The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

Phony cybersecurity regulation

Episode 441 of the Cyberlaw Podcast


This episode of the Cyberlaw Podcast is dominated by stories about possible cybersecurity regulation. David Kris points us first to an article by the leaders of the Cybersecurity and Infrastructure Security Administration (CISA) in Foreign Affairs. Jen Easterly and Eric Goldstein seem to take a tough line on "Why Companies Must Build Safety Into Tech Products." But for all the tough language, one word, "regulation," is entirely missing from the piece. Meanwhile, the cybersecurity strategy that the White House has reportedly been drafting for months seems to be hung up over how enthusiastically to demand regulation.

All of which seems just a little weird in a world where Republicans hold the House. Regulation is not likely to be high on the GOP to-do list, so calls for tougher regulation are almost certainly more symbolic than real.

Still, this is apparently the week for symbolic calls for regulation. David also takes us through an National Telecommunications and Information Administration (NTIA) report on the anticompetitive impact of Apple's and Google's control of mobile app markets. The report points to many problems and opportunities for abuse inherent in the two companies' headlock on what apps can be sold to phone users. But, as Google and Apple are quick to point out, the stores do play a role in regulating app security, so breaking the headlock could be bad for cybersecurity. In any event, practically every recommendation for action in the report is a call for Congress to step in – and thus almost certainly a nonstarter for reasons already given.

Not to be outdone on the phony regulation beat, Jordan Schneider and Sultan Meghji explore some of the policy and regulatory proposals for AI that have been inspired by the success of ChatGPT. The EU's AI Act is coming in for lots of attention, mainly from parts of the industry that want to be exempted. Sultan and I trade observations about who'll be hollowed out first by ChatGPT, law firms or investment firms.

In other news, Sultan also tells us why the ION ransomware hack matters. Jordan and Sultan find a cybersecurity angle to The Great Chinese Balloon Scandal of 2023. And I offer an assessment of Matt Taibbi's story about the Hamilton 68 "Russian influence" reports. If you have wondered what the fuss was about, do not expect mainstream media to tell you; the media does not come out looking good in this story. Unfortunately for Matt Taibbi, he doesn't look much better than the reporters his story criticizes. David thinks it's a balanced and moderate take on the story, for which I offer an apology and a promise to do better next time.

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.