"The first thing we do, let's hack all the lawyers"

In this episode, Dave Aitel introduces us to a deliciously shocking story about lawyers as victims—and maybe co-conspirators—in the hacking of law firms to win legal disputes.  The trick, it turns out, is figuring out how to benefit from hacked documents without actually dirtying one's hands with the hacking. And here too, a Shakespearean Henry (II this time) has the answer: hire a private investigator and ask "Will no one rid me of this meddlesome litigant?" Before you know it, there's a doxing site full of useful evidence on the internet.

But first Dave digs into an intriguing but flawed story of how and why the White House ended up bigfooting a possible acquisition of NSO by L3Harris. Dave spots what looks like a simple fact error, and we are both convinced that the New York Times got only half the story. I suspect the White House was surprised by the leak, popped off about how bad an idea the deal was, and then was surprised to discover that its intelligence community had signaled support.

That leads us to the reason why NSO has continuing value – its ability to break Apple's phone security. Apple is now trying a new way to reinforce security: its new, more secure and less convenient lockdown mode. Dave gives it high marks, and he challenges Google to match Apple's move.

Next, we dive into the US effort to keep Dutch firm ASML from selling chip-making machines to China. Dmitri Alperovich makes a special appearance to urge more effective use of export controls; he cautions, however, that the US must impose the same burdens on its own firms as on its allies'.

Jane Bambauer introduces the latest government proposal to take a bite out of crime by taking a bite out of end-to-end (e2e) encryption. The U.K. has introduced an amendment to its pending online safety bill that would require regulated user-to-user services to identify and swiftly take down terrorism and child sex abuse material. Identifying such material isn't easy in an e2e environment, Jane notes, so this bill could force adoption of the now-abandoned Apple proposal to do local scanning on your phone. I'm usually a cheap date for crypto-skeptical laws, but I can't help noticing that this proposal will stir up 90% as much opposition as requiring companies to intercept communications when they get a court order while  addressing only 10% of the crimes that occur on e2e networks.

Jane and I take turns pouring cold water on journalists, NGOs, and even Congress for their feverish effort to turn the Supreme Court's abortion ruling into a privacy issue. Dumbest of all, in my view, is the claim that location services will be used to gather evidence and prosecute women who visit out of state abortion clinics. As I point out, such prosecutions couldn't even muster five votes on this Court.

Dave spots another doubtful story about Russian government misuse of a red team hacking tool. He thinks it's actually a case of a red team hacking tool being used by … a red team.

Jane notes that Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has announced a surprisingly anodyne (and arguably unnecessary) post-quantum cryptography initiative.  I'm a little less hard on DHS, but only a little.

Finally, in updates and quick hits:

• I point out that the U.S.—EU transatlantic data deal is looking a lot like vaporware. That's a worry now that Ireland is on the verge of ordering Facebook to stop moving data across the Atlantic.
• Jane and I take a whack at predicting Elon Musk's Twitter bid. I argue that Musk may escape with less than $1 billion in penalties but for years he will be to mergers what Google is to new digital products.
• And, finally, some modest good news on Silicon Valley's campaign to suppress politically incorrect speech.  Last year, Twitter suspended former NYT reporter Alex Berenson for saying several true but inconvenient things about the covid vaccine (it doesn't stop infection or transmission, and it has side effects, all of which raise real doubts about the wisdom of mandating vaccinations for everyone). Berenson sued, and Twitter has now settled, unsuspending his account. The lawsuit had narrowed down the point where Twitter probably felt it could settle without creating a precedent, but any chink in Big Social's self-righteous armor is worth celebrating.

Download the 416th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.