Steptoe Cyberlaw Podcast, Episode #12: An Interview with Jim Lewis

This week’s cyberlaw podcast begins as always with the week in NSA. We suspect that a second tech exec meeting with the President (for two hours!) bodes ill for the intelligence community, or at least the 215 metadata program, as does the shifting position of usually stalwart NSA supporters like Dianne Feinstein and Dutch Ruppersberger. We introduce a new feature, Silliest Press Angle of the Week, for the Guardian’s claim that NSA’s GC somehow contradicted tech companies when he said that the recipients of 702 orders know that intercepts are going on. The companies that got orders didn’t deny knowing about the orders, obviously, but downstream users were likely to be in the dark, and no one outside NSA had ever heard of PRISM. Ten minutes of fact-checking would have killed the story. Which may be why the story wasn’t checked. We ask whether hyperventilation about the NSA’s ability to “reach into the past” would sound as scary if we were talking about my VCR -- and whether a story on NSA hacking Huawei meets any of the justifications that Snowden has offered for his leaks. We also observe that Brazil has already abandoned its dream of digital autarky – in favor of something equally dubious. Illinois’s law against recording conversations in the absence of all parties’ consent turns out to be an infringement of free speech (like most “privacy” law, in my view), and the Illinois Supreme Court has struck it down for overbreadth, casting a shadow over some but not all such laws in other states. here and here All-party consent laws also lost a round in front of Judge Koh of the San Francisco federal district court. After a startling ruling that suggested massive liability for Google because it did not get all parties’ consent to Gmail scanning, she took away the plaintiffs’ main leverage, denying class certification. In deference to March Madness, we debate whether the decision resembles a basketball ref’s makeup foul call. In other privacy litigation a ground-breaking settlement compensates even those who have suffered no injury from a data breach. The theory is unjust enrichment. And so, we suspect, is the outcome. After all, you don’t have to suffer much injury to be considered a proper litigant, as Michael reminds us in discussing a privacy case where alleged the harm is battery power lost when personal data is extracted from an Android phone. We update the “Innocence of Muslims” YouTube ban and offer skepticism about whether the Supreme Court will review the Ninth Circuit’s decision. And the SSCI-CIA fight continues in a lower key. We’ll explore that in more detail with next week’s guest, Michael Allen, himself a former staff director of the House intelligence committee. This week’s guest is Jim Lewis of the Center for Strategic and International Studies. Jim is the most thoughtful outside commentator on international cybersecurity issues, and he gives us a tour of the horizon on cyberwar norms, confidence-building measures, and post-Snowden diplomacy. He also predicts the course of cybersecurity legislation and the prospects for regulatory adoption of the NIST cybersecurity framework. And he gives the 215 metadata program a year to live. All in a tight, one-hour package, for those still shell-shocked by the 85-minute sprawl of Episode 11.