The Cyberlaw Podcast: “The First Thing We Do, Let’s Hack All the Lawyers”

Dave Aitel introduces a deliciously shocking story about lawyers as victims and—maybe—co-conspirators in the hacking of adversaries’ counsel to win legal disputes. The trick, it turns out, is figuring out how to benefit from hacked documents without actually dirtying one’s hands with the hacking. And here too, a Shakespearean Henry (II this time) has the answer: hire a private investigator and ask “Will no one rid me of this meddlesome litigant?” Before you know it, there’s a doxing site full of useful evidence on the internet.

But first Dave digs into an intriguing but flawed story of how and why the White House ended up bigfooting a possible acquisition of NSO by L3Harris. Dave spots what looks like a simple error, and we are both convinced that the New York Times got only half the story. I suspect the White House was surprised by the leak, popped off about how bad an idea the deal was, and then was surprised to discover that the intelligence community had signaled interest. 

That leads us to the reason why NSO has continuing value – its ability to break Apple’s phone security. Apple is now trying to reinforce its security with the new, more secure and less convenient, lockdown mode. Dave gives it high marks and challenges Google to match Apple’s move. 

Next, we dive into the U.S. effort to keep Dutch firm ASML from selling chip-making machines to China. Dmitri Alperovich makes a special appearance to urge more effective use of export controls; he and Dave both caution, however, that the U.S. must impose the same burdens on its own firms as on its allies’.

Jane Bambauer introduces the latest government proposal to take a bite out of crime by taking a bite out of end-to-end encryption (“e2e”). The U.K. has introduced an amendment to its pending online safety bill that would require regulated user-to-user services to identify and swiftly take down terrorism and child sex abuse material. The identifying isn’t easy in an e2e environment, Jane notes, so this bill could force adoption of the now-abandoned Apple proposal to do local scanning on your phone. I’m usually a cheap date for crypto-skeptical laws, but I can’t help noticing that this proposal will stir up 90 percent as much opposition as requiring companies to be able to intercept communications when they get a court order while it probably addresses only 10 percent of the crimes that occur on e2e networks.

Jane and I take turns pouring cold water on journalists, NGOs, and even Congress for their feverish effort to turn the Supreme Court’s abortion ruling into a reason to talk about privacy. Dumbest of all, in my view, is the claim that location services will be used to gather evidence and prosecute women who visit out of state abortion clinics. As I point out, such prosecutions won’t even muster five votes on this Court.

Dave spots another doubtful story about Russian government misuse of a red team hacking tool. He thinks it’s a case of a red team hacking tool being used by … a red team. 

Jane notes that Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has announced a surprisingly anodyne (and arguably unnecessary) post-quantum cryptography initiative.  I’m a little less hard on DHS, but only a little.

Finally, in updates and quick hits:

• I point out that the U.S.-EU transatlantic data deal is looking a lot like vaporware. That’s a worry now that Ireland is on the verge of ordering Facebook to stop moving data across the Atlantic.
• Jane and I take a whack at predicting Elon Musk’s Twitter bid. I argue that Musk may escape with less than $1 billion in penalties but for years he will be to mergers what Google is to new digital products.

And, finally, some modest good news on Silicon Valley’s campaign to suppress politically “incorrect” speech. Twitter suspended former NYT reporter Alex Berenson for saying several true but inconvenient things about the coronavirus vaccine (it doesn’t stop infection or transmission, and it has side effects, all of which raises real doubts about the wisdom of mandating vaccinations). Berenson sued and Twitter has now settled, unsuspending his account. The lawsuit had narrowed down the point where Twitter probably felt it could settle without creating a precedent, but any chink in Big Social’s armor is worth celebrating.

Download the 416th Episode (mp3) 

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.