Congress's 2021 cybersecurity agenda

Our interview is with Mark Montgomery and John Costello, both staff to the Cyberspace Solarium Commission.  The Commission, which issued its main report more than a year ago, is swinging through the pitch, following up with new white papers, draft legislative language, and enthusiastic advocacy for its legislative recommendations, many of which were adopted last year. That makes it the most successful of the many cybersecurity commissions that have come and gone in Washington. And it's not done yet. Mark and John review several of the most important legislative proposals the Commission will be pursuing this year. I don't agree with all of them, but they are all serious ideas and it's a good bet that a dozen or more could be adopted in this Congress.

In the news roundup, David Kris and I cover the FBI's use of a single search warrant to remove a large number of web shells from computers infected by China's irresponsible use of its access to Microsoft Exchange. Deploying a search warrant (or, more accurately, a seizure warrant)requires a far-reaching interpretation of federal criminal Rule 41. But despite valiant efforts, David is unable to disagree with my earlier expressed view that the tactic is lawful.

Brian Egan outlines what's new in the Biden administration's sanctions on Russia for its SolarWinds exploits. The short version: While some of the sanctions break new ground, as with the restrictions on Russian bonds, they do so cautiously.

Paul Rosenzweig, back from Costa Rica, unpacks a hacking story that has everything – terrorism, the FBI, Apple, private sector hacking, and litigation. Short version: we now know the private firm that saved Apple from being ordered to hack its own phone. The hacking was done instead by an Australian firm named Azimuth that apparently only works for democratic governments but that is nonetheless caught up in Apple's bully-the-cybersecurity-researchers litigation campaign.

Gus Hurwitz talks to us about the seamy side of content moderation (or at least one seamy side) – the fight against "coordinated inauthentic behaviour."

In quicker takes, Paul gives us a master class in how to read the intel community's Annual Threat Assessment.  David highlights what may be the next Chinese  telecom manufacturing target, at least for the GOP. I highlight the groundbreaking financial industry breach notification rule that has now finished the comment period and is moving toward adoption. And Gus summarizes the state of Silicon Valley antitrust legislation:  Everyone has a bill, so no one is likely to get a bill.

Download the 358th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.