This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
This week the podcast features an extended news roundup with two guest commentators – Julian Sanchez of the Cato Institute and Gus Hurwitz of Nebraska Law School. We talk about the latest, mostly overhyped, Shadowbrokers dump, and whether Google Translate can be taught to render plain text into Shadowbrokerese as well as Klingon. Stephanie Roy kicks off speculation about the future of net neutrality in the Pai FCC. The future looks bright for litigators. Abbott Labs takes a short but brutal session in the woodshed from the FDA. Looks like Abbott’s now-subsidiary, St. Jude Medical, knew for years that its backdoor could be found by outsiders, but it stuck to the view that hardcoded access was a feature not a bug. Too bad Uber has already trademarked the name, because if ever there were a feature that deserved to be called “God mode,” this is it. Burger King triggers a technical battle with Google and an editing war with Wikipedia with a commercial that begins, “Okay, Google, what’s a Whopper burger?” But, law nerds that we are, all we can talk about is whether Burger King is liable under the Computer Fraud and Abuse Act. As always, the Cyberlaw Podcast... Continue reading
Posted Apr 17, 2017 at Skating on Stilts
Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute. It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a bank’s entire online presence, to the pwning of Dallas’s emergency sirens and a successful campaign to compromise the outsourcing firms that supply IT to small and medium sized businesses. In the news roundup, Maury Shenk, and Jamil Jaffer, of George Mason’s National Security Law & Policy Program, talk with me about the likely outcome of the European movement to regulate encryption. The bad news for Silicon Valley is that the US isn’t likely to play much of a moderating role when the Europeans tighten the screws. In other news, Jennifer Quinn-Barabanov explains the two-front battle that Wendy’s is facing (and mostly losing) over data breach liability. I acknowledge the latest Silicon Valley fad: filing lawsuits on behalf of their customers’ privacy. So far, Twitter has chalked up a win, and Facebook a loss. LabMD has also chalked up another win, this time in a Bivens action to hold FTC officials personally... Continue reading
Posted Apr 11, 2017 at Skating on Stilts
Episode 158 is a bonus episode – the Triple Entente Beer Summit, where members of the Steptoe Cyberlaw Podcast, the Lawfare Podcast, and the Rational Security Podcast assemble over beer to comment on the events of the week – or in this case, the day, since it was among the most news-filled days of President Trump’s young presidency. We cover the (then pending) attack on Assad’s forces in Syria, the future of the Russia election/surveillance investigation, and the meaning of changes to the National Security Council. It’s also the time each year when our audience gets to ask us questions, and that turns out to be among the most entertaining parts of the program. As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Download the 158th Episode (mp3). Subscribe to the Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)! Continue reading
Posted Apr 7, 2017 at Skating on Stilts
Episode 157 digs into the security of the medical internet of things. Which, we discover, could be described more often than we’d like as an internet of things that want to kill us. Joshua Corman of the Atlantic Council and Justine Bone, CEO of MedSec, talk about the culture clash that has made medical cybersecurity such a treacherous landscape for security researchers, manufacturers, regulators, and, unfortunately, a lot of patients who remain in the dark about the security of devices they carry around inside them. In the news roundup, Phil Khinda takes us through the likely trend in SEC cybersecurity enforcement in the new administration. Stephen Heifetz does the same for the Committee on Foreign Investment in the United States, or CFIUS. I claim that Eli Lake’s Bloomberg story finally explains why Republicans think that Obama administration surveillance and unmasking of Trump team members needs to be investigated. Stephen calls it a distraction. In other news, Buzzfeed gets taken down by a lawyer with a sense of humor, big claims are made for the impact of the third Wikileaks Vault7 document dump, and Donald Trump may have forgiven Apple. Finally, Jim Comey’s twitter account seems to have been outed; that’s... Continue reading
Posted Apr 4, 2017 at Skating on Stilts
Our interview is with Michael Daniel, former Special Assistant to the President and Cybersecurity Coordinator at the White House and current President of the Cyber Threat Alliance. We ask Michael how the new guys are doing in his job, what he most regrets not getting done, why we didn’t float thumb drives filled with “The Interview” into North Korea on balloons, and any number of other politically incorrect questions. His answers are considerably more nuanced. In the news roundup, we note that the second Wikileaks release is a damp squib, full of outmoded Apple exploits. Michael Vatis and I unpack the Third Circuit ruling upholding imposition of contempt penalties on a defendant who has “forgotten” the password to his child porn trove. It turns out that the case offers a road map for prosecutors and police who want to make sure no one ever forgets a password in their jurisdiction. Stephanie Roy notes that Congress has begun the process of repealing the ISP privacy and security regulations adopted under Chairman Wheeler. What, if anything, will replace them, and when, is a matter for lengthy speculation. I note that the privacy zealots of Silicon Valley have fatally miscalculated the kind of... Continue reading
Posted Mar 28, 2017 at Skating on Stilts
Having trouble understanding what President Trump and Rep. Nunes are banging on about? Try putting the shoe on the other foot… It’s 2020. Kamala Harris finishes a close second in New Hampshire, beating expectations that Elizabeth Warren would sweep her neighboring state (and its shared media market). Harris roars into South Carolina, where she suddenly leads in the polls with a message of repudiating what she calls the Trump administration’s dangerous foreign brinksmanship. Whatever you call it, you can’t call it dull. President Trump has forced Iran to renegotiate the nuclear deal by the simple expedient of expanding US sanctions to include the seizure and impoundment of any tanker carrying Iranian oil. The oil market remains stable, buoyed by record US oil and gas production. But the move prompts a diplomatic rupture and some tense maritime confrontations with India and China. Undeterred, the President says North Korea is next in line for what he calls, “Sanctions that work. Unlike the last guy’s. Not a leader!” But it will only take one foreign mishap to make Harris tough to beat. She’s fresh and virtually untouched by Warren’s surprised oppo research team. The Trump team vows that it won’t be caught similarly... Continue reading
Posted Mar 23, 2017 at Skating on Stilts
Episode 155 of the podcast offers something new: equal time for opposing views. Well, sort of, anyway. In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week. I argue that US companies should be allowed to hack back; I’m opposed by Greg Nojeim, Senior Counsel at the Center for Democracy & Technology and Jamil Jaffer, Vice President for Strategy & Business Development of IronNet Cybersecurity. (Jeremy Rabkin, who was supposed to join me in arguing the affirmative, was trapped in Boston by a snowstorm.) In the news, we can’t avoid the unedifying – and cynical on both sides – spat between press and White House over wiretapping. We then turn to legal news, where I note the DC circuit’s adoption of a cursory and unpersuasive reading of the Foreign Sovereign Immunities Act in the context of state-sponsored hacking of activists in the United States. Maury Shenk next unpacks the latest ECJ opinion refusing to apply the “right to be forgotten” across the board to government databases. So far, the only clear application is to American tech giants. That’s also true of the latest German proposal to make the internet safe for censors,... Continue reading
Posted Mar 21, 2017 at Skating on Stilts
In this week’s episode, we ask two former NSA cybersecurity experts, Curtis Dukes and Tony Sager, both now from the Center for Internet Security, what advice they give family members about how to keep computers, phones, and doorbells safe from hackers. Joining us for the news round-up is Carrie Cordero, a Washington lawyer and adjunct professor of Law at Georgetown University who focuses on national security law, homeland security law, cybersecurity and data protection issues. Topping the news is the Wikileaks Vault7 release, including Assange’s mischievous offer to work with Silicon Valley to fix vulnerabilities before they’re disclosed. Carrie, Markham Erickson, and I comment. Stephanie Roy reports that the FCC is investigating a 911 outage at AT&T; so far the agency has been tight-lipped about the details. Home Depot is nearing the finish line in its data breach ordeal, Jennifer Quinn-Barabanov reports. The banks that had to reissue credit cards were among the last holdouts; they’re getting $25 million, which sounds like a lot until you do the math and realize it’s two bucks a card. Jennifer tells us that another defense effort to moot a TCPA class action by picking off a named plaintiff has been thwarted – this... Continue reading
Posted Mar 14, 2017 at Skating on Stilts
In this episode, Matt Tait, aka @PwnAllTheThings, takes us on a tour of Russia’s cyberoperations. Ever wonder why there are three big Russian intel agencies but only two that have nicknames in cybersecurity research? Matt has the answer to this and all your other Russian cyberespionage questions. In the news, we mourn the loss of Howard Schmidt, the first cyber czar and one of the most decent men in government. Then we descend into the depths of the Trump wiretap story. I reprise some of my views from Lawfare. Michael Vatis is not persuaded. After Microsoft’s refusal to provide data stored in the cloud outside the US was upheld in the Second Circuit, things looked rosy for its position. But now two magistrates in a row have rejected it. Michael and I discuss the latest ruling. Maury Shenk is now our official commentator on the legal consequences of Internet-enabled toys. This time it’s teddy bears, whose interactions with children and parents were exposed by hackers. More seriously, Maury praises an impressive new analysis of China’s 50c army of tweeters. It turns out that everything we thought we knew about the 50c army is wrong. Just in time for an early... Continue reading
Posted Mar 6, 2017 at Skating on Stilts
Our guest for episode 152 is Paul Rosenzweig. In the news roundup, Stephanie Roy outlines the deregulatory tangle around ISPs, privacy, security, and the FCC. Maury Shenk briefs us on the European legislation authorizing the quashing of terrorist advocacy on line. Jennifer Quinn-Barabanov explains when standing is a defense against privacy claims and when it isn’t. Together, we remark on the latest example of formerly stodgy banks embracing their inner plaintiffness. Maury explains why the Germans have banned Cayla the talking (and listening!) doll. I ask whether the Germans next plan to ban speakerphones. (Likely answer: only if they come from America.) Paul and I dig into the Amazon claim that the first amendment prevents enforcement of a criminal discovery order seeking Amazon Echo recordings. Hey, the suspect might have been ordering books, and that’s a first amendment activity, says Amazon, and anyway, what Alexa said back to the suspect was an exercise of Amazon’s first amendment rights. These arguments cry out for the command most frequently heard by my music-playing Echo: “Alexa, that’s enough.” Almost as unpersuasive to Paul and me is magistrate judge David Weisman’s refusal to issue an order allowing the police to search a home and... Continue reading
Posted Feb 28, 2017 at Skating on Stilts
In this episode, Stewart Baker goes to RSA and interviews the people that everyone at RSA is hoping to sell to – CISOs. In particular, John “Four” Flynn of Uber, Heather Adkins of Google, and Troels Oerting of Barclays Bank. We ask them what trends at RSA give them hope for the future, which make them weep, what’s truly new in cybersecurity, and what kind of help they would like from government. While Stewart’s traveling, Alan Cohn takes over the news roundup. We start with some news from the RSA Conference keynotes. Brad Smith, President of Microsoft, called for a cyber “Geneva Convention” on behalf of the sovereign nation of Microsoft. And Rep. Michael McCaul (R-TX), chair of the House Committee on Homeland Security, announced his opposition to backdoors in encryption, lining up with former Secretary of Homeland Security Michael Chertoff and former NSA and CIA Director Michael Hayden but against current Attorney General Jeff Sessions and current FBI Director Jim Comey. In news from across the pond, Maury walks us through the EU’s efforts to take on robots. We coin the term #EURobotHammer in the process (it’s complicated). Maury also tells us whether the Russians are hacking the French... Continue reading
Posted Feb 22, 2017 at Skating on Stilts
Our interview features a classic buzzkill headline: “Worthwhile Canadian Initiatives.” We explore multiple worthwhile Canadian initiatives with Dominic Rochon, deputy chief of policy and communications for CSE, Canada’s version of the NSA and with Patricia Kosseim, general counsel and director general for policy at the Office of Canada’s Privacy Commissioner. Among other things, we take a close look at Canada’s oversight regime for intelligence, in which a retired judge gets to exercise executive authority over the CSE – in contrast to the US system where active judges do the same but pretend they’re carrying out a judicial function. In the news roundup, Judge Robart is doing his best to hog the judicial headlines, not only blocking the Trump administration’s immigration policy but giving support to Microsoft’s suit to overturn discovery gag orders en masse. His opinion allows Microsoft to proceed with a lawsuit claiming that gag orders violated the First Amendment. The Trump Administration could soon begin asking foreigners coming to the United States — particularly from some Muslim-majority countries — to turn over their social media accounts and passwords. This is a policy begun under the Obama administration and supported by bipartisan homeland security groups. I predict that it... Continue reading
Posted Feb 15, 2017 at Skating on Stilts
Our guest for episode 149 of the podcast is Jason Healey, whose Atlantic Council paper, “A Nonstate Strategy for Saving Cyberspace,” advocates for an explicit bias toward cyber defense and the private sector. He responds well to my skeptical questioning, and even my suggestion that his vision of “defense dominance” would be more marketable if paired with thigh-high leather boots and a bull whip. #50ShadesofCyber. In the news roundup, we experiment with, uh, actual legal discussion. The Microsoft Ireland case has company; Google recently lost a similar argument before a magistrate judge – maybe because it couldn’t say where the data it wanted to protect from disclosure actually was. Michael Vatis explains. Meredith Rathbone and I take a victory lap over CNN and its reporters, noting that if they’d listened to the podcast, they’d have known a month early that US sanctions had unexpectedly prevented US companies from filing license applications with Russian intelligence agencies – and that allowing companies to make such filings wasn’t an opportunity for hyperventilating about President Trump’s bromance with Putin. Michael and I also deconstruct Supreme Court nominee Neil Gorsuch’s opinion in US v. Ackerman. The opinion calmly and clearly puts a hole below the... Continue reading
Posted Feb 6, 2017 at Skating on Stilts
Our guest for episode 148 of the podcast is Corin Stone, the Executive Director of the National Security Agency. Corin handles some tough questions – should the new team dump PPD-28, how is morale at the agency after the Snowden and Shadowbroker leaks, and will fully separating Cyber Command from NSA mean new turf fights? I give Corin plenty of free advice and, more usefully, our first in-person award of the coveted Steptoe Cyberlaw Podcast coffee mug. In the news, Alan Cohn and I cover the Second Circuit’s much-ado-about-nothing package of opinions on rehearing the Microsoft-Ireland case. Maury and I discuss what the new White House executive order on the privacy rights of foreigners means – as well as Donald Trump’s meeting with Theresa May (including whether they talked about Russia sanctions). Also on the agenda: Has Donald Trump already surpassed Barack Obama’s lifetime record for holding hands with prominent White House visitors? Speaking of Peter Thiel, Jennifer Quinn-Barabanov and I speculate about whether FTC commissioner Maureen Ohlhausen will pull the FTC back from the ledge on suing companies for security flaws that don’t cause demonstrable consumer harm. And whether Peter Thiel is looking for someone else to chair the... Continue reading
Posted Feb 1, 2017 at Skating on Stilts
Our guest interview is with Jack Goldsmith, Shattuck Professor of Law at Harvard and co-founder of Lawfare. We explore his contrarian view of how to deal with Russian hacking, which leads to me praising (or defaming, take your pick) him as a Herman Kahn for cyberconflict. Except what’s unthinkable in this case are his ideas for negotiating, not fighting, with the Russians. In the news roundup, I ask Michael Vatis whether the wheels are coming off the FTC’s business model, as yet another company refuses to succumb to the commission’s genteel extortion. The Obama Administration came to an end last week, and its officials left behind a lot of paper to remind us why we’ll miss them — and why we won’t. A basically sympathetic review of the administration’s cyber policies ends with a harsh judgment on President Obama: “He did almost everything right and it still turned out wrong.” Among the leftovers served up last week: a farewell statement on privacy that seems unlikely to prove relevant in the new administration, a workman-like report on cyber incident response, a wistful FCC public safety bureau report on the commission’s cybersecurity initiatives, and a zombie notice that showed up in the... Continue reading
Posted Jan 24, 2017 at Skating on Stilts
Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity? In episode 146, Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight. Should the FDA allow hospitals to implant defibrillators with known security flaws in unknowing patients? I argue that that’s the question raised by the latest security flaw announcement from the FDA, DHS, and St. Jude Medical (now Abbot Labs). Repealing the FCC’s internet privacy regulations is well within Congress’s power if it acts soon, says Stephanie Roy, who stresses how rare it is for Republicans to hold the presidency and both houses of Congress. (And who says President Obama didn’t leave a legacy?) The European Commission isn’t done complaining about US security programs, Maury Shenk tells us. Vera Jourova wants to know more about the US request that Yahoo! screen for certain identifiers and hand over what it finds. That’s apparently too useful for finding terrorists to satisfy delicate European sensibilities. Speaking of which, Angela Merkel is in the bulls-eye for Russian doxing. And to hear Maury tell it, Russia has probably been collecting raw material... Continue reading
Posted Jan 17, 2017 at Skating on Stilts
We interview two contributors to CSIS’s Cybersecurity Agenda for the 45th President. Considering the track record of the last three Presidents, it’s hard to be optimistic, but Davis Hake and Nico Sell offer a timely look at some of the most pressing policy issues in cybersecurity. In the news roundup, it’s more or less wall to wall President-elect Trump. Michael Vatis, Alan Cohn, and I talk about Russian hacking, the American election, Putin’s longtime enthusiasm for insurgent movements from “Occupy Wall Street” to “Make America Great Again,” and the President-elect’s relationship with the intelligence community. In other news, I’m forced to choose between dissing the New York Times and dissing Apple’s surrender to Chinese censorship. Tough call, but I make it. Speaking of censorship, Russia is rapidly following China’s innovation in app store regulation. For legal antiquarians, I suggest that the Foreign Agent Registration Act deserves a comeback. It seems to be solidarity week. Lots of amici have leapt to support LabMD in court now that it looks like a winner. Meanwhile I stick up for Mike Masnick, the man who puts the dirt in Techdirt. He may be an colorfully opinionated jerk, but he doesn’t deserve to be a... Continue reading
Posted Jan 10, 2017 at Skating on Stilts
We start 2017 the way we ended 2016, mocking the left/lib bias of stories about intercept law. Remember the European Court of Justice decision that undermined the UK’s new Investigatory Powers Act and struck down bulk data retention laws around Europe? Yeah, well, not so much. Maury Shenk walks us through the decision and explains that it allows bulk data retention to continue for "serious" crime, which is really the heart of the matter. We can’t, of course, resist an analysis of the whole Russian election interference sanctions brouhaha. The FBI/DHS report on Russian indicators in the DNC hack is taking on water, and its ambiguities have not been helped by a Washington Post article on alleged Russian intrusion into Vermont Yankee’s network. That story had to be walked way back, from an implicit attack on the electric grid to an apparently opportunistic infection of one company laptop. No one is surprised that there’s an increasingly partisan split over who’s going to answer the phone now that the 1980s really have called to get their foreign policy back. Meredith Rathbone walks us through the revamp of the Obama Administration’s cyber sanctions in an attempt to address election meddling. And we... Continue reading
Posted Jan 4, 2017 at Skating on Stilts
Fresh off a redeye from Israel, I interview Matthew Green of the Johns Hopkins Information Security Institute. Security news from the internet of things grows ever grimmer, we agree, but I get off the bus when Matt and the EFF try to solve the problem with free speech law. In the news roundup, Matt joins Michael and me to consider the difficulties of retaliating for Putin’s intrusion into the US election. There just aren’t that many disclosures that would surprise Russians about Vlad, though the Botox rumors are high on my list. In other news, the EU’s cybersecurity agency, ENISA, issues a report on crypto policy that has a surprisingly musty air. Two new settlements show the limits of privacy law. Michael Vatis covers them both. Ashley Madison settles with the FTC and is assessed a large fine that has to be partially forgiven because the company can’t pay. We all thought that adultery was a more durable business model. And Google settles a class action for unlawful wiretapping by agreeing to scan everyone’s email a few microseconds later than it used to. And to spike the football in its victory, Google offers most victims of the violation damages that... Continue reading
Posted Dec 20, 2016 at Skating on Stilts
Too busy to read the 100-page Presidential Commission on Enhancing National Security report on what the next administration should do about cybersecurity? No worries. Episode 142 features a surprisingly contentious but highly informative dialog about the report with Kiersten Todt, the commission’s executive director. In the news, Lindsey Graham, John McCain, and a host of Dems want to investigate Russia’s role in the recent election, while the President-elect thinks it’s, well, fake news, to borrow a lefty trope. Michael Vatis presses me to pick a side. Long-time listeners won’t be surprised at my answer. The Ninth Circuit offers gingerly approval for the use of FISA-derived evidence in a criminal trial. Gen. John Kelly is picked to head DHS. What does that say about its role in cybersecurity? Nothing, I venture. On crypto, though, we could finally see a commission. Chairman McCaul supports the idea, and it’s just possible that foreign government action and the Trump presidency will finally make Silicon Valley nervous enough to stop stonewalling and start talking. We close with a definitive five-minute briefing on the future of net neutrality. The quick answer is that the dingoes are now running the child care center. As always, the Cyberlaw... Continue reading
Posted Dec 12, 2016 at Skating on Stilts
We begin by asking Rihanna to sum up the latest US-EU agreement: That’s when you need me there With you I’ll always share … You can stand under my umbrella RiRi’s got the theory right: The Umbrella Agreement was supposed to make sure the US and EU would always share law enforcement data. But when the Eurocrats were done piling on the caveats, it was clear what concessions that US had made but it wasn’t clear if the EU had made any at all. So if you're keeping score, that's US=Rihanna, EU=Chris Brown. But we're sure that down deep they really love us, and we'll be moving in together again soon. Meanwhile, the Investigatory Powers Act has gained royal assent, Maury Shenk walks us through both developments. The Trump administration is hinting at a change in responsibility for protecting critical infrastructure from cyberattack, and it’s consistent with the President-elect’s enthusiasm for turning hard jobs over to generals. Congress is doing its bit, elevating Cyber Command to full combatant command status. In good news, DOJ and a boatload of other countries have sinkholed the Avalanche botnet. Michael Vatis has the details. Kudos to Sen. Cornyn, who held off a series of... Continue reading
Posted Dec 7, 2016 at Skating on Stilts
Episode 140 features long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings. Our conversation covers everything from robots, autonomous weapons, and Siri to hippie poetry of the 1960s and Silicon Valley’s short memory on use of the term “cyber.” In the news, Maury Shenk reports that five EU members now say they want EU-wide crypto controls. And that’s not counting France and Germany. Maybe the real question is whether any EU countries oppose encryption regulation. We can’t find any. Tongue firmly in cheek, I thank Tim Cook for bringing the need for government crypto regulation to the attention of governments around the world. It turns out that the FBI actually hacked more than 8,000 computers in 120 countries in a single child porn investigation. Wow. And the Justice Department is lecturing me on the risk that active defense could cause unexpected foreign relations problems? Well, I guess they would know. We-Vibe’s undisclosed collection of data about users of its smart-phone enabled vibrators spurs a class action. Or should that be a “lacks class” action? I confess to... Continue reading
Posted Nov 28, 2016 at Skating on Stilts
In this week’s episode, we guess at the near-term future with Betsy Cooper and Steve Weber of UC Berkeley’s Center for Long Term Cybersecurity. In all of their scenarios, the future is awash in personal data; the only question is how it’s used. I argue that it will be used to make us fall in love – with our machines. In the news of the week, we explore the policy consequences of President-elect Trump’s personnel choices. I point out that the quickest route to the new administration’s short list seems to be an interview on the Steptoe Cyberlaw Podcast. The internet advertising industry is trying to stamp out ad malware so that firms following a set of guidelines will earn a seal of approval Katie Cassel explains. Color me skeptical: would you buy an antivirus product that proclaimed that it scans “a reasonable percentage of” incoming code? It’s apparently guidelines week in cybersecurity-land, as agencies rush to release their work before the transition. Two agencies issued guidelines on security practices. The Department of Homeland Security released the recommendations for internet-connected devices that Rob Silvers forecast on the podcast last month. Alan Cohn summarizes the principles, which include steps like security... Continue reading
Posted Nov 21, 2016 at Skating on Stilts
We couldn’t resist. This week’s topic is of course President-elect Trump and what his election could mean for All Things Cyber. It features noted cybercommentator Paul Rosenzweig and Daily Beast reporter Shane Harris. In the news, we’re reminded of the old Wall Street saying that bulls and bears can both make money in the market but pigs eventually get slaughtered. The same goes for the pigheaded, as the FTC has learned. Whatever modest satisfaction the FTC got from denying a stay of its order against LabMD surely evaporated when it forced the Eleventh Circuit to make an early call on the stay. The result: the court of appeals practically overrides the FTC decision on the motion. Or was the Commission just trying to make sure the proposed television series about LabMD had an ample supply of villains? If so, way to go, guys! Katie Cassel announces her imminent retirement from the podcast. She also explains the DMCA’s new exemption for security researchers. This is getting ugly: Yahoo now says that some of its employees knew about its massive data breach in 2014 – two years before it was disclosed. Why the delay? Yahoo says it’s investigating – and that it... Continue reading
Posted Nov 14, 2016 at Skating on Stilts
The episode features a vigorous and friendly debate between me and Frank Cilluffo over his new report on active defense, titled “Into the Gray Zone.” It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University. My fear: the report creates gray zones for computer defense that should be seen as purely lawful — and turns far too many genuine gray zones black. Maury Shenk returns after missing last week due to the British determination not to follow US daylight savings practice. After my rant in favor of Sunday Daylight Hoarding Time, he updates us on challenges to the Privacy Shield Agreement in EU courts by privacy true believers (two and counting) and EU court challenges to government data practices in China, Russia, Algeria, and Saudi Arabia (none in evidence). Speaking of which, China has actually adopted the cybersecurity law it’s been threatening Western tech companies with for months, if not years. Congress is starting to notice the FDA’s hapless response to medical device security. I predict that the FDA will not take serious notice until heart implants start tweeting: “I’d give this guy cardiac arrest, but I’m too busy DDOSing the DNC.” Michael... Continue reading
Posted Nov 7, 2016 at Skating on Stilts