In our 204th episode of The Cyberlaw Podcast, the team bumbles forward without Stewart Baker, who is spending the week racing his offspring down mountain slopes somewhere in Utah. Brian Egan and Jamil Jaffer begin by covering a few implications of Special Counsel Mueller’s indictment from Friday – the legal theories of the case and what the indictment does and doesn’t cover – as well as the follow-on false statement indictment against a former associate of a major law firm. In an amazing convergence of viewpoints, everyone, from Presidents Obama and Trump to Brian and Jamil – agrees that Russia appears to be winning, and the US is losing, on the topic of interference with US elections.
At the same time, the state secretaries of state gathered in Washington last week to discuss cybersecurity and US elections – coming in the face of a fairly damning report published by the Council on American Progress on shortcomings in US election-related cyber defenses. In light of these threats, we ponder whether a return to the old – paper ballots, or even the “mail only” approach that is operative in a few states, is better than an electronic ballot.
In other Russia-related news, Kaspersky turned to (literally) one of the oldest pages in the book – the Bill of Attainder clause in the US Constitution – in suing to block the application of a provision in the NDAA that prohibits federal agencies from using Kaspersky products. Jamil posits that the case seems less frivolous than may appear at first blush, while Brian muses about the history of Bill of Attainder litigation in the United States.
Finally, Jamil and Brian discuss the US and UK decision to attribute the NotPetya attack to Russia and the continued trend in the Obama and Trump Administrations to publicly identify perpetrators of state-sponsored cyber attacks (along with the risks inherent in this approach). Notwithstanding the NotPetya attribution, as well as a recent White House report on the increased economic costs of cyberattacks and Congressional hearings on data breaches, we explain why we believe it to be unlikely that Congress will pass federal data breach/data notification legislation any time soon.