Our guest for the week, Paul Rosenzweig, is as knowledgeable as anyone about cybersecurity and intelligence law. He blogs on the topics for Lawfare, writes for the Homeland Security Institute, consults for Red Branch Consulting, and lectures for the Great Courses on Audible.
So this week we let him comment on the stories of the week, as well as dig into ICANN, which spares the rest of us from having to learn more about that institution. This he does, admirably, making the case for a slow and conditional transition of ICANN to an alternative governance structure. Don’t miss his just-released paper on the topic for the Heritage Foundation.
Meanwhile, NSA news is blessedly sparse this week. A federal judge in San Francisco announced that she was not willing to take the Justice Department’s word that several FOIA’d FISA court opinions cannot be partially declassified and demanded that they be produced for in camera inspection.
Meanwhile, China is making plenty of news, none of it good for China’s government. Crowdstrike outs another PLA hacker by name (not to mention his picture and his personal blog). Paul describes his lunch with Chinese embassy staff and their tone-deaf claim that the US government needs to provide more information about alleged Chinese hacking. The DoD authorization bill is due to add a few more provisions tightening restrictions on China’s IT sector. And China earns an early Privy nomination for charging dissenters with privacy violations, a practice about which privacy groups and the European Union have been unaccountably silent.
Michael Vatis explains Microsoft’s legal objections to getting a warrant for other people’s data stored in Ireland – and the amicus brief that he just filed in support of Microsoft. In other fourth amendment news, Wi-Fi moochers have no expectation of privacy, but how to treat location data stored by cell phone companies continues to drive the federal courts to distraction, as Judge Sentelle travels south to vindicate his lower court opinion in Jones.
I talks about a study that Jim Lewis of CSIS and I unveiled last week on the cost of cybercrime — $445 billion globally, if you’re keeping track.
Jason explains why the entire class data breach class action bar may move en masse to West Virginia. And the FCC catches up to the FTC and SEC in cybersecurity “nudge” regulation.