This week we celebrated International Tech Policy Week, which happens every year around this time, when American policymakers, the American execs who follow them, and the U.S. journalists who report on them all go home to eat turkey with their families and leave tech policy to the rest of the world.
Leading off a review of China’s contribution to the week, Paul Rosenzweig and Jordan Schneider cover Beijing’s pressure on Didi to delist from a U.S. stock exchange. If you believe this pressure is about data security, I have a Chinese unicorn tech stock to sell you at half price.
Jordan explains why China’ is also taking Tencent to the woodshed for not quite getting the message about who makes the rules in China’s tech sector. Speaking of delivering a message, Jordan also covers China’s decision to impose fines on tech firms for a decade’s worth of M&A deals.
David Kris turns what could have been a U.S. story – insurers’ running for cover from ransomware losses—into an international story by focusing on a proposal from Lloyds of London.
Paul and I dig into a story that starts in the U.S. but soon moves abroad: Apple’s slightly weird computer fraud and abuse lawsuit against the Israeli exploit firm known as NSO Group. I point to other stories signaling that tech hubris on this issue is out of control. Facebook is trying to stop undercover cops from using fake accounts to collect quasipublic information. And Apple is telling its customers when it discovers that they are the targets of state-sponsored malware. These are law enforcement activities that in other contexts would simply be unexceptionable undercover work or lawful interception of communications. In Apple’s case, the interference with law enforcement is egregious, since the company has not explained how it can possibly avoid blowing up legitimate counterterrorism and criminal investigations that must use malware because Apple has already foreclosed less dramatic legal options.
Meanwhile, in Israel, the demonization of these tools has led authorities to dramatically cut the number of countries to which spyware can be exported. Of course Iran is not be on the list, but Israel seems to have exported plenty to that country, which is now returning the favor, as cyberconflict begins hitting ordinary citizens in both countries.
David, Paul, and I reveal our prejudices as we examine the latest miniflap that briefly detained Congress’s proposed cyber incident reporting mandate – DOJ’s desire to require simultaneous reporting to the FBI. That is a dumb idea, and the Senate seems to have treated it with exactly the amount of deference it deserved. At least that’s how it looks from inside my junior high locker.
Jordan touches briefly on a Chinese province’s plan to construct a surveillance system for foreigners. He thinks there’s more (or maybe less) to the story than appears. He also covers the U.S. decision to blacklist Chinese quantum computing companies, giving me a chance to divert him toward the Endless Frontier Act and China’s peculiar decision to turn it into a BFD.
David and I dig into a proposed (and likely to pass) new UK law on IOT security that looks a lot like California’s law on the same topic.
In quick hits and updates, I note that Meta will have trouble delivering end-to-end encryption on Facebook and Instagram before 2023. And despite efforts to toxify the entire field and this company in particular, Clearview AI’s face recognition tool is performing very well against international competition. I also note that my research suggests that the whole “AI bias” narrative about face recognition, is stuck in 2016 and has ignored the remarkable accuracy (and debiasing) strides the industry has made in recent years.
Finally, Jordan explores the tension between Beijing’s hostility to gaming and the Shanghai Communist Party’s embrace of an esport legend.
You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.