Senators Markey and Blumenthal bury the lede

Episode 211 of the Cyberlaw Podcast


Our interview is with Chris Bing and Patrick Howell O'Neill of Cyberscoop. They've broken two cyberscoops in the last week or so. First, an in-depth look at Kaspersky's outing of a US cyberespionage program aimed at foreign terrorists. Hint to Kaspersky: Bringing out a brass band to warn terrorists that are being tracked by the US government is not likely to help you win your PR and legal battles in the United States. Chris Bing also covers his other scoop – the surprisingly advanced talks among the leaders of the Senate Judiciary Committee on a bill to address the FBI's "going dark" problem.

In the news, Jennifer Quinn-Barabanov and I debate the impact of two recent incidents on the future of self-driving cars. She thinks they'll weather these events, and that the lives such cars save will outweigh the deaths. I'm less sure, mainly because the mistakes that lead to autonomous vehicle deaths are so different from the usual human-driver error and therefore inherently compelling and disquieting.

Nick Weaver and I cover the Grindr security flap and the company's transmission of HIV status without complete encryption protection. I think there's less to the story than meets the eye, and that Grindr is getting more heat than it deserves. Senators Markey and Blumenthal, on the other hand, deserve a lot more heat than they've gotten so far.

How clueless can they be to send thirteen "when did you stop beating your husband" questions to Grindr's CEO and not notice that he's based in Hong Kong? In fact, Grindr was bought last year by a Chinese company. Neither senator, though, bothers to ask where this authoritative database of gay American men is stored and what access the Chinese government has to it. Or how that deal got through CFIUS. Sad! To coin a phrase.

Nick covers the big new IOT botnet's tryout and asks why it was the banks that got attacked. I've got some theories, as does Nick. Along the way, he dispenses advice for people who have just realized that the router is probably the weakest link in their home network security.

When does the first amendment allow researchers to violate websites' terms of service? Judge Bates has some preliminary answers in the Sandvik case, says Brian Egan, who thinks the case may turn into an important and perhaps unhappy ruling for websites.

In other topics, Softbank is getting a CFIUS workout. YouTube's demonetization policy leads to a mass shooting and suicide at company headquarters. Stingrays blanket DC. And Keeper can't even get through a news cycle about its lame lawsuit without another story about its lame security.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices.

As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to or leave a message at +1 202 862 5785.

Download the 211th Episode (mp3).

Subscribe to The Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

NEXT: In Decryption Cases, Don't Forget the Fourth Amendment

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. It’s funny; At first I thought the reference to the FBI’s “going dark” problem was to their increasing resistance to Congressional oversight…

    1. I wonder if the hacker’s playlist includes The Doors “Backdoor Man”.
      As if backdoors couldn’t be used for entry by burglars as well as by police.

      1. Backdoors being used by hackers? Sorry, we’re reliably informed by commenters here (see the previous Cyberlaw Podcast post’s comment thread) that such notions are liberal BS. *rolls eyes*

    2. I’m not one to take accusations of bad faith lightly, but Nunes has not been playing in good faith.

      I have no problem if the FBI is taking time to address concerns that materials given to him are going to get leaked or worse cherry-picked into some false-light buffoonery.

    3. Hah! I had the same thought. But back to the “issue” they’re complaining about, 1992 called… are they trying to classify encryption as a “military weapon” again? Try as they might, they won’t be able to force a crippled version of the encryption on people who want to get around it. We’ll just install programs that refuse to play their game.

  2. As an Information Security professional its insulting enough that Mr. Baker is considered an “expert” by some on information security (and to be clear – he is considered a joke by most – assuming they even heard of him). But as someone who happens to be gay its further insulting that Mr. Baker makes completely ignorant and insulting comments about gay men.

    And for the record the Grindr situation was completely overblown. But that doesn’t make up for Mr. Baker’s ignorance on basic information security concepts and technology.

  3. I have also thinking impact of recent incidents on the future of self-driving cars. It will take time but days are not away when whene there will self draving car in the market. we can trust technology.

Please to post comments