Black swans, black ops, BlackCube, and red herrings

Episode 249 of the Cyberlaw Podcast


In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to US cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of a few years.

In the news, I ask my partner Phil Khinda whether the $29 million Yahoo breach settlement opens a new front in breach derivative litigation or is a black swan event. He says it's more of a red herring – and explains why.

This week in black ops: I ask Nate Jones to comment on the tradecraft used in an apparent effort to smear Citizen Lab for its reports on NSO. My take: This feels a lot like what BlackCube did for Harvey Weinstein, except that this was the low-budget version.

I'm not sure the indictments are working. The Russians are so far from being shamed that now they're engaged in fake hacking. Dr. Megan Reiss notes Special Counsel Mueller's recent claim that Russians are leaking discovery materials and pretending they came from a hack of the counsel's office. Remember the remarkably adroit robot that turned out to be a Russian in a robot suit? That's what this reminds us of.

Maury Shenk and I discuss Google's latest imitation of Apple's "law enforcement lockout" feature and Google's claim that hurting law enforcement was an "unintended side effect." I call BS.

Maury also notes the flap over a flaw in Apple's FaceTime that allows for eavesdropping. Predictably, New York State is investigating.

And in possibly related news, Apple went out of its way to publicly embarrass Facebook and Google over their use of corporate certificates to sideload apps to record the browsing habits of paid volunteers. I'm not convinced that the fuss is justified. Whatever those users sold their data for, it's a lot more than I'm getting.

Quick hits:

This week in dogs biting men: Ukraine says Russia is trying to disrupt its upcoming election, and the Pentagon is reportedly failing to stay ahead of cyber threats. Megan covers the first and Nate the second.

I offer one and a half cheers for Japan's pioneering and mildly intrusive survey of bot-vulnerable IoT devices. Unfortunately, it's not intrusive enough to really address the problem.

Finally, EPIC is calling on the FTC to impose a $2 billion fine, structural changes, and more on Facebook, claiming that "the algorithmic bias of the [Facebook] news feed reflects a predominantly Anglo, male world view." If you still need evidence that privacy law is the legal equivalent of a Twitter mob – an always-ready tool for punishing unpopular views – EPIC's filing should do the trick.

Download the 249th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

NEXT: Encouraging Civil Discourse at a Time of Partisan and Ideological Bitterness

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Love this podcast. But every episode not only needs Nick Weaver, but a whole lot more Nick Weaver. In fact, the best podcast would be just Baker and Weaver in friendly arguments.

  2. “And in possibly related news, Apple went out of its way to publicly embarrass Facebook and Google over their use of corporate certificates to sideload apps to record the browsing habits of paid volunteers.”

    My first reaction was, “At least they got paid. Usually the personal data is just stolen.”

    But after reading a bit further, I see that FB was, in fact, contractually prohibited from using this “side loading” technique to send apps to anybody but its own employees, and “If we pay them anything, they’re an employee.” was a bit of a stretch. So, fair cop.

  3. I’ve got a feel that Mueller has sleeper cells of agents from various parts of the federal alphabet all keeping round the clock surveillance of everyone on his team and each other in an atmosphere of intense paranoia, and ironically that’s actually when the Russians got involved, realizing they could play all these factions and agents against each other with just enough information from here and there that meant they had more than any one taskforce/cell/agent in Mueller’s web of spooks. Directed by Oliver Stone.

Please to post comments