The FBI laughs last

We begin this episode with Michael Ellis taking a close look at the U.S. government's takedown of the REvil ransomware gang. It's a good story for the good guys, as REvil seems to have been brought down by the same tool it used against so many of its victims – malware that lingered in the backup data needed to restore the network. I note that this seems to be a continuation of efforts that were interrupted in the early summer – amid criticism that the FBI had prioritized its planned takedown over giving victims the decryption key. Now that the takedown has happened, it looks like the FBI is getting the last laugh.

The U.S. is trying. Michael thinks that the effort to hold Putin responsible for stopping Russian ransomware gangs is set back by recent statements in which the Pentagon raised doubts about whether Putin actually has the ability to stop the attacks.

One technology where Russia's does have more capability than expected is, naturally, its ability to censor and suppress criticism, both on domestic and Western platforms. David Kris discusses the kinds of hostages Russia has learned to take, and its success in bringing Western social media to heel.

The U.S. Commerce Department has released a complex new rule for the export of network intrusion tools. Meredith Rathbone, from Steptoe's trade regulation practice, boils the rule down to a few soundbites. The short version? Commerce has done a pretty good job of protecting legitimate distributors of intrusion software, but even the good guys are going to have to save a lot more receipts.

Michael and Paul Rosenzweig reprise the latest news about content moderation, particularly Twitter's own study showing that its algorithms benefit more conservative than left-wing content. That raises the question whether right-leaning commentary and news is more popular because more people want it. If so, the employees at Facebook are determined to keep it from them; recent leaks show aggressive internal efforts to squash Breitbart's reach on the platform.

David and I unpack Ian Bremmer's Foreign Affairs article on "How Big Tech Will Reshape the Global Order." David sees more in the piece than I do.

Paul and Michael kick off a discussion of US negotiations with the EU over transatlantic data flows. But in no time, all four of us join in. We offer some solutions, and plenty of criticism for the EU. (Okay, maybe "the continent that invented hypocrisy" was a little harsh.)

David notes that NSA is pursuing more collaboration with the private sector. How well that will work out is still TBD, we agree.

In quick hits and updates:

• I note with irony that Frances Haugen has discovered the limits of criticizing Facebook.  Whatever you do, you can't criticize WhatsApp's growing use of end2end encryption, even if it does allow the service to ignore foreign cyberespionage.
• Trump and TRUTH are together at last, and Paul has the details. Bottom line: it feels like a typical Donald Trump production: great hype, plenty of controversy, and weak execution.
• Hackback, isn't dead, it turns out, yet. I discuss the political and business advocates for a kinder, gentler version of private hackback, modeled on private investigators.

Download the 380th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.