This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
More than two-thirds of Americans think the Supreme Court was right to hold Harvard's race-based admissions policy unlawful. But the minority who disagree have no doubt about their own moral authority, and there's every reason to believe that they intend to undo the Court's decision at the earliest opportunity. Which could be as soon as this year. In fact, undoing the Harvard admissions decision is the least of it. Republicans and Democrats in Congress have embraced a precooked "privacy" bill that will impose race and gender quotas not just on academic admissions but on practically every private and public decision that matters to ordinary Americans. The provision could be adopted without scrutiny in a matter of weeks; that's because it is packaged as part of a bipartisan bill setting federal privacy standards -- something that has been out of reach in Washington for decades. And it looks as though the bill breaks the deadlock by giving Republicans some of the federal preemption their business allies want while it gives Democrats and left-wing advocacy groups a provision that will quietly overrule the Supreme Court's Harvard decision and impose identity-based quotas on a wide swath of American life. This tradeoff first showed... Continue reading
Posted 5 days ago at Skating on Stilts
Okay, yes, I promised to take a hiatus after episode 500. Yet here it is a week later, and I'm releasing episode 501. Here's my excuse. I read and liked Dmitri Alperovitch's book, "World on the Brink: How America Can Beat China in the Race for the 21st Century." I told him I wanted to do an interview about it. Then the interview got pushed into late April because that's when the book is actually coming out. So sue me. I'm back on hiatus. The conversation in the episode begins with Dmitri's background in cybersecurity and geopolitics, beginning with his emigration from the Soviet Union as a child through the founding of Crowdstrike and becoming a founder of Silverado Policy Accelerator and an advisor to the Defense Department. Dmitri shares his journey, including his early start in cryptography and his role in investigating the 2010 Chinese hack of Google and other companies, which he named Operation Aurora. Dmitri opens his book with a chillingly realistic scenario of a Chinese invasion of Taiwan. He explains that this is not merely a hypothetical exercise, but a well-researched depiction based on his extensive discussions with Taiwanese leadership, military experts, and his own analysis... Continue reading
Posted Apr 22, 2024 at Skating on Stilts
There’s a whiff of Auld Lang Syne about episode 500 of the Cyberlaw Podcast, since after this the podcast will be going on hiatus for some time and maybe forever. (Okay, there will be an interview with Dmitri Alperovich about his forthcoming book, but the news commentary is done for now.) Perhaps it’s appropriate, then, for our two lead stories to revive a theme from the 90s – who’s better, Microsoft or Linux? Sadly for both, the current debate is over who’s worse, at least for cybersecurity. Microsoft’s sins against cybersecurity are laid bare in a report of the Cyber Security Review Board, Paul Rosenzweig reports. The Board digs into the compromise of a Microsoft signing key that gave China access to U.S. government email. The language of the report is sober, and all the more devastating because of its restraint. Microsoft seems to have entirely lost the security focus it so famously pivoted to twenty years ago. Getting it back will require that it renew the focus on security -- at a time when the company feels compelled to put all its effort into building AI into its offerings. The only people who come out of the report looking... Continue reading
Posted Apr 11, 2024 at Skating on Stilts
This episode is notable not just for cyberlaw commentary, but for its imminent disappearance from these pages and from podcast playlists everywhere. Having promised to take stock of the podcast when it reached episode 500, I've decided that I, the podcast, and the listeners all deserve a break. So, I'll be taking one after the next episode. No final decisions have been made, so don't delete your subscription, but don't expect a new episode any time soon. It's been a great run, from the dawn of the podcast age in 2014, through the ad-fueled podcast boom, which I manfully resisted, to the podcast market correction that's still under way. It was a pleasure to engage with listeners from all over the world. (Yes, even the EU! ) As they say, in the podcast age, everyone is famous for fifteen people. That's certainly been true for me, and I'll always be grateful for listeners' support – not to mention for all the great contributors who've joined the podcast over the years. Turning back to cyberlaw, there are a surprising number of people arguing that there's no reason to worry about existential and catastrophic risks from proliferating or runaway AI risks. Some... Continue reading
Posted Apr 2, 2024 at Skating on Stilts
The Biden administration has been aggressively pursuing antitrust cases against Silicon Valley giants like Amazon, Google, and Facebook. This week it was Apple's turn. The Justice Department (joined by several state AGs) filed a gracefully written complaint accusing Apple of improperly monopolizing the market for "performance smartphones." This questionable market definition will be a weakness for the government throughout the case, but the complaint does a good job of identifying ways in which Apple has built a moat around its business without an obvious benefit for its customers. The complaint focuses on Apple's discouraging of multipurpose apps and cloud streaming games, its lack of message interoperability, the tying of Apple watches to the iPhone to make switching to Android expensive, and its insistence on restricting digital wallets on its platform. This lawsuit will continue well into the next presidential administration, so much depends on the outcome of the election this fall. Volt Typhoon is still in the news, Andrew Adams tells us, as the government continues to sound the alarm about Chinese intent to ravage American critical infrastructure in the event of a conflict. Water systems are getting most of the attention this week. I can't help wondering how we... Continue reading
Posted Mar 26, 2024 at Skating on Stilts
The Supreme Court is getting a heavy serving of first amendment social media cases. Gus Hurwitz covers two that made the news last week. In the first, Justice Barrett spoke for a unanimous court in spelling out the very factbound rules that determine when a public official may use a platform’s tools to suppress critics posting on his or her social media page. Gus and I agree that this might mean a lot of litigation, unless public officials wise up and simply follow the Court’s broad hint: If you don’t want your page to be treated as official, simply say up top that it isn’t official. The second social media case making news was being argued as we recorded. Murthy v. Missouri appealed a broad injunction against the US government pressuring social media companies to take down posts the government disagrees with. The Court was plainly struggling with a host of justiciability issues and a factual record that the government challenged vigorously. If the Court reaches the merits, it will likely address the question of when encouraging the suppression of particular speech slides into coerced censorship. Gus and Jeffrey Atik review the week’s biggest news – the House has passed... Continue reading
Posted Mar 26, 2024 at Skating on Stilts
This bonus episode of the Cyberlaw Podcast focuses on the national security implications of sensitive personal information. Sales of personal data have been largely unregulated as the growth of adtech has turned personal data into a widely traded commodity. This in turn has produced a variety of policy proposals – comprehensive privacy regulation, a weird proposal from Sen. Wyden (D-OR) to ensure that the US governments cannot buy such data while China and Russia can, and most recently an Executive Order to prohibit or restrict commercial transactions affording China, Russia, and other adversary nations with access to Americans' bulk sensitive personal data and government related data. To get a deeper understanding of the executive order, and the Justice Department's plans for implementing it, I interview Lee Licata, Deputy Section Chief for National Security Data Risk. Download 496th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the show, we will send you a... Continue reading
Posted Mar 14, 2024 at Skating on Stilts
We open this episode by exploring the first National Cybersecurity Strategy, issued almost exactly a year ago. Since the only good way to judge a strategy is by its implementation, we pull in Kemba Walden, who was first the principal Deputy and then the Acting Cyber Director as the strategy came together. She is generally positive, and urges us to wait for the soon-to-be-released posture report from her old office. Kemba, meanwhile, has joined the Paladin Global Institute, designed to further Kemba's (and Paladin's) interest in aligning private investment and public security. Turning from the strategic to the tactical, Sultan Meghji and I dig into the ransomware attack on Change Healthcare, and the heavy financial and human costs it imposed. We also cover the sometimes overlooked response of America's adversaries to U.S. cyber strategies. I note that decoupling goes both ways, as China is slowly but surely extirpating U.S. tech from its infrastructure, and Chinese consumers have joined the campaign, at great cost to Apple. Meanwhile, Russian online disinformation, laughably overrated in 2016, is reported to be more effective in 2024, at least in countries with large Russian minorities. The latest infrastructure supply chain concern is in U.S. ports, where... Continue reading
Posted Mar 12, 2024 at Skating on Stilts
The United States is in the process of rolling out a sweeping regulation for personal data transfers. But the rulemaking is getting limited attention, perhaps because it targets transfers to our rivals in the new Cold War – China, Russia, and their allies. Adam Hickey whose old office is drafting the rules, explains the history of the initiative, which stems from endless CFIUS efforts to impose such controls on a company-by-company basis. Now, with an executive order as the foundation, DOJ has published an advance notice of proposed rulemaking that promises what could be years of slow-motion regulation. Faced with a similar issue – the national security risk posed by connected vehicles, particularly those sourced in China – the Commerce Department has issued a laconic notice whose telegraphic style contrasts sharply with the highly detailed Justice draft. I take a stab at the riskiest of ventures – predicting the results in two Supreme Court cases about social media regulations adopted by Florida and Texas. Four hours of strong appellate advocacy and a highly engaged Court make predictions risky, but here goes. I divide the Court into two camps – on one hand the Justices (Thomas, Alito, probably Gorsuch) who think... Continue reading
Posted Mar 7, 2024 at Skating on Stilts
This episode of the Cyberlaw Podcast kicks off with the Babylon Bee’s take on Google Gemini’s woke determination to inject a phony diversity into images of historical characters: "After decades of nothing but white Nazis, I can finally see a strong, confident black female wearing a swastika. Thanks, Google!" Jim Dempsey and Mark MacCarthy join the discussion because Gemini’s preposterous image diversity quotas deserve more than snark. In fact, I argue, they were not errors; they were entirely deliberate efforts by Google to give its users not what they want but what Google in its wisdom thinks they should want. That such bizarre results were achieved by Google’s sneakily editing user prompts to ask for, say, “indigenous” founding fathers simply shows that Google has found a unique combination of hubris and incompetence. More broadly, Mark and Jim suggest, the collapse of Google’s effort to control its users raises this question: Can we trust AI developers when they say they have installed guardrails to make their systems safe? The same might be asked of the latest in what seems an endless stream of experts demanding that AI models defeat users by preventing them from creating “harmful” deepfake images. Later, Mark points... Continue reading
Posted Feb 27, 2024 at Skating on Stilts
This episode of the Cyberlaw Podcast kicks off with the Babylon Bee’s take on Google Gemini’s woke determination to inject a phony diversity into images of historical characters: "After decades of nothing but white Nazis, I can finally see a strong, confident black female wearing a swastika. Thanks, Google!" Jim Dempsey and Mark MacCarthy join the discussion because Gemini’s preposterous image diversity quotas deserve more than snark. In fact, I argue, they were not errors; they were entirely deliberate efforts by Google to give its users not what they want but what Google in its wisdom thinks they should want. That such bizarre results were achieved by Google’s sneakily editing user prompts to ask for, say, “indigenous” founding fathers simply shows that Google has found a unique combination of hubris and incompetence. More broadly, Mark and Jim suggest, the collapse of Google’s effort to control its users raises this question: Can we trust AI developers when they say they have installed guardrails to make their systems safe? The same might be asked of the latest in what seems an endless stream of experts demanding that AI models defeat users by preventing them from creating “harmful” deepfake images. Later, Mark points... Continue reading
Posted Feb 27, 2024 at Skating on Stilts
We begin this episode with Paul Rosenzweig describing major progress in teaching AI models to do text-to-speech conversions. Amazon flagged its new model as having "emergent" capabilities in handling what had been serious problems – things like speaking with emotion, or conveying foreign phrases. The key is the size of the training set, but Amazon was able to spot the point at which more data led to unexpected skills. This leads Paul and me to speculate that training AI models to perform certain tasks eventually leads the model to learn "generalization" of its skills. If so, the more we train AI on a variety of tasks – chat, text to speech, text to video, and the like – the better AI will get at learning new tasks, as generalization becomes part of its core skill set. We're lawyers holding forth on the frontiers of technology, so take it with a grain of salt. Cristin Flynn Goodwin and Paul Stephan join Paul Rosenzweig to provide an update on Volt Typhoon, the Chinese APT that is littering Western networks with the equivalent of logical land mines. Actually, it's not so much an update on Volt Typhoon, which seems to be aggressively pursuing... Continue reading
Posted Feb 21, 2024 at Skating on Stilts
The latest episode of The Cyberlaw Podcast features guest host Brian Fleming, while Stewart Baker is participating in the Canadian Ski Marathon. Brian is joined for the news roundup by Jane Bambauer, Gus Hurwitz, and Nate Jones. They begin by discussing the latest U.S. government efforts to protect sensitive personal data, including the FTC's lawsuit against data broker Kochava and the forthcoming executive order restricting certain bulk sensitive data flows to China and other countries of concern. Nate and Brian then discuss whether Congress has a realistic path to end the Section 702 reauthorization standoff before the April expiration and debate what to make of a recent multilateral meeting in London to discuss curbing spyware abuses. Gus and Jane then talk about the big news for cord-cutting sports fans, as well as Amazon's ad data deal with Reach, in an effort to understand some broader difficulties facing internet-based ad and subscription revenue models. Nate considers the implications of Ukraine's "defend forward" cyber strategy in its war against Russia. Jane next tackles a trio of stories detailing challenges, of the policy and economic varieties, facing Meta on the content moderation front, as well as an emerging problem policing sexual assaults in... Continue reading
Posted Feb 13, 2024 at Skating on Stilts
It was a week of serious cybersecurity incidents and unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the court-ordered takeover was managed. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were uncompromised by the U.S. seizure are those inside the U.S., leaving open the possibility of DDOS attacks from abroad. Finally, DDOS attacks on our critical infrastructure shouldn't exactly be an existential threat. All things considered, I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberattacks we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, the Chinese threw a... Continue reading
Posted Feb 6, 2024 at Skating on Stilts
This was a big week for AI-generated deep fakes. Sultan Meghji, who's got a new AI startup of his own, walked us through four stories that illustrate how AI will lead to more confusion about what's real and what's not. First, a fake Biden robocall urged people not to vote in the New Hampshire primary. Second, a bot purporting to offer Dean Phillips's views on the issues was penalized by OpenAI because it didn't have Phillips's consent. Third, fake nudes of Taylor Swift led to a ban on Twitter searches for her image. And, finally, podcasters used AI to resurrect George Carlin and got sued by his family for violating copyrightish law. The moral panic over AI fakery meant that all of these stories were too long on "end of the world" and too short on "we'll live through this." Regulators of AI are not doing a much better job of maintaining perspective. Mark MacCarthy reports that New York City's AI hiring law, which has punitive disparate-impact disclosure requirements for automated hiring decision engines, seems to have persuaded NYC employers, conveniently, that none of them are using automated hiring decision enginess, so they don't have to do any disclosures. Not... Continue reading
Posted Jan 30, 2024 at Skating on Stilts
Image
Okay, maybe past Cybertoonz have been a little hard on the FTC, hinting that it has paid no attention to national security concerns around personal data. In light of the Commission's recent ruling in the X-Mode case, it's become clear that the FTC is focusing on how personal data is used to protect national security. So to give the Commission equal time on the issue, we've turned Cybertoonz over to Chair Lina Khan to express its views. Continue reading
Posted Jan 29, 2024 at Skating on Stilts
The Supreme Court heard argument last week in two cases seeking to overturn the Chevron doctrine, which requires courts to defer to administrative agencies in interpreting the statutes that the agencies administer. The cases have nothing to do with cybersecurity, but Adam Hickey thinks they're almost certain to have a big impact on cybersecurity policy. That's because, based on the argument, Chevron is going to take a beating from the Court, if it survives at all. With Chevron weakened, it will be much tougher to repurpose existing law to deal with new regulatory problems. Given how little serious cybersecurity legislation has been passed in recent years, any new regulation is bound to require some stretching of existing law – and thus to be easier to challenge. Case in point: Even without a new look at Chevron, the EPA was balked in court when it tried to stretch its authorities to justify cybersecurity rules for water companies. Now, Kurt Sanger tells us, EPA, FBI, and CISA have combined to release cybersecurity guidance for the water sector. The guidance may be all that can be done under current law, but it's pretty generic; and there's no reason to think that underfunded water... Continue reading
Posted Jan 23, 2024 at Skating on Stilts
Image
The FTC has begun a new campaign against data brokers who are collecting and selling "sensitive" location information. Cybertoonz asks the obvious question. Continue reading
Posted Jan 22, 2024 at Skating on Stilts
Matthew Heiman kicks off this episode of the podcast with a breakdown of Russia's attack on Ukraine's largest mobile operator. The attack was strikingly effective in destroying much of Kyivstar's infrastructure, and strikingly ineffective in achieving any meaningful Russian objectives, since service was quickly restored. Perhaps to even up the score, Ukraine supporters launched an even less effective cyberattack on an Iranian medical software company, presumably as retribution for Iran's supplying drones to Russia. Hacking as an act of war may turn out to be more important in court than on the battlefield, at least when the victims file insurance claims, Jim Dempsey tells us. Merck's effort to get insurance coverage for its NotPetya losses despite an act of war exclusion has been settled. Which means that, if you want to know what cyberwar means for your insurance coverage, you need to review your current policy, which has almost certainly changed since the Merck case began. Moving to the world of cybersecurity regulation, Cristin Flynn Goodwin recommends digging into the output of the reigning American champion for prescriptive cybersecurity rules, New York's Department of Financial Services, which recently sanctioned a cryptocurrency firm for a host of violations, including insufficient cybersecurity.... Continue reading
Posted Jan 17, 2024 at Skating on Stilts
Returning from winter break, this episode of the Cyberlaw Podcast covers a lot of ground. The story I think we’ll hear the most about in 2024 is the remarkable exploit used to compromise several generations of Apple iPhone. The question we’ll be asking is simple: How could an attack like this be introduced without Apple’s knowledge and support? We don’t get to this question until near the end of the episode, and I don’t claim great expertise in exploit design, but it’s very hard to see how such an elaborate compromise could be slipped past Apple’s security team. The second question is which government created the exploit. It might be a scandal if it were done by the U.S. But it would be far more of a scandal if done by any other nation. Jeffery Atik and I lead off the episode by covering recent AI legal developments that simply underscore the obvious: AI engines can’t get patents as “inventors.” What's more interesting is the possibility that they’ll make a whole lot of technology “obvious” and thus unpatentable. Speaking of obvious, claiming that companies violate copyright when they train AI models on New York Times content requires a combination of... Continue reading
Posted Jan 9, 2024 at Skating on Stilts
As covered in this week's Cyberlaw Podcast, the AI Act is getting some poor reviews -- from the US Congress as well as Europe's tech sector. How could something like this happen in the home of the vaunted "Brussels Effect?" Fear not. Cybertoonz has the explanation. Continue reading
Posted Jan 9, 2024 at Skating on Stilts
This is 2023's last and probably longest episode. To lead off, Megan Stifel takes us through a batch of stories about ways that AI, and especially AI "alignment" efforts, manage to look remarkably fallible. Anthropic has released a paper showing that race, gender, and age discrimination by AI models is real but could be dramatically reduced simply by instructing the model to "really, really, really" avoid such discrimination. (The Techcrunch headline writers had fun snarking on the idea that "racist" AI could be cured by asking nicely, but in fact the discrimination identified by Anthropic was severe bias against older white men, and so was the residual bias that asking nicely didn't eliminate.) The bottom line from Anthropic seems to be, "Our technology is a really cool toy, but it can't be used for for anything that matters.") In keeping with that theme, Google's highly touted OpenAI competitor Gemini was released to mixed reviews; the model couldn't correctly identify recent Oscar winners or a French word with six letters (it offered "amour"). There was good news for people who hate AI's ham-handed political correctness; it turns out you can ask another AI model how to jailbreak your model, a request... Continue reading
Posted Dec 12, 2023 at Skating on Stilts
Image
In this episode, Paul Stephan lays out the reasoning behind U.S. District Judge Donald W. Molloy's decision enjoining Montana's ban on TikTok. There are some plausible reasons for such an injunction, and the court adopts them. There are also less plausible and redundant grounds for an injunction, and the court adopts those as well. Asked to predict the future course of the litigation, Paul demurs. It will all depend, he thinks, on the Supreme Court's effort to sort out social media and the first amendment in the upcoming term. In the meantime, watch for bouncing rubble in the District of Montana courthouse. (Grudging credit for the graphics goes to Bing's Image Creator, which refused to accept the prompt until I said the rubble was bouncing because of a gas explosion and not a bomb. Way to discredit trust and safety, Bing!) Jane Bambauer and Paul also help me make sense of the litigation between Meta and the FTC over children's privacy and the Commission's previous consent decrees. A recent judicial decision has opened the door for the FTC to modify an earlier court-approved order – on the surprising ground that the order was never incorporated into the judicial ruling that... Continue reading
Posted Dec 5, 2023 at Skating on Stilts
The OpenAI corporate drama came to a sudden end last week. So sudden, in fact, that the pundits never quite figured out What It All Means. Jim Dempsey and Michael Nelson take us through some of the possibilities: It was all about AI accelerationists v. decelerationists. Or it was all about effective altruism. Or maybe it was Sam Altman's slippery ambition. Or perhaps a new AI breakthrough – a model that can actually do more math than the average American law student. The one thing that seems clear is that the winners include Sam Altman and Microsoft, while the losers include illusions about using corporate governance to ensure AI governance. The Google antitrust trial is over – kind of. Michael Weiner tells us that all the testimony and evidence has been gathered on whether Google is monopolizing search, but briefs and argument will take a few months more – followed by years of more fighting about remedy if Google is found to have violated the antitrust laws. He sums up the issues in dispute and makes a bold prediction about the outcome, all in about ten minutes. Returning to AI, Jim and Michael Nelson dissect the latest position statement from... Continue reading
Posted Nov 28, 2023 at Skating on Stilts