Raven mad

In this episode, Dave Aitel and I dig into the new criminal law the House intelligence committee has proposed for workers at intelligence agencies. The proposal is driven by the bad decisions of three intel agency alumni who worked for the UAE under the sobriquet of Project Raven, doing phone hacking and other intrusions that the U.S. government would not have approved. Dave criticizes the broad language of the House provision, its assumption that hacking for the government teaches things you can't learn in the private sector, and the use of criminal penalties where reporting obligations would suffice. Those interested in more details can download a podcast on the topic released by the Association of Former Intelligence Officers.

Maury Shenk and I explore the FCC's decision to kick China Telecom off the U.S. telecommunications network. My view: this decision was overdetermined, a perfect storm of bad politics, poor decisions by China Telecom, and the fact that no American company has ever been licensed to do in China what China Telecom was allowed to spend 20 years doing in the United States.

We also dig into the proposal of a global regulatory alliance, the Financial Action Task Force ("FATF"), to impose some fairly strict requirements on cryptocurrency transactions.  A lot of companies are criticizing the proposal, but unlike five years ago, their advocacy has to contend with the rise of an entire ransomware industry that depends on cryptocurrency.

The EU, meanwhile, is struggling to implement sanctions for cyber-attacks. As usual, Europe is its own worst enemy, tied down by excessive politicization, weak intelligence collection made weaker by a lack of sharing, and aggressive judicial oversight.

Maury and I track down a tip about France trying to turn cloud security standards into a weapon for excluding U.S.-owned cloud providers. It wants the big cloud companies deemed insecure because they aren't immune to U.S. legal process. But neither are the "big" European champions, since they too are almost certainly subject to U.S. jurisdiction. So not only will  the proposed standard leave EU buyers of cloud services stuck with providers whose market share is 2% on a good day, they still won't be safe from the long arm of U.S. discovery. European data protection policy at its finest!

We briefly consider Facebook whistleblower Frances Haugen's flirtation with criticizing Facebook for adopting end-to-end encryption ("e2e"). Once she discovered that criticizing e2e encryption is Not Acceptable Behavior, however, she retreated into a cloud of incomprehensibility.  I have captured the moment in my latest effort to turn cyber policy into cartoons.

Download the 381st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.