That’s the question I debate with David Kris and Nick Weaver as we explore the ways in which governments are using location data to fight the spread of COVID-19. Phone location data is being used to enforce quarantines and to track contacts with infected people. It’s useful for both, but Nick thinks the second application may not really be ready for a year – too late for this outbreak.
Our interview subject is Jason Healey, who has a long history with Cyber Command and a deep recent oeuvre of academic commentary on cyber conflict. Jay explains Cyber Command’s doctrine of “persistent engagement” and “defending forward” in words that I finally understand. It makes sense in terms of Cyber Command’s aspirations as well as the limitations it labored under in the Obama Administration, but I end up wondering whether it’s going to be different from “deterrence through having the best offense.” Nothing wrong with that, in my view – as long as you have the best offense by a long shot, something that is by no means proven.
We return to the news to discover the whole idea of national security sunsets looking dumber than it did when it first saw the light of day (which is saying something). Several important FISA authorities have fallen to the floor, Matthew Heiman reports. Thanks to Sens. Rand Paul and Mike Lee, I might add (Nick blames President Trump, who certainly stepped in at a bad time). Both the House and the Senate passed measures to keep FISA authorities alive, but the measures were completely different and out of sync. Maybe the House will fix that this week, but only for a couple months. Because of course we’ll be rested and ready in the middle of a contagion and a presidential campaign for a debate over Sen. Paul’s proposal to make it harder to wiretap and prosecute Americans who spy for foreign governments.
Maybe some aiming should have come before naming and shaming? The US has dropped the Mueller team’s charges against a sponsor of Russian electoral interference, Matthew tells us. We explore the arguments from those who support the validity of the Report and those who challenge the legitimacy of the investigation. You don’t have to believe either to believe that the Mueller team should have thought a little more about how it would try the case and a little less about how convenient it was to be able to tell the IRA story in an indictment.
There’s another major leak about government skullduggery in cyberspace, David tells us, and WikiLeaks is, uh, nowhere to be seen. That’s because the skulldugging government in question is Vladimir Putin’s, and WikiLeaks is looking more and more like it is in cahoots with Putin. So it falls to a group called Digital Revolution to publish internal FSB documents showing Russia’s determination to acquire a huge DDOS network, maybe enough to take whole nations offline.
Alan Cohn makes a guest appearance to discuss the role that DHS’s CISA is playing in the COVID-19 crisis. And it has nothing to do with cybersecurity. Instead, CISA is ensuring the security of critical infrastructure around the country by identifying facilities that need to keep operating, notwithstanding state lockdown orders. We talk about the federalism crisis that could come from the proliferation of critical infrastructure designations, but neither of us expects it soon.
Here’s a surprise: Russia is deploying coronavirus disinformation, claiming that it is a US bioweapon. Uncharacteristically, I find myself praising the European Union for flagging the campaign.
Nick talks about the ambiguity of the cyberattack on Norsk Hydro, and I raise the risk that companies may stop releasing attribution information pointing to nation states because doing so may undercut their insurance claims.
Take our listener poll at steptoe.com/podcastpoll!
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.