This Week in Law 289 (Transcript)
Denise Howell: Hi, folks. Denise Howell here. And next up on This Week in Law, we've got Sarah Pearson, Duncan Hollis, and Lauren Wilson joining me; and we've got so much great stuff that you're going to hear about, including international cyber law and International League of Cyber Avengers; Title II rises from the ashes in the net neutrality debate; a duty to hack; and much, much more, next on This Week in Law.
Netcasts you love ... from people you trust. This is TWIT! Bandwidth for This Week in Law is provided by Cachefly at Cachefly.com.
Denise: This is TWIL, This Week in Law with Denise Howell and Sarah Pearson, episode 289, recorded January 23, 2015
Cyberleague Are Go!
This episode of This Week in Law is brought to you by FreshBooks, the simple cloud accounting solution perfect for your law firm and any entrepreneur. Save time billing and get paid faster. Join the over 5 million users running their business with ease. Try it free at FreshBooks.com/twil. And by Blue Apron. Blue Apron will send you all of the ingredients to cook fresh, delicious meals with simple step-by-step instructions right to your door. See what's on the menu this week and get your first two meals free by going to BlueApron.com/twit. That's BlueApron.com/twit.
Hi, folks. I'm Denise Howell. Thank you so much for joining us for This Week in Law. It's a big week for law and policy issues, and we've got a big panel to help us understand the latest in what's going on at the juncture of technology and law. Joining us from Temple University is Duncan Hollis. Hello, Duncan, how are you?
Duncan Hollis: I'm doing well, thanks.
Denise: I almost called you "Temple." That's not going to work. (Laughs) Great to have you. Tell us a bit about your work at Temple, what you're teaching there, etc.
Duncan: So I'm a professor of international law at the law school here, and I teach courses on property international law; treaties; and for, I guess, your viewers, cyber threats, or regulating cyber threats. And that's most of my research.
Denise: So folks, for all those times when I and other guests on the show are attempting to grapple with what's going on in international law and how something might work one way in the United states and you have no guarantee at all that it's going to work the same way anywhere else — yay! We now have Duncan with us to help set us straight on all these fronts; and more particularly, from events much in the news lately, try and help us grapple with international cyber terrorism threats. So great to have you, Duncan; you've been a long time coming. Your knowledge base has been a long time coming to the show. (Laughs) So we're thrilled to be able to welcome you. Also joining us from FreePress is Lauren Wilson. Lauren, great to have you.
Lauren Wilson: Thank you for having me, Denise.
Denise: And you could not be on the show at a more timely moment in time, given everything that's going on with net neutrality and how that is all coming to a head. Is that the main focus of your work these days?
Lauren: It certainly has been the main focus of our work for the past year and a half, I would say. But thankfully, things are finally wrapping up, and it seems as if the Federal Communications Commission is poised to do the right thing; so I'm very happy.
Denise: I'm happy, too, and I'm happy we have you to help us understand because, as people who have watched the show over the last couple of years know, net neutrality is not an easy topic; and it tends to get reduced to sound bites that don't tell the whole story. So I'm glad that we can have the time to go into it and try and understand a little more thoroughly what is happening as this whole conversation starts to conclude. And joining us back on the show is my new co-host, Sarah Pearson. It's great to have you back, Sarah.
Sarah Pearson: Thanks, Denise. I'm really excited to be here.
Denise: People met Sarah a couple of times in 2014, and she's kindly agreed to step into the shoes vacated by Evan Brown. They're big shoes, I've got to say. (Laughs)
Sarah: They are; it's true. (Laughs)
Denise: But probably both physically and metaphorically. (Laughs)
Denise: But we're so thrilled to have you, Sarah. And we're going to have one more show next week where we won't have Sarah on; but starting February 6, she's going to be regularly on the show, and I couldn't be more pleased about it. It's great to have you.
Sarah: Thank you. I'm really excited about it, too.
Denise: All right. So we've got a lot of law and policy stuff to discuss today; let's get right to it.
(The intro plays.)
Denise: Duncan, I think we'll start in your area of expertise, if we could, with trying to get our arms around how the United States and other countries are going to respond to the various cyber threats that we're facing today. Overall, it seems like our ability to deal with those threats, both on a law enforcement basis and on a law-making basis, is far outstripped by the threats themselves, that what people are actually able to accomplish or may be able to accomplish just kind of runs circles around our ability to control or regulate it. So why don't you start by giving us sort of the 10,000-foot view and your take on where we are now and what we can see coming in the future.
Duncan: Sure. So I think where we are now is probably not in a good place, you could say. 2014 was a pretty bad year for cyber security, as we see a whole range of threats. Obviously, the Sony hack popularized cyber security in ways only Angelina Jolie and Seth Rogen could; but at the same time, all the data breaches — and then we have stories coming out about Turkish pipelines being able to be exploded through hacking, such that I think we're seeing, again, countries that were already focused on this issue giving it even higher priority, perhaps most notably by the Obama/Cameron meetings earlier this week, where both emphasized the need for new approaches to cyber security. And so there's kind of a growing sense, as far as policy makers are concerned, that more needs to be done. I think on the technical side, we already have a range of computer emergency response teams; there are certs that try and deal with the cross-border problems of all these sorts of — not just cyber criminals, but also hacktivists; and probably of most concern to folks these days is the militarization of cyber space, as we have now dozens upon dozens of [inaudible] that are building capacity to go offensive in cyber. As far as where the lawmaking's going, part of the issue right now is, we've got kind of — I almost use the musical metaphor "cacophony," right, that there's just all these different voices out there vying for authority, saying, Hey, we should be the folks who decide this — whether it's the International Telecommunications Union, which is an organization under the U.N. umbrella; or older institutions like I Can; or more security-based organizations. There's actually a group of government experts that meets at the United Nations that's 20 countries represented; and they're nominally supposed to be telling us what the rules are for cyberspace, particularly as it involves states. And even more recently, there was this Net Mundial meeting last year in Brazil; and the question is, what will that produce going forward in terms of kind of what they call a multi-stakeholder model for cyber security and cyber governance? And we're kind of at a point now where we've got a lot of candidates for institutions that will help deal with these threats, and/or a lot of candidates for what the norm should be; but we don't have a real sense yet of which ones are going to win and which ones are going to lose. I don't even know that we'll get to some single entity or institution; but we're seeing kind of different camps sorting themselves out. So it's a complicated but interesting time as far as international cyber security policy goes.
Denise: It is. It's complicated and interesting on so many fronts that I scarcely even know where to begin. Maybe where we should begin is getting your take on where you draw the line for criminalization. So much of what people do online involves perhaps exploiting something that should have been locked down but was left wide open; so if you're going to drive right through that open door, is that a proper thing to criminalize just because someone has bad security hygiene? And then other things are far more targeted and circumventing; and I'm wondering, from a policy standpoint, where you feel the law should draw the line.
Duncan: So I have to be honest. So for my interest areas and the circles I travel in, we're kind of at the other end of the spectrum, which is where do you draw the line between, say, crime and war. So between, say, the Sony hack and the attribution of it to North Korea — is that criminal behavior, albeit done by a Nations state; or does it somehow get us into more warlike behavior or — things like Stuxnet, which reportedly was a U.S. and Israel hack where you're spinning centrifuges out of control; and the Natanz nuclear plant in Iran. And so I've spent a lot of time working on the line between what's going to be an act of war and what's going to be a criminal act. To be honest, I think we see, on the — what constitutes criminal activity, you're right — it's an equally important area in terms of exactly what should, say, the Computer Fraud and Abuse Act here in the United States deem as criminal. It tends not to get as much attention on the international stage, largely because the things that start to get attention from multiple governments or multiple international organizations tend to be the higher level threats. So the large bot-nets, the large data breaches, extensive use of ransom-ware, or more direct exploits that are attacking, say, critical infrastructure and the like. So that's kind of where we're seeing a lot of disagreements over exactly where the line should be for something that would, say, be an act of war — in which case you can hack back but you can also put missiles in the air or boots on the ground, literally under the laws of war, and there's obviously pretty dramatic consequences when you think about that that could be something that started in cyberspace; versus activity that's bad but that we would treat as criminal. And Interpol would reach out to the FBI or vice versa, and they would try and engage in more traditional law enforcement mechanisms to either cooperate to shut down a bot-net or what have you. And that's kind of where my focus has been. And again, part of the problem with all of this is, even in this high-level stuff, figuring out who's doing it really complicates the legal inquiry.
Denise: Right. And I think that the question you're more familiar with grappling with is a critically important question of drawing the line between criminal activities and war. So why don't we talk more specifically about North Korea and the Sony hack. First of all, we've gone back and forth on this show and elsewhere on our network here about the solidity of the information that points toward North Korea. Do you have an opinion on that?
Duncan: Oh, so with an asterisk, I think that the U.S. is pretty likely to be believed here for having attributed it to North Korea. I mean, obviously, this week the New York Times reports that it was not just technical attribution, that it's not just tracing it back through the channels to identify it from North Korea; but the fact that the U.S. — or the Nsa, more specifically — was in North Korea's networks as all this was going on, and so was able to identify it from North Korea kind of through what we'd call secondary intelligence — that is, not literally doing attribution on the attack itself, which I think — you're right. There was a lot of chatter back and forth about whether just based on what we were seeing from the Guardians of Peace, whether you could say, Oh, that's North Korea; or was it really an insider or what have you. The U.S. comes out and says, No, no, we know; trust us. People were not so trusting of the U.S.; but now, this week, we're seeing evidence suggesting that part of the reason the U.S. was so sure was that they had kind of inside information from other intelligence, right, that they were already in North Korea's networks. I guess why I believe the U.S. is, over the last six, seven years, there have been plenty of hacks where the back-chat was that there was a government that was responsible. This was a Russian one; this was the Korean; this was a Chinese one. And we haven't seen — other than last summer when the U.S. indicted five People's Liberation Army officers from China, this is only the second time we've seen the U.S. come out and say, We know who did this, and it was a foreign government, in this case, North Korea. So I think, particularly the speed with which the U.S. did it and the fact that it's so rare for them to do it, at least leads me to believe that it is North Korea. The one asterisk is, there was a time — as some of your viewers may recall — where the U.S. government was equally convinced that there were weapons of mass destruction in Iraq, and that one was wrong. So is there a possibility that the NSA was getting misled somehow and thought they were in the North Korean system, and someone was sending them off on a wild goose chase or making it look like North Korea? I suppose history suggests that's possible; I just don't really believe it in this case.
Denise: Okay. Sarah, any thoughts about the North Korean situation and the solidity of the information about the hack; and specifically, what are your thoughts on whether this is the kind of thing that could escalate to a militarized response?
Sarah: I guess — I mean, I certainly defer to Duncan in terms of whether or not it was — we have good evidence that it was North Korea. I'm really curious, actually, to follow up on something Duncan was just saying. You were talking about that you deal a lot with the line between war and crime; and I'm curious where terrorism falls there. Is that — in the physical world, we're often grappling with this pull between what's terrorism, and where does it cross the line over to war? I imagine that's an issue that you deal with in your domain, too; and I'd love to hear you talk about that a little bit, if you don't mind.
Duncan: Sure. So if you look at the history of terrorism, terrorism started out as a criminal behavior. If you go back to the 1970s and high jackings, everybody said, Oh, this is horrible behavior; it's criminal. And then, over time, people began to say, You know, it's not just criminal; there's something else going on, whether it's the state-sponsored terrorism in particular. And most notably, of course, was after September 11, when you have the Bush Administration saying it's not crime; it's war, and it should be regulated entirely as a matter of war. So you kind of had two camps: the crime camp, and then there were some folks who said, It can be both. It's both crime; it's both war. We can use the tools of both to try and regulate it. And then, there's been some folks who say, Terrorism should actually be a discrete, third category, and we should kind of have a whole separate system. Just like we have laws for war and we have criminal law, we should have laws for terrorism. Sadly, with respect to just regular old terrorism, we haven’t gotten that far. We have a number of treaties that have nations cooperate on combatting terrorist financing, terrorist bombings, high jacking, and the like; but it's also important to note that internationally there's no fixed definition of terrorism, that things like the Palestinian situation and elsewhere have made it very difficult for countries to agree on what terrorism is. So that complicates how international law deals with it regularly. For better or worse, when it comes to cyberspace, what we tend to see these days is terrorists' use of cyberspace for various purposes — propaganda, recruiting; we have not seen yet terrorists actually using cyberspace to perpetuate, say, a terrorist attack — that is, poisoning a water filtration plant or tackling a civilian nuclear reactor — kind of these Armageddon-like scenarios that you'll see suggested. So for better — probably for better — we haven't had to grapple yet with how we're going to deal with "cyber terrorism" because we haven't seen it yet. The history with respect to terrorism at large suggests it'll be hard to figure it out and that some nations will say, Oh, it's criminal, and you shouldn't treat it like an act of war; and other nations will say, No, no, you're wrong. We can use our military forces and detention operations and all that goes with it to deal with these threats.
Sarah: Yeah. I figured if we're still grappling with it in the physical world, then I imagine we're that much farther behind in thinking about it when it comes to the digital; but it's really an interesting thing to think about.
Duncan: Yeah. No, and —
Denise: And the other interesting thing to think about is not responding in the typical way that things are militarized, but as Duncan referred to previously, responding in a way that militarizes cyberspace. And sort of eye for an eye; but this time, companies' internal documents for companies' internal documents or some other kind of retaliatory strategy. How does that all play out, Duncan?
Duncan: So it's interesting, right? So the militarization of cyberspace really depends on where you sit. So to give one example, for what we called international humanitarian lawyers — that is, the folks who work on the laws of war — they're all very comfortable with what the rules in warfare are; and the rules in warfare are pretty simple. You can attack military objects, but you cannot attack civilian objects. You're supposed to protect civilians and separate them out. But what we've done in the real world is, what happens if an object's used both by civilians and military — say, a power plant powers both a military base and civilian facilities? Where stuff's used by both, international law says, Oh, it's military, and you can attack it. Now, you translate that to cyber. That creates a real problem when we think about the fact that the military, including the U.S. military, runs so much of their communications and the like through the Internet. They use many of the same service providers that you or I use for services. Does that suddenly mean that all this — things like Skype — are suddenly in some ways open to attack in a military conflict? And militaries seem fairly sure that the answer is yes, although from other quarters, people are saying, You know, that may have worked in the twentieth century, but we're not sure it works in the twenty-first. So on the one hand, you've got that. On the other hand, you do have this line between, how do we sort out technology that's largely driven by data and communications — what do we want to consider to be military in nature or not? And so one of the things is drawing the line. Like, for example, the Sony hack — no one's saying that was an act of war. Obama described it as cyber vandalism; and the analogy that's probably more appropriate is, a lot of this stuff so far has been espionage, right? Peeking in, looking at people's data, getting access to it, maybe learning from it things that you could use in a real conflict — plans for people's power grids or the like. But by and large, to the extent it's espionage, international law's just kind of shrugged its shoulders at that going in the past. But what we do see — and I think it's really important for people to understand — is that since, say — there was kind of attacks in Estonia in 2007 — militaries have woken up; and they are thinking about this as a domain, and they are investing millions, if not billions, of dollars; and tens of thousands of military forces are now thinking about cyberspace in the way they used to think about airspace or the oceans as a platform on which they can launch and defend against attacks. And we really haven't figured out how they're going to segregate that from you and I and how we use the Internet and information technology.
Denise: Lauren, I know this is a little far afield from net neutrality and thinking about the regulations of businesses and the way the Internet is delivered on that front as opposed to, perhaps, the Internet being taken down by a cyber terrorist; but I don't want to leave you out of this conversation. Just wondered if you were having any thoughts as we're going along here exploring these issues.
Lauren: Well, I have read some of Duncan's writing, and I think it's really interesting, the discussion surrounding how you draw the line between what is a crime and what's an act of war. And I kind of connected that to something Duncan said about how we define terrorism; and unfortunately, sometimes I think terrorism is defined by who is committing the act and what political aim they are shooting for, what ideology they support. And so I think that complicates the discussion even further when we're trying to determine who is a criminal versus who is a terrorist and whether there is cyber terrorism or threats domestically. I don't know if that will be a civil cyber war where you have Americans versus Americans in one group, committing cyber crimes against one another; or if you have policies or actions that really severely kind of limit the digital rights of one group. Should that be a crime? Is that a form of cyber terrorism? And if we follow Duncan's writings, should there be a duty to assist those people? And so that's just what I was thinking about.
Denise: Right. Excellent points. Duncan, do you have any response?
Duncan: Yeah. So I'll say two things: One, the duty to assist idea was my response to what we'd say is the attribution problem, which in cyberspace, unless you're unlucky, stupid, or somebody does have secondary intelligence, often you can hide your identity and perpetuate whether it's criminal activity or militaries doing these things. Which is why, for example, there's still some folks who are doubting the idea that North Korea did the Sony hack. That attribution problem makes how we normally would use law difficult, right? Normally, what law does is it says, Don't do X. And if you, bad person, do X, we'll find you and punish you for that sort of behavior. The difficulty is, well, if you can't find that person, if you can't identify the bad actor — you can't even figure out if that bad actor is an individual, a cyber criminal organization in Russia, or a foreign government like North Korea — then it really makes it hard to know how that law's going to work. Is it even going to deter behavior? Is it going to lead to anybody being caught? And that's part of the problem with cyber crime right now, is the amount of cyber crime versus the actual successful law enforcement efforts are really not well aligned. And so part of what people have been thinking about is, can we come up with other ways to regulate this space to make it safer? And there's a general idea of what is called resilience, which is, how do we make our networks? How do we make our data more secure in the face of an attack? Assuming attacks are going to happen, assuming we're not necessarily going to be able to catch the people who did it, can we just figure out ways to survive those attacks as best we can? And that's why, for example, I'd argued for, say, an E-SOS or some sort of digital assistance requirement that — for really bad things, where somebody's critical infrastructure's knocked offline or what have you — is you can ask for help and that other people would then be required to give it to you, much like on the high seas. If your ship is sinking, you can put out an SOS; and anybody who's nearby is legally required to come help you. And you could actually sort through the offers of help if you're the sinking vessel and say, Yeah, we need you to help us. It's a different way of regulating a problem, right, because the SOS system regulates pirates, but it also regulates hurricanes. It doesn't really matter who's causing your vessel to sink; the idea is that the obligation is to help the victims when they need it. And so that's kind of — again, people have been thinking in terms of how do we, at an international level, try and start a conversation or start a set of norms that everybody can agree on? Can we actually get a world where China, Russia, the United States — not sure you'll ever get North Korea, but the major players — India, the European Union, are all on the same page for at least some basic minimum norms and how to deal with certain threats. I would say one thing about the net neutrality is, although it doesn't seem like it's related to this issue, I think in practice there is some ties in the sense that I think there is that question of, well, who decides these things, right? And part of what's going on in net neutrality is this fight about whether we're going to leave it to companies to figure out how we're going to regulate bandwidth, or is an individual government like the United States going to step in, or should there be some international net neutrality principle that, as a matter of international law, nobody is supposed to violate the net neutrality principles? And that is, again, tied up with, I think, this larger looming battle over, well, who's going to be in charge of cyberspace, or who's going to be in charge of which parts of cyberspace, which is very much in play in the cyber terrorism and the cyber war conversations where you have — certain actors are trying to say, hey, we should be in charge of all of it. And others are saying, No, over on this issue, net neutrality should be domestic legislation; but on things like cyber war, yeah, we need the U.N., or a group of folks at the U.N., to weigh in.
Denise: So sorry, folks; we just lost my video. But we are at a great juncture in this conversation, and I definitely want to keep it going. And that's a really interesting point, Duncan, that you just raised about net neutrality on the international front. Can you, and then Lauren, tell us what you know about moves in the international community to adopt net neutrality principles similar to what the FCC here in the U.S. has been grappling with?
Duncan: So it's not an area that I know as much about, so I'm hoping others will jump in. My sense is that it has been discussed about the International Telecommunications Union — I think I mentioned the ITU before — and they're certainly proponents of it. And then there are other countries where — like, China, there's no net neutrality in China. But it is definitely the sort of thing where folks are looking at taking it beyond an individual country. It runs afoul of kind of another movement that we're seeing in the post-Edward Snowden world which is data localization, which is that a number of countries are working to keep their data in-country; and then that may have consequences for what sort of services are going to get prioritized on their bandwidth, local versus stuff coming over the national border, so to speak. But that's — other than I know that it's an issue that ties into this question of, well, who's going to decide these issues, the details are not my area of expertise.
Denise: Lauren, do you know anything further you can fill us in?
Lauren: I don't work so much on the international front, but I do know a few things. Back in December, there was a proposal from the U.S. in the — I think it's called the TISA or TSA. It's another iteration of an international trade agreement; and it's actually not as strong as rules in the EU or even what the FCC is proposing or what President Obama called for. And it's pretty strange that the U.S. would push for weaker protections on an international front, and it's definitely something that's problematic. The U.S. proposal, pursuant to that trade agreement, the definition of what reasonable network management is is not clear. So who knows what Internet service providers could claim as a practice that they're using to manage their network. And there's also an issue of a provision granting, I think, users access use to kind of the content of their choosing; and that raises a red flag because it paves the way for what's called zero-rated apps. So a carrier could exempt a certain application or website from a data cap, which is complicated because people are, in a sense, getting what they want; but they're not really getting that full, robust access to the entire Internet. And so we don't want to see kind of people opting for cheaper plans just because apps are zero-rated and then getting kind of a second-class Internet experience.
Denise: All right. And yes, I definitely want to get into the nuances of what we're dealing with here in the U.S. and what the FCC is going to have to decide very shortly here. But before we leave international cyber law, let's talk about Edward Snowden on a couple of fronts. Number one, he's a whole international cyber law conundrum in his own right; and number two, he has given us access to a bunch of information that's pertinent to what we've already been discussing here today, including some coverage this week about some of the Snowden docs, that talk about how the NSA is preparing America for all these issues. Can you speak to that for a second, Duncan?
Duncan: So sure. If you want to be cynical, this may be the Snowden camp's efforts to kind of get back on the front pages in the aftermath of the Sony hack; but what it basically does is, it's a series of documents that details — so far, most of the Snowden documents emphasized what we call the cyber exploitation aspect of what NSA does — that is, getting into people's systems and scooping up data, [inaudible] it, learning things, right? Basically getting information, getting intelligence. What this discusses is how NSA is now moving into more offensive attack capabilities — that is, really looking at different ways not only to find out what the power grid plan is, but then how to use that planning to take it down when and if the U.S. military needs to do so in a conflict. And it's not too surprising to me that NSA would be doing that because, again, the United States military now has U.S. cyber command, which is the military arm that deals in cyber along now; and the head of U.S. cyber command is also the head of the NSA, so it shouldn't be so surprising that the NSA'S NOW NOT JUST IN THE INTELLIGENCE-GATHERING BUSINESS BUT ALSO, GIVEN ITS — WHATEVER YOU THINK OF THEM, THEY DO HAVE A HIGH LEVEL OF TECHNICCL SKILL, THEIR ABILITY TO CAUSE DAMAGE, DISTURB, OR EVEN DESTROY STUFF VIA CYBER ATTACKS. And so there was this Der spiegel release that came out. My sense is — I haven't gotten a sense that it's gotten as much play in the United States. I think DeflateGate seems to be taking priority over that. But — I wasn't actually in Europe; I was in Zurich until Wednesday; and it was definitely playing over there in much the same way that a lot of the earlier Snowden disclosures, kind of further vilifying the United States as kind of an aggressor in cyberspace, which can come back to bite it as it tries to get other issues that it wants. Suddenly, people accuse the United States of hypocrisy on some of this, and that makes it hard when the U.S. is out there advocating for things like digital privacy or freedom of expression on the Internet. This sort of stuff can get turned around on the United States and make it hard for the U.S. and the diplomats that represent the U.S. to get what they want.
Denise: And how about Snowden himself? Have you been following along the ins and outs of his travels around the globe and his eventual, perhaps, prosecution?
Duncan: So I haven't been following that closely. I mean, I think he's kind of in the same boat that — remember Julian Assange, right?
Denise: Of course.
Duncan: We haven't heard as much from him. He's still in the Ecuadorian embassy as far as I know. Right; this is where international law both helps and hurts these guys — helps them in the sense that it probably precludes the U.S. from sending in special forces to scoop him up. Certainly, if they did so, (a) A place like the U.K. wouldn't be so happy. You know, there's diplomatic immunity for Assange; and obviously in Moscow, you're dealing with a whole different kettle of fish in Russia. But international law prohibits states from going around and grabbing people wherever they want in the world. On the other hand, it also limits their ability to move around and get where they want. I think, certainly, Snowden is looking to avoid getting prosecuted in the U.S.; but my sense is, the time in Russia is not as fond as maybe he had originally anticipated. So these sorts of things can last quite a while. There was an old story — I think someone was in the Vatican Embassy in South America for something like seven years at one point in an earlier one of these stories where a fugitive decided to hide out.
Denise: I suppose I'd rather be in Rome than in Russia if given the choice. (Laughs)
Duncan: True, true.
Denise: Yes. All right. We're going to take a break here for a second. We're going to wrap up our international law discussion by looking at some potential solutions to the problem of regulating cyber stress, including a duty to hack. I want to get into that with you, Duncan. But before we do that, a couple of house-keeping matters here. Number one, thank you so much, Patterson in IRC, for giving us a great first MCLE pass phrase for this episode of This Week in Law. We put these phrases in the show for the various jurisdictions around the United States — and goodness knows, with our international focus, maybe this applies elsewhere, too — that if you are a lawyer elsewhere in the world, you might also have a continuing legal education requirement that you have to meet. And why wouldn't such a wonderful guest such as we have today be a great candidate for satisfying those requirements? We're not an authorized provider in any state, but you shouldn't let that stop you if you're a loyal listener to the show, there are many ways that you can submit individual programs and get credit. And we have a wonderful aggregation, at least for folks in the U.S., of how you can go about doing that state by state at our wiki. That's at wiki.twit.tv; find the This Week in Law page there, and you'll find everything you need. And we put these phrases in in case — several jurisdictions like folks to be able to demonstrate that they actually watched or listened. So our first phrase for this show is "Casus belli." I'm not even sure if I'm pronouncing that correctly. It is Latin which means, per the terms of the TWIL drinking game handed down to us from time in memorium, that now would be the time that you drink. (Laughs) Anytime we utter Latin and various other things on the show. "Casus belli" is a Latin expression meaning "An act or event that provokes or is used to justify war." So it's wonderfully appropriate to what we've been discussing today.
And then the other house-keeping thing that we're going to go ahead and take care of right now is thanking our first sponsor of this episode of This Week in Law. Of course, we could not do this show without the great sponsors on our network, and one of the sponsors that I most enjoy telling you about is FreshBooks because I use FreshBooks, and I couldn't have my law practice without it. It literally keeps the lights on and the bills paid for me by making sure that I'm able to accurately and timely and really conveniently invoice my clients and get paid. It's a super easy program to use. Once you input a few addresses or recurring things, it kind of goes on auto-pilot for you. It helps you track your time. You don't want to track your time with a watch; it's much easier if your time and billing program is actually doing that for you. All you have to do is open up the FreshBooks app on your phone; you start the timer; and then that time is captured and immediately gets translated into an invoice down the road. It bills for growing businesses; and particularly when you have a small business such as my very, very small law practice, it's important that you get your money in the door in a timely manner. You really don't have any cushion to fall back on. And on average, FreshBooks customers double their revenue in the first 24 months and get paid an average of five days faster. That really makes a difference. You don't want to be using Word or Excel or Google Docs to do your invoices; I hope you know and get that it's just not professional and doesn't send the message I think you want to send as a business. But FreshBooks sure does, and its professional-looking invoices don't cost you a lot of time. They're really easy to create in just minutes. You also can avoid those awkward emails and phone calls to your late-paying clients. Somehow it's just a little nicer — I think people are a little bit more amenable to a little tickler from your time and billing program which you can set up easily in FreshBooks, rather than having you have to get on the phone and say, Hey! Why haven't you paid me? It's a little less awkward. You're going to spend less time on paperwork, and you're going to free up up to two days a month to focus on more of what you love to do, whether it's your work or your play. I'm all about things that make you more productive, and this certainly does. Also, you can use FreshBooks to keep tight track of your expenses — not just your time that you need to include on invoices, but also the expenses for the things involved in the services you're providing. All you do is snap a photo of a receipt right from your phone, and it's instantly captured and will go right on your invoice for you. You can also instantly access complete financial reports so you can keep track of those expenses and be ready for tax time, right around the corner here. You can also integrate FreshBooks with any apps you're already using — for example, Google Apps, PayPal, Stripe, MailChimp, FundBox, Zen Payroll, and it works with even more than those. And best of all, if you ever need help, don't worry about waiting in a long phone queue and trying to get to the right person. You're going to talk to the right person every time, and tech support is free forever. So why wouldn't you try FreshBooks right now for free with no obligations? You start your 30-day free trial by going to FreshBooks.com/twil; and please, when you're there, it really helps us out if you can remember to enter "This Week in Law" in the "How did you hear about us" section. Thank you so much, FreshBooks, for your support of my law practice and also supporting this episode of This Week in Law.
So Duncan, you sent me some wonderful proposed strategies for dealing with these issues we've been discussing. One of them we touched on already: an E-SOS for cyberspace. You might want to flesh that out a little bit more for us. And I'm also super interested in your thoughts on a duty to hack. So can you run through these points for us?
Duncan: Sure. So the E-SOS for cyberspace, again as I suggested, is this idea that for maybe certain cyber threats — massive DDOS attacks, say, on a nation state or attacks on critical infrastructure — not your garden variety hacks, as it were. But that for certain hacks we might want to have a system where the victim can call for help. Here in the U.S. particularly, there's been a lot of resistance to trying to regulate cyberspace and require people, or mandate people, to do certain things; and this would be more of — the victim decides when they need help and who they could call for help. And there's some great stories from the SOS world. One of my favorites, actually, is a North Korean story where a North Korean vessel got attacked by Somali pirates off the coast of Somalia; it sends out an SOS; and who comes and saves the North Korean crew but the United States Navy, engaging in a gunfight and arresting the pirates. And again, part of the idea is that even enemies can cooperate against a common threat; and in cyberspace, there's certainly that possibility. Part of what motivated it was, the Estonian hacks in 2007 were almost — all the Estonian services, from banking, education, government, universities, media, went offline for several weeks; and most assumed a Russian-sponsored hack, or at least a DDOS attack that originated in Russia. And when Estonia asked Russia for help, Russia kind of shrugged its shoulders and said, We didn't do it, but we don't know who did; and let it stand. I guess part of the idea for an E-SOS would be that you have to help. So even if you're the one who caused it and you don't want to admit you caused it, you'd still have to clean it up, is part of the idea. And I think there's some discussions within places — not on a global level, but at NATO and again in the GG conversations — where people are talking about, well, how do we do this? And I don't know if the E-SOS idea is going to get picked up; but the duty to assist is certainly something that's on the agenda right now internationally that's being discussed. I know Microsoft, for example, actually has a cyber security diplomacy team; and they, last month, came out with some suggestions, including a version of a duty to assist. So it's an idea that I've been kind of flagging for a few years now, but it's nice to see that some people are thinking about it in the sense that — what's the harm, at least, in having a duty to assist? It doesn't stop people from going after cyber criminals; it doesn't stop us from thinking about what the rules are for laws of war or better ways to regulate this stuff; but it could be a system in place as we see increasing cyber insecurity to deal with that. So that's the duty to assist idea. On the other hand, the duty to hack idea was my reaction in some sense to a lot of attention and criticism and fear around using information technology in warfare. A lot of people — there have been calls beginning in 1998 to ban cyber weapons, to say, Nobody should use cyberspace for warlike purposes. I guess I'm more of a realist; and I think, as we're seeing today, that's unrealistic. I mean, governments are going to use it; they've decided that they can do amazing things that they never could do before remotely, without risking their soldiers' lives, to disrupt — whether it's companies like Sony or pipelines like in Turkey or nuclear centrifuges like the Stuxnet virus. And given that that is possible, the idea of the duty to hack is to start thinking about, well, when and if should hacking ever replace bombs and missiles?
Duncan: That is what military folks call kinetic attacks. And so the idea, basically, was to start thinking about when, if ever, would we want to require states to hack first, right? Because the idea would be, instead of blowing up the power grid before U.S. forces entered a city, why not disable it temporarily until the forces move in place, and then you can turn it back on with no requirement to repair anything and no collateral damage in terms of lost human lives? Let me be clear: There is no real duty to hack in international law right now; it's more of a thought piece —
Duncan: — that is trying to change the conversation and think about, if we're militarizing cyberspace, is there any good that can come of it? And I recognize it's a controversial idea, but it is one that people are thinking about.
Denise: Yeah. It's a great one to think about. And also, I love your concept of a global cyber league, something you see as a Red Cross sort of movement for cyberspace. And what I see when I think about a global cyber league is five or six folks in stretchy costumes with circuit cords across their chests. (Laughs)
Denise: So why don't you elaborate? I'm sure I'm just making light. But you like to make international law funny, so ... (Laughs) my contribution to that.
Duncan: No, no. My 12-year-old daughter Margaret actually gets credit for coming up with "global cyber league" because I was like, "I need a name for this, and it can't be the Red Cross."
Duncan: On a serious note — I mean, again, a colleague of mine, Tim Maurer who's at New America, and I kind of have been talking about how cyberspace is under-institutionalized. I mean, we certainly have ICAN, and we have the IETF — Internet Engineering Task Force. But in terms of a policy lens for figuring out, how do we deal with these most severe cyber threats, there really isn't anybody out there that's not affiliated with the government or not affiliated with some pre-existing international organization. So you have things like NATO, which comes with baggage. Russia doesn't like NATO very much, for example. And so you have these institutions that are trying to protect cyberspace and make things better; but the reality is, there are other states or other interests that don't like those institutions or don't like those governments, and so there's a real lack of trust. And one of the things that we kind of thought would be interesting would be, well, what about doing what the Red Cross did for disasters and warfare? There was a time, right, when militaries only took care of their own wounded, prisoners of war were mistreated; and when disasters happened — bad things — people just died. And then Henry Dunant, a Swiss businessman in Italy — or what was soon to be Italy — at the Battle of Solferino, says, This is horrible. And he basically tried to organize some aid after that battle and came up with this idea that what we need are societies to just focus on assistance and do so impartially. It doesn't matter who you are as a victim. If you're a North Korean victim of a cyber attack, or are you somebody from Silicon Valley, the idea is, all victims should get help; and it should be given neutrally and impartially so that, for example, the Red Cross can come in and visit people held by things like the FARC in Colombia that some people think is a terrorist organization. But the Red Cross can get in because it has that trust and everybody understands that it's going to be neutral, that it's not going to take the information it finds and leak it to the press or give it to intelligence agencies or economic competitors and the like. And so there's actually a global conference on Cyberspace coming up in April. It's part of what's called the London process, which is this kind of — every couple of years, nation states at a ministerial level gather to try and figure out how they're going to deal with cyber security; and the Dutch are hosting it this April, and looks like we're going to try and pitch that idea there. And I don't have any illusions that it'll be successful, but at least trying to get folks to think about, well, what if we did something similar in cyberspace? What if we had a Red Cross-like movement and had similar structures just like national societies — the American Red Cross — but there's also an international community of the Red Cross. Could you do something in cyber? You already have certs, right? You already have computer emergency response teams; but they're often tied to governments, and it's not clear that people regard them as neutral or impartial. And so part of the question is, well, what sort of assistance network could we craft that everybody could trust and it could be neutral and deal with kind of systemic threats to the Internet in terms of massive DDOS attacks or data breaches or the like? And so that's the idea. Part of the joy of me being a law professor is, I get to try and think these ideas and then see if we can't get those who actually work with cyberspace, whether they're military government or technical or industry folks, to see if it's possible. And so we're only at the beginning of this conversation.
Duncan: But it's been interesting getting earlier reactions to it.
Denise: The security clearances on the members of the cyber league would have to be pretty high.
Denise: Else they would just go around back-dooring everybody, right?
Duncan: Right. No, I think it — I mean, you'd have to develop an ethos, right? Like, just like if you become a Red Cross volunteer, you work for the international community of the Red Cross. You actually take an oath of neutrality. And there's a culture there where people take pretty seriously that whatever nationality they're from, whatever their background, while they're with the Red Cross, that's their primary identity. And that's the idea here. Could you do something in cyber? And maybe you can't. Maybe the intelligence interests or the zero-day market is just so strong that people wouldn't do it. On the other hand, we're at a pretty bad place in cyber security right now; and so I think it's time for some new ideas and at least to try some trial balloons to see if we can't get to a better place. And so this is just one of those ideas.
Denise: Yeah. Folks in IRC are calling them the cyber avengers, so I guess we'll make our second MCLE pass phrase for this episode of This Week in Law "Aid from Asgard," focusing just on Thor, of course.
Duncan: Yeah. And I'll take your point that they're going to need uniforms.
Duncan: Yeah, I think that's going to have to be required.
Denise: (Laughs) Definitely. Some sort of good logo, if nothing else. Okay. So we've got our second pass phrase in there. I think — first of all, I just want to thank you so much for sharing all these ideas with us, Duncan, before we shift gears here. Really great stuff that I hadn't thought about before, and I'm glad you're thinking about. And I do want to shift gears over to talking about net neutrality because there's so much going on just immediately this week and much coming up in the next few weeks with a vote from the FCC. So Lauren, I'm going to kind of set the context a bit and let you go from there and tell me if I've left things out. But we had, just this week, hearings on some proposed net neutrality legislation. The hearings seemed to garner a lot of controversy, and the proposed legislation does not seem, from the challenges it was getting — mostly from the Democratic side of the aisle — the proposed legislation doesn't seem like it will fly, although we now have a Republican-controlled House and Senate; so who knows what will fly or not? But that's been going on. Also what's been going on is, way back at the beginning of this current iteration of the net neutrality discussion, when the Verizon case was decided by the Second Circuit, it seemed — we had a bunch of people on the show talking about the whole notion of Title II reclassification and whether that could ever happen and how that was just kind of high in the sky — maybe a good idea, but high in the sky. And now it's seeming like maybe more of a reality; so I'd love to get your thoughts on that. And then, of course, we have this vote that is coming next month from the FCC, which is the result of the proposal that it put out last year and the comment periods that have gone on in the wake of that proposal. And finally, a vote on an open Internet rule that hopefully would pass legal muster in a way that the FCC's first try at this did not. So Lauren, have I keyed that up enough for you?
Lauren: You have done a great job. Thank you. (Laughs)
Denise: Okay. Tell us about the legislation first. Did you go to the hearings?
Lauren: I did go to both hearings, so I was on the Hill all day from 9:30 a.m. until about 6:30, 7:00; and man. So I think the bill did come about because members of the different commerce committees heard that the FCC was going to move to reclassify broadband as a common carrier, telecommunication service on February 26; and so I think they're trying to preempt that move because that would mean a lot of good things for American consumers. And it may or may not get at the profits of the largest Internet service providers. And so by all accounts, this bill was written by the cable industry and was put forth by the chairman of the House and Senate commerce committees. And on its face, it may not seem that bad; but it's pretty dangerous, and I think Republicans got at it in a very kind of sneaky way. The legislation does ban certain forms of discrimination online; and notably, the word "discrimination" appears nowhere in the draft bill. So that leads us to believe that in the future, ISPs could discriminate in ways that we haven't conceived of. All the bill does is speak to forms of discrimination — paid per organization, blocking — that have already come up and that we know of now. But there's nothing in there that would stop an Internet service provider from discriminating on the basis of its vertically integrated products or services, from zero-rating apps, from — who knows? — qualitative discrimination. And we should be very fearful of that. And furthermore, you get net neutrality, but this bill bans the FCC from enforcement and from acting in order to do right by consumers; and it also banned the FCC from reclassifying broadband as a telecommunication service. So you would get some basic form of net neutrality, maybe; but you would be giving away telecom and giving away a conception of the Internet as we know it that's free and open. And there's so much more in Title II to protect consumers than just the authority to ban discrimination. There are important protections for privacy, emergencies, other types of discrimination that really go to the heart of what the internet is and what any open communications network is and should be. So I think the bill poses a very grave threat to the future of the internet and by giving away title 2; sure you get net neutrality in some short term but I think you lose it in the long term and you lose the larger policy of openness and innovation that net neutrality really is after.
Denise: Tell me about sort of the political board game going on here. We have the FCC coming up for its vote; we have this proposed legislation in place or working its way through congress. Do you think that the legislation is being put out there as a way to react to the FCC’s vote if it does not go the way that the majority of congress would like it to go?
Lauren: Absolutely the bill is out there as a reaction to the FCC’s upcoming vote. I doubt that they could get it through committee and the whole congress in time. I think the way the bill started out was kind of a bargaining chip. I think Republicans are willing to drop some parts and definitely there are some carrots on the stick to lure Democrats in but I’m optimistic that we can beat this thing down. The FCC will absolutely vote 3-2 I think to reclassify.
Denise: That’s your call, 3-2 to reclassify?
Lauren: Yes I think this bill just means that we definitely have more work to do on the hill but I think it can be done. Senator Thune sent out a letter to the FCC today calling for more transparency in the process. One talking point that they tried out recently is that no one has seen these new rules and the new order reclassifying broadband and to me it’s kind of a strange… because there was notice and comment in a public proceeding and formally people have already spoken out and said that the internet is a common carrier service and they asked the FCC to reclassify. There were draft rules that were released in May and people said they were not good enough and so the FCC went back to the drawing board and that’s why we’re at this stage. So I think claims of a lack of transparency aren’t very genuine in my eyes and I think there is a lot of danger in these new rules coming to light ahead of schedule.
Denise: How big is this drawing board? What can we expect after the vote? We’ll get a new set of proposed rules that you think will involve reclassifying broadband as a common carrier. Is that just going to be that and then it’ll be up to the courts to take a look at those rules and decide whether the FCC has acted within its authority?
Lauren: Right, there will probably be litigation; the wireless industry has said it would probably sue the cable industry, lobby and CTA which is headed by former chairman Powell who is the one who gave away telecommunication service in the first place. That’s really interesting to me you know, he testified in the house and he kept saying the FCC could have put itself in this position. It classified broadband as an information service and he kind of acted like our hands were tied now. But he left out the fact that it was his FCC that did that and that it was his call to put the internet under the watchful eye of Comcast and Verizon and AT&T. So he said they would probably sue; I think Verizon would probably sue again so I think we would see litigation. I think we would absolutely see the FCC prevail. They are the expert agency and there is definitely very robust record supporting reclassifying broadband as a telecom service and the agency has contemplated this for a long time so I think success is likely and then there will probably be a lot of proceedings regarding forbearance. Title 2 is lengthy and we certainly don’t need every provision that relates to plain old telephone service. The commission can forebear for a lot of those provisions. So we’ll see more rule makings and proceedings probably deciding which sections of title 2 we should keep and which sections we don’t need any more.
Denise: Ok, Sarah what do you think about these latest moves in the net neutrality chess game?
Sarah: I think it’s an interesting move because I guess I’m not convinced that the public really understands the implications of reclassification and I’m kind of just going by the fact that I don’t feel that I fully understand the implications myself. I do think the public overwhelmingly is supportive of the idea of an open internet and not wanting throttling, not wanting paid prioritization and those things but I don’t know… in fact I’m fairly convinced that the public doesn’t really understand the minutia behind it. So this bill kind of tests that by saying look we’ll deal with the specific harms that everyone is agreeing are bad but we won’t go so far as to let the FCC reclassify. So to me it’s kind of an interesting strategic move. I have no idea whether or not it’ll work. I’m not close to Capitol Hill at all and it sounds like it’s not going to but I did think it was an interesting strategic move there.
Denise: Lauren you’re very much an advocate for title 2 reclassification and treating the internet as a common carrier and making sure under that authority that paid prioritization and throttling and things are difficult if not impossible to pull off but I’m curious as to your take on the business side of the argument. The argument for different approaches to how we deliver internet services and you were touching on this earlier with different exemptions with beta casts etc. Shouldn’t the various industries delivering things over broadband and providing broadband be given a little leeway to play around with economic models?
Lauren: Where does it stop if you can do that? I think that undermines kind of the ideals that this nation was founded upon. I don’t think anyone would suggest that when this country was founded that the postal service should be able to charge more money to certain people for delivering their mail. Everyone should have equal access to the networks and those pathways that connect people to other people and other businesses. So the idea that corporations should be able to kind of toy with that model is a zero sum game – if you speed up some traffic you slow down other traffic. To mess with that favors people with capital and people who can afford to bear that cost and that seems so inherently unfair and anti to everything we are about. The internet is a modern day postal service, a printing press and I don’t think discrimination should be allowed on that open pathway and I don’t see how discrimination could be good for anyone’s business in the long run.
Denise: Just stick to the metaphor of moving around physical goods and it’s not a perfect metaphor when we’re moving around bids but it is good for business to have the postal service and Federal Express and UPS and all kinds of competition in how you move things around and you’re going to pay more for some of those services than you would for others.
Lauren: I think it’s different with parcel delivery because USP; when I order my package next day and you order yours regular delivery; me getting my package the next day doesn’t mean that you get your package any slower. On the internet when there’s congestion that is exactly what that means and so to harm others because someone was able to afford a premium is inherently unfair I think.
Denise: Yes I’m with you there and I don’t envy the FCC trying to grapple with these issues at all. I’m glad that we have people like you helping advise them and helping them understand all the nuances.
Lauren: As a baseline matter whether the internet is a telecommunication service I think making that call is not first a matter of what is best for people or what is best for the internet. It’s a matter of law. There is a definition of telecommunication service that says users directing traffic between the points of their choosing and that is what you do with the internet. So to say that it’s anything but I think someone has to be either willfully deceiving their audience or truly they haven’t read the act.
Denise: Duncan it’s pretty important what the United States ultimately does here isn’t it on the international playing field.
Duncan: Oh yes absolutely. The reality is the Snowden disclosure certainly hurt the US market share in terms of our technologies but the reality is what the US does has outside repercussions. But it’s not just the United States so it has big influence. I don’t know if you’ve discussed on the show before the European Court’s decision of the right to be forgotten from last year; which is affecting how Google.com may operate going forward. So the transnational impact of what happens when 1 country legislates a certain way have been a long standing problem for cyber-space. It’s interesting having talked to some folks at Comcast. ISPE and particularly the ones in the US don’t tend to think about the question of how net neutrality impacts the rest of the world but it’s certainly going to influence because there will be countries that will look at what the US does and try and mimic it and then there will be countries that will maybe choose to go in a different direction; to the extent that it’s a network of networks. What we do here has effects elsewhere and then there are repercussions that may circle back in unexpected or unanticipated ways.
Denise: And what the United States does here could have a strong impact on what it can access internationally and the efficacy of it getting information from people who are not involved in paying for accelerated access and that kind of thing, couldn’t it?
Duncan: Yes, I think that’s right.
Denise: Alright, let’s go around the table just one more time with all of you and get your final thoughts on anything we’ve discussed today before we go ahead and thank our final sponsor of the show and get into our tips and resources of the week. Duncan is there anything that you feel like you can synthesize and leave our viewers with to think about from what we’ve been talking about today?
Duncan: I think a couple of things to be watching for if folks are interested in this are this UN group of government experts that are meeting in April. Are they going to be able to have any forward progress on what are the rules of states in interacting in cyber space and also that global conference on cyber security that is being held in The Hague in April is another kind of thing to watch. The one thing we didn’t get too much time to talk about is that President Obama’s part of the State of The Union; they ruled out cyber security legislation again and the Obama administration wants it and maybe with the Sony hack there’s now enough popular support for it to move forward and just like on net neutrality if the US does manage to adopt cyber security legislation which includes things like protection of information sharing and more law enforcement authority; that’s going to affect not just how users in the United States experience this technology but it’ll have global affects as well.
Denise: Lauren I’m sure you’re going to be very busy over the next month or so. Is there anything in particular that we should be paying attention to?
Lauren: I would just urge everyone to reach out to their member of congress and let their voice be heard and to resist the temptation to buy into rhetoric like monopoly or regulation; utility regulations and just really take into account that the internet exists because of title 2 of the Communications Act. It’s a system of interconnected computers that researchers were able to build because they did not have to ask phone companies for permission to access those phone lines. There are other title 2 services that exist today like your cell phone; like business broadband and those markets are doing just fine and people are afford it. So protections and the ability to seek recourse when they’ve been hurt and I think that’s really important going forward because the internet as we can see is how we communicate with one another now and it should be protected.
Denise: Alright, Sarah any final thoughts before we move into our final segment of the show?
Sarah: I was just going to say I just really enjoyed this conversation with Duncan; learning some of his ideas and I feel like even in the span of this show I’ve gone from thinking the initial thought of militarization of cyber space – my initial thought was that; wow that sounds really scary and then I thought well compared to a situation where lives are at stake in the physical world it can’t be more serious than that. Now I’ve gone back to thinking you know there are unique risks there because there because it would be easier; any effort the government makes would be easier to hide, it’d be harder to avoid collateral damage and although the collateral damage would be in the form of speech I can imagine there’d be an argument that it would be easier to dismiss it and then it would be more pervasive. So I think there’s really fascinating issues in there. That was a really good discussion so thanks Duncan!
Denise: Yes I agree. As usual I’m coming away from the show with much to think about and much more to read and for all of you that are listening and watching we put together a bunch of resources and discussion points that we’re looking at as we’re getting ready to view the show. We have that list available for you if you want to do some further reading. For example there is a piece by an Australian newspaper strangely that I found when prepping for the show, about the tech policy points from the State of the Union earlier this week and there are much more there too so you can check it out at www.delicious.com/thisweekinlaw/289. You’ll find links to many of the things we’ve been discussing today and further writing from our guests and much more. Right now we’re going to take a break. Before we get into our excellent tip and resource of the week for you we’re going to thank our 2nd sponsor for this episode of This Week in Law which thematically enough we have an international flair to this week because the sponsor is Blue Apron and I’ve been busy this week cooking spicy Korean beef with a Korean rice cakes and I’m not even going to try – well I’ll just go ahead and try it and butcher the pronunciation of this dish. It’s called Korean Style Tteok. It’s either tech or tock or something like that; T.t.e.o.k; with spicy pork Ragu and gai lan. I was a little bit trepidatious of making this dish. There were ingredients there I’d never worked with like the gai lan and the rice cakes but this came out so wonderfully delicious that I’m definitely putting it in my culinary repertoire, especially because it was just plain simple to make when it came down to it and I started chopping up the gai lan and figuring out how to cook it. It was all easy to do and fun to do because that’s what Blue Apron does. It sends you fresh wonderful high quality ingredients. I’m just blown away by how they come up with recipes that are exotic and unique and yet easy to make and really fun to make and not very time consuming to make. It just makes you look like a whiz in the kitchen even if you’re not 1 in particular. You’re going to cook fresh and delicious and easy every time you get 1 of these packages from blue apron and I really enjoyed making this Korean dish. My family – you know I have a 10 year old who can be kind of picky about such things but we just wolfed this down. But the good thing too is that the potions are really generous. The meals that I make are really designed for 2 people but there’s always enough to feed our family of 3 and even have left-overs for the next day in many cases. So here’s how it works; you just pay $9.99 per person, per meal. Blue Apron sends you a refrigerated box with high quality ingredients, fresh ingredients and exactly the right portions and you get a simple step by step recipe card with the ingredients. It comes right to your door; the ingredients itself comes from local farms so you’ll be getting produce that is currently in season and at its peak of freshness and I have yet to get an item of produce from one of these nice cooler boxes that wasn’t just crunchy, crisp and wonderful. The meals are only 500-700 calories per serving. You’d never guess that given how delicious they are. They work around your schedule and your dietary preferences so when you set up your account you tell them I don’t do shellfish or peas but I do everything else and then they’ll send you your meals based on those preferences. Cooking takes about ½ hour for each dish give or take depending on how much chopping is involved. Shipping is always free and the menu is always featuring new recipes. One thing I love is they pay attention to what is going on in the world when they’re preparing their menus to send you. For example we’re coming up on Super Bowl week, so next week’s menu is all about Super Bowl friendly food. There is a chili, a pizza and spicy wings. So that’s a little bit not their usual fair but makes perfect sense for the Super Bowl. So that is pretty fun. I really loved this spicy Korean rice cakes dish that we got to make this week and I have a chicken dish and a fish dish still to come in my box that is their regular weekly shipment. You’ll be cooking incredible meals, you’ll be blown away but the quality and the freshness; it’s fast, it’s fresh, it’s super affordable and people are going to think you’re a gourmet chef and in my case that takes a bit of convincing. So it’s wonderful to have a bit of help. If you want to see what’s on the menu this week and get your first 2 meals free, then you’re going to go over to www.blueapron.com/twit. That’s right you’re getting 2 meals free just for visiting blueapron.com/twit. I really encourage you to do it. It’s really fabulous stuff. Thanks so much Blue Apron for the great meals and for your support of our show This Week in Law. Alright so we’re moving on to our resources of the week and I want to pick Sarah’s brain about a couple of them because at least one of them relates directly to Creative Commons where Sarah is counsel. It is called Team Open and what our resource is that you can pick up off our delicious links is a list of game changing projects from Team Open. Tell us about Team Open Sarah.
Sarah: Sure. This is round 2 of Team Open actually. They did a round 1 I think maybe a year ago. It’s basically stories and interviews of why 10 people of projects chose CC licensing for their art, for their scientific data, for their games like Cards against Humanity; for those of you who don’t know about that game it is super fun and horrible at the same time.
Denise: I’ve heard of it but haven’t played yet.
Sarah: It’s definitely worth playing with the right crowd. You’ve got to pick your audience. But they are really good, well written little pieces and I think it’s really eye opening because it shows just all the reasons that… the rationale different people had for choosing CC licensing and it goes from just simply wanting to expand the reach of your work for commercial purposes, for publicity purposes, to 1 artist was talking about that making this very heart felt rationale about how she ultimately determined that spreading her art increases its inherent value in a philosophical sense not in a financial sense; then of course just wanting to break down barriers to increase access to knowledge in the case of scientific data and some of the educational examples. So it’s just an interesting set of anecdotes for people to read so it’s a great resource.
Denise: We’ve got everything here from books to online magazines to musical works. Do you have a favorite on this list? Not to put you on the spot.
Sarah: Well probably Cards against Humanity just because I love playing that game. It’s not one of the most serious ones on the list. I was really interested in the one about Kallium Maize. She talked about how she worried that licensing it under CC license would devalue it in a philosophical sense and then she came around to thinking that actually that place puts more value on it. So that was one of the best written and interesting ones but they’re all great.
Denise: Right, I love this one by Shawn Bonner and Joy Ito; Safecast, which was created in the wake of the 2011earthquake in Japan and it used open sensor data to help people avoid hazardous areas so it’s great public safety and health possibilities as well. Alright we have 1 more resource for you on the copyright front at the end of every year certain new works come into the public domain and here in January of 2015 several new works have entered. All of the works from - what year are we in now; Sarah do you know?
Sarah: I was just going to look that up. What is it?
Denise: It is way back there. But anyway focusing on our list here of things that have come into the public domain we have works by Kandinsky, Edward Mootch, Edith Sitwell, Piet Mondrian, Anton Dupree; lots of great wonderful creators throughout time. Ian Fleming and many, many, other works have come into – not all of their works but works from a particular year have come into the public domain as of the turn of the calendar. So do you have anything else to add here Sarah?
Sarah: No I don’t think so. I noticed I tweeted about that a couple of weeks ago. I just thought it was kind of amusing to think about how old these works are and how they’re just now falling into… maybe it’s more depressing than amusing but they’re just now going to public domain.
Denise: Yes I know but people might tend to forget about the public domain and the fact that there are wonderful works out there that will continue to be added to the public domain so it’s worth paying attention to and considering whether you need to go to istockphoto or maybe use something from public domain from Edward Mootch. That would be perhaps a good solution. Our tip of the week has to do with prisons and pirates and I sort of thought of this in the category of it takes one to know one but Universal Music is suing something called the Keith Group and what the Keith Group does is work with families of prisoners; people in prison and being incarcerated in the United States and sells them care packages that will be delivered to their family members in prison. One of the things included in these care packages are sound recordings mixed tapes including works by M&M, Jackson Brown; because if you’re in prison why wouldn’t you want to listen to M&M and Jackson Brown side by side. Universal Music is not happy about the fact that these mixed tapes are not licensed from the recording industry and is suing. So the tip to be gained from this is I guess don’t think because you’re selling pirated music to people who might themselves be pirates that that’s going to keep you in the legal clear. The suit of course, as do so many of these kinds of copyright suits, seeks the maximum 150,000 dollars in damages per music track being infringed. So it is potentially quite a high dollar lawsuit and it has just been filed so we won’t know for quite some time probably how this is going to shake out but it caught my eye this week and I thought it was kind of interesting. Alright folks this has been a really fun show. Sorry I’ve only been able to join you by phone. That is uncommon for how we do this show but I’m glad we were able to keep it together and to keep the show going. Sarah Pearson, it was great to have you on and looking to having you regularly on in 2 weeks and thereafter.
Sarah: Yes me too. I’m really looking forward to it.
Denise: It’s going to be fun. Duncan I really can’t thank you enough for taking time out from your duties teaching and being associate dean at Temple, to help us grapple with these really interesting and really difficult international cyber law issues.
Duncan: It was a pleasure. Thanks for having me.
Denise: It was great having you on the show. Lauren I can’t thank you enough for taking time out from attending hearings and paying attention to maybe one of the most wide ranging issues in the US on the legislative agenda right now. One that touches all of us and certainly touches how we will access the internet and how much it will cost us and just you know couldn’t be more pleased that folks of your caliber are advocating and thinking and engaging on these issues and helping the FCC grapple with its hard task in charting its course here.
Lauren: Thank you. I had a great time talking with your listeners.
Denise: Alright. Folks I’m so glad you all could join us today. It’s wonderful when you can join us live. We record the show, live every Friday at 11:00 Pacific time, 1900 UTC. If you do that then you can jump in our IRC chat and help us out during the show. If you can’t do that don’t worry, you’re going to find all the shows including the one we’re recording right now at www.twit.tv/twil. We’re on YouTube as well at thisweekinlaw there and in iTunes on the Roku, however it’s easy to get This Week in Law on your favorite device whether it’s television, your phone, your iPad, other tablet, however you might like to watch and wherever you might like to be. We’ve got all kinds of ways you can do that if you go to www.Twit.tv/twil; it has got the whole list of ways you can subscribe to the show. If you are an iTunes subscriber it’s always nice to get reviews there. I forget to remind people to do that but I think a lot of people listen to the show in iTunes and we’d love to get your feedback there. It helps us out a lot. We love to get your feedback other places too. Of course you can always email me. I’m firstname.lastname@example.org. Sarah we’re going to have to get you your own twit.tv email address soon. I’ll put that on my list of things to do. Hopefully we’ll get that in place by the time you’re next on the show but in the meantime you can reach both of us on Twitter. Sarah you’re @ssinchpearson. I’m @dhowell on Twitter and so it’s a great way as you’re reading through your synthesizing issues that relate to technology and the law. During the week just shoot us a reply there and let us know what you’re reading and think you might want to hear on the show coming up. Let us know a guest that you think might be wonderful on the show. You can do that on Facebook and also on Google Plus. All of those ways work. We’re really thrilled that you’ve been able to join us today however you’ve done so and we’ll see you again next week on This Week in Law! Take care.