Steptoe Cyberlaw Podcast, Episode #88: An Interview with Adam Kozy and Johannes Gilger

Stewart Baker
Thursday, November 12, 2015, 11:29 AM

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would be rolling out technical measures to defeat the intrusion. But when China injects malware into 2% of all the computers whose queries cross into Chinese territory, no one says boo.

Published by The Lawfare Institute
in Cooperation With
Brookings

Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would be rolling out technical measures to defeat the intrusion. But when China injects malware into 2% of all the computers whose queries cross into Chinese territory, no one says boo. Not the US government, not CDT or EFF, and not the big browser companies. That’s the lesson I draw from episode 88 of the podcast, featuring an in-depth discussion of China’s Great Cannon with  Adam Kozy  and  Johannes Gilger  of  Crowdstrike. They expand on their 2015 Blackhat talk about China’s deployment of Great Firewall infrastructure to hijack American and Taiwanese computers and use them in a DDOS attack against Github.

China’s first internet email, in 1987, said “Across the Great Wall we can reach every corner of the world.” And boy, did they mean it. The question now is what the other corners of the world are going to do about it.

In other news,  Michael Vatis  covers the latest Safe Harbor developments, as the  European Commission releases a statement  saying, more or less, that American companies can expect years of litigation over the adequacy of US privacy law. Remarkably, that’s meant to be good news.

Speaking of dubious European claims to offer good news, Michael and I note that the UK deputy data protection commissioner has  announced with pride that the Right to Be Forgotten hasn’t actually “stopped the internet working.”  So far; but the net is young.

I summarize an  earlier blog post  claiming that the crypto wars are over and USTR has handed Jim Comey a loss while Mary Jo White gets a win. This because the  Trans-Pacific Partnership trade deal  included language prohibiting members from demanding encryption keys for most purposes other than financial regulation. I also acknowledge a significant caveat drawn to my attention by Simon Lester of Cato: Despite the TPP, a member is free to adopt any measure “that it considers necessary for … the protection of its own essential security.” If Jim Comey’s lawyers can’t squeeze his key access proposals into that provision, the “essential security” of their jobs is seriously at risk.

As always, the Cyberlaw Podcast welcomes feedback.  Send an e-mail to  CyberlawPodcast@steptoe.com  or leave a message at +1 202 862 5785.

Download the eighty-eighth episode (mp3).

Subscribe to the Cyberlaw Podcast here. We are also now on  iTunes  and  Pocket Casts!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare