GDPR and the Typhoid Marys of the Internet

GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is WHOIS, as German courts ride to the rescue of insecurity — in the name of privacy.

Also probably to be expected, at least for those who have paid attention to the history of technology regulation: The biggest companies are likely to end up boosting their market dominance.

Less expected: The decision of some big US media to just say no to European readers, recognizing them as the Typhoid Marys of the Internet, carrying a painful and stupid regulatory infection to every site they visit.

In other unsurprising news, Gus Hurwitz and Megan Reiss note, Kaspersky has now lost both its lawsuits against US government bans in a single district court ruling.

In genuinely troubling news, Iran is signaling a willingness to attack US industrial controls, which run the electric grid and pipelines and sewage systems, using the same malware it used against the Saudis. Since Iran was willing to launch DDoS attacks on US banks the last time negotiations over its nuclear program hit a snag, this is a threat that needs to be taken seriously.

The good news is that the US government released two reports this week on how to we'll respond to both threats — cyberattacks on our grid and DDoS attacks on our web companies. The bad news is that both reports suck. If you were feeling optimistic before this, I argue, a close reading of the reports will leave you with a sinking feeling that this is the fourth administration in a row without a clue about how to deal with such attacks.

Quick Hits

Russia wants Apple's help in subduing Telegram, Maury reports. I predict that Tim Cook will fold like a cheap lawn chair. I'm guessing that it's really only American law enforcement that he's willing to thwart.

North Korea is getting credit for peacemaking while spreading malware to US and South Korean infrastructure. A lot of the attacks are enabled by phishing emails built around hot news about the Trump-Kim summit. Which, come to think of it, may be the real reason Kim keeps turning the summit off and on: He's got to generate clickbait for all those phishing emails.

Trump wants to relieve ZTE of its company-killing Commerce sanctions, but Congress may not let him. Hardest hit? Paul Ryan, who'll have to decide whether to let the House take a free vote to thwart the President on national security grounds.

Gus takes us quickly through the next big security issue: IMSI catchers and SS7 exploitation. This is a big problem, or really two big problems that are bound to get real media attention – just as soon as civil liberties groups figure out how to blame them on Trump.

In other news, I'll be hosting a Reddit AMA on r/legaladvice on June 6 starting at 2pm ET. The best questions may be read in the next episode, so be sure to contribute. You can find more information in the announcement here.

Download the 220th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!