Click Here to Kill Everybody

Episode 230 of the Cyberlaw Podcast


We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone whom I respect a lot more than I agree with. But his latest book opens new common ground between us, as we both foresee a darker future for a world that is digitally connecting things that can kill people—without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley's future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution.


In the News Roundup, I ask Jamil Jaffer, Nate Jones, and David Kris for the stories that people who took August off should go back and read. Jamil nominates the fascinating-as-a-slow-motion-car-wreck story of Maersk's losing battle with NotPetya. We speculate on whether the Russians caused $10 billion in worldwide damage by mistake or on purpose, and whether anyone other than a US government lawyer would call that indiscriminate attack a war crime.

David nominates the 179-page complaint against a North Korean hacker behind most of that country's famous hacks. And, as a palate cleanser, the remarkable, score-settling, where-are-they-now story of the companies that challenged the FBI's attribution of the Sony hack to North Korea.

Finally, I suggest spending some time with what might be called DCLeaks for good guys: Intrusion Truth, a website devoted to outing personal details about the government hackers who have been attacking Western companies. It (and Crowdstrike) provides an old-fashioned pantsing of China's Ministry of State Security (MSS) – the sort of embarrassing doxing that allowed the MSS to take over much of China's cyberespionage portfolio from the hapless People's Liberation Army after it was outed several years ago.

In other news, a Five Country Ministerial (homeland security and immigration ministers from the US, UK, Australia, Canada, and New Zealand) issued a statement on encryption that seemed to threaten action, saying that if tech companies don't address the ministers' concerns, "we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions." While this group isn't really the "Five Eyes" of SIGINT fame, that's not very comforting for Big Tech, since the statement suggests a wider coalition and another step forward in the effort to bring Big Tech to heel on the issue.

Download the 230th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

NEXT: Stanford Prof. Michael McConnell on the Kavanaugh Nomination

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. “Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring.”

    If the security regulations help secure my credit card, bank info, PII, etc., then I’m all for it.

    If the security regulations are to somehow an attempt to secure or regulate social media (e.g. Facebook, Twitter, etc.), then that ain’t gonna happen.

    A Russian, Chinese, Israeli, etc., has a constitutional right to post anything they want on a social media platform–subject to that company’s rules and that the speech doesn’t break the law (libel, insurgency, etc.).

    1. You can’t really separate social media from the PII issue (or a couple other ones frankly).

      While foreigners certainly have a right to post, the issue becomes more complex once we start examining automated means of posting (whether it’s as a result of scheduled prescripts, or a full on bot, or something in between), we are to some degree in untested waters here legally speaking, a situation further complicated when the posts relate to elections or other situations where the government’s interest is substantial or even compelling.

      Hard to predict exactly what the contours of future 1A jurisprudence will look like, but ‘ain’t gonna happen’ strikes me as a bit too blithe, particularly given the current political environment.

  2. Fake headline… I clicked and nothing happened.

Please to post comments