AI Means Superfuzzing plus Whaling at Scale

Our interview with Ben Buchanan begins with his report on how artificial intelligence may influence national security and cybersecurity. Ben's quick takes: AI is better for defense than offense, and probably even better for propaganda. The fun part of the interview, in my view, is Ben's explanation of how to poison the AI that's trying to hack you – and the scary possibility that China is already experimenting with poisoning Silicon Valley's content moderation AI.

By popular request, we revisited a story we skipped last week; this time we do a pretty deep dive on the ruling that Capital One can't claim attorney-client work product privilege in an intrusion response report that Mandiant prepared for the bank after the breach. Steptoe litigator Charles Michael  and I talk about how IR firms and CISOs should respond to the decision, assuming it stands up on appeal.

Maury Shenk notes the latest of about a hundred warnings, this time from Christopher Krebs, the director of DHS's cybersecurity agency and the head of Britain's GCHQ, that China's intelligence service ­– and every other intelligence service on the planet – seem to be targeting COVID-19 research. I ask whether sauce for the Western goose should be sauce for the Chinese gander.

Maury takes us through the week in internet copyright fights. The most overdetermined takedown in history comes when a Trump-hating social media company combines with ideological copyright enforcement and the world's dumbest content bots to remove a Trump campaign video tribute to George Floyd. The video is still available on Trump's YouTube channel.

Maury and I puzzle over Instagram's failure to provide a license to users of its embedding API. This could mean an unwelcome surprise for users who believed that embedding images, rather than hosting them directly, provides insulation against copyright claims.

Finally, much as I love Brewster Kahle, I'm afraid that his latest campaign marks a transition from internet hippie to "holy fool" – and maybe a broke one at that. His Internet Archive, the online library best known for maintaining the Internet Wayback Machine, makes scanned copies of books available to the public on terms that resemble a library's—one person gets one copy for a few weeks and then it goes to the next reader. The setup was arguably legal – and no one was suing – until Kahle decided to respond to covid-19 by letting people download more books than his company had paid for. Now he faces an ugly copyright lawsuit.

Speaking of ugly lawsuits, Mark MacCarthy and Paul Rosenzweig comment on the Center for Democracy and Technology's complaint that Trump violated tech companies' right to free speech with his executive order on section 230. (Reuters – NYT) I doubt this lawsuit will get far.

This Week in Working the Ref: Facebook and Mark Zuckerberg are facing harsh criticism from users, competitors, and civil rights organizations for failing to censor people those groups hate. (Ars Technica – Politico). Meanwhile, Snap scores points by ending promotion of Trump's account after concluding that his tweets about official action were incitements to violence. I can't help wondering what Snap would have done with FDR's December 8 "day that will live in infamy" speech.

Where is Nate Jones when you need him?  He would love this story: A Twitter user sacrificed a Twitter account to show that Trump is treated differently than others by the platform. Of course, the panel notes, that's pretty much what Twitter says it does.

In quick hits, I serve notice that no one should be surprised if Justice brings an adtech antitrust suit against Google. The Israeli government announces an attack on its infrastructure—long after it retaliated against Iran for launching the attack. And a pretty good state-level hacker – probably not the Russians, I argue – is targeting industrial firms.

Listen to Episode 319 here:

And download the 319th Episode here (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!