Steptoe Cyberlaw Podcast, Episode #95: An Interview with Nick Weaver

We’re back from hiatus with a boatload of news and a cautiously libertarian technologist guest in Nick Weaver of the International Computer Science Institute in Berkeley.  To start Episode 95 of the podcast, Michael Vatis and I plumb the meaning of the Cyber Security Act’s passage.  The big news?  Apparently Santa is real, state laws prohibiting employer access to social media credentials may have been preempted, at least a bit, and ISPs just got new authority to monitor traffic to find bits that threaten other people.  Now if we could just find something useful to do with the defensive measures provision… 

Maury Shenk and Alan Cohn dig into the latest deal moving a new European data protection regulation forward – and the slow-motion disaster around the Safe Harbor. 

Maury and Michael note that the encryption debate just won’t stay dead, no matter how much Silicon Valley keeps pounding the stake into its heart.  In addition to the FBI, tech companies are seeing a whole bunch of new eyes gleaming in the dark – China’s new security law, Pakistan’s fight with Blackberry, the new UK legislation, and Brazil’s shot across Whatsapp’s bow.  In every case, government has crowded Silicon Valley hard for more cooperation on access to customer data – but without (quite) insisting on a built-in backdoor.   

Speaking of governments, Michael tells us that regulators closed 2015 with a bang, with HIPAA, COPPA, and order-enforcement fines up to $100 million.  And Alan points to the CFTC’s new testing rules, which I contend may have smuggled something close to strict security liability into the Federal Register.   

Michael brings us up to date on the never-ending turmoil over what access in excess of authorization means under the CFAA.  None of us are surprised that courts think it includes access in violation of a court order. 

The interview with Nick Weaver explores the charms and evils of bulk surveillance, not to mention its inevitability.  Nick analyzes the two Silicon Valley business models – which he shorthands as selling shiny stuff and selling people’s souls.  (Guess which model he disapproves of.)  Which leads us to the question of tracking terrorists as though we wanted to sell them beheading videos.  Call it Son of 702.  Which leads me to ask how soon it will be before the government blocks the sale of an online ad network to China on national security grounds. 

As always, the Cyberlaw Podcast welcomes feedback.  Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. 

Download the ninety-fifth episode (mp3). 

Subscribe to the Cyberlaw Podcast here. We are also now on iTunes and Pocket Casts! 

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.