China v. the neocoms

Episode 225 of the Cyberlaw Podcast


Our interview is with Gen. Michael Hayden, author of The Assault on Intelligence: American National Security in an Age of Lies. Gen. Hayden is a former head of the CIA and NSA, and a harsh critic of the Trump Administration. We don't agree on some of his criticisms, but we have a productive talk about how intelligence should function in a time of polarization and foreign intervention in our national debates.


General Michael Hayden and Stewart Baker

In the news, David Kris reports that ZTE has gotten a limited life-support order from the Commerce Department. Meanwhile, Nate Jones tells us that China Mobile's application to provide telecom service to Americans is also likely to bite the dust – after nearly seven years of dithering. Taking advantage of my preview of stories on Facebook, Tony Rutkowski suggests we call this the revenge of the "neocoms." So we do.

Remarkably, the European Parliament fails to live down to my expectations, showing second thoughts about self-destructive copyright maximalism. Nick Weaver thinks this outbreak of common sense may only be temporary.

Paul Rosenzweig confesses to unaccustomed envy of EU security hardheadedness. Turns out that Europe has been rifling through immigrants' digital data in a fashion the Trump Administration probably wouldn't dare to try. More predictably, the Israelis are digging deep into social media to combat the stabbing attacks that afflicted the country until recently.

The DNC is trying to improve security, and it has trained 80% of its staff not to click on bad links. But as Nick Weaver and Paul Rosenzweig point out, that's not good enough – even though there are few institutions that can get much above the DNC's 80%. The answer? Nick says it's two-factor authentication. We join forces to nudge Firefox toward offering the same level of support for 2FA as Google Chrome.

The feds are getting wise to the Dark Web, Nick tells us. They're focusing on compromising the money launderers – and then their customers. This looks like a strategy that could work for the long haul.

Finally, David Kris revisits NSA's still-troubled metadata program, asking whether "the juice is worth the squeeze."

We're going to keep tweeting and posting some of the week's stories that look like candidates for the News Roundup. Please reply to or retweet those you think we should cover. Relevant feeds: @stewartbaker on Twitter, Stewart Baker on LinkedIn, and stewart.a.baker on Facebook.

Download the 225th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Send your questions, comments, and suggestions for topics or interviewees to or leave a message at +1 202 862 5785. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

NEXT: The Trump Administration Should Conduct a "Disparate Impact Inventory"

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Want to know why libertarians can’t win . . . can’t become competitive or effective . . . and can’t even become respected or respectable?

    A self-identified libertarian publication regularly offers the authoritarian stylings of a big law firm’s bunch of big-government surveillance-and-secrecy enthusiasts, as part of a polemical movement conservative blog with a thin and “libertarianish” (from a lone libertarian blogger) veneer.

    Faux libertarians aren’t the worst kind of libertarians . . . because they are not libertarians, despite the unconvincing drag in which they masquerade.

  2. My campus has required 2FA (for faculty/staff and moving tor requiring it for the students) and instead of relying on browsers has adopted the Duo smartphone app. It has resulted in a dramatic decrease in successful phishes, versus the previous training.

  3. The 2FA criticism of Firefox is mistaken. (I say that as a Firefox developer, but not on the crypto code. I just keep an eye on standards progress.)

    Chrome’s U2F API hasn’t been standardized, and Firefox isn’t implementing it, because it’s baroque. Instead, Firefox and Chrome (with others following) now both support the new Web Authentication standard.

    So why doesn’t Gmail use Web Authentication? Good question.

    And why is Google saying Firefox will add U2F support, when there definitely people at Google who know that’s not true? Either someone unknowingly erred in speaking to you, or you talked to someone who actively lied to you. Either way, leaving you thinking you ought to use Chrome, and that Firefox is behind the times, benefits Google.

    When will Google implement 2FA login using Web Authentication? Who knows. Meanwhile they can pretend to be cutting-edge and look good to people who don’t know Google’s login system is Chrome-proprietary. Unfortunately, Google keeping users thinking “Google only works in Chrome” is super-common: 🙁

    1. And here are a few URLs backing up that last contention (apologies for URL shorteners, Reason site doesn’t let me post comments with “words” longer than 50 characters): — Google’s mobile search interface being downgraded in Firefox versus Chrome for no reason — Google shipping Chrome-only Google Earth for 6+ months — AdWords experience “optimized” for Chrome

Please to post comments