With the U.S. and Europe united in opposing Russia’s attack on Ukraine, a few tough transatlantic disputes are being swept away – or at least under the rug. The most prominent issue is the resolution of the Data Protection Crisis that was triggered by the Court of Justice of the EU’s Schrems 2 decision. This has been achieved in principle through a framework agreement between the U.S.A. and the EU. Paul Rosenzweig, Michael Ellis, and Paul Rosenzweig share trade insights about the deal and its potential outcomes before the CJEU. The agreement’s most controversial feature is its inability to change U.S. laws. This is a result of easy vote-counting if one’s from Washington. However, the CJEU expected it to dictate legislation for Congress, so Europe’s acceptance in a non-legislation solution could simply be a way to get the ball rolling until the next CJEU decision. Paul and Michael warn that the absence of legislation in Europe will make a big difference when it comes time to provide remedies for European citizens who feel they have had their rights violated. They will be going to administrative bodies with guarantees of impartiality and independence from the executive branch, rather than going to court. It’s definitely worth trying. We want to congratulate some old podcast buddies who came together and solved this problem.
New tech news continues to emerge from the Russian invasion in Ukraine. Nick Weaver updates us on the single most likely example of Russia using its cyber weapons effectively for military purposes – the bricking of Ukraine’s (and a bunch of other European) Viasat terminals. Alex Stamos (and I) discuss whether or not the Russian social media giants, including Instagram, were required to give information on their subscribers in order to microtarget news. It is possible to bypass Putin’s information management controls. Along the way, we look at why the tech response to Chinese aggression seems so weak. Paul gives credit to the FBI for their microtargeted Russian language “talk to me” ads that were only visible from 100 meters of Washington’s Russian embassy. Finally, Nick Weaver and Mike mull the significance of Israel’s determination not to sell sophisticated cell phone surveillance malware to Ukraine.
Alex and I discuss the European Digital Markets Act which governs some U.S.-based companies and acts as their “digital gatekeepers”. Although it seems plausible in addressing network-effect monopolization and is undermined by anti-Americanism, the EU’s persistent illusion of being able to regulate the tech sector has made this an unworkable solution. Alex is similar in his view. He points out that end-to–end encryption was an important privacy win, thanks to WhatsApp. The Digital Markets Act, which attempted to forbid standard interoperable messaging, may reverse that achievement.
Nick is here to show us the amazing achievements of Lapsus$ juvenile delinquents. It is possible to speculate on how lawyers can skew response to cyber incidents in ways that end up being very detrimental for breach victims. Alex vividly demonstrates the legal dynamics that hinder effective response. Michael refers to the detailed report by the Senate Homeland security committee’s minority staff on corporate response to REvil breach incidents. CISA and the FBI are not pleased with this report. However, the FBI is more criticized than CISA. That may explain why not many people paid any attention when they demanded that the bill be amended to address cyber incidents.
Nick and Michael discuss whether Grimes, the dream-pop musician and Elon Musk loveheart could face criminal charges for computer crimes. After she admitted to having DDOSed a publication online for a embarrassing photograph of herself, Nick debates with Michael. We conclude that she should not go back to Canada, just to be safe. Paul and me both applaud a WIRED op ed arguing that Putin’s Soviet empire nostalgia is a cause for alarm. The authors, Baker and Rosenzweig (as it happens), suggest that ICANN should not kill off the Soviet Union’s obsolete.su country codes.
We are grateful to all our faithful listeners, who came on line to view us recording this episode live with video. We’ll be doing it again in the near future.
The 400th Episode is available as an MP3 download
The Cyberlaw Podcast can be subscribed via iTunes, Google Play Spotify Pocket Casts and Google Play. The Cyberlaw Podcast invites your feedback. Make sure you engage @stewartbakerFollow us on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. You will receive a Cyberlaw Podcast mug if you suggest a guest!
This podcast is a collection of opinions that the speakers have shared and does not represent the views or clients of any of them.