Our guest for Episode 50 of the Steptoe Cyberlaw Podcast is David Sanger, the New York Times reporter who broke the detailed story of Stuxnet in his book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. David talks about his latest story, recounting how North Korea developed its cyberattack network, and how the National Security Agency managed to compromise the network sufficiently to attribute the Sony attack. We talk about how understanding the White House helped him break a story that seemed to be about NSA and the FBI, North Korean hackers’ resemblance to East German Olympic swimmers, and the future of cyberwar.
Michael Vatis and I also cover a news-rich week, beginning with capsule summaries of the President’s State of the Union proposals for legislation on cybersecurity information sharing, breach notification, and Computer Fraud and Abuse Act amendments.
We touch on Europe’s new commitment to antiterrorism surveillance, which officially puts a still-Snowden-ridden United States out of step with just about every developed nation.
I try to summarize the new National Academy of Sciences study on why there isn’t an easy software substitute for bulk collection. (Short answer: If you want to recreate the past, you have to bulk-collect the present.)
We ask whether the DEA was the inspiration for NSA’s 215 bulk collection program, call out Rep. Sensenbrenner, who evidently skipped the DEA briefings as well as NSA’s, and wonder why Justice didn’t explain to Congress last year that NSA’s program wasn’t that big a leap from the Justice Department’s own bulk collection – instead of quietly trying to bury its program when the heat built up on NSA. (OK, we didn’t really wonder why Justice did that.)
If you judge by their joint press conference, Prime Minister Cameron seems to have done more to convert President Obama to skepticism about widespread unbreakable encryption than Jim Comey did. Save your Clipper Chips, key escrow will rise again!
Finally, Centcom’s public affairs team, which can’t keep ISIS sympathizers out of its Twitter and YouTube feeds, deserves 24 hours of deep embarrassment, which is surprisingly exactly what it gets.