201. Crypto Wars 2.0

Debating Susan Landau over encryption and law enforcement

|The Volokh Conspiracy |

The crypto wars return to The Cyberlaw Podcast in episode 201, as I interview Susan Landau about her new book on the subject, Listening In: Cybersecurity in an Insecure Age. Susan and I have been debating each other for decades now, and this interview is no exception.

In the news roundup, Brian Egan and Nick Weaver join me for the inevitable mastication of the Nunes memo. (My take: the one clear scandal here is the way Glenn Simpson and Chris Steele treated the US national security apparatus, including the national security press, as just another agency to be lobbied – and the success they had in milking it for partisan advantage and private profit.)

Meanwhile, if you needed a reminder of just how enthusiastically and ham-handedly China conducts its espionage, just ask the African Union, whose Chinese-built headquarters is pwned from top to bottom.

Brian lays out a significant Ninth Circuit Anti-Terrorism Act case absolving Twitter of liability for providing "material assistance" to ISIS by requiring a more direct relationship between Twitter's acts and the harm suffered by the private plaintiffs. Not a surprise, but a relief for Silicon Valley.

Nick fulminates about the security threat posed by a sophisticated recent malvertising campaign and wonders when enterprises will start requiring ad blockers on corporate internet software. In a related story, we wonder how much incentive Twitter really has to kill off its armies of fake followers.

Are the Dutch paying the price for punching above their weight in the cyberespionage game? And did American leaks kill their success? All we can do is speculate, unfortunately.

You know you've missed This Week in Sex Toy Security, so we bring it back to cover yet another internet-connected vibrator company trying to shake off a privacy class action. At least half of our audience will enjoy my stumbling effort to understand the appeal of the product.

Finally, as a sign that we've finally reached Peak Cybersecurity and Peak Privacy, both topics are ending up on the agendas of international trade negotiators. The EU says its privacy rules are untouchable in negotiations (although other countries' overly protectionist data flow policies are fair game) and the NAFTA negotiators have reportedly agreed to add to NAFTA cyber security "principles" based on the NIST Cyber Security Framework.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 201st Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!


NEXT: "Second Amendment Law Lessons: Look Beyond the Courts for Freedom"

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. >”My take: the one clear scandal here is the way Glenn Simpson and Chris Steele treated the US national security apparatus, including the national security press, as just another agency to be lobbied ? and the success they had in milking it for partisan advantage and private profit.”

    First, that’s not a scandal. The memo laid the blame for Steele’s many disclosures squarely the FBI. However, that sentiment is woefully misplaced. Simpson and Steele weren’t subject to the same confidentially standards of government employees. They were free to do whatever their client asked them to do. (According to Simpson’s testimony before HPSCI, Fusion GPS had authorization by the Free Beacon to release some things to other media outlets. He refused to say if Perkins Coie allowed them to release their research to the media when they started paying the bills.)

    Second, only one scandal has been confirmed. It, surprisingly enough, wasn’t included in the memo: unlawful disclosure of a redacted name to the media. This was the pet project of Devin Nunes. His problem is that he tried to tie the disclosure to Obama-era officials in a witchhunt. He should have focused on how the media got the names instead of persecuting people for having access.

  2. How can a building be pwned? While I’m younger than Mr. Baker, I’m still old when it comes to current lingo, but I’m not aware of a definition of “pwned” that would apply to a building. Any millennials or younger who can help me out?

    1. Credentials: Born in the mid-80s, so that makes me an eldest of the millennials and a natural liaison 🙂

      Pwned (in the sense of “owned”) can apply to anything that can be defeated, dominated or exploited by an adversary.

  3. I’m only 70.

    Wikipedia: “In script kiddie jargon, pwn means to compromise or control, specifically another computer (server or PC), website, gateway device, or application. It is synonymous with one of the definitions of hacking or cracking, including iOS jailbreaking. The Pwnie Awards are awarded by a group of security researchers.”

    I would presume that a “pwned” building would be thoroughly bugged during construction with devices to pick up digital communications by the occupants.

Please to post comments

Comments are closed.