Scarlett Johannsson finally makes an appearance on the Cyberlaw Podcast

This week, for the third time in succession, we are leading with cyber impacts of Russia’s invasion on Ukraine. Paul Rosenzweig comments on the most surprising thing about social media’s decoupling from Russia – how enthusiastically industry is pursuing the separation. Facebook allowing Ukrainians to threaten violence against Russian leadership and removing or factchecking Russian government and media posts. Not satisfied with this, the EU wants Google to remove Russia Today and Sputnik from search results. The US can’t take control of Facebook and Twitter infrastructure, I question. This would allow the Voice of America to reach Russian Twitter users and Facebook users that have been affected by the departure of the social giants. I like that idea more than anyone. Paul also notes that The Great Cyberwar that Never Was may still be a reality, and cites Ciaran’s Lawfare piece.

David Kris tells us that Congress has, after a few false starts, finally passed a cyber incident reporting bill, notwithstanding the Justice Department’s over-the-top tantrum in opposition. It makes me wonder if Congress should have gone through another edit cycle after passing the bill in haste because of the Ukraine conflict. The bill seems to set in place a 3 1/2-year reg-writing process that Cybersecurity and Infrastructure Security Agency, (CISA), can’t cut down.

Jane Bambauer and David unpack the first federal district court opinion to consider the legal status of “geofence” warrants. Such warrants are where Google gives data to police in phases about those whose phones were within close proximity of a crime scene at the time the crime occurred. Although Judge Hannah Lauck wrote a lengthy opinion, it is not satisfying. Orin Kerr is persuasive, as is so often the case.

Next, Paul Rosenzweig digs into Biden’s cryptocurrency executive order. He says it isn’t a “nothingburger” but more like a “processburger”. While nothing will actually happen on the ground for several months, the interagency machine will start to grind and it will most likely grind extremely fine sooner than later.

Jane and I draw lessons from WIRED’s “expose” on three wrongful arrests based on face recognition software –but not the lesson WIRED wanted us to draw. These arrests are not perfect and offer a disturbing view into what it is like to be charged with an innocent man. WIRED’s insistence on blaming face recognition for mistakes made by police officers that could have been prevented is not convincing.

David and I highly recommend Brian Krebs’s great series on what we can learn from leaked chat logs stolen from the Conti ransomware gang. The following insight is my favorite. Conti member who said, apparently when a company didn’t want to pay to keep its files from being published, “There is a journalist who will help intimidate them for 5 percent of the payout.” Our listeners might be able to crowdsource a search for journalists that fit the description. Do you know how many reporters are covering stories that go deep into doxxed database databases?

Paul and I spend a little more time than it deserves on an ICANN paper about ways to block Russia from the network. But I am inspired to suggest that the country code .su  — presumably all that’s left of the Soviet Union – be permanently retired. It’s not like anyone in the world would want it back.

In quick hits: