Other Developments, Further Reading, and Coming Events (25 March 2021)

Other Developments

  • California Attorney General Xavier Becerra was confirmed as the new Secretary of Health and Human Services, but before he left this position, he named Matt Rodriguez Chief Deputy Attorney General. Rodriguez will be the acting Attorney General until Governor Gavin Newsom (D) nominates a person the legislature confirms.
  • The White House indicated President Joe Biden’s Intention to nominate Columbia Law School Associate Professor Lina Khan to a seat on the Federal Trade Commission as has been rumored. Khan rose to prominence in the legal community with her 2017 paper, “Amazon’s Antitrust Paradox,” that argued for an overhaul of United States (U.S.) antitrust laws and against the dominance of Amazon. Khan went on to advise FTC Commissioner Rohit Chopra, co-authoring a piece with him that “argues that rulemaking under § 5 of the Federal Trade Commission Act should supplement antitrust adjudication, and that this institutional shift would lower enforcement costs, reduce ambiguity, and facilitate greater democratic participation.” Khan later joined the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee as it investigated competition in digital markets and helped shape its final report that focused on the market dominance of Amazon, Apple, Facebook, and Google and called for a massive reform of U.S. reform laws. The White House provided this biography:
    • Lina Khan is an associate professor of law at Columbia Law School, where she teaches and writes about antitrust law, infrastructure industries law, and the antimonopoly tradition. Her antitrust scholarship has received several awards and has been published by the Yale Law Journal, Harvard Law Review, Columbia Law Review, and University of Chicago Law Review. Khan previously served as counsel to the U.S. House Judiciary Committee’s Subcommittee on Antitrust, Commercial, and Administrative Law, where she helped lead the Subcommittee’s investigation into digital markets. Khan was also a legal advisor in the office of Commissioner Rohit Chopra at the Federal Trade Commission and legal director at the Open Markets Institute. She is a graduate of Williams College and Yale Law School.
  • An unnamed senior administration official (my money is on either National Security Advisor Jake Sullivan or Deputy National Security Advisor for Cyber & Emerging Technology Anne Neuberger) provided a background briefing on where the United States (U.S.) stands with respect to recovering from the SolarWinds and Microsoft Exchange hacks. This official explained how the U.S. government has responded thus far and provided some detail on how it may in the near future to prevent and mitigate attacks. The official suggested the use of a ratings system for some cybersecurity products and services, similar to what has been proposed over the last few Congresses by Senator Ed Markey (D-MA) and Representative Ted Lieu (D-CA) in their “Cyber Shield Act.” This official also sketched out an information technology (IT) modernization effort. Some of these proposed actions could occur through executive action, meaning the Administration will not necessarily be asking Congress for legislative authority. Regarding SolarWinds, this official asserted:
    • First, finding and expelling the adversary. We’re in week three of a four-week remediation across the federal government. The compromised agencies all were tasked to do a particular set of activities and then were tasked to have an independent review of their work to ensure that we felt confident the adversary had been eradicated.
    • Most of the agencies have completed that independent review. For those who have not yet, they will complete it by the end of March.
    • This official added that decisions have been made about how the Biden Administration will modernize federal IT networks. The official proposed something along the lines of the Department of Homeland Security’s EINSTEIN system but somehow more effective than current capabilities:
      • In fact, we standardized the methodology for incident response based upon this.  And we also made a decision on the key pieces of part two, which is “Building Back Better to Modernize Federal Defenses.”
      • As we talked about during a press event a number of weeks ago, we cannot defend a network if we can’t see a network.  And in our review of what caused SolarWinds, we saw significant gaps in modernization and in technology of cybersecurity across the federal government.
      • So we will be rolling out technology to address the specific gaps we identified, beginning with the nine compromised agencies.  We want to make the federal government a leader, not a laggard, in cybersecurity.  And we know we need to be able to defend against the adversaries who pursue the nation’s diplomatic, law enforcement, and health efforts.
      • Those will be rolled out in the near term, beginning, as I said, with the nine compromised agencies and then more broadly across the federal government to ensure we have the visibility we need to have trust in our networks, that we can protect the important work the federal government does on behalf of the American people.
    • The official explained about how the Biden Administration will seek to change incentives in the market:
      • We also learned key lessons regarding visibility and market.  Today, the cost of insecure technology is borne at the end: by incidence response and cleanup.  And we really believe it will cost us a lot less if we build it right at the outset.
      • And I give two exemplars to help characterize what we want to do here.  One is: Mayor Bloomberg, a number of years ago, when he wanted to address restaurant sanitation, he realized, you know, the health department kept rating restaurants, and it just wasn’t changing anything.  So he required restaurants to put a simple rating — A, B, C, D — in their front window to make a market — to make a market around health and sanitation.
      • And we’re looking to do a very similar thing with cyber and the cybersecurity of software companies we buy software from.  More to follow on that.
      • And then, similarly, Singapore has an interesting model where they provide cybersecurity standards for different Internet of Things devices, like baby monitors, so that moms who want to buy secure products have a really easy way to put their money on it.  And we don’t have that in the U.S. today; we don’t have that transparency so that people can make a market for cybersecurity.
  • The Office of the Director of National Intelligence (ODNI), the Department of Justice (DOJ), and the Department of Homeland Security (DHS) issued “an unclassified summary of the joint comprehensive threat assessment on domestic violent extremism.” The ODNI, DOJ, and DHS that online recruitment and radicalization will continue to pose challenges to combatting online extremism. Moreover, extremists and networks moving to smaller platforms or using encryption will make surveillance and monitoring harder. The agencies summarized the findings:
    • The IC assesses that domestic violent extremists (DVEs) who are motivated by a range of ideologies and galvanized by recent political and societal events in the United States pose an elevated threat to the Homeland in 2021. Enduring DVE motivations pertaining to biases against minority populations and perceived government overreach will almost certainly continue to drive DVE radicalization and mobilization to violence. Newer sociopolitical developments—such as narratives of fraud in the recent general election, the emboldening impact of the violent breach of the US Capitol, conditions related to the COVID-19 pandemic, and conspiracy theories promoting violence—will almost certainly spur some DVEs to try to engage in violence this year.
    • The IC assesses that lone offenders or small cells of DVEs adhering to a diverse set of violent extremist ideologies are more likely to carry out violent attacks in the Homeland than organizations that allegedly advocate a DVE ideology. DVE attackers often radicalize independently by consuming violent extremist material online and mobilize without direction from a violent extremist organization, making detection and disruption difficult.
    • The IC assesses that racially or ethnically motivated violent extremists (RMVEs) and militia violent extremists (MVEs) present the most lethal DVE threats, with RMVEs most likely to conduct mass-casualty attacks against civilians and MVEs typically targeting law enforcement and government personnel and facilities. The IC assesses that the MVE threat increased last year and that it will almost certainly continue to be elevated throughout 2021 because of contentious sociopolitical factors that motivate MVEs to commit violence.
    • The IC assesses that US RMVEs who promote the superiority of the white race are the DVE actors with the most persistent and concerning transnational connections because individuals with similar ideological beliefs exist outside of the United States and these RMVEs frequently communicate with and seek to influence each other. We assess that a small number of US RMVEs have traveled abroad to network with like-minded individuals.
    • The IC assesses that DVEs exploit a variety of popular social media platforms, smaller websites with targeted audiences, and encrypted chat applications to recruit new adherents, plan and rally support for in-person actions, and disseminate materials that contribute to radicalization and mobilization to violence.
    • The IC assesses that several factors could increase the likelihood or lethality of DVE attacks in 2021 and beyond, including escalating support from persons in the United States or abroad, growing perceptions of government overreach related to legal or policy changes and disruptions, and high-profile attacks spurring follow-on attacks and innovations in targeting and attack tactics.
    • DVE lone offenders will continue to pose significant detection and disruption challenges because of their capacity for independent radicalization to violence, ability to mobilize discretely, and access to firearms.
  • Senators Amy Klobuchar (D-MN) and Kevin Cramer (R-ND) and 26 of their Senate colleagues reintroduced the “Keeping Critical Connections Act” “to help small broadband providers ensure rural broadband connectivity for students and their families during the coronavirus pandemic…[and] would appropriate $2 billion for a Keeping Critical Connections fund at the Federal Communications Commission (FCC) under which small broadband providers with fewer than 250,000 customers could be compensated for broadband services under certain conditions” per their press release.
  • The European Commission’s (EC) Joint Research Centre (JRC) issued its “final report of the project examines the role of governments and the EU, as well as possible data governance models to distribute the value generated from data more equitably in society” according to its press release. The JRC asserted “[t]he findings of the research contribute to the new EU policy orientations on data sharing and technological and data sovereignty, including the European Strategy for Data and the Data Governance Act.” The JRC claimed:
    • There are many dimensions to address the governance of a digitally-transformed society and the project focussed (sic) on the governance of data as a critical aspect. Data is a key resource in the digital economy, and control over the way it is generated, collected, aggregated, and value is extracted and distributed in society is crucial. We have explored the increasing awareness about the strategic importance of data and emerging governance models to distribute the value generated more equitably in society. These findings have contributed to the new policy orientation in Europe on technological and data sovereignty and social inclusion.
    • At the same time, the digital transformation, and the rise of artificial intelligence and the Internet of Things, offer also new opportunities for new forms of policy design, implementation, and assessment providing more personalised support to those who need it and being more participative throughout the policy cycle. The use of digital twins, gaming, simulations, and synthetic data is just at the beginning but promises to change radically the relationships among all the stakeholders in governance of our society.
    • The JRC reached these “Main findings:”
      • With respect to the governance of digital data, we examined data sharing and control as a socio-technical practice. We analyzed four emerging models of data governance – data sharing pools, data co-operative, public data trusts, and personal data sovereignty – and inquired to what extent they support different, more balanced, power-relations between actors compared to the dominant one of datification (in which few dominant corporate actors get most of the value extracted from the data). Data co-operative and civic data trusts, in particular, are established to redistribute the value generated from personal data more equitably across society. Data co-operatives are democratic and collective forms of data governance in which data subjects voluntarily pool their data together to create a common pool for mutual benefits. We examined how they relate to the notion of platform cooperativsm and explained why they are gaining relevance in current forms of European pandemic citizenship. We researched also EU projects based on citizen-generated data (CGD), intended as data that people or their organisations produce to directly monitor, demand or drive change on issues that affect them. The growth of citizen-generated data give the public sector more opportunities for addressing critical social and economic issues, at the same time offering new avenues for active citizenships and reshaping the relationships be- tween citizens and local governments. Finally, also local governments could directly help to redistribute the value of data across society. In that regard, we explored how European municipalities are getting access to commercial sector data of public interest adopting
      • different operational modes and strategies, a practice that at the present time is still challenging and precarious for most cities. The vast majority of use cases examined in the chapters of this section consist in niche initiatives or pilot projects. The scaling up of the relative data governance models in the future depends on the ad-hoc policy measures that will be established to support them. The chapters in this section provide conceptual tools for a thoughtful discussion on the approaches for accessing and sharing data that foster a more equitable digitally transformed society.
      • With respect to the governance with the digital transformation we have explored the use of synthetic populations, digital twins, and gaming environments for their high trans- formative potential. The development of synthetic populations through AI and machine learning methods results in an artificial set of individuals, families, and households with the same characteristics and behaviour of the true population. This allows the design, modelling and testing of citizen-centred policies, targeted to those who need intervention most without the use of personal data. We found that the opportunities are very significant, and for this reason many governments and statistical agencies are becoming interested in this methodology. The concept of digital twins has been known and applied for many years in manufacturing, creating a digital replica of an artefact for testing and assessment before going into production. The increased avail- ability of data, and processing power at declining costs, makes it now possible to develop digital twins for entire cities and nations.
      • We discuss the use of digital twins for the cities of Amsterdam and Duisburg to address local problems and found them effective tools to communicate with all the stakeholders involved from government officials to business and the public. We tested also the combined use of digital twins and gaming environments to engage school children in the energy transition and urban planning, and found this combination as having many opportunities to get the citizens of today and tomorrow to have a say in shaping their environment.
      • We conclude that technological change is much faster than the ability of governments to react. Therefore, it is necessary to anticipate and shape the future direction of development through foresight studies, qualitative research, and experimenting with new technology and methods, rather than trying to fix the present that too quickly becomes the past. Governments play a key role, but it is ultimately up to all of us to shape our futures.
  • Representative Colin Allred (D-TX) and cosponsors introduced the “Homeland and Cyber Threat (HACT) Act” (H.R.1607) that “would allow Americans to make claims in federal or state courts against foreign states that conduct or engage in cyberattacks against Americans” according to their press release. They added:
    • This legislation would eliminate immunity afforded to foreign states—including foreign officials, employees, or agents—in the courts of the United States with regard to monetary damages sought by Americans for personal injury, harm to reputation, or damage to or loss of property resulting from cyberattacks.
  • Facebook announced measures to help encourage people to get vaccinated against COVID-19 and associated misinformation:
    • We’ve already connected over 2 billion people to authoritative COVID-19 information, and today as access to COVID-19 vaccines expands, we’re going even further and aiming to help bring 50 million people one step closer to getting vaccinated.
    • Facebook explained:
      • To do this, we’re helping people learn more about COVID-19 vaccines and find out when and where they can get one through our apps. Some of the ways we are doing this:
        • A tool to connect people to information about where and when to get a COVID-19 vaccine
        • Expanding our COVID-19 Information Center to Instagram
        • Expanding official WhatsApp chatbots on COVID-19 to get people registered for vaccinations with health authorities and governments 
        • Adding labels on posts about COVID-19 vaccines to show additional information from the World Health Organization
        • Making real-time aggregate trends in COVID-19 vaccinations, intent to get vaccinated and reasons for hesitancy available to public officials to inform equitable vaccine rollout
  • Like Apple did, Google announced it will cut its 30% fee on in-app purchases through its Google Play application store. Both companies are facing scrutiny by regulators and facing litigation regarding the possible antitrust and anti-competitive implications of their app store policies. Epic Games has sued both companies in the United States and United Kingdom. Google stated:
    • Starting on July 1, 2021 we are reducing the service fee Google Play receives when a developer sells digital goods or services to 15% for the first $1M (USD) of revenue every developer earns each year. With this change, 99% of developers globally that sell digital goods and services with Play will see a 50% reduction in fees. These are funds that can help developers scale up at a critical phase of their growth by hiring more engineers, adding to their marketing staff, increasing server capacity, and more.
    • As mentioned, in November 2020, the holiday spirit apparently arrived early in Cupertino, California, for small app developers will now only pay Apple 15% of in-app purchases for the privilege of being in the App Store. Of course, this decision has nothing to do with the antitrust pressure the company is facing in the European Union and U.S. and will have very little impact on their bottom line since app developers with less than $1 million in revenue (i.e., those entitled to a reduction) account for 2% of App Store revenue. It does give Apple leadership and executive some great talking points when pressed by antitrust investigators, legislators, and the media.

Further Reading

  • Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps” By Joseph Cox — Vice’s Motherboard. With United States (U.S.) law enforcement and security agencies buying and using commercial location data harvested from smartphones, should it be a surprise the U.S. military is doing the same? In this case, a national Guard unit bought location data that may or may not be used for targeting drone strikes.
  • Google advised mental health care when workers complained about racism and sexism” By April Glaser and Char Adams — NBC News. If the accounts in the article are true, then Google’s Human Resources Department are engaged in less than ideal practices. Minority employees are being told to seek therapy or take leave when they report discrimination. These reports come in the aftermath of two prominent African American women being pushed out of the company, Google’s Ethical team lead Dr. Timnit Gebru and diversity recruiter April Curley. Of course, reports such as these operate against the backdrop of technology company’s underwhelming record for recruiting and retaining minority and female workers.
  • Black Tech Employees Rebel Against ‘Diversity Theater’” By Sidney Fussell — WIRED. This piece details the pageantry in which many technology companies engage when seeking to increase hiring and retention of minority workers. Of course, Silicon Valley often allies itself, ostensibly, with liberal causes such as Black Lives Matter designed to address racism and inequality but has a record as detailed in annual diversity reports that falls short. Employees of color describe half measures and companies saying all the right things while they have stagnant careers and endure ongoing racism and discrimination.
  • French startup lobby to file privacy complaint against Apple” By Mathieu Rosemain — Reuters. A trade association, France Digitale, has filed a complaint with France’s data protection authority (DPA), the Commission Nationale de l’Informatique et des Libertés (CNIL), arguing that Apple’s new iPhone operating system violates the General Data Protection Regulation (GDPR). Specifically, even though Apple’s much lauded changes would allow users to allow or deny tracking by third-party apps, Apple may continue to collect and use personal data without consent, a violation of the European Union’s data protection regime. Last fall, none of your business, an advocacy group, filed similar complaints with the DPAs of Spain and Berlin.
  • Tech’s Legal Shield Appears Likely to Survive as Congress Focuses on Details” By David McCabe — The New York Times. As Chekov once wrote, if there are many treatments for a condition, you can be sure there is no cure. And so it is with proposed reforms to 47 U.S.C. 230. Most stakeholders agree things need to change, but there are a range of proposed solutions, suggesting reform is unlikely in the near-term.

Coming Events

  • The Senate Armed Services Committee will hold an open hearing and a closed hearing on the “United States Special Operations Command and United States Cyber Command in review of the Defense Authorization Request for Fiscal Year 2022 and the Future Years Defense Program” on 25 March with these witnesses:
    • Christopher P. Maier, Acting Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict
    • General Richard D. Clarke, USA, Commander, United States Special Operations Command
    • General Paul M. Nakasone, USA, Commander, United States Cyber Command/Director, National Security Agency/Chief, Central Security Service
  • The House Energy and Commerce Committee’s Communications and Technology and Consumer Protection and Commerce Subcommittees will hold a joint hearing on 25 March “on misinformation and disinformation plaguing online platforms” with these witnesses: Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Twitter CEO Jack Dorsey.
  • The Federal Trade Commission (FTC) will hold a workshop titled “Bringing Dark Patterns to Light” on 29 April.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Liam Edwards on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s