Other Developments, Further Reading, and Coming Events (23 March 2021)

Artificial Intelligence, Big Data, CCPA, CISA, Coming Events, Cybersecurity, Data Flows, Data Protection, data security, DHS, DOD, EDPB, EU, FTC, Further Reading, GDPR, Misinformation, NDAA, News Industry, Other Developments, People's Republic of China, privacy, Section 230, Social Media, Technology, Telecommunications 21 Minutes

Other Developments

  • A United States (U.S.) federal court has ruled for a company from the People’s Republic of China (PRC) in granting a preliminary injunction against the Department of Defense’s (DOD) designation of the entity as designation as a Communist Chinese military company. This ruling will almost certainly encourage many of the other PRC companies to file for injunctions against their designation as such (the lists of these companies are here, here, here, and here.)The DOD determined Xiaomi (“the third-largest smartphone manufacturer in the world by volume”) to be a Communist Chinese military company under a little used authority granted by Congress in 1998, and such a designation could cut off the company from access to technology and markets.
    • Section 1237 of the National Defense Authorization Act for Fiscal Year 1999 (P.L. 105-261) grants the President authority to “exercise International Emergency Economic Powers Act (IEEPA) authorities (other than authorities relating to importation) without regard to section 202 of the IEEPA (50 U.S.C. 1701) in the case of any commercial activity in the United States by a person that is on the list.” Of course, IEEPA grants the President sweeping powers to prohibit transactions and block property and property interests for nations and other groups subject to an IEEPA national emergency declaration. Consequently, those companies identified by the DOD on a list per Section 1237 could be blocked and prohibited from doing business with U.S. entities and others and those that do business with such Chinese companies could be subject to enforcement actions by the U.S. government (e.g. the U.S.’s actions against ZTE for doing business with Iran in violation of an IEEPA national emergency).
    • The United States District Court for the District of Columbia (Court) noted Xiaomi sought an injunction to stop the DOD from enforcing the Section 1237 designation that “forbids all U.S. persons from purchasing or otherwise possessing Xiaomi’s publicly traded securities or any derivatives of said securities.” The Court found “that the issuance of a preliminary injunction here is an appropriate exercise of its discretion, given that Plaintiffs have shown both a high likelihood of success on the merits on their Administrative Procedure Act (APA) claims and that, absent relief, they will suffer irreparable harm in the form of serious reputational and unrecoverable economic injuries.”
  • California officials have named the members of the new California Privacy Protection Agency (CPPA) established by Proposition 24, the “California Privacy Rights Act,” that takes effect in 2023. In their press release, Governor Gavin Newsom (D) and others claimed:
    • The California Privacy Protection Agency will have full administrative power, authority, and jurisdiction to implement and enforce the California Consumer Privacy Act and the California Privacy Rights Act. The Board will appoint the Agency’s executive director, officers, counsel and employees. The Agency may bring enforcement actions related to the CCPA or CPRA before an administrative law judge. The Attorney General will retain civil enforcement authority over the CCPA and the CPRA.
    • They provided the names and biographies of those selected to the CPPA Board:
      • Jennifer M. Urban, 47, of Kensington, has been appointed Chair of the California Privacy Protection Agency Board by Governor Newsom. Urban has been a Clinical Professor of Law and Director of Policy Initiatives for the Samuelson Law, Technology and Public Policy Clinic at the University of California, Berkeley School of Law since 2009, where she has held multiple positions since 2002, including Fellow, Lecturer, and Visiting Acting Clinical Professor of Law. She was a Clinical Professor of Law and the founding Director of the Intellectual Property and Technology Law Clinic at the University of Southern California, Gould School of Law from 2004 to 2009. Urban was a Visiting Associate Professor of Law and Interim Director of the Cyberlaw Clinic at Stanford Law School from 2007 to 2008. She was an Attorney in the IP Group at Venture Law Group from 2000 to 2001. Urban is a member of the American Association of Law Schools, American Intellectual Property Law Association, Takedown Research Network, American Civil Liberties Union, and Authors Alliance. She earned a Juris Doctor degree from the University of California, Berkeley School of Law. This position does not require Senate confirmation and the compensation is $100 per diem. Urban is registered without party preference.
      • John Christopher Thompson, 49, of Pasadena, has been appointed to the California Privacy Protection Agency Board by Governor Newsom. Thompson has been Senior Vice President of Government Relations at LA 2028 since 2020. He held multiple positions at Southern California Edison from 2013 to 2020, including Vice President of Local Public Affairs and Vice President of Decommissioning. Thompson held multiple positions in the United States Senate from 2003 to 2013, including Chief of Staff, Legislative Director, and Legislative Assistant. He was a Legislative Assistant at the United States House of Representatives from 1996 to 2001. Thompson is a member of the California Science Center Foundation, Public Media Group of Southern California, and Public Policy Institute of California Statewide Leadership Council. This position does not require Senate confirmation and the compensation is $100 per diem. Thompson is a Democrat.
      • Angela Sierra is the designee of Attorney General Xavier Becerra. Sierra recently served as Chief Assistant Attorney General of the Public Rights Division, overseeing the work of the Division’s over 400 employees in areas related to safeguarding civil rights, protecting consumers against misleading advertising claims, fraudulent business practices and privacy violations, maintaining competitive markets, protecting consumers’ health care rights, preserving charitable assets and safeguarding the State’s natural resources and environment. As the Chief of the Public Rights Division, Sierra oversaw the Consumer Protection Section’s Privacy Unit, including the Unit’s multi-state data-breach settlement with Equifax in 2019 that resolved allegations that the credit reporting agency improperly exposed the personal information of 147 million consumers, including 15 million Californians. During her 33-year career at the Department of Justice, Sierra worked on a broad range of issues, including, police practices, voting rights, housing and employment discrimination, immigrant rights, civil prosecution of hate crimes, discriminatory business practices, disability access, reproductive rights, environmental justice, Native American cultural protection, and access to education. Sierra is also a seasoned litigator and appellate advocate with administrative law and rulemaking experience and throughout her career has worked closely with a wide array of state agencies.
      • Lydia de la Torre is the President Pro Tem’s nominee to the CPPA Board. Since 2017, de la Torre has been a professor at Santa Clara University Law School, where she has taught privacy law and co-directed the Santa Clara Law Privacy Certificate Program, a cutting-edge program that enables students to graduate ready to practice privacy law. She also has served as of-counsel to Squire Patton Boggs, where she specialized in privacy, data protection, and cybersecurity. She is leaving the law firm to take on this appointment, and during a short transition out of the firm, she will not be participating in any firm meetings or business related to the CPRA. Lydia de la Torre is an international expert in data protection issues generally and in the European Union’s General Data Protection Regulation (GDPR) in particular. Her expertise will bring a unique knowledge to the CPPA Board and to California in its examination of these international issues at the state level.
      • Vinhcent Le is the designee of Speaker Anthony Rendon. Le currently serves as a Technology Equity attorney at the Greenlining Institute, focusing on consumer privacy, closing the digital divide, and preventing algorithmic bias. Le’s work has helped secure funding to increase broadband access, improve and modernize the California Lifeline Program, and create a program to provide laptops to low-income students in California. Prior to his current position, he served as a law clerk in the Orange County Public Defenders Office, the Office of Medicare Hearing and Appeals, and the Small Business Administration. Le received a J.D. from the University of California, Irvine School of Law, and a B.A. in Political Science from the University of California, San Diego.
  • The European Data Protection Board (EDPB) adopted final guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR) for purposes of data protection authorities conferring on and possibly disagreeing with enforcement agencies. Having an agreed upon definition and construction of the term “relevant and reasoned objection” as used in how the GDPR established this process would help, at last in the view of the EDPB (see here for more detail and analysis of the draft guidelines released in fall 2020.) Notably, this term came into play when a number of DPAs objected to the fine of Twitter Ireland’s Data Protection Commission (DPC) sought to levy on Twitter for data breaches, a dispute that ultimately triggered the Articles 60 and 65 process under which the EDPB stepped in and settled the dispute (see here for more detail and analysis.)
  • The chair, ranking member and other members of the Senate Homeland Security and Governmental Affairs Committee asked the Government Accountability Office (GAO) was asked to determine how well the Cybersecurity Security and Infrastructure Agency (CISA) has done in meeting the requirements of the “Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018” (P.L. 115-278) in establishing itself and exercising the full scope of its intended authority. CISA was created from the former National Protection and Programs Directorate (NPPD) and equipped with a new structure and additional powers. The GAO has found the transition and standing up of CISA to be wanting in a number of areas that will bring Congressional scrutiny to bear and likely a response from the new administration once it nominates a CISA Director and staffs the agency. One could even conceive of language attached to funding for FY 2022 requiring the agency to meet some of the goals laid out by the GAO. The GAO noted the scope of its evaluation:
    • to review CISA’s efforts to establish and implement its organizational transformative initiative and its ability to coordinate effectively with stakeholders. Our specific objectives were to (1) describe CISA’s organizational transformation initiative; (2) assess the progress of CISA’s organizational transformation initiative, as well as any impact of the Coronavirus Disease 2019 (COVID-19) pandemic on these efforts; (3) determine the extent to which CISA’s organizational transformation efforts align with key practices for effective agency reforms, including organizational transformations; and (4) identify challenges, if any, that exist in CISA’s efforts to coordinate with government and private-sector stakeholders, and strategies the agency has developed to address these challenges.
    • The GAO concluded:
      • With the passage of the CISA Act, the agency has been engaged in a transformation initiative intended to establish an organizational structure in accordance with the act’s requirements and position it to carry out its cybersecurity, infrastructure protection, and emergency communications missions. In accordance with its statutory responsibilities, CISA has established a new organizational structure, developed a service and product delivery approach, and taken steps to implement its planned organizational changes. However, delays have occurred in fully implementing the changes. Recent cyber incidents have highlighted the importance of fully implementing CISA’s organizational changes so that it is positioned to lead national efforts to identify and manage cyber and other risks to critical infrastructure. By establishing completion dates for delayed phase-three tasks and an overall deadline for the completion of the transformation initiative, CISA will be better positioned to complete its organizational transformation without additional delays.
      • In addition, while CISA’s plans for its organizational transformation generally addressed key practices for effective agency reforms in areas, gaps in addressing other key practices, such as establishing goals and outcomes and managing and monitoring its efforts, could hinder the full effectiveness of the agency’s reorganization. Addressing each of key practices will better position CISA to ensure the success of its reorganization efforts and carry out its mission to lead national efforts to identify and respond to cyber and other risks.
      • Finally, critical infrastructure stakeholders we spoke to identified challenges that could hinder CISA’s efforts to ensure effective coordination. CISA has taken actions to mitigate challenges in the areas of timely responses to stakeholder request and lack of access to actionable intelligence. However, it has not taken adequate actions in the areas of communicating organizational changes to stakeholders, involving stakeholders in the development of sector-specific guidance, and including appropriate parties in all communication channels. By assessing and enhancing aspects of its communication and collaboration with these stakeholders, CISA could help address challenges they identified and better ensure that they have the information needed to identify and respond to cyberattacks and other risks affective the nation’s critical infrastructure.
    • The GAO made the following extensive recommendations:
      • The Director of CISA should establish expected completion dates for those phase three tasks that are past their completion dates, with priority given to those tasks critical to mission effectiveness. (Recommendation 1)
      • The Director of CISA should establish an overall deadline for the completion of the transformation initiative. (Recommendation 2)
      • The Director of CISA should establish plans, including time frames, for developing outcome-oriented performance measures to gauge the extent to which the agency’s efforts are meeting the goals of the organizational transformation. (Recommendation 3)
      • The Director of CISA should collect input to ensure that organizational changes are aligned with the needs of stakeholders, taking into account coordination challenges identified in this report. (Recommendation 4)
      • The Director of CISA should establish processes for monitoring the effects of efforts to reduce fragmentation, overlap, and duplication including identifying potential cost savings. (Recommendation 5)
      • The Director of CISA should establish an approach, including time frames, for measuring outcomes of the organizational transformation, including customer satisfaction with organizational changes. (Recommendation 6)
      • The Director of CISA should develop a strategy for comprehensive workforce planning. (Recommendation 7)
      • The Director of CISA should take steps to align the agency’s employee performance management system with its organizational changes and associated goals. (Recommendation 8)
      • The Director of CISA should communicate relevant organizational changes to selected critical infrastructure stakeholders to ensure that these stakeholders know with whom they should be coordinating in CISA’s organization. (Recommendation 9)
      • The Director of CISA should take steps, with stakeholder input, to determine how critical infrastructure stakeholders should be involved with the development of guidance for their sector. (Recommendation 10)
      • The Director of CISA should assess the agency’s methods of communicating with its critical infrastructure stakeholders to ensure that appropriate parties are included in distribution lists or other communication channels. (Recommendation 11)
  • Germany’s federal government has issued a position paper titled “On the Application of International Law in Cyberspace,” which “discusses selected aspects of the interpretation of certain core principles and rules of international law in the cyber context.” Germany expressed its aim “to contribute to the ongoing discussion on the modalities of application of international law – most of which predates the development and rise of information and communication technologies – in the cyber context.” The German government added:
    • The paper also intends to foster transparency, comprehensibility and legal certainty with regard to an important aspect of foreign affairs. The explanations take into account, inter alia, the 2013 and 2015 reports of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. They are based on applicable international law and in this regard consider, to a significant degree, the findings of independent international law experts recorded in the Tallinn Manual 2.0.
    • The German government concluded:
      • As has been exemplified in the present paper with regard to a selection of international norms, international law as it stands is capable of providing essential guidance on State behaviour in and with regard to cyberspace. Germany is convinced that uncertainties as to how international law might be applied in the cyber context can and must be addressed by having recourse to the established methods of interpretation of international law. Germany deems it critically important that interpretative efforts and attempts to clarify the modalities of the application of international law in cyberspace are based on international exchange and cooperation. This is why Germany follows closely and is actively involved in the work of the United Nations’ working groups on cyber and international security. In addition to their work on international law in cyberspace, these groups elaborate voluntary, non-binding norms for responsible State behaviour in cyberspace which may fulfil an important function in supplementing the existing ‘hard’ rules of international law. Moreover, Germany wishes to highlight the importance of States’ reflecting and taking heed of the multifold and rich academic and civil society debates worldwide on the role and function of international law in the cyber context.
      • Challenges lie ahead: Information and communication technologies are evolving fast, and so is the need to provide adequate legal assessments and to find responses to novel factual situations. While international law provides a sufficient framework to cope with the fast pace of technological change and remains applicable also to new developments, its interpretation and effective application in the cyber context will increasingly be dependent on an in-depth understanding of technological intricacies and complexities. This may require an intensified pooling of technical and legal expertise. Also, evidentiary difficulties with regard to States’ and non-State actors’ behaviour in cyberspace will continue to pose practical challenges.
      • Nevertheless, while underlining the prime responsibility of States for maintaining peaceful relations and upholding the rule of law in the international system, Germany is convinced that the combined efforts of States, international organizations, civil society and academia will continue to provide significant insights into the modalities of how international law applies in the cyber context, thereby leading to a high standard of international legal certainty with regard to this still relatively novel dimension of international relations.
  • The Office of the Inspector General (OIG) for the Board of Governors of the Federal Reserve System (Federal Reserve) and the Consumer Financial Protection Bureau (CFPB) found weaknesses in oversight of agency information security and the cybersecurity of some regulated entities in a pair of reports (here and here.)
    • The OIG found:
      • The Bureau of Consumer Financial Protection collects and stores sensitive information, including confidential supervisory information and personally identifiable information, to support many of its mission-critical activities. Unauthorized access to or disclosure of this information, through internal or external threats, could undermine the public’s trust in the Bureau and limit its ability to accomplish its mission. Although the Bureau continues to maintain an effective information security program, the agency faces challenges in aligning its information security program, policies, and procedures with its evolving enterprise risk management (ERM) program; implementing effective identity and access management controls; and managing the secure configuration of its information systems and the timely remediation of technical vulnerabilities.
    • The OIG recommended that the CFPB:
      • Although the Bureau is working toward implementing effective identity and access management controls, challenges to effectively safeguarding sensitive agency data remain. Specifically, improvements are needed in the agency’s use of strong authentication mechanisms, its maintenance of user access forms and rules of behavior for privileged users, and its implementation of data loss protection processes. The Bureau has self-identified similar improvement opportunities and is working to strengthen controls. For example, the Bureau has implemented a solution to provide strong authentication for administrator accounts and is piloting the use of personal identity verification credentials in preparation for broader adoption.
      • Finally, although the Bureau is making progress toward ensuring the security configuration of its information systems and the timely remediation of technical vulnerabilities, these remain challenge areas. Further, the Bureau has opportunities to implement automated tools to help ensure that technical vulnerabilities are effectively identified and mitigated across its technology environment and that secure configurations are maintained and continuously monitored.
    • Regarding the Federal Reserve’s information security programs, the OIG found:
      • The Board is working to implement the tools and technologies offered by the U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation program to gain efficiencies within its information security program and information technology governance framework and to strengthen its asset, configuration, and vulnerability management processes. As these new tools and capabilities are implemented, the Board will be challenged to ensure that its asset, configuration, and vulnerability management processes are implemented enterprisewide and operating effectively. The implementation of the tools offered through the Continuous Diagnostics and Mitigation program will also require the Board to update its ISCM strategy and associated processes. These activities should assist the agency in transitioning its ISCM program to one that supports ongoing authorizations and more timely risk management activities.
      • The Board relies on a variety of third-party-operated and third-party-maintained systems to meet its mission. In addition, the Board is increasingly leveraging cloud computing–based technology to meet its information technology needs. The risks associated with these systems is heightened because the agency may have limited insight into or knowledge of the security processes of third-party providers. The Board’s cloud computing strategy and information security program processes will need to ensure the adequate protection of the agency’s data in the cloud and that requirements for records management, electronic discovery, privacy, and information security are met by its cloud service providers.
    • The OIG offered the following in regard to the Federal Reserve’s cybersecurity oversight responsibilities:
      • As financial institutions have continued to adopt internet-based systems to conduct business, cyberthreats to the financial sector have increased dramatically in both number and sophistication. These threats can create significant operational risk, disrupt critical services, and ultimately affect financial stability. As a result, cybersecurity remains an area of significant focus for financial institutions and federal financial regulators. Accordingly, financial institutions and regulators must work to protect vital networks and data from cybersecurity threats and prepare to respond to potential cyberattacks.
      • Prior to the emergence of the pandemic, the Board chair described cybersecurity risk as one of the most significant risks facing the Board and financial institutions. The Board continues to refine its approach to cybersecurity supervision of financial institutions. As part of that refinement effort, the Board can strengthen the governance of its cybersecurity supervisory activities and clarify the roles and responsibilities of various groups involved in cybersecurity supervision and planning. Further, the Board should ensure that its supervisory approaches keep pace with evolving cyberthreats.
  • The Bank for International Settlements (BIS) released a report titled “Use of big data sources and applications at central banks,” which concluded:
    • Central banks have a comprehensive view of big data, which can comprise very different types of data sets. First and foremost, it includes the large “non-traditional” (or unstructured) data often characterised by high volume,velocity and variety and that must be processed using innovative technologies. But for two thirds of respondents, big data also includes large “traditional” (ie well structured) data sets that are often “organic”, in the sense that they arecollected as a by-product of commercial (eg payment transactions), financial (eg tick-by -tick price quotes observed in financial markets) and administrative (eg files collected by public institutions) activities – these data are often referred to as “financial big data”.
    • Central banks are increasingly using big data. Around 80% of the responding central banks now use big data regularly; in contrast, only one third of 2015 respondents had indicated they were using any big data sources. Moreover, interest in the topic of big data at the senior policy level is currently rated “very important” in more than 60% of cases, compared with less than 10% in 2015. Interest in big data is especially strong among advanced economies (AEs) and is catching up in a significant number of emerging market economies (EMEs).
    • The range of big data sources exploited by central banks is diverse. A key source for the private sector is the “internet of things”, with for instance the applications developed by many central banks to scrape online portals for information in numerical (eg prices of goods sold on the web) or textual format (eg messages posted on social media). Yet another important source of information is text from printed materials processed using digital techniques. Last but not least, central banks are increasingly using financial big data sets collected in a more “traditional” way, such as balance sheet information available in credit registries, loan-by -loan and security-by -security databases, derivatives trades reported to trade repositories (TRs), and payment transactions.
    • Big data is effectively used to support central bank policies. As regards central banks’ monetary policy and financial stability mandates, newly available databases and techniques are increasingly mobilised to support economic analyses and nowcasting/forecasting exercises, construct real-time market signals and develop sentiment indicators derived from semi-structured data. This has proved particularly useful in times of heightened uncertainty or economic upheaval, as observed during the Covid-19 pandemic. A majority of central banks also report using big data for micro-level supervision and regulation (sup tech and reg tech), with an increasing focus on consumer protection; for instance, to assess misconduct, detect fraudulent transactions or combat money laundering.
    • The survey also underscored the need for adequate IT infrastructure and human capital. Many central banks have undertaken important initiatives to develop big data platforms so as to facilitate the storage and processing of very large and complex data sets. But progress has varied, reflecting the high cost of such investments and the need to trade off various factors when pursuing these initiatives. Additionally, central banks need to hire and train staff, which is difficult due to the limited supply of adequately skilled candidates (eg data scientists) .
    • Apart from IT aspects, there are many other challenges that central banks face.These include the legal basis for using private information and the protection, ethics and privacy concerns this entails, and the “fairness” and accuracy of algorithms trained on pre classified and/or unrepresentative data sets. Data quality issues are also significant, since much of the new big da ta collected as a by -product of economic or social activities needs to be curated before proper statistical analysis can be conducted. This stands in contrast to traditional sources of official statistics that are designed for a specific purpose, eg surveys and censuses. •Moreover, a key issue is to ensure that predictions based on big data are not only accurate but also “interpretable” and representative, as to carry out evidence-based policy central banks need to identify specific explanatory causes or factors. Furthermore, transparency regarding the information produced by big data providers is essential to ensuring that its quality can be checked and that public decisions can be made on a sound, clearly communicated basis. Lastly, there are important  legal  constraints  that  reduce  central  banks’  leeway  when using private and confidential data.
    • Cooperation  could  facilitate  central  banks’  use  of  big  data,  in  particular  through collecting  and  showcasing  successful  projects  and  facilitating  the  sharing of experience, for  example  to  avoid repeating  others’  mistakes when setting  up  an IT  infrastructure,  or  by  pooling  resources  together.  In  particular,  developing technical discussions between institutions is seen as a powerful way to build  the  necessary  skillset  among  staff  and develop  relevant  IT  tools  and  algorithms that are best suited to central banks’ (idiosyncratic) needs.
    • International  financial  institutions  can  help  foster such cooperation.  For instance, they can help develop in-house big data knowledge, reducing central banks’ reliance on big data services providers, which can be expensive and entail significant  legal  and  operational  risks.  They  can  also  facilitate  innovation  by  promoting technological solutions and initiatives to enhance the global statistical infrastructure. In addition,  they can make their resources available internationally or develop joint cloud computing capabilities to reduce operational risk arising from dependence on specific providers in a highly concentrated market.

Further Reading

  • Powerful DNA Software Used in Hundreds of Criminal Cases Faces New Scrutiny” By Lauren Kirchner — The Markup. The practice of using “probabilistic genotyping” in criminal investigations and prosecutions as developed with proprietary software is coming under scrutiny. Often incomplete DNA are analyzed in order to identify people even though it is not clear how the practice works, and defense attorneys have been pushing to analyze this method as made available by Cybergenetics. Now a federal court a state court have ordered the company to make its source code available to defense attorneys who will have experts scour the code for flaws that almost certainly there. Two Cybergenetics’ competitors have had their source code examined in criminal cases and they have been found wanting.
  • Is Congress finally ready to pass meaningful ransomware legislation?” By Tim Starks — cyberscoop. The top Democrat and Republican on the House Homeland Security Committee are contemplating legislation to address the increasing problem of states, localities, and private entities face regarding ransomware. So is the Senate Homeland Security and Governmental Affairs Committee chair. However, they seem to be taking the approach of “more of the same,” giving states and cities more funding for cybersecurity, which may prove useful, and establishing more criminal penalties for ransomware. It would seem changing the incentive structure in cybersecurity will be required.
  • Xi’s Gambit: China Plans for a World Without American Technology” By Paul Mozur and Steven Lee Myers — The New York Times. Beijing is trying to counter Washington’s moves to choke off key technology by developing its own technology. The People’s Republic of China (PRC) is looking to invest billions to plug crucial tech “holes,” but the nation’s recent efforts to address vulnerabilities in semiconductors has not yielded much in the way of progress.
  • How to Put Out Democracy’s Dumpster Fire” By Anne Applebaum and Peter Pomerantsev — The Atlantic. This piece contains a number of ideas to transform the internet into a place that fosters rather than tears at democracy, most of which would entail a curtailment of the power and reach of tech giants.
  • Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition” By Jason Koebler and Joseph Cox — Vice’s Motherboard. Hackers penetrated and exfiltrated customer data from Verkada, a company that offers surveillance products and services, including facial recognition. The list of entities using Verkada’s services includes schools, jails, hospitals, malls, bars, businesses, and others.

Coming Events

  • On 24 March, the Senate Armed Services Committee will a closed briefing on Department of Defense cyber operations with these witnesses:
    • Mieke Eoyang, Deputy Assistant Secretary of Defense for Cyber Policy, Office of the Under Secretary of Defense for Policy
    • Jeffrey R. Jones, Vice Director, Command, Control, Communications and Computers/Cyber Joint Staff, J-6
    • Major General Kevin B. Kennedy, Jr., USAF, Director of Operations, United States Cyber Command
    • Rear Admiral Jeffrey J. Czerewko, USN, Deputy Director, Global Operations, J39, Joint Staff, J-3
  • The Senate Armed Services Committee will hold an open hearing and a closed hearing on the “United States Special Operations Command and United States Cyber Command in review of the Defense Authorization Request for Fiscal Year 2022 and the Future Years Defense Program” on 25 March with these witnesses:
    • Christopher P. Maier, Acting Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict
    • General Richard D. Clarke, USA, Commander, United States Special Operations Command
    • General Paul M. Nakasone, USA, Commander, United States Cyber Command/Director, National Security Agency/Chief, Central Security Service
  • The House Energy and Commerce Committee’s Communications and Technology and Consumer Protection and Commerce Subcommittees will hold a joint hearing on 25 March “on misinformation and disinformation plaguing online platforms” with these witnesses: Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Twitter CEO Jack Dorsey.
  • The Federal Trade Commission (FTC) will hold a workshop titled “Bringing Dark Patterns to Light” on 29 April.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Claudio Schwarz | @purzlbaum on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s