It turns out that the most interesting policy story about Kaspersky software isn't why the administration banned its products from government use. It's why the last administration didn't. Shane Harris is our guest for the podcast, delving into the law and politics of the Kaspersky ban. Along the way, I ask why the Foreign Sovereign Immunities Act, which allows suits against foreign governments for torts committed in the United States, shouldn't allow suits against foreign governments that hack computers located in the United States.
In the news, the House comfortably adopts a bill to reauthorize 702 surveillance; the Senate is expected to act today as well. While the House bill makes some changes to the law, it endorses the most moderate of the reform proposals.
In case you haven't heard, Apple is handing off its iCloud operations in China to a local cloud storage company – with none of the histrionic civil liberties posturing the company displays in the United States. Whose data is being transferred to the tender mercies of the Chinese authorities? Who knows? Not Apple, which can't even send out notices to its customers without getting confused about who's covered by the new policy.
It's a threepeat for state authority to make online companies collect sales tax from their customers. The Supreme Court has agreed to reconsider a dormant commerce clause doctrine that it has already affirmed twice.
I apologize to Uber for snarking on their "bounty" payment of $100,000 to a hacker who exposes a serious security flaw and gained access to large amounts of personal data. A good New York Times article demonstrates that the decision to pay up was at least plausibly justified. But as if to demonstrate why the company never gets the benefit of the doubt, Bloomberg reports on Uber's latest scofflaw-ware scandal. Luckily for journalists everywhere, Uber continues to adopt colorfully damaging nicknames for its scofflaw-ware. In this case their product locked or deleted data sought by local law enforcement with the touch of a panic button. It was named, of course, after Sigourney Weaver's character, Ripley, who declared that the only way to deal with an alien-infested installation was to "nuke it from orbit."
Sheila Jackson-Lee gets an admiring mention for winning House passage of a cyber vulnerability disclosure bill that is probably nuanced enough to be adopted by the Senate as well.
And Deputy Attorney General Rosenstein makes a short pitch for "responsible" encryption that actually manages to move the debate forward a step.
Talk about 21st century warfare. Russia is claiming it fought off swarms of drones with cyberweapons. As Nick Weaver points out, that's just the beginning.
Brian assesses the state of CFIUS reform legislation and the claim that Sen. Cornyn's bill would result in CFIUS's regulation of technology transfers that would be better addressed through export controls.
Finally, having already critiqued Apple and Uber, I feel obliged to offer equal time to Twitter, which remarkably can't even identify advertisements that invite users to log on to fake Twitter sites and steal their credentials. If you want to understand the worst of Silicon Valley, I argue, you shouldn't look to the big rich companies; it's the struggling would-be unicorns who show what the Valley really cares about. And security ain't it. Speaking of which, where is that Ad Transparency Center that Twitter promised any day now back in the fall of 2017?
As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.