Live from RSA, it’s episode 104, with special guest Jim Lewis, CSIS’s renowned cybersecurity expert and Steptoe’s own Alan Cohn. We do an extended news roundup before an RSA audience that yields several good questions for the panel. We had invited Bruce Sewell, Apple’s General Counsel, to participate, but he didn’t show. So we felt no constraint as we alternately criticized and mocked Apple’s legal arguments for not providing assistance to the FBI in gaining access to the San Bernardino terrorist’s phone. We review the bidding on encryption on Capitol Hill and observe that the anti-regulatory forces have lost ground as a result of the fight Apple has picked. That leads into a discussion of China’s backdoors into the iPhone and Baidu’s role in compromising users of its products.
We pivot to the latest details on the unfortunately named Privacy Shield, which apparently is what you call a warmed-over Safe Harbor with a few dispute resolution tweaks. Jim Lewis speculates on whether Europe is likely to launch an effective attack on the US 702 program. I advance the theory that Europe is happy to hate US tech companies both for cooperating with law enforcement and for not cooperating with law enforcement. And as Brazil’s jailing of a Facebook executive shows, that sentiment is not confined to Europe.
In other news, North Korea’s hacking team has been pantsed in a recent Novetta report that strengthens the FBI’s attribution of the Sony attack – but raises questions about how effectively the administration has deterred continuing North Korean intrusions.
In response to a question about whether Apple could solve its legal problems by building a phone that Apple itself can’t update, I point out that no one wants an unpatchable phone that can’t accept security updates. Jim Lewis gives a quick update on his project to give advice to the next administration on cybersecurity. Jim, Alan, and I offer bets on how long it will take for Internet companies to be regulated for security..