The Cyberlaw Podcast: A Dispatch from the Great Tech Battlefront

Our first episode for 2023 features Dmitri Alperovitch, Paul Rosenzweig, and Jim Dempsey trying to cover a months’ worth of cyberlaw news. Dmitri and I open with an effort to summarize the state of the tech struggle between the U.S. and China. I think recent developments show the U.S. doing better than expected. U.S. companies like Facebook and Dell are engaged in voluntary decoupling as they imagine what their supply chain will look like if the conflict gets worse. China, after pouring billions into an effort to take a lead in high-end chip production, may be pulling back on the throttle. Dmitri is less sanguine, noting that Chinese companies like Huawei have shown that there is life after sanctions, and there may be room for a fast-follower model in which China dominates production of slightly less sophisticated chips, where much of the market volume is concentrated. Meanwhile, any Chinese retreat is likely tactical; where it has a dominant market position, as in rare earths, it remains eager to hobble U.S. companies.

Jim lays out the recent medical device security requirements adopted in the omnibus appropriations bill. It is a watershed for cybersecurity regulation of the private sector and overdue for increasingly digitized devices that in some cases can only be updated with another open-heart surgery.

How much of a watershed may become clear when the White House cyber strategy, which has been widely leaked, is finally released. Paul explains what it’s likely to say, most notably its likely enthusiasm not just for regulation but for liability as a check on bad cybersecurity. Dmitri points out that all of that will be hard to achieve legislatively now that Republicans control the House.

We all weigh in on LastPass’s problems with hackers, and with candid, timely disclosures. For reasons fair and unfair, two-thirds of the LastPass users on the show have abandoned the service. I blame LastPass’s acquisition by private equity; Dmitri tells me that’s sweeping with too broad a brush.

I offer an overview of the Twitter Files stories by Bari Weiss, Matt Taibbi, and others. When I say that the most disturbing revelations concern the massive government campaigns to enforce orthodoxy on COVID-19, all hell breaks loose. Paul in particular thinks I’m egregiously wrong to worry about any of this. No chairs are thrown, mainly because I’m in Virginia and Paul’s in Costa Rica. But it’s an entertaining and maybe even illuminating debate.

In shorter and less contentious segments:

• Dmitri unpacks the latest effort by Russian hackers to subvert the security of a Ukrainian web-based military information site. He thinks the Ukrainian ability to use the site despite Russian attacks may have lessons for NATO.
• Dmitri also sheds light (and not a little shade) on Chinese claims to have broken RSA with a quantum computer. 
• Jim updates us on TikTok’s travails and the ongoing debate over restricting its use in the United States.
• I point out that another black man has been arrested because of a facial recognition error—bringing the total of mistaken face-recognition arrests in the entire country over the past decade to four. All of which could have been avoided by police department policy. 
• On the other hand, I also identify a shocking abuse of facial recognition to oppress some of the most loathed people in America: Lawyers. Madison Square Garden, in what must be the dumbest corporate policy of the year, uses facial recognition to identify lawyers working for law firms that have ongoing lawsuits against the company. The apparent purpose, or at least the result, is to prevent lawyers from those firms from bringing Girl Scout troops to see the Rockettes. No problem; I am sure everyone would rather watch the ensuing litigation.
• I remind listeners that Trump's return to Facebook and Instagram could happen very soon.
• The EU has advanced Its transatlantic data deal with the US, though more thrashing about should be expected.

And I take a victory lap as Google acknowledges I was right about the reason ChatGPT beat Google’s AI bot to market: Even though ChatGPT gives a good Turing Test imitation of a sociopath with too many lawyers, Google is so afraid of reputational harm that it won’t release its own synthetic sociopath without saddling it with even more lawyers.

Download the Bonus 436th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.