This is Stewart Baker's Typepad Profile.
Join Typepad and start following Stewart Baker's activity
Join Now!
Already a member? Sign In
Stewart Baker
Former government official now practicing law
Recent Activity
President Trump is growing so worried about the economic impact of covid-19 that he’s talking about drastic action, including ending the lockdown in states that haven’t seen lots of infections. He’s right to be worried and right to be looking for dramatic solutions. He may even be well-served in this case by his skepticism about giving government public health experts the last word on fateful economic decisions, for reasons I’ll discuss. But ending the lockdown in states with low infection numbers is the wrong answer when we haven’t tested widely; many of these states almost certainly have an underground contagion that will explode as soon as the lockdown is lifted. There are, however, responsible alternatives that might address the underlying concern.Instead of easing the lockdown state by state, we could do it person by person. Specifically, we could end the lockdown for people who have already recovered from COVID-19. These people offer something we badly need right now: A workforce that probably can’t get infected and probably can’t infect others. I say probably because there is plenty we don’t know. But there is reason to believe that people who recover from the coronavirus pose much less risk of infecting others... Continue reading
Posted 5 days ago at Skating on Stilts
That’s the question I debate with David Kris and Nick Weaver in this episode, as we explore the ways in which governments are using location data to fight the covid-19 virus. Phone location data is being used both to enforce quarantines and to track contacts with infected people. It’s useful for both, but Nick thinks the second application may not really be ready for a year – too late for this outbreak. Our interview is with Jason Healey, who has a long history with Cyber Command and a deep recent oeuvre of academic commentary on cyberconflict. Jay explains Cyber Command’s doctrine of “persistent engagement” and “defending forward” in words that I finally understand. It makes sense in terms of Cyber Command’s aspirations as well as the limitations it labored under in the Obama administration, but I wonder if in the end it will be different from “deterrence through having the best offense.” Nothing wrong with that, in my view – as long as you have the best offense by a long shot, something that is by no means proven. We return to the news to discover the whole idea of sunsets for national security laws looking dumber than it did... Continue reading
Posted 7 days ago at Skating on Stilts
If your podcast feed has suddenly become a steady diet of more or less the same COVID-19 stories, here’s a chance to listen to cyber experts talk about something they know – cyberlaw. Our interview is with Elsa Kania, adjunct senior fellow at the Center for a New American Security and one of the country's most prolific students of China, technology, and national security. We talk about the relative strengths and weaknesses of the artificial intelligence ecosystems in the two countries. In the news, Maury Shenk and Mark MacCarthy describe the growing field of censorship-as-a-service and the competition between US and Chinese vendors. Elsa and I unpack the report of the Cyberspace Solarium Commission. Bottom line: The report is ambitious but constrained by political reality. And the most striking political reality is that there hasn’t been a better time in 25 years to propose cybersecurity regulation and liability for the tech sector. Seizing the Zeitgeist, the report offers at least a dozen such proposals. Nick Weaver explains the joys of trojanizing the trojanizers, and we debate whether that is fourth-party or fifth-party intelligence collection. In a shameful dereliction, Congress has let important FISA authorities lapse, but perhaps only for a... Continue reading
Posted Mar 16, 2020 at Skating on Stilts
The NSA’s effort to use call detail records to spot cross-border terror plots has a long history. It began life in deepest secrecy, became public (and controversial) after Edward Snowden’s leaks, and was then "reformed" in the USA Freedom Act. Now it’s up for renewal, and the Privacy and Civil Liberties Oversight Board, or PCLOB, has weighed in with a deep report on how the program has functioned – and why NSA has suspended it. In this episode I interview Travis LeBlanc, a PCLOB Member, about the report and the program. Travis is a highly effective advocate, bringing me around on several issues, including whether the program should be continued and even whether the authority to revive it would be useful. It’s a superb guide to a program whose renewal is currently being debated (against a March 15 deadline!) in Congress. And, uh, asking for a friend: Do the early stages of covid-19 infection make you more susceptible to persuasion? Download the 305th Episode (mp3). Take our listener poll at steptoe.com/podcastpoll! You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed! As always, The Cyberlaw Podcast is open to feedback. Be sure... Continue reading
Posted Mar 11, 2020 at Skating on Stilts
Our interview in this episode is with Glenn Gerstell, freed at last from some of the constraints that come with government service. We cover the Snowden leaks, how private and public legal work differs (hint: it’s the turf battles), Cyber Command, Russian election interference, reauthorization of FISA, and the daunting challenges the US (and its Intelligence Community) will face as China’s economy begins to reinforce its global security ambitions. In the news, Nate Jones and Nick Weaver talk through the new legal and technical ground broken by the United States in identifying two Chinese nationals and the $100 million in cryptocurrency they laundered for North Korean hackers. Paul Rosenzweig lays out the challenge posed for the Supreme Court’s Carpenter decision by LocateX, which provides detailed location data commercially. This is exactly the quagmire I expected the Court to find itself in when it abandoned the third-party doctrine on a one-off basis. Nick points out that the data is only pseudonymized and tries with mixed success to teach me to say “de-pseudonymized.” Nate and I conclude that facial recognition has achieved a kind of Kardashian status, though instead of being famous for being famous, facial recognition is toxic for being toxic.... Continue reading
Posted Mar 9, 2020 at Skating on Stilts
This is a bonus episode of the Cyberlaw Podcast – a freestanding interview of Noah Phillips, a Commissioner of the Federal Trade Commission. The topic of the interview is whether privacy and antitrust analysis should be merged, especially in the context of Silicon Valley and its social media platforms. Commissioner Phillips, who has devoted considerable attention to the privacy side of the FTC’s jurisdiction, recently delivered a speech on the topic and telegraphed his doubts in the title: “Should We Block This Merger? Some Thoughts on Converging Antitrust and Privacy.” Subject to the usual Cyberlaw Podcast injunction that he speaks only for himself and not his institution or relatives, Commissioner Phillips lays out the very real connections between personal data and industry dominance as well as the complexities that come from trying to use antitrust to solve privacy problems. Among the complexities: the key to more competition among social media giants could well be more sharing between companies of the personal data that fuels their network effects, and corporate sharing of personal data is what privacy advocates have spent a decade crusading against. It’s a wide-ranging interview, touching on, among other things, whether antitrust can be used to solve Silicon... Continue reading
Posted Mar 6, 2020 at Skating on Stilts
This episode features a lively (and – fair warning – long) interview with Daphne Keller, Director of the Program on Platform Regulation at Stanford University’s Cyber Policy Center. We explore themes from her recent paper on regulation of online speech. It turns out that more or less everyone has an ability to restrict users’ speech online, and pretty much no one has both authority and an interest in fostering free-speech values. The ironies abound: Conservatives may be discriminated against, but so are Black Lives Matter activists. In fact, it looks to me as though any group that doesn’t think it’s the victim of biased content moderation would be well advised to scream as loudly as possible about censorship anyway for fear of losing the victimization sweepstakes. Feeling a little like a carny at the sideshow, I serve up one solution for biased moderation after another, and Daphne methodically shoots them down. Transparency? None of the companies is willing to allow real transparency, and the government may have a first amendment problem forcing companies to disclose how they make their moderation decisions. Competition law as a way to encourage multiple curators? It might require a "magic" API, and besides, most users... Continue reading
Posted Mar 3, 2020 at Skating on Stilts
Once again, I put my Facebook account at risk to find out: Continue reading
Posted Mar 1, 2020 at Skating on Stilts
We interview Ben Buchanan about his new book, The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics. This is Ben's second book and second interview on the podcast about international conflict and cyber weapons. It's safe to say that America's strategic posture hasn't improved since the first one. We face more adversaries with more tools and a considerably greater appetite for cyber adventurism. Ben recaps some of the stories that were under-covered in the US press when they occurred. The second large attack on Ukraine's grid, for example, was little noticed during the US election of 2016, but it looks much more ominous after a recent analysis of the tools used, and perhaps most importantly, those that were available to the GRU but not used. Meanwhile, the US is not making much progress in cyberspace on the basic requirement of a great power, which is making sure our enemies fear us. In the news, Nick Weaver, Gus Hurwitz, and I take a quick pass at the Internet content regulation problem and Section 230 of the Communications Decency Act. I've written that Section 230 needs to be reconsidered, and I predict that the Justice Department, which held... Continue reading
Posted Feb 24, 2020 at Skating on Stilts
Yesterday, the Attorney General held a workshop on Section 230 of the Communications Decency Act. The question was whether the law can be improved. Section 230 does need work, though there's plenty of room for debate about exactly how to fix it. These are my mostly tentative and entirely personal thoughts on the question the Attorney General has asked. Section 230 gives digital platforms two immunities – one for publishing users' speech and one for censoring users' speech. the second is the bigger problem. Immunity for what users say and do online When section 230 was adopted, the impossibility of AOL, say, monitoring its users in a wholly effective way was obvious. It couldn't afford to hire tens of thousands of humans to police what was said in its chatrooms, and the easy digital connection it offered was so magical that no one wanted it to be saddled with such costs. Section 230 was an easy sell. A lot has changed since 1996. Facebook and other have in fact already hired tens of thousands of humans to police what is said on their platforms. Combined with artificial intelligence, content fingerprinting, and more, these monitors work with considerable success to stamp... Continue reading
Posted Feb 20, 2020 at Skating on Stilts
In breaking news from 1995, the Washington Post takes advantage of a leaked CIA history paper to retell the remarkable tale (first published in the mid-90s) of Crypto AG, a purveyor of encryption products to dozens of governments – and allegedly a wholly controlled subsidiary of US and German intelligence. Nick Weaver, Paul Rosenzweig, and I are astonished at the derring-do and unapologetic enthusiasm for intelligence collection that the story displays. I mean, really: The Pope? This week’s interview is with Jonathan Reiber, a writer and strategist in Oakland, California, and former Chief Strategy Officer for Cyber Policy and Speechwriter at the Department of Defense, currently senior advisor at Technology for Global Security and visiting scholar at the UC Berkeley Center for Long-Term Cybersecurity. His recent report offers a candid view of strained relations between Silicon Valley and the Pentagon. The interview explores the reasons for that strain, the importance of bridging the gap, and how that can best be done. Nick reports that four PLA members have been indicted over the Equifax breach. He speculates that the US government is sending a message by disclosing a photo of one soldier that appears to have been taken by his own... Continue reading
Posted Feb 18, 2020 at Skating on Stilts
The battle between Congress and Silicon Valley has a new focus: the EARN IT Act of 2019. (The title is an embarrassing retronym that I refuse to dignify by repeating; you can safely ignore it.) A “discussion draft” of the bill is attributed to Republican Sen. Lindsey Graham and Democratic Sen. Richard Blumenthal. To hear the Electronic Frontier Foundation (EFF), the Center for Internet and Society, and Gizmodo tell it, the draft EARN IT Act is an all-out assault on end-to-end encryption. The critics aren’t entirely wrong about the implications of EARN IT for encryption—but they’ve skipped a few steps. To understand the controversy, it’s useful to start with the structure of the bill. That will show how EARN IT could affect the deployment of end-to-end encryption—and why the draft bill makes sense as social policy. The central change made by the bill is this: It would allow civil suits against companies that recklessly distribute child pornography. It would do this by taking away a piece of their immunity from liability when transmitting their users’ communications under Section 230 of the Communications Decency Act (CDA). Originally added to the CDA as part of a legislative bargain, Section 230 was one... Continue reading
Posted Feb 11, 2020 at Skating on Stilts
The next trade war will be over transatlantic data flows, and it will make the fight with China look like a picnic. That’s the subject of this episode’s interview. The European Court of Justice is poised to go nuclear – to cut off US companies’ access to European customer data unless the US lets European courts and data protection agencies refashion American intelligence capabilities according to standards no European government has ever been required to meet. It is Europe in full neocolonial mode, but the movement has so far sailed below the radar, disguised as an abstruse European legal fight. Maury Shenk and I interview Peter Swire on the Schrems cases that look nearly certain to provoke a transatlantic trade and intelligence crisis. Actually, Maury interviews Peter, and I throw bombs into the conversation. But if ever there were a cyberlaw topic that deserves more bomb-throwing, this is it. In the News Roundup, David Kris tells us that the trial of alleged Vault7 leaker Joshua Schulte is under way. And the star of the first day is our very own podcast regular, Paul Rosenzweig. If you’re wondering whether more cybersecurity regulation is what the country needs, you should be paying... Continue reading
Posted Feb 10, 2020 at Skating on Stilts
Nick Weaver and I debate Sens. Graham and Blumenthal's EARN IT Act, a proposal to require that social media firms follow best practices on preventing child abuse. If they don't, they won't get full Section 230 immunity from liability for recklessly allowing the abuse. Nick thinks the idea is ill-conceived and doomed to fail. I think there's a core of sense to the proposal, which simply asks that Silicon Valley firms who are reckless about child abuse on their networks pay for the costs they're imposing on society. Since the bill gives the attorney general authority to modify the best practices submitted by a commission of industry, academic, and civic representatives, though, critics are sure that an evil bogeyman by the name of Bill Barr will effectively prohibit end-to-end encryption. But before we get to that that debate, Gus Hurwitz and I unpack the law and tactics behind Facebook's decision to pay $550 million to settle a facial recognition class action. And Klon Kitchen and Nick ponder the shocking corruption and coverup alleged in the case of a Harvard chemistry chairman being prosecuted for hiding the large sums he was getting from the Chinese government to boost its research into... Continue reading
Posted Feb 3, 2020 at Skating on Stilts
This episode features an interview on the Bezos phone hacking flap with David Kaye and Alex Stamos. David is the UN Special Rapporteur and clinical professor of law at UC Irvine who first drew attention to an FTI Consulting report concluding that the Saudis did hack Bezos' phone. Alex is director of the Stanford Internet Observatory and was the CSO at Facebook; he thinks the technical case against the Saudis needs work, and he calls for a supplemental forensic review of the phone. In the news, Nate Jones unpacks the US-China "phase one" trade deal and what it means for the tech divide. Nick Weaver and I agree that the King County (Seattle) Conservation District's notion of saving postage by having everyone vote by phone is nuts. Nick in particular reacts as you'd expect him to. Although, frankly, if anyone deserves to have Putin choose their local government, it's Seattle. He could hardly do a worse job than Seattle voters have. Nate talks about the profound hit the credibility of the FISA process has taken as a result of the Justice Department admitting that two of four Carter Page warrants were invalid. Among other things, it opens FISA to a... Continue reading
Posted Jan 27, 2020 at Skating on Stilts
This week’s episode includes an interview with Bruce Schneier about his recent op-ed on privacy. Bruce and I are both dubious about the current media trope that facial recognition technology was spawned by the Antichrist. He notes that what we are really worried about is a lot bigger than facial recognition, and he offers ways in which the law could address that deeper worry. I’m less optimistic about our ability to write or enforce laws designed to restrict use of personal information , which after all gets cheaper to collect, to correlate, and to store every year. It’s a good, civilized exchange. The News Roundup is a little truncated due to a technical failure. (It was a glitch in Zencastr for those of you keeping score, and I definitely am). As a result, we lost Nick Weaver’s audio for about half the program, including a hammer and tongs debate with me over Apple’s fight with the FBI. (But never fear, opportunities for that debate come by about as often as the Red Line comes to Dupont Circle.) That said, it’s still a feisty episode. It begins with Michael Vatis teeing off on the California Consumer Privacy Act, the worst-drafted law... Continue reading
Posted Jan 21, 2020 at Skating on Stilts
There’s a fine line between legislation addressing deepfakes and legislation that is itself a deep fake. Nate Jones reports on the only federal legislation addressing the deepfake problem so far. I claim that it is well short of a serious regulatory effort – and pretty close to a fake itself. In contrast, India seems serious about imposing liability on companies whose unbreakable end-to-end crypto causes harm, at least to judge from the howls of the usual defenders of such products. David Kris explains how the law will work. I ask why Silicon Valley gets to impose the externalities of encryption-facilitated crime on society when we’d never let Big Tech leave us with the tab for water or air pollution just because their products are so cool. In related news, the FBI may be turning the Pensacola military terrorism attack into a slow-motion replay of its San Bernardino fight with Apple, this time with more top cover (and probably better lawyering). Poor Nate seems to draw all the fake legislation in this episode. He explains a 2020 appropriations rider requiring the State Department to report on how it issues export licenses for cyber espionage capabilities; this is a follow-up to investigative... Continue reading
Posted Jan 13, 2020 at Skating on Stilts
In this special edition of the Cyberlaw Podcast, we’ve convened a panel of experts on intelligence and surveillance law to examine the many failings of the Crossfire Hurricane investigation of the Trump campaign and Russian influence. We unpack the Department of Justice Inspector General’s report on the FBI’s use of FISA, undercover operatives, and the Bureau's many errors in the high-stakes matter. We also ask what can be done to cure what ails the FBI -- including the IG's recommendations, FBI Director Wray’s response, and a public order issued by the Foreign Intelligence Surveillance Court. If you're looking for a single episode to make sense of the investigation and its faults, you can't do better than to listen to our team of FISA aficionados. Joining me on the panel: Bob Litt, former general counsel of the Office of the Director of National Intelligence. David Kris, who wrote the book on FISA and previously headed the DOJ’s National Security Division, which is responsible for FISA warrants. Bobby Chesney of the University of Texas School of Law, as well as a founder of Lawfare and co-host of the National Security Law Podcast. And with that, the Cyberlaw Podcast is going on hiatus... Continue reading
Posted Dec 18, 2019 at Skating on Stilts
This week Maury Shenk guest hosts the podcast and takes us on a world tour of computer insecurity. Even with a "phase one" trade deal with China apparently agreed, there's of course plenty still at stake between China and the US in the tech space. Nate Jones reports on the Chinese government order for government offices to purge foreign software and equipment within three years and the plans of Arm China to develop chips using “state-approved” cryptography. Nick Weaver and Maury agree that, while there are some technical challenges on this road, there's a clear Chinese agenda to lose dependency on US suppliers. In the Department of Hacking, the aptly-named Plundervolt allows hackers to steal data using the power supply of Intel chips. The immediate hole has been closed, but Nick thinks the hack suggests bigger problems for Intel down the road. We also discuss Apple's flirtation with the using DMCA to get Twitter to de-tweet an encryption key compromising a less-than-critical aspect of iPhone 11 security, and Maury reporte on an 11th Circuit decision on insurance coverage for losses from spear-phishing. Maury points out that it's not just the EU that is going after Big Tech. Amazon's new-ish Ring... Continue reading
Posted Dec 17, 2019 at Skating on Stilts
The apparent terror attack at Naval Air Station Pensacola spurs a debate among our panelists about whether the FISA Section 215 metadata program deserves to be killed, as Congress has increasingly signaled it intends to do. If the Pensacola attack involved multiple parties acting across US borders, which looked possible as we taped, then it would be just about the first such attacks since 9/11 – and exactly the kind of attack the metadata program was designed to identify in advance. Now may not be the best time to dump it, after all. Nick Weaver tells us that China has resurrected the Great Cannon to attack a popular Hong Kong forum for protesters. The Cannon depends on users from outside China connecting without TLS to Chinese sites. I ask why Google hasn’t started issuing warnings to Web users before letting them cross the Great Firewall without enabling HTTPS. That could spike the Great Cannon, but Google employees are too busy complaining about the United States government, I suggest. Meanwhile, Microsoft is working hard to make GitHub, an early Great Cannon victim, an essential part of China’s IT infrastructure. Remarkably, we verify in real time that, despite the lure of the... Continue reading
Posted Dec 9, 2019 at Skating on Stilts
Algorithms are at the heart of the Big Data/machine learning/AI changes that are propelling computerized decision-making. In their book, The Ethical Algorithm, Michael Kearns and Aaron Roth, two Computer Science professors at Penn, flag some of the social and ethical choices these changes are forcing upon us. My interview with them touches on many of the hot-button issues surrounding algorithmic decision-making. I have long suspected that much of the fuss over bias in machine learning is a way of smuggling racial and gender quotas and other academic social values into the algorithmic outputs. Michael and Aaron may not agree with that formulation, but the conversation provides a framework for testing it – and leaves me more skeptical about claims that “AI bias" is the problem it's been portrayed. Less controversial, but equally fun, is our dive into the ways in which Big Data and algorithms defeat old-school anonymization – and the ways in which that problem can be solved. The cheating husbands of Philadelphia help me understand the value and technique of differential privacy. And if you wondered why, say, much of the social science and nutrition research of the last 50 years doesn’t hold up to scrutiny, blame Big... Continue reading
Posted Dec 5, 2019 at Skating on Stilts
This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that are aimed at but never once mention China. Acually, what the Department rolled out was more a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude that policymakers are still fighting each other about the meaning of a policy they've already announced. And to show that decoupling can go both ways, a US-based chip-tech group is moving to Switzerland to reassure its Chinese participants. Nick Weaver and I conclude that there’s a little less here than Reuters seems to think. Mark MacCarthy tells us that reports of UChicago weather turning sunny and warm for hipster antitrust are probably overdone. Even so, Silicon Valley should be at least a little nervous that Chicago School enforcers are taking a hard look at personal data and free services as sources of anti-competitive conduct. Mark highlights my favorite story of the week, in which the Right to be Forgotten discredits itself in, where else, Germany. Turns out that you can kill two people and wound a third on a yacht in... Continue reading
Posted Dec 2, 2019 at Skating on Stilts
Brad Smith is President of Microsoft and author (with Carol Ann Browne) of Tools and Weapons: The Promise and Peril of the Digital Age. The book is a collection of vignettes of the tech policy battles in the last decade or so. Smith had a ringside seat for most of them, and he recounts what he learned in a compelling and good-natured way in the book – and in this episode’s interview. Starting with the Snowden disclosures and the emotional reaction they caused in Silicon Valley, through the CLOUD Act, Brad Smith and Microsoft displayed a relatively even keel while trying to reflect the interests of the company's many stakeholders. In that effort, Smith became an advocate for more international cooperation in regulating digital technology. (A point on which Brad and I disagree.) As the interview wends on, Brad discloses how the Cyberlaw Podcast’s own Nate Jones and his Microsoft partner, Amy Hogan-Burney, became “Namy,” achieving a fame and moniker inside Microsoft that only Brangelina has achieved in the wider world. Finally, Brad Smith sums up Microsoft’s own journey in the last quarter century as came to recognize that humility is a better long-term strategy than hubris. Turning to the... Continue reading
Posted Nov 25, 2019 at Skating on Stilts
We kick off the episode with This Week in Mistrusting Google: Klon Kitchen points to a Wall Street Journal story about all the ways Google tweaks its search engine to yield results that look machine-made but aren’t. He and I agree that most of these tweaks have understandable justifications – but you have to trust Google not to misuse them. And increasingly no one does. The same goes for Google’s foray into amassing and organizing health data on millions of Americans. It’s a nothingburger with mayo, unless you mistrust Google. Since mistrusting Google is a growth industry, the report is getting a lot of attention, including from HHS investigators. Matthew Heiman explains, and when he’s done, my money is on Google surviving that investigation comfortably. The capital of mistrusting Google, of course, is Brussels, and not surprisingly, Maury Shenk tells us that the EU has forced Google to modify its advertising protocols to exclude data on sites visited by its customers. A Massachusetts federal district court says suspicionless device searches at borders are not okay. Matthew and I dig into the details. Bottom line: Requiring reasonable suspicion for electronics searches isn’t a tough standard, but if CBP needs a reasonable... Continue reading
Posted Nov 18, 2019 at Skating on Stilts
The Foreign Agent Registration Act is having a moment – in fact its best year since 1939, as the Justice Department charges three people with spying on Twitter users for Saudi Arabia. Since they were clearly acting like spies but not stealing government secrets or company intellectual property, FARA seems to be the only law that they could be charged with violating. Nate Jones and I debate whether the Justice Department can make the charges stick. Nick Weaver goes off on NSO Group for its failure to supervise the way its customers intrude on cell phone contents. I’m less sure that NSO deserves its bad rap, and I wonder whether WhatsApp should have compromised what looks like 1100 legitimate law enforcement investigations because it questions 100 other investigatons using NSO malware. Speaking of Facebook’s judgment, Paul Rosenzweig and I turn out to be surprisingly sympathetic to the company’s stand on political ads and whether “Mama Facebook” should decide their truthfulness. Meanwhile, Twitter, darling of the press, has gotten away with a no-political-ads stance that is at least as problematical. Nate, Paul, and I go pretty far down the rabbit hole arguing whether search warrants should give police access to DNA... Continue reading
Posted Nov 11, 2019 at Skating on Stilts