The crypto wars return to The Cyberlaw Podcast in episode 201, as I interview Susan Landau about her new book on the subject, Listening In: Cybersecurity in an Insecure Age. Susan and I have been debating each other for decades now, and this interview is no exception.
In the news roundup, Brian Egan and Nick Weaver join me for the inevitable mastication of the Nunes memo. (My take: the one clear scandal here is the way Glenn Simpson and Chris Steele treated the US national security apparatus, including the national security press, as just another agency to be lobbied – and the success they had in milking it for partisan advantage and private profit.)
Meanwhile, if you needed a reminder of just how enthusiastically and ham-handedly China conducts its espionage, just ask the African Union, whose Chinese-built headquarters is pwned from top to bottom.
Brian lays out a significant Ninth Circuit Anti-Terrorism Act case absolving Twitter of liability for providing “material assistance” to ISIS by requiring a more direct relationship between Twitter’s acts and the harm suffered by the private plaintiffs. Not a surprise, but a relief for Silicon Valley.
Nick fulminates about the security threat posed by a sophisticated recent malvertising campaign and wonders when enterprises will start requiring ad blockers on corporate internet software. In a related story, we wonder how much incentive Twitter really has to kill off its armies of fake followers.
You know you’ve missed This Week in Sex Toy Security, so we bring it back to cover yet another internet-connected vibrator company trying to shake off a privacy class action. At least half of our audience will enjoy my stumbling effort to understand the appeal of the product.
Finally, as a sign that we’ve finally reached Peak Cybersecurity and Peak Privacy, both topics are ending up on the agendas of international trade negotiators. The EU says its privacy rules are untouchable in negotiations (although other countries’ overly protectionist data flow policies are fair game) and the NAFTA negotiators have reportedly agreed to add to NAFTA cyber security “principles” based on the NIST Cyber Security Framework.