Cyberlaw Podcast. Richard is the Chief Security Strategist at FireEye, an adviser to Threat Stack, Sqrrl, and Critical Stack, and a fellow at Brookings. We explore the significance of China’s recently publicized acknowledgment that it has a cyberwar strategy, FireEye’s disclosure of a gang using hacking to support insider trading, and NSA director Rogers’s recent statement that the US may need to use its offensive cyber capabilities in ways that will deter cyberattacks. In the news roundup, class action defense litigator Jennifer Quinn-Barabanov explains why major automakers are facing cybersecurity lawsuits now, before car-hacking has caused any identifiable damage. I explain how to keep your aging car and swap out its twelve-year-old car radio for a cool new Bluetooth enabled sound system. Michael Vatis disassembles the “$10 million” Target settlement and casts doubt on how much victims will recover. Richard Bejtlich, Stewart Baker, and Jennifer Quinn-Barabanov Michael also covers the approval by a Judicial Conference advisory committee of a rule allowing warrants to extend past judicial district lines, explaining why it may not be such a big deal. Maury Shenk, former head of Steptoe’s London... Continue reading
Posted Mar 24, 2015 at Skating on Stilts
Cyberspies can’t count on anonymity any more. The United States (and the private security firm Mandiant) stripped a PLA espionage unit of its cover two years ago with a detailed description of the unit’s individual hackers; that report was followed by federal indictments of members of the unit that described them and their activities is great detail. More recently, the President outed North Korea for the attack on Sony. And as if to underscore the growing confidence of the intelligence community in its attribution capabilities, the Director of National Intelligence almost casually tagged Iran for a destructive cyberattack on Sheldon Adelson’s Las Vegas Sands gambling empire. That’s good news, but it’s only a first step.To make a real difference, attribution has to yield more than talk. Unfortunately, neither the companies victimized by network intrusions nor their governments have yet found ways to turn attribution into deterrence. No one expects to see members of the PLA in federal court any time soon. The administration’s public sanctions on North Korea were barely pinpricks. And Iran could be forgiven for concluding that its cyberattacks were rewarded by concessions in the nuclear enrichment negotiations. But that’s not the last word. I attended a recent... Continue reading
Posted Mar 19, 2015 at Skating on Stilts
Image
In episode 58 of the Cyberlaw Podcast, our guest is Andy Ozment, who heads the DHS cybersecurity unit charged with helping improve cybersecurity in the private sector and the civilian agencies of the federal government. We ask how his agency's responsibilities differ from NSA's and FBI's, quote a scriptural invocation of desert jackals to question his pronunciation of ISAO, dig into the question whether sharing countermeasures is a prelude to cybervigilantism, and address the crucial question of how lawyers should organize cybersecurity information sharing organizations (hint: the fewer lawyers and the more clients the better). In the news roundup, we revisit the cybersecurity implications of net neutrality, and Stephanie Roy finds evidence that leads me to conclude that the FCC has stolen the FTC's playbook (and, for all we know, deflated the FTC's football). This ought to at least help AT&T in its fight with the FTC over throttling, but that's no sure bet. I explain why Hillary Clinton's email server was a security disaster for the first two months of her tenure – and engage in utterly unsupported speculation that she closed the biggest security gap in March 2009 because someone in the intelligence community caught foreign governments reading... Continue reading
Posted Mar 18, 2015 at Skating on Stilts
Image
This episode of the podcast features Rep. Mike Rogers, former chairman of the House intelligence committee, Doug Kantor, our expert on all things cyber in Congress, and Maury Shenk, calling in from London. Mike Rogers is now a nationally-syndicated radio host on Westwood One, a CNN national security commentator, and an adviser to Trident Capital’s new cybersecurity fund. The former chairman addresses a host of issues -- gaps in CFIUS, the future of the President’s new cyber threat integration center, the risk of rogue state cyberattacks on US infrastructure – as well as the issues we cover in the news roundup. These include Maury’s take on China’s toughening policy toward US technology, the prospects for a workable bill renewing section 215 (the ex-chairman is not as sanguine as Doug Kantor and I) and the administration’s new privacy bill. (Our take: the bill is ideal for the Twitter age, since you still have 137 characters left after typing “DOA”.) Maury updates us on the latest reason for delay in adoption of a new European data protection regulation. Doug Kantor and Mike Rogers consider the prospects for an information sharing bill and comment on privacy groups’ goalpost-moving style of congressional negotiation. And,... Continue reading
Posted Mar 11, 2015 at Skating on Stilts