The Grim Lessons of the SolarWinds Breach

Episode 343 of the Cyberlaw Podcast

|

Episode 343 of the Cyberlaw Podcast is a long meditation on the ways in which technology is encouraging other nations to exercise soft power inside the United States. I interview Nina Jankowicz, author of How to Lose the Information War on how Russian disinformation has affected Poland, Ukraine, and the rest of Eastern Europe – and the lessons, if any, those countries can offer a divided United States.

In the news, Bruce Schneier and I dig for more lessons in the rubble left behind by the SolarWinds hack. Nobody comes out looking good. Persistent engagement and defending forward only work if you're actually, you know, engaged and defending, and Russia's cyberspies managed (not surprisingly) to hide their campaign from NSA and Cyber Command. More and better defense is another answer (not that it worked during the last 40 years it's been tried). But whatever solution we pursue, Bruce makes clear, it's going to be expensive.

Taking a quick break from geopolitics, Michael Weiner gives us a rundown on the new charges and details (mostly redacted) in the Texas case against Google for monopolization and conspiring with competitor Facebook. The scariest thing about the case from Google's point of view, though, may be where it's been filed. Not Washington but the Eastern District of Texas, the most notoriously pro-plaintiff, anti-corporate jurisdiction in the country.

Returning to ways in which foreign governments are using our technology against us, David Kris tells the story of the Zoom executive who used pretextual violations of terms of service to take down speech the Chinese government didn't like, censoring American efforts to hold a Tiananmen memorial. The good news: he was charged criminally by the Justice Department. The bad news: I can't help suspecting that China learned this trick from the ideologues of Silicon Valley.

Aaand, right on cue, it turns out that China's been accused of using its 50-cent army to file complaints of racism and video game violence against Americans using the platform to criticize China's government, a tactic the target claims is getting YouTube to demonetize his videos.

Next, Bruce points us toward a deep and troubling series of Zach Dorfman articles about how effectively China is using technology to vault over US intelligence agencies in the global spying competition.

Finally, in quick succession:

  • David Kris explains what's new and what's not in Israel's view of international law and cyberconflict.
  • I note that President Trump's NDAA veto has been overridden, making the cyberczar and DHS's CISA the biggest winners in the cyber policy arena.
  • Bruce and I give a lick and a promise to the FinCen proposed rule regulating cryptocurrency. We're both inclined to think more reregulation is worth pursuing, but we agree it's too late for this administration to get anything on the books.
  • David Kris notes that Twitter has been fined around $550 thousand over a data breach filing that was a few days late – a fine imposed by the Irish data protection office in a GDPR ruling that is a few years late.
  • Apple has lost its bullying copyright battle against security start-up Corellium but the real risk to Corellium may be in the as-yet unresolved claim for violation of the DMCA.
  • And the outgoing leadership of DHS is issuing new warnings about the cyber risks of using Chinese technology, this time touching on backdoors in TCL smart TVs and the risk of compromise from Chinese data services.

Download the latest episode here.

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.