We’re back! After a much needed hiatus, during which we shared wilderness paths with bison, woke up to wolf cries, and celebrated the value of ibuprofen, the Steptoe Cyberlaw Podcast is back on the net.
The hiatus allows us to cover this month in NSA, which is a good thing, because the Snowden News Machine is sputtering. The most significant news was probably made by NSA itself, which released a redacted opinion of the FISC, shedding a lot of light on why the government abandoned its internet 215 program. Judge Bates’s heavily redacted program criticizes the agency relentlessly for making promises about its technology and procedures that it just couldn’t keep. My guess is that the agency heads and DOJ got so tired explaining and apologizing to the court that they finally just killed the program.
In other NSA news, Snowdenista journalists try to make an issue of the fact that NSA has developed a search engine for metadata called ICREACH. Public reaction: Well, duh.
More egregiously, Laura Poitras and Der Spiegel provided detailed information about US intelligence collection on Turkey in a scarcely veiled effort to sabotage the US-Turkey relationship – and to relieve the German government of the embarrassment of a leak showing that despite Angela Merkel’s claim that friends shouldn't spy on friends, Germany spies enthusiastically on Turkey.
Mustn't embarrass the German government, after all. Its insistence on moral purity in intelligence collection is the main political/diplomatic support for what’s left of the Snowden campaign. But that purity is looking a little sullied after revelations that German intelligence intercepted both Hillary Clinton and John Kerry as they carried out diplomatic efforts.
In other August news, the Microsoft case questioning the government’s authority to issue warrants for overseas data continued to evolve over the month, with the government greatly raising the stakes: If Microsoft wants to appeal, the government says, its only option is to refuse compliance with the warrant and let the court hold it in contempt. And it looks like the district court agrees.
Elsewhere, Linkedin settles its data breach case for a relatively modest $1.25 million. NIST seeks comment on how its Cybersecurity Framework is working out. And a federal court in Massachusetts offers novel (and probably bad) advice to those hoping to avoid liability under federal computer abuse law: Just make sure the computer’s been disconnected from the Internet before you attack it. Finally in what looks like an increasingly American exceptionalist view, US courts continue to hold that search engines aren’t liable for the links they publish or their autocomplete suggestions.
Our guest for the week is David Hoffman, Intel’s Chief Privacy Officer, and one of the most thoughtful privacy officials going–apart from his unaccountable fondness for the European Court of Justice’s decision on the right to be forgotten. We debate the decision again, and I discover that David and I are famous by Google’s standards, while Michael is not. I propose new ways to throw a legal spanner in the European data protection agencies’ works.