For decades, U.S. cyber attackers were notoriously the brainchild of lawyers until they became a key factor in defining U.S. cyber tools. But it seems those days are gone. Today, Israel has caught up and surpassed US cyberwarriors on this essential scale. Nate Jones reports on an attack carried out by an obscure “hacktivist” group, but widely blamed on Israel. Hackers shut down several Iranian factories in a shower of sparks and molten steel. However, the most interesting thing about the attack was the pre-roll of the video, which stated that the factories were under international sanctions and that the attackers had sent warnings to the workers to avoid casualties. Part of it was caution; when you’re escalating in cyberspace, it’s a good idea to highlight the limitations you see. Most of it, however, was lawyers promoting the attack’s adherence to the law of armed conflict. After an earlier campaign that cut off gasoline supplies but also warned emergency and fire services to pre-gas, it sure looks like some of the best cyber attacks will now come with a phalanx of lawyers.
At the same time, China is using its resources to export its 50 cent army to the United States. Sultan Meghji and Maury Shenk cover the Chinese social media campaign to turn American rare earth mining into an environmental controversy. I argue that in this case, China is taking a leaf out of the Russian playbook; the russians worked hard to make fracking controversial in the usa because it kept the price of russian oil down. I urge someone to find out how many of these fake American accounts are also on TikTok and how TikTok’s algorithm handles them.
Speaking of Chinese propaganda, Maury tells us that a well-known Chinese cybersecurity company is accusing the US of planting Trojans on hundreds of important Chinese information systems, which could be an interesting accusation if the report actually provided some details.
After knowing the competition of Israeli cyber lawyers, the NSA lawyer has opened a new front. They have convinced the US Department of Justice to fight the merger on the grounds that it will reduce competition in bidding for one NSA program. Nate and I get stuck on the market definition issues of the case, but Sultan thinks it’s an investment opportunity.
This Week in Silly Artificial Intelligence (AI) Research: We’re never short of stories in this category, but this week two contenders square off well. Sultan tells us a story that proves that gender and race discrimination can always be found in AI if your research is poorly designed. And Maury finds a group of researchers who did better, designing a moderately effective crime-prediction algorithm and then arguing that the police were racist if they used it to add more officers to high-crime areas, and racist if they didn’t send more. to neighborhoods where crime is increasing. Since most research on AI bias is apparently aimed at getting your story in the press by stating that AI is racist, finding racism regardless of how the research turns out is a winning strategy.
Speaking of unimpressive journalism, Sultan reports a Wall Street Journal story that lazily bashes AI research because it hasn’t done everything we want it to, but ignores the things it has done well.
Sultan also walks us through one cryptocurrency domino wreck after another, but he believes the collapse will likely create a stronger and more regulated foundation for businesses that survive. Nate reiterates the EU’s contribution to the issue – more regulation, natch – but in a surprising twist for the Cyberlaw Podcast, Brussels’ proposal gets pretty high marks.
We’re updating a few stories from past weeks,
- Google is really hurt by a study that found its default spam filter favored Democratic fundraising messages over Republicans by about 7:1. The GOP has always believed (correctly) that Silicon Valley hinders its views, but this time the evidence is hard to deny. Google doesn’t really deny it, promising to do better in the future, while Republicans claim Gmail’s bias cost them $2 billion in donations and are proposing tough new transparency laws.
- The Justice Department is raising the stakes on behalf of Uber’s former chief information security officer (CISO), accusing Joe Sullivan of management fraud for mistaking what appeared to be a security breach ransom as a bug bounty. According to the Ministry of Justice, this betrayed Uber drivers and customers. Sullivan is the first, but probably not the last, CISO to face this charge as the government stops touting “public-private partnerships” as a reason for companies to report breaches and instead embraces the fear of prosecution.
- And the Transportation Security Administration (TSA), after facing criticism over the harshness of the pipeline’s secret cybersecurity standards, has now offered secret changes to the standards. Is that a good thing? Who knows?
Download Episode 415 (mp3)
You can subscribe to The Cyberlaw Podcast via iTunes, Google Play, Spotify, Pocket Casts, or an RSS feed. As always, The Cyberlaw Podcast is open to feedback. Remember to engage @stewartbaker on Twitter. Send your questions, comments and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we’ll send you the highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, family or pets.