This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
We begin this episode with a quick tour of the 5-4 Apple antitrust decision that pitted two Trump appointees against each other. Matthew Heiman and I consider the differences in judging styles that produced the split -- and the role that 25 years of living with Silicon Valley “platform billionaires” may have played in the decision. Eric Emerson joins us for the first time to talk about the legal fallout from the latest tariff increases on Chinese products. Short version: companies have some short-term tactics to explore (country of origin, drawback, valuation), but large importers/resellers will have to grapple with larger and costlier strategies of supply chain diversification and localization. Meanwhile, China has not been taking the trade war lying down. In addition to its own tariff increases, it now seems to be enforcing its demanding cybersecurity law more aggressively against foreign firms. I suggest that we may also be seeing retaliation in Chinese courts as well. In related news, Nick Weaver and I debate the potentially sweeping new Executive Order on Securing the Information and Communications Technology and Services Supply Chain. Maury Shenk explains the UK Supreme Court ruling that expands the court’s authority over the UK’s intelligence agencies... Continue reading
Posted 5 days ago at Skating on Stilts
With apologies for the lateness of this post, Episode 263 of The Cyberlaw Podcast tells the sad tale of yet another US government leaker who unwisely trusted The Intercept not to compromise its source. As Nick Weaver points out, The Intercept also took forever to actually report on some of the material it received. In other news, Brian Egan and Nate Jones agree that Israel broke no new ground in bombing the headquarters of Hamas’s rudimentary hacking operation during active hostilities. Nick and I dig into the significance of China’s use of intrusion tools pioneered by NSA. We also question the New York Times’s grasp of the issue. The first overt cyberattack on the US electric grid was a bust, I note, but that’s not much comfort. How many years of being told “I’m washing my hair that night” does it take before you realize you’re not getting anywhere? The FCC probably thought China Mobile should have gotten the hint after eight years of no action on the company's application to provide US phone service, but just in case the message didn’t get through, the Commission finally pulled the plug last week. Delegating to Big Social the policing of terrorist... Continue reading
Posted May 17, 2019 at Skating on Stilts
Have the Chinese hired American lawyers to vet their cyberespionage tactics – or just someone who cares about opsec? Probably the latter, and if you’re wondering why China would suddenly care about opsec, look no further than Supermicro’s announcement that it will be leaving China after a Bloomberg story claiming that the company’s supply chain was compromised by Chinese actors. Nick Weaver, Joel Brenner, and I doubt the Bloomberg story, but it has cost Supermicro a lot of sales – and even if it isn’t true this time, the scale and insouciance of past Chinese cyberespionage make it inherently believable. Hence the company’s shift to other sources (and, maybe, a new caution on the part of Chinese government hackers). GDPR and the California Consumer Privacy Act (CCPA) may be the Dumb and Dumber of privacy law, but neither is going away. And for the next six months, California’s legislature will be struggling against a deadline to make sense of the CCPA. Meegan Brooks gives us an overview. But we in Washington can’t get too smug about California’s deadline-driven dysfunction. Congress also faces a year-end deadline to renew the Section 215 program, and even the executive branch hasn’t decided what it... Continue reading
Posted May 6, 2019 at Skating on Stilts
I don't want to bury the lede here. Probably the most interesting thing about this test is what hasn't happened. I haven't been suspended or warned by Facebook about linking to Infowars, and while Facebook has broken some of the links to Infowars, it has done so in a fashion so haphazard and incompetent that I doubt the breakage was intentional. Does this mean that Alex Jones is overhyping the Facebook "link ban"? Nah, that would make him a conspiracy-mongering paranoid ... oh. Never mind. Continue reading
Posted May 5, 2019 at Skating on Stilts
Has the Facebook censorship engine finally caught up with Facebook's censorship ambitions? My day 2 post, when it first went up, resolved to a deep link on Infowars about US unemployment reaching a 50-year low. When I reposted it with public access, though, the link resolved to a "Page Not Found" message -- on Infowars.com. I thought maybe Facebook engineers had finally got their censorship engine up and running, but first I checked to see if Infowars had dropped the story. Nope, it still seems to be on the Infowars site, here: https://www.infowars.com/jobs-surge-unemployment-falls-to-…/ But if this is the result of the censorship engine, it's still coughing and backfiring. More likely, the answer to this mystery lies in the details of ad tracking URLs. When the link went up, Facebook rewrote it to include a prefix: "fbclid=IwAR1P6by_S5-lBYmb6vbkhnLVohyIFZfgLqvFegLwIYfUApVNzI5CxogVp-s". I assume that the purpose of the prefix was to make sure Facebook could identify everyone who clicked on the link as they left Facebook's site. But for whatever reason, the prefix stopped working and stopped delivering people to the deeplinked story. The link still went to Infowars, but that site didn't recognize the prefix and therefore said that it couldn't find the page,... Continue reading
Posted May 5, 2019 at Skating on Stilts
My latest Facebook post: Day 2. I'm posting a link to an Infowars story taken from CNBC and headlined "JOBS SURGE, UNEMPLOYMENT FALLS TO LOWEST SINCE 1969." https://www.infowars.com/jobs-surge-unemployment-falls-to-…/ Unlike last time, though, the link does not end at Infowars's landing page. Could it be that I'm inadvertently helping to beta test Facebook's censorship engine? https://www.facebook.com/stewart.a.baker Continue reading
Posted May 4, 2019 at Skating on Stilts
I'm conducting an experiment to see whether Facebook is really banning links to Alex Jones's nasty but not illegal site. Unfortunately, it means putting my Facebook account at risk of suspension or disappearance. Here's what I posted earlier today: According to the Atlantic, Facebook has decided that no one can link to Alex Jones's Infowars -- with the possible exception of posts that say mean things about the site: "Facebook and Instagram will remove any content containing Infowars videos, radio segments, or articles (unless the post is explicitly condemning the content), and Facebook will also remove any groups set up to share Infowars content and events promoting any of the banned extremist figures, according to a company spokesperson." https://www.theatlantic.com/…/instagram-and-faceboo…/588607/ I'm not a fan of Jones and his nasty conspiracy-mongering. But I'm also not a fan of Facebook telling me what I can and cannot say. So, as an experiment to see whether and how Facebook actually administers its censorship regime, I'm posting links to apparently accurate news stories on the Infowars site to see what Facebook does. If you never hear from me again, you'll know what happened! And here we go. A link to an Infowars story taken from... Continue reading
Posted May 3, 2019 at Skating on Stilts
In Episode 261, blockchain takes over the podcast again. We dive right into the recent activity from the SEC, namely, the Framework for “Investment Contract” Analysis of Digital Assets and the No-Action Letter issued to TurnKey Jet, Inc. (TurnKey) for a digital token. Gary Goldsholle noted this guidance has been eagerly anticipated since July 2017 when the SEC first applied the Howey Test to a digital token with the DAO report. The current framework focuses primarily on the reasonable expectation of profits and efforts of others prongs of the Howey Test. While the framework lays out a number of factors to consider when determining whether a token is a security, the practicality of those factors is still up for debate. Will Turner explained that the TurnKey No-Action Letter was most useful for parties interested in structuring a private, permissioned, centralized blockchain, but believes the guidance in the Framework would allow for alternative structures. The key from the SEC’s perspective is that there is no expectation of profits for token holders, since the token is a stablecoin pegged to the value of USD and there is no use of the token outside of TurnKey’s network. Jeff Bandman noted the irony that... Continue reading
Posted Apr 29, 2019 at Skating on Stilts
In this episode, Nick Weaver and I discuss new Internet regulations proposed in the UK. He’s mostly okay with its anti-nudge code for kids, but not with requiring proof of age to access adult material. I don’t see the problem; after all, who wouldn’t want to store their passport information with Pornhub? Sri Lanka’s government has suspended social media access in the wake of the Easter attack. As Matthew Heiman notes, the reaction in the West is more or less a shrug – far different from the universal contempt and rejection displayed toward governments who did much the same during the 2011 Arab Spring rebellions. What made the difference? I argue that it’s Putin’s remarkably successful 2016 social media counterattack on Hillary Clinton as payback for her social media campaign against him in 2011. DNS hijacking is just getting more brazen, according to a new Cisco Talos report. Nick and I talk about why that is and what could be done about it. Paul Rosenzweig, back from hiatus and feisty as ever, mocks the EU Commission for its on-again, off-again criticism of Kaspersky’s security. Short version: The Commission wants badly to play in cybersecurity because it’s the Hot New Thing,... Continue reading
Posted Apr 22, 2019 at Skating on Stilts
Our News Roundup is hip deep in China stories. The inconclusive EU - China summit gives Matthew Heiman and me a chance to explain why France understands – and hates – China’s geopolitical trade strategy more than most. Maury Shenk notes that the Pentagon’s reported plan to put a bunch of Chinese suppliers on a blacklist is a tribute to China’s own schedule of sectors where Western companies. are blacklisted. And Matthew discloses reason to believe that China has finally begun to use all the US personnel data it stole from OPM. I’m so worried it may yet turn my hair pink, at least for SF-86 purposes. And in a sign that it really is better to be lucky than to good, Matthew and I muse on how the Trump Administration’s China policy is reinforcing broader economic trends to make US companies reconsider their reliance on Chinese manufacturing. It’s not all China, though. To kick things off, Nick Weaver and I schadenfreude our way through an otherwise serious take on the Julian Assange story and its strikingly narrow Computer Fraud and Abuse Act charge – and why extradition is likely to be a pain. We also delve into the Google... Continue reading
Posted Apr 15, 2019 at Skating on Stilts
Our News Roundup leads with the long, slow death of Section 230 immunity. Nick Weaver explains why he thinks social media’s pursuit of engagement has led to a poisonous online environment, and Matthew Heiman replays the astonishing international consensus that Silicon Valley deserves the blame – and the regulation – for all that ails the Internet. The UK is considering holding social media execs liable for “harmful” content on their platforms. Australia has already passed a law to punish social media companies for failure to remove “abhorrent violent material.” And Singapore is happily drafting behind the West, avoiding for once the criticism that its press controls are out of step with the international community. Even Mark Zuckerberg is reading the writing on the wall and asking for regulation. I note that lost in the one-minute hate directed at social media is any notion that other countries shouldn’t be able to tell Americans what they can and can’t read. I also wonder whether the consensus that platforms should be editors will add to conservative doubts about maintaining Section 230 at all – and in the process endanger the US-Mexico-Canada Agreement that would enshrines Section 230 in US treaty obligations. Nate Jones... Continue reading
Posted Apr 8, 2019 at Skating on Stilts
In today’s News Roundup, Klon Kitchen adds to the sory of the North Korean Embassy invasion by an unknown group. Turns out some of the participants fled to the US and lawyered up, but the real tipoff about attribution is that they’ve given some of the data they stole to the FBI. That rules out CIA involvement right there. Nick Weaver talks about Hal Martin pleading guilty to unlawfully retaining massive amounts of classified NSA hacking data. It’s looking more and more as though Martin was just a packrat, making his sentence of nine years in prison about right. But as Nick points out, that leaves unexplained how the Russians got hold of so much NSA data themselves. Paul Hughes explains the seamy Europolitics behind the new foreign investment regulations that will take effect this month. Nick explains the deeply troubling compromise of update certs at ASUS and the company’s equally troubling response. I ask why the only agency with clear authority over an incident with important national security implications is the FTC. Nick and I comment on the FTC’s pending investigation of the privacy practices of seven Internet service providers. Speaking of sensitive data practices, Klon talks about the... Continue reading
Posted Apr 1, 2019 at Skating on Stilts
I know. The title could be talking about pretty much any national strategy written in the last 15 years. And that’s the point. In the interview, Dr. Amy Zegart and I discuss the national cyber strategy and what’s wrong with it, besides all the bloviating. We also explore the culture clash between DOD and Silicon Valley (especially Google), and whether the right response to the Mueller report would be to conduct a thorough investigation into how the Intelligence Community and Justice handled the collusion allegations at the start of the Trump Administration. As a bonus, Amy answers this burning question: “If a banana republic is a country where losing an election means getting criminally investigated, what do you call a country where winning an election means getting criminally investigated?” In the news roundup, we talk about the New Zealand massacre and whether six months from now it will feel as though we overreacted to distribution of the video of the attack. Along the way, we are amazed to discover that New Zealand actually still has a “Chief Censor.” If you thought the Boeing 737MAX approval cast the FAA in a bad light, there’s some good news for that embattled agency:... Continue reading
Posted Mar 25, 2019 at Skating on Stilts
In our interview, Elsa Kania and Sam Bendett explain what China and Russia have learned from the American way of warfighting – and from Russia’s success in Syria. The short answer: everything. But instead of leaving us smug, I argue it ought to leave us worried about complacency followed by unpleasant military surprises. Elsa and Sam both try to predict where the surprises might come from. Yogi Berra makes an appearance. In the News Roundup, David Kris explains the Fourth Circuit’s decision to turn a hostile spouse-swap dispute into an invitation to screw up the law of stored electronic communications for a generation. And in other litigation, a Trump-appointed judge dismisses a lawsuit charging Silicon Valley with unlawfully censoring the right. Nate Jones and I agree that, while the decision is broadly consistent with law, it may spell trouble for Silicon Valley in the long run. That’s because it depends on an idiosyncratic DC Court of Appeals interpretation of the District’s public accommodation law. I speculate that Alabama or Texas or Mississippi could easily draft a law prohibiting discrimination on the basis of viewpoint in public accommodations like,say, Internet platforms. Nick Weaver and I note the UN report that North... Continue reading
Posted Mar 18, 2019 at Skating on Stilts
You've begged for it in the comments, so here it is. With Stewart Baker off the grid at the bottom of the Grand Canyon, literally, David Kris, Maury Shenk, and Brian Egan take merciless advantage to extol the virtues of data privacy and the European Union. Maury interviews James Griffiths, a journalist based in Hong Kong and the author of the new book, The Great Firewall of China: How to Build and Control an Alternative Version of the Internet. In the news, David and Brian discuss last week’s revelation that the NSA is considering whether it will continue to seek renewal of the of the Section 215 “call detail record” program authority when it expires in December. We plug last week’s Lawfare podcast in which the national security advisor to House Minority Leader McCarthy made news when he reported that the NSA hasn’t been using this program for several months. David waxes poetic on the little-known and little-used “lone wolf” authority, which is also up for renewal this year. We explore the long lineup of politicians and government officials who are coming up with new proposals to “get tough” on large technology companies. Leading the charge is Senator Warren, who... Continue reading
Posted Mar 13, 2019 at Skating on Stilts
The second half of my interview with Cyber Insecurity News has been posted, here. It deals with a lot of stuff from my career, including DHS, European privacy negotiations, Snowden, and cybersecurity. (The first half is here.) Here's an excerpt that captures some of my thinking on cybersecurity: CIN: Is the government providing enough intelligence information—threats they’re aware of—to companies? I know that’s sometimes a complaint that companies have. SB: Yeah, I do hear that. And I take that with a grain of salt. One thing I’ve learned from watching the intelligence community for 25 years is that intelligence in the abstract is almost never useful. For the intelligence to get good, you have to have a customer who understands the intelligence and how it’s being collected, and can tell the intelligence officers exactly what he wants and what’s wrong with the intelligence that has been collected. You don’t get good intelligence if you just try to go out and steal the best secrets you can. Because you usually don’t know what secrets really matter. You need a very sophisticated consumer who can say, “OK, I see what you’ve brought me. There are some interesting things here. But it isn’t... Continue reading
Posted Mar 5, 2019 at Skating on Stilts
Our interview is with two men who overcame careers as lawyers and journalists to become successful serial entrepreneurs -- and who are now trying to solve the “fake news” problem. Gordon Crovitz and Steve Brill co-founded NewsGuard to rate news sites on nine journalistic criteria. Using, of all things, real people instead of algorithms. By the end of the interview, I’ve confessed myself a reluctant convert to the effort. This despite NewsGuard’s treatment of Instapundit, which Gordon Crovitz and I both read regularly but which has not received a green check. In the news, Klon Kitchen talks about the latest on cyberconflict with Russia: CYBERCOM’s takedown of the Russian troll farm during 2018 midterms. The Russians are certainly feeling abused. They are using US attacks to justify pursuing their “autonomous Internet,” and they’ve sentenced two Kaspersky Lab experts to long jail terms for treason, likely because of their law enforcement cooperation with the United States. Gus Hurwitz, Klon, and Nick Weaver muse on the latest evidence that information intermediaries still haven’t found a way to deal with wayward members of their ecosystems. Amazon marketplace sellers will now have the ability to remove what they deem counterfeit listings. Amazon has let... Continue reading
Posted Mar 4, 2019 at Skating on Stilts
I recently wrote a piece for Lawfare on illegal immigration and the "compromise" appropriations bill that avoided another government shutdown. Here's the introduction: While Congress and cable news chatter emergency powers and President Trump’s wall, there’s a far more important immigration fight under way on the southwest border. At a time when judicial deference to the executive on immigration law has nearly vanished, the country is one court ruling away from a disastrous immigration outcome. It was summarized this way by one Honduran caravan member, who traveled to the border because: “she had heard … that bringing her daughter would guarantee them admission into the United States.” She got it right—with one caveat. To avoid this outcome, the Trump administration is now telling applicants to wait for their asylum hearings in Mexico instead of the United States. That “remain in Mexico” policy, however, is fiercely contested and could be set aside by the courts tomorrow. If it is, anyone who crosses the border with a son or daughter will be more or less guaranteed admission, plus a work permit for some years, plus a realistic shot at staying in the country illegally for a lifetime. I worked at the Department... Continue reading
Posted Mar 2, 2019 at Skating on Stilts
This week, we interview Dmitri Alperovitch of CrowdStrike on the company’s 2019 Global Threat Report, which features a ranking of Western cyber adversaries based on how long it takes each of them to turn a modest foothold into code execution on a compromised network. The Russians put up truly frightening numbers – from foothold to execution in less than twenty minutes – but the real surprise is the North Koreans, who clock in at 2:20. The Chinese take the bronze at just over 4 hours. Dmitri also gives props to a newcomer – South Korea – whose skills are substantial. In the News Roundup, I cheer the police for using “reverse location search warrants” to compel Google to hand over data on anyone near a crime scene. Nick Weaver agrees and puts the focus on Google and others who collect the data rather than police who use it to solve crimes. A committee of the UK House of Commons has issued a blistering final report on disinformation and fake news. I offer this TL;DR: that all right-thinking Brits must condemn Facebook because Leave won, just as all right-thinking Americans must condemn Facebook because Trump won. Maury Shenk takes a more... Continue reading
Posted Feb 25, 2019 at Skating on Stilts
The backlash against Big Tech dominates this episode, as we cover new regulatory initiatives in the US, EU, Israel, Russia, and China. The misbegotten link tax and upload filter provisions of the EU copyright directive have survived the convoluted EU legislative gantlet. My prediction: the link tax will fail because Google wants it to fail, but the upload filter will succeed because Google wants YouTube’s competitors to fail. Rumors are flying that the FTC and Facebook will agree on a billion-dollar-plus fine on the company for failure to adhere to its consent decree. My guess? This is not so much about law as about the climate of hostility around the company since it took the blame for Trump’s election. And, in yet another attack on Big Tech, the EU is targeting Google and Amazon for unfair practices as sales platforms. Uncharacteristically, I refuse to criticize the EU over this policy. Artificial intelligence is so overworked a tech theme that it has even attracted the attention of the White House and DOD. We ask a new contributor, Jessica “Zhanna” Malekos Smith, to walk us through the President’s Executive Order on AI. I complain that it’s a cookie-cutter order that could as... Continue reading
Posted Feb 19, 2019 at Skating on Stilts
This is admittedly self-indulgent, but I was recently interviewed by Cyberinsecurity News about my involvement in technology and national security policy over the years, and the result might be of interest to those who weren't there for the fights that still shape the policy environment. A sample: Now, you cannot overestimate how significant the decryption victories of World War II were in shaping NSA’s culture. They were, one way or another, part of breaking Japanese codes, and Nazi codes, and everyone agreed that those decryption achievements shortened the war and maybe made it possible to win the war. Given the stakes, no one wanted to be caught in the situation again where we did not have an overwhelming advantage with respect to dealing with foreign nations’ codes. At the same time, the Soviets, who had seen that experience, had developed formidable capabilities of their own. We only occasionally got little glimpses of what was going on inside Russian communications, because their encryption was so good and so disciplined. So everybody was aware that what we had achieved in World War II was not ours by birthright. It was going to have to be something we scrapped and clawed at if... Continue reading
Posted Feb 12, 2019 at Skating on Stilts
If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast – DOJ’s indictment of a couple of kids whose hacker chops are modest but whose social engineering skillz are remarkable. They used those skills to bribe or bamboozle phone companies into changing the phone numbers of their victims, allowing them to intercept all the two-factor authentication they needed to steal boatloads of cryptocurrency. For those with better hacking chops than social skills, there’s always exploitation of SS7 vulnerabilities, which allow interception of text messages without all the muss and fuss of changing SIM cards. Okay, it ain’t “When Harry Met Sally,” but for a degraded age, “When Bezos Exposed Pecker” will have to do. David keeps us focused on the legal questions: Was the Enquirer letter really extortion? Would publication of the pics be actionable? And is there any way the Enquirer could get those text messages without someone committing a crime? Plus, of course, whether the best way to woo your new girlfriend is to send her brother to jail.... Continue reading
Posted Feb 11, 2019 at Skating on Stilts
My latest op-ed tries to open the Overton window on responding to cyberattacks: Cyber weapons have allowed Russia to reinvent deterrence on the cheap. Recent reports reveal a prolonged, systematic, and not particularly subtle Russian campaign to infiltrate the U.S. power grid. It raises the prospect that Russian strongman Vladimir Putin has the ability to cut off power to large parts of the United States, as he has done already in Ukraine. He has “prepare[d] the battlefield, without pulling the trigger,” said one former U.S. official. All of which raises the question: how to deter him? After all, where Putin goes, Iranian mullahs and Kim Jong Un will not be far behind. If any of these actors knock out even a small segment of our power grid, we will need to retaliate, and not with restraint. It’s time to start thinking the unthinkable. Four principles should guide American decision makers in developing tough responses to other nations’ cyber provocation ... Read the rest at Fifth Domain. Continue reading
Posted Feb 8, 2019 at Skating on Stilts
In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to US cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of a few years. In the news, I ask my partner Phil Khinda whether the $29 million Yahoo breach settlement opens a new front in breach derivative litigation or is a black swan event. He says it’s more of a red herring – and explains why. This week in black ops: I ask Nate Jones to comment on the tradecraft used in an apparent effort to smear Citizen Lab for its reports on NSO. My take: This feels a lot like what BlackCube did for Harvey Weinstein, except that this was the low-budget version. I'm not sure the indictments are working. The Russians are so far from being shamed that now they’re engaged in fake hacking. Dr. Megan Reiss notes Special Counsel Mueller’s recent claim that Russians are leaking discovery materials and pretending they came from a hack of the counsel’s office. Remember the remarkably adroit robot... Continue reading
Posted Feb 4, 2019 at Skating on Stilts
If the surgeon about to operate on you has been disciplined for neglecting patients, wouldn’t you like to know? Well, the mandarins of European Union privacy law beg to differ. Google has been told by a Dutch court not to tell anyone about the disciplined doctor, and there seems to have been a six-month lag in disclosing even the court ruling. Gus Hurwitz and I are appalled. I repeat my long-standing view that in the end, privacy law just protects the privileged. Gus agrees. This week's interview is with John Carlin, author of Dawn of the Code War. It’s a great inside story of how we came to indict China’s hacker-spies for attacking US companies. In other news, the Illinois Supreme Court has demonstrated just how bad Illinois’ biometric privacy law is – by the simple expedient of applying it the way it’s written. Dr. Megan Reiss and I air our ambivalence about the latest site hosting collections of doxed messages. We lack enthusiasm for indiscriminate doxing of the kind highlighted on Distributed Denial of Secrets, but if it’s got to happen, it couldn’t happen to a nicer Russian dictator. Nick Weaver explains the DHS emergency order telling civilian agencies... Continue reading
Posted Jan 28, 2019 at Skating on Stilts