The Cyberlaw Podcast

In our 162nd episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, Stephanie Roy, Alan Cohn, and Brian Egan discuss: any minute now, we'll see the cyber EO. But not this week; this is what a risk-averse signals intelligence agency looks like: giving up intelligence to satisfy elite opinion; FCC's plan for net neutrality emerges; this week in sex toy security: the FTC to the rescue?; remember this story the next time Silicon Valley says the government can't be trusted with crypto keys because of Snowden; the Russians who hacked Clinton are going after Macron in France, says Trend Micro; this week in vigilante cybersecurity: Flexispy is doxed; Brickerbot secures the IOT by administering "Internet Chemotherapy"; our guest interview is with Michael Schmitt, Professor of Law at the University of Exeter, the US Naval War College, and the US Military Academy at West Point and a leader in the effort to articulate the law of armed conflict in cyberspace known as Talinn 2.0. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 161st episode of the Steptoe Cyberlaw Podcast, Alan Cohn and Maury Shenk discuss: Google ordered to turn over foreign data accessible from US (seems to go the other way from Microsoft Ireland case); Did the US blow up North Korea's missile?; proposed e-privacy regulations and views of Article 29 Working Party; Justice Department considering criminal charges against Wikileaks for CIA cyber-tools leak (seems to go the other way from last summer); lack of Trump administration response on Privacy Shield; Wassenaar negotiators get to work for 2017. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 160th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Stephanie Roy, Julian Sanchez, and Gus Hurwitz discuss: Shadow Brokers releases two dumps in a week - only the second one makes news, and maybe NSA got to Microsoft first; Ajit Pai unveils net neutrality plan; Abbott Labs dinged for leaving defibrillator hacking holes unpatched for years; Burger King demonstrates what's wrong with the Computer Fraud and Abuse Act; expanded rule 41 used against Kelihos bot; sky doesn't fall; NSA has been monitoring SWIFT transactions in the Middle East. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 159th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Jamil Jaffer, Jennifer Quinn-Barabanov, and Maury Shenk discuss: New measures are planned to allow cops and spooks in the European Union to crack open encrypted apps and services, according to the bloc's Justice Commissioner; Trump administration to talk encryption challenges with EU; EU will ask Privacy Shield participants for US surveillance data; Wendy's facing two-front battle over data breaches; Facebook loses its effort to block bulk search warrants; LabMD 1st Amendment claims against FTC survive dismissal; Judge won't halt Massachusetts ban on secret recordings; Germany sees growing cyber threat but lacks legal means to retaliate; India's government has been scanning the irises and fingerprints of its citizens into a massive database. Our guest interview is with Nicholas Weaver, Senior Researcher of Networking and Security at the International Computer Science Institute in Berkeley and a lecturer in cyber security at UC Berkeley. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 158th episode of the Steptoe Cyberlaw Podcast, Stewart Baker and Michael Vatis are joined by Ben Wittes, Tamara Wittes, Susan Hennessey, and Shane Harris from the Lawfare and Rational Security podcasts at the Triple Entente Beer Summit. They discuss: the (then pending) attack on Assad's forces in Syria; the future of the Russia election/surveillance investigation; the meaning of changes to the National Security Council. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 157th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Stephen Heifetz, and Philip Khinda discuss: Two White House Officials Helped Give Nunes Intelligence Reports; Buzzfeed motion; how Cisco responded to the Wikileaks Vault7 leak; Donald Trump has a new iPhone — so it looks like he isn't boycotting Apple anymore; James Comey's Twitter Account. Our guest interview is with Joshua Corman, Director of the Cyber Statecraft Initiative for the Atlantic Council, also serving on the HHS CyberSecurity Task Force required by CISA, and founder of "I am The Cavalry" a volunteer group focused on public safety/human life in connected technologies and Justine Bone, CEO and Director of MedSec, a company that analyzes the quality and security of technology solutions in the medical device and healthcare industries. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 156th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Stephanie Roy discuss: Wikileaks releases a second installment, this time mostly focusing on Apple, which scoffs at the alleged vulnerabilities; Wikileaks offers contract to pre-disclose leaked vulnerabilities; Third Circuit upholds contempt ruling for forgetting password; Congress begins the CRA process for internet telecom privacy regulations; another bad omen for the crypto imperialists of Silicon Valley: UK Home Secretary calls Whatsapp crypto "completely unacceptable.; Does GCHQ spy on Americans for NSA?; electronic devices won't fly from Mideast; Bossert urges no changes to 702; North Korea's bid to breach global banks. Our guest interview is with Michael Daniel, former Special Assistant to the President and Cybersecurity Coordinator at the White House and current President of the Cyber Threat Alliance. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 155th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Maury Shenk, and Alan Cohn discuss: White House wiretap flap keeps flapping; a failed attempt to sue foreign governments for cyberspying inside the US; European Court of Justice Limits Right to be Forgotten; Germany proposes $50 m fines for social media with disapproved views; Justice Department indicted four men, including two Russian spies, for hacking into Yahoo and stealing data on 500 million users; President Donald Trump will publicly call for a volunteer effort from tech companies and internet service providers to crack down on botnets; budget is good to cyber: $1.5 billion for Homeland Security Department programs that protect federal networks; and $61 million for the FBI that would go toward intelligence gathering and bypassing encryption; the German parliament voted today to loosen Germany's data protection laws, amid heightened concern over public safety; President Donald Trump will appoint Rob Joyce, the head of the NSA's elite hacking unit, as his top White House cyber adviser; Senate Confirms Coats as Trump's Intel Chief; Judge Koh rejects Google wiretap settlement. In place of our usual interview, we're running a debate over hacking back that CSIS held last week as part of its 2017 Cyber Disrupt Summit. Stewart Baker is joined by Greg Nojeim, Senior Counsel at the Center for Democracy & Technology and Jamil Jaffer, Vice President for Strategy & Business Development of IronNet Cybersecurity. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 154th episode of the Steptoe Cyberlaw Podcast, Carrie Cordero, Stephanie Roy, Markham Erickson, Jennifer Quinn-Barabanov, and Stewart Baker discuss: the Wikileaks Vault7 release, including Assange's offer to work with Silicon Valley to fix vulnerabilities before disclosure; the increasingly dysfunctional rule that leaked documents remain classified after the leak; FCC investigating ATT 911 outage; Home Depot gets a $25m settlement; Second Circuit revives a TCPA class action; Tom Graves introduces a hackback defense to CFAA liability; Uber's greyballing problems; piling on Geek Squad and why that might not be the best idea; and the end of a nasty porn copyright scam. Our guest interview is with Curtis Dukes, Executive Vice President of the Security Best Practices Automation Group and Tony Sager, Senior Vice President and Chief Evangelist, both from the Center for Internet Security. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 153rd episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Maury Shenk discuss: Howard Schmidt, RIP; the Trump wiretap story; a federal magistrate judge in Wisconsin has ruled that the government can use a warrant issued under the Stored Communications Act to compel email providers to disclose the content of emails stored abroad; internet-connected teddy bear company hacked, 2 million parent-child voice messages exposed and held ransom; new analysis of the 50c army forces a reconsideration of who they are and what they do; the fight over 702 reauthorization warms up: lefty lawmakers want an estimate on how many innocent Americans are swept up in key surveillance programs up for reauthorization this year; a dozen civil society groups are asking Vera Jourová the European Commissioner for Justice, Consumer and Gender Equality, to suspend the US-EU Privacy Shield unless reforms are made to Section 702; and Wilbur Ross endorses Privacy Shield. Our guest interview is with Matt Tait, CEO and Founder of Capital Alpha Security. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 152nd episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Stephanie Roy, Maury Shenk, Jennifer-Quinn Barabanova, and Paul Rosenzweig discuss: Chairman Pai courts controversy to kill FCC security provisions; conclusion of EU legislative process for the Terrorism Directive, which includes an article authorizing blocking of Internet content related to promotion of terrorism; Time Magazine sued for disclosing reading habits of customers under Michigan privacy law-case survives standing challenge; Financial companies slap Arby's over data breach; Germanys' surveillance concern over Cayla the talking doll; Amazon's unpersuasive rational for withholding Alexa recordings; Fingerprint (non) disclosure decision out of the ND IL; the GSA IG report on 18F; the draft cyber Executive Order; the NASS's resolution to the DHS; and Chinese social media handle disclosure. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 151th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Alan Cohn, and Maury Shank discuss: Microsoft calls for a cyber "Geneva Convention;" Chairman Michael McCaul (R-TX) opposes backdoors in encryption; the EU investigates robots; Turmoil in the White House cyber edition: Out like Flynn, in with McMaster; what's the impact on cyber?; White House staff are reportedly using encrypted messaging apps to communicate; Are the Russians Hacking the French election? Our guest interviews are with John "Four" Flynn, Chief Information and Security Officer at Uber, Heather Adkins, Director of Information Security at Google, and Troels Oerting, Group Chief Security Officer and Group Chief Information Security Officer at Barclays Bank. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 150th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Alan Cohn, and Jennifer Quinn-Barabanov discuss: A federal judge currently in the spotlight for blocking President Donald Trump's travel ban executive order is now questioning the constitutionality of secrecy orders that accompany government surveillance demands; US District Court for the Western District of Washington Judge James Robart issued a 47-page opinion today allowing Microsoft to proceed with a lawsuit claiming a First Amendment violation when the government restricts internet providers from notifying subscribers about requests for their data; In coming down on smart-TV maker Vizio for tracking users' viewing habits without their consent, the Federal Trade Commission adopted broader definitions of "sensitive" information and consumer harm. But experts say not to expect a trend there, given the acting chairwoman's reservations about the settlement; The Trump Administration could soon begin asking foreigners coming to the United States — particularly from some Muslim-majority countries — to turn over their social media accounts and passwords, according to Homeland Security Secretary John Kelly; The new volume of the Tallinn Manual — named Tallinn 2.0 is out. It explores the applicability of international law to cyber activity below the threshold of armed conflict. A global group of 19 experts, aided by input from governments and international organizations, prepared the manual over the course of four years; The cybersecurity Executive Order that President Donald Trump is expected to sign this week would kick off a far-reaching White House review of each federal agency's cybersecurity risks, according to an updated draft; Hal Martin indicted: The theft may go well beyond what is in the indictment; The No. 2 official at the NSA is not leaving because of Trump. Richard Ledgett, whose departure the agency confirmed Friday, said politics had nothing to do with it; Google has warned a number of prominent journalists that state-sponsored hackers are attempting to steal their passwords and break into their inboxes. Our guest interview is with Dominic Rochon, Deputy Chief of Policy and Commmunications at the Communications Security Establishment, and Patricia Kosseim, Senior General Counsel and Director General of the Office of the Privacy Commissioner of Canada. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 149th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Meredith Rathbone discuss: Google loses its Microsoft Ireland case, probably because it would have to be called the "Google Cyberspace" case; FSB relief spurs momentary political meltdown among Washingtonians who don't listen to the Steptoe Cyberlaw Podcast; Neil Gorsuch opines on computer searches and child porn; What's happened to the cyber Executive Order?; The FSIA and suits against sovereign hackers; Brexit passes Commons and May promises data deal with EU; Google's settlement approved despite cy pres objections; Austrian hotel guests inconvenienced but not imprisoned by ransomware; CFAA violations cost the Cardinals two high draft picks and $2 million. Our guest interview is with Jason Healey, Senior Research Scholar at Columbia University's School for International and Public Affairs. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

In our 148th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Alan Cohn, Jennifer Quinn-Barabanov, and Maury Shenk discuss: Second Circuit denies rehearing in Microsoft Ireland case by an evenly divided vote; Meeting between Donald Trump and Theresa May this week (including Russia sanctions), and UK Supreme Court decision on role of Parliament and Brexit; President Trump order on Privacy Act application to foreigners roils the Atlantic; New FTC Chair to shift data security focus to actual harm; But Ohlhausen may not end up with the top job, for ideological reasons; Trump's cybersecurity review order; China disses attribution, and Russia shows the human risks of doing too good a job of attributing attacks; ADT settlement of early IOT security suit; No surprise here: Only government can unredact bulk data opinions; Lloyds bank accounts targeted in huge cybercrime attack; and President using outdated Android to tweet while watching TV. Our guest interview is with Corin Stone, Executive Director of the National Security Agency. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.