The Cyberlaw Podcast: Unfiltered: An Interview with NSA’s Former General Counsel

Stewart Baker
Tuesday, March 10, 2020, 7:14 PM

Published by The Lawfare Institute
in Cooperation With

Our interview in this episode is with Glenn Gerstell, freed at last from some of the constraints that come with government service. We cover the Snowden leaks, how private and public legal work differs (hint: it’s the turf battles), Cyber Command, Russian election interference, reauthorization of FISA, and the daunting challenges the US (and its Intelligence Community) will face as China’s economy begins to reinforce its global security ambitions.

In the news, Nate Jones and Nick Weaver talk through the new legal and technical ground broken by the United States in identifying two Chinese nationals and the $100 million in cryptocurrency they laundered for North Korean hackers.

Paul Rosenzweig lays out the challenge posed for the Supreme Court’s Carpenter decision by LocateX, which provides detailed location data commercially. This is exactly the quagmire I expected the Court to find itself in when it abandoned the third-party doctrine on a one-off basis. Nick points out that the data is only pseudonymized and tries with mixed success to teach me to say “de-pseudonymized.”

Nate and I conclude that facial recognition has achieved a new level of infamy. Kashmir Hill at the New York Times adds a new drop of poison in a story that could just as well have repeated “I hate Clearview AI” 50 times for all it told us about the company. And Anna Merlan of Vice published a story about Clearview’s practices. Meanwhile, there are still big questions about whether the technology works at all. But sometimes the problem is a complicated mix of human and technological error. Police in Buenos Aires, for example, found a wanted man on the street using another company’s recognition tech. The catch: the guy was erroneously placed on the wanted list because someone mixed him up with a criminal of the same name. Not sure that’s facial recognition’s fault, as OneZero describes it as being.

Nate and I review the Justice Department’s guidance on how threat researchers should do undercover work safely on the Dark Web. It’s a mixed bag for sure, but the biggest beneficiary of the guidance may turn out to be the Dark Web’s criminal network administrators.

A proposed FAA drone rule is angering aviation hobbyists. Nick feels their pain but thinks it’s time for them to get over it.

Microsoft, Google, Facebook, and others have adopted international principles for enforcing laws against child abuse. But if they were hoping to stave off the EARN IT bill, they were mistaken. The bill has been introduced, with striking bipartisan sponsorship and a modest few changes since we last covered it. Nick and I disagree on whether the bill would turn the companies into agents of the government for Fourth Amendment purposes.

And in short takes, I note that the Trump Administration is borrowing from Europe in one respect: CFIUS is building a wall against the export of personal data to China, overturning mergers that would give Chinese companies access to data on Americans’ hotel stays and their love lives. Paul tells us that Oz is apparently in the lead for a deal with the United States on the CLOUD Act. China’s Qihoo360 tried to beat US cyber forensics firms at the name-and-shame game but came up short. And the FISA Court offers some surprisingly tame reforms in the wake of the Horowitz report detailing the botched Carter Page warrant application.

Download the 304th Episode (mp3).

Take our listener poll at!

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed!

As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm

Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare