Further Reading, Other Developments, and Coming Events (2 October)

Coming Events

  • On 6 October, the House Administration Committee’s Elections Subcommittee will hold a virtual hearing titled “Voting Rights and Election Administration: Combatting Misinformation in the 2020 Election.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • October 7: Defending our Democracy
    • One can register for the event here.
  • On October 29, the Federal Trade Commission (FTC) will hold a seminar titled “Green Lights & Red Flags: FTC Rules of the Road for Business workshop” that “will bring together Ohio business owners and marketing executives with national and state legal experts to provide practical insights to business and legal professionals about how established consumer protection principles apply in today’s fast-paced marketplace.”

Other Developments

  • The Government Accountability Office (GAO) released a report on the confused nature of the United States’ (U.S.) government efforts to address longstanding, endemic cybersecurity issues that will likely renew calls for a National Cyber Director position to be created in the White House. Moreover, Congress could revisit and clarify current lines of authority and responsibility for a more streamlined, transparent, and accountable structure to oversee federal and private sector cybersecurity.  The report was requested by the chair and ranking member of the Senate Homeland Security & Governmental Affairs Committee, the chair of the House Oversight Committee, and three of the four members of the Cyberspace Solarium Commission serving in Congress.
    • The GAO found:
      • The White House’s September 2018 National Cyber Strategy and the NSC’s accompanying June 2019 Implementation Plan detail the executive branch’s approach to managing the nation’s cybersecurity. When evaluated together, these documents addressed several of the desirable characteristics of national strategies, but lacked certain key elements for addressing others.
      • While the National Cyber Strategy and Implementation Plan address some of the characteristics of an effective national strategy, additional efforts are needed to fully incorporate risk assessment; performance measures; and resources, investments, and risk management into the executive branch’s cybersecurity strategy. Further, our previous reviews, as well as other studies, have highlighted the need for responsibility and accountability for leading and overseeing national cybersecurity policy to be elevated to the White House. Although NSC staff is tasked with the coordination of efforts to carry out the National Cyber Strategy and its accompanying Implementation Plan, there is a lack of clarity around how it plans on accomplishing this. Without effective and transparent leadership that includes a clearly defined leader, a defined management process, and a formal monitoring mechanism, the executive branch cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and ultimately overcome this urgent challenge
    • The GAO recommended that Congress consider “legislation to designate a leadership position in the White House with the commensurate authority—for example, over budgets and resources—to implement and encourage action in support of the nation’s cyber critical infrastructure, including the implementation of the National Cyber Strategy.”
    • The GAO recommended to the National Security Council:
      • The Chairman of the National Security Council, or his designee, should work with relevant federal entities to update strategy documents related to the nation’s cybersecurity to better reflect desirable characteristics of a national strategy, to include:
        • an assessment of cyber-related risk, based on an analysis of the threats to, and vulnerabilities of, critical assets and operations;
        • measures of performance and formal mechanism to track progress of the execution of activities; and
        • an analysis of the cost and resources needed to implement the National Cyber Strategy. (Recommendation 1)
  • The United States (U.S.) and the United Kingdom (UK) issued a declaration “on Cooperation in Artificial Intelligence Research and Development: A Shared Vision for Driving Technological Breakthroughs in Artificial Intelligence.” The U.S. and UK committed to cooperate on research and development on artificial intelligence (AI), a key emphasis of the Trump Administration which sees this realm as being crucial for maintaining U.S. military and technological superiority over adversaries like the People’s Republic of China (PRC) and the Russian Federation. The U.S. and UK stated:
    • Building on the US-UK Science and Technology Agreement signed in September 2017, we intend to advance our shared vision and work towards an AI R&D ecosystem that embodies this approach by:
      • Taking stock of and utilizing existing bilateral science and technology cooperation (e.g., the Memorandum of Understanding between the U.S. National Science Foundation and UK Research and Innovation on Research Cooperation) and multilateral cooperation frameworks;
      • Recommending priorities for future cooperation, particularly in R&D areas where each partner shares strong common interest (e.g., interdisciplinary research and intelligent systems) and brings complementary challenges, regulatory or cultural considerations, or expertise to the partnerships;
      • Coordinating as appropriate the planning and programming of relevant activities in these areas, including promoting researcher and student collaboration that could potentially involve national partners, the private sector, academia, and the scientific community to further our efforts by harnessing the value of public-private partnerships; and
      • Promoting research and development in AI, focusing on challenging technical issues, and protecting against efforts to adopt and apply these technologies in the service of authoritarianism and repression.
      • We intend to establish a bilateral government-to-government dialogue on the areas identified in this vision and explore an AI R&D ecosystem that promotes the mutual wellbeing, prosperity, and security of present and future generations.
  • A bipartisan task force comprised of Members of the House Armed Services Committee published its recommendations that call for a dramatic remaking of funding and the structure of the United States’ (U.S.) military over the next few decades to meet the waning threat posed by the Russian Federation and the waxing threat posed by the People’s Republic of China (PRC). The Future of Defense Task Force asserted:
    • The stakes could scarcely be higher. The national security challenges the United States faces today are existential, and they cannot be met by simply doubling down on old models of policy and investment. Our adversaries are surging around the globe in a long-game effort to supplant western-style democracy with a form of authoritarianism that cloaks itself in capitalism as it undermines personal liberties and freedoms. The United States must recognize that without a new commitment to achieving technological superiority, the successes of the 20thcentury–the American Century–will no longer be assured.
    • The task force made these findings:
      • I. China represents the most significant economic and national security threat to the United States over the next 20 to 30 years. Because of its nuclear arsenal and ongoing efforts to undermine Western democratic governments, Russia presents the most immediate threat to the United States; however, Russia’s long-term economic forecast makes its global power likely to recede over the next 20 to 30 years.
      • II.As a result of historic levels of government-sponsored science and technology research, and the inherent advantages of a free market economy, the United States emerged from the Cold War with a substantial economic and military lead over any potential rival. However, these gaps have dramatically narrowed. China will soon overtake the United States as the world’s largest economy, and despite historic defense budgets, the United States has failed to keep pace with China’s and Russia’s military modernization.
      • III. Assuring the United States’ continued leadership will require dramatic changes to the structure and implementation of the defense budget, the effective implementation of a whole-of-government approach to security, and the strengthening of underlying institutions such as our education system and national security innovation base to out-pace our adversaries.
      • IV. Advancements in artificial intelligence, biotechnology, quantum computing, and space, cyber, and electronic warfare, among others, are making traditional battlefields and boundaries increasingly irrelevant. To remain competitive, the United States must prioritize the development of emerging technologies over fielding and maintaining legacy systems. This will require significant changes to the Pentagon’s force structure, posture, operational plans, and acquisition system and must be complemented by a tough and fulsome review of legacy systems, platforms, and missions.
      • V. The Pentagon’s emerging operational concepts have the potential to provide the U.S. military a decisive advantage, but they are not yet fully viable. To address current and future threats and deter conflict, the Department of Defense must more aggressively test new operational concepts against emerging technologies.
      • VI. To endure as the leading global power with preeminent economic might, political influence, and a resilient national security apparatus, the United States must strengthen and modernize geopolitical alliances with longstanding allies while establishing new alliances to meet emerging threats.
      • VII. Technological advancements in artificial intelligence and biotechnology will have an outsized impact on national security; the potential of losing this race to China carries significant economic, political, and ethical risks for the United States and our free democratic allies for decades to come. Winning this race requires a whole-of-nation approach where the distinct advantages of both America’s private and public sector are harnessed and synthesized.
      • VIII. Increased government investment in basic scientific research must be complemented by increased cooperation with the private sector to quickly adopt resulting technologies. The Department of Defense and elements of the greater U.S. government must adapt their culture and business practices to better support, and more quickly integrate, innovation from the private sector.
      • IX. Whereas emerging technologies offer tremendous opportunities for commercial and social transformation, many are also fraught with the potential for nefarious use. It is essential that the United States and our free democratic allies set and enforce the terms and norms for their employment.
      • X. Authoritarianism is on the rise globally, whereas democracy is waning. A whole-of-government approach to national security should be led by diplomacy and economic cooperation, supported by development and humanitarian assistance, and strengthened by military-to-military relationships.
      • XI.The United States is most likely to succeed by playing to our strengths: a free, fair, and open economy, strong education system, and a culture for innovation that rests on the open market and free democratic principles.
  • The top Democrats and Democratic Leadership in the Senate introduced the “America Labor, Economic competitiveness, Alliances, Democracy and Security (America LEADS) Act” which is characterized as the “Senate Democrats’ proposal for a new United States (U.S.)-China policy” according to a press release. The sponsors of the bill argued:
    • The most comprehensive China legislation to date, the America LEADS Act seeks to recognize that only when we have a vibrant economy here at home can we truly compete with China abroad.  The legislation provides significant new investments to rebuild the U.S. economy and provide our workers, entrepreneurs, researchers, and manufacturers with the skills and support needed to out-compete China and succeed in the twenty-first century. The proposal includes over $350 billion in new funding to synchronize and mobilize all aspects of U.S. national power. This approach is grounded in getting the broader Indo-Pacific strategy “right,” centered on our alliances and partnerships, animated by America’s longstanding values, and driven by the need for a course correction, after almost four years of destruction under President Trump.
    • They summarized the provisions of the bill:
      • Invests in American workers and restores United States’ competitiveness in science and technology, manufacturing, global infrastructure, digital technologies, and global clean energy development, by increasing federal funding for research and development, including investment to lead in the development and production of new and emerging technologies like 5G, quantum, and artificial intelligence that will define the twenty-first century, taking action to strengthen domestic supply chains, and providing support for domestic manufacturing industries like seminconductors. 
      • Confronts China’s education and influence campaigns by requiring new reporting requirements and invests in registered apprenticeships, training, and STEM education programs with a focus on building a diverse and inclusive innovation and manufacturing workforce for the 21st Century.
      • Renews and reorients the United States’ diplomatic strategy towards China centered on America’s commitment to its allies around the world and in the Indo-Pacific region, including Japan, South Korea, the Philippines, Australia, Thailand, and Taiwan, and calls for the United States to reassert its leadership within regional and international organizations, like the World Health Organization and the G7.
      • Reaffirms America’s strong security commitment in the Indo-Pacific and a forward-deployed posture in the region to ensure that all nations can exercise their rights in the region’s international waters and airspace, and directs the United States to provide additional assistance and training to countries under the Indo-Pacific Maritime Security Initiative. The bill also provides regional strategies to confront malign PRC influence in the Western Hemisphere, South and Central Asia, Africa, the Arctic region, and the Middle East and North Africa.
      • Invests in our values, authorizing a broad range of efforts to support human rights and civil society measures, especially as they relate to Tibet, the Xinjiang Uyghur Autonomous Region (XUAR), and Hong Kong, including allowing certain Hong Kong citizens and residents of Xinjiang to apply for admission to the United States.  The bill also directs the President to report foreign persons identified for engaging in and facilitating forced labor in China and to apply sanctions to Chinese officials complicit in human rights violations. 
      • Focuses on countering and confronting China’s predatory international economic behavior, and includes measures to strengthen trade enforcement across a wide range of areas, including intellectual property, supply chains, currency manipulation, and counterfeit goods.
  • Senators Rick Scott (R-FL) and Catherine Cortez Masto (D-NV) unveiled the “American Privacy Protection (APP) Act” (S.4669) that would “require the Federal Trade Commission (FTC) to ensure all entities that operate application platforms disclose the location in which the application was developed and where data collected by the application is stored” according to their press release. This bill flows from “recent security concerns about apps made by U.S. adversaries, including Communist China and Russia,” such as TikTok and WeChat.
  • The United States (U.S.) Federal Energy Regulatory Commission (FERC) issued a notice of inquiry and asked for comments on:
    • the potential risks to the bulk electric system posed by using equipment and services produced or provided by entities identified as risks to national security.
    • whether the current Critical Infrastructure Protection (CIP) Reliability Standards adequately mitigate the identified risks.
    • possible actions the Commission could consider taking to address the identified risks.
    • The Department of Defense (DOD), Federal Communications Commission (FCC), and other U.S. agencies are undertaking similar efforts to root out what they consider suspicious, malicious, or compromised parts, equipment, or systems that would allow nations like the People’s Republic of China (PRC) to access, impair, or cripple critical infrastructure. Even though nations other than the PRC are listed in this RFI, as a practical matter, the PRC is the focus since so much of the world’s electronics supply chain originates in that country.
    • FERC explained:
      • On October 18, 2018, the Commission approved the first set of supply chain risk management Reliability Standards in Order No. 850. The Commission described the supply chain risk management Reliability Standards as “forward-looking and objective-based and require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations.”In approving the supply chain risk management Reliability Standards, the Commission recognized that “the global supply chain creates opportunities for adversaries to directly or indirectly affect the management or operations of companies with potential risks to end users.”
      • Since the issuance of Order No. 850, there have been significant developments in the form of Executive Orders, legislation, as well as federal agency actions that raise concerns over the potential risks posed by the use of equipment and services provided by certain entities identified as risks to national security. In particular, Huawei Technologies Company (Huawei) and ZTE Corporation (ZTE) have been identified as examples of such certain entities because they provide communication systems and other equipment and services that are critical to bulk electric system reliability.
      • Therefore, as discussed in this Notice of Inquiry, the Commission seeks comments on: (1) The extent of the use of equipment and services provided by certain entities identified as risks to national security related to bulk electric system operations; (2) the risks to bulk electric system reliability and security posed by the use of equipment and services provided by certain entities; (3) whether the CIP Reliability Standards adequately mitigate the identified risks; (4) what mandatory actions the Commission could consider taking to mitigate the risk of equipment and services provided by certain entities related to bulk electric system operations; (5) strategies that entities have implemented or plan to implement—in addition to compliance with the mandatory CIP Reliability Standards—to mitigate the risks associated with use of equipment and services provided by certain entities; and (6) other methods the Commission may employ to address this matter including working collaboratively with industry to raise awareness about the identified risks and assisting with mitigating actions (i.e., such as facilitating information sharing). The responses to these questions will provide the Commission with a better understanding of the risks to bulk electric system reliability posed by equipment and services provided by entities identified as risks to national security, as well as how the Commission may best address any identified risks.
    • This inquiry follows related actions. In July, acting per an early May executive order, the Department of Energy (DOE) has released a request for information (RFI) “to understand the energy industry’s current practices to identify and mitigate vulnerabilities in the supply chain for components of the bulk-power system (BPS).” In late June, the FERC sought “comment on certain potential enhancements to the currently-effective Critical Infrastructure Protection (CIP) Reliability Standards,” and in mid-June, the FERC released a staff “Cybersecurity Incentives Policy White Paper” that made the case that the agency should create an incentive structure beyond the existing mandatory and binding cybersecurity regulations to prompt utilities to invest more in defending their systems.
  • The United Kingdom’s Department for Digital, Culture, Media & Sport released six principles to “strengthen digital identity delivery and policy in the UK” and floated the possibility of “legislation for consumer protection relating to digital identity, specific rights for individuals, an ability to seek redress if something goes wrong, and set out where the responsibility for oversight should lie. It will also consult on the appropriate privacy and technical standards for administering and processing secure digital identities.” The six principles were developed by “[a] new government Digital Identity Strategy Board:
    • 1) Privacy – When personal data is accessed people will have confidence that there are measures in place to ensure their confidentiality and privacy; for instance, a supermarket checking a shopper’s age, a lawyer overseeing the sale of a house or someone applying to take out a loan.
    • 2) Transparency – When an individual’s identity data is accessed when using digital identity products they must be able to understand by who, why and when; for example, being able to see how your bank uses your data through digital identity solutions.
    • 3) Inclusivity – People who want or need a digital identity should be able to obtain one; for example, not having documentation such as a passport or driving licence should not be a barrier to not having a digital identity.
    • 4) Interoperability – Setting technical and operating standards for use across the UK’s economy to enable international and domestic interoperability.
    • 5) Proportionality – User needs and other considerations such as privacy and security will be balanced so digital identity can be used with confidence across the economy.
    • 6) Good governance – Digital identity standards will be linked to government policy and law. Any future regulation will be clear, coherent and align with the government’s wider strategic approach to digital regulation. For example, firms verifying your identity will need to comply with laws around how they access and store data.
  • Basecamp, Blix, Blockchain.com, Deezer, Epic Games, the European Publishers Council, Match Group, News Media Europe, Prepear, Protonmail, SkyDemon, Spotify, and Tile have formed the Coalition for App Fairness (CAF) to “advocate for enforcement and reforms, including legal and regulatory changes, to preserve consumer choice and a level playing field for app and game developers that rely on app stores and the most popular gatekeeper platforms.” This Coalition follows on the heels of Epic Games suing Apple and Google about their app store practices, namely taking 30% of all in-app purchases. This organization “developed and published a set of 10 “App Store Principles” laying out how they think app stores should be designed and run.

Further Reading

  • Intel chief releases Russian disinfo on Hillary Clinton that was rejected by bipartisan Senate panel” By Andrew Desiderio and Daniel Lippman — Politico. New Director of National Intelligence (DNI) John Ratcliffe released an unclassified version of allegations that former Secretary of State Hillary Clinton was working with the Russian Federation against Donald Trump in 2016. Ratcliffe released this information even though the Senate Intelligence Committee dismissed it as Russian disinformation, and the timing is curious, coming so close to the election.
  • At White House’s urging, Republicans launch anti-tech blitz ahead of election” By Cristiano Lima and John Hendel — Politico. This article shows how the White House’s pressure on Senate and House Republicans has borne fruit as they have focused on technology companies’ supposed bias against conservatives. Not only is this a narrative they can push, but the threat of regulatory and statutory changes to their liability shield also serve the same purpose that professional sports coaches seek when complaining about referees in advance of matches.
  • Coordinated push of groundless conspiracy theories targets Biden hours before debate” By Ben Collins — NBC News. This article shows how lies and information can get traded up the chain until legitimate news outlets cover baseless claims.
  • Russian operation masqueraded as right-wing news site to target U.S. voters – sources” By Jack Stubbs — Reuters. The Federal Bureau of Investigation (FBI) has turned up another Internet Research Agency run disinformation operation offering fake information and content from the right wing. Like the recently uncovered Peace Data site, the Newsroom for American and European Based Citizens (NAEBC) was reposting content from conservative sites and paying unwitting Americans to write for the site. Like Peace Data, the IRA then spread and amplified this slanted content on social media as a means of once again disseminating disinformation and chaos in the United States.
  • Google to Pay Publishers Over $1 Billion for News Content” By Natalia Drozdiak — Bloomberg. As announced by Google and Alphabet CEO Sundar Pichai, Google will pay some media outlets up to $1 billion over the next three years  “to create and curate high-quality content for a different kind of online news experience” for its new product, Google News Showcase. Pichai claimed:
    • This approach is distinct from our other news products because it leans on the editorial choices individual publishers make about which stories to show readers and how to present them. It will start rolling out today to readers in Brazil and Germany, and will expand to other countries in the coming months where local frameworks support these partnerships.
    • Google’s announcement comes as the company and the Australian Competition and Consumer Commission (ACCC) are fighting over the latter’s proposal to ensure that media companies are compensated for articles and content the former uses. In late July the ACCC released for public consultation a draft of “a mandatory code of conduct to address bargaining power imbalances between Australian news media businesses and digital platforms, specifically Google and Facebook.”
    • The European Publishers Council (EPC) noted
      • The French Competition Authority decision from April considered that Google’s practices were likely to constitute an abuse of a dominant position and brought serious and immediate damage to the press sector. It calls on Google, within three months, to conduct negotiations in good faith with publishers and press agencies on the remuneration for their protected content. Google’s appeal in July seeks to get some legal clarity on parts of the decision.
    • Moreover, the European Union (EU) Directive on Copyright in the Digital Single Market is being implemented in EU member states and would allow them to require compensation from platforms like Facebook and Google. The EPC claimed:
      • Many are quite cynical about Google’s perceived strategy. By launching their own product, they can dictate terms and conditions, undermine legislation designed to create conditions for a fair negotiation, while claiming they are helping to fund news production.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s