Episode 65 would be ugly if it weren’t so much fun. Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility.
The news roundup covers Congress’s debate over NSA and section 215. The House is showing a dismaying efficiency in moving bad bills while the Senate is mired in what may turn out to be more productive confusion (see, e.g., S. 1035 and S. 1123).
We unpack the Supreme Court’s grant of certiorari in Spokeo.
A new and troubling development in cyber insecurity was demonstrated by the malware Cryptowall, which infected readers of the Huffington Post via ads for Hugo Boss, then encrypted the readers’ hard drives and held their data for ransom. We ask whether the ad networks or even the web publishers will eventually be held liable for transmitting the infected ads via HuffPo ads for Hugo Boss. The Senate Homeland Security Committee wrote a report on malvertising risks and liabilities last year that concludes with the view that liability couldn’t be established because none of the participants in the online advertising industry is directly responsible for the harm. I think the Senate Homeland Security committee has never litigated in the Eastern District of Texas.
In quick news, Goldman’s “Flash Boy” has been convicted again. The FCC says it doesn’t regulate Stingrays, except to require FBI approval for purchasers. The US and Japan deepen their cyber defense relationship, and Prime Minister Abe gets standing O for calling out (shh! Chinese) cybertheft of IP. And DOJ releases cybersecurity guidance that is surprisingly good – but for what I call its fatally flawed view of hacking back (at least that’s what I meant when I called the authors “jackasses”).