For the first time, we begin the podcast not with NSA on the defensive, but with breaking news of an American counterattack on Chinese cyberspying---the indictment of several PLA members for breaking into US computers to steal commercial information. Our guest for the day, Shane Harris, is ideally suited to analyze the case. Shane is a senior writer at Foreign Policy magazine, where he covers national security, intelligence, and cyber security. Shane’s book, The Watchers, offered thoughtful insights into the rise of surveillance in America.
Turning to the week in NSA, it turns out that the claim that no telcos challenged the 215 program is looking less true all the time. First we discovered that Verizon did; now new releases disclose that Sprint also objected. Glenn Greenwald’s book claims that NSA considers Israel the most effective at spying on the US after China and Russia. No surprise there, except maybe to the French. Greenwald also says that NSA modifies equipment after it’s been sold to make hacking easier. Finally, speaking of media leaks, Greenwald’s book has now been leaked to Bittorrent. Copyright infringement is almost as illegal as leaking classified documents, so let your conscience be your guide.
It looks as though LabMD is down to one lawsuit, at least for now. It’s hoping to persuade the Devil inside the Beltway to convert---pursuing its claims of mistreatment by the FTC to . . . the FTC.
The Justice Department is clearly under instructions to reassure the private sector that certain kinds of information sharing is legal. The department has released a not-very-surprising statement that some kinds of information sharing don’t violate the antitrust laws. Now it’s put out a white paper saying that ISPs can release aggregate information about cybersecurity without violating the Stored Communications Act’s prohibition on releasing customer information.
The two hot topics of the week, though, turn out to be net neutrality and the European Court of Justice’s mugging of Google, with the first amendment as collateral damage. On net neutrality, we clarify the difference between Title II and section 706 as a basis for net neutrality, and the prospects for the proposed regulatory regime. As a bonus, we ask whether the FCC could use its new authority under either of those provisions to require that internet companies work more closely with law enforcement in designing their services. As for the European court’s embrace of the “right to be forgotten,” we explore the ruling’s remarkable breadth. Apparently if you’ve lost a lot of weight recently, even your old photos can be pulled off Google. The jurisdictional assertions are as sweeping as the substantive ruling. Google’s US results, and US news sites, cannot assume that they are immune from the long arm of European censorship.
Finally, in a wide-ranging interview with Shane Harris, we delve deeply into the market---and possible regulation of the market---for zero-day vulnerabilities, the rapid evolution of Iran's cyber warfare capabilities, and some of the problems with the US response to these challenges.