Congressional Session of the Living Dead

Gus Hurwitz brings us up to speed on major tech bills in Congress. They are all dead. But some of them don't know it yet.

The big privacy bill, American Data Privacy and Protection Act, was killed by the left, but I argue that it's the right that should be celebrating, since the bill would have imposed race and gender preferences all across the economy, and the GOP members who supported the measure in the House were likely sold a bill of goods by industry lobbyists.

The big antitrust bill, American Innovation and Choice Online Act, is also a zombie, Gus argues, lurching undead toward the Senate floor but unlikely to muster the GOP votes needed to pass, mainly because content moderation has become a simple partisan issue: the GOP wants less (or fairer) moderation, Dems want more of what Silicon Valley has been dishing out for the past few years. If the bill doesn't produce viewpoint competition in the tech sector, it offers nothing for the GOP, and industry lobbyists are happily driving wedges into that divide.

The same divide also caused a stutter in the bill allowing newspapers to bargain collectively with the big platforms. It may make it to the floor, but it's already losing body parts.

Meanwhile, the White House is having a weirdly inconclusive "listening session" that might better have been called a "talking but not really proposing anything session."

When Iran launched a wiper attack on Albania because of its harboring of Mujahedin-e-Kalq, Albania broke relations with Iran and the U.S. promised consequences. In fact, all the U.S. seems to have done is impose meaningless sanctions on the already-sanctioned Iranian spy ministry. What was Iran's response? A second cyberattack on Albania. Nate Jones runs down the story. Jamil Jaffer and I question whether governmental sanctions on foreign intelligence agencies, which never promised much, are now delivering an appearance of haplessness and not of strength.

Jamil and I dwell on the criminal trial of Joe Sullivan for how he handled some hackers who got access to personal data stored by Uber. He was the chief security officer, and he decided to pay the hackers a bug bounty in exchange for their promising to destroy the data. That allowed Uber to avoid treating (and reporting) the incident as a breach. Creative lawyering or too creative by half? I could go either way, but calling it obstruction of justice and wire fraud seems like a reach. Nonetheless, that's what the Justice is charging in a case that opened last week. It is heavily politicized, and all the politics – corporate and governmental – line up against Sullivan. Whether the jury will do the same is another question. Meanwhile, everyone from other CISOs to former New York Times reporter Nicole Perlroth are questioning the prosecution's merits and warning of its likely consequences. However the case comes out, I predict that the biggest loser will be the FBI, which will never again get the kind of welcome from CISOs that it has in more innocent days.

Jamil critiques Apple's decision to support China's chip industry with new orders – and its claim that the chips it puts in its phones for the China market will stay in China.

The sanctions on Tornado Cash come back to the podcast for the second week in a row, Nate tells us, this time as litigation. Coinbase is funding an APA and constitutional challenge to Treasury's sanctioning of a pile of code rather than a person or entity. My money is on the Treasury winning in the end.

In quicker hits,

• Nate and I talk about the many cryptocurrency policy papers coming out of the administration these days. Treasury plans to warn the White House that cryptocurrency needs regulation. And the White House science office thinks proof-of-work crypto mining is warming the planet unnecessarily.
• Gus and I wonder out loud whether Lina Khan's Federal Trade Commission has a fatal case of "eyes bigger than stomach."
• Nate covers the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) request for public feedback on its mandatory incident reporting rule.
• Gus and I note new criticism of the EU's AI Act.
• Gus also lays out the opening round in what could turn out to be an important Justice Department case trying to end Google's large payments to be the default search engine on popular platforms like the iPhone.

Download the 421st Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.