The Cyberlaw Podcast: Illuminating Supply Chain Security

Stewart Baker
Tuesday, July 16, 2019, 5:46 PM

What is the federal government doing to get compromised hardware and software out of its supply chain? That’s what we ask Harvey Rishikof, coauthor of “Deliver Uncompromised,” and Joyce Corell, who heads the Supply Chain and Cyber Directorate at the National Counterintelligence and Security Center.

Published by The Lawfare Institute
in Cooperation With
Brookings

What is the federal government doing to get compromised hardware and software out of its supply chain? That’s what we ask Harvey Rishikof, coauthor of “Deliver Uncompromised,” and Joyce Corell, who heads the Supply Chain and Cyber Directorate at the National Counterintelligence and Security Center. There’s no doubt the problem is being admired to a fare-thee-well, and some evidence it’s also being addressed. Listen and decide!

In the News Roundup, Nate Jones and I disagree about the Second Circuit ruling that President Trump can’t block his critics on Twitter. We don’t disagree about that ruling, but I’m a lot more skeptical than Nate that it will be applied to that other famous Washington Twitter personality, Rep. Alexandria Ocasio-Cortez.

GDPR still sucks, but now it bites, too. Matthew Heiman explains just how bad the bite was for Marriott and British Airways.

Gus Hurwitz reprises how much—or little—we know about the FTC and Facebook. We won’t know much, he says, until we answer the question, “Where’s the complaint?”

Talk about hard supply chain issues. Congress banned Chinese surveillance cameras from the federal supply chain, but that turns out to be a lot different from, you know, actually getting rid of them.

For a change of pace, Gus and I rag on the U.S. Patent and Trademark Office (USPTO) for its petition that the Supreme Court overturn a Fourth Circuit ruling that adding “.com” to a generic term makes it trademarkable. You tell ‘em, USPTO! It’s not like adding “.com” to a word has the same creativity and distinctiveness as adding “i” in front of “phone” or “pod.”

Nate and I spar over whether Section 301 can be used to retaliate against France for its 3% digital tax.

Matthew tells us that the Trump administration isn’t sharing details on classified cyberattack rules with Congress, and after a modicum of mockery, we actually find ourselves agreeing with Congress’s demand to be briefed on the rules.

Finally, in quick hits, I flag the hypocrisy of those who claim to love the idea of privacy until it gets in the way of boycotting people they disagree with and the surprising ways that GDPR has enabled personal data breaches on an industrial scale.

Download the 272nd Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare