Steptoe Cyberlaw Podcast, Episode #30: An Interview with Richard Danzig

Wow, that was quick. I haven’t even turned on the air conditioning at home yet, and already we’ve done the last podcast of the summer.  The Steptoe Cyberlaw Podcast will go on hiatus for August and return after Labor Day!

This week in NSA: The Senate Judiciary Committee, the most anti-NSA of the Senate committees with jurisdiction over the agency, says that it has come up with a new version of the section 215 reform bill passed by the House.  Chairman Leahy says his draft does a better job of protecting privacy than the House bill, and privacy activists agree. Ordinarily that would mean it’s worse for security, but based on press reports, the bill may actually be an improvement on the lame “selection term” menu proposed by the House. (And, now that I’ve seen the Leahy bill, that prediction turns out to be right; its definition of “specific selection term” is much more workable.)

Looking distinctly like the proprietor of a fireworks display whose finale fizzled, Glenn Greenwald strains ever harder to find outrage in the quotidian.  NSA, he discloses, has a limited intelligence sharing arrangement with Saudi Arabia.  The Saudis, of course, have a lot of terrorists and jihadists, some of whom have also attacked the United States (Osama bin Laden, to name one).  But none of that matters to Greenwald, who seems to think we should learn about terrorists only from countries with no human rights violations.

The effort to cripple NSA’s overseas intelligence collection program almost as thoroughly as its section 215 program has picked up four Senators – Tester, Begich, Merkley, and Walsh, who send a letter to that effect.

In other news: Sony settles its traumatic, service-suspending hack for $15 million worth of free stuff for users.  Hats off to Sony’s GC, who struck a brilliant deal.

The 9/11 Commission issues a soft endorsement of “direct action” by private parties who are hacked. Stewart Baker celebrates.

The phenomenon of dueling celebrity magistrates continues.  Is this the first time someone outside of the FISC has felt obliged to write an opinion granting a search warrant?  How sad is that?

Vladimir Putin signs legislation to keep Russian data in Russia.  And the Russian government offers a bounty for attacks on the TOR network.

The Washington Post tells us that the FBI “Going Dark” is real, quoting our own Jason Weinstein.   We’re sure there’s a drinking game to be built around the President’s plan to talk about drone privacy, but we’re not imaginative enough to find it.  And Congress votes to end DMCA protection for locked cell phones.

Our guest for the day is the eminent Richard Danzig, former Secretary of the Navy, and a defense intellectual’s defense intellectual.  Richard has at last turned his attention to cyber insecurity, with a paper entitled “Surviving on a Diet of Poisoned Fruit.”

Richard’s view is that we can’t treat cyber insecurity as a technical problem, or assume that there are technical solutions.  He advocates for limiting the use of digital technology when it comes to managing critical national security systems, and he defines critical national security assets in a refreshingly direct way.  If the deliberate crashing of a digital system could dissuade the US government from pursuing its national security interests, that system is critical to national security. Stewart wonders if we aren’t already past that point.

Richard argues for international norms limiting cyberattacks, focusing on those that would destabilize mutual assured nuclear destruction.  Stewart expresses doubts about the durability and verifiability of such norms.  We agree on the need for deterrence but not on the mechanisms.

It’s a great workout for cybersecurity wonks, and a good way to ease into Richard’s thoughtful paper.