Our interview in this episode is with Glenn Gerstell, freed at last from some of the constraints that come with government service. We cover the Snowden leaks, how private and public legal work differs (hint: it’s the turf battles), Cyber Command, Russian election interference, reauthorization of FISA, and the daunting challenges the US (and its Intelligence Community) will face as China’s economy begins to reinforce its global security ambitions.
In the news, Nate Jones and Nick Weaver talk through the new legal and technical ground broken by the United States in identifying two Chinese nationals and the $100 million in cryptocurrency they laundered for North Korean hackers.
Paul Rosenzweig lays out the challenge posed for the Supreme Court’s Carpenter decision by LocateX, which provides detailed location data commercially. This is exactly the quagmire I expected the Court to find itself in when it abandoned the third-party doctrine on a one-off basis. Nick points out that the data is only pseudonymized and tries with mixed success to teach me to say “de-pseudonymized.”
Nate and I conclude that facial recognition has achieved a new level of infamy. Kashmir Hill at the New York Times adds a new drop of poison in a story that could just as well have repeated “I hate Clearview AI” 50 times for all it told us about the company. And Anna Merlan of Vice published a story about Clearview’s practices. Meanwhile, there are still big questions about whether the technology works at all. But sometimes the problem is a complicated mix of human and technological error. Police in Buenos Aires, for example, found a wanted man on the street using another company’s recognition tech. The catch: the guy was erroneously placed on the wanted list because someone mixed him up with a criminal of the same name. Not sure that’s facial recognition’s fault, as OneZero describes it as being.
Nate and I review the Justice Department’s guidance on how threat researchers should do undercover work safely on the Dark Web. It’s a mixed bag for sure, but the biggest beneficiary of the guidance may turn out to be the Dark Web’s criminal network administrators.
A proposed FAA drone rule is angering aviation hobbyists. Nick feels their pain but thinks it’s time for them to get over it.
Microsoft, Google, Facebook, and others have adopted international principles for enforcing laws against child abuse. But if they were hoping to stave off the EARN IT bill, they were mistaken. The bill has been introduced, with striking bipartisan sponsorship and a modest few changes since we last covered it. Nick and I disagree on whether the bill would turn the companies into agents of the government for Fourth Amendment purposes.
And in short takes, I note that the Trump Administration is borrowing from Europe in one respect: CFIUS is building a wall against the export of personal data to China, overturning mergers that would give Chinese companies access to data on Americans’ hotel stays and their love lives. Paul tells us that Oz is apparently in the lead for a deal with the United States on the CLOUD Act. China’s Qihoo360 tried to beat US cyber forensics firms at the name-and-shame game but came up short. And the FISA Court offers some surprisingly tame reforms in the wake of the Horowitz report detailing the botched Carter Page warrant application.
Take our listener poll at steptoe.com/podcastpoll!
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm