Podcasts
Caveat
Ep 49
Caveat 10.7.20
Ep 49 | 10.7.20

U.S. COVID-19 research efforts at risk.

Show Notes
Transcript

Aaron Brantly: There's also a substantial amount of concern both within Russia and China of what is being referred to as vaccine nationalism.

Dave Bittner: Hello, everyone, and welcome to "Caveat," the CyberWire's law and policy podcast. I'm Dave Bittner. And joining me is my co-host, Ben Yelin from the University of Maryland Center for Health and Homeland Security. Hello, Ben. 

Ben Yelin: Hello, Dave. 

Dave Bittner: On this week's show, I have a story about police foundations buying hacking tools for local law enforcement. Ben describes a judge's reaction to the Trump administration's attempt to ban the TikTok app. And later in the show, my conversation with Aaron Brantly. He's a cybersecurity expert from Virginia Tech. We're going to be discussing cybercriminals putting the U.S. COVID-19 research efforts at risk. 

Dave Bittner: While this show covers legal topics and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. 

Dave Bittner: All right, Ben, before we get to our stories, we had some nice follow-up here. We got a kind note from a gentleman. I'm going to leave his name out of it, as we do. But he says, hello, Dave. I had a completely different reaction to hearing about the helicopter plague in Baltimore. 

Dave Bittner: Remember a couple shows ago, Ben, you and I agreed that the helicopters in Baltimore make us anxious? 

Ben Yelin: Yes. 

Dave Bittner: (Laughter) So this gentleman writes, and he says, I'm a combat vet, and during my time in Afghanistan, the sound of helicopters was like a comforting blanket. When the helicopters were in the area, we knew we could relax and breathe for a moment, as there wouldn't be any incoming mortars or RPGs. I chuckled to myself at the opposite reaction to the same stimuli and thought I'd share it with you. Thanks for what you're doing, and keep up the good work. 

Dave Bittner: Well, I love this (laughter)... 

Ben Yelin: Me, too. 

Dave Bittner: ...Because it's great. 

Ben Yelin: I love that this listener wrote in and... 

Dave Bittner: Yeah. 

Ben Yelin: ...Had this perspective. You know, one thing I just - people who've served in the military have a different perspective on everything. 

Dave Bittner: Yeah. 

Ben Yelin: And there's so much about what happens in military service that we could never understand in civilian life. 

Dave Bittner: Right, right. 

Ben Yelin: And, you know, it's just - I think it's important for us to get a window into that world. And so even for something small like this, for something that makes us nervous and that would bring him comfort, it brought a smile on my face to read it. And I'm glad he wrote in. 

Dave Bittner: Yeah, absolutely. I feel the same way. So thank you for writing in. That's a great perspective to share. And I'm really glad that you did. 

Dave Bittner: All right... 

Ben Yelin: Absolutely. And thank you for your service as well. 

Dave Bittner: There you go. 

Dave Bittner: All right. Well, Ben, let's move on to our stories. Why don't you kick things off for us? What do you have for us this week? 

Ben Yelin: So we're talking about TikTok... 

Dave Bittner: (Laughter). 

Ben Yelin: ...Everybody's favorite application for the youngins these days. 

Dave Bittner: Yeah. 

Ben Yelin: My story comes from The Washington Post technology section - "Judge Suggests Trump Administration Overreached in TikTok Case" by Rachel Lerman. 

Ben Yelin: So as you might remember, the Trump administration back in early August issued an executive order seeking to ban TikTok in the United States. The authority to do that comes from a federal statute. It is called the International Emergency Economic Powers Act. Once there has been a declared international emergency, the president can declare some sort of action, some sort of economic or political sanction on overseas entities. And as long as there are 45 days' notice, then that action can take effect. 

Ben Yelin: So there was a declared emergency back in 2019 as it related to insecure communications from overseas adversaries like China. So this executive order was set to go into effect over the past couple of weeks. And TikTok has been granted a temporary reprieve because the judge here issued a preliminary injunction, meaning the judge is at least willing to hear the merits of TikTok's lawsuit against the federal government. And their lawsuit contains a lot of elements. There are two that I think are worthy of focusing on. 

Ben Yelin: One is that there's an exception in the International Emergency Economic Powers Act that the president cannot ban personal communications. And even though that might not be the main use of the TikTok application, it certainly is a use. People are sending pictures, other personal messages. And it seems like under the clear language of the act, that would be an exception where the president would not be able to take that action. And what the judge here said is that's enough of a question that it merits further consideration in future judicial hearing. 

Ben Yelin: Then there's the First Amendment aspect of this. I mean, I think this is closely tied to the statutory issue. This is going to be a major inhibition on First Amendment speech. This is an extremely popular application. It's a way people communicate both domestically and internationally, so putting any type of restriction on this application is going to have a profound effect on free speech rights. That might be justified if we're dealing with some sort of international menace and if... 

Dave Bittner: Right. 

Ben Yelin: ...The security interests are sufficient. But, you know, we don't know if the remedy here of the sanction is sufficiently tailored to protect First Amendment rights. The judge didn't touch on that in this narrow opinion that he issued this weekend. But I think, you know, now that he's issued this preliminary injunction, we're going to go further into the judicial process. I think that's going to be a key issue as well. 

Ben Yelin: There are other sort of tertiary factors at play here. There are due process arguments. You know, did TikTok have enough of an opportunity to challenge this case within this 45-day time frame? There are other potential statutory and constitutional issues. But those were certainly the two issues that caught my eye. 

Dave Bittner: So this is the judge saying - not necessarily saying, I agree, but saying that, I think this is worth a conversation. 

Ben Yelin: Yeah. So a preliminary injunction means that the judge has enough evidence that the moving party could potentially win on the merits and, you know, that also, if the moving party were to lose, it would cause irreparable harm on that party, meaning there's some level of urgency to it. 

Ben Yelin: I think the standards for the preliminary injunction have certainly been met here. If TikTok were to be banned in the United States and taken off of, you know, the Apple and Google app stores, obviously that would have a profound financial effect on them, and if we are granting the free speech argument, it would have a profound effect on free speech rights in the United States. 

Ben Yelin: But, yes, this is not a final decision on the merits of the case. This is going to go to further proceedings. Some analysts have said that - just some analysts I've read in the past couple of days - that they don't think this gives any indication on ultimately what will happen vis-a-vis TikTok just because this ruling was relatively narrow. It focused on the International Emergency Economic Powers Act. 

Ben Yelin: So it's, you know, it's possible that when this is heard in this court, which is in the District of Columbia, and other federal courts, that when they do reach the merits of the case, they'll come to a different conclusion. 

Ben Yelin: But it's sort of a judge standing on a hill, holding up the stop sign as the Trump train, so to speak, moves towards banning this application in the United States. 

Ben Yelin: The upshot of all of this - I know I use the word upshot too much. It's one of my favorite words. 

Dave Bittner: (Laughter). 

Ben Yelin: The result of all of this is you can still download TikTok in your app store, and you can still use it. And that's because of this preliminary injunction that was released this past week. 

Dave Bittner: I guess I'm struggling to understand. Let's say they do ban TikTok. There's no shortage of other social media apps out there. So I guess I'm having trouble understanding the First Amendment issue. These apps pop up, you know, like a game of whack-a-mole, right? And there's - in other words, there's no shortage of ways for people to communicate with each other online. 

Ben Yelin: Yeah, so there are a couple of points there. First, there's a separate First Amendment issue related to code. So code is considered First Amendment protected expression. Companies run the code. So when you're forbidding a company from using the code that is produced, that is a content-based restriction of speech, and courts look very disfavorably upon that. 

Ben Yelin: In terms of the suppression of speech generally, I think you're right. There are a lot of alternative applications, and, you know, you could consider this more of a time, place and manner restriction instead of a content-based restriction. In other words, they would just be banning the entire application. They wouldn't be banning a certain type of speech. 

Ben Yelin: You know, the problem is - if you think about an analog to this in the nondigital world, let's say rallies were frequently held in one widely visible town square. This is where, you know, people held major political rallies, political protests. If you banned protests in that square, yes, there would be different areas for you to express your political opinions, your First Amendment rights, but it would diminish your voice in a sense, just because that was the one area where people were going to be voicing their political opinions and political protests. And so that's kind of analogous to what's happening here. 

Ben Yelin: Because it is such a popular application and people are using it for personal communications, I think judges are putting a more watchful eye on the free speech implications. Again, that was not an aspect of this particular ruling, but it's certainly going to be at issue in the case, largely because of the prevalence of the app. If we were talking about a messaging app that nobody used, that consideration might be different, but we're talking about one of the most popular applications in the world. And so I think that will weigh heavily in these cases. 

Dave Bittner: All right, interesting story. 

Dave Bittner: My story this week - once again, from Joseph Cox over at Motherboard. 

Ben Yelin: Welcome back to The Joseph Cox Show. 

Dave Bittner: (Laughter) We really do need to send him a fruit basket or something. 

Ben Yelin: Yeah. Ask him what he wants for Christmas. 

Dave Bittner: That's right. We'll send him an Xbox (laughter). 

Dave Bittner: So the article is titled "A Police Charity Bought an iPhone Hacking Tool and Gave It to Cops." This fascinates me here. Ben, this is something you and I have talked about - this notion - I don't know - these sort of end-arounds. 

Dave Bittner: Let me describe the story here. So in San Diego, there is a San Diego Police Foundation, which is an organization that they get donations from individuals, they get donations from corporations, and sometimes they get big donations from corporations, and that's to help the police with a variety of things. 

Dave Bittner: Now, I don't know about you, but I guess the first thing I would think of in my mind would be a police foundation would be there to help police with maybe expenses if a police officer got hurt on the job, or maybe if a police officer lost his or her life on the job, that maybe the foundation would be there to help support the family... 

Ben Yelin: Sure. 

Dave Bittner: ...Get someone back on their feet - that sort of thing. And I suspect that that's probably something that this foundation does. 

Ben Yelin: Absolutely. 

Dave Bittner: But in addition to that, this story is about - this particular foundation, they bought the San Diego Police Department a GrayKey, which is a device that hacks into iPhones. It unlocks iPhones - device we've discussed here before. This is an expensive device - not only expensive to buy, but expensive to maintain. It's about $15,000 to purchase the device, and I believe it costs the same per year to keep it up and running, you know, which for a professional device is not a crazy amount of money, but we're not talking about chump change here either. 

Dave Bittner: What's fascinating to me is this sort of end-around because what this does is it makes the acquisition of that device off the books. The police don't have to go and justify this in their own budget. 

Ben Yelin: Right. And even beyond that, there's no competitive bidding process, you know, no request for proposal. So even from a cost basis, you'd think that that's also kind of an end-around. 

Dave Bittner: Yeah, that's interesting as well. 

Ben Yelin: Yeah. 

Dave Bittner: That's interesting as well. 

Dave Bittner: What is your take on this? 

Dave Bittner: I guess before we get to that, there are some civil rights organizations that are taking issue with this. They're saying this is not an appropriate way for police departments to gather up the tools that they use. What's your take here, Ben? 

Ben Yelin: So there are a couple of, you know, I think, potential big issues here. The one that's highlighted in this story and I think is extremely worthwhile to discuss is that these private foundations are funded frequently by large corporations. These seem like inconspicuous charitable donations. But when you start to see a story like this, I think that's going to put a lot of skepticism on corporations that are deciding to donate to these types of funds. 

Ben Yelin: I'm sure Target, for example - and they're one of the companies mentioned in the story - didn't think it would be bad public relations to donate to a police foundation. It's - they probably thought that money was going to be used for one of the purposes that you mentioned. 

Ben Yelin: Now, you know, after this story and others like it, there's going to be skepticism on what exactly these foundations do and what specifically they're going to be paying for. And the corporations who are funding these organizations are going to have to be accountable for those decisions. 

Ben Yelin: It can be an effective political tactic to put pressure on companies who finance organizations like this because people do vote with their dollars. And if enough people are skeptical of a company's decision to donate to a fund like this, that can have an effect on their bottom line. People just might decide to stop - shop at a different store besides Target. And they're going to be concerned about that, especially as we're in a period where there is skepticism towards, you know, police power and the use of these pervasive types of surveillance techniques. So I think that's a very important aspect of it. 

Ben Yelin: I know I always talk about democratic accountability on the - on this podcast. It always concerns me when you find out about something like this on Motherboard. We love Motherboard. It's a great resource. But it's a journalistic outfit that has to do a lot of sleuthing and deep reporting to uncover some of these things that we just would not have found out about, particularly in an era where local news is so incredibly weak and they don't have the same investigative power that they used to. So that's another thing that stuck out at me about the story. 

Dave Bittner: Yeah. And I think it's worth mentioning - I mean, the story points out that, for example, back in 2006, Qualcomm, who's a maker of chips and electronics and those sorts of things, they gave the police foundation a million-dollar donation, and it was used for, it says here, improving communications, GPS location and broadband services for the department. That seems legit to me. 

Dave Bittner: But I guess part of it is a process issue. If the police department says, boy, we could really use some equipment here to help us do our job, and the foundation is a way for them to make that happen, and it's all done out in the open and, you know, the request is made, it's a reasonable request, this is a way to have that happen - to have it happen more quickly than would happen through the regular budgeting process, I guess I can understand it. 

Ben Yelin: Absolutely. And I think we've talked about on this podcast many times that you can never delegitimize the need of law enforcement, particularly as we're seeing an uptick of violent crime in cities. I mean, they want all the tools they can possibly get their hands on to increase their conviction rate, to make sure that they're prosecuting violent criminals. So you always have to keep that in perspective. 

Ben Yelin: You know, this particular tool is more invasive than most surveillance tools just because it could break the encryption of an iPhone. So that's an incredibly powerful ability to have for a local police department. So I think it merits oversight and skepticism, which you don't get when it's basically just a nice, big Christmas gift wrapped in a beautiful bow given to the police department by this foundation. 

Dave Bittner: (Laugher) Right. Is the answer here transparency - that these sort of purchases have to be out in the open? 

Ben Yelin: Yeah. I mean, I think the answer is almost always transparency. It's always better when people can look under the hood and see exactly what their elected officials are choosing to do and choosing to purchase and the policy decisions that their elected officials are making because then, you know, people can make informed choices as to whether that's the direction they want their government to take. 

Ben Yelin: And I don't think you have an opportunity to make an informed choice if you only find out about this after an investigation by Vice and Motherboard and it's something that, as you mentioned, is completely off the books. 

Ben Yelin: So, yeah, I mean, I think it's always better to be transparent in these situations. Especially, you know, if you're going to get to a point where you have to justify the use of this technology, it's much easier to justify it if the public's been made aware of it, if there's been some level of public debate, if it's part of the standard procurement practices and other government practices that take place at the local level, rather than having this uncovered in a news story, which I think... 

Dave Bittner: Yeah. 

Ben Yelin: ...Rubs people the wrong way for good reason. 

Dave Bittner: Yeah. And it's different when it's taxpayer money, right? I mean, it's a different type of accountability. 

Ben Yelin: Right, exactly. I mean, when it is taxpayer money, you do have your democratic mechanisms in place. If I am a San Diego resident and I don't like how the police department is using my money to purchase grayscale (ph) technology, then I can vote out my local prosecutor or mayor or city council member. It's hard to do that when it's coming from a private foundation and it's something that you wouldn't know about absent good journalism. So, you know, I think that's really the moral of the story here. 

Dave Bittner: Yeah. All right, well, those are our stories for this week. 

Dave Bittner: We would love to hear from you. We have a call-in number. It's 410-618-3720. You can call and leave a message, and we may answer your question on the show. You can also email us. It's caveat@thecyberwire.com. 

Dave Bittner: Ben, I recently had the pleasure of speaking with Aaron Brantly. He's a cybersecurity expert at Virginia Tech. And our conversation centered on the possibility that cybercriminals could be putting U.S. COVID-19 research at risk. Here's my conversation with Aaron Brantly. 

Aaron Brantly: Generally, the history of intelligence contest between the United States and formerly the Soviet Union has a long and tumultuous period of development ever since the U.S. and the British engaged in activities to try and undermine the Bolshevik revolution and supported the Whites. 

Aaron Brantly: Since that time, there's been little love lost and a lot of lacking of trust between the two different nations. And starting as early as soon as Lenin came to power, efforts to engage in substantial amounts of espionage against the United States, the British and other Western powers or capitalist powers was part and parcel of the Soviet method of engaging in international affairs. So this is nothing new. It's just being extended to new domains of activity. 

Dave Bittner: So where do we find ourselves today? What's the level of activity that you're tracking? 

Aaron Brantly: There's still a substantial amount of espionage activity emanating from the Russian Federation and the People's Republic of China that are targeting every aspect of U.S. and Western societies. They target businesses. They target governments. They target everything in between. And what we've seen right now of particular interest to a lot of people is the targeting of biomedical firms, of technology firms or other types of firms related to the COVID-19 pandemic. And so these are modern connotations of a very old game. 

Dave Bittner: Can you sort of lay the groundwork for us? I mean, when we're talking about espionage, what are we talking about, and what are we not talking about? 

Aaron Brantly: Well, here what we're principally talking about is the collection of information through usually covert or clandestine means to inform or provide advantages to the government or businesses within those other countries. So here we're talking about seeing Russian actors, APT 28 and 29, going after U.S. vaccine development projects. 

Aaron Brantly: We've also seen various elements of Chinese intelligence apparatuses going after them as well, specifically not necessarily trying to undermine U.S. or British or German or other manufacturing or development, but rather to gain information to try and give themselves a leg up - kind of, you know, cheating off of your neighbor's homework in class, if you will, trying to get a better grade or get the vaccine or get to a - more equitable and faster. 

Aaron Brantly: There's also a substantial amount of concern both within Russia and China of what is being referred to as vaccine nationalism. And this is, in some ways, their method of undermining or countering any potential vaccine nationalism by trying to break in and steal information. 

Aaron Brantly: Now, in doing this, they can potentially cause cascading vulnerabilities or other types of problems that might slow or undermine U.S. or British or European vaccine efforts. But that isn't necessarily their intent. 

Dave Bittner: So when you say vaccine nationalism, is that where a particular nation would have breakthroughs with vaccines but would keep it to themselves, wouldn't share it globally? 

Aaron Brantly: It's not just about keeping it to themselves, but also perhaps prioritizing the production of vaccines within a particular domestic market, not allowing for trademarked or copyrighted vaccine materials outside of distribution channels within their own national markets. And so this is something that's very common within drug markets as a whole. And what we see quite frequently is espionage associated with these. 

Aaron Brantly: But we're also seeing it here in the COVID-19 saying, hey, you know, if the U.S. develops a vaccine before us and they are only allowing, you know, drug manufacturer X to manufacture and sell it, but they're not allowing it to become a generic market, then we want that drug as well, so we're going to go in and steal how it's made and how to manufacture it. 

Dave Bittner: Can you give us some insights into what exists in terms of international norms when it comes to espionage because, I mean, everyone is looking at each other and - as a regular part of doing business as a nation. Is there a - either a written or unwritten set of rules? 

Aaron Brantly: There are some unwritten rules associated with this in terms of how you treat other nations and other individuals particularly caught in espionage activities. Typically, the common response is to charge them with a crime. And if they're under diplomatic status, then you establish a persona non grata position for that individual. 

Aaron Brantly: We do see the melding of conventional, traditional state espionage and a lot of quasi-state or criminal espionage-type activities mixed together, and that kind of blurs the line between state activity and nonstate criminal activities. And - but generally, espionage is fairly no-holds-barred in terms of if you can get in and steal it without escalating or causing a conflict, then it's your general responsibility as an intelligence officer to try and get in and do it as best you can. 

Aaron Brantly: The U.S. does adhere to certain moral and ethical guidelines that are prescribed in law. Very few other nations have high-level specified controls of this kind. Some European partners do. But generally, a lot of our principal state adversaries do not have the same kind of constraints on their espionage behavior. 

Dave Bittner: Can you give us a description sort of contrasting the Russians and the Chinese? Do they come at this challenge with different techniques? 

Aaron Brantly: They do. I mean, so the Russians have traditionally centered it in the principal intelligence agencies, the GRU and SVU (ph). And these two agencies work not together. They actually really don't like each other very much. But they do work in somewhat in tandem to try and create or exploit various opportunities as they arise. 

Aaron Brantly: The Chinese apparatus is substantially larger and much more diffuse. They have created several different military units across the Chinese infrastructure - PLA infrastructure that engage in these types of activities. They've also been very willing to pressure and leverage Chinese nationals abroad, as well as students and academics and others. And this has come out in several FBI reports, et cetera. That doesn't mean that they're always successful, and it doesn't mean that everybody's a spy. But that's been their modus operandi for quite some time. 

Dave Bittner: We see all these reports talking about disinformation campaigns, particularly coming out of Russia, as we're heading towards our election here. Is that under the umbrella of espionage or is that a different effort? 

Aaron Brantly: So that is part of - part and parcel, actually, of their espionage apparatus. And it has been so since - actually since before the Soviet Union. They've engaged in what are known as active measures, a variety of different means to undermine or disrupt populations abroad. It is a mechanism by which they try and achieve political outcomes short of engaging in any type of warfare or other type of activity. 

Aaron Brantly: In conventional Russian and Soviet military thought, this is essentially a politics by other means or engaging in some sort of struggle against outside forces. And this is ongoing. It's - the current reports out of the ODNI and the rest of the intelligence community indicate that active measures by the Russian Federation are still ongoing, although likely not as substantial as they were in 2016 in terms of their impact. But they definitely are ongoing. 

Dave Bittner: How much has the shift to everything being online, to this interconnection that we have now that we did not have decades ago - has that leveled the playing field when it comes to espionage? Has that made it easier for some nations to - I would suspect that the level of investment that they'd have to make has probably gone down. Is that an accurate assessment? 

Aaron Brantly: So in some ways, there is a level of return on investment in terms of they save money in terms of not having to put human assets in the field necessarily as much, although actually in reality, what we are seeing is we're seeing almost the same number of human assets, plus, in addition to that, cyber exploits and other types of things going on concurrently. 

Aaron Brantly: Early in the 1990s and the early 2000s, as the internet and cyberspace was expanding, it was referred to somewhat as the golden age of intelligence. That's been pushed back a little bit with the advent of - with the proliferation of encryption, the new rules written under the Clinton administration that allowed the proliferation of encryption to general markets. 

Aaron Brantly: But generally speaking, cyberspace has facilitated, and the internet more as a broad concept in connectivity, has facilitated espionage and crime in a way that likely would've been unfathomable in the 1960s, '70s and '80s. The amount of information that is stolen is substantially higher. 

Aaron Brantly: I'll give you one brief, like, anecdotal example of this, and that is that under the Farewell Dossier, a French DST spy in the Soviet Union was able to indicate and provide evidence that the Soviet Union had stolen - he personally had stolen about a file cabinet's worth of data. When the Chinese broke in and stole information on the F-22, they stole the documents - the equivalent of filling dump trucks all the way from the Pentagon to Baltimore Harbor. 

Aaron Brantly: And so the volume of information, the level of information is just substantially higher, and the quality of information is also higher. Whereas you might've had to have exploited one individual human source or might've tried to steal specific documents or undermine one particular news story or something like that, now we have the ability to break in and take entire troves of information or entire volumes of content simultaneously that might have been distributed in multiple different file cabinets or other places prior to the internet. 

Dave Bittner: You mentioned encryption. What's been the development of countermeasures? Has there been an increase in sophistication there as well? 

Aaron Brantly: The countermeasures to intelligence are growing in terms of encryption is one of the best ways to prevent data at rest in particular from being stolen or being used or manipulated. When data at rest is not encrypted and is taken, then that obviously leaves it open for prying eyes. But when it is encrypted, it allows it to at least have a measure of security. It doesn't mean it's not going to be stolen. It just means that it's going to be harder for somebody to be - to break into it and read it or use it. 

Aaron Brantly: Other countermeasures are simple things such as the Department of Defense now allows every single user within the department to see when an email is originating outside of the department, and it gives a little banner, and it deactivates all of the links associated with that email. 

Aaron Brantly: And those types of small behavioral changes within an organization really have profound effects, particularly when you consider IBM reports coming out within the last decade that suggest that upwards of 90% of all major cyber incidents occur with human users clicking on links or some sort of insider threat activity. By shifting the psychology of individuals away from these types of behaviors of clicking on links reflexively, we are not only elevating the security, but preventing attacks such as phishing attacks or other types of things as well. 

Dave Bittner: Do you have any speculation of where things are headed in terms of the trends that you're tracking? Are we - any suspicions of what the future holds? 

Aaron Brantly: I think there's several different ways that this is all going to shake out. One, I think that general cybersecurity mechanisms are going to become much more robust. We've seen through the DARPA Grand Challenge and others that products are coming out with AI embedded in them that are able to identify and patch systems on the fly, and these are going to become very helpful. 

Aaron Brantly: I think we're also going to see behavioral changes in organizations with a limit - link clicking through notifications of outside emails and other types of behavioral changes. 

Aaron Brantly: We're also going to see increased prosecution of cases as well. 

Aaron Brantly: But I think that the real challenge is not necessarily national governments or businesses at the larger scale, but rather individuals, human rights activists and others who simply are unable to compete or participate in these large cybersecurity endeavors. And they are going to continuously be the victims, both of state espionage and other types of activities. 

Aaron Brantly: I think that what's really important to know is that moving forward, as we all move to our remote and online lives, the number of estimated cyberattacks against individuals is increasing. Every major corporation that engages in cybersecurity assessments has noted this fact. And engaging in robust digital hygiene moving forward is a basic minimum step that we can do to combat these efforts. 

Dave Bittner: All right, Ben, what do you think? 

Ben Yelin: First, I love the history of espionage in the United States. 

(LAUGHTER) 

Ben Yelin: Not often we get a history lesson going back to the Russian Revolution. And it's certainly history that I wasn't particularly familiar with. 

Ben Yelin: I also thought that - not that he was pushing back, but he kind of questioned your premise that this is a cheaper type of warfare, so to speak... 

Dave Bittner: Yeah. 

Ben Yelin: ...That it doesn't require the amount of resources as conventional warfare. What he seemed to say is that it actually is very resource-intensive, and, you know, some of our adversaries have to devote a lot of manpower and money to engage in these espionage tactics. And, you know, that means that they're going to have to get a payoff, whatever that is. So, you know, when we talk about election interference, it's sowing chaos in our democracy, which, you know, the Russians think that they can use to their geopolitical advantage. 

Ben Yelin: You know, when we're talking about COVID cures, you get into some very difficult moral and ethical issues. Obviously, we want people to have protected intellectual property rights in their - whatever COVID cures, therapeutics or vaccines that they're developing. But from a foreign adversary's perspective, everybody's trying to solve the same problem here. So I am almost - not more sympathetic, but I can at least understand those types of espionage efforts more than some of the others that you talked about historically. 

Dave Bittner: Right. 

Ben Yelin: I still think it's morally wrong and a violation of international law. I just thought that was an interesting aspect. 

Dave Bittner: Yeah, for sure. All right, well, our thanks to Aaron Brantly from Virginia Tech for joining us. 

Dave Bittner: That is our show. We want to thank all of you for listening. 

Dave Bittner: The "Caveat" podcast is proudly produced in Maryland at the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our coordinating producers are Kelsea Bond and Jennifer Eiben. Our executive editor is Peter Kilpe. I'm Dave Bittner. 

Ben Yelin: And I'm Ben Yelin. 

Dave Bittner: Thanks for listening.

Caveat
Podcast Info
HOST(S):
Dave Bittner
Ben Yelin
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Ben Yelin, JD, is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, where he consults public and private entities on homeland security, cybersecurity and emergency management policy. He is also an adjunct faculty member at the University of Maryland Francis King Carey School of Law, where he teaches courses on electronic surveillance and the Fourth Amendment.
Schedule: Wednesdays
Creator: CyberWire, Inc.