Still trying to dig out from under our hiatus backlog, we devote episode 80 to our regulars. We’ll bring back a guest next week. This week it’s a double dose of Jason Weinstein, Michael Vatis, Stewart Baker, and Congress-watcher Doug Kantor.
Michael offers an analysis of the Second Circuit’s oral argument in the Microsoft lawsuit over producing data stored in Ireland. The good news: it was a hot bench, deeply engaged, that let oral argument go to triple the usual length. The bad news for Microsoft: by far the hottest member of the panel was Judge Lynch, who made no secret of his deep opposition to Microsoft’s arguments.
I offered a skeptical view of the US-EU umbrella “deal” on exchange of law enforcement data and the “Judicial Redress Act” that Congress seems ready to rush through in support of the agreement. The problem? It looks as though DOJ sold out the rest of government and much of industry. Justice promised to make the one change in US law the EU wants, granting Europeans a right of action under the Privacy Act, in exchange for, well, pretty much nothing except a bit of peace of mind for DOJ. Since the EU is more a receiver than sender of data, it already has a lot of leverage in data exchanges and there haven’t been many attempts to thwart the exchange of strictly criminal evidence. What the US really wants is for the EU to stop threatening the Safe Harbor, to stop penalizing US companies to pressure the US government about its use of data, and to guarantee that it isn’t holding the US to higher privacy standards than it imposes on EU governments. The DOJ-led negotiations got none of those concessions. And I’m willing to bet that the EU didn’t even give up the right to bitch, moan, and cut off data flows in the future if it doesn’t like how the umbrella applies. (On top of everything, the agreement is still under wraps, so the rush to praise and implement it is particularly imprudent.)
Michael and Jason deliberate on why Justice would obtain a text intercept order for Apple and then not react to the utterly predictable claim by Apple that it had no way to implement such an intercept. We note the further irony of Apple simultaneously defying the US government on privacy grounds while rushing to comply with Russia’s anti-privacy localization law.
The administration seems unable to impose sanctions on China’s cyberattackers or to stop talking about imposing sanctions on China’s cyberattackers. Sounds like a job for Stewart Baker! I offer my proposed sanctions for the Github attack, already laid out in detail here and here.
One barrier to sanctions may be the fear of hitting the wrong target, and in that regard, the Justice Department is wearing a full coat of egg after dropping its indictment of a purported Chinese spy amid allegations that it had simply misunderstood the technology in question.
Doug Kantor offers a detailed and surprisingly upbeat assessment of the information-sharing bills’ chances for passage later this year. We also alert defense contractors to an expanded breach disclosure obligation.
And, finally, we decide to crowdsource the decision whether to keep our current theme music or to adopt one of three challengers. One of the candidates gets a heart-tugging endorsement from Jason that you’ll have to listen to the podcast to hear. Here’s the link to listen and vote for your favorite: www.steptoe.com/cybermusic.