The Cyberlaw Podcast

The Cyberlaw Podcast: “And the Prize for Most Lawyer-Whipped Cyberforce on the Planet Goes to …”

By Stewart Baker
Wednesday, July 6, 2022, 12:21 PM

For decades, U.S. cyber exploits were notoriously lawyer-ridden, to the point where it was a key element of attribution. But it looks like Israel has matched and surpassed U.S. cyberwarriors. In an attack claimed by some “hacktivist” group but widely attributed to Israel, Nate Jones reports, several Iranian mills shut down in a flood of sparks and molten steel. But the most interesting thing about the attack was the video preroll, which went out of its way to note that the mills were under international sanction and that the attackers sent workers warnings to avoid casualties. Some of that was prudence; when you’re escalating cyber tactics, it’s a good idea to emphasize the limits you’re observing. But a lot of it was lawyers worried about the law of armed conflict. On top of an earlier campaign that cut off gasoline supplies but also warned emergency medical and fire services to gas up in advance, it looks as though lawyers are shaping some of the best cyber attacks.

China, meanwhile, is putting resources into exporting its Fifty Cent Army to the United States. Sultan Meghji and Maury Shenk cover a Chinese campaign on social media to turn American rare earths processing into an environmental controversy. In this case, I argue, China is taking a leaf from the Russian playbook for driving up costs for American frackers who were holding down the price of Russian oil. I urge someone to do the research necessary to figure out just how many of those fake American accounts are also on TikTok, and how TikTok’s algorithm is treating them. Speaking of Chinese propaganda, Maury tells us that one of its cybersecurity firms is accusing the U.S. of planting Trojans in hundreds of important Chinese information systems, which might be interesting if the report actually provided some details.

Feeling the spur of competition from Israel’s cyber lawyers, NSA’s counsel has opened a new front. They persuaded the Justice Department to fight a merger on the grounds that it will reduce competition in the bidding on a single NSA program. Nate and I are stuck on the market definition problems for the case, but Sultan thinks it’s an investment opportunity.

This Week in Stupid Artificial Intelligence (AI) Research: We never lack for stories in this category, but this week the two contenders are evenly matched.  Sultan tells us about a story that proves you can always find sex and race discrimination in AI if your study is designed badly enough. But Maury finds another group of researchers who went one better, designing a moderately effective crime prediction algorithm and then arguing that the police were racist if they put more police into high-crime neighborhoods and racist if they didn’t send more police to neighborhoods with rising crime. 

Speaking of unimpressive journalism, Sultan flags a Wall Street Journal story that lazily dumps on AI research for not doing everything we want, while pretty much ignoring things it has done well. 

Sultan also leads us through the wreckage of one cryptocurrency domino after another, but he thinks it’s likely to put a firmer, and more regulated, foundation under the businesses that survive. Nate reprises the EU contribution to the issue – more regulation, natch – but in a surprise twist for the Cyberlaw Podcast, the Brussels proposal gets pretty high marks. 

Updating a few stories from past weeks, 

  • Google is really getting hurt by the study showing it favoring Democratic fundraising messages over Republicans by about 7 to 1. The GOP has always believed (correctly) that its views are being handicapped by Silicon Valley, but this time the evidence is hard to refute. Indeed, Google isn’t really refuting it, just promising to do better in future, while Republicans are claiming that Gmail bias cost them $2 billion in donations and proposing tough new transparency laws
  • The Justice Department is upping the stakes for Uber’s former chief information security officer (CISO) with the trial court’s permission, charging Joe Sullivan with wire fraud for treating what looks like a data breach ransom as a bug bounty. The Department of Justice says this defrauded Uber drivers and customers. Sullivan is the first, but probably not the last, CISO who’ll face this charge, as government slips away from “public-private partnership” as the reason to report breaches and instead embraces fear of prosecution.
  • And the Transportation Security Administration (TSA), after taking criticism for the harshness of its secret cybersecurity standards for pipelines, had offered some secret amendments to those standards. Is that a good thing? Who knows?

Download the 415th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.