The fine line between deepfake legislation and deeply fake legislation
Episode 295 of the Cyberlaw Podcast
There's a fine line between legislation addressing deepfakes and legislation that is itself a deep fake. Nate Jones reports on the only federal legislation addressing the deepfake problem so far. I claim that it is well short of a serious regulatory effort – and pretty close to a fake itself.
In contrast, India seems serious about imposing liability on companies whose unbreakable end-to-end crypto causes harm, at least to judge from the howls of the usual defenders of such products. David Kris explains how the law will work. I ask why Silicon Valley gets to impose the externalities of encryption-facilitated crime on society when we'd never let Big Tech leave us with the tab for water or air pollution just because their products are so cool. In related news, the FBI may be turning the Pensacola military terrorism attack into a slow-motion replay of its San Bernardino fight with Apple, this time with more top cover (and probably better lawyering).
Poor Nate seems to draw all the fake legislation in this episode. He explains a 2020 appropriations rider requiring the State Department to report on how it issues export licenses for cyber espionage capabilities; this is a follow-up to investigative reporting on the way such capabilities ended up being used against human rights activists in the UAE. As we agree, it's an interesting and likely unsolvable policy problem, so the legislation opts for the most meaningless of remedies, requiring the Directorate of Defense Trade Control to report "on cybertools and capabilities licensing, including licensing screening and approval procedures as well as compliance and enforcement mechanisms" within 90 days.
Nate also gets to cover some decidedly un-fake requirements in the 2019 NDAA limiting how defense contractors can use Chinese technology. The other shoe is about to drop, and if the first one was a baby shoe, the second is a Clydesdale's horseshoe.
It's hard to call it fake, but the latest export control rule restricting sales of AI could hardly be narrower. Maury Shenk and I speculate that this is because a long-term turf war has broken out again in export control policy circles. Maury's money is on the business side of that fight, and the narrowness of the AI rule gives weight to his views.
And here's some Christmas cheer for DOJ and national security officials: A federal district court put a lump of coal in Fast Eddie Snowden's stocking, denying him royalties from a book that violated his nondisclosure agreement. Nate thinks it's safe for me to buy a copy, but I'm waiting for appellate confirmation.
Less festive news comes from the European Court of Justice's advocate general opinion in Schrems II, a case that could greatly complicate EU-US data transfers by purporting to put Europeans in charge of how the US defends itself from terrorism. Maury explains; I complain.
David unpacks with clarity a complex Second Circuit decision on the constitutionality of FISA 702 collection. On the whole, Judge Lynch did a creditable job with a messy and unprecedented set of claims, though I question the wisdom of erecting a baroque mansion of judge-made limits on a slippery and narrow foundation like the Fourth Amendment's requirement that searches be "reasonable."
And in short hits:
- Maury tells us that Italy has imposed a French-style revenue tax on Internet companies.
- The Russians claim to have successfully found a way to disconnect from the Internet. Now if we could only get them to stay that way.
- Illinois has a new, mostly fake law imposing modest regulations on the use of AI in video job interviews.
- The TRACED Act rises above fakeness in attacking robocalls but just barely.
- And the FAA released an NPRM calling for a pretty serious requirement for remote ID of drones.
Finally, to put everyone back in the Christmas spirit, LabMD won nearly a million dollars in fees from the Federal Trade Commission for the FTC's bullheaded pursuit of the company despite the many flaws in its case. The master's opinion makes clear just how badly the FTC erred in hounding LabMD.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect those of their spouses, children, clients, firms, or institutions.