Is privacy in pandemics like atheism in foxholes?

Episode 307 of the Cyberlaw Podcast

|The Volokh Conspiracy |

That's the question I debate with David Kris and Nick Weaver in this episode, as we explore the ways in which governments are using location data to fight the covid-19 virus. Phone location data is being used both to enforce quarantines and to track contacts with infected people.  It's useful for both, but Nick thinks the second application may not really be ready for a year – too late for this outbreak.

Our interview is with Jason Healey, who has a long history with Cyber Command and a deep recent oeuvre of academic commentary on cyberconflict. Jay explains Cyber Command's doctrine of "persistent engagement" and "defending forward" in words that I finally understand.  It makes sense in terms of Cyber Command's aspirations as well as the limitations it labored under in the Obama administration, but I wonder if in the end it will be different from "deterrence through having the best offense." Nothing wrong with that, in my view – as long as you have the best offense by a long shot, something that is by no means proven.

We return to the news to discover the whole idea of sunsets for national security laws looking dumber than it did when it first saw the light of day (which is saying something). Several important FISA authorities have expired, Matthew Heiman reports.  That's thanks to Sens. Rand Paul and Mike Lee, I might add (though Nick blames President Trump, who certainly put his boot in too). Both House and Senate passed measures to keep FISA authorities alive, but the measures were completely different and out of sync.  Maybe the House will fix the problem this week, but only by extending the deadline for a couple of months.  Because of course by then we'll be rested and ready, in the middle of a contagion and a Presidential campaign, for a  debate over Sen. Paul's proposal to make it harder to wiretap and prosecute Americans who spy for foreign governments.

Maybe before they did all that naming and shaming of Russian government hackers, federal prosecutors should have worked on their aiming: The US Justice Department has now dropped Robert Mueller's charges against a sponsor of Russian electoral interference, Matthew tells us. We explore two fever-dream narratives – that the whole prosecution was part of a witch hunt and that the Attorney General is just sabotaging Bob Mueller's righteous crusade. You don't have to believe either to conclude that the Mueller team should have thought a little more about how it would try the case and a little less about how convenient it was to be able to tell the IRA story in an indictment. CyberScoopWall Street Journal

There's another major leak about government skullduggery in cyberspace, David tells us, and Wikileaks is, uh, nowhere to be seen.  That's because the skulldugging government in question is Vladimir Putin's, and Wikileaks is looking more and more like Putin's lapdog.  So it falls to a group called Digital Revolution to publish internal FSB documents showing Russia's determination to acquire a huge DDOS network, maybe enough to take whole nations offline.

Alan Cohn makes a guest appearance to discuss the role that DHS's CISA is playing in the covid-19 crisis.  And it has nothing to do with cybersecurity.  Instead, CISA is ensuring the security of critical infrastructure around the country by identifying facilities that need to keep operating, notwithstanding state lockdown orders.  We talk about the federalism crisis that could come from the proliferation of critical infrastructure designations but neither of us expects it soon.

Here's a surprise: Russia is deploying coronavirus disinformation, claiming that it is a US bioweapon. Uncharacteristically, I find myself praising the European Union for flagging the campaign.

Nick talks about the ambiguity of the cyberattack on Norsk Hydro, and I raise the risk that companies may stop releasing attribution information pointing to nation states because doing so may undercut their insurance claims.

Finally, we wrap up the story of ex-Uber autonomous driving executive Anthony Levandowski, who pled guilty to trade-secret theft and is likely headed to prison for a year or three.

Download the 307th Episode (mp3).

Take our listener poll at steptoe.com/podcastpoll. You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Advertisement