This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
European hypocrisy on data protection is a lot like the weather. Everyone complains about it but no one does anything about it. Until today. In episode 120, we announce the launch of the Europocrisy Prize. With the support of TechFreedom, we’re seeking tax deductible donations for a prize designed encourage the proliferation of Schrems-style litigation, but with a twist. We’ll award the prize to anyone who brings complaints that force Europe to apply the same human rights and data export standards to Russia, China, and Saudia Arabia as it applies to the US. More on the prize here. We’re inspired to this announcement because, as Katie Cassel tells us in the news roundup, the data protection commissioner in Hamburg is hot-dogging on the privacy issue, and with relish. He has imposed fines on US companies for the offense of being caught by surprise when the Safe Harbor went down. Naturally, as far as we can tell, no similar cases have been launched against Russia, China, or any of the other countries that never even bothered to negotiate over privacy with the EU. The Europocrisy Prize, though, should go a long way to even the score. We’re joined for the news... Continue reading
Posted Jun 15, 2016 at Skating on Stilts
Our guest for episode 119 is Kevin Kelly, founding executive editor of Wired Magazine and author of The Inevitable: Understanding the 12 Technological Forces that will Shape our Future. Kevin and I share many views – from skepticism about the recording industry’s effort to control digital data to a similar skepticism about EFF’s effort to control personally identifiable data – but he is California sunny and I am East Coast dark about where emerging technology trends are taking us. The conversation ranges from Orwell and the Wayback Machine to the disconcerting fluidity and eternal noobie-ness of today’s technological experience. In closing Kevin sketches a quick but valuable glimpse of where technology could take us if it comes from Shenzhen rather than Mountain View, as it likely will. The news roundup leavens deep thoughts about the future with loose talk about sex and politics. I ask whether the FOIA classification review of Hillary Clinton’s email is compounding the damage done by her use of a homebrew server. I discover the weird connection between leak defenders like Julian Assange and Jacob Appelbaum and sexual extortion – and even offer a theory to explain it (caution: involves threesomes). We award the Dumbest Journalism... Continue reading
Posted Jun 8, 2016 at Skating on Stilts
Episode 118 digs deep into DARPA’s cybersecurity research program with our guest, Angelos Keromytis, associate professor at Columbia and Program Manager for the Information Innovation Office at DARPA. Angelos paints a rich picture of a future in which we automate attribution across networks and international boundaries and then fuse bits of attribution data as though they were globules of the Terminator reassembling into human form. In the news roundup, a district court judge takes NIT-picking to an extreme, quietly deep-sixing child porn evidence because the FBI would not disclose its Network Investigative Technique. Michael Vatis and I wonder why such an important call would not be dignified by a written opinion. Michael and I also trade assessments of Twitter’s latest effort to revive its faltering lawsuit to reveal how many national security discovery orders it has received. Michael is more bullish than I am on Twitter’s prospects. The EU has officially given up on competing with the rest of the world on internet technology, and it has gone back to its roots – using regulation to at least force successful companies to pay a toll of hassle and forelock-tugging in Brussels. Maury Shenk has the facts (if not quite the... Continue reading
Posted Jun 3, 2016 at Skating on Stilts
Ransomware is the new black. In fact, it’s the new China. So says our guest for episode 116, Dmitri Alperovitch, the CTO and co-founder of CrowdStrike. Dmitri explains why ransomware is so attractive financially – and therefore likely to get much worse very fast. He and I also explore the implications and attribution of the big bank hacks in Vietnam and Bangladesh. In the news roundup, Michael Vatis reports on the new federal trade secrets law. In addition, inspired by the Edelson firm’s sealed complaint against a Chicago-based law firm for cybersecurity failings, Steptoe’s chair emeritus, Roger Warin, charts the legal and strategic terrain of suing law firms for bad security. The hazards of class action litigation in this field are illuminated by the district court’s recent ruling on the Zappos breach, which Michael unpacks for us. Unable as always to resist a sitting duck, I quote the FTC’s condescending Congressional testimony promising to give the FCC the benefit of its 40 years of security expertise. It plans to offer comments on the FCC’s proposed privacy regulations. But the FTC fails to note that in all those 40 years, it has never had occasion to ask anyone for comment on... Continue reading
Posted May 17, 2016 at Skating on Stilts
Does the FISA court perform a recognizably judicial function when it reviews 702 minimization procedures for compliance with the fourth amendment? Our guest for episode 115 is Orin Kerr, GWU professor and all-round computer crime guru, and Orin and I spend a good part of the interview puzzling over Congress’s mandate that the FISA court review what amounts to a regulation for compliance with an amendment that is usually invoked only in individual cases. Maybe, I suggest, the recent court ruling on 702 minimization and the fourth amendment doesn’t make sense from an article III point of view because the FISA judges long ago got bored with reading intercept applications and adhering to article III's pesky case and controversy requirement; it's just more fund to act as special masters overseeing the intelligence community. We also explore an upcoming Orin Kerr law review piece on how judicial construction of the fourth amendment should be influenced by statutes that play in the same sandbox. In the news roundup, Maury Shenk provides an overview of the data protection logjam now building up in Brussels, including EU Parliament approval of the new US-EU law enforcement agreement. In FTC news, Katilin Cassel explains why Amazon... Continue reading
Posted May 11, 2016 at Skating on Stilts
Our guest for episode 114 is General Michael Hayden, former director of the NSA and CIA; he also confirms that he personally wrote every word of his fine book, Playing to the Edge: American Intelligence in the Age of Terror. In a sweeping interview, we cover everything from Jim Comey’s performance at the AG’s hospital bedside (and in the Clinton email investigation) to whether the missed San Diego 9/11 calls were discovered before or after the 215 program was put in place. Along the way, we settle the future of Cyber Command, advise the next President on intelligence, and lay out the price the intelligence community is paying for becoming so darned good at hunting terrorists. Michael Vatis and I do the news roundup. It’s bad news this week for the same child porn defendants who got good news last week, when a court overturned the search warrant used to search their computers after they visited an FBI-run Tor node. Now, though, the Supreme Court has approved a change to Rule 41 authorizing geographically unbound search warrants in computer cases. Unless Congress comes to their rescue by rejecting the proposed rule change, an unlikely prospect indeed, the new rule will... Continue reading
Posted May 3, 2016 at Skating on Stilts
No holds are barred as a freewheeling panel of cryptographers and security pros duke it out with me and the Justice Department over going dark, exceptional access, and the Apple-FBI conflict. Among the combatants: Patrick Henry, a notable cryptographer with experience at GCHQ, NSA, and the private sector; Dan Kaminsky, the Chief Scientist at White Ops; Kiran Raj, who is Senior Counsel to the Deputy Attorney General; and Dr. Zulfikar Ramzan the CTO of RSA Security. Our thanks to Catherine Lotrionte who generously agreed to let me record this one-hour panel at her remarkable Annual International Conference on Cyber Engagement. In the news roundup Maury Shenk discusses the real and mythical import of the UK’s pending surveillance bill, and I mock the journalists who claimed to find scandal in GCHQ’s elaborate compliance regime for access to bulk personal data. Alan Cohn and I return to the Apple-FBI fight, and I can’t help pointing out that Apple, the self-proclaimed champion of security, didn’t bother to tell its customers that it was no longer providing security patches to QuickTime on Windows. Alan manages to explain Apple’s thinking with two words: “on Windows.” The FBI’s decision to manage a child porn distribution node... Continue reading
Posted Apr 28, 2016 at Skating on Stilts
How secure is the grid -- and how sophisticated are the nations planning to attack it? Very sophisticated, is the short answer. Our guest for episode 111, Suzanne Spaulding, DHS’s Under Secretary for the National Protection and Programs Directorate, lays out just how much planning and resources went into the attack on Ukraine’s grid, what it means for US industry, the information sharing that can mitigate the consequences, and why the incident reinforces the need to stand up the Cyber and Infrastructure Protection Agency at DHS. Our news roundup concentrates on the draft Senate bill on encryption from Senators Burr and Feinstein. Not surprisingly, I find the critics to be mostly off target and occasionally unhinged in inimitable tech-sector fashion. Sen. Wyden condemns the bill, and no one is surprised. The White House ducks a fight over the legislation, and mostly no one cares any more. I offer the view that as more Silicon Valley firms adopt easy, universal, unbreakable crypto, the tide will slowly turn against them, as the list of crypto victims keeps getting longer. Kaitlin Cassel and Alan Cohn unpack the consequences for law firms of the Mossack Fonseca leak, and Suzanne Spaulding weighs in with advice... Continue reading
Posted Apr 15, 2016 at Skating on Stilts
Just how sophisticated are the nations planning and carrying out cyberattacks on electric grids? Very, is the short answer. Our guest for episode 111, Suzanne Spaulding, DHS’s Under Secretary for the National Protection and Programs Directorate, lays out just how much planning and resources went into the attack on Ukraine’s grid, what it means for US industry, the information sharing that can mitigate the consequences, and why the incident reinforces the need to stand up the Cyber and Infrastructure Protection Agency at DHS. Our news roundup concentrates on the draft Senate bill on encryption from Senators Burr and Feinstein. Not surprisingly, I find the critics to be mostly off point and occasionally unhinged in inimitable tech-sector fashion. Sen. Wyden condemns the bill, and no one is surprised. The White House ducks a fight over the legislation, and mostly no one cares any more. I offer the view that as more Silicon Valley firms adopt easy, universal, unbreakable crypto, the tide will slowly turn against them, as the list of crypto victims keeps getting longer. Kaitlin Cassel and Alan Cohn unpack the consequences for law firms of the Mossack Fonseca leak, and Suzanne Spaulding weighs in with advice for the legal... Continue reading
Posted Apr 13, 2016 at Skating on Stilts
Steptoe recently held a client briefing in its Palo Alto office to update clients on Chinese legal and regulatory developments affecting US technology companies. I took advantage of the event to sneak in a quick discussion with Susan Munro and Ying Huang of Steptoe's China practice, on how China is regulating the Internet, with special emphasis on data protection, data localization, and more. As always, the Cyberlaw Podcast welcomes feedback. Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Download the 110th episode (mp3). Subscribe to the Cyberlaw Podcast here. We are also now on iTunes and Pocket Casts! Continue reading
Posted Apr 13, 2016 at Skating on Stilts
In episode 109, we interview Perianne Boring of the Chamber of Digital Commerce on the regulatory challenges of bitcoin and the blockchain. In the news roundup, we bring back Apple v. FBI for what we hope will be one last round, as the San Bernardino magistrate voids her All Writs Act motion for mootness and attention shifts to other investigators hoping to crack iPhone security, both in the US and in Europe. In a change of pace, I dip into the Hillary Clinton email scandal, wondering whether US intelligence agencies caught foreign spies exploiting Clinton’s unsecured emails on her first trip to Asia. Alan Cohn reminds me that using government networks wouldn’t have exactly guaranteed their security. Kaitlin Cassel makes her first appearance on the podcast, explaining the FCC’s new ISP privacy rules. We all try, unsuccessfully, to figure out why the FTC is so sure it knows more about privacy and security regulation than the FCC. Alan and I explore the flap over insider-trading attacks on BigLaw, and I wonder out loud whether the whole story is hype. What’s not hype, however, is a breaking story on the biggest data spill in history, which outs the hidden assets of... Continue reading
Posted Apr 6, 2016 at Skating on Stilts
I continue to be fascinated by the very early chapters of the Hillary Clinton homebrew email saga. For one simple reason: the clintonemail.com server apparently didn't have the digital certificate needed to encrypt communications until late March 2009 -- more than two months after the server was up and running, and after Secretary Clinton's swearing-in on January 22. Two questions are raised by this timing: First, why didn't the server have encryption from the start? And second, why did it get encryption in March, at a time when Clinton should have been extraordinarily busy getting up to speed at State, not messing with computer security protocols? The simplest answer to the first question is that the lack of a certificate was just a mistake. But what about the second? What inspired the Secretary to get an encryption certificate in March when her team hadn't bothered to get one in January or February? The likely answer to that question is pretty troubling. There now seems to be a very real probability that Hillary Clinton rushed to install an encryption certificate in March 2009 because the U.S. intelligence community caught another country reading Clinton's unencrypted messages during her February 16-21, 2009, trip... Continue reading
Posted Apr 4, 2016 at Skating on Stilts
This episode features an extended news roundup with plenty of disagreement between me and Nuala O’Connor, the President and CEO of the Center for Democracy and Technology (CDT). We debate whether and how CDT should pay more attention to Chinese technology abuses and examine the EU ministers’ long list of privacy measures to be rolled back and security measures to be beefed up in the wake of the Brussels and Paris Daesh attacks. Meredith Rathbone reports on the sanctions case of the decade, as ZTE gets hit with a bag full of bricks – or is it marshmallows? – for its role in flouting US export controls. We speculate about why the US danced an enforcement two-step in this case – and who its next dance partner might be. The Justice Department has launched a second set of indictments, this time aimed at Iranians who DDOS’d US banks and tried to flood the basements of Rye, NY, suburbanites. Michael Vatis and I speculate on whether other finance ministers might agree that sanctions should be imposed on those who hack banks – and on whether the Southern District will overreach in its forfeiture tactics. I fume over the French bureaucracy’s claim... Continue reading
Posted Mar 29, 2016 at Skating on Stilts
What kind of internet world order does China want, and will it succeed? That’s the question we ask Adam Segal, Maurice R. Greenberg Senior Fellow at the Council on Foreign Relation and author of The Hacked World Order. We review China’s surprising success at getting tech companies to help it build an authoritarian Internet – the technological equivalent of persuading Jello to nail itself to the wall. Meanwhile, every nation, it seems, is busy reasserting sovereignty over cyberspace. Except the United States. Which raises the question whether other countries will decide to assert sovereignty over our internet, making us the Syria of cyberspace. In the news roundup, I note that an apparent FBI raid on Tiversa is making the FTC look more and more like the dumb muscle called in to enforce someone else’s shakedown scheme. Which brings to mind images of Edith Ramirez as The Hulk, turning green and shouting “LabMD bad! FTC smash!” Maury Shenk examines the latest Spanish decision on Google and the Right to Be Forgotten and I conclude that it’s classic TL;DR material. Turning next to the FBI-Apple fight, I thank the President for opening SXSW for me and muse on his surprisingly strong endorsement... Continue reading
Posted Mar 23, 2016 at Skating on Stilts
In bonus episode 106, Stewart and Alan interview Phil Reitinger, former DHS Deputy Undersecretary for Cybersecurity and Sony Corporation CISO and current Director of the new Global Cyber Alliance, making up for the famous “lost episode” that Stewart and Alan recorded with Phil on the sidelines of the RSA Conference (“The best interview I ever conducted,” according to Phil). Stewart first asks Phil about his old organization, DHS’s National Protection and Programs Directorate (NPPD). Phil waxes eloquent about the triumphs and travails of NPPD, and also wonders what the impact on NPPD will be from President Obama’s recent creation of a Federal Chief Information Security Officer in the Executive Office of the President (Alan wonders—less eloquently—about that too). Phil also notes that “we are all medieval barbers” when it comes to knowing how to treat today’s cybersecurity ills (“We know where to put the leeches, but that’s about it,” says Phil). We then get to the meat of the interview. Alan asks Phil all about the new Global Cyber Alliance, launched in partnership with the Center for Internet Security, the New York County District Attorney’s Office (and its asset forfeiture funds), and the City of London Police Department. Phil explains... Continue reading
Posted Mar 20, 2016 at Skating on Stilts
Doing our best to avoid turning this into the Applelaw podcast, episode 105 begins with Maury Shenk unpacking the new US-EU Privacy Shield details. His take: more hassles for companies accused of noncompliance, more detailed privacy disclosures and compliance obligations for most members, and a modicum of pain for the intelligence community, but it’s still basically the same framework as the Safe Harbor. Plenty of news from the FTC, as we ask how embarrassed the Commission should be now that one of its “common sense” security requirements has been discredited by its own chief technologist; we also ponder one Commissioner’s decision to weigh in on encryption regulation, and the Commission’s foray into security for the Internet of Things. Michael Vatis tells us the significance of the CFPB’s first data security enforcement order and the FCC’s new privacy rules for Internet providers. Maury brings us mixed news on data protection skirmishes in Germany. Hamburg’s biggest privacy hot dog looks more like chopped liver after a court ruling undercuts its jurisdictional claims, but Facebook’s “like” button may require its own “I consent” button. Finally, we return to the Apple-FBI case, submerge under a flood of amicus briefs, gauge the level of anger... Continue reading
Posted Mar 20, 2016 at Skating on Stilts
Live from RSA, it’s episode 104, with special guest Jim Lewis, CSIS’s renowned cybersecurity expert and Steptoe’s own Alan Cohn. We do an extended news roundup before an RSA audience that yields several good questions for the panel. We had invited Bruce Sewell, Apple’s General Counsel, to participate, but he didn’t show. So we felt no constraint as we alternately criticized and mocked Apple’s legal arguments for not providing assistance to the FBI in gaining access to the San Bernardino terrorist’s phone. We review the bidding on encryption on Capitol Hill and observe that the anti-regulatory forces have lost ground as a result of the fight Apple has picked. That leads into a discussion of China’s backdoors into the iPhone and Baidu’s role in compromising users of its products. We pivot to the latest details on the unfortunately named Privacy Shield, which apparently is what you call a warmed-over Safe Harbor with a few dispute resolution tweaks. Jim Lewis speculates on whether Europe is likely to launch an effective attack on the US 702 program. I advance the theory that Europe is happy to hate US tech companies both for cooperating with law enforcement and for not cooperating with law... Continue reading
Posted Mar 7, 2016 at Skating on Stilts
Due to technical difficulties, the interview for the 103rd episode will be released as a separate post next week. In the news roundup, we explore Apple’s brief against providing additional assistance to the FBI in its investigation of the San Bernardino killings. Michael Vatis finds good and bad in the brief – some entirely plausible arguments about burden mixed with implausible ones aimed more at the public than at the magistrate judge. I suggest that the burden argument may be weaker than it seems, both because the costs can be spread over many requests for assistance and because the accounting of work to be done feels “as padded as a no-bid government contract offer.” Which, now that the FBI has offered to pay Apple’s costs, is pretty much exactly what it is. In other news, Michael and Jason Weinstein look at the California AG’s breach report, and its unlikely suggestion that the states adopt a unified approach to breach reporting. And I offer highlights and lowlights from the DHS guidelines for information sharing, shining particular light on a troubling proposal that some shared fields will have to be scrubbed by human beings before the information is passed on to at-risk... Continue reading
Posted Mar 2, 2016 at Skating on Stilts
To avoid helping the FBI search the San Bernardino terrorist’s phone, Apple and its CEO, Tim Cook, are going to spend weeks in court, and probably on Capitol Hill. That means that for the first time the government will have a chance to use subpoenas and discovery to judge the truth of the claims that the famously secretive Silicon Valley company and its allies have been making. This should be fun. Apple's story is that helping the FBI would require an “unprecedented and unreasonably burdensome” code-writing exercise and that once the code is written, authoritarian regimes like China's will demand that Apple use the code to help them spy on their citizens. Okay, then. Now that narrative can be tested against the facts. So here in the form of an open letter are some of the questions I’d ask Tim Cook if I had him under oath. Dear Tim Cook, In court, you’ve said that it would take two to four weeks to write the code the FBI wants, using a small team of 6-10 Apple employees. This is too much work, your lawyers told the court, especially since it might end up helping repressive regimes surveil their own people.... Continue reading
Posted Feb 25, 2016 at Skating on Stilts
What is the most surprising discovery a law firm partner makes when he jumps to the National Security Agency? I direct that and other questions at Glenn Gerstell, who has just finished six months in the job as General Counsel at the National Security Agency. In the news roundup, we begin, of course, with the fight between Apple and the Justice Department. I open the discussion by reminding the audience that the war on terror cannot be a war on one of the world’s great religions and insisting that Apple remains a religion of peace. Michael Vatis describes the Justice Department’s latest filing, and we trade for deep discovery, not only at the FBI but also at Apple. CFIUS has released its annual report – only eighteen months late – and the report shows continuing tough review standards from the Committee,Stephen Heifetz reports. There is no sign yet that Chinese acquisitions will experience a smoother ride in future. Michael and I report on Google’s new effort to accommodate European data censors by geolocating users of google.com. Finally, the judiciary is allowing defense lawyers to take a close look at the code used by the FBI to capture data about users... Continue reading
Posted Feb 23, 2016 at Skating on Stilts
The Second Annual Triple Entente Beer Summit again filled the Washington Firehouse loft with an audience at least as knowledgeable as the panel, which consisted of Ben Wittes, Shane Harris,Stewart Baker, Tamara Cofman Wittes, and Alan Cohn. The Triple Entente Beer Summit brings together members of the Lawfare, Rational Security, and the Steptoe Cyberlaw podcasts. The topic of the day was the confrontation between Apple and the Justice Department over gaining access to the iPhone used by one of the terrorists responsible for the mass killing in San Bernardino, California. Suffice it to say that the podcast was not sponsored by Apple, nor will it be any time prior to the heat death of the universe. We also dig into the Nitro Zeus story, claiming that in 2009 the United States prepared a massive cyberattack on Iran as an alternative to kinetic action in the event that nuclear talks failed and Iran began a nuclear breakout. Finally, the panel explores the administration’s rekindled enthusiasm for CVE – countering violent extremism. We provide a definitive answer to the question, “Do we need more GS-14s tweeting on terrorism?” And Tamara Wittes challenges us to find the difference between late Obama and late... Continue reading
Posted Feb 22, 2016 at Skating on Stilts
My earlier post on whether Apple's iPhone can be used legally in the financial industry produced some useful quick responses via Twitter. The short answer seems to be that the iPhone probably can't be legally used for communicating with financial industry customers without modification, either of the operating system or of the apps that are used. That is, the app and/or the operating system has to allow corporate management access to the contents of the phone, or at least to the "corporate" apps on the phone. What's interesting is that Apple seems to have modified its operating system to provide corporate purchasers exactly that. Apple offers something called MDM, or mobile device management. Talking to corporate managers, Apple brags, a bit obscurely, that "because corporate accounts, apps, and content installed via MDM can be managed by iOS, IT has the ability to remove or upgrade them without impacting personal data." (Emphasis added.) I think that means that the company can go into the iPhones of its employees and read the contents of their communications whenever it wants. MDM isn't exactly the most communicative name for the access Apple has created. The company has been insisting a bit counterintuitively that a... Continue reading
Posted Feb 20, 2016 at Skating on Stilts
Apple's refusal to help the government unlock the San Bernardino shooter's iPhone may have some surprising consequences. Remember, Apple is defying not only the Justice Department but also the wishes of the iPhone's owner. That's because the iPhone in question is actually owned by the San Bernardino County Department of Public Health, which issued it to Syed Farook to use at work. As a practical matter, Apple's technical and legal position elevates Farook's privacy over the interests of the iPhone's real owner. This may well be consistent with Apple's corporate marketing strategy, which seems to be making the iPhone so sexy that employees will simply demand that companies buy it for them. But the San Bernardino case is a wakeup call for companies who think that, because they are the customers, Apple owes them some allegiance. Nope. Instead, Apple's technical and legal war with the United States government is turning its corporate customers into collateral damage. As that lesson sinks in, enterprise purchases of iPhones may take a hit. Indeed, in the financial industry, the fallout could be worse. Given Apple's decision to privilege users' privacy above all else, it may well be unlawful for banks and brokerages to let... Continue reading
Posted Feb 20, 2016 at Skating on Stilts
Image
We devote episode 100 to “section 702” intelligence – the highly productive counterterrorism program that collects data on foreigners from data stored on US servers. What’s remarkable about the program is its roots: President Bush’s decision to ignore the clear language of FISA and implement collection without judicial approval. That decision has now been ratified by Congress – and will be ratified again in 2017 when the authority for it ends. But what does it say about the future of intelligence under law that our most productive innovation in intelligence only came about because the law was broken? Our guest for the episode, David Kris, thinks that President Bush might have been able to persuade Congress to approve the program in 2001 if he’d asked. David may be right; he is a former Assistant Attorney General for National Security, the coauthor of the premier sourcebook on intelligence under law, "National Security Investigations & Prosecutions,” and the General Counsel of Intellectual Ventures. But what I find surprising is how little attention has been paid to the question. How about it? Is George Bush to FISA what Abraham Lincoln was to habeas corpus? My interview with David leaves Lincoln to the history... Continue reading
Posted Feb 8, 2016 at Skating on Stilts
Our guest is Amit Ashkenazi, whom I interviewed while in Israel. Amit is Legal Advisor of The Israel National Cyber Bureau and a former general counsel to Israel’s data protection agency. Israel is drafting its own cybersecurity act, and we discuss what if anything that country can learn from the US debate – and what the US can learn from Israel’s cybersecurity experience. We explore the challenges Israel will face in trying to start a new cybersecurity agency, how Israel strikes the balance between security and privacy, the risks of using contractors to staff a new agency, the danger of stating agency authorities with too much specificity, and why the agency is likely to look more like DHS than the FBI. In the news roundup, I discuss the dynamics of the Safe Harbor talks with Maury Shenk, boldly predicting that the EU will cave on the remaining issues once it’s convinced the US means business. Jason Weinstein and I talk about the Judicial Redress Act and the gratifying Senate Judiciary Committee amendment – an amendment that the EU must have seen as a bad sign for the future if the Safe Harbor talks fail. The Act is intended to facilitate... Continue reading
Posted Feb 1, 2016 at Skating on Stilts