Unfiltered: An interview with NSA's former general counsel
Episode 304 of the Cyberlaw Podcast
Our interview in this episode is with Glenn Gerstell, freed at last from some of the constraints that come with government service. We cover the Snowden leaks, how private and public legal work differs (hint: it's the turf battles), Cyber Command, Russian election interference, reauthorization of FISA, and the daunting challenges the US (and its Intelligence Community) will face as China's economy begins to reinforce its global security ambitions.
In the news, Nate Jones and Nick Weaver talk through the new legal and technical ground broken by the United States in identifying two Chinese nationals and the $100 million in cryptocurrency they laundered for North Korean hackers.
Paul Rosenzweig lays out the challenge posed for the Supreme Court's Carpenter decision by LocateX, which provides detailed location data commercially. This is exactly the quagmire I expected the Court to find itself in when it abandoned the third-party doctrine on a one-off basis. Nick points out that the data is only pseudonymized and tries with mixed success to teach me to say "de-pseudonymized."
Nate and I conclude that facial recognition has achieved a kind of Kardashian status, though instead of being famous for being famous, facial recognition is toxic for being toxic. Kashmir Hill at the New York Times adds a new drop of poison in a story that could just as well have repeated "I hate Clearview AI" 50 times for all it told us about the company. And Vice, which never saw a Twitter mob it wouldn't join, lets Anna Merlan tell us to hate Clearview because it found pictures of her that she apparently posted in public. Meanwhile, we all know the technology is evil, but we can't quite remember why. If the problem is that it doesn't work, the stories about how Buenos Aires found a wanted man on the street using another company's recognition tech is kind of harshing the narrative. (We're supposed to see that it's evil because the cops had mixed up two people with the same name. Not sure that's facial recognition's fault, guys.)
Nate and I review the Justice Department's guidance on how threat researchers can do undercover work safely on the Dark Web. It's a mixed bag for sure, but the biggest beneficiary of the guidance may turn out to be Dark Web criminal network administrators.
A proposed FAA drone rule is angering aviation hobbyists. Nick feels their pain but thinks it's time for them to get over it.
Microsoft, Google, Facebook, and others have adopted international principles for enforcing laws against child abuse. But if they were hoping to stave off the EARN IT bill, they were mistaken. The bill has been introduced, with striking bipartisan sponsorship and a few changes since we last covered it. Nick and I cross swords on whether the bill would turn the companies into agents of the government for Fourth Amendment purposes.
And in short takes, I note that the Trump Administration is borrowing from Europe in one respect: CFIUS is building a wall against the export of Americans' personal data to China by overturning mergers that would give Chinese companies access to data on Americans' hotel stays and their love lives. Paul tells us that Oz is apparently in the lead for a deal with the United States on the CLOUD Act. China's Qihoo360 tries to beat US cyber forensics firms at the name-and-shame game but came up short. And the FISA Court offers some surprisingly tame changes in the wake of the Horowitz report detailing the botched Carter Page warrant application.
Take our listener poll at steptoe.com/podcastpoll!
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.