This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
In this week's interview we ask whether the midterm elections are likely to suffer as much foreign hacking and interference as we saw in 2016. The answer, from Christopher Krebs, Under Secretary for National Protection and Programs Directorate (soon to be the Cybersecurity and Infrastructure Security Agency), is surprisingly comforting, though hardly guaranteed. Briefly, it’s beginning to look as though the Russians (and maybe the Iranians) are holding their fire for the main event in 2020. In the News Roundup, Maury Shenk highlights the role of Twitter, trolls, and Saudi royals in the Khashoggi killing. He also explains the apparently ridiculous result in the EU Android competition matter. It may be a case of Google giving the EU what it asked for – good and hard. Terry Albury certainly got it good and hard from a federal judge. He was sentenced to four years in prison for leaking classified documents to The Intercept. Jamil Jaffer explains why Albury’s claim of being a whistleblower didn’t win him much relief. I suggest that maybe the only people willing to read Intercept articles to the end are federal agents trying to find clues to the leakers’ identities; whatever they’re doing, it’s working. Maury... Continue reading
Posted yesterday at Skating on Stilts
Today we interview Doug, the chief legal officer of GCHQ, the British equivalent of NSA. It’s the first time we’ve interviewed someone whose full identify is classified. Out of millions of possible pseudonyms, he’s sticking with “Doug.” Listen in as he explains why. More seriously, Doug covers the now-considerable oversight regime that governs GCHQ’s intercepts and other intelligence collection, Britain’s view of how the law of war applies in cyberspace, the prospects for UN talks on that topic, the value of attribution, and whether a national security agency should be responsible for civilian cybersecurity (the UK says yes, the US says no). In the news, Nick Weaver and Matthew Heiman comment on the undying dumpster fire that is Bloomberg’s Chinese supply-chain-attack story. We may not know for sure whether the story is bogus, at least not for a while. But it’s not too late, I argue, to fund a journalist version of the Ig-Nobel Prize. Call it the Bullitzer, for the story with the most potent mix of consequences and BS. Right now, Bloomberg is definitely in the running. Matthew tells us that Treasury has announced its CFIUS pilot program, which will require the filing of notices for Chinese acquisitions... Continue reading
Posted Oct 15, 2018 at Skating on Stilts
Bloomberg Businessweek’s claim that the Chinese buggered Supermicro motherboards leads off our News Roundup. The story is controversial not because it couldn’t happen and not because the Chinese wouldn’t do it but because the story has been denied by practically everyone close to the controversy, including DHS. Bloomberg Businessweek stands by the story. Maybe it’s time for the law, in the form of a libel action, to ride to the rescue. Congress, astonishingly, has been doing things other than watch the Kavanaugh hearings. It produced a conferenced version of the FAA authorization including authority for DHS and DOJ to intercept drone communications and seize drones without notice or a warrant. This effort to get in front of dangerous technology yields the usual whines from the usual Luddite “technology advocates.” Meantime, Congress has also adopted a bill to change the name of DHS’s cyber and infrastructure security agency to, well, the Cybersecurity and Infrastructure Security Agency. ZTE’s troubles continue, as a federal judge slammed the company for violating the terms of its probation. The judge extended ZTE’s probationary term and the term of its monitor – meaning the company now has two US monitors watching as it tries to rebuild its... Continue reading
Posted Oct 10, 2018 at Skating on Stilts
In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he’s been identified, should British intelligence make it their business to execute Col. Chepiga? On a lighter note, Uber is paying $148 million to state AGs for a data breach that apparently had no adverse consequences and might not even have been a breach. That's a lot to pay just to show that the company is now under new and more responsible management. About a year too late, a consensus of sorts is emerging among Republicans that Silicon Valley needs broad privacy regulation. The Trump Administration is asking for comment on data privacy principles. And the tech giants are pushing lawmakers for federal privacy rules. But the catalyst is an increasing need for federal preemption in the face of California’s new law, and the Dems who are expected to take the House will be hard to sell on preemption. So despite the emerging consensus, a logjam that lasts years could still be in our future. The sentencing of an NSA employee... Continue reading
Posted Oct 1, 2018 at Skating on Stilts
Our guest is Peter W. Singer, co-author with Emerson T. Brooking of LikeWar: The Weaponization of Social Media. Peter’s book is a fine history of the way the Internet went wrong in the Age of Social Media. He thinks we’re losing the Like Wars, and I tend to agree. It’s a deep conversation that turns contentious when we come to his prescriptions, which I see as reinstating the lefty elite that ran journalism for decades, this time with even less self-doubt – and bolstered by AI that can reproduce elite prejudices at scale and without transparency. In the News Roundup, Dr. Megan Reiss and Peter Singer join me in commenting on the White House and DOD cyber strategies. Bottom line: better than last time, plenty more room to improve. God bless the Dutch. They’ve pwned Putin’s GRU again. In a truly multinational caper, as Nick Weaver explains, Dutch intel caught Russian spies planning cyberattacks on the Swiss institute that is investigating Russia’s nerve agent attack in Britain. The downside of sanctions: China has joined with Russia in protesting sanctions on Russian weapons sellers that spilled over to the Chinese military. Maury Shenk and I worry about the risk that overuse... Continue reading
Posted Sep 24, 2018 at Skating on Stilts
Image
Our interview this week (in our new studio!) is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in the decade since he left government. He’s a little friendlier to European notions of data protection, a little more cautious about government authority to access data, and even a bit more open to the idea of letting the victims of cyberattacks leave their networks to find their attackers (under government supervision, that is). It’s a thoughtful, practical meditation on where the digital revolution is taking us and how we should try to steer it. The News Roundup features Paul Rosenzweig, Matthew Heiman, and Gus Hurwitz – whom we congratulate for his move to tenured status at Nebraska. We all marvel at Europe’s misplaced enthusiasm for regulating the Internet. This fall the Europeans returned from their August vacation to embrace a boatload of gobsmackingly unrealistic tech mandates – so unrealistic that you might almost think they’re designed to allow the endless imposition of... Continue reading
Posted Sep 17, 2018 at Skating on Stilts
For those who've been waiting (and maybe hoping) that I'd be suspended from Facebook after I linked to infowars.com, we have an answer. I began the experiment when a guy named Brandon Straka, leader of the conservative #WalkAway initiative, announced that he had been given a 30-day account suspension for linking from Facebook to his upcoming interview on infowars. I couldn't believe Facebook was banning people for mentioning Alex Jones or his site, so I decided to put my own account at risk by doing the same. (If I were Cory Booker, I'd call it my "I am Spartacus" moment. But I'm not.) A few hours later, with Straka getting a lot of clicks for his complaint, Facebook rescinded the ban, calling it a mistake. Straka claims Facebook didn't tell him the ban was lifted but did tell a hostile journalist, who then wrote a snarky article about the incident. So that's where things stand. Facebook's messages to Straka clearly show that his link to infowars triggered a 30-day suspension. Then the suspension was quickly reversed. Why? Presumably, whoever pulled the plug on Straka was overruled. But we don't know who issued the ban, or who lifted it, or why.... Continue reading
Posted Sep 16, 2018 at Skating on Stilts
Image
We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone whom I respect a lot more than I agree with. But his latest book opens new common ground between us, as we both foresee a darker future for a world that is digitally connecting things that can kill people -- without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution. In the News Roundup, I ask Jamil Jaffer, Nate Jones, and David Kris for the stories that people who took August off should go back and read. Jamil nominates the fascinating-as-a-slow-motion-car-wreck story of Maersk’s losing battle with NotPetya. We speculate on whether the Russians caused $10 billion in worldwide damage by mistake or on purpose, and whether anyone other than a US government lawyer would call... Continue reading
Posted Sep 10, 2018 at Skating on Stilts
Allowing me to extend my August hiatus by a week, Alan Cohn hosts the 229th episode of The Cyberlaw Podcast. He takes a deep dive into all things blockchain and cryptocurrency discussing recent regulatory developments and best practices for users of exchanges. The episode begins by looking at the landmark decision coming out of the New York Eastern District Court in favor of the Commodity Futures Trading Commission (CFTC). Charles Mills provides an overview of the recent New York federal court decision and CFTC victory against Cabbage Tech, Corp. d/b/a Coin Drop Markets and Patrick K. McDonnell of Staten Island, New York, ordering McDonnell to pay over $1.1 million in civil monetary penalties and restitution in connection with a lawsuit brought by the CFTC alleging fraud in connection with virtual currencies, including Bitcoin and Litecoin. In addition, Charles presents a more general overview of CFTC regulations. Claire Blakey presents a timeline of the US Securities and Exchange Commission’s (SEC) recent actions regarding ETFs. On August 23, 2018, SEC announced that it would reconsider a decision to reject nine Bitcoin-based exchange traded funds. Earlier this month, SEC staff delayed a decision on the SolidX proposal, stating it needs more time to... Continue reading
Posted Sep 7, 2018 at Skating on Stilts
We need better, more aggressive options to deter cyberattacks, since the ones we've come up with so far are clearly not deterring our adversaries. I would like to inspire more ambition, aggressiveness, and creativity in the American response. As the first stage in that effort, here's an op-ed I published today in the Washington Post: The United States may have pioneered the idea of fighting wars in cyberspace, but it’s our adversaries who are using cyberattacks most effectively. To deter them, the country needs creative new ways to punish nations if they launch the devastating attacks that are within their grasp. The need for options to strike back at cyber-aggressors is obvious — and urgent. Despite the sanctions and indictments provoked by Russia’s attack on the 2016 U.S. presidential election, Russian President Vladimir Putin is doubling down on cyber-intrusions. In recent months, Microsoft reported that Russia was trying to infiltrate the computer networks of multiple congressional campaigns. Worse, the Department of Homeland Security says Russia is making a major push to infiltrate U.S. power-plant control rooms. The only debate is over Putin’s intent: Is he planning to shut off power in the United States, as he is accused of doing... Continue reading
Posted Aug 22, 2018 at Skating on Stilts
Our guest for the Cyberlaw podcast interview is Noah Phillips, recently appointed FTC Commissioner and former colleague of Stewart Baker at Steptoe. Noah fields questions about the European Union, privacy, and LabMD, about whether Silicon Valley suppression of conservative speech should be a competition law issue, about how foreign governments’ abuse of merger approvals can be disciplined, and much more. The imminent adoption of the must-pass National Defense Authorization Act yields a deep dive on the bill. Most important for business lawyers, the bill will include a transformative rewrite of CFIUS’s investment-review procedures and policies. Gus Hurwitz lays out many of the cyber issues addressed by the NDAA, while Dr. Megan Reiss explains the act’s creation of a “Solarium” commission designed to force serious strategic thinking about cybersecurity and cyberweapons. I offer my contribution to that debate – an effort to think the unthinkable and come up with tougher options for responding to serious cyberattacks. Since we’re trying to think the unthinkable, I argue, we’re really rooting for the itheberg, so I’ve dubbed it the Itheberg Project. I do, however, make an unusual double-barreled offer to those who might want to participate in the Itheberg Project. All that pales next... Continue reading
Posted Jul 30, 2018 at Skating on Stilts
Image
In this episode, Bobby Chesney charts the emergence of undetectably forged videos. They’re not here yet, but before we’re ready the internet will be awash with fake revenge porn, fake human rights atrocities, and fake political scandals. My talk with Bobby revolves around a recent paper by him and Danielle Citron. I confess to having seriously considered federal support for a fake video involving Osama bin Laden and kumquats (not what Patt Cannaday and Stewart Baker you’re thinking, though that would have been good too). Bobby and I discuss the ways in which the body politic – and particular political bodies – might protect themselves. This leads Bobby to propose a Cyberlaw Podcast mug prize for listeners who suggest what – and where – I should get inked as my last line of defense. He’s on. Send your suggestions to cyberlawpodcast@steptoe.com. In the news, Maury Shenk and I puzzle over the EU’s questionable competition ruling (and $5 bn fine) for Google’s alleged abuse of a dominant position in mobile operating systems. Once again I find myself agreeing more with Donald Trump than his critics. Patt Cannaday, a Steptoe summer associate, finds what’s new in the Justice Department’s Cyber Digital Task... Continue reading
Posted Jul 23, 2018 at Skating on Stilts
In Episode 226 of The Cyberlaw Podcast, I'm deep in the Cologado wilderness, and the News Roundup team (Brian Egan with Matthew Heiman, Jim Lewis, and Dr. Megan Reiss) muddles through without him. Matthew and Jim discuss Friday’s indictment of 12 Russian GRU personnel by the Department of Justice and Special Counsel Mueller. Matthew explains that, while we shouldn’t expect extradition proceedings to take place any time soon (or ever), DOJ has a theory for pursuing these types of indictments in selected cases. I weigh in by Twitter, bemoaning somewhat surprisingly (given the source) that the indictments reflect a poor interagency coordination process and a lack of appreciation for diplomacy. From Jim’s perspective, these indictments are about as good as diplomacy is going to get on this issue… Matthew walks through the continued bipartisan work in the Senate on the Secure Elections Act, which would facilitate information sharing amongst the states on election threats and take other steps in an attempt to improve election cybersecurity. Matthew explains that federalism may well end up limiting what can be done (or what Congress will agree to do) on this issue. Megan weighs in on Commerce’s announcement on Friday that it lifted the... Continue reading
Posted Jul 17, 2018 at Skating on Stilts
Image
Our interview is with Gen. Michael Hayden, author of The Assault on Intelligence: American National Security in an Age of Lies. Gen. Hayden is a former head of the CIA and NSA, and a harsh critic of the Trump Administration. We don’t agree on some of his criticisms, but we have a productive talk about how intelligence should function in a time of polarization and foreign intervention in our national debates. General Michael Hayden and Stewart Baker In the news, David Kris reports that ZTE has gotten a limited life-support order from the Commerce Department. Meanwhile, Nate Jones tells us that China Mobile’s application to provide telecom service to Americans is also likely to bite the dust – after nearly seven years of dithering. Taking advantage of my preview of stories on Facebook, Tony Rutkowski suggests we call this the revenge of the “neocoms.” So we do. Remarkably, the European Parliament fails to live down to my expectations, showing second thoughts about self-destructive copyright maximalism. Nick Weaver thinks this outbreak of common sense may only be temporary. Paul Rosenzweig confesses to unaccustomed envy of EU security hardheadedness. Turns out that Europe has been rifling through immigrants’ digital data in a... Continue reading
Posted Jul 9, 2018 at Skating on Stilts
Image
In this episode I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative (PSI) a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck cyber policy” as shorthand for the proposal. To no one’s surprise, Duncan and I disagree about the value of international law in the field, but we agree on the value of informal, agile, and “potluck” actions on the world stage -- pretty much what PSI represents. In further support, I offer Baker’s Law of International Institutions: “The secretariat is the natural enemy of the United States.” In closing, Duncan briefly mentions his work with Microsoft on international rulemaking, leading me to throw down on “Brad Smith’s godforsaken proposal.” Brad, if you are willing to come on the podcast to defend that proposal, I’ve promised Duncan a highly coveted Cyberlaw Podcast mug. In the news, California has a new privacy law, as Steptoe summer associate Laura Hillsman explains, though what it will look like when it finally takes effect in 2020 remains to be seen.... Continue reading
Posted Jul 2, 2018 at Skating on Stilts
Image
I interview David Sanger in this episode on his new book, The Perfect Weapon – War, Sabotage, and Fear in the Cyber Age. It is a true first draft of history, chronicling how the last five years transformed the cyberwar landscape as dozens of countries followed a path first broken by Stuxnet -- and then, to our horror, branched out to new and highly successful ways of waging cyberwar. Mostly against us. David depicts an Obama administration paralyzed by the Rule of Lawyers and a fear that our opponents would always have one more rung than we did on the escalation ladder. The Trump administration also takes its lumps, sometimes fairly and sometimes not. At center stage in the book is Putin’s uniquely brazen and impactful use of information warfare, but the North Koreans and the Chinese also play major roles. It is as close to frontline war reporting as cyber journalism is likely to get. Cyberlaw news this week is dominated by a couple of Supreme Court decisions: In Carpenter the Court held 5-4 that warrants are required to collect a week of location data from cell phone companies. Michael Vatis lays out the ruling, and I complain that... Continue reading
Posted Jun 26, 2018 at Skating on Stilts
Image
Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up pretty well under my skeptical questioning. In this week’s news, Congress and the Executive branch continue to fight over the bleeding body of ZTE, which has already lost nearly 40% of its market value. The Commerce Department has extracted a demanding compliance and penalty package from the Chinese telecom equipment manufacturer. The Senate, meanwhile, has amended the NDAA to overturn the package and re-impose what amounts to a death penalty (see section 1727). Brian Egan and I dig into the Senate’s language and conclude that it may do a lot less than the Senators think it does, and that may be the best news ZTE is going to get from Washington this year. Judge Leon has approved the AT&T-Time Warner merger. Gus Hurwitz puts the ruling in context. His lesson: next time, the Justice Department needs better evidence. Brian gives us an update on what’s not in the CFIUS reform bill now that the CFIUS reform bill is in the NDAA and on... Continue reading
Posted Jun 18, 2018 at Skating on Stilts
The 11th Circuit’s LabMD decision is a dish served cold for Michael Daugherty, the CEO of the defunct company. The decision overturns decades of FTC jurisdiction, acquired over the years by a kind of bureaucratic adverse possession. Thanks to the LabMD opinion, practically all the FTC’s privacy and security consent decrees are at risk of being at least partly unenforceable — and if the dictum holds, the FTC may have to show that everything it views as an “unfair” lack of security is actually a negligent security practice. Commerce says it has a deal with ZTE. Nate Jones wonders whether the bipartisan opposition to the deal from Congress is too late. David Kris introduces a remarkable week for Justice Department responses to leaks of classified information. A long-time security director at the Senate Intelligence Committee succumbs first to the wiles of an aspiring reporter, and then to the temptation to lie about the romance to the FBI. James Wolfe will pay a heavy price for his leaks of classified information — without ever being tried for leaking classified information. I can’t help asking how the FBI gathered as much information as they did from supposedly secure services like Signal and... Continue reading
Posted Jun 11, 2018 at Skating on Stilts
GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is WHOIS, as German courts ride to the rescue of insecurity — in the name of privacy. Also probably to be expected, at least for those who have paid attention to the history of technology regulation: The biggest companies are likely to end up boosting their market dominance. Less expected: The decision of some big US media to just say no to European readers, recognizing them as the Typhoid Marys of the Internet, carrying a painful and stupid regulatory infection to every site they visit. In other unsurprising news, Gus Hurwitz and Megan Reiss note, Kaspersky has now lost both its lawsuits against US government bans in a single district court ruling. In genuinely troubling news, Iran is signaling a willingness to attack US industrial controls, which run the electric grid and pipelines and sewage systems, using the same malware it used against the Saudis. Since Iran was willing to launch DDoS attacks on US banks the last time negotiations over its nuclear... Continue reading
Posted Jun 4, 2018 at Skating on Stilts
This episode features a conversation with Nick Bilton, author of American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road. His book, out today in paperback, tells the story of Ross Ulbricht, the libertarian who created the hidden Tor site known as the Silk Road, and rode it to massive wealth, great temptation, and, finally, a life sentence. It’s a fine read in its own right, but for those who know the federal government, the most entertaining parts concern the investigators who bring Ulbricht down. They all have ambitions and flaws that mirror the stereotypes of their agencies, even -- or perhaps especially -- when the agents go bad. It’s got everything – sales of body parts, murder (maybe!), rogue cops, turf fights, and justice in the end. Sadly, I predict this episode will generate more hate mail than any other. Why? You’ll have to listen to find out. Feel free to question my judgment with emails to CyberlawPodcast@steptoe.com.lp Download the 219th Episode (mp3). You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed! As always, The Cyberlaw Podcast is open to feedback. Send your questions and suggestions for topics... Continue reading
Posted May 29, 2018 at Skating on Stilts
In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case that combines the worst of European crazy (“surely criminals have a right to be forgotten”) and California crazy (“profits are being earned here – surely that calls for a criminal investigation”). Markham explains why this may be a hard case for California to win – and then joins me in expressing schadenfreude for the owners, whose mugshots are even now spread all across the internet. Meanwhile, the ZTE mess gets messier as Congress moves to block President Trump’s proposed sanctions relief. Democrats are joining national security Republicans to move legislation on the topic. Who says President Trump is the divider-in-chief? Michael Vatis digs into the FBI’s latest high-profile problem: it grossly overstated the number of encrypted phones it encountered last year. Was it a mistake or a misrepresentation? Our panel leans toward mistake. Michael and I also criticize President Trump’s decision to dump government security for his phone. Michael reminds us of the President’s scathing... Continue reading
Posted May 25, 2018 at Skating on Stilts
In our 217th episode of The Cyberlaw Podcast, the blockchain and cryptocurrency team seizes control of the podcast again. Alan Cohn hosts another of the podcast’s periodic deep dives into all things blockchain and cryptocurrency to discuss recent regulatory developments and the current state of play of the industry. Our episode begins by looking at the Department of Treasury’s letter regarding initial coin offerings (“ICOs”). Jack Hayes tells us the key takeaways from the letter, including that persons engaged in ICOs could be considered a Money Transmitter under FinCEN’s regulations. Not only does the letter address companies based in the US that are issuing tokens, but also those based outside of the US that may have a substantial part of their business in the US or be issuing tokens to US persons. The idea that FinCEN can reach outside of the US border is not a new one. Last summer we saw a civil enforcement action against BTC-e, a foreign cryptocurrency exchange. Jack and Alan also discuss the New York Attorney General’s recent voluntary transparency questionnaire sent to both US and non-US cryptocurrency exchanges. New York has seen its fair share of controversy with respect to cryptocurrency with the implementation... Continue reading
Posted May 23, 2018 at Skating on Stilts
The Cyberlaw Podcast has now succumbed to an irresistible media trend: We begin the episode with a tweet from President Trump. In this one, he promises to get ZTE “back in business, fast.” Paul Rosenzweig and Nick Weaver provide the backstory, and a large helping of dismay, at the President’s approach to the issue. I question the assumption that this will make the life of Chinese telecom equipment makers easier in the US. If anything it could be worse. The 2019 NDAA being drafted in the House will make it very difficult for telecom companies that do business with the Pentagon to rely on Chinese (or Russian) equipment. If anything, the President probably ensured a unanimous Democratic vote for the measure. The cyber coordinator position in the White House is on the endangered list. Paul explains why it should survive. His take is not completely snark-free. Summing up the first two stories, I suggest that it proves the maxim (which, come to think of it, might be my maxim) that every President gets the White House he deserves. Nick explains how badly American democracy could be harmed by a relatively trivial Russian (or Iranian, or North Korean) cyberattack on voter... Continue reading
Posted May 14, 2018 at Skating on Stilts
Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up in all the best hackback stories. In the news, Jamil Jaffer reports on domain fronting, a weird form of protection for people hiding the site they’re connecting to behind some bland Google or AWS site. Some of those people are dissidents in authoritarian lands; many are authoritarian governments hacking secrets out of corporate networks. In any event, domain fronting is disappearing before it had even made an impression on the public’s mind. I say good riddance, bolstered in my opinion by the wailing of professional privacy groups that, do I have to remind you?, don’t care about your security at all. The Supreme Court takes a case of great interest to social media and other tech firms who attract class actions. Jennifer Quinn-Barabanov explains the law and the likely outcome. I mostly quibble about how to pronounce “cy pres.” Move fast and break things probably isn’t the best motto if the thing... Continue reading
Posted May 7, 2018 at Skating on Stilts
This episode of the Cyberlaw Podcast features a new technology-and-privacy flap: The police finally catch a sadistic serial killer, and the press can’t stop whining about DNA privacy. I argue that DNA privacy is in the running for Dumbest Privacy Issue of the Decade, in which it turns out that privacy is all about making sure the police can’t use your data to catch killers. Paul Rosenzweig refuses to take the other side of that debate. Ray Ozzie has released a technical riposte to the condescending Silicon Valley claim that math proves the impossibility of securely accommodating law enforcement access. Paul and I muse on the aftermath, in which Silicon Valley may actually have to try winning the debate rather than claiming that there is none. Jim Lewis and I note the likelihood that ZTE is contemplating litigation against the US ban on technology sales to the company. What really bothers Jim, though, is the likelihood that the US sanction will accelerate China’s move to complete self-sufficiency in the technology sphere. That’s something that neither the US government nor US industry is really ready for. The House intel committee’s report on Russia and the election is out. It finds no... Continue reading
Posted May 1, 2018 at Skating on Stilts