The Volokh Conspiracy
Mostly law professors | Sometimes contrarian | Often libertarian | Always independent
The Empire Strikes Back, at Elon
Episode 431 of the Cyberlaw Podcast
The Cyberlaw Podcast leads with the growing legal cost of Elon Musk's anti-authoritarian takeover of Twitter. Turns out that authority figures have a mean streak, and a lot of weapons, many grounded in law, as Twitter is starting to learn. Brian Fleming explores one of them -- the apparently unkillable notion that the Committee on Foreign Investment in the U.S. (CFIUS) should review Musk's Twitter deal because of a relatively small share that went to investors with Chinese and Persian Gulf ties. CFIUS may in fact be seeking information on what Twitter data those investors will have access to, but I am skeptical that CFIUS will be moved to act on what it learns. More dangerous for Twitter and Musk, says Charles-Albert Helleputte, is the possibility that the company will lose its one-stop-shop privacy regulator for failure to meet the elaborate compliance machinery set up by European privacy bureaucrats. At a quick calculation, that could expose Twitter to fines up to 120% of annual turnover. That would smart. Finally, I reprise my take on all the people leaving Twitter for Mastodon as a protest against Musk allowing the Babylon Bee and President Trump back on the platform. If the protestors really think Mastodon's system is better, there's no reason Twitter can't adopt it, or at least the version that Francis Fukuyama and Roberta Katz have proposed.
If you are looking for the far edge of the Establishment's Overton Window on China policy, you cannot do better than the U.S.-China Economic and Security Review Commission, a consistently China-skeptical but mainstream body. Brian reprises the Commission's latest report. Its headline is about Chinese hacking, but the report does not offer much hope of a solution to that problem, other than more decoupling.
Chalk up one more victory for Trump-Biden continuity, and one more loss for the State Department. Michael Ellis reminds us that the Trump administration took much of Cyber Command's cyber offense decisionmaking out of the National Security Council and put it back in the Pentagon. This made it much harder for the State Department to stall cyber offense operations. When it turned out that this made Cyber Command more effective and no more irresponsible, the Biden Administration followed its predecessor's lead, preparing a memo that will largely ratify Trump's order, with a few tweaks.
I unpack Google's expensive (nearly $400 million) settlement with 40 States over location history. Google's promise to its users that it would stop storing location history if the feature was turned off was poorly and misleadingly drafted, but I doubt there is anyone who actually wanted to keep Google from using location for most of the apps where it remained operative, so the settlement is a good deal for the states, and a reminder of how unpopular Silicon Valley has become in red and blue states alike.
Michael tells the doubly embarrassing story of an Iranian hack of the U.S. Merit Systems Protection Board. It is embarrassing enough for the board to be hacked using a log4j exploit that should have been patched long ago. But it is worse that an Iranian government hacker got access to a U.S. government network – and decided that its access is best used for mining cryptocurrency.
Brian tells us that the U.S. goal of reshoring chip production is making progress, with Apple planning to use TSMC chips from a new fab in Arizona.
In a few updates and quick hits:
- I remind listeners that a lot of tech companies are laying employees off, but that overall Silicon Valley employment is still way up over the past couple of years.
- I update the mess at cryptocurrency exchange FTX, a mess which just keeps getting worse.
- Charles updates us on the next U.S.-E.U. adequacy negotiations, and the prospects for Schrems 3 (and 4, and 5) litigation.
- And I sound a note of both admiration and caution about Australia's plan to "unleash the hounds" – in the form of its own Cyber Command equivalent – on ransomware gangs. As U.S. experience reveals, it makes for a great speech, but actual impact can be hard to achieve.
Download the 431st Episode (mp3)
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Show Comments (76)