Steptoe Cyberlaw Podcast: Debating Hackbacks

Stewart Baker
Wednesday, March 22, 2017, 9:00 AM

Episode 155 of the podcast offers something new: equal time for opposing views. Well, sort of, anyway. In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week. I argue that U.S.

Published by The Lawfare Institute
in Cooperation With
Brookings

Episode 155 of the podcast offers something new: equal time for opposing views. Well, sort of, anyway. In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week. I argue that U.S. companies should be allowed to hack back; I’m opposed by Greg Nojeim, Senior Counsel at the Center for Democracy & Technology and Jamil Jaffer, Vice President for Strategy & Business Development of IronNet Cybersecurity. (Jeremy Rabkin, who was supposed to join me in arguing the affirmative, was trapped in Boston by a snowstorm.)

In the news, we can’t avoid the unedifying—and cynical—spat between press and White House over wiretapping. Turning to legal news, I note the D.C. Circuit’s adoption of a cursory and unpersuasive reading of the Foreign Sovereign Immunities Act in the context of state-sponsored hacking of activists in the United States. Maury Shenk unpacks the latest ECJ opinion refusing to apply the “right to be forgotten” across the board to government databases. So far, the only clear application is to American tech giants. That’s also true of the latest German proposal to make the internet safe for censors, government and nongovernment alike. As Maury explains, the German Justice Minister is proposing fines up to $50 million for tech giants that don’t censor online speech fast enough or hire enough European private censors to keep up with the workload.

The Justice Department’s indictments in the Yahoo! hack show just how remarkably intertwined Russian intelligence and Russian cybercrime have become.

Alan Cohn and I chew over the latest developments in the new administration’s approach to cybersecurity—a determination to cripple botnets more effectively, and a willingness to exempt SHS cyber programs from what looks like a drastic set of budget cuts for nondefense agencies. Whether the administration can make progress on botnets while sticking to voluntary measures is uncertain; equally uncertain is whether the plus-ups for DHS cyber reflects satisfaction with the agency’s performance on that mission in recent years.

Finally, Maury and I ask whether the German government is surrendering to reality in pursuing more effective video surveillance of possible criminals and terrorists.

As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.

Download the 155th episode (mp3).

Subscribe to the Cyberlaw Podcast here. We are also on iTunes, Pocket Casts, and Google Play (available for Android and Google Chrome)!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.

Subscribe to Lawfare