Ten pounds of cyberlaw in a five pound sack

Last week saw the end of all cyberlawsuits which were not filed or resolved over Thanksgiving. We are still working on it. However, before I go on with this story, Dave Aitel needs to be checked for his sanity regarding Log4Shell. Is it truly worth a 10/10 for its impact? What does this mean for the many open-source components that are buried within our enterprise software? Dave has one piece of positive news. Some big projects had gotten so far behind on updates they didn’t have the ability to fix it yet.

Turning to the first of several lawsuits covered in this episode, Jamil Jaffer and I praise Google for a particularly comprehensive and creative approach to suing cybercriminals. RICO plus a boatload of computer privacy violations are at the heart of Google’s complaint against two criminals who created the Glupteba botnet. They deserve to be credited for their creativity using blockchain technology to rebuild their C2 infrastructure. If more criminals did that, Microsoft’s trademark approach – using trademark violations to seize botnet infrastructure – would be less effective. Microsoft was able to use trademark litigation this week to downroot a Chinese government network. It is wrong to say that Microsoft uses this tactic for so many years that botnets have been inconvenienced and not destroyed.

Maury Shenk examines the amazing report that Apple CEO Tim Cook claimed promised China $275 Billion in investments. This was five years ago. Secretly. It’s all being revealed now that he has delivered. If Congress does finally pass the bill to report cyber incidents that it has just pushed from the defense authorization act it might want to consider multibillion-dollar deals with Communist China to be classified as cyber incidents that should be reported to the U.S government.

The Tenth Circuit finished its Thanksgiving by releasing a massive opinion upholding the constitutionality of Section 702 of FISA. Jamil Jaffer played an important role in Section 702’s adoption. We will be walking through Jamil Jaffer’s decision. It was 2-1. However, it does not address the core question. The main issue was Article III. FISA court opinions are advisory and can be used to review the procedures of intelligence agencies under Section 702. While I sympathize with the dissident, it was difficult for me to see how the defendant could bring down this structure.

Dave discusses why Tor is not as secure as it seems. Unknown and most likely, state-sponsored actor. hundreds of malign Tor relays. To make matters worse, the actor actively participates in Tor community discussions and lobbying for changes to malicious Tor relays.

Jamil explains how cyberlitigation works. A Saudi women’s rights activist has brought a CFAA lawsuit against DarkMatter and its expat American employees for an iPhone hack that she says got her arrested. I’m a little skeptical that the lawsuit will survive a Foreign Sovereign Immunities Act motion.

Maury and I question the wisdom of a recent Italian fine penalizing Amazon over a billion euros, mainly for preferencing sellers who sign up for Prime logistics

Dave shares the tragic story of Ilya Sachkov (a Russian cybersecurity genius and CEO) who believed that cybersecurity was a white-hat business. He may have tried to identify the attackers of 2016 DNC, but he is being charged with Russian treason.

Maury notes that the U.S. decision to blacklist SenseTime, the Chinese AI company, was carefully timed to guarantee disruption of SenseTime’s IPO. Maury believes that U.S. actions will not be merely a delay tactic.

Maury notes that Wikileaks founder Julian Assange has lost an important battle as he fights extradition to the U.S. And Jamil notes that the cyber incident reporting bill didn’t make it into the defense authorization act, as mentioned earlier. He is one of the few cybersecurity buffs who isn’t especially disappointed.

Maury and I disagree about a much-ballyhooed group of companies claiming to combat A.I. Bias in hiring. I’ll believe it when they actually expose their recommendations to public scrutiny.

This is for those who believe that content moderation should not be biased left. Take ten minutes to watch this campaign video by the right-leaning candidate in France. Ask yourself, then, why YouTube thought the ad was not suitable for children. YouTube didn’t approve of the effectiveness, that was my guess.

Dave and I puzzle over the Biden administration’s unsatisfying `Initiative for Democratic Renewal’ – a big international get-together that got only cursory attention in the US, perhaps because its theme is still a little hard to find.

And, finally, just to give me an excuse to publicize my latest Cybertoonz comic, Jamil asks what it means for Western militaries to “impose a cost” on ransomware gangs.

Cyberlaw Podcast will be saying goodbye to 2021. In January, we will be back.

Listen to the 387th episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. The Cyberlaw Podcast welcomes feedback as always. Make sure you engage @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to We will give you the Cyberlaw Podcast Mug if your guest is on the show!

These podcasts are the views of the speaker and not those of their clients, institutions, friends, family, pets, or colleagues.