Podcasts about cfaa

An anti-MEV activist spent weeks building 66 fake contracts to trap the sandwich bot jaredfromsubway.eth. Then jared's operators did the one thing nobody expected. ======================================================== Thank you to our sponsors! Cape: Your biggest crypto vulnerability isn't your wallet, it's your phone number. Cape is America's privacy-first mobile carrier that rotates your SIM identity daily and blocks SIM swaps before they happen. Get 33% off your first six months at https://cape.co/unchained (use code: UNCHAINED). ======================================================== A new R&D lab called Ethlabs has split from the Ethereum Foundation, backed by Bitmine and Joe Lubin. Its first stated goal is solving a '15 minute finality problem' that none of the hosts can quite explain the point of. Kain Warwick, Taylor Monahan, and Luca Netz ask whether a breakaway staffed largely by ex-EF people can really escape the EF's habits, or just rebuild a smaller version of them.  Then the conversation turns to fomo's $75M raise from non-crypto VCs, and why a trading app that never calls itself a wallet may have cracked the onboarding flow the rest of crypto keeps getting wrong. The hosts also trace a CryptoPunks judge ordering a self-represented plaintiff to handwrite filings to stop the AI slop, the anti-MEV activist who trapped sandwich bot jaredfromsubway.eth with 66 fake contracts, and the WSJ's claim that Polymarket paid creators to stage fake winning bets. Hosts: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Kain Warwick⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, Founder of Infinex and Synthetix ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Taylor Monahan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, Security Expert ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Luca Netz⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, CEO of Pudgy Penguins Timestamps

Is cybersecurity just a technical problem, or a human one?In this episode, we debut our new format: bridging the gap between deep academic research and boots-on-the-ground security practice. We dive into Zoe M. King et al., 2018 paper, "Characterising and Measuring Maliciousness for Cybersecurity Risk Assessment," to uncover why we need to stop looking at code and start looking at intent.From the "Dark Triad" of personality traits to the rise of the "patriotic hacker" in global geopolitics, we peel back the layers of the human onion to understand what actually drives a person to cause harm.In This Episode, We Discuss:The Maliciousness Assessment Metric (MAM): Why traditional risk assessments fail by ignoring "intent to harm" and how to integrate human factors into your security posture.The Four Layers of Maliciousness: A deep dive into the Individual, Micro, Meso, and Macro levels—from personal psychology to national narratives.Hacking as Patriotism: How cultural contexts in the US, Russia, and China dictate whether a hacker is seen as a criminal or a hero.The "War Games" Effect: How 80s cinema shaped US cybersecurity legislation (CFAA) and continues to influence public perception.Insider Threats & Organizational Hygiene: Why disgruntlement is a security vulnerability and how the "Principle of Least Privilege" is your best defense.Risk as a Moral Construct: Why the risks your company chooses to mitigate reveal your organisation's true values and concept of justice.Show NotesCharacterizing and Measuring Maliciousness for Cybersecurity Risk Assessment by Zoe M. King et al., featured in the journal Frontiers in Psychology (2018)Risk and Blame: Essays in Cultural Theory by Mary DouglasRisk and Culture: An Essay on the Selection of Technological and Environmental Dangers by Mary Douglas and Aaron Wildavsky

On this week's episode, we go wayyyy back to the begining and talk about the origin story of the CFAA, from back in preliminary meetings well before the inception in 1974 nad how it has changed up to today.Thanks to Gerry and Stephen! Hosted on Acast. See acast.com/privacy for more information.

This week we continue our series on troubleshooting by delving into the world of ground faults. This is the first episode on ground faults and we will continue further in future episodes. Thanks Tom Richards!We also have Jordan Klemick ,CFAA president on with a year-end message, recorded in December 2025. We discuss some of the projects taht are ongoing and reviewe 2025 with the CFAA. Hosted on Acast. See acast.com/privacy for more information.

OA1220 - What's an FBI agent to do when a notorious low life reports a local cop is asking for a bribe? Turn him into a confidential information of course, and see how far you can get that dirty cop to go. A tale of two assholes, steadily making each others' lives worse and worse, while one is wearing a wire. Now, why does the Supreme Court care about any of this? Half the conviction hinges on whether this cop “exceeded authorized access” under the Computer Fraud and Abuse Act (CFAA), and no one can agree what that means… including your cohosts. Hear Thomas try to figure out why Amy Coney Barrett is so obsessed with the definition of the word “so”, and Jenessa… defend Clarence Thomas?! This case is a hot mess, but the good news is everyone sucks here and no one wins. The relevant language: “The Act subjects to criminal liability anyone who “intentionally accesses a computer without authorization or exceeds authorized access,” and thereby obtains computer information. 18 U. S. C. §1030(a)(2). It defines the term “exceeds authorized access” to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” §1030(e)(6).” Barrett's ruling: “In sum, an individual “exceeds authorized access” when he accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to him.” Van Buren v. United States, 593 U.S. 374 (2021) United States v. Van Buren, 940 F.3d 1192 (11th Cir. 2019) Full text of the CFAA: 18 U.S.C. § 1030 Check out the OA Linktree for all the places to go and things to do!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren't just IT issues—they're revenue issues—so we map exactly how to build alignment before a crisis hits.We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don't read them with counsel.Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR's 72-hour notification, China's PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting.If you're studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we'll tackle it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA single compromised API key can undo months of hard work. We open with a clear-eyed look at a reported Treasury-related incident tied to a privileged access platform and use it to expose a bigger problem: API governance that lags behind development speed. If an API is a doorway into your environment, why do so many teams leave it unlocked, unlogged, and unmanaged? We share a practical blueprint for centralizing API traffic through gateways, tightening authentication, rotating keys, and getting real visibility into what flows in and out.From there, we dive into CISSP Domain 1.6 with crisp, exam-style questions that double as leadership lessons. We compare civil and criminal standards of proof, explain where regulatory investigations fit, and show how penalties differ across case types. You'll hear why chain of custody can make or break a criminal data theft case, how direct and circumstantial evidence complement each other, and what lawful collection requires under search and seizure laws. Along the way, we clarify GDPR's reach, the role of the SEC in insider trading probes, and how ECPA, CFAA, and FISMA divide responsibilities across privacy, computer crime, and federal system security.We also make the case for forensic readiness as a standing control, not a post-breach scramble. Centralized logging, synchronized time, packet capture on critical paths, immutable storage, and clear retention policies give you faster answers and stronger footing with regulators. Inside the organization, administrative investigations live or die by policy clarity, and whistleblower protections keep truth-tellers safe enough to speak. By the end, you'll have tangible steps to harden APIs, gather admissible evidence, and navigate the maze of legal and regulatory expectations with confidence.If this helped sharpen your thinking, follow the show, share it with a teammate who owns APIs or incident response, and leave a quick review so others can find us. Your feedback guides what we tackle next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

A single compromised password led to the collapse of 158-year-old UK logistics firm KNP, after hackers—suspected to be the Akira gang—used it to gain access, encrypt systems, and demand a £5 million ransom. Unable to pay, the company lost all its data and folded, putting 700 employees out of work. The breach underscores how weak access controls can have catastrophic consequences.To counter massive botnets, Google is now combining technical defenses with legal action. Its lawsuit against the “BadBox 2.0” operators marks a major shift: targeting criminals behind malware that infected over 10 million Android devices. Google's strategy includes leveraging the CFAA and RICO Act to not just stop malware but dismantle the entire criminal infrastructure—signaling a more aggressive, litigation-driven cybersecurity era.Meanwhile, a new malware delivery method is exploiting DNS—a common but often under-monitored network function. Attackers hide malware in DNS TXT records, break it into chunks, and reassemble it on target systems using standard DNS queries. Since DNS traffic is rarely scrutinized, this technique bypasses traditional defenses, making DNS monitoring essential for comprehensive protection.Travelers to China face serious privacy risks. Authorities are using malware like “Massistant” to extract sensitive data from mobile phones during inspections. Developed by Chinese firm Meiya Pico, the software accesses encrypted texts, location history, and even Signal messages upon installation. Though evidence of compromise may remain, the intrusion happens before detection, raising concerns for anyone bringing devices into the country.China has also shifted its cyberattack strategy by outsourcing operations to private firms. These companies now discover and sell zero-day vulnerabilities to government agencies. This model, which evolved from loosely affiliated hacker groups, blurs the line between state and private enterprise, making attribution difficult. As a result, China-linked hackers increasingly infiltrate U.S. critical infrastructure while masking their origins, and exposure alone no longer seems to deter them.In response to national security concerns, Microsoft has removed China-based engineers from U.S. military cloud projects. A ProPublica investigation revealed their prior involvement, prompting a Pentagon ban on such support. Previously, Chinese engineers worked under U.S. supervision, a practice now deemed too risky for defense-related systems.Microsoft's SharePoint is also under siege. Chinese state actors exploited a critical flaw dubbed “ToolShell” to compromise at least 54 organizations, including those in critical infrastructure. The attack allowed for deep system access, extraction of encryption keys, and installation of web shells—despite prior patches. The incident stresses the need for rapid patching and vigilance, even on widely used enterprise platforms.Cyberwarfare is influencing real-world military dynamics. Ukrainian cyber operatives claim to have digitally crippled a major Russian drone manufacturer, deleting 47TB of production data and disabling access systems. Allegedly backed by military intelligence, the attack highlights how digital sabotage can directly disrupt military production and reshape conflict outcomes. Code is now as consequential as conventional weapons on the modern battlefield.

On this episode, we do the ultimate showdown of fire alarm techs vs sprinkler fitters and techs! Well, not really... we get into the situations on site and how we can work better together and what we all really need from each other.Also, check out Chris Logan on the Fire Sprinkler Podcast - available on YouTube and Apple Podcasts and Spotify!Tom Richards has written articles for the CFAA journal and has been on this podcast before and will be on soon again! Hosted on Acast. See acast.com/privacy for more information.

This week we bring the Quebec chapter of the CFAA (the ACAI in French) to the podcast to introduce us to their 2024 winner of the Above and Beyond Award!The first part is in French and then I offer a summary translation at the end for those who didn't -quite- catch it all!Thanks to Raphael for taking the reigns and leading the interview in my SECOND language! Hosted on Acast. See acast.com/privacy for more information.

This week, we talk to Suzanne Alfano (Executive Director of the CFAA) Stephen Ames (past President and currently working on the ISO certification project for the CFAA) about the contemplated certification to ISO standard 17024. We discuss the process and where we are so far in this journey. Hosted on Acast. See acast.com/privacy for more information.

On this Year-End episode, I have asked a few of my past guests and also Suzanne Alfano, Executive Director fo the CFAA and Jordan Klemick, Current President of the CFAA, to give us some year end summary of what we are doing at the executive committee level and what we have planned in 2025.I was also able to bring on Cathy and Mark, who have been on the podcast in the past and have rolls within chapters of the CFAA. I wish you all a Happy New Year and we will see you on the road somewhere in Canada or you wil continue to hear us on the podcast.Thanks for listening this year and for continunin to spread the word on the podcast to all of your fellow fire alarm technicians, engineers, managers and AHJ's.See you in 2025 with season 2 of the CFAA Fire Alarm Technician's Podcast! Hosted on Acast. See acast.com/privacy for more information.

The Electronic Frontier Foundation, long time critics of the Computer Fraud and Abuse Act, followed Weev's trial - but did not get involved. For the appeal, however, the organization decided to step it. But althought the EFF had some strong points against the CFAA - the justices, appearntly, had something very different on their mind. Advertising Inquiries: https://redcircle.com/brands

This week's Open Mic guest is Donnell Rehagen, CEO of Clean Fuels Alliance America. With an expanded mission of increased renewable fuels types and feedstocks, CFAA hopes to see expanded growth of renewable liquid fuels in the near future. Rehagen sees the industry's potential beyond the 4.6 billion gallon industry as it stands today with growth in industrial, transportation and sustainable aviation fuel, but feedstock availability and government regulations have proven formidable headwinds for industry growth.  CFAA applauds Agriculture Secretary Tom Vilsack's call for information to develop sustainable agriculture practices to help qualify crops as feedstocks for the Treasury Department's 45Z rules and tax credits.

This episode of the Fire Sprinkler Podcast is my conversation with Tim Renaud. Tim is the host of the new (ish) CFAA Fire Alarm Technicians Podcast, where he digs into various aspects of the Fire Alarm Industry. Based out of Vancouver BC, Canada, Tim's podcast talks various installation techniques, products, and aspects of the fire alarm industry of concern! Enjoy!

On this episode of the Commercial Real Estate Podcast, hosts Adam Powadiuk and Aaron Cameron speak with Tony Irwin, Director and Interim President at the Canadian Federation of Apartment Associations (CFAA). Topics covered include: How CFAA shapes the Canadian rental housing landscape Changing the perspective toward rental housing The long road to GST reforms and... The post Rethinking the Canadian Rental Market with Tony Irwin of CFAA appeared first on Commercial Real Estate Podcast.

This week on Haunt Weekly, we're donning our hazmat suits and diving deep into the two lawsuits filed by Russ McKamey of McKamey Manor fame.What is he suing for? How solid are his arguments? How could these lawsuits impact the haunt industry? We're going to discuss all that and much more.This Week's Episode Includes: 1. Intro2. Work We Did on the Haunt3. Question of the Week 4. Disclosures and Background5. Analysis of AG/Fire Marshal Lawsuit6. Analysis of the Hulu Lawsuit7. ConclusionsAll in all, this is one episode you do NOT want to miss!Get in Touch and Follow Us!Facebook: @HauntWeeklyTwitter: @HauntWeeklyYouTube: @HauntWeeklyEmail: info@hauntweekly.com

Roku stops its users watching TV until they accept a new ToS, the line between journalism and computer fraud and abuse, and when using jumbo frames on a network makes sense.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News Roku disables players and TVs with […]

Guests: Katie Noble, Director, PSIRT and Bug Bounty at Intel CorporationOn LinkedIn | https://www.linkedin.com/in/katie-trimble-noble-b877ba18a/Harley Geiger, Founder and Coordinator, Security Research Legal Defense FundOn LinkedIn | https://www.linkedin.com/in/harleylorenzgeiger/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by Katie Noble, Director of Product Security and Communications at Intel Corporation, and Harley Geiger, a cybersecurity attorney at Venable LP. The episode provides a deep dive into the realm of vulnerability disclosure and the corresponding laws that shape its dynamics.The insightful conversation unveiled vulnerability disclosure as a toolbox for receiving vulnerabilities from diverse sources and then subsequently identifying, mitigating, and disclosing them. Both Noble and Geiger highlighted the importance of this process in creating a more secure digital ecosystem. However, they identified some challenges which include technical literacy, uneven state laws, clarity on good-faith security research, and sanctions that restrict conversation about vulnerabilities with certain entities.Furthering the discussion, they touched upon the implications of AI and services provided through APIs on vulnerability disclosure. They acknowledged AI as an enabler which necessitates creative thinking about new tools for infrastructure security. They also highlighted potential issues with cloud services and AI, along with the growing practice of identifying non-security harms such as bias and discrimination through similar disclosure processes.While discussing the role of regulations and policies, the Noble and Geiger stressed these aid in setting security standards and issuing regulatory compliance. They emphasized that understanding regulation as a net good and engaging proactively with policy formulation can result in better product security.The episode concluded with insights on how regulatory improvements could reduce liability and move the space forward. This includes improvements in state law, clarification around AI, and easing sanctions to allow dialogue around vulnerabilities.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Roku stops its users watching TV until they accept a new ToS, the line between journalism and computer fraud and abuse, and when using jumbo frames on a network makes sense.   Plug Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News Roku disables players and TVs with... Read More

Guests: Katie Noble, Director, PSIRT and Bug Bounty at Intel CorporationOn LinkedIn | https://www.linkedin.com/in/katie-trimble-noble-b877ba18a/Harley Geiger, Founder and Coordinator, Security Research Legal Defense FundOn LinkedIn | https://www.linkedin.com/in/harleylorenzgeiger/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity podcast, host Sean Martin is joined by Katie Noble, Director of Product Security and Communications at Intel Corporation, and Harley Geiger, a cybersecurity attorney at Venable LP. The episode provides a deep dive into the realm of vulnerability disclosure and the corresponding laws that shape its dynamics.The insightful conversation unveiled vulnerability disclosure as a toolbox for receiving vulnerabilities from diverse sources and then subsequently identifying, mitigating, and disclosing them. Both Noble and Geiger highlighted the importance of this process in creating a more secure digital ecosystem. However, they identified some challenges which include technical literacy, uneven state laws, clarity on good-faith security research, and sanctions that restrict conversation about vulnerabilities with certain entities.Furthering the discussion, they touched upon the implications of AI and services provided through APIs on vulnerability disclosure. They acknowledged AI as an enabler which necessitates creative thinking about new tools for infrastructure security. They also highlighted potential issues with cloud services and AI, along with the growing practice of identifying non-security harms such as bias and discrimination through similar disclosure processes.While discussing the role of regulations and policies, the Noble and Geiger stressed these aid in setting security standards and issuing regulatory compliance. They emphasized that understanding regulation as a net good and engaging proactively with policy formulation can result in better product security.The episode concluded with insights on how regulatory improvements could reduce liability and move the space forward. This includes improvements in state law, clarification around AI, and easing sanctions to allow dialogue around vulnerabilities.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Dana Wentzel Piscopo, CPRC, CFAA, CSRC, MVLCE talks about helping others through sobriety. She's an enthusiastic sobriety and recovery coach with a unique whole-self approach ready to partner with people to find that colorful moxie within through joyful connection and engaging, individual-focused sessions. https://www.linkedin.com/in/dana-wentzel-piscopo-sobriety-and-recovery-coach https://www.coloryourlifellc.com/

Axolotls are territorial, regenerative, and maybe hold the secret to eternal youth. Oh, and they're suuuuper cute. In this episode, we share 10 cool facts about axolotls, then we share our interview with Dr. S. Randal Voss. Dr. Voss is one of the leading experts on axolotls, and he shares all sorts of facts about what makes them unique, why they are critically endangered in the wild, and how kids can help protect them.  Find out more about Dr. Voss's lab here: http://www.vosslab.com If you want to financially support our podcast, you can do so here: https://www.patreon.com/coolfactsaboutanimals  Want some CFAA merch? Get it here: https://www.zazzle.com/store/coolanimalspod/products 

Wednesday's AOA began with Darin Newsom, Senior Market Analyst at Barchart, who shared his insights on yesterday's corn market move and the flush of longs in the natural gas market. In segment 2, Lucas Fuess, Rabobank's Senior Dairy Analyst reviewed the fundamentals of the dairy industry, both domestically and internationally. Infrastructure was the topic in segment 3, with Dr. Martin Doyle, Director of the Water Policy Project at Duke University outlining the risks to dams across the country. And AOA closed with Kurt Kovarik, VP of Federal Affiars for Clean Fuels Alliance America, who had testified yesterday in front of the EPA about their volume requirements for biodiesel, and he explained CFAA's frustration.

In this episode, one of the most fearsome predators of all time and a living tank go head-to-head. Yes, the T-Rex and the Ankylosaur battle! Before these two face off, we learn key facts to better predict who will take the crown. Which was faster? Which was smarter? Which was best equipped to survive? We gave a few different battle scenarios. What do you think would have happened? Send us an email at coolfactsaboutanimals@gmail.com with your answers, and we will send you a bookmark. We also want to hear from you if you solved our riddle or if you did the kid power challenge. Thank you to Murphy and Eli for being our Patreon sponsors! If you'd like to be a Patreon sponsor, you can check out our page here. https://www.patreon.com/coolfactsaboutanimals The holidays may be over, but you can still show your CFAA pride. Check out our gear store here. https://www.zazzle.com/store/coolanimalspod

If you are a regular listener of our show, you know that we LOVE cats – we even have three! In this episode, we learn all about domestic cats – how smart they are,  how much they sleep, how well they communicate, some strange jobs they've had, and of course, how cute they are! Thanks to our Patreon sponsors, Maelynn, Coralynn and Atesh! If you'd like to help financially support us – and get a shout out on our show – head here. Also, with the holidays coming up, now is a good time to show your CFAA pride! Get your merch here. Finally, if you want to answer our creature quiz, guess our riddle, or do the Kid Power, let us know and we will send you a bookmark! Email us at coolfactsaboutanimals@gmail.com.

The Justice Department recently announced the issuance of a revised internal policy for charging cases brought under the Computer Fraud and Abuse Act (CFAA), our nation’s main computer crime statute. This revised policy was issued in the wake of the Supreme Court case of United States v. Van Buren, which held that the CFAA's “exceeds […]

The Justice Department recently announced the issuance of a revised internal policy for charging cases brought under the Computer Fraud and Abuse Act (CFAA), our nation's main computer crime statute. This revised policy was issued in the wake of the Supreme Court case of United States v. Van Buren, which held that the CFAA's “exceeds authorized access” provision does not cover those who have improper motives for obtaining information that is otherwise available to them. Additionally, the new DOJ policy for the first time directs federal prosecutors that good-faith security research should not be charged under the CFAA, but also acknowledges that claiming to be conducting security research is not a free pass for those acting in bad faith.Does the new DOJ charging policy strike a reasonable balance between privacy and law enforcement interests? Do its protections for security research go far enough, or do they extend too far? In the wake of Van Buren and this policy, does the federal government have adequate tools to address insider threats, especially where such threats are focused on invasions of privacy and confidentiality instead of being motivated by financial gain?Join us as our panel of experts break down these questions.Featuring:--Prof. Orin Kerr, Willam G. Simon Professor of Law, University of California, Berkeley School of Law --Prof. Michael Levy, Adjunct Professor of Law, Penn Carey Law, University of Pennsylvania --[Moderator] John Richter, Partner, King & Spalding

Episode 242 where we talk about the GTA hack, Harmonix’s tragic Rhythm game, the change to the CFAA, and we feature a returning special guest: N3rdNextDoor! Join the conversation with us LIVE every Tuesday  on twitch.tv/2nerdsinapod at 9pm CST. Viewer questions/business inquiries can be sent to 2nerdsinapodcast@gmail.com Follow us on twitter @2NerdsInAPod for gaming news! […]

0:41 -   Peter's Introduction2:56 -   SSi Background4:52 -   Greensol & Clean Agent Protection9:20 -   SNAP (Significant New Alternative Policy) / Eco-Friendly11:05 -  What is FirePASS?16:47 -  Secondary Systems?17:44 -  Room Integrity & FirePASS23:30 - SSi Battery Solution & Lithium-Ion Fires26:50 - Peter's Experience as an Executive Director of the CFAA29:20 - Importance of Standardized Documentation 33:43 - Peter's Perspective as a Firefighter & Industry Professional37:22 - Technology Adoption in the Industry40:15 - Quick Response Round43:34 - Final Thoughts

When Lock and Code host David Ruiz talks to hackers—especially good-faith hackers who want to dutifully report any vulnerabilities they uncover in their day-to-day work—he often hears about one specific law in hushed tones of fear: the Computer Fraud and Abuse Act. The Computer Fraud and Abuse Act, or CFAA, is a decades-old hacking law in the United States whose reputation in the hacker community is dim. To hear hackers tell it, the CFAA is responsible not only for equipping law enforcement to imprison good-faith hackers, but it also for many of the legal threats that hackers face from big companies that want to squash their research. The fears are not entirely unfounded. In 2017, a security researcher named Kevin Finisterre discovered that he could access sensitive information about the Chinese drone manufacturer DJI by utilizing data that the company had inadvertently left public on GitHub. Conducting research within rules set forth by DJI's recently announced bug bounty program, Finisterre took his findings directly to the drone maker. But, after informing DJI about the issues he found, he was faced not with a bug bounty reward, but with a lawsuit threat alleging that he violated the CFAA. Though DJI dropped its interest, as Harley Geiger, senior director for public policy at Rapid7, explained on today's episode of Lock and Code, even the threat itself can destabilize a security researcher. "[It] is really indicative of how questions of authorization can be unclear and how CFAA threats can be thrown about when researchers don't play ball, and the pressure that a large company like that can bring to bear on an independent researcher," Geiger said. Today, on the Lock and Code podcast, we speak with Geiger about other hacking laws can be violated when conducting security researcher, how hackers can document their good-faith intentions, and the Department of Justice's recent decision to not prosecute hackers who are only hacking for the benefits of security. You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use. Show notes and credits: Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Outro Music: “Good God” by Wowa (unminus.com)

On May 19, the Department of Justice announced a new policy concerning how it will charge cases under the Computer Fraud and Abuse Act, or CFAA, the primary statute used against those who engage in unlawful computer intrusions. Over the years, the statute has been criticized because it has been difficult to determine the kinds of conduct it criminalizes, which has led to a number of problems, including the chilling of security research.Stephanie Pell sat down with Andrea Matwyshyn, professor of law and associate dean of innovation at Penn State Law School to discuss DOJ's new charging policy and some of the issues it attempts to address. They talked about some of the problems created by the CFAA's vague terms, how the new charging policy tries to protect good faith security research, and the significance of the requirement that prosecutors must now consult with the Computer Crimes and Intellectual Property section at main Justice before charging a case under the CFAA.Support this show http://supporter.acast.com/lawfare. See acast.com/privacy for privacy and opt-out information.

Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. Matias Madou joins to talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture. This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. Matias Madou joins to talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture. This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”

Today we will be talking about cybersecurity in the news, we also have the return of our “Blindspotting” segment, and some “Protect ya Neck” news.  Next, we will discuss the Department of Justice's recent announcement that it will no longer prosecutor good faith researchers for violation of the computer fraud and abuse act. Then finally, we will be handing out a cybersecurity award.    You can visit the show's website at www.nothingabout.com

Mai menü:Megjött a magyar adat: 540 millió forintba kerül, mire feláll egy cég egy vírustámadásbólRansomware banda feltöri Costa Ricát, arra kéri a lakosokat, hogy buktassák meg a kormánytNemzeti bank által sújtott ransomware troll hackerekLittleSnitch bypassApple Private Relay bypassVezetők és a jelszavaikAz amerikai igazságügyi minisztérium nem fog büntetőeljárást indítani a fehér kalapos hackerek ellen a CFAA alapjánApple M1 DMP prefetcher side channel támadásA QNAP sürgeti a felhasználókat, hogy frissítsék a NAS-eszközöket a Deadbolt Ransomware-támadások megelőzése érdekébenA gonosz soha nem alszik: kódvégrehajtás kikapcsolt Apple iPhone-on Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Conti's war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week's show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week's sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country's collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited' after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW's Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large' org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary

Last week, the Department of Justice announced it would no longer prosecute hackers doing “good faith” cybersecurity research like testing or investigating a system to help correct a security flaw or vulnerability. It’s a change in how the DOJ enforces the 1986 Computer Fraud and Abuse Act following a ruling last year by the Supreme Court in Van Buren v. United States that limited the scope of the CFAA. Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, spoke with Marketplace’s Kimberly Adams about how this is part of an ongoing policy shift for the Justice Department over the last few years. Your donation powers the journalism you rely on. Give today to support Marketplace Tech.

Last week, the Department of Justice announced it would no longer prosecute hackers doing “good faith” cybersecurity research like testing or investigating a system to help correct a security flaw or vulnerability. It’s a change in how the DOJ enforces the 1986 Computer Fraud and Abuse Act following a ruling last year by the Supreme Court in Van Buren v. United States that limited the scope of the CFAA. Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, spoke with Marketplace’s Kimberly Adams about how this is part of an ongoing policy shift for the Justice Department over the last few years. Your donation powers the journalism you rely on. Give today to support Marketplace Tech.

US Prosecutors Won't Charge White Hat Hackers Under New Policy @JeffStone500 Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com Or reach out on Twitter:    Nathan Sweaney Kevin Johnson Secure Ideas Join our Professionally Evil Slack Team: Professionally Evil Slack Team   Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!  

Scraping data from public websites is legal. That’s the upshot of a decision by the Ninth Circuit Court of Appeals earlier this week. LinkedIn had taken a case against data analytics company hiQ, arguing it was illegal for hiQ to “scrape” users’ profile data to analyze employee turnover rates under the federal Computer Fraud and Abuse Act (CFAA). Tiffany Li, a technology attorney and professor of law at the University of New Hampshire, joins our host Meghan McCarty Carino to talk about how the CFAA fits into today’s world.

Scraping data from public websites is legal. That’s the upshot of a decision by the Ninth Circuit Court of Appeals earlier this week. LinkedIn had taken a case against data analytics company hiQ, arguing it was illegal for hiQ to “scrape” users’ profile data to analyze employee turnover rates under the federal Computer Fraud and Abuse Act (CFAA). Tiffany Li, a technology attorney and professor of law at the University of New Hampshire, joins our host Meghan McCarty Carino to talk about how the CFAA fits into today’s world.

Security has truly gone mainstream. From late night television jokes to state governors not knowing how technology works, as a profession and a vocation, we have arrived. Jimmy Fallon has jokes about security on his show What are the implications of out of date security laws that define what it is to “hack” systems? Keep in mind that some were written as much as 30+ years ago! Is it security's job to know all the tools in place? Or the business to approach security to help make their tools secure? Is viewing publicly available information or information pushed to your browser actually hacking, or is it legal/OK? Creating laws that stand the test of time is hard. And subject to lots of lobbying. CISO Liability and visibility based on the prominence of the role. Does this lead to targeting to discredit? (think: false social media profiles and deepfakes) Offensive techniques and what happens when companies go offensive against attackers? Prevention as a growing tactic by security teams - especially when life is on the line in the products we make SPAM: is it food or is it email? When is the right time to bring security into your startup? Weaving it in when it is young! We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.

Hate raids, a major data hack, Twitch has been STRUGGLIN lately and I wanna dissect the legal side of things IF YOU'LL JOIN ME. SOURCES: Taylor Hatmaker, “Twitch Sues Two Users for Harassing Streamers with Hate Raids,” Tech Crunch (Sept. 13, 2021) https://techcrunch.com/2021/09/13/twitch-hate-raids-lawsuits/ (complaint is at the bottom of the article) Hate Raid Response website: https://hateraidresponse.carrd.co/  Kellen Browning, “A ‘potentially disastrous' data breach hits Twitch, the livestreaming site,” New York Times (Oct. 6, 2021) https://www.nytimes.com/2021/10/06/technology/twitch-data-breach.html  18 USC 1030 (CFAA) https://codes.findlaw.com/us/title-18-crimes-and-criminal-procedure/18-usc-sect-1030.html  RELATED VIDEOS: Creator of World of Warcraft & Call of Duty SUED For Discrimination and Harassment | Lawyer Reacts, https://youtu.be/vGqbocWX6P8 FOLLOW ME ON TWITCH: https://www.twitch.tv/leejamiller Stream Schedule: Tues/Thurs 5-8pm CST; Sat 12-3pm CST _________________ SUPPORT ME ON PATREON FOR EARLY ACCESS AND EXTRA SPECIAL CONTENT: https://www.patreon.com/leejamiller CHECK OUT MY EXTRA SPECIAL MERCH: https://leejamiller.myspreadshop.com/ FOLLOW ME Instagram: https://www.instagram.com/leejamiller/ Twitter: https://twitter.com/LeejaMiller TikTok: https://vm.tiktok.com/ZMdPrpN7c/ LEGAL SERVICES: www.lmillerlaw.com EMAIL: hello@leejamiller.com SNAIL MAIL: 40 S 7th Street Suite 212 # 136 Minneapolis, MN 55403 (don't forget the # 136!) _________________ CLOTHING is almost always from Rent the Runway: https://www.renttherunway.com/shares/vMTJOtirn0QTJuREz95LMw== (link gets you $40 off your first month!) HAIR Prose Shampoo & Conditioner: http://fbuy.me/rOTEy (link gets you $10 off!) Shimmer Lights Purple Shampoo, https://amzn.to/2U3l8LF The Renaissance Circle by Davines, https://amzn.to/3dgf8G1 Living Proof Dry Shampoo, https://amzn.to/3vXGibk Unite Leave-in Conditioner, https://amzn.to/2U5ShpI Hairdresser's Invisible Oil by Bumble and Bumble, https://amzn.to/3jiu6zc FACE Highlighter: Watts Up by Benefit, https://amzn.to/36JaeNV I absolutely swear by Murad Environment Shield Vitamin-C, http://rwrd.io/mrt81lr?c (link gets you $15 off your purchase of $50 or more!) Vanicream Face Wash, https://amzn.to/35SWmQP Cerave Night Cream, https://amzn.to/3xUBDbl Neutrogena Rapid Wrinkle Repair Retinol, https://amzn.to/3qtCXj9 MY FILMING SET UP Music is always from Epidemic Sound, https://www.epidemicsound.com/referral/7lztb1/ Sony ZV-1, https://amzn.to/3gXg4RN ULANZI WL-1 Wide Angle Lens for Sony ZV1 Camera, https://amzn.to/3xXbKaO Neewer 660 LED Lights (x2), https://amzn.to/3djjNah (I'm seriously obsessed with these lights they're so nice) Shure VP83 Mic, https://amzn.to/2U2qVkr ___________________ DISCLAIMERS: THIS IS NOT LEGAL ADVICE - Everything contained on this channel is meant solely for entertainment and informational purposes. Nothing herein should be considered legal advice nor does anything on this channel create an attorney-client relationship of any sort. Please seek guidance from a licensed attorney before making any legal decision. COPYRIGHT - Any use of copyrighted content on this channel constitutes fair use pursuant to 17 U.S. Code § 107 as it is utilized for the purpose of criticism, comment, or news reporting allowed under that statute. See, e.g., Monster Communications, Inc. v. Turner Broadcasting Sys. Inc., 935 F.Supp. 490 (S.D. N.Y., 1996); SOFA Entertainment, Inc. v. Dodger Productions, Inc., No. 2:08-cv-02616 (9th Cir. Mar. 11, 2013); Equals Three, LLC v. Jukin Media, Inc., 14-09041 (C.D. Cal. Oct. 13, 2015). AFFILIATE LINKS - This description may include affiliate links that allow me to make a small profit (at no extra cost to you!) on purchases made through them. I only include links to products I genuinely recommend.

Why the Computer Fraud and Abuse Act (CFAA) is ruining hacks for good._______________________GuestJohn JacksonOn Twitter

Key Insights:Cory Doctorow is AWESOME!It is depressing. We once, with the creation of the market economy, got interoperability right. But now the political economy blocks us from there being any obvious path to an equivalent lucky historical accident in our future.The problems in our society are not diametrically opposed: Addressing the problems of one thing doesn't necessarily create equal and opposite problems on the other side—but it does change the trade-offs, and so things become very complex and very difficult to solve. Always keep a trash bag in your car.Hexapodia!References:Books:Cory Doctorow: How to Destroy Surveillance Capitalism Cory Doctorow: Attack Surface Cory Doctorow: Walkaway Cory Doctorow: Down & Out in the Magic Kingdom Cory Doctorow: Little Brother William Flesch:Comeuppance: Costly Signaling, Altruistic Punishment, and Other Biological Components of Fiction Daniel L. Rubinfeld: A Retrospective on U.S. v. Microsoft: Why Does It Resonate Today? Louis Galambos & Peter Temin: The Fall of the Bell System: A Study in Prices & Politics Websites:Electronic Frontier Foundation: Adversarial Interop Case Studies: Privacy without Monopoly: Cory Doctorow: Craphound Cory Doctorow: Pluralistic &, of course:Vernor Vinge: A Fire Upon the Deep (Remember: You can subscribe to this… weblog-like newsletter… here: There’s a free email list. There’s a paid-subscription list with (at the moment, only a few) extras too.)Grammatized Transcript:Brad: Noah! What is the key insight? Noah: Hexapodia is the key insight! Six feet!Brad: And what is that supposed to mean? Noah: That there is some nugget of fact that, if you grasp it correctly and place it in the proper context, will transform your view of the situation and allow you to grok it completely.Brad: And in the context of Vernor Vinge’s amazing and mind-Bending science-fiction space-opera novel A Fire Upon the Deep?Noah: The importance of “hexapodia” is that those sapient bushes…Brad: …riding around on six wheeled scooters have been genetically…Noah: …programmed to be a fifth column of spies and agents for the Great Evil.Brad: However, here we seek different key insights than “hexapodia”. Today we seek them from the genius science-fiction author and social commentator Cory Doctorow. I think of him as—it was Patrick Nielsen Hayden, I think, who said around 2004: that he felt like he was living in the future of Scottish science fiction author, Ken MacLeod. And he wished Ken would just stop. At times I feel that way about Cory. But we are very happy to have him here. His latest book is How to Destroy Surveillance Capitalism IIRC, his latest fiction is Attack Surface. My favorite two books of his are Walkaway and—I think it was your first—Down & Out in the Magic Kingdom.Cory: That's right. Yes. Thank you. Thank you for that very effusive introduction. I decry all claims of genius, though.Brad: Well, we know this is a problem. When one is dealing with an author whose work one has read a lot of—by reading your books.by now I've spent forty hours of my life looking at squiggles on a page or on a screen and, through a complicated mental process, downloaded to my wetware and then run on it a program that is my image of a sub-Turing instantiation of your mind, who has then told me many very entertaining and excellent stories. So I feel like I know you very well…Cory: There’s this infamous and very funny old auto reply that Neal Stephenson used to send to people who emailed him. It basically went: “Ah, I get it. You feel like you were next to me when we were with Hero Protagonist in Alaska fighting off the right-wing militias. But while you were there with me, I wasn't there with you. And so I understand why you want to, like, sit around and talk about our old military campaigns. But I wasn't on that campaign with you.Brad: Yes. It was only my own imago, my created sub-Turing instantiation of your mind that was there…Cory: Indeed. We are getting off of interoperability, which is what I think we're mostly going to talk about. But this is my cogpsy theory of why fiction works, and where the fanfic dispute comes from. Writers have this very precious thing they say. It is: “I'm writing and I'm writing and all of a sudden the characters start telling me what they want to do.” I think that what they actually mean by that is that we all have this completely automatic process by which we try and create models of the people we encounter. Sometimes we never encounter those people. We just encounter second-hand evidence of them. Sometimes those people don't live at all. Think about the people who feel great empathy for imaginary people that cruel catfishers have invented on the internet to document their imaginary battles with cancer. They then feel deeply hurt and betrayed and confused, when this person they've come to empathize with turns out to be a figment of someone else's imagination. I think what happens when you write is that you generate this optical link between two parts of your brain that don't normally talk to each other. There are these words that you are explicitly thinking up that show up on your screen. And then those words are being processed by your eyeballs and being turned into fodder for a model in this very naive way. And then the model gets enough flesh on the bones—so it starts telling you what it wants to do. At this point you are basically breathing your own exhaust fumes here. But it really does take what is at first a somewhat embarrassing process of putting on a puppet show for yourself: “Like, everybody, let’s go on a quest!” “That sounds great!” “Here we go!” It just becomes something where you don't feel like you're explicitly telling yourself a story. Now the corollary of this is that it sort of explains the mystery of why we like stories, right? Why we have these completely involuntary, emotional responses to the imaginary experiences of people who never lived and died and have no consequence. The most tragic death in literature of Romeo and Juliet is as nothing next to the death of the yogurt I digested with breakfast this morning, because that yogurt was alive and now it's dead and Romeo and Juliet never lived, never died, nothing that happened to them happened. Yet you hear about the Romeo and Juliet…Noah: …except that a human reads about Romeo and Juliet and cares…Cory: That is where it matters, yes indeed. But the mechanism by which we care is our build this model which is then subjected to the author's torments, and then we feel empathy for the model. What that means is that the readers, when they're done, if the book hit its aesthetic marks, if it did the thing that literature does to make it aesthetically pleasing—then the reader still has a persistent model in the same way that if your granny dies, you still have a model of your granny, right? You are still there. That is why fanfic exists. The characters continue to have imagined lives. If the characters don't go on having imagined lives, then the book never landed for you. And that’s why authors get so pissy about fanfic. They too have this model that they didn't set out to explicitly create, but it's there. And it's important to their writing process. And if someone is putting data in about that modeled person that is not consistent with the author's own perception of them, that creates enormous dissonance. I think that if we understood this, we would stop arguing about fanfic.Noah: We argue about fanfic?Brad: Oh yes, there are people who do. I remember—in some sense, the most precious thing I ever read was Jo Walton saying that she believed that Ursula K. LeGuin did not understand her own dragons at all…Noah: …Yep, correct…Cory: Poppy Bright—back when Poppy Bright was using that name and had that gender identity—was kicked out of a fan group for Poppy Bright fans on LiveJournal for not understanding Poppy Bright’s literature. I think that's completely true. Ray Bradbury to his dying day insisted that Fahrenheit 451 had nothing to do with censorship but was about the dangers of television…Brad: Fanfic is an old and wonderful tradition. It goes back to Virgil, right? What is the Aeneid but Iliad fanfic?Cory: And what is Genesis but Babylonian fanfic? It goes a lot further back than that…Brad: Today, however, we are here to talk not about humans as narrative-loving animals, not about the sheer weirdness of all the things that we run on our wetware, but about “mandated interoperability”, and similar things—how we are actually going to try to get a handle on the information and attention network economy that we are building out in a more bizarre and irrational way than I would have ever thought possible.Cory: Yes. I don't know if the audience will see this, but the title that you've chosen is: “Mandated Interoperability Is Not Going to Work”. I am more interested in how we make mandated interoperability work. I don't think it's a dead letter. I think that to understand what's what's happened you have to understand that the main efficiency that large firms bring to the market is regulatory capture. In an industry with only four or five major companies, all of the executives almost by definition must have worked at one or two of the other ones. Think of Sheryl Sandberg, moving from Google to Facebook. They form an emerging consensus. Sometimes they all sit around the same a boardroom table. Remember that photo of the tech leaders around the table at the top of Trump Tower? They converge on a set of overlapping lobbying priorities. They have a lot of excess rents that they can extract to mobilize lobbying in favor of that. One of the things that these firms have done in the forty years of the tech industry is to move from a posture where they were all upstarts and were foursquare for interoperability with the existing platforms—because they understood that things like network advantages were mostly important in as much as they conferred a penalty for switching, and that if you could switch easily then the network advantage disappeared. If you could read Microsoft Office documents on a Mac, then the fact that there's a huge network effect of Microsoft Office documents out there is irrelevant. Why? Because you can just run switch ads, and say every document ever created with Microsoft Office is now a reason to own a Mac. But as they became dominant, and as their industries have become super-concentrated, they have swung against interoperability. I think that we need a couple of remedies for that. I think that we need some orderly structured remedies in the forms of standards. We need to check whether or not those standards are mandated. And we’ve seen how those standards can be subverted. And so I think we need something that stops dominant firms from subverting standards—a penalty that they pay that is market-based, that impacts their bottom line, and that doesn't rely on a slow-moving or possibly captured regulator but that, instead, can actually just emerge in real time. That is what I call “adversarial interoperability”: reverse engineering and scraping and bots. Steve Jobs paying some engineers to reverse engineer Microsoft Office file formats and make iWork suite, instead of begging Bill Gates to rescue the Mac…Brad: …But he did beg Bill Gates to rescue the Mac…Cory: He did that as well. But that wasn't the whole story. He had a carrot and a stick. He had: let's have a managed, structured market. Right. And then he had: what happens if you don't come up to my standards is that we have alternatives, because we can just reverse-engineer your stuff. Look at, for example, the way that we standardized the formatting of personal finance information. There were standards that no one adopted. Then Mint came along, and they wrote bots, and you would give the bots your login credentials for your bank, and they would go and scrape your account data and put it into a single unified interface. This was adversarial interoperability. This spurred the banks to actually come into compliance with the standard. Rather than having this guerrilla warfare, they wanted a quantifiable business process that they could understand from year to year that wouldn't throw a lot of surprises that would disrupt their other other plans.Brad: Let me back up: In the beginning, the spirit of Charles Babbage moved upon the face of the waters, and Babbage said: “Let there be electromechanical calculating devices”. And there was IBM. And IBM then bred with DARPA in the form of the Sage Air Defense, and begat generation upon generation of programmers. And from them was born FORTRAN and System 360. And FORTRAN and IBM System 360 bestrode the world like the giants of the Nephilim, and Babbage saw it, and it was good. And there was nibbling around the edges from Digital Equipment and Data General. Yea, until one day out of Silicon Valley, there emerged crystallized sand doped with germanium atoms, and everything was upset as out of CERN and there emerged the http protocol. All the companies that had been construct their own walled information gardens, and requiring you to sign up with AOL and CompuServe and Genie and four or five others in order to access databases through gopher and whatever—they found themselves overwhelmed by the interoperability tide of the internet. And for fifteen years there was interoperability and openness and http and rss, and everyone frantically trying to make their things as interoperable as possible so that they could get their share of this absolutely exploding network of human creativity and ideas. And then it all stopped. People turned on a dime. They began building their own walled gardens again. Noah: I feel like we did just get Neal Stephenson on this podcast…Brad: Sub-Turing! It's a sub-Turing instantiation of a Neal Stephenson imago!Cory: I think that your point of view or generational outlook or whatever creates a different lens than mine. I think about it like this: In 1979 we got an Apple II+. In 1980, we got a modem card for it. Right. By 1982, there were a lot of BBS’s and that was great. Even though we were in Canada, the BBS software was coming up from the American market. We had local dial-up BBS's running software that was being mailed around on floppies…Brad: Whish whish whine… Beep beep… Whish… I am trying to make modem noises…Cory: that sounded like V.42bis. And then by 1984 there were the PC clones. Everyone had a computer. This company that no one had ever heard of—Microsoft—suddenly grew very big. They created this dynamism in the industry. You could have a big old giant, like IBM. You could have two guys in a garage, like Microsoft. The one could eclipse the other. IBM couldn't even keep control of its PCs. They were being cloned left and right. And then Microsoft became the thing that had slain. It became a giant. And the DOJ intervened. Even though Microsoft won the suit ultimately—they weren't broken up…Brad: They did back off from destroying Google…Cory: What’s missing from that account is the specific mechanisms. We got modems because we got cheap, long distance. We got that because 1982 we had the ATT breakup. Leading up to the breakup shifted the microeconomics. People ATT were all: don’t do that. It's going to piss off the enforcers. We've got this breakup to deal withBrad: Yes. The enforcers, the enforcers are important. Both the Modification of Final Judgment. And ATT’s anticipatory reaction to it. Plus the periodic attempted antitrust kneecappings of IBM. They meant that when people in IBM turned around and said: “Wait a minute. When we started the PC project, John F. Akers told us we needed to find something for Mary Gates’s boy Bill to do, because he sat next to her at United Way board meetings. But this is turning into a monster. We need to squelch them.” And from the C-suite came down: “No, our antitrust position is sufficiently fraught that we can't move to squash Microsoft.”Cory: Yes. IBM spent 12 years in antitrust litigation. Hell, they called it. Antitrust as Vietnam. They essentially had been tied by the ankles to the back of DOJ’s bumper and dragged up and down a gravel road for 12 years. They were outspending the entire DOJ legal department every single year for that one case. And one of the things that DOJ really didn't like about IBM was tying software to hardware. And so when Phoenix makes the IBM ROM clone, IBM is like: Yeah, whatever. Any costs we pay because of the clone ROM are going to be lower than the costs we will incur if we get back into antitrust hell—and the same goes for Microsoft. They got scared off. What we were seeing, what it felt like, the optimism that I think we felt and of which we were aware was—it looked like we'd have protocols and not products, and we'd have a pluralistic internet, not five giant websites filled with screenshots of text from the other. But our misapprehension was not due to technological factors. It was our failing to understand that like Bork and Reagan had shivved antitrust in the guts in 1980, and it was bleeding out. So by the time Google was big enough to do to everyone else what Microsoft had not been able to do to them, there was no one there to stop Google.Noah: Cory, let me ask a question here. I'm the designated grump of the podcast. Brad is the designated history expounder. I want to know: Why do we care right right now? I've written about interoperability with regards to electric cars and other emerging technologies. What things in the software world are people hurt by not having interoperability for? What are the big harms in software to consumers or to other stakeholders from lack of interoperability?Cory: Let me frame the question before I answer it. We have market concentration in lots of different sectors for similar reasons, mergers. We should have different remedies for them. We heard about Babbage. I would talk about Turing and the universality of the computer. Interoperability represents a pro-competitive remedy to anti-competitive practices that is distinct and specific to computers. I don't know if you folks know about the middle-gauge muddle in Australia. Independent states and would-be rail barons laid their own gauge rail across the country. You can't get a piece of rolling stock from one edge of the country to the other. For 150 years they have been trying to build designs that can drop one set of wheels where the track needs it. And none of them have worked. And now their solution is to tear up rails and put down new rails. If that was a software object, we just write a compatibility layer. Where we have these durable anti-competitive effects in the physical world, that sometimes necessitate these very difficult remedies, we can actually facilitate decentralized remedies where people can seize the means of computation to create digital remedies: self-determination, the right to decide how to talk to their friends and under what circumstances, as opposed to being forced to choose between being a social person and being private…Brad: For me, at least there are lots and lots of frictions that keep me from seeing things that I would like to see, and keep me from cross-referencing things that I would like to cross-references. There are bunches of things I've seen on Twitter and Facebook in the past that, because they are inside the walled gardens. I definitely am not able to get them out quickly and easily and cheaply enough to put them into the wider ideas flow. And I feel stupider as a result. And then there are all the people who have been trapped by their own kind of cognitive functioning, so that they are now a bunch of zombies with eyeballs glued to the screen being fed terror so that they can be sold fake diabetes cures and overpriced gold funds…Noah: That’s a good angle right here. If we look at the real harms that are coming through the internet right now—I worry about Kill Zones, and of course I worry about the next cool thing getting swallowed up by predatory acquisitions. That's our legitimate worry for sure. When I look at the internet and what bad the internet is causing, I do not see the lack of alternative information sources as the biggest problem. I see the people who are the biggest problem as coming precisely from alternative information sources. This is not to say we should get rid of those sources. This is not to say we should have mass censorship and ban all the anti-vax sites. I'm not saying that. But if we look at the issues—there was a mass banning of Trump and many of the Q-Anons from the main social media websites, and yet a vast underground network of alternative right wing media has sprung up.Cory: It seems like they were able to. Let me redirect from the harms that Brad raised. I think those are perfectly good harms. But I want to go to some broader harms. In the purely digital online world, we had some people we advised at EFF who were part of a medical cancer previvor group—people who have a gene that indicates a very high likelihood of cancer, women. They had been aggressively courted by Facebook at a time when they were trying to grow up their medical communities. And one of the members of this group who wasn't a security researcher or anything was just noodling around on Facebook, and found that you could enumerate the membership of every group on Facebook, including hers. She reported that to Facebook. That's obviously a really significant potential harm to people in the medical communities. She reported it to Facebook. Facebook characterized her report as a feature request and won't fix it. She made more of a stink. They said: fine, we're going to do a partial fix because it would have interfered with their ad-tech stack to do a full fix. So you have to be a member of a group to enumerate the group. This was still insufficient. But they had this big problem with inertia—with the collective action problem of getting everyone who's now on Facebook to leave Facebook and go somewhere else. They were all holding each other mutually hostage. Now you could imagine that they could have set up a Diaspora instance, and they could have either had a mandated- or standards-defined interface that allowed those people to talk to their friends on Facebook. And they could have a little footer at the bottom of each message: today 22% of the traffic in this group originated on our diaspora, once that tips to 60% were all leaving, and quitting Facebook. They might do this with a bot, without Facebook's cooperation, in the absence of Facebook's legal right to prevent those bots. Facebook has weaponized the computer fraud and abuse act and other laws to prevent people from making these bots to allow them to inter-operate with Facebook—even though, when Facebook started, the way that it dealt with its issues with MySpace was creating MySpace spots, where you could input your login and password, and it would get your waiting MySpace messages and put them in your Facebook inbox and let you reply to them. Facebook has since sued Power Ventures for doing the same thing. They’re engaged in legal activity against other bot producers that are doing beneficial pro-user things. That's one harm. Another harm that I think is really important here is repair. Independent repairs are about 5% of US GDP. The lack of access to repair is of particular harm to people who are already harmed the most: it raises the cost of being poor. The ability to control repair is a source of windfall profits. Tim Cook advised his investors in 2019, the year after he killed twenty right-to-repair bills at these state level, that the biggest threat to Apple's profits was that people were fixing their devices instead of throwing them away. It’s an environmental problem, and so on. The biggest problem with right-to-repair is not that the companies don't provide their data or the diagnostic codes or encrypt diagnostic codes. The problem is that you face felony prosecution under the CFAA and DMCA, as well as ancillary stuff like non-compete and non-disclosure, and so on through federal trade secrecy law, if you create tools to repairs without the cooperation of the vendors. This is a real harm that arises out of the rules that have been exploited to block interoperability.Brad: This goes deep, right? This affects not just tech but the world, or, rather, because tech has eaten the world, hard-right unsympathetic state representatives from rural Missouri are incredibly exercised about right-to-repair, and the fact that John Deere does not have enough internal capacity to repair all the tractors that need to be repaired in the three weeks before the most critical-need part of the year.Cory: This is an important fracture line. There are people who have a purely instrumental view: me my constituents need tractor repair, so I will do whatever it takes to get them tractor repair. In California we got a terrible compromise on this brokered with John Deere—it was basically a conduct remedy instead of a structural change. Right. Something I questioned a lot about Klobuchar’s antitrust story is that she keeps saying: I believe that we need to jettison the 40-year consumer-welfare standard and return to a more muscular antitrust that is predicated on social harms that include other stakeholders besides consumers paying higher prices, and I have a bipartisan consensus on this because Josh Hawley agrees with me, but Josh Hawley does not agree with her. Josh Hawley just wants to get Alex Jones back on Twitter, right. And that's like, it begins and ends there.She might be able to get the inertia going where Josh Hawley is put in the bind where he either has to brief for a more broad antitrust cause of action that includes social harms, or he has to abandon Alex Jones to not being on Twitter. And maybe he'll take Alex Jones if that's the price. But I do think that that's a huge fracture line, that there are honest brokers who don't care about the underlying principle and the long run effects of bad policy. And there are people who just want to fix something for a political point or immediate benefit.Brad: Fixing it to the extent that fixing something scores a political point—that does mean actually doing good things for your constituents, who include not just Alex Jones, but the guys in rural Missouri who want their John Deere tractors repaired cheaply.Cory: This is how I feel about de platforming. I was angry about deplatforming for 10 years, when it was pipeline activists and sex workers and drag queens who were being forced to use their real name, and trans people were forced to use their dead names, and political dissidents in countries where they could be rounded up and tortured and murdered if they adhere to Facebook’s real names policy, and all of that stuff. First they came for the drag queens, and I said nothing because I wasn't a drag queen. Then they came for the far right conspiratorialists. But they're fair-weather friends. It's like the split between open source and free software where, you know, the benefits of technological self-determination were subsumed into the instrumental benefits of having access to the source so you could improve it. What we have is free software for the tech monopolists,  for they can see the source and modify the source of everything on their backend. And we have open source for the rest of us. We can inspect the source, we can improve their software for them, but we don't get to choose how their backends run. And since everything loops through their backends, we no longer have software freedom. That's the risk if you decouple instrumental from ethical propositions. You can end up with a purely instrumental fix that leaves the ethical things that worry you untouched, and in fact in a declining spiral.Noah: I want to argue. I don’t think we don't get enough argument on this podcast. I want to inject a little here. A turning point for my generation in terms of our use of the internet was Gamergate. That happened in 2014. Gamergate largely morphed after that into the the Trump movement and the alt-right. Gamergate destroyed what I knew as online nerd culture. It was an extinction-level event for the idea that nerd culture existed apart from the rest of society. It was a terrible thing. Maybe nerd culture couldn't have lasted, but a giant subculture that I enjoyed and partially defined myself by as a young person was gone. And not only that, not only me—I’m centering myself and making all about me here, but a lot of people got harassed. Some good friends of mine got harassed. It was really terrible as an event in and of itself, irrespective of the long-term effects. Even Moot, a big, huge defender of anonymity and free speech, eventually banned Gamergate topics from 4chan. That was the moment when I realized that the idea of free speech as free speech guarded by individual forums or platforms separately from the government—that that idea was dead. When Moot banned banned Gamergate from 4chan, I said: okay, we're in a different era. That was the Edward R Murrow moment. That was the moment we started going back toward Dan Rather and Edward R Murrow and the big three television companies in the 1950s—when Moot banned Gamergate. Maybe this just has to happen. Maybe bad actors are able to always co-opt a fragmented internet. There’s no amount of individual Nazi punching that can get the Nazis out. If you have people whose speech is entirely focused on destroying other people's right to speak, as Gamergate was, then then free speech means nothing because no one feels free to speak. I wonder whether fragmentation of platforms makes it harder to police things like Gamergate and thus causes Nazis to fractally permeate each little space on the internet and every little pool of the internet. Wherever we have one big pool, we have economies of scale in guarding that pool. Brad: That is: what you are saying is that an information world of just four monopolistic, highly oligopolistic, walled gardens is bad, but an internet in which you cannot build any wall around your garden is bad as well. Then what we really need is a hundred walled gardens blooming, perhaps. But I want to hear what Cory has to say about this and interoperability.Cory: I found that so interesting. I had to get out some, no paper and take notes. First of all, I would trace back before the Gamergate issue. Before it was the Sad Puppies, the disruption of the Hugo awards by far-right authors was before Gamergate. It was the same ringleaders. Gamergate was the second act of sad puppies. So I'm there with you. I was raised by Trotskyists. I want to say that, listening to you describe how you feel about nerd culture after you discovered that half of your colleagues and friends were violent misogynists—it sounds a lot like how Trotskyists talk about Stalinists, right. You have just recounted the the internet nerd version of Homage to Catalonia. Orwell goes to Spain to fight the fascist and a Stalinist shoots him through the throat.We in outsider or insurgent or subcultural movements often have within our conception of a group people who share some characteristics and diverge on others. We paper over those divergences until they fracture. Think about the punk Nazi-punk split.  This anti-authoritarian movement is united around a common aesthetic and music and a shared cultural identity. And there's this political authoritarian anti-authoritarian things sitting in the middle. And they just don't talk about it until they start talking about it—Dead Kennedys record: Nazi punks f-—- off. And here we are, still in the midst of that reckoning. That's where Stormfront comes from and all the rest of it. This is not distinct to the internet. It is probably unrealistic, it's definitely unrealistic for there to be a regime in which conduct that is lawful can find no home. Not that not that it won't happen in your home, but that it won't happen in anyone's home. The normative remedy where we just make some conduct that is lawful so far beyond the pale that everyone ceases to engage in it—that has never really existed. Right. You can see that with conduct that we might welcome today, as you know, socially fine and conduct that we dislike—whether that's, you know, polyamory. You go back to the future house, where Judy Merrill and, and Fred Pohl and C.M. Kornbluth lived in the thirties, and they had this big, weird polyamorous household of leftist science fiction writers write at a time when it was unmentionably weird to do it. And today it's pretty mainstream—at least in some parts of California. In the absence of an actual law against it, it's probably going to happen. The first question is: is our response to people who have odious ideas that we want there to be nowhere where they can talk about it? If that's the case, we'll probably have to make a law against them. Noah: Right. But hold on. Is it ideas, or is it actions? If you harass someone you're not expressing an idea, you're stopping them from expressing theirs. Cory: Absolutely. So, so the issue is: that there are Nazis talking to other Nazis is okay. It's just that when Nazis talked to other Nazis and figured out how to go harass someone. Let me give you an example of someone I know who is in the midst of one of these harassment campaigns. Now there's a brilliant writer, a librettist, novelist, and comics author named Cecile Castellucci. She also used to be like a pioneering Riot Girl and toured with Sloan. So she's just this great polymath person. And because she's a woman who writes comics, men on the internet hate her. And there's a small and dedicated cadre of these men who figured out a way to mess with women on Twitter. They send you a DM that is really violent and disgusting. They wait until they see the read receipt, and then they delete it. Twitter, to its credit, will not accept screenshotted DMs as evidence of harassment, because it would be very easy for those same men to forge DMs from their targets and get those people kicked off Twitter. Then what they do is they revictimize their targets by making public timeline mentions that comport with Twitter's rules unless you've seen the private message. And they make references to the private message that trigger the emotions from the private message over and over again. It is a really effective harassment technique. The women they use it against are stuck on Twitter, because their professional lives require them to be on Twitter, right. Their careers would end to some important degree if they weren't part of this conversation on Twitter. Now, imagine if you had Gotham Clock Tower, Barbara Gordon's secret home, which was a Mastodon instance that was federated with Twitter, either through a standard or through a mandate or through adversarial interoperability. There could be a dozen women there who could agree that among themselves that they're willing to treat screenshotted DMs as evidence of harassment, so that they could block and silence and erase the all presence of these horrible men. We'd still want Twitter to do something about them, but if some of those men slipped through Twitter’s defenses as they will, not just because they can't catch everyone when they're at the scale, but because the range of normal activities at scale is so broad: a hundred million people have a hundred and one million use cases every day. Then those people are that, that those people could still be on Twitter, but not subject to the harassment of Twitter. It's a way for them. Maybe, in the way that we talk about states being democracy's laboratories, maybe these satellite communities could pioneer moderation techniques that range beyond takedowns or account terminations or warning labels. There are so many different ways we could deal with this. You could render some comments automatically in Comic Sans. They could try them and see if they work. And they could be adopted back into main Twitter. That's what self-determination gets you: it gets you the right to set the rules of your discourse, and it gets you the right to decide who you trust to be within the group of people who make those rules.Brad: So if we had the real interoperable world, we would have lots that would screen things according to someone's preferences. And you could sign up to have that bot included in your particular bot list to pre-process and filter, so that you don't have to wade through the garbage.Cory: Sure. And there might be some conduct that we consider so far beyond the pale that we actually criminalize it. Then we can take the platforms where that conduct routinely takes place and things like reforms to 230 would cease to be nearly so important. We would be saying that if you are abetting unlawful conduct, when we see a remedy for preventing this unlawful conduct, and you refusing to implement that remedy, we might defenestrate you. We might do something worse. Think of how the phone network works.It is standardized. There are these standard interchanges. There's lots of ways it can be abused. Every now and and then, from some Caribbean Island, we get a call that fakes a number from a Caribbean Island, and if you call it back, you're billed at $20 a minute for a long distance to have someone go: no, it was a wrong number. When that happens, the telco either cleans up its act or all the other telcos break their connection to it. There's certain conduct that's unlawful on the phone network, not unlawful because it cheats the phone company—not toll fraud—but unlawful because it's bad for the rest of the world, like calling bomb threats in. Either the customer gets terminated or the operator is disciplined by law. All of those things can work without having to be in this in this regime where you have paternalistic control, where you vest all of your hope in a God-King who faces no penalty if he makes a bad call. They say: we’ll defend your privacy when the FBI wants to break the iPhone. But when they threaten to shut down our manufacturing, we'll let them spy on you even as they're opening up concentration camps and putting a million people in them.Brad: Was that the real serpent in all of these walled gardens? Was the advertising-supported model the thing that turns your eyeballs into the commodity to be enserfed. If we had the heaven of micropayments, would we manage to avoid all of this?Cory: We've had advertising for a long time. The toxicity of advertising is pretty new. Mostly what's toxic about advertising is surveillance, and not because I think the surveillance allows them to do feats of mind control. I think everyone who's ever claimed to have mind control turned out to be lying to themselves or everyone else. Certainly there is not a lot of evidence for it. You have these Facebook large-scale experiments: 60 million people subjected to a nonconsensual, psychological intervention to see if they can be convinced to vote. And you get 0.38% effect size. Facebook should be disqualified from running a lemonade stand if we catch them performing nonconsensual experiments on 60 million people. But, at the same time, 0.38% effect sizes are not mind control. They do engage in a lot of surveillance. It’s super-harmful because it leaks, because it allows them to do digital redlining, because it allows them to reliably target fascists with messages that if they were uttered in public, where everyone could see them, might cause the advertiser to be in bad odor. They can take these dog whistles and they can whisper them to the people who won’t spread them around. Those are real harms. You have to ask yourself: why don't we have a privacy law that prohibits the nonconsensual gathering of data and imposes meaningful penalties on people who breach data? I was working in the EU. GDPR was passed. The commissioners I spoke to there said: no one has ever lobbied me as hard as I've been lobbied now. Right now we have more concentration in ad tech than in any other industry, I think, except for maybe eyeglasses, glass bottles, and professional wrestling.Brad: Are we then reduced to: “Help us, Tim Cook! You are our only hope!”?Cory: I think that that's wrong, because Tim Cook doesn't want to give you self-determination. Tim wants you to be subject to his determinations. Among those determinations are some good ones. He doesn't want Facebook to own your eyeballs. You go, Tim. But he also wants you to drop your iPhone in a shredder every 18 months, rather than getting it fixed.Brad: Although I must say, looking at the M1 chip, I'm very tempted to take my laptop and throw it in the shredder today to force me to buy a new one.Noah: It's interesting how iPhone conquered. And yet very few people still use Macs. Steve Jobs’s dream was never actualized.Cory: Firms that are highly concentrated distort policy outcomes, and ad tech is highly concentrated. And we have some obviously distorted policy outcomes. We don't have a federal privacy law with a private right of action. There are no meaningful penalties for breaches. We understand that breaches have compounding effects. A breach that doesn't contain any data that is harmful to the user can be merged with another breach and together they can be harmful—and that's cumulative. And data has a long half-life. Just this week, Ed Felton's old lab published a paper on how old phone numbers can be used to defeat two-factor authentication. You go through a breach, find all the phone numbers that are associated with the two-factor authentication. Then you can go to Verizon and ask: which of these phone numbers is available? Which of these people has changed their phone number? Then you can request that phone number on a new signup—and then you can break into their bank account and steal all their money. Old breaches are cumulative. Yet we still have this actual-damages regime for breaches instead of statutory damages that take account of the downstream effects and these unquantifiable risks that are imposed on the general public through the nonconsensual collection and retention of data under conditions that inevitably lead to breaches.Brad: Okay. Well, I'm very down. So are we ready to end? I think we should end on this downer note.Noah: My favorite Cory Doctorow books also end on a downer note.Brad: Yes. Basically that the political economy does not allow us to move out of this particular fresh semi-hell in which we're embedded. But you had something to say?Cory: Everybody hates monopolies now. So we'll just team up with the people angry about professional wrestling monopolies and eyeglass monopolies and beer monopolies, and we'll form a Prairie Fire United Front of people who will break the monopoly because we're all on the same side—even though we're fighting our different corners of it—the same way that ecology took people who cared about owls and put them on the side of people who care about ozone layers, even though charismatic, nocturnal birds are not the gaseous composition of the upper atmosphere.Brad: Hey, if you have the charismatic megafauna on your side, you’re golden.Noah: How did the original Prairie Fire work out? Let's let's wrap it up there. This is really great episode. Cory, you're awesome. Thanks so much for coming on and feel free to come back in time. Cory: I’d love to. I've just turned in a book about money laundering and cryptocurrency—a noir cyberthreat thriller. Maybe when that comes out, I can come on and we can talk about that. That feels like it's up your guys' alley.Brad: That would be great. Okay. So, as we end this: Noah, what is the key insight?Noah: Hexapodia is the key insight. And what are the other key insights that we got from this day?Brad: DeLong: I'm just depressed. I had a riff about how we got interoperability right with the creation of the market economy and the end of feudalism—and how that was a very lucky historical accident. But I don't see possibilities for an equivalent lucky historical accident in our future.Noah: I have a key insight. It is a little vague, but hopefully it will be good fodder for future episodes. The problems in our society are not diametrically opposed. We have to find optimal interior-solution trade-offs between things that have a non-zero dot product. Sometimes solving the problem with one thing doesn't necessarily create exactly equal and opposite problems on the other side. Instead, it changes the trade-offs that you face with regard to other problems. These things become very complex. You have things like the antitrust problem and things like the Nazi problem. In your society addressing one doesn't necessarily worsen the other. More action against Nazis doesn't necessarily mean less action in antitrust. It's simply means you have to think about antitrust in a slightly different way, and vice versa. That does make these institutional problems very difficult to solve.Brad: Cory, do you wish to add a key insight,Cory: A key insight is: always keep a trash bag in your car.Brad: This has been Brad DeLong and Noah Smith's podcast this week with the amazing Cory Doctorow. Thank you all very much for listening. Get full access to Brad DeLong's Grasping Reality at braddelong.substack.com/subscribe

When we received the invitation to be part of the event co-hosted by Hacking Is Not A Crime & the Red Team Village, we wanted to do our part by sharing the stories of the non-profit groups involved, and presenting them to our magazine, podcast, and radio audience.It is an honor and a privilege to introduce to all of you some our old and new friends that are making a big difference for how the world perceives the role of the hacker in our modern society—what we lately call The Cyber Society.It doesn't matter how big or small these groups are; the heart and passion are what matter the most. We guarantee that each one of them is playing a huge role in ensuring we have safer computers, devices of all sorts, Internet, industries, grids, and overall a safer connected society—the one in which to live.Here's everyone we had a chance to chat with:Chloé Messdaghi, Hacking is not a CrimeKurt Opsahl, Electronic Frontier Foundation (EFF)Casey Ellis, disclose.ioJack Cable, Stanford Internet ObservatoryBeau Woods,  I Am The CavalryWe hope you enjoy this group of organizations presented in this podcast. Be sure to listen to the other podcast as it brings additional organizations that care about the world's safety and that of the hacker community. Based on which group inspires you, be sure to join one or more of these outstanding organizations to learn, contribute, and give back.Our plan is to keep telling stories that share the collective knowledge of our community.Knowledge is power. Now more than ever!Guests On This EpisodeChloé Messdaghi, Co-Founder & Executive Director, Hacking is not a Crime | (@ChloeMessdaghi on Twitter)Beau Woods,  Co-Founder and Cyber Safety Advocate at I Am The Cavalry | Senior Advisor, Cybersecurity and Infrastructure Security Agency (CISA) (@beauwoods on Twitter)Kurt Opsahl, Deputy Executive Director and General Counsel at Electronic Frontier Foundation (EFF) (@kurtopsahl on Twitter)This Episode's SponsorsDevo: https://itspm.ag/itspdvwebBugcrowd: https://itspm.ag/itspbgcwebResources For The Non-Profit Organizations Represented In Both EpisodesHacking Is Not A Crime: https://www.hackingisnotacrime.org/ (@hacknotcrime on Twitter)Electronic Frontier Foundation (EFF): https://www.eff.org/ (@EFF on Twitter)Disclose.io: https://disclose.io/ (@disclose_io on Twitter)I Am The Cavalry: https://groups.google.com/g/iamthecavalry (@iamthecavalry on Twitter)Stanford Internet Observatory: https://cyber.fsi.stanford.edu/io (@stanfordio on Twitter)Red Team Village: https://redteamvillage.org/ (@RedTeamVillage_ on Twitter)HackerCon: https://redteamvillage.io/hackerconTo see and hear more The Academy content on ITSPmagazine, visit:https://www.itspmagazine.com/the-academyCatch Both EpisodesPart 1: https://itsprad.io/the-academy-480Part 2: https://itsprad.io/the-academy-481Are you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships