Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would be rolling out technical measures to defeat the intrusion. But when China injects malware into 2% of all the computers whose queries cross into Chinese territory, no one says boo. Not the US government, not CDT or EFF, and not the big browser companies. That’s the lesson I draw from episode 88 of the podcast, featuring an in-depth discussion of China’s Great Cannon with Adam Kozy and Johannes Gilger of Crowdstrike. They expand on their 2015 Blackhat talk about China’s deployment of Great Firewall infrastructure to hijack American and Taiwanese computers and use them in a DDOS attack against Github.
China’s first internet email, in 1987, said “Across the Great Wall we can reach every corner of the world.” And boy, did they mean it. The question now is what the other corners of the world are going to do about it.
In other news, Michael Vatis covers the latest Safe Harbor developments, as the European Commission releases a statement saying, more or less, that American companies can expect years of litigation over the adequacy of US privacy law. Remarkably, that’s meant to be good news.
Speaking of dubious European claims to offer good news, Michael and I note that the UK deputy data protection commissioner has announced with pride that the Right to Be Forgotten hasn’t actually “stopped the internet working.” So far; but the net is young.
I summarize an earlier blog post claiming that the crypto wars are over and USTR has handed Jim Comey a loss while Mary Jo White gets a win. This because the Trans-Pacific Partnership trade deal included language prohibiting members from demanding encryption keys for most purposes other than financial regulation. I also acknowledge a significant caveat drawn to my attention by Simon Lester of Cato: Despite the TPP, a member is free to adopt any measure “that it considers necessary for … the protection of its own essential security.” If Jim Comey’s lawyers can’t squeeze his key access proposals into that provision, the “essential security” of their jobs is seriously at risk.
As always, the Cyberlaw Podcast welcomes feedback. Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.