POPULARITY
Global Cyber Alliance's President and CEO Phil Reitinger and Chief Business Officer Komal Bozaz-Smith discuss with Justin Sherman critical cybersecurity issues facing core internet infrastructure, including the role of small, often under-appreciated, and frequently underfunded nonprofits in keeping the internet secure and functioning. They talk about their organization's Common Good Cyber project (video here) to address gaps, detail how better data could help inform internet security efforts, and talk about how the current landscape is shifting internet security into the future.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
In this episode of the Power Vertical Podcast, Justin Sherman joins host Brian Whitmore to unpack the complex ecosystem behind Russia's offensive cyber operations. From government agencies like the GRU and SVR to loosely affiliated cybercriminals and patriotic hackers, Sherman explores how these entities operate—often independently, yet in alignment with state interests.
Justin Sherman, the founder of Global Cyber Strategies advisory firm and nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative, joins Defense & Aerospace Report Editor Vago Muradian to discuss why it's important to ban TikTok, the supply chain questions raised by the Chinese social media app; what makes similar apps problematic from a security standpoint and what needs to happen to address known vulnerabilities; whether the sale of the US side of TikTok solves the problem; some cyber priorities for the incoming administration; why curtailing cyber regulation will undermine collective security at a time when adversaries are stepping up their cyber game and penetrating critical US and allied communications and other networks; how to counter Russian and Chinese operations to disrupt critical undersea infrastructure; and ways to increase the production of cyber talent.
In this episode, Erik sits down with Justin Sherman, one of MLB's Youth Ambassadors for the Play Ball Initiative and president of JustinTime Baseball. Justin shares his passion for teaching young children the fundamentals of baseball through his innovative coaching programs. From overcoming his own speech challenges to building a successful baseball instruction enterprise that serves over 3,000 kids across 13 little leagues, Justin reveals how empathy and understanding are key to connecting with young players. The conversation explores the importance of proper youth coaching, working with parent coaches, and features stories about collaboration with baseball legends like Doc Gooden and Paul O'Neill. Along the way, Justin shares his vision for expanding JustinTime Baseball's methodology nationwide to help develop the next generation of baseball players and fans.
As part of Lawfare's Security by Design Project, Eugenia Lostri, Lawfare's Fellow in Technology Policy and Law, and Justin Sherman, CEO of Global Cyber Strategies, published a new paper, “Security by Design in Practice: Assessing Concepts, Definitions and Approaches.” Lawfare Senior Editor Stephanie Pell talked with Eugenia and Justin about the paper's exploration of the meaning of security by design, scalability solutions and processes for implementing security by design principles across an organization, and the need to engender a corporate culture that values security.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
Justin Sherman, the founder of Global Cyber Strategies advisory firm and nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative, discusses the new report he authored — “Russia's Digital Tech Isolationism: Domestic Innovation, Digital Fragmentation, and the Kremlin's Push to Replace Western Digital Technology” — how Moscow uses its digital technology for global advantage, impact of sanctions that have driven a rise in domestic capability and greater partnership and reliance on China, the global market for Russian and Chinese digital technologies among nations that want to operate outside US and Western sanctions, how to counter Russian dis and misinformation, and outlook for social media regulation in Washington with Defense & Aerospace Report Editor Vago Muradian.
Last year saw a record number of healthcare hacks with more than 700 separate incidents. And with a subsidiary of United Healthcare forking over a $22 billion ransom this year, the problem isn't going away. With so much sensitive personal information on file, why aren't hospitals and their ilk better prepared? Guest: Dina Carlisle, president of the local nurses union, OPEIU 40 in Michigan. Justin Sherman, CEO of Global Cyber Strategies. Want more What Next TBD? Subscribe to Slate Plus to access ad-free listening to the whole What Next family and all your favorite Slate podcasts. Subscribe today on Apple Podcasts by clicking “Try Free” at the top of our show page. Sign up now at slate.com/whatnextplus to get access wherever you listen. Learn more about your ad choices. Visit megaphone.fm/adchoices
Last year saw a record number of healthcare hacks with more than 700 separate incidents. And with a subsidiary of United Healthcare forking over a $22 billion ransom this year, the problem isn't going away. With so much sensitive personal information on file, why aren't hospitals and their ilk better prepared? Guest: Dina Carlisle, president of the local nurses union, OPEIU 40 in Michigan. Justin Sherman, CEO of Global Cyber Strategies. Want more What Next TBD? Subscribe to Slate Plus to access ad-free listening to the whole What Next family and all your favorite Slate podcasts. Subscribe today on Apple Podcasts by clicking “Try Free” at the top of our show page. Sign up now at slate.com/whatnextplus to get access wherever you listen. Learn more about your ad choices. Visit megaphone.fm/adchoices
Last year saw a record number of healthcare hacks with more than 700 separate incidents. And with a subsidiary of United Healthcare forking over a $22 billion ransom this year, the problem isn't going away. With so much sensitive personal information on file, why aren't hospitals and their ilk better prepared? Guest: Dina Carlisle, president of the local nurses union, OPEIU 40 in Michigan. Justin Sherman, CEO of Global Cyber Strategies. Want more What Next TBD? Subscribe to Slate Plus to access ad-free listening to the whole What Next family and all your favorite Slate podcasts. Subscribe today on Apple Podcasts by clicking “Try Free” at the top of our show page. Sign up now at slate.com/whatnextplus to get access wherever you listen. Learn more about your ad choices. Visit megaphone.fm/adchoices
Last year saw a record number of healthcare hacks with more than 700 separate incidents. And with a subsidiary of United Healthcare forking over a $22 billion ransom this year, the problem isn't going away. With so much sensitive personal information on file, why aren't hospitals and their ilk better prepared? Guest: Dina Carlisle, president of the local nurses union, OPEIU 40 in Michigan. Justin Sherman, CEO of Global Cyber Strategies. Want more What Next TBD? Subscribe to Slate Plus to access ad-free listening to the whole What Next family and all your favorite Slate podcasts. Subscribe today on Apple Podcasts by clicking “Try Free” at the top of our show page. Sign up now at slate.com/whatnextplus to get access wherever you listen. Learn more about your ad choices. Visit megaphone.fm/adchoices
If Then | News on technology, Silicon Valley, politics, and tech policy
Last year saw a record number of healthcare hacks with more than 700 separate incidents. And with a subsidiary of United Healthcare forking over a $22 billion ransom this year, the problem isn't going away. With so much sensitive personal information on file, why aren't hospitals and their ilk better prepared? Guest: Dina Carlisle, president of the local nurses union, OPEIU 40 in Michigan. Justin Sherman, CEO of Global Cyber Strategies. Want more What Next TBD? Subscribe to Slate Plus to access ad-free listening to the whole What Next family and all your favorite Slate podcasts. Subscribe today on Apple Podcasts by clicking “Try Free” at the top of our show page. Sign up now at slate.com/whatnextplus to get access wherever you listen. Learn more about your ad choices. Visit megaphone.fm/adchoices
On March 20, the House of Representatives passed the Protecting Americans' Data From Foreign Adversaries Act. The House bill was passed by the Senate on April 23 as part of the larger foreign aid package, which President Biden signed into law on April 24. Lawfare Senior Editor Stephanie Pell sat down with Justin Sherman, Senior Fellow at Duke University's Sanford School of Public Policy, to talk about the benefits and limits of the new legislation, now law. They talked about the path that led to the bill's passage in both the House and Senate, similarities and differences between this new legislation and a recent Executive Order focusing on the preventing the sale of American's bulk sensitive personal data, and some ways the new law could be improved. To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
Last week President Joe Biden signed into law a measure that would force the Chinese firm ByteDance to divest its ownership of TikTok, or risk the app being banned in the US. The measure also included restrictions on the sale of personal data to foreign entities. What are the implications of these moves for US and global tech policy going forward? What will the inevitable legal challenges look like?To learn more, Justin Hendrix spoke with Anupam Chander, law professor at Georgetown and a visiting scholar at the Institute for Rebooting Social Media at Harvard University; Rose Jackson, the director of the Democracy and Tech Initiative at the Atlantic Council; and Justin Sherman, CEO of global cyber strategies and adjunct professor at Duke University.
Justin Sherman is the founder of Justintime Baseball, an independent baseball training, softball training, and coaching business located in Westchester, NY. They partner with little leagues, recreation programs, private groups, and individuals throughout Westchester and Connecticut. They believe in building and developing fundamental skills in baseball and softball, while also instilling a sense of confidence and independence through individualized instruction.
It's a Bonus Episode with Smoked BBQ Source's, Joe Clements, JustinTime Baseball's, Justin Sherman, and International Baseball Promoter, Dmitry Sagalchik Joe Clements is the founder and editor in chief of https://www.smokedbbqsource.com/ which is one of the largest barbecue and grilling websites. Arranging this was worth the effort as Joe joined us from his home in Australia which was 16 hours ahead of us. Joe's Smoked BBQ Source website is filled with barbecue recipes and techniques, smoker and grill reviews, and much more. Joe may live in Australia, but his heart is anywhere great BBQ is served and Joe has become quite knowledgeable about American BBQ. Justin Sherman and Dmitry Sagalchik make a great team as they join us to talk youth baseball and international baseball. Justin is the founder of JustinTime Baseball, www.justintimebaseball.com, an independent baseball/softball training and coaching business. Dmitry is extremely knowledgeable about international baseball and was instrumental in bringing Ukraine's national baseball team to the United States in 2022. Together they know something about helping baseball to grow by working with the youth and promoting the game internationally. We conclude the show with the song, Baseball Always Brings You Home from the musician, Dave Dresser and the poet, Shel Krakofsky. We recommend you go to Baseball BBQ, https://baseballbbq.com for special grilling tools and accessories, Magnechef https://magnechef.com/ for excellent and unique barbecue gloves, Cutting Edge Firewood High Quality Kiln Dried Firewood - Cutting Edge Firewood in Atlanta for high quality firewood and cooking wood, Mantis BBQ, https://mantisbbq.com/ to purchase their outstanding sauces with a portion of the proceeds being donated to the Kidney Project, and for exceptional sauces, Elda's Kitchen https://eldaskitchen.com/ We truly appreciate our listeners and hope that all of you are staying safe. If you would like to contact the show, we would love to hear from you. Call the show: (516) 855-8214 Email: baseballandbbq@gmail.com Twitter: @baseballandbbq Instagram: baseballandbarbecue YouTube: baseball and bbq Website: https//baseballandbbq.weebly.com Facebook: baseball and bbq
The White House issued an executive order recently that takes on data brokers who might try to sell sensitive personal information on Americans to foreign adversaries like China and Russia. A recent study by Duke University's Sanford School of Public Policy demonstrated how intelligence agencies might buy personal information on American soldiers, or diplomats, or politicians, and perhaps use it for blackmail or strategic advantage. Justin Sherman, an adjunct professor at Duke, led the study, and he is today's guest.
On Feb. 13, Senator Ron Wyden released a letter documenting an investigation his office has been conducting into the activities of Near Intelligence Inc., a data broker that allegedly enabled an anti-abortion organization to target anti-abortion messaging and ads to people visiting 600 Planned Parenthood clinics across the United States. Lawfare Senior Editor Stephanie Pell sat down with Justin Sherman, CEO of Global Cyber Strategies and a Senior Fellow at Duke University's Sanford School of Public Policy, to discuss this investigation. They talked about the various players in the data broker ecosystem that enable these invasive practices, the lack of federal legislation governing and preventing these activities, and what actions the FTC might be able to take against Near Intelligence Inc. Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
This week, Justin Sherman of JustInTime Baseball and MLB Playball joined me on the podcast.We talked about the MLB Playball initiative, how to keep kids into baseball, growing your business, and so much more!Follow Us On Instagram: https://www.instagram.com/northernbaseballtraining/Follow Justin: https://www.instagram.com/justintimebaseball/Follow MLB Playball: https://www.instagram.com/playball/
Last week, the Federal Trade Commission (FTC) reached a settlement with location data broker X-Mode Social. X-Mode collects over 10 billion location data points from all over the world every day, and sells it to clients in a range of industries, like advertisers, consulting firms, and private government contractors. The FTC argued that the data broker was conducting unfair business practices, including selling people's sensitive location data.To discuss the FTC settlement and its implications, Lawfare's Fellow in Technology Policy and Law Eugenia Lostri sat down with Justin Sherman, Founder and CEO of Global Cyber Strategies and a Senior Fellow at Duke University's Sanford School of Public Policy. They talked about the FTC's groundbreaking decision to list sensitive locations about which X-Mode cannot sell data, the likelihood that we will see further FTC action against data brokers, and the persistent need for comprehensive privacy legislation to better address harms.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
Returning from winter break, this episode of the Cyberlaw Podcast covers a lot of ground. The story I think we'll hear the most about in 2024 is the remarkable exploit used to compromise several generations of Apple iPhone. The question I think we'll be asking for the next year is simple: How could an attack like this be introduced without Apple's knowledge and support? We don't get to this question until near the end of the episode, and I don't claim great expertise in exploit design, but it's very hard to see how such an elaborate compromise could be slipped past Apple's security team. The second question is which government created the exploit. It might be a scandal if it were done by the U.S. But it would be far more of a scandal if done by any other nation. Jeffery Atik and I lead off the episode by covering recent AI legal developments that simply underscore the obvious: AI engines can't get patents as “inventors.” But it's quite possible that they'll make a whole lot of technology “obvious” and thus unpatentable. Paul Stephan joins us to note that National Institute of Standards and Technology (NIST) has come up with some good questions about standards for AI safety. Jeffery notes that U.S. lawmakers have finally woken up to the EU's misuse of tech regulation to protect the continent's failing tech sector. Even the continent's tech sector seems unhappy with the EU's AI Act, which was rushed to market in order to beat the competition and is therefore flawed and likely to yield unintended and disastrous consequences. A problem that inspires this week's Cybertoonz. Paul covers a lawsuit blaming AI for the wrongful denial of medical insurance claims. As he points out, insurers have been able to wrongfully deny claims for decades without needing AI. Justin Sherman and I dig deep into a NYTimes article claiming to have found a privacy problem in AI. We conclude that AI may have a privacy problem, but extracting a few email addresses from ChatGPT doesn't prove the case. Finally, Jeffery notes an SEC “sweep” examining the industry's AI use. Paul explains the competition law issues raised by app stores – and the peculiar outcome of litigation against Apple and Google. Apple skated in a case tried before a judge, but Google lost before a jury and entered into an expensive settlement with other app makers. Yet it's hard to say that Google's handling of its app store monopoly is more egregiously anticompetitive than Apple's. We do our own research in real time in addressing an FTC complaint against Rite Aid for using facial recognition to identify repeat shoplifters. The FTC has clearly learned Paul's dictum, “The best time to kick someone is when they're down.” And its complaint shows a lack of care consistent with that posture. I criticize the FTC for claiming without citation that Rite Aid ignored racial bias in its facial recognition software. Justin and I dig into the bias data; in my view, if FTC documents could be reviewed for unfair and deceptive marketing, this one would lead to sanctions. The FTC fares a little better in our review of its effort to toughen the internet rules on child privacy, though Paul isn't on board with the whole package. We move from government regulation of Silicon Valley to Silicon Valley regulation of government. Apple has decided that it will now require a judicial order to give government's access to customers' “push notifications.” And, giving the back of its hand to crime victims, Google decides to make geofence warrants impossible by blinding itself to the necessary location data. Finally, Apple decides to regulate India's hacking of opposition politicians and runs into a Bharatiya Janata Party (BJP) buzzsaw. Paul and Jeffery decode the EU's decision to open a DSA content moderation investigation into X. We also dig into the welcome failure of an X effort to block California's content moderation law. Justin takes us through the latest developments in Cold War 2.0. China is hacking our ports and utilities with intent to disrupt (as opposed to spy on) them. The U.S. is discovering that derisking our semiconductor supply chain is going to take hard, grinding work. Justin looks at a recent report presenting actual evidence on the question of TikTok's standards for boosting content of interest to the Chinese government. And in quick takes, I celebrate the end of the Reign of Mickey Mouse in copyright law Paul explains why Madison Square Garden is still able to ban lawyers who have sued the Garden I note the new short-term FISA 702 extension Paul predicts that the Supreme Court will soon decide whether police can require suspects to provide police with phone passcodes And Paul and I quickly debate Daphne Keller's amicus brief for Frances Fukuyama in the Supreme Court's content moderation cases Download 486th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Returning from winter break, this episode of the Cyberlaw Podcast covers a lot of ground. The story I think we'll hear the most about in 2024 is the remarkable exploit used to compromise several generations of Apple iPhone. The question I think we'll be asking for the next year is simple: How could an attack like this be introduced without Apple's knowledge and support? We don't get to this question until near the end of the episode, and I don't claim great expertise in exploit design, but it's very hard to see how such an elaborate compromise could be slipped past Apple's security team. The second question is which government created the exploit. It might be a scandal if it were done by the U.S. But it would be far more of a scandal if done by any other nation. Jeffery Atik and I lead off the episode by covering recent AI legal developments that simply underscore the obvious: AI engines can't get patents as “inventors.” But it's quite possible that they'll make a whole lot of technology “obvious” and thus unpatentable. Paul Stephan joins us to note that National Institute of Standards and Technology (NIST) has come up with some good questions about standards for AI safety. Jeffery notes that U.S. lawmakers have finally woken up to the EU's misuse of tech regulation to protect the continent's failing tech sector. Even the continent's tech sector seems unhappy with the EU's AI Act, which was rushed to market in order to beat the competition and is therefore flawed and likely to yield unintended and disastrous consequences. A problem that inspires this week's Cybertoonz. Paul covers a lawsuit blaming AI for the wrongful denial of medical insurance claims. As he points out, insurers have been able to wrongfully deny claims for decades without needing AI. Justin Sherman and I dig deep into a NYTimes article claiming to have found a privacy problem in AI. We conclude that AI may have a privacy problem, but extracting a few email addresses from ChatGPT doesn't prove the case. Finally, Jeffery notes an SEC “sweep” examining the industry's AI use. Paul explains the competition law issues raised by app stores – and the peculiar outcome of litigation against Apple and Google. Apple skated in a case tried before a judge, but Google lost before a jury and entered into an expensive settlement with other app makers. Yet it's hard to say that Google's handling of its app store monopoly is more egregiously anticompetitive than Apple's. We do our own research in real time in addressing an FTC complaint against Rite Aid for using facial recognition to identify repeat shoplifters. The FTC has clearly learned Paul's dictum, “The best time to kick someone is when they're down.” And its complaint shows a lack of care consistent with that posture. I criticize the FTC for claiming without citation that Rite Aid ignored racial bias in its facial recognition software. Justin and I dig into the bias data; in my view, if FTC documents could be reviewed for unfair and deceptive marketing, this one would lead to sanctions. The FTC fares a little better in our review of its effort to toughen the internet rules on child privacy, though Paul isn't on board with the whole package. We move from government regulation of Silicon Valley to Silicon Valley regulation of government. Apple has decided that it will now require a judicial order to give government's access to customers' “push notifications.” And, giving the back of its hand to crime victims, Google decides to make geofence warrants impossible by blinding itself to the necessary location data. Finally, Apple decides to regulate India's hacking of opposition politicians and runs into a Bharatiya Janata Party (BJP) buzzsaw. Paul and Jeffery decode the EU's decision to open a DSA content moderation investigation into X. We also dig into the welcome failure of an X effort to block California's content moderation law. Justin takes us through the latest developments in Cold War 2.0. China is hacking our ports and utilities with intent to disrupt (as opposed to spy on) them. The U.S. is discovering that derisking our semiconductor supply chain is going to take hard, grinding work. Justin looks at a recent report presenting actual evidence on the question of TikTok's standards for boosting content of interest to the Chinese government. And in quick takes, I celebrate the end of the Reign of Mickey Mouse in copyright law Paul explains why Madison Square Garden is still able to ban lawyers who have sued the Garden I note the new short-term FISA 702 extension Paul predicts that the Supreme Court will soon decide whether police can require suspects to provide police with phone passcodes And Paul and I quickly debate Daphne Keller's amicus brief for Frances Fukuyama in the Supreme Court's content moderation cases Download 486th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Originally hailing from Omaha, Nebraska, Justin Sherman is an LA-based stand-up comedian and filmmaker who gets on the road a bunch. Me and Justin's relationship goes back probably as long as I've been in LA. He is a loose, silly guy and just a 10/10 hang. We tell a million great stories about the last however many years we've known each other and then some. And as an added bonus, convinces me to pull out the guitar. If a bonus is what you want to call it! This episode was about a year in the making, and I'm glad that we were finally able to make it happen. It's a silly one! Follow Justin on Instagram http://www.instagram.com/shermancomedy Follow me while you're at it http://www.instagram.com/ianirarousso http://www.threads.net/@ianirarousso http://www.tiktok.com/@ianirarousso http://www.twitter.com/ianirarousso See me perform stand-up comedy live! http://www.ianirarousso.com My debut comedy album SORRY AGAIN out now where you steam your stuff. #TheIanIraRoussoShow #TIIRS #Comedy #StandupComedy #ComedyPodcast
On November 6, researchers at Duke University's Sanford School of Public Policy issued a report on “Data Brokers and the Sale of Data on U.S. Military Personnel” that illuminates the national security risks arising from the sale of these data. Lawfare Senior Editor Stephanie Pell sat down with the three of the report's authors: Justin Sherman, a Senior Fellow at the Sanford School of Public Policy who leads its data brokerage research project; Hayley Barton, a Master of Public Policy and Master of Business Administration student at Duke University and a former research assistant on Duke's data brokerage research project; and Brady Allen Kruse, a Master of Public Policy student at Duke University and a research assistant on Duke's data brokerage research project.They talked about the kinds of data that data brokers collect and sell about U.S. military personnel, the national security risks created by these practices, and the gaps in the law that enable this activity. They also discussed policy recommendations for the U.S. federal government to address the risks associated with data brokerage and the sale of data on former and active-duty U.S. military personnel.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
The data about ourselves is willingly submitted to organizations every time we make a purchase, open an account, or simply move around, online and in-person. Where does it go? Who owns it? What do they do with it? Steve Prentice talks with Justin Sherman, who thinks we should be more proactive about understanding the roles data brokers play in our lives and our futures.
In the debate about data privacy and harms, one issue has not received adequate attention by the press or in policy conversations relative to the severity and volume of harm: the link between publicly available information and stalking and gendered violence. To discuss how “people search” data brokers use public information and contribute to stalking and abuse, Lawfare's Fellow in Technology Policy and Law, Eugenia Lostri, sat down with Justin Sherman who recently wrote a Lawfare article on the topic. Justin is the Founder and CEO of Global Cyber Strategies and a Senior Fellow at Duke University's Sanford School of Public Policy. They talked about the publicly available information carve-outs, the systemic nature of the problem, and how policymakers should step in.Content Warning: This episode contains discussions of gendered violence and stalking. Listener discretion is advised.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
Remember when President Donald Trump tried to ban TikTok? He called attention to the risk that American users’ data could fall into the hands of Chinese authorities who have ties to the app’s owners. A judge blocked the ban, but even if he hadn’t, experts say so much of our personal information is available to buy from run-of-the-mill data brokers. That includes information on Americans serving in the military, which can have big consequences for national security. Marketplace's Lily Jamali spoke to Justin Sherman, senior fellow at Duke University's Sanford School of Public Policy, about a new study he led in which his team tried buying just that kind of data.
Remember when President Donald Trump tried to ban TikTok? He called attention to the risk that American users’ data could fall into the hands of Chinese authorities who have ties to the app’s owners. A judge blocked the ban, but even if he hadn’t, experts say so much of our personal information is available to buy from run-of-the-mill data brokers. That includes information on Americans serving in the military, which can have big consequences for national security. Marketplace's Lily Jamali spoke to Justin Sherman, senior fellow at Duke University's Sanford School of Public Policy, about a new study he led in which his team tried buying just that kind of data.
This week, Reema sits down with Justin Sherman, CEO of Global Cyber Strategies, to talk all things data brokers. They cover the ad-tech ecosystem, the past, current, and future of federal and state-level regulation on data brokers, and what the data brokerage industry means for civil liberties. They then dig deep into recent FTC action, including the implications of FTC v. Kochava, the California DELETE Act, and what might be coming down the pipeline in data broker regulation - including the CFPB's latest action on data brokers. Justin's consulting firm, Global Cyber Strategies, is a Washington, DC-based research and advisory firm. Justin is also a senior fellow at Duke University's Sanford School of Public Policy, where he leads its data brokerage research project and lectures on cybersecurity, privacy, and technology policy. In addition, he is a nonresident fellow at the Atlantic Council. He's also a contributing editor at Lawfare, an op-ed columnist at Slate Magazine, and a fellow at Stanford Starling Lab. Justin also serves as an advisor to the Christchurch Call to Eliminate Terrorist and Violent Extremist Content Online, a community of more than 120 governments, online service providers, and civil society organizations working to eliminate violent extremist content on the internet. Additionally, he is the technology advisor to the Surveillance Technology Oversight Project (S.T.O.P.). Resources mentioned in the episode: 2013 U.S. Committee on Commerce, Science, and Transportation Report - A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes 2014 Federal Trade Commission Report -Data Brokers: A Call for Transparency and Accountability 2023 Washington Post investigation into the outing of a closeted priest using phone location data originating from, among others, Grindr Justin's 2022 Lawfare article on a data broker who helped run anti-abortion ads to women in clinic waiting rooms 2022 Open Secrets report on data brokers who make millions selling data to political groups Follow Justin on LinkedIn or Twitter! Check out the Foundry on Instagram, Twitter, or LinkedIn and subscribe to our newsletter! If you'd like to support the show, donate to the Foundry here or reach out to us at foundrypodcasts@ilpfoundry.us. Thanks for listening, and stay tuned for our next episode! DISCLAIMER: Reema engages with the Foundry voluntarily and in her personal capacity. The views and opinions expressed on air do not reflect on the organizations Reema is affiliated with.
Geopolitics has always played a role in prosecuting hackers. But it's getting a lot more complicated, as Kurt Sanger reports. Responding to a U.S. request, a Russian cybersecurity executive has been arrested in Kazakhstan, accused of having hacked Dropbox and Linkedin more than ten years ago. The executive, Nikita Kislitsin, has been hammered by geopolitics in that time. The firm he joined after the alleged hacking, Group IB, has seen its CEO arrested by Russia for treason—probably for getting too close to U.S. investigators. Group IB sold off all its Russian assets and moved to Singapore, while Kislitsin stayed behind, but showed up in Kazakhstan recently, perhaps as a result of the Ukraine war. Now both Russia and the U.S. have dueling extradition requests before the Kazakh authorities; Paul Stephan points out that Kazakhstan's tenuous independence from Russia will be tested by the tug of war. In more hacker geopolitics, Kurt and Justin Sherman examine the hacking of a Russian satellite communication system that served military and civilian users. It's reminiscent of the Viasat hack that complicated Ukrainian communications, and a bunch of unrelated commercial services, when Russia invaded. Kurt explores the law of war issues raised by an attack with multiple impacts. Justin and I consider the claim that the Wagner group carried it out as part of their aborted protest march on Moscow. We end up thinking that this makes more sense as the Ukrainians serving up revenge for Viasat at a time when it might complicate Russian's response to the Wagner group. But when it's hacking and geopolitics, who really knows? Paul outlines the legal theory—and antitrust nostalgia—behind the FTC's planned lawsuit targeting Amazon's exploitation of its sales platform. We also ask whether the FTC will file the case in court or before the FTC's own administrative law judge. The latter may smooth the lawsuit's early steps, but it will also bring to the fore arguments that Lina Khan should recuse herself because she's already expressed a view on the issues to be raised by the lawsuit. I'm not Chairman Khan's biggest fan, but I don't see why her policy views should lead to recusal; they are, after all, why she was appointed in the first place. Justin and I cover the latest Chinese law raising the risk of doing business in that country by adopting a vague and sweeping view of espionage. Paul and I try to straighten out the EU's apparently endless series of laws governing data, from General Data Protection Regulation (GDPR) and the AI Act to the Data Act (not to be confused with the Data Governance Act). This week, Paul summarizes the Data Act, which sets the terms for access and control over nonpersonal data. It's based on a plausible idea—that government can unleash the value of data by clarifying and making fair the rules for who can use data in new businesses. Of course, the EU is unable to resist imposing its own views of fairness, thus upsetting existing commercial arrangements without really providing any certainty about what will replace them. The outcome is likely to reduce, not improve, the certainty that new data businesses want. Speaking of which, that's the critique of the AI Act now being offered by dozens of European business executives, whose open letter slams the way the AI Act kludged the regulation of generative AI into a framework where it didn't really fit. They accuse the European Parliament of “wanting to anchor the regulation of generative AI in law and proceeding with a rigid compliance logic [that] is as bureaucratic … as it is ineffective in fulfilling its purpose.” And you thought I was the EU-basher. Justin recaps an Indian court's rejection of Twitter's lawsuit challenging the Indian government's orders to block users who've earned the government's ire. Kurt covers a matching story about whether Facebook should suspend Hun Sen's Facebook account for threatening users with violence. I take us to Nigeria and question why social media thinks governments can be punished for threatening violence. Finally, in two updates, I note that Google has joined Facebook in calling Canada's bluff by refusing to link to Canadian news media in order to avoid the Canadian link tax. And I do a victory lap for the Cyberlaw Podcast's Amber Alert feature. One week after we nominated the Commerce Department's IT supply chain security program for an Amber Alert, the Department answered the call by posting the supply chain czar position in USAJOBS. Download 466th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Geopolitics has always played a role in prosecuting hackers. But it's getting a lot more complicated, as Kurt Sanger reports. Responding to a U.S. request, a Russian cybersecurity executive has been arrested in Kazakhstan, accused of having hacked Dropbox and Linkedin more than ten years ago. The executive, Nikita Kislitsin, has been hammered by geopolitics in that time. The firm he joined after the alleged hacking, Group IB, has seen its CEO arrested by Russia for treason—probably for getting too close to U.S. investigators. Group IB sold off all its Russian assets and moved to Singapore, while Kislitsin stayed behind, but showed up in Kazakhstan recently, perhaps as a result of the Ukraine war. Now both Russia and the U.S. have dueling extradition requests before the Kazakh authorities; Paul Stephan points out that Kazakhstan's tenuous independence from Russia will be tested by the tug of war. In more hacker geopolitics, Kurt and Justin Sherman examine the hacking of a Russian satellite communication system that served military and civilian users. It's reminiscent of the Viasat hack that complicated Ukrainian communications, and a bunch of unrelated commercial services, when Russia invaded. Kurt explores the law of war issues raised by an attack with multiple impacts. Justin and I consider the claim that the Wagner group carried it out as part of their aborted protest march on Moscow. We end up thinking that this makes more sense as the Ukrainians serving up revenge for Viasat at a time when it might complicate Russian's response to the Wagner group. But when it's hacking and geopolitics, who really knows? Paul outlines the legal theory—and antitrust nostalgia—behind the FTC's planned lawsuit targeting Amazon's exploitation of its sales platform. We also ask whether the FTC will file the case in court or before the FTC's own administrative law judge. The latter may smooth the lawsuit's early steps, but it will also bring to the fore arguments that Lina Khan should recuse herself because she's already expressed a view on the issues to be raised by the lawsuit. I'm not Chairman Khan's biggest fan, but I don't see why her policy views should lead to recusal; they are, after all, why she was appointed in the first place. Justin and I cover the latest Chinese law raising the risk of doing business in that country by adopting a vague and sweeping view of espionage. Paul and I try to straighten out the EU's apparently endless series of laws governing data, from General Data Protection Regulation (GDPR) and the AI Act to the Data Act (not to be confused with the Data Governance Act). This week, Paul summarizes the Data Act, which sets the terms for access and control over nonpersonal data. It's based on a plausible idea—that government can unleash the value of data by clarifying and making fair the rules for who can use data in new businesses. Of course, the EU is unable to resist imposing its own views of fairness, thus upsetting existing commercial arrangements without really providing any certainty about what will replace them. The outcome is likely to reduce, not improve, the certainty that new data businesses want. Speaking of which, that's the critique of the AI Act now being offered by dozens of European business executives, whose open letter slams the way the AI Act kludged the regulation of generative AI into a framework where it didn't really fit. They accuse the European Parliament of “wanting to anchor the regulation of generative AI in law and proceeding with a rigid compliance logic [that] is as bureaucratic … as it is ineffective in fulfilling its purpose.” And you thought I was the EU-basher. Justin recaps an Indian court's rejection of Twitter's lawsuit challenging the Indian government's orders to block users who've earned the government's ire. Kurt covers a matching story about whether Facebook should suspend Hun Sen's Facebook account for threatening users with violence. I take us to Nigeria and question why social media thinks governments can be punished for threatening violence. Finally, in two updates, I note that Google has joined Facebook in calling Canada's bluff by refusing to link to Canadian news media in order to avoid the Canadian link tax. And I do a victory lap for the Cyberlaw Podcast's Amber Alert feature. One week after we nominated the Commerce Department's IT supply chain security program for an Amber Alert, the Department answered the call by posting the supply chain czar position in USAJOBS. Download 466th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
This episode was originally published on Mar. 28, 2023. Digital tools like virtual therapy and meditation apps have made mental health care more accessible. But they've made data about the people using them more accessible too. That's what Joanne Kim found while conducting research as an undergraduate student at Duke University. The final report was published in February. During her study, Kim identified 11 data broker firms willing and able to sell highly sensitive mental health data to her. Marketplace's Meghan McCarty Carino spoke with Justin Sherman, a senior fellow at Duke's Sanford School of Public Policy who helped oversee the study, about how this data ends up on the market.
This episode was originally published on Mar. 28, 2023. Digital tools like virtual therapy and meditation apps have made mental health care more accessible. But they've made data about the people using them more accessible too. That's what Joanne Kim found while conducting research as an undergraduate student at Duke University. The final report was published in February. During her study, Kim identified 11 data broker firms willing and able to sell highly sensitive mental health data to her. Marketplace's Meghan McCarty Carino spoke with Justin Sherman, a senior fellow at Duke's Sanford School of Public Policy who helped oversee the study, about how this data ends up on the market.
On this week's Technology Report, Sam Caucci, the founder and CEO of 1Huddle — an innovative workforce performance and training platform — discusses new contracts with the Air Force and Navy special operations commands, how training that is mentally challenging improves retention and learning outcomes, and the changing nature of work in the wake of the covid pandemic; and Justin Sherman, the founder of the DC research and advisory firm Global Cyber Strategies, discusses Russia's hacking conference, the evolution of the Russian cyber ecosystem after global sanctions in response to Moscow's war on Ukraine, Montana's move to ban TikTok and the company's countersuit, the right approach to regulating foreign-owned social media, and the flaws in the House bill that aims to limit China's ability to develop undersea cables with Defense & Aerospace Report Editor Vago Muradian.
The data broker industry and its role in the digital economy is under scrutiny from Congress. Lawfare Senior Editor Stephanie Pell sat down with Justin Sherman, the Founder and CEO of Global Cyber Strategies and a Senior Fellow at Duke University's Sanford School of Public Policy, to discuss the data broker ecosystem and the recent article he published in Lawfare about two bills from a previous congress that seek to give consumers more control over the information that data brokers collect and sell about them. They talked about some of the scams and other harms caused by data brokers, the regulatory approaches taken by each bill, and whether federal legislation regulating data brokers will get passed.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
We open this episode of the Cyberlaw Podcast with some actual news about the debate over renewing section 702 of FISA. That's the law that allows the government to target foreigners for a national security purpose and to intercept their communications in and out of the U.S. A lot of attention has been focused on what happens to those communications after they've been intercepted and stored, and particularly whether the FBI should get a second court authorization—maybe even a warrant based on probable cause—to search for records about an American. Michael J. Ellis reports that the Office of the Director of National Intelligence has released new data on such FBI searches. Turns out, they've dropped from almost 3 million last year to nearly 120 thousand this year. In large part the drop reflects the tougher restrictions imposed by the FBI on such searches. Those restrictions were also made public this week. It has also emerged that the government is using section 702 millions of times a year to identify the victims of cyberattacks (makes sense: foreign hackers are often a national security concern, and their whole business model is to use U.S. infrastructure to communicate [in a very special way] with U.S. networks.) So it turns out that all those civil libertarians who want to make it hard for the government to search 702 for the names of Americans are proposing ways to slow down and complicate the process of warning hacking victims. Thanks a bunch, folks! Justin Sherman covers China's push to attack and even take over enemy (U.S.) satellites. This story is apparently drawn from the Discord leaks, and it has the ring of truth. I opine that the Defense Department has gotten a little too comfortable waging war against people who don't really have an army, and that the Ukraine conflict shows how much tougher things get when there's an organized military on the other side. (Again, credit for our artwork goes to Bing Image Creator.) Adam Candeub flags the next Supreme Court case to nibble away at the problem of social media and the law. We can look forward to an argument next year about the constitutionality of public officials blocking people who post mean comments on the officials' Facebook pages. Justin and I break down a story about whether Twitter is complying with more government demands under Elon Musk. The short answer is yes. This leads me to ask why we expect social media companies to spend large sums fighting government takedown and surveillance requests when it's much cheaper just to comply. So far, the answer has been that mainstream media and Good People Everywhere will criticize companies that don't fight. But with criticism of Elon Musk's Twitter already turned up to 11, that's not likely to persuade him. Adam and I are impressed by Citizen Labs' report on search censorship in China. We'd both kind of like to see Citizen Lab do the same thing for U.S. censorship, which somehow gets less transparency. If you suspect that's because there's more censorship than U.S. companies want to admit, here's a straw in the wind: Citizen Lab reports that the one American company still providing search services in China, Microsoft Bing, is actually more aggressive about stifling political speech than China's main search engine, Baidu. This fits with my discovery that Bing's Image Creator refused to construct an image using Taiwan's flag. (It was OK using U.S. and German flags, but not China's.) I also credit Microsoft for fixing that particular bit of overreach: You can now create images with both Taiwanese and Chinese flags. Adam covers the EU's enthusiasm for regulating other countries' companies. It has designated 19 tech giants as subject to its online content rules. Of the 19, one is a European company, and two are Chinese (counting TikTok). The rest are American companies. I cover a case that I think could be a big problem for the Biden administration as it ramps up its campaign for cybersecurity regulation. Iowa and a couple of other states are suing to block the Environmental Protection Agency's legally questionable effort to impose cybersecurity requirements on public water systems, using an “interpretation” of a law that doesn't say much about cybersecurity into a law that never had it before. Michael Ellis and I cover the story detailing a former NSA director's business ties to Saudi Arabia—and expand it to confess our unease at the number of generals and admirals moving from command of U.S. forces to a consulting gig with the countries they were just negotiating with. Recent restrictions on the revolving door for intelligence officers gets a mention. Adam covers the Quebec decision awarding $500 thousand to a man who couldn't get Google to consistently delete a false story portraying him as a pedophile and conman. Justin and I debate whether Meta's Reels feature has what it takes to be a plausible TikTok competitor? Justin is skeptical. I'm a little less so. Meta's claims about the success of Reels aren't entirely persuasive, but perhaps it's too early to tell. The D.C. Circuit has killed off the state antitrust case trying to undo Meta's long-ago acquisition of WhatsApp and Instagram. The states waited too long, the court held. That doctrine doesn't apply the same way to the Federal Trade Commission (FTC), which will get to pursue a lonely battle against long odds for years. If the FTC is going to keep sending its lawyers into battle like conscripts in Bakhmut, I ask, when will the commission start recruiting in Russian prisons? That was fast. Adam tells us that the Brazil court order banning on Telegram because it wouldn't turn over information on neo-Nazi groups has been overturned on appeal. But Telegram isn't out of the woods. The appeal court left in place fines of $200 thousand a day for noncompliance. And in another regulatory walkback, Italy's privacy watchdog is letting ChatGPT back into the country. I suspect the Italian government of cutting a deal to save face as it abandons its initial position on ChatGPT's scraping of public data to train the model. Finally, in policies I wish they would walk back, four U.S. regulatory agencies claimed (plausibly) that they had authority to bring bias claims against companies using AI in a discriminatory fashion. Since I don't see any way to bring those claims without arguing that any deviation from proportional representation constitutes discrimination, this feels like a surreptitious introduction of quotas into several new parts of the economy, just as the Supreme Court seems poised to cast doubt on such quotas in higher education. Download 455th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
We open this episode of the Cyberlaw Podcast with some actual news about the debate over renewing section 702 of FISA. That's the law that allows the government to target foreigners for a national security purpose and to intercept their communications in and out of the U.S. A lot of attention has been focused on what happens to those communications after they've been intercepted and stored, and particularly whether the FBI should get a second court authorization—maybe even a warrant based on probable cause—to search for records about an American. Michael J. Ellis reports that the Office of the Director of National Intelligence has released new data on such FBI searches. Turns out, they've dropped from almost 3 million last year to nearly 120 thousand this year. In large part the drop reflects the tougher restrictions imposed by the FBI on such searches. Those restrictions were also made public this week. It has also emerged that the government is using section 702 millions of times a year to identify the victims of cyberattacks (makes sense: foreign hackers are often a national security concern, and their whole business model is to use U.S. infrastructure to communicate [in a very special way] with U.S. networks.) So it turns out that all those civil libertarians who want to make it hard for the government to search 702 for the names of Americans are proposing ways to slow down and complicate the process of warning hacking victims. Thanks a bunch, folks! Justin Sherman covers China's push to attack and even take over enemy (U.S.) satellites. This story is apparently drawn from the Discord leaks, and it has the ring of truth. I opine that the Defense Department has gotten a little too comfortable waging war against people who don't really have an army, and that the Ukraine conflict shows how much tougher things get when there's an organized military on the other side. (Again, credit for our artwork goes to Bing Image Creator.) Adam Candeub flags the next Supreme Court case to nibble away at the problem of social media and the law. We can look forward to an argument next year about the constitutionality of public officials blocking people who post mean comments on the officials' Facebook pages. Justin and I break down a story about whether Twitter is complying with more government demands under Elon Musk. The short answer is yes. This leads me to ask why we expect social media companies to spend large sums fighting government takedown and surveillance requests when it's much cheaper just to comply. So far, the answer has been that mainstream media and Good People Everywhere will criticize companies that don't fight. But with criticism of Elon Musk's Twitter already turned up to 11, that's not likely to persuade him. Adam and I are impressed by Citizen Labs' report on search censorship in China. We'd both kind of like to see Citizen Lab do the same thing for U.S. censorship, which somehow gets less transparency. If you suspect that's because there's more censorship than U.S. companies want to admit, here's a straw in the wind: Citizen Lab reports that the one American company still providing search services in China, Microsoft Bing, is actually more aggressive about stifling political speech than China's main search engine, Baidu. This fits with my discovery that Bing's Image Creator refused to construct an image using Taiwan's flag. (It was OK using U.S. and German flags, but not China's.) I also credit Microsoft for fixing that particular bit of overreach: You can now create images with both Taiwanese and Chinese flags. Adam covers the EU's enthusiasm for regulating other countries' companies. It has designated 19 tech giants as subject to its online content rules. Of the 19, one is a European company, and two are Chinese (counting TikTok). The rest are American companies. I cover a case that I think could be a big problem for the Biden administration as it ramps up its campaign for cybersecurity regulation. Iowa and a couple of other states are suing to block the Environmental Protection Agency's legally questionable effort to impose cybersecurity requirements on public water systems, using an “interpretation” of a law that doesn't say much about cybersecurity into a law that never had it before. Michael Ellis and I cover the story detailing a former NSA director's business ties to Saudi Arabia—and expand it to confess our unease at the number of generals and admirals moving from command of U.S. forces to a consulting gig with the countries they were just negotiating with. Recent restrictions on the revolving door for intelligence officers gets a mention. Adam covers the Quebec decision awarding $500 thousand to a man who couldn't get Google to consistently delete a false story portraying him as a pedophile and conman. Justin and I debate whether Meta's Reels feature has what it takes to be a plausible TikTok competitor? Justin is skeptical. I'm a little less so. Meta's claims about the success of Reels aren't entirely persuasive, but perhaps it's too early to tell. The D.C. Circuit has killed off the state antitrust case trying to undo Meta's long-ago acquisition of WhatsApp and Instagram. The states waited too long, the court held. That doctrine doesn't apply the same way to the Federal Trade Commission (FTC), which will get to pursue a lonely battle against long odds for years. If the FTC is going to keep sending its lawyers into battle like conscripts in Bakhmut, I ask, when will the commission start recruiting in Russian prisons? That was fast. Adam tells us that the Brazil court order banning on Telegram because it wouldn't turn over information on neo-Nazi groups has been overturned on appeal. But Telegram isn't out of the woods. The appeal court left in place fines of $200 thousand a day for noncompliance. And in another regulatory walkback, Italy's privacy watchdog is letting ChatGPT back into the country. I suspect the Italian government of cutting a deal to save face as it abandons its initial position on ChatGPT's scraping of public data to train the model. Finally, in policies I wish they would walk back, four U.S. regulatory agencies claimed (plausibly) that they had authority to bring bias claims against companies using AI in a discriminatory fashion. Since I don't see any way to bring those claims without arguing that any deviation from proportional representation constitutes discrimination, this feels like a surreptitious introduction of quotas into several new parts of the economy, just as the Supreme Court seems poised to cast doubt on such quotas in higher education. Download 455th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
Digital tools like virtual therapy and meditation apps have made mental health care more accessible. But they’ve made data about the people using them more accessible too. That’s what Joanne Kim found while conducting research as an undergraduate student at Duke University. Kim identified 11 data broker firms willing and able to sell highly sensitive mental health data to her. Marketplace’s Meghan McCarty Carino spoke with Justin Sherman, a senior fellow at Duke’s Sanford School of Public Policy who helped oversee the study, about how this data ends up on the market.
Digital tools like virtual therapy and meditation apps have made mental health care more accessible. But they’ve made data about the people using them more accessible too. That’s what Joanne Kim found while conducting research as an undergraduate student at Duke University. Kim identified 11 data broker firms willing and able to sell highly sensitive mental health data to her. Marketplace’s Meghan McCarty Carino spoke with Justin Sherman, a senior fellow at Duke’s Sanford School of Public Policy who helped oversee the study, about how this data ends up on the market.
On this week's Cyber Report, sponsored by Fortress Information Security, Justin Sherman, the founder of the Global Cyber Strategies consultancy who is also a senior fellow at the Atlantic Council's Cyber Statecraft Initiative and a Wired Magazine contributor, discusses what to expect from the House Energy and Commerce Committee hearing tomorrow on TikTok, the revelation of TikTok owner ByteDance's ownership structure, whether to ban foreign social media platforms and if not how best to regulate them, the new Hill & Valley Forum coalition of lawmakers and Silicon Valley firms, Sino-Russian cyber cooperation as Beijing and Moscow warm ties, and what to expect from Chinese and Russian cyber activities as Beijing ratchets up tensions over Taiwan and Moscow seeks to bolster domestic production by stealing foreign intellectual property to compensate for Western sanctions in the wake of Russia's invasion of Ukraine with Defense & Aerospace Report Editor Vago Muradian.
Thousands of mental health apps are available on your phone or computer, offering services like virtual therapy sessions, mood trackers and meditation guides. They can be helpful and affordable tools, but what happens with users' personal information? Justin Sherman, senior fellow at Duke University's Sanford School of Public Policy, joins William Brangham to discuss. PBS NewsHour is supported by - https://www.pbs.org/newshour/about/funders
Russia's use of information warfare during the 2016 U.S. presidential election period focused attention on Russia's weaponization of information in its effort to influence a U.S. election outcome and sow discord across the American public. But to the extent that we only view Russian information warfare as an aggressive or expansionist expression of Moscow's foreign policy, we may misunderstand some key tenants of Russian information warfare doctrine. To gain a better understanding of the history and dynamics of Russian information warfare, Lawfare senior editor Stephanie Pell sat down with Gavin Wilde, senior fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace, and Justin Sherman, nonresident fellow at the Atlantic Council's Cyber Statecraft Initiative. They discussed their new paper, "No Water's Edge: Russia's Information War and Regime Security,” and they talked about Russian information doctrine under Vladimir Putin, the differences between how the concept of information security is understood in Russia versus the West, and some key takeaways of their research for analysts and policymakers.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
We kick off a jam-packed episode of the Cyberlaw Podcast by flagging the news that ransomware revenue fell substantially in 2022. There is lots of room for error in that Chainalysis finding, Nick Weaver notes, but the effect is large. Among the reasons to think it might also be real is resistance to paying ransoms on the part of companies and their insurers, who are especially concerned about liability for payments to sanctioned ransomware gangs. I also note that a fascinating additional insight from Jon DiMaggio, who infiltrated the Lockbit ransomware gang. He says that Entrust was hit by Lockbit, which threatened to release its internal files, and that the company responded with days of Distributed Denial of Service (DDoS) attacks on Lockbit's infrastructure – and never did pay up. That would be a heartening display of courage. It would also be a felony, at least according to the conventional wisdom that condemns hacking back. So I cannot help thinking there is more to the story. Like, maybe Canadian Security Intelligence Service is joining Australian Signals Directorate in releasing the hounds on ransomware gangs. I look forward to more stories on this undercovered disclosure. Gus Hurwitz offers two explanations for the Federal Aviation Administration system outage, which grounded planes across the country. There's the official version and the conspiracy theory, as with everything else these days. Nick breaks down the latest cryptocurrency failure; this time it's Genesis. Nick's not a fan of this prepackaged bankruptcy. And Gus and I puzzle over the Federal Trade Commission's determination to write regulations to outlaw most non-compete clauses. Justin Sherman, a first-timer on the podcast, covers recent research showing that alleged Russian social media interference had no meaningful effect on the 2016 election. That spurs an outburst from me about the cynical scam that was the “Russia, Russia, Russia” narrative—a kind of 2016 election denial for which the press and the left have never apologized. Nick explains the looming impact of Twitter's interest payment obligation. We're going to learn a lot more about Elon Musk's business plans from how he deals with that crisis than from anything he's tweeted in recent months. It does not get more cyberlawyerly than a case the Supreme Court will be taking up this term—Gonzalez v. Google. This case will put Section 230 squarely on the Court's docket, and the amicus briefs can be measured by the shovelful. The issue is whether YouTube's recommendation of terrorist videos can ever lead to liability—or whether any judgment is barred by Section 230. Gus and I are on different sides of that question, but we agree that this is going to be a hot case, a divided Court, and a big deal. And, just to show that our foray into cyberlaw was no fluke, Gus and I also predict that the United States Court of Appeals for the District of Columbia Circuit is going to strike down the Allow States and Victims to Fight Online Sex Trafficking Act, also known as FOSTA-SESTA—the legislative exception to Section 230 that civil society loves to hate. Its prohibition on promotion of prostitution may fall to first amendment fears on the court, but the practical impact of the law may remain. Next, Justin gives us a quick primer on the national security reasons for regulation of submarine cables. Nick covers the leak of the terror watchlist thanks to an commuter airline's sloppy security. Justin explains TikTok's latest charm offensive in Washington. Finally, I provide an update on the UK's online safety bill, which just keeps getting tougher, from criminal penalties, to “ten percent of revenue” fines, to mandating age checks that may fail technically or drive away users, or both. And I review the latest theatrical offering from Madison Square Garden—“The Revenge of the Lawyers.” You may root for the snake or for the scorpions, but you will not want to miss it.
We kick off a jam-packed episode of the Cyberlaw Podcast by flagging the news that ransomware revenue fell substantially in 2022. There is lots of room for error in that Chainalysis finding, Nick Weaver notes, but the effect is large. Among the reasons to think it might also be real is resistance to paying ransoms on the part of companies and their insurers, who are especially concerned about liability for payments to sanctioned ransomware gangs. I also note that a fascinating additional insight from Jon DiMaggio, who infiltrated the Lockbit ransomware gang. He says that Entrust was hit by Lockbit, which threatened to release its internal files, and that the company responded with days of Distributed Denial of Service (DDoS) attacks on Lockbit's infrastructure – and never did pay up. That would be a heartening display of courage. It would also be a felony, at least according to the conventional wisdom that condemns hacking back. So I cannot help thinking there is more to the story. Like, maybe Canadian Security Intelligence Service is joining Australian Signals Directorate in releasing the hounds on ransomware gangs. I look forward to more stories on this undercovered disclosure. Gus Hurwitz offers two explanations for the Federal Aviation Administration system outage, which grounded planes across the country. There's the official version and the conspiracy theory, as with everything else these days. Nick breaks down the latest cryptocurrency failure; this time it's Genesis. Nick's not a fan of this prepackaged bankruptcy. And Gus and I puzzle over the Federal Trade Commission's determination to write regulations to outlaw most non-compete clauses. Justin Sherman, a first-timer on the podcast, covers recent research showing that alleged Russian social media interference had no meaningful effect on the 2016 election. That spurs an outburst from me about the cynical scam that was the “Russia, Russia, Russia” narrative—a kind of 2016 election denial for which the press and the left have never apologized. Nick explains the looming impact of Twitter's interest payment obligation. We're going to learn a lot more about Elon Musk's business plans from how he deals with that crisis than from anything he's tweeted in recent months. It does not get more cyberlawyerly than a case the Supreme Court will be taking up this term—Gonzalez v. Google. This case will put Section 230 squarely on the Court's docket, and the amicus briefs can be measured by the shovelful. The issue is whether YouTube's recommendation of terrorist videos can ever lead to liability—or whether any judgment is barred by Section 230. Gus and I are on different sides of that question, but we agree that this is going to be a hot case, a divided Court, and a big deal. And, just to show that our foray into cyberlaw was no fluke, Gus and I also predict that the United States Court of Appeals for the District of Columbia Circuit is going to strike down the Allow States and Victims to Fight Online Sex Trafficking Act, also known as FOSTA-SESTA—the legislative exception to Section 230 that civil society loves to hate. Its prohibition on promotion of prostitution may fall to first amendment fears on the court, but the practical impact of the law may remain. Next, Justin gives us a quick primer on the national security reasons for regulation of submarine cables. Nick covers the leak of the terror watchlist thanks to an commuter airline's sloppy security. Justin explains TikTok's latest charm offensive in Washington. Finally, I provide an update on the UK's online safety bill, which just keeps getting tougher, from criminal penalties, to “ten percent of revenue” fines, to mandating age checks that may fail technically or drive away users, or both. And I review the latest theatrical offering from Madison Square Garden—“The Revenge of the Lawyers.” You may root for the snake or for the scorpions, but you will not want to miss it.
On this week's Cyber Report, sponsored by Fortress Information Security, Justin Sherman, the founder of Global Cyber Strategies as well as an Atlantic Council fellow and Wired magazine contributor, discusses LockBit's ransomware attack on Britain's Royal Mail, and the best approach to countering the potential negative implications of apps like TikTok, whether banning them entirely or allowing a third-party to monitor software and data; and Andrea Schaumann of Fortress discusses industry focus areas for 2023 with Defense & Aerospace Report Editor Vago Muradian.
On this week's Cyber Report, sponsored by Fortress Information Security, Andrea Schaumann, Fortress' director of federal programs and partnerships, on cyber takeaways from the Interservice/Industry Training, Simulation and Education Conference and the need to better educate the non-cyber community about the need for software and hardware bills of origin and materials as well as lessons from commercial industry, and Justin Sherman, the founder of Global Cyber Strategies who is also with the Atlantic Council's Cyber Statecraft Initiative, discusses his recent issue brief — “GRU 26165: The Russian cyber unit that hacks targets on-site” — why the Russian military intelligence agency's secret cyber arm hits the road globally, how to counter their operations, lessons from the recent ransomware attack on Suffolk County, NY, and the FCC's latest ban on Chinese hardware with Defense & Aerospace Report Editor Vago Muradian.
On this week's Cyber Report, sponsored by Fortress Information Security, Justin Sherman of the Atlantic Council's Cyber Statecraft Initiative who also is a Wired Magazine contributor, discusses the new report by the think tank that he co-authored — “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem” — to craft a systemic global approach to improve the cyber security as internet-connected and enabled devices proliferate with Defense & Aerospace Report Editor Vago Muradian. Other co-authors include Patrick Mitchell and Liv Rowley, with Nima Agah, Gabrielle Young, and Tianjiu Zuo.
On August 23, the Washington Post published a story about a whistleblower complaint filed by Peiter Zatko, the former security lead and member of Twitter's executive team responsible for information security, privacy, physical security, and information technology. In the whistleblower complaint, Zatko describes extreme problems and deficiencies with the security, privacy, and integrity of Twitter's platform. The complaint also alleges that since 2011, Twitter's senior executives have engaged in making false and misleading statements to users and the Federal Trade Commission about Twitter's privacy, security, and integrity.Lawfare senior editor Stephanie Pell sat down with Justin Sherman, a fellow at the Atlantic Council's Cyber Statecraft Initiative, to discuss some of the most interesting aspects of the complaint. They talked about some of the background leading up to the filing of the complaint, some of its most significant alleged privacy and security violations, and what to look for in the upcoming congressional hearing on the complaint.Support this show http://supporter.acast.com/lawfare. Our GDPR privacy policy was updated on August 8, 2022. Visit acast.com/privacy for more information.
Episode 144 Features Youth Baseball Coach Justin Sherman of JustinTime Baseball and Pizza Cook-Off Association Founder, Jerry Belcastro Justin Sherman founded JustinTime Baseball in 2015. It is an independent baseball/softball training and coaching business located in Westchester, New York. Their mission statement is, "We believe in building and developing fundamental skills in baseball and softball, while also instilling a sense of confidence and independence through individualized instruction." Justin did not play Major League Baseball, and he may have never been the best player on his team at other levels, but that matters very little. Having to always work hard for success helps him now as he understands the hard work and dedication required to play the game, and he uses this knowledge to teach children the basic skills to help them become better ballplayers. Various topics are covered and it is very interesting to hear the opinions of someone who is extremely familiar with the game and how it should be played. More information is available at, https://www.justintimebaseball.com/ Jerry Belcastro is giving pizza lovers as well as those who love to cook competitively something to get excited about. As the founder of the recently formed Pizza Cook-Off Association (PCA), Jerry is providing the pizza community with something which the barbecue community has been enjoying for years; a chance to compete and enjoy delicious food. Jerry's involvement with food has spanned many years. He previously owned an Italian restaurant/pizzeria, was the regional manager of international catering for Delta Air Lines, and is a certified BBQ judge. There are many aspects involved with increasing the number of PCA events and expanding the organization to include a national audience. Jerry has been able to secure some great sponsors and is getting closer to his goals. More information, including upcoming events, information on becoming a member, competition rules, and even information on becoming a judge is available at, https://www.pizzacook-off.com/ We recommend you go to BBQ Buddha, https://bbqbuddha.com/ for rubs and award-winning sauces, Baseball BBQ, https://baseballbbq.com for special grilling tools and accessories, the Pandemic Baseball Book Club, https://www.pbbclub.com to find many of the wonderful books we have featured as well as some additional swag, Magnechef, https://magnechef.com/ for excellent and unique barbecue gloves, and Cutting Edge Firewood https://www.cuttingedgefirewood.com/ for high-quality firewood and cooking wood. We conclude the show with the song, "Baseball Always Brings You Home" by the musician, Dave Dresser, and the poet, Shel Krakofsky. We truly appreciate our listeners and hope that all of you are staying safe. If you would like to contact the show, we would love to hear from you. Call the show: (516) 855-8214 Email: baseballandbbq@gmail.comTwitter: @baseballandbbqInstagram: baseballandbarbecueYouTube: baseball and bbqWebsite: https//baseballandbbq.weebly.com Facebook: baseball and bbq
Episode 88! This week we're back with an interview! Justin Sherman from Justintime Baseball joins us. He is a baseball coach that specializes in Youth Development. His sweet spot of coaching is ages 3-10. He also teaches parent coaches how to become more effective in getting these young kids to focus and be attentive to the game! We also make our "Way Too Early" All-Star selections, we name our "All-Yipps" Team, and we get into why Miami hates Jazz Chisolm.BIG NEWS TO THOSE WHO HAVE NOT HEARD! WE HAVE EXPANDED AND WE HAVE LAUNCHED A FULL SCALE WEBSITE. WE ARE POSTING NEW FORMS OF CONTENT WEEKLY SO IF YOU HAVE NOT MADE AN ACCOUNT, PLEASE GO MAKE ONE. IT' FREE TO BE A MEMBER, SO BE A MEMBER BECAUSE IT'S FREE!http://www.theyippsbaseballpodcast.com
Modern life relies on digital technology, but with that reliance comes vulnerability. How can we trust our technology? How can we be sure that it does what we expect it to do? Earlier this month, Lawfare released the results of a long-term research project on those very questions. The report, prepared by the Lawfare Institute's Trusted Hardware and Software Working Group, is titled, “Creating a Framework for Supply Chain Trust in Hardware and Software.” On a recent Lawfare Live, Alan Rozenshtein spoke with three members of the team that wrote the piece: Lawfare editor-in-chief Benjamin Wittes; Lawfare contributing editor Paul Rosenzweig, who served as the report's chief drafter; and Justin Sherman, a fellow at the Atlantic Council.Support this show http://supporter.acast.com/lawfare. See acast.com/privacy for privacy and opt-out information.