At a glance.
- First conversation between US, Russian foreign ministers.
- A perspective on cyber czars.
- Dealing with threats to privacy.
Blinken and Lavrov chat.
The new US Secretary of State Blinken and his Russian counterpart Foreign Minister Lavrov talked yesterday in a customary get-to-know kind of way. Among the matters they discussed was, predictably, cybersecurity (alongside various high-profile disagreements involving Russian dissidents and imprisoned US citizens). Secretary Blinken told Foreign Minister Lavrov that he should expect President Biden "to protect American citizens and act firmly in defense of U.S. interests in response to actions by Russia that harm us or our allies."
Secretary Blinken told them inter alia to stop election interference and damaging cyberespionage (like the SolarWinds hack). Foreign Minister Lavrov's specific responses aren't recorded, but he did indulge in a tu quoque, as shown in the Foreign Ministry's press release:
"In connection with the developments around Alexey Navalny, which were mentioned by Mr Blinken, Mr Lavrov gave detailed explanations about the need to respect the laws and the judicial system of the Russian Federation. He drew Mr Blinken’s attention to the persecution of the protesters against the results of the presidential election and urged the US to ensure transparency in the relevant legal procedures.
"Mr Lavrov confirmed Russia’s willingness to work jointly for normalising the entire range of bilateral relations while observing mutual respect and a balance of interests. The officials emphasised their interest in mutually eliminating the accumulated difficulties in the operations of the Russian and US diplomatic missions in both countries. Anthony Blinken displayed a willingness to organise an expert dialogue on these issues."
So, in all probability, diplomatic business as usual, for now.
Cyber czars, as seen from London, and other cyberlaw news notes.
The founding head of London’s National Cyber Security Center (NCSC), which merges cyber duties that in Washington are distributed between the NSA, CISA, and CyberCom, spoke with Lawfare’s Cyberlaw Podcast about what it was like to serve as Britain’s equivalent of a cyber czar. Ciaran Martin noted that it’s more difficult to reorganize departmental authorities in the US, but what the NCSC strove for was a balance between the communicative openness allowed private agencies and the coveted intel of the covert realm.
Martin also spoke on what he sees as the time and the place for offensive cyber action (targeted enemy disruption and anti-terror, child exploitation, and ransomware efforts), distinguishing these situations from what works to deter APTs and what form cybersecurity should generally take. Saying it’s not usually sensible to “fight cyber with cyber,” he stressed both the difficulty of identifying a proportionate counter-target and the unintended consequences offensive moves can have, like domestic blowback or arms race catalyzation. His position on Solorigate is that the US was “harmed, not wronged,” and sanctions and diplomatic expulsions would be an appropriate response.
Calling Moscow “severe bad weather” and China “climate change,” Martin closed by urging the EU and US to concentrate on developing their common interests rather than picking policy fights.
Ongoing threats to privacy and security, at home and abroad.
The segment in Lawfare's Cyberlaw podcast touched on other current events, too, positing an “optimal level” of ransomware—like shoplifting—at non-zero, given the high costs of addressing it (this is similar to retailers accepting a certain low level of inventory "shrinkage," which is to say pilfering, as the cost of driving shrinkage down to zero would outweigh the benefits). They also drew attention to the Intercept’s reporting on leaked Chinese law enforcement files, which revealed “the absolute flimsiest of pretenses” for jailing Uyghurs and a program for amassing their biometrics. Reviewing reports like Gizmodo’s that China is hankering after US DNA as well, the hosts explored Beijing’s potential objectives, including blackmail, designer bioweapons, strategic intelligence, or pharmaceutical research.
Lawfare also highlighted the EU’s seeming evolution on encryption, with people in high places using phrases like “lawful access” and “security despite encryption,” before turning to the “fifth column” that has arisen on the US front of the crypto wars. The host observed that in the wake of Parler’s shutdown, encrypted services realized they were facilitating the goals of “dangerous refugees,” not “freedom fighters,” explaining that privacy advocates “provided privacy for people they hate, and we’ll just see which of those values triumphs. My bet is, their hatred for the right will overcome their love of privacy, but it’ll take another five years.”