ByteDance, bitten. By CFIUS.

Episode 285 of the Cyberlaw Podcast

|The Volokh Conspiracy |

We open this episode with David Kris's thoughts on the two-years-late CFIUS investigation of TikTok, of its Chinese owner, ByteDance, and of ByteDance's US acquisition of the lip-syncing company Our best guess is that this unprecedented reach-back investigation will end in a more or less precedented mitigation agreement.

WhatsApp is suing NSO Group over the use of spyware on WhatsApp's network. I predict that this is going to be a highwire act for WhatsApp, given the precedents on when breaching terms of service violates the Computer Fraud and Abuse Act. I also muse on the possibility that NSO will find ways to make this a much less comfortable lawsuit for WhatsApp to pursue.

The ACLU takes this week's prize for making a PR and fundraising mountain out of a molehill of a lawsuit. Matthew Heiman and I try to decide which took less effort – cutting and pasting the ACLU's generic FOIA complaint or cutting and pasting the ACLU's generic "Oh my God, it's a surveillance dystopia" press release.

I comment on a heart-warming story about a geek in Normal, Illinois, who runs the most successful ransomware-rescue site in the world – and is going broke doing it. Advice to DHS's CISA: Isn't it time to sponsor prizes for people who post ransomware decryptors with real impact?

Mark MacCarthy discusses the guidance provided by the Defense Innovation Board on building ethical AI. I complain that political correctness seems to have outweighed considerations like, you know, winning wars.

Matthew tells us that Israel is creating its own CFIUS-like panel, and we note the longstanding tension between the US and Israel over Chinese access to Israeli technology.

David spots more decoupling: The Interior Department has grounded its entire drone fleet, citing the risk from Chinese manufacturers.

Mark and I find common ground in thinking that Facebook got the political ad censorship question more right than wrong. Twitter, not so much. We offer Strange New Respect for Herbert Hoover and the legislators who struggled with the last industry to seize control of what Americans could know—broadcasting.

Matthew fills us in on a story suggesting that North Korea breached an Indian nuclear plant's network. He and I also briefly note that Georgia was the victim of a massive case of cyber vandalism.

In updates of past stories, I cover Coalfire's persuasive critique of the sheriff who arrested the company's pentesters in an Iowa courthouse. In another even longer-running story, the latest and perhaps the last word on the LabMD-Tiversa-FTC imbroglio can be found in an excellent New Yorker story that leaves LabMD looking good, the FTC looking bad, and Tiversa looking like a candidate for criminal prosecution. Finally, David updates the story of the 2016 Uber hack that cost the company's chief security officer his job. Now it's also going to cost the hackers their freedom, as they plead guilty to CFAA violations.

Download the 285th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.


NEXT: Judge to PragerU: You Do Not Have a Free Speech Claim Against YouTube

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I’m having a hard time with the sheriff’s argument in the Coalfire case that the courthouse that was penetrated belongs to the country and that the state had no authority to authorize penetration testing. As I understand it, there are constitutionally only two levels of government in the United States, the states and the federal government. Counties, municipalities and the like are all creatures of their respective states and have no independent status. Doesn’t that mean that states necessarily have the authority to take action with respect to their components?

    1. Oops, I meant “county”, not “country”.

Please to post comments

Comments are closed.