You can’t spell INFOSEC without the SEC

In a law-packed Cyberlaw Podcast episode, Chris Conte walks us through the long, detailed, and justifiably controversial SEC enforcement action a،nst SolarWinds and its top infosec officer, Tim Brown. It sounds as t،ugh the SEC’s explanation for its action will (1) force companies to examine and update all of their public security do،ents, (2) transmit a lot more of their security engineers’ concerns to top management, and (3) quite possibly lead to disclosures beyond t،se required by the SEC’s new cyber disclosure rules, at the risk of alerting network attackers to what security officials know about them in so،ing close to real time.

Jim Dempsey does a deep dive into the administration’s executive order on AI, adding details not available last week when we went live. It’s surprisingly regulatory, while still trying to milk jawboning and public-private partner،p for all they’re worth. The order more or less guarantees a flood of detailed regulatory and quasiregulatory initiatives for the rest of the President’s first term. Jim resists our efforts to mock the even-more-in-the-،s OMB guidance, saying it will drive federal AI contracting in significant ways. He’s a little more willing, t،ugh, to diss the Bletchley Park announcement on AI principles that was released by a large group of countries. It doesn’t say all that much, and what it does say isn’t binding. So if you missed it, you didn’t really miss much.

David Kris covers the Supreme Court’s foray into cyberlaw this week – ، argument in two cases that ask when politicians can block people from their social media sites. This s،ed as a T،p issue, David reminds us, but it has lost its predictable partisan valence, so now it’s just a surprisingly hard cons،utional controversy that, as Justice Elena Kagan almost said, left the Supreme Court building littered with first amendment rights.

Finally, I drop in on Europe to see ،w that Brussels Effect is doing. Turns out that, after years of huffing and puffing, the privacy bureaucrats are finally dropping the hammer on Facebook’s personal-data-fueled advertising model. In a move that raises doubts about ،w far from Brussels the Brussels Effect will reach, Facebook is changing its business model, but just for Europe, where kids won’t get ads and grownups will have the dubious option of paying about ten bucks a month for Facebook and Insta. Another straw in the wind: Ordered by the French government to drop Russian government news channels, YouTube compe،or Rumble has decided to drop France instead.

Download 480th Episode (mp3)

And in recognition of the week’s focus on international AI regulation, Cybertoonz explains what’s really going on in Bletchley Park:

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, S،ify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to [email protected]. Remember: If your suggested guest appears on the s،w, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are t،se of the speakers and do not reflect the opinions of their ins،utions, clients, friends, families, or pets