Further Reading, Other Developments, and Coming Events (3 February 2021)

Further Reading

  • What We Learned From Apple’s New Privacy Labels” By Brian X. Chen — The New York Times. Another look at the App Store privacy labels Apple has rolled out and how confusing they can be. It can be confusing to compare the privacy and data usage afforded by a developer such that its often like comparing apples and oranges.
  • The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack” by Peter Elkind and Jack Gillum — ProPublica. A free program developed with funding provided by the National Science Foundation (NSF) would have likely made it harder for the SVR to penetrate SolarWinds’ systems and use their updates as Trojan Horses to penetrate thousands of entities, including United States departments and agencies. No one has a good explanation of why this program was not made mandatory in federal systems and for federal contractors.
  • Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources” By Christopher Bing, Jack Stubbs, Raphael Satter, and Joseph Menn — Reuters. Speaking of SolarWinds, it appears hackers associated with the People’s Republic of China (PRC) may have also penetrated and then used the company’s software to get into United States (U.S.) government systems. In this case, it appears a bureau inside the Department of Agriculture that handles payroll information for federal employees was compromised. And, as unlikely as it seems, this entity, the National Finance Center, handles the payroll for a number of agencies with security responsibilities including the Federal Bureau of Investigation and the Departments of Homeland Security, State and Treasury. This mirrors the PRC’s monumental hack of the Office of Personnel Management in the Obama Administration that continues to have implications today, especially in making it harder for American intelligence operatives overseas. And more concerning is that the PRC hackers used a different vulnerability than the Russians did.
  • Important stories hidden in Google’s ‘experiment’ blocking Australian news sites” By Nick Evershed — The Guardian. The search engine and online advertising giant has already begun experiments on blocking or deprioritizing search results ahead of the enactment of the “Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Bill 2020” that would require Google and Facebook to pay for the use of Australian media content. Major news sites are sometimes not findable nor are articles on those sites even if people are searching for them. Google claims this is just an experiment to gather data.
  • In cyber espionage, U.S. is both hunted and hunter” By Zach Dorfman — Axios. This piece makes the argument that whatever the Russian Federation and the People’s Republic of China have pilfered via SolarWinds vulnerabilities, United States (U.S.) hackers have and are engaging in the same activities.
  • Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too” By Rob Knake — Council on Foreign Relations. This piece covers some of the misalignment of incentives that may have caused some companies that successfully fended off the SolarWinds hack from sharing information so other companies could defend themselves. The author even suggests the time may have arrived for mandatory information sharing through a government hub such as the Cybersecurity and Infrastructure Security Agency (CISA).

Other Developments

  • Alejandro Mayorkas was confirmed by a 56-43 vote to be the next Secretary of Homeland Security, a position that has not been filled with a Senate-confirmed nominee since former Secretary Kirstjen Nielsen resigned in April 2019. Mayorkas’ nomination had been held by Senator Josh Hawley (R-MO) over potential Biden Administration immigration policy. However, to date, the White House has not named its nominee to head the Cybersecurity and Infrastructure Security Agency (CISA) nor the newly established National Cyber Director.
  • The new top Republican on the House Energy and Commerce Committee issued her “Big Tech Accountability Platform,” in which she cast “Big Tech” as “a destructive force to our society because of its attack on freedom of speech and the truth….principles…central to the foundations of our democracy and the Promise of America.” Ranking Member Cathy McMorris Rodgers (R-WA) laid out her priorities as the leader of the minority party on the primary committee of jurisdiction over technology in the House of Representatives. However, she conspicuously omitted any mention of privacy legislation and a number of other legislative areas. A year ago, McMorris Rodgers, then the ranking member on the Consumer Protection and Commerce Subcommittee, issued a privacy discussion draft with Chair Jan Schakowsky (D-IL) (see here for more analysis.) It is not clear from McMorris Rodgers’ policy statement the degree to which she is interested in working with the majority on the committee, in the House, and in the Senate on privacy legislation. The omission of privacy from her document may be a way of preserving maximum flexibility on federal privacy legislation and signaling to Democrats she wants to work with them. Nevertheless, McMorris Rodgers repeats the by now Republican orthodoxy that “Big Tech” is biased against them and is trampled their free speech rights in violation of the First Amendment despite no serious evidence of this being true.
    • Nevertheless, McMorris Rodgers suggested to the Republican Members of the committee that they seek to work in bipartisan fashion with Democrats on legislation and proposed a sunset provision on 47 USC 230 (Section 230), which would bring this legal shield’s protection to an end on a date in the future.
    • McMorris Rodgers stated “[o]ur Big Tech Accountability Platform will be guided by four principles: 1) increasing meaningful transparency; 2) enhancing oversight and accountability; 3) pushing for consistency and objectivity; and 4) exploring competition issues so innovation is unleashed, not quashed.”
    • McMorris Rodgers identified the “BIG TECH ISSUES TO BE ADDRESSED:”
      • Big Tech Responsibility:
        • Section 230 Reform: Consider several proposals requiring Big Tech to manage their platforms more responsibly, including repealing their liability protection when they neglect their “Good Samaritan” obligations;
        • Content Policies and Enforcement: Require disclosures regarding how Big Tech develops its content policies and require regular disclosures about content policy enforcement, including the types of content taken down and why, and clearly understood appeals processes;
        • Law Enforcement: Establish concrete means for Big Tech to communicate, consult, and coordinate with law enforcement to address illicit content on their platform, such as illegal sale of opioids, terrorist and violent extremists’ content, and other issues. We must ensure online threats are acted upon and evidence preserved;
        • Our Children: Explore and expose how Big Tech hurts children, including how Big Tech contributes to suicides and anxiety, especially in young girls; how Big Tech uses algorithms to drive addiction; and the role Big Tech plays in child grooming and trafficking;
        • Election Issues: Explore the role Big Tech plays in elections, particularly when it comes to their bias and censorship of news articles, such as the New York Post article they suppressed leading to the 2020 election; and
        • Deplatforming: Explore ways in which Big Tech makes decisions to deplatform users and whether some remedy to challenge those decisions should be available.
      • Big Tech Power:
        • App Stores: Explore Apple and Google’s app store policies, including how their decisions to remove or host certain apps limits or increases consumer choice;
        • Coordination: Explore how Big Tech wields its power and the groupthink that develops to silence the truth;
        • Media: Explore how Big Tech influences traditional media, including local media, how their power restricts consumer choice, and how they wield that power to build a narrative and control the stories we see online;
        • Data: Explore Big Tech’s mass accumulation of data and how it impacts new entrants’ ability to compete and create consumer choice; and
        • E-Commerce Marketplace Power: Explore how Big Tech wields its e-commerce power over consumer choice.
  • House Foreign Affairs Committee Ranking Member Michael McCaul (R-TX), House Armed Services Committee Ranking Member Mike Rogers (R-AL), Representative Elise Stefanik (R-NY), and 22 other House Republicans have written President Joe Biden “to engage with our allies on emerging technology issues” because “China is undoubtedly the greatest military, economic, and geopolitical threat to the United States and our allies in this century, as exemplified by the Chinese Communist Party’s (CCP) effort to lead the world in critical emerging technologies like 5G communications and artificial intelligence.”

Coming Events

  • On 3 February, the Senate Commerce, Science, and Transportation Committee will consider the nomination of Rhode Island Governor Gina Raimondo to be the Secretary of Commerce.
  • On 17 February, the Federal Communications Commission (FCC) will hold an open meeting, its first under acting Chair Jessica Rosenworcel, with this tentative agenda:
    • Presentation on the Emergency Broadband Benefit Program. The Commission will hear a presentation on the creation of an Emergency Broadband Benefit Program. Congress charged the FCC with developing a new $3.2 billion program to help Americans who are struggling to pay for internet service during the pandemic.
    • Presentation on COVID-19 Telehealth Program. The Commission will hear a presentation about the next steps for the agency’s COVID-19 Telehealth program. Congress recently provided an additional $249.95 million to support the FCC’s efforts to expand connected care throughout the country and help more patients receive health care safely.
    • Presentation on Improving Broadband Mapping Data. The Commission will hear a presentation on the work the agency is doing to improve its broadband maps. Congress directly appropriated $65 million to help the agency develop better data for improved maps.
    • Addressing 911 Fee Diversion. The Commission will consider a Notice of Proposed Rulemaking that would implement section 902 of the Don’t Break Up the T-Band Act of 2020, which requires the Commission to take action to help address the diversion of 911 fees by states and other jurisdictions for purposes unrelated to 911. (PS Docket Nos. 20-291, 09-14)
    • Implementing the Secure and Trusted Communications Networks Act. The Commission will consider a Third Further Notice of Proposed Rulemaking that proposes to modify FCC rules consistent with changes that were made to the Secure and Trusted Communications Networks Act in the Consolidated Appropriations Act, 2021. (WC Docket No. 18-89)
  • On 27 July 2021, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Peter H from Pixabay

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s