You can't spell INFOSEC without the SEC

In a law-packed Cyberlaw Podcast episode, Chris Conte walks us through the long, detailed, and justifiably controversial SEC enforcement action against SolarWinds and its top infosec officer, Tim Brown. It sounds as though the SEC's explanation for its action will (1) force companies to examine and update all of their public security documents, (2) transmit a lot more of their security engineers' concerns to top management, and (3) quite possibly lead to disclosures beyond those required by the SEC's new cyber disclosure rules, at the risk of alerting network attackers to what security officials know about them in something close to real time.

Jim Dempsey does a deep dive into the administration's executive order on AI, adding details not available last week when we went live. It's surprisingly regulatory, while still trying to milk jawboning and public-private partnership for all they're worth. The order more or less guarantees a flood of detailed regulatory and quasiregulatory initiatives for the rest of the President's first term. Jim resists our efforts to mock the even-more-in-the-weeds OMB guidance, saying it will drive federal AI contracting in significant ways. He's a little more willing, though, to diss the Bletchley Park announcement on AI principles that was released by a large group of countries. It doesn't say all that much, and what it does say isn't binding. So if you missed it, you didn't really miss much.

David Kris covers the Supreme Court's foray into cyberlaw this week – oral argument in two cases that ask when politicians can block people from their social media sites. This started as a Trump issue, David reminds us, but it has lost its predictable partisan valence, so now it's just a surprisingly hard constitutional controversy that, as Justice Elena Kagan almost said, left the Supreme Court building littered with first amendment rights.

Finally, I drop in on Europe to see how that Brussels Effect is doing. Turns out that, after years of huffing and puffing, the privacy bureaucrats are finally dropping the hammer on Facebook's personal-data-fueled advertising model. In a move that raises doubts about how far from Brussels the Brussels Effect will reach, Facebook is changing its business model, but just for Europe, where kids won't get ads and grownups will have the dubious option of paying about ten bucks a month for Facebook and Insta. Another straw in the wind: Ordered by the French government to drop Russian government news channels, YouTube competitor Rumble has decided to drop France instead.

Download 480th Episode (mp3)

And in recognition of the week's focus on international AI regulation, Cybertoonz explains what's really going on in Bletchley Park:

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets