Debating FISA 215 after Pensacola

Episode 292 of the Cyberlaw Podcast

|

The apparent terror attack at Naval Air Station Pensacola spurs a debate among our panelists about whether the FISA Section 215 metadata program deserves to be killed, as Congress has increasingly signaled it intends to do. If the Pensacola attack involved multiple parties acting across US borders, which looked possible as we taped, then it would be just about the first such attacks since 9/11 – and exactly the kind of attack the metadata program was designed to identify in advance. Now may not be the best time to dump it, after all.

Nick Weaver tells us that China has resurrected the Great Cannon to attack a popular Hong Kong forum for protesters. The Cannon depends on users from outside China connecting without TLS to Chinese sites. I ask why Google hasn't started issuing warnings to Web users before letting them cross the Great Firewall without enabling HTTPS. That could spike the Great Cannon, but Google employees are too busy complaining about the United States government, I suggest. Meanwhile, Microsoft is working hard to make GitHub, an early Great Cannon victim, an essential part of China's IT infrastructure. Remarkably, we verify in real time that, despite the lure of the Chinese market, Microsoft has apparently not told GitHub to dump the content that offended the Chinese government.

In more China news, the trial lawyers are circling TikTok as though it were a wounded wildebeest on the veldt. A California class action alleges that TikTok harvested and sent data to China, and an Illinois class action charges the company with violating COPPA by marketing to children without sufficient privacy safeguards.

Paul Rosenzweig and I dig deep into the 20-year history behind DHS's now-abandoned proposal to conduct airport facial scans on US citizens leaving the country. We reach broad agreement that this is one of the rare privacy versus national security debates in which there's precious little privacy or national security at stake.

Matthew Heiman lays out the remarkable international food fight over taxes on digital business. USTR is threatening big tariffs on French wine to counter France's digital tax. Spain is apparently eager to join France in the fight. And the effort to work everything out at the OECD, where the EU has a 20-1 voting advantage over the US, has predictably not worked out well from the US point of view.

Cue the white cat: The United States has actually imposed sanctions on an entity called "Evil Corp." SPECTRE was apparently unavailable. Nick explains. This is part of criminal charges against two highly effective Russian bank hackers – and arguably a confession of weakness on the US government's part.

Meanwhile, Amazon's efforts to avoid tort liability for third-party sales on its site look to be suffering a long strategic defeat in the courts. The latest example is a Sixth Circuit ruling allowing plaintiffs to pursue product tort claims against the Internet giant.

I offer a quick update and some rare kind words for Nancy Pelosi, who is calling for modification of the North American free trade deal to drop the provision turning Section 230 of the Communications Decency Act into international law. This provision has garnered genuinely bipartisan opposition, so perhaps she'll prevail.

Paul gets stuck explaining two dog-bites-man stories. The FBI says any Russian app could be a counterintelligence threat. Well, what else would they say? And the European Commission, when asked what US regulation of encryption would mean for Europe, says more or less that the EU may have to escalate from eyebrow-lifting to throat-clearing.

Nick closes the program with advice about the new Android exploit that works (in the right circumstances) to compromise apps running on a fully patched and up-to-date Android phone.

Download the 292nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.