An end to end-to-end encryption?
Episode 407 of the Cyberlaw Podcast
Is the European Union (EU) about to save the FBI from Going Dark by essentially outlawing end-to-end encryption? Jamil Jaffer and Nate Jones tell us that a new directive aimed at preventing child sex abuse might just do the trick. That view is backed by people who've been fighting the bureau on encryption for years.
The Biden administration is prepping to impose some of the toughest sanctions ever on Chinese camera maker Hikvision, Jordan Schneider reports. No one wants to defend Hikvision's role in enabling China's Uyghur policy, but I'm skeptical that we should spend all that ammo on a company that is far from the greatest national security threat we face. Jamil is more comfortable with the measure, and Jordan reminds me that China's economy is shaky enough that it may not pick a fight to save Hikvision. Speaking of which, Jordan schools me on the likelihood that Xi Jin Ping's hold on power will be loosened even by a combination of the Chinese tech downturn, harsh pandemic lockdowns, and the grim lesson provided by Putin's ability to move without check from tactical error to strategic blunder and then to historic disaster.
Speaking of products with more serious national security impact than Hikvision, Nate and I try to figure out why the effort to get Kaspersky software out of U.S. infrastructure is still stalled. I argue that the Commerce Department should take the blame.
In a rare triumph of common sense and science, the wave of dumb laws attacking face recognition may be receding as lawmakers finally notice what's been obvious for five years: The claim that face recognition is "racist" is false. Virginia, fresh off GOP electoral gains, has revamped its law on face recognition so it now more or less makes sense. In related news, I puzzle over why Clearview AI accepted a settlement of the ACLU's lawsuit under Illinois's biometric law.
Nate and I debate how much authority Cyber Command should have to launch actions and intrude on third country networks without going through the interagency process. A Biden White House review of that question seems to have split the difference between the laissez-faire spirit of the Trump administration and the analysis-paralysis of the Obama years.
Quelle surprise! Jamil concludes that the EU's regulation of cybersecurity is an overambitious and questionable expansion of the U.S. approach.
The EU may not be alone. Jordan notes the Defense Department's effort to keep small businesses who take its money from decamping to China once they start to succeed. Jordan and I fear that the cure may be worse than the disease.
I get to say I told you so about the unpersuasive and cursory opinion issued by United States District Judge Robert Pitman, when he enjoined Texas' social media law. The Fifth Circuit has overturned his injunction, so the bill will take effect, at least for a while. In my view some of the provisions are constitutional and others are a stretch; but Judge Pitman's refusal to do a serious severability analysis means that all of them will get a try-out over the next few weeks.
Jamil and I debate geofenced search warrants and the reasons why companies like Google, Microsoft and Yahoo want them restricted.
In quick hits,
- Jamil and I trade views on whether the Biden White House has effectively managed the lagging implementation of its landmark cybersecurity executive order.
- I note the important new protocol for implementing the Budapest Convention. On the principle that you can judge a policy by its enemies, this protocol is looking pretty good.
- Jamil highlights a study – by Europeans, no less – that suggests that General Data Protection Regulation (GDPR) is killing innovation in the Android app market.
- Jamil also flags a new study of the Chinese Offensive Cyber Landscape.
- And I suggest that the event with the biggest tech policy impact last week may have been none of these things; the real policy driver may turn out to be the meltdown in tech stocks generally and in cryptocurrency values in particular.
Download the 407th Episode (mp3)
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.