The Cyberlaw Podcast

The Cyberlaw Podcast: Cybersecurity: A British Perspective

By Stewart Baker
Tuesday, February 2, 2021, 8:02 PM

The U.S. has never really had a “cyberczar.” Arguably, though, the U.K. has. The head of the National Cyber Security Center (NCSC) combines the security roles of the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. To find out how cybersecurity issues look from that perspective, we interview Ciaran Martin, the first director of the NCSC.

In the news roundup, Paul Rosenzweig sums up recent successes in taking down the NetWalker  and Emotet hacking networks: It’s a win, and that’s good, but we will need more than this to change the overall security status of the country.

Jordan Schneider explains the remarkable trove of leaked Chinese police records and the extraordinary surveillance now being imposed on the Uighur minority in China.

Enthusiasts for end-to-end encryption should be worried, Mark MacCarthy and I conclude. First, the EU—once a firm advocate of unbreakable encryption—is now touting “security through encryption and security despite encryption.” You can only get the second with some sort of lawful access, an idea that has now achieved respectability inside Brussels government circles, despite lobbying by e2e messaging firms based in Europe. On top of that, there’s a growing fifth column of encryption skeptics inside the firms, whose sentiments can be summarized as, “I’m all for cop-proof encryption as long as it isn’t used by lawbreakers who voted for Trump.” 

Paul brings us up to speed on the Office 36—I mean the SolarWinds—attack. Turns out lots of companies were compromised without any connection to SolarWinds. The episode shows that information sharing about exploits still has a ways to go. And if you’re a lawyer who’s been paying ten cents a page for downloads from the federal courts’ electronic filing system, whatever you’ve been paying for, it isn’t security. The attackers got in there, and as a result, we’ll be making sensitive filings on paper.  First voting, then suing—more and more of our lives are heading off line.

Does China want your DNA, and why? I have a truly scary suggestion, and Jordan tries to talk me down.

The Facebook Oversight Board has issued its first decisions. Paul and Mark touch on the highlights. I predict that the board will overrule Trump’s deplatforming, to surprisingly little dissent. 

Jordan and I dig into two overviews of U.S. tech and military competition. It starts to feel a little incestuous when it turns out we all know the authors—and that Jordan has invited them all to be on his excellent podcast, ChinaTalk.

In short hits, I predict that Beijing will fight CFIUS to the last dollar of TikTok revenue. And could easily win. I question YouTube’s demonetization of the Epoch Times, but Jordan has less sympathy for the paper. I’m less flexible about Google’s hard-to-justify decision to block the ads of a group that (like most Americans) opposes Democratic proposals to pack the Supreme Court. And if you’re wondering how dumb stuff like this happens, the L.A.Times gives an object lesson. Faced with a campaign to recall California Governor Gavin Newsom, the Times dug into the online organizations supporting recall. Remarkably, it found that the groups included a lot of the same kinds of folks who came to Washington in January to protest President Biden’s victory. Shortly after that drive-by festival of guilt by association, Facebook banned ads supporting the recall movement.

And more!

Download the 347th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.