The Cyberlaw Podcast: The Former Lingerie Salesman Who Has Putin's Knickers in a Twist

Stewart Baker
Tuesday, March 16, 2021, 5:35 PM

Published by The Lawfare Institute
in Cooperation With

This week we interview Eliot Higgins, founder and executive director of the online investigative collective Bellingcat and author of We Are Bellingcat.

Bellingcat has produced remarkable investigative scoops on everything from Saddam’s use of chemical weapons to exposing the Russian FSB operatives who killed Sergei Skripal with Novichok, and, most impressive, calling a member of the FSB team that tried to kill Navalny and getting him to confess. Eliot talks about the techniques that make Bellingcat so effective and the hazards, physical and moral, that surround crowdsourced investigations.

In the news, Dave Aitel gives us the latest on the Exchange server compromise, and the reckless Chinese hack-everyone spree that was apparently triggered by Microsoft’s patch of the vulnerability.

Jamil Jaffer introduces us to the vulnerability of the week—dependency confusion, and the startling speed with which it is being exploited.

I ask Nate Jones and the rest of the panel what all this means for government policy. No one thinks that the Biden published cyberstrategy tells us anything useful. More interesting are two deep dives on cyber strategy from people with a long history in the field. We see Jim Lewis’s talk on the topic as an evolution in the direction of much harsher responses to Russian and Chinese intrusions. Dmitri Alperovich’s approach also has a hard edge, although he points out that the utter irresponsibility of the Chinese pawn-em-all tactic deserves an especially harsh response. I wonder why Cyber Command didn’t respond by releasing a worm that would install poorly secured shells on every Exchange server in China.

In other news, I blame poor (or rushed) Pentagon lawyering for the district court ruling that the Department of Defense couldn’t list Xiaomi as an entity aligned with the Chinese military. Jamil is more charitable both to the Department of Defense and the judge who made the ruling, but he expects (or maybe just hopes) that the court of appeal will show the Pentagon more deference.

Twitter, on the other hand, is praying that the Northern District of California suffers from full-blown Red State Derangement, as it asks the court there to enjoin a Texas Attorney General investigation into possible anticompetitive coordination in the Great Deplatforming of January 2021.

Nate gives us the basics. I observe that, to bring such a Hail Mary of a case, Twitter must deeply fear what its own employees were saying about the deplatforming at the time. Neither Nate nor I give Twitter a high probability of success. And even if it does succeed, red states are lining up new laws and regulatory initiatives for Silicon Valley, most notably Gov. DeSantis’s controversial effort to navigate Section 230 and the First Amendment.

Nate also provides a remarkably clear explanation of the sordid tale of European intelligence and law enforcement agencies trying to cut a special deal for themselves in the face of surveillance-hostile rulings from the EU’s Court of Justice. The agencies are right to want to avoid those foolish decisions, but leaving the U.S. on the hook will only inflame trans-Atlantic relations.

In quick hits, Jamil and Dave talk us through Israel’s Unit 8200, the press on which offers a better cybersecurity venture capital alumni network than Stanford. We also discuss recent news about security lapses in what Dave calls the internet of things.

And more!

Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare