The theme of this week’s podcast seems to be the remarkable reach of American soft power: Really, we elect Donald Trump, and suddenly everybody’s trolling. The Justice Department criminally charges a Russian troll factory’s accountant, and before David Kris can finish explaining it, she’s on YouTube, trolling the prosecutors with a housewife schtick. She’s not alone. Faced with the news that President Trump is using a commercial iPhone for many of his calls—and, Nate Jones points out, getting tapped by China, Russia, and others as a result—China has a suggestion that scores at the top of the POTUS Troll Scale. Tim Cook goes to Europe to troll Android—and me—with a speech that touches all my buttons: Europhilia, Apple sanctimony in pursuit of profit and blind enthusiasm for privacy regulation. And when the Belgians ask for British help investigating a suspected GCHQ hack of a Belgian ISP, as David and I discuss, the British respond with what can only be described as understated trolling.
This week’s interview is with Dr. Dipayan Ghosh, Pozen Fellow at Harvard’s Shorenstein Center and co-author of a new report, “Digital Deceit II: A Policy Agenda to Fight Disinformation on the Internet.” I find it an interesting mix of good insights and warmed-over Obama-era nostrums (Carly Rae Jepsen makes a brief appearance). Dipayan and I tangle on privacy but struggle toward common ground on the question of limiting the power of the Big Platforms. He’s open-minded and flexible about the details of the proposal, so for fans of civil policy debate (especially those worried about where the platforms’ dominance and ad revenue are taking us), this episode is a keeper.
Why would a Russian technical institute design malware used in an effort to sabotage a major petrochemical plant in Saudi Arabia? Nate Jones lays out the story. Originally suspected of being an Iranian operation, the attack may have originated in Iran, but FireEye persuasively links the underlying (and flawed) malware to Moscow. One possibility is that it’s a Russian false flag job, minus the embarrassing GRU operatives’ Uber receipts. My guess, though, is that the Russian institute is just amortizing malware development costs by selling off exploits developed for the GRU. If so, this may turn out to be another slow motion disaster for the thugs in the Aquarium.
In other news, Yahoo settled a class action over the enormous breach affecting 200 million people and three billion accounts. The price of that settlement? After the lawyers have been paid, the $50 million settlement will work out to about 25 cents per victim. Seems pretty cheap to me.
For a brief moment, reality has descended on the left coast. It looks like California isn’t eager for a judicial ruling on its campaign to nullify federal net neutrality law.
In the UK, Facebook is fined the maximum under pre-GDPR law, for what the privacy agency calls a failure to protect personal data from Cambridge Analytica—but what I suspect is the unspeakable crime of not having prevented the election of Donald Trump. And now that GDPR is in effect, the bien pensants of Europe have served notice; failure to prevent the president’s re-election will cost Silicon Valley billions.
Finally, what goes around comes around for the Uber “bounty” hackers. David and I think that pretty much answers the question whether they were just confused bounty hunters or extortionists with a clever line of patter.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.