The Cyberlaw Podcast: If Paris Calls, Should We Hang Up?

Stewart Baker
Monday, November 19, 2018, 5:07 PM

Mieke Eoyang joins us for the interview about Third Way’s “To Catch a Hacker” report. We agree on the importance of what I call “attribution and retribution” as a way to improve cybersecurity. But we disagree on some of the details. Mieke reveals that this report is the first in a series that will hopefully address my concerns about a lack of detail and innovation in the report’s policy prescriptions.

Published by The Lawfare Institute
in Cooperation With
Brookings

Mieke Eoyang joins us for the interview about Third Way’s “To Catch a Hacker” report. We agree on the importance of what I call “attribution and retribution” as a way to improve cybersecurity. But we disagree on some of the details. Mieke reveals that this report is the first in a series that will hopefully address my concerns about a lack of detail and innovation in the report’s policy prescriptions.

Russia’s lawyers are almost as good as its hackers, to judge by a “letter” the Russian government sent in the DNC’s hacking case against Putin’s intelligence agents. Matthew Heiman and I conclude that the DNC is going to face an uphill fight trying to overcome Russia’s sovereign immunity arguments.

It’s not cybersecurity, but it is cyberhygiene. Never do a global “find and replace” on a sensitive court filing without making sure the “replace” part actually worked. That seems to be the failure that disclosed to the world that the U.S. has filed criminal charges against Julian Assange under seal. Maury Shenk comments.

“As an additional service to Alexa users, we will protect the privacy of anyone who murders you.” Okay, that’s an unfair summary of Amazon’s position on whether to release Echo recordings in a double murder case. In fact, it’s not the least surprising that Amazon wants a court order before handing over the recordings, if any, or that it got one, or that it seems to have complied promptly.

Dr. Megan Reiss explains the significance, if any, of the Paris Call for Trust and Security in Cyberspace, where more than 50 states and companies—the United States not among them—have signed onto a mostly Mom-and-apple-pie agreement on cyber principles.

Soft power update: Chinese-style social credit is coming to a Venezuela near you. Megan comments.

Sweet justice: California SWATter has pleaded guilty and now faces 20+ years in prison.

Looks like DHS finally made it, so I can stop talking about Congress approving the renaming of NPPD as the Cybersecurity and Infrastructure Security Agency.

And for the lightning round, Matthew confirms that remotely wiping your iPhone constitutes destruction of evidence; I note that Phineas Finn has officially gotten away with the doxing of Hacking Team; and Megan comments on yet another diversion of Western traffic through Russia and China. This time, though, we may have to blame the Nigerians.

Download the 240th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Pocket Casts, Google Play, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with Stewart on social media: @stewartbaker on Twitter and on LinkedIn. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested interviewee appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare