Steptoe Cyberlaw Podcast, Episode #46: An Interview with Shane Harris

Our interview focuses on Shane Harris and his new book, @War:  The Rise of the Military-Internet Complex.   It’s a good read and a good book, marred by the occasional deployment of easy lefty tropes – government contractors are mercenaries, the military sees war as an opportunity to expand turf, cybersecurity is a threat to privacy, anonymity is all about rights, etc.  But Harris is first and foremost a storyteller, and his zeal for the story is far more important to him than ideology.  When he tells the story of the guys who used cybertactics to break al Qaeda in Iraq during the surge, or of the banks’ cyberbattle with Iran, he lets the reader decide who to root for. We talk about some of the more surprising stories that Harris tells, including:

• The (contested) claim that Chinese hackers caused a large Florida blackout by mistake
• The mismatch between an estimated 300-1000 US government hackers and China’s estimated 20 thousand  (A land war in Asia could be coming to a network near you)
• Harris’s controversial suggestion that the banks may be assembling their own zero-day exploits in preparation for a hackback campaign against Iran
• The possibility that foreign governments systematically compromised the networks of American natural gas pipeline companies in preparation for an attack – and whether we’d even know when cyberweapons had been used

In our news roundup, we start with This Week in NSA, but the latest Intercept story on NSA and cell phone interception is so boring and opaque it’s practically encrypted.   So we switch to This Week in GCHQ.   At the suggestion of a listener, we mine the UK parliamentary report on the killing of a soldier on the streets of London for lessons about the need for MLAT reform in the United States. Verizon escapes an FTC investigation without an eternal oversight regime.  Why?  Because of its aggressive effort to cure a security flaw or because the FTC realized it had overreached?  You be the judge. We unpack the judicial decision refusing to dismiss bank claims against Target for its credit card breach, raise questions about a Boston hospital’s surprisingly cheap settlement of a privacy case arising from a stolen laptop.  And then dive into the biggest breach case of the year, maybe the decade:  Sony.  We think North Korea did the hack, and the lack of a US response could have bad consequences for the country.  Among other things, the only bad guys we’ll ever see in future movies are Serbs.  And US government officials, of course. We remind everyone that the Podcast welcomes feedback, either by email (CyberlawPodcast@steptoe.com) or voicemail (+1 202 862 5785).