It’s been a jam-packed week of cyberlaw news, but the big debate of the episode is triggered by the White House blueprint for an AI Bill of Rights. I’ve just released a long post about the campaign to end “AI bias” in general, and the blueprint in particular. In my view, the bill of rights will end up imposing racial and gender (and intersex!) quotas on a vast swath of American life. Nick Weaver argues that AI is in fact a source of secondhand racism and sexism, something that will not be fixed until we do a better job of forcing the algorithm to explain how it arrives at the outcomes it produces. We do not agree on much, but we do agree that lack of explainability is a big problem for the new technology.

President Biden has issued an executive order meant to resolve the U.S.-EU spat over transatlantic data flows. At least for a few years, until the anti-American EU Court of Justice finds it wanting again. Nick and I explore some of the mechanics. I think it’s bad for the privacy of U.S. persons and for the comprehensibility of U.S. intelligence reports, but the judicial system the order creates is cleverly designed to discourage litigant grandstanding.

Matthew Heiman covers the biggest CISO, or chief information security officer, news of the week, the month, and the year—the criminal conviction of Uber’s CSO, Joe Sullivan, for failure to disclose a data breach to the Federal Trade Commission. He is less surprised by the verdict than others, but we agree that it will change the way CISO’s do their job and relate to their fellow corporate officers.

Brian Fleming joins us to cover an earthquake in U.S.-China tech trade—the sweeping new export restrictions on U.S. chips and technology. This will be a big deal for all U.S. tech companies, we agree, and probably a disaster for them in the long run if U.S. allies don’t join the party. 

I go back to dig a little deeper on two cases we covered with just a couple of hours’ notice last week—the Supreme Court’s grant of review in two cases touching on Big Tech’s liability for hosting the content of terror groups. It turns out that only one of the cases is likely to turn on Section 230. That’s Google’s almost laughable claim that holding YouTube liable for recommending terrorist videos is holding it liable as a publisher. The other case will almost certainly turn on when distribution of terrorist content can be punished as “material assistance” to terror groups.

Brian walks us through the endless negotiations between TikTok and the U.S. over a security deal. We are both puzzled over the partisanization of TikTok security, although I suggest a reason why that might be happening.  

Matthew catches us up on a little-covered Russian hack and leak operation aimed at former MI6 boss Richard Dearlove and British Prime Minister Boris Johnson. Matthew gives Dearlove’s security awareness a low grade.

Finally, two updates: 

• Nick catches us up on the Elon Musk-Twitter fight. Nick's gloating now, but he is sure he'll be booted off the platform when Musk takes over.
• And I pass on some very unhappy feedback from a friend at the Election Integrity Partnership (EIP), who feels we were too credulous in commenting on a JustTheNews story that left a strong impression of unseemly cooperation in suppressing election integrity misinformation. The EIP’s response makes several good points in its own defense, but I remain concerned that the project as a whole raises real concerns about how tightly Silicon Valley embraced the suppression of speech “delegitimizing” election results.