We're joined for this episode by Scott Shapiro, long-time listener and first-time panelist, not to mention our first philosopher. He breaks downthe Biden administration sanctions on four offensive cyber firms, most notably the Israeli company, NSO. Imposing Commerce Department "entity list" sanctions on companies from friendly countries for human rights abuses is a departure from historical practice, and exactly how it will work out remains uncertain. The sanctions are not a death penalty for companies like NSO, we conclude, since U.S. companies can still buy their serviceseven if they can't sell NSO anything more sophisticated than toilet paper.
The Pentagon is a bastion of top-down cybersecurityregulation. In theory, that's what the Cybersecurity Maturity Model Certification program was all about-comprehensive and mandatory cybersecurity regulation for defense contractors. But as Nate Jones describes it, the Department of Defense's effort to actually put the regulations in place are a cautionary tale. The Pentagon has revamped and delayedits standards again. The new proposal may well be more workable and less bureaucratic than the last, but it also pushes the day of reckoning for contractors years into the future.
Jamil Jafferthinks the good guys may have won another battle with ransomware gangs, but it's probably too soon to tell. On the heels of REvil claimingto be out of business, DarkMatter is makingsimilar noises. But we won't know for sure until the gangs have gone quiet for more than a couple of months.
Decoupling is still proceeding apace, as Yahoo surprises us all by announcing that it's pulling out of China. (I'd forgotten they were still in.)
Jamil and Nate note that GitHub is the last big Western web company left in China. And even for GitHub, the ice appears to becracking under its feet.
Scott takes us deep into jurisprudential philosophy in covering the ACLU's threepeated lossas it argued a first amendment right to read classified FISA court opinions. It may be a first for our podcast to reference Marbury v. Madison, and it's certainly a first to raise questions about whether it was correctly decided! Jamil also gives us a quick assessment of what Justice Gorsuch's willingnessto take the case tells us about his future role in national security cases.
Nate and I give the backs of our hand to legislative proposalsto expand from "Five Eyes" to 'Nine. I make the argument that we're really down to Three.
Clearview AI took a beating down under for breachingAustralians' privacy law. Nate is short on sympathy. He thinks a more responsible set of actors might have prevented the toxification of face recognition. I argue that the toxification came first, and the dearth of big respectable face recognition firms came later. As witness Facebook being drivenfrom the market by a $650m awardunder the Illinois Biometric Privacy Act.
In quick hits:
For old time's sake, Nate and I clash over lefty efforts to define a lack of enthusiasmfor climate-based regulation as "digital hate."
Jamil and I offer qualified endorsements of the State Department's new cyber bureau.
I namecheck podcast regular Paul Rosenzweigand others for a thoughtful reporton Chinese platforms in the United States.
I see some good news for cybersecurity in the Cybersecurity and Infrastructure Security Agency's latest Binding Operational Directive mandating that federal agencies we know are being exploited right now. I note that the directive is addressed to federal agencies to quickly patch vulnerabilitiesbut aimed quite deliberately at private owners of critical infrastructure. Don't say you weren't warned!
Download the 382nd Episode (mp3)
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed.As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbakeron Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.