GDPR and the Typhoid Marys of the Internet

Episode 220 of the Cyberlaw Podcast


GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is WHOIS, as German courts ride to the rescue of insecurity — in the name of privacy.

Also probably to be expected, at least for those who have paid attention to the history of technology regulation: The biggest companies are likely to end up boosting their market dominance.

Less expected: The decision of some big US media to just say no to European readers, recognizing them as the Typhoid Marys of the Internet, carrying a painful and stupid regulatory infection to every site they visit.

In other unsurprising news, Gus Hurwitz and Megan Reiss note, Kaspersky has now lost both its lawsuits against US government bans in a single district court ruling.

In genuinely troubling news, Iran is signaling a willingness to attack US industrial controls, which run the electric grid and pipelines and sewage systems, using the same malware it used against the Saudis. Since Iran was willing to launch DDoS attacks on US banks the last time negotiations over its nuclear program hit a snag, this is a threat that needs to be taken seriously.

The good news is that the US government released two reports this week on how to we'll respond to both threats — cyberattacks on our grid and DDoS attacks on our web companies. The bad news is that both reports suck. If you were feeling optimistic before this, I argue, a close reading of the reports will leave you with a sinking feeling that this is the fourth administration in a row without a clue about how to deal with such attacks.

Quick Hits

Russia wants Apple's help in subduing Telegram, Maury reports. I predict that Tim Cook will fold like a cheap lawn chair. I'm guessing that it's really only American law enforcement that he's willing to thwart.

North Korea is getting credit for peacemaking while spreading malware to US and South Korean infrastructure. A lot of the attacks are enabled by phishing emails built around hot news about the Trump-Kim summit. Which, come to think of it, may be the real reason Kim keeps turning the summit off and on: He's got to generate clickbait for all those phishing emails.

Trump wants to relieve ZTE of its company-killing Commerce sanctions, but Congress may not let him. Hardest hit? Paul Ryan, who'll have to decide whether to let the House take a free vote to thwart the President on national security grounds.

Gus takes us quickly through the next big security issue: IMSI catchers and SS7 exploitation. This is a big problem, or really two big problems that are bound to get real media attention – just as soon as civil liberties groups figure out how to blame them on Trump.

In other news, I'll be hosting a Reddit AMA on r/legaladvice on June 6 starting at 2pm ET. The best questions may be read in the next episode, so be sure to contribute. You can find more information in the announcement here.

Download the 220th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

NEXT: The Court's Religious Discrimination Reasoning in the Masterpiece Cakeshop Case

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Dear Stuart,

    On behalf of all of Europe I apologise wholeheartedly for the fact that you might, accidentally, end up having some privacy. I promise that protecting Americans’ privacy was in no way the intention of this legislation.

    Kind regards,


    P.S. If the LA Times can’t understand what the GDPR means, I wonder what else they’re not getting that they really ought to. I mean, they’re a newspaper. Investigating and understanding things is sorta what they do for a living.

    1. The fact is the LA Times understanding this law and the implication better than Europeans do.

      Europe has profoundly less privacy in total. It contains some of the most egregious surveillance states in the world, Germany, France and the UK. And the LA Times well understands the implications.

      Europe’s feudal history means have been conditioned to accepting more and more control by government. In this case government having an unfettered (and broader) monopoly on personal data.

      There is a reason why governments in Europe are pressing new freedom of expression and speech thought the EU Courts on privacy grounds, and now they are making those grounds broader.

      Ever the enemies of small business, the EU is also adding $250,000 to start up coasts of any, even single person, start up

  2. Cruise missiles targeting communications infrastructure are a good way to respond to those attacks. Or, if the attacks are very damaging, cruise missiles taking out the power infrastructure of the country launching the attacks.

  3. I did a Yahoo! search on “Trump Kim meeting” and got returns on
    Kim Kardashian Speaks Out About Meeting Trump and
    Trump: Meeting with Kim Jong-un to take place on June 12

  4. If you have been using WPX Hosting for the last few years then you might have noticed their GDPR which recently started implementing on it but did you ever know that WPX Hosting cost a lot of money but you don’t need to pay full invoice because you can get a half hosting invoice off using a few WPX Hosting Coupon Codes that I’m going to share with you below.

Please to post comments