Outing Col. Chepiga (or worse)

Episode 233 of the Cyberlaw Podcast

|The Volokh Conspiracy |

In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he's been identified, should British intelligence make it their business to execute Col. Chepiga?

On a lighter note, Uber is paying $148 million to state AGs for a data breach that apparently had no adverse consequences and might not even have been a breach. That's a lot to pay just to show that the company is now under new and more responsible management.

About a year too late, a consensus of sorts is emerging among Republicans that Silicon Valley needs broad privacy regulation. The Trump Administration is asking for comment on data privacy principles. And the tech giants are pushing lawmakers for federal privacy rules. But the catalyst is an increasing need for federal preemption in the face of California's new law, and the Dems who are expected to take the House will be hard to sell on preemption. So despite the emerging consensus, a logjam that lasts years could still be in our future.

The sentencing of an NSA employee for taking sensitive hacking tools home – and getting them compromised by Kaspersky – leaves Nick with plenty of additional questions about the source of the tools disclosed by Russian proxies in recent years.

Evan Abrams gives us a summary of the NY AG's report on virtual markets and cryptocurrency. Bottom line: New York is likely to pursue regulation with vigor.

Meanwhile, undeterred by NSA's inability to secure its own systems, West Virginia had embraced a mobile voting app for the 2018 election. Remarkably, despite its firm deployment of blockchain buzzwords, none of us thinks West Virginia has solved the security problem.

And in quick hits:

  • The GRU is taking the "P" in APT way too seriously.
  • A content moderator has sued Facebook, claiming that her job gave her PTSD. I think it probably did, but I doubt Facebook will be held liable.
  • India's Supreme Court has upheld, with limits, the government's massive Aadhaar digital ID program.
  • Facebook suffered a breach affecting 50 million user accounts and probably 40 million "log on with Facebook" accounts. Will we hear about more? Who knows? We're getting these facts piecemeal thanks to the EU's dumb 72-hour deadline for reporting breaches under GDPR.
  • President Trump says China is interfering in the 2018 elections. But unlike the Russian version, all of China's fake news is on actual newsprint.
  • Finally, a quick report roundup:
    • The EU is forcing Silicon Valley to restrict disinformation without actually defining, you know, disinformation. Probably because the EU doesn't want to admist that it thinks everything Trump tweets should be banned as disinformation.
    • DOJ's otherwise pretty good best practices report sadly doubles down on hating hackback. Now with added rationales!
    • China is back to stealing our commercial secrets, but more quietly, think tanks report.
    • House AI report – pro: bipartisan; con: mostly content-free.
    • And here's yet another set of IoT security guidelines