The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

Crime

Privacy zealots undermine security. Again.

Episode 213 of the Cyberlaw Podcast

|The Volokh Conspiracy |


In a news-only episode, we get a cook's tour of the RSA conference from attendees Paul Rosenzweig, Jim Lewis, and Stewart Baker. Instead of spending a week at RSA, you can listen to us talk for five minutes about the top trends we saw at RSA: more nations attacking cybersecurity firms over attribution, more companies defending themselves outside their own networks (aka hackback), and growing (if still modest) respect for DHS's role in cybersecurity. Oh, and Microsoft's Digital Geneva Convention is still a mashup of profound naïveté and deep cynicism, but Microsoft's Cyber Tech Accord may do better – at least until the FTC gets hold of it.

In other news, ZTE is being hammered for showing contempt for US export control enforcement. But the back-splatter on US suppliers will be severe as well. The United States is picking a big, big fight with China on the future of technology, and it's going to need a strategy.

Speaking of fights, Telegram is in a doozy with Russia over its refusal to supply crypto keys to the government. It looks as though Telegram's use of Google and other domains as proxies ("domain fronting") is making it hard for Russia to work its will without harming other internet companies. So far, Russia seems willing to do just that, but the game isn't over yet.

In what may be related news, Google is engineering domain fronting out of its products. The press's whining about the civil liberties implications of Google's moves triggers a classic Baker rant about how privacy zealots don't really care about security – since they're trying to preserve domain fronting despite its role in defeating network security and facilitating crime.

And while my rant is rolling, why not include the EU's shameful drive-by execution of the WHOIS database. I call on the Obama NTIA officials who killed off our last leverage over ICANN to apologize to Ted Cruz for the debacle. Don't hold your breath.

Maury Shenk lays out the remarkable parallelism between the US CLOUD Act and a new EU regulation on cross-border data sharing for law enforcement. This foretells a big change for internet companies.

Finally, or nearly so, Paul unpacks the way in which liability for the SWIFT hacks may drive cybersecurity standards for banks.

And in closing, I note that China is now the clear leader in face recognition, having found a single suspect in a crowd of 60,000 concertgoers using the technique. It's the leader not because of China's technical strength, though that's impressive, but because of Silicon Valley's politically correct refusal to develop such tools. Remember that stance when law enforcement agencies end up buying Chinese face recognition tech and then pay the cybersecurity price.

The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, click here.

And if you're wondering what happened to episode 212, I was at RSA and missed it, but the writeup is here.