Other Developments, Further Reading, and Coming Events (13 May 2021)

First, subscribe to my newsletter, The Wavelength, if you want all the content on my blog delivered to your inbox four times a week.

Other Developments

  • The Biden Administration launched a new website on United States (U.S.) government efforts on artificial intelligence (AI): www.ai.gov. Deputy United States Chief Technology Officer and the National Artificial Intelligence Initiative Office Director Lynne Parker explained in a post on the site the National AI Initiative Office was established in the FY 2021 National Defense Authorization Act and would oversee the government’s AI programs and initiatives. She further asserted:
    • Six key pillars define the Nation’s AI strategy:
      • prioritizing AI research and development;
      • strengthening AI research infrastructure;
      • advancing trustworthy AI through technical standards and governance;
      • training an AI-ready workforce;
      • promoting international AI engagement; and
      • leveraging trustworthy AI for government and national security.
    • Coordinating all of these efforts is the National AI Initiative Office, which is legislated by the NAIIA to coordinate and support the NAII.  This Office serves as the central point of contact for exchanging technical and programmatic information on AI activities at Federal departments and agencies, as well as related Initiative activities in industry, academia, nonprofit organizations, professional societies, State and tribal governments, and others.
    • The AI.gov website provides a portal for exploring in more depth the many AI actions, initiatives, strategies, programs, reports, and related efforts across the Federal government.  It serves as a resource for those who want to learn more about how to take full advantage of the opportunities of AI, and to learn how the Federal government is advancing the design, development, and use of trustworthy AI.
  • The United Kingdom’s National Cyber Security Centre (NCSC) issued its fourth annual report on its Active Cyber Defence (ACD) programme. The NCSC highlighted some of its findings:
    • The latest ACD report highlights how the NCSC used its Takedown Service to protect the public from scams including fake celebrity endorsement scams and bogus Covid vaccines adverts.
    • The report showed that in the last year more than 700,000 online scams totalling 1.4 million URLs were removed by the NCSC – a massive increase on previous years due largely to the expansion of the Takedown Service.
    • One particular area of focus for ACD last year was protecting the NHS, and the report detailed efforts to monitor for attacks that sought to harvest NHS credentials and potentially compromise critical systems. In 2020 ACD detected 122 phishing campaigns using NHS branding, compared to 36 in 2019.
    • Among the lures were those using the COVID-19 NHS vaccine rollout, the first of which was picked up in December. Others included fake or unofficial copies of the NHS Test and Trace mobile app, with the removal of 43 instances of NHS apps hosted and available for download outside of the official Apple and Google app stores.
    • Beyond the NHS, other areas protected included TV Licensing, which saw a surge in attacks that corresponded with news of changes to TV Licensing entitlements for UK pensioners during July 2020.
    • And while the overall level of Brexit-themed UK government phishing was low during 2020, attempts to clone part of the gov.uk website were identified in December. The attack was taken down promptly and relevant departments notified.
  • The United States (U.S.) National Association of Attorneys General wrote Facebook CEO Mark Zuckerberg “regarding Facebook’s recently announced plans to launch a version of Instagram for children under the age of 13.” They stated
    • The attorneys general urge Facebook to abandon these plans. Use of social media can be detrimental to the health and well-being of children, who are not equipped to navigate the challenges of having a social media account. Further, Facebook has historically failed to protect the welfare of children on its platforms. The attorneys general have an interest in protecting our youngest citizens, and Facebook’s plans to create a platform where kids under the age of 13 are encouraged to share content online is contrary to that interest.
  • Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) issued a white paper titled “Towards Auditable AI Systems,” in which the German government’s office of federal information security argued:
    • This whitepaper first summarizes the opportunities and challenges of AI systems and then goes on to present the state of the art of AI system auditability with a focus on the aspects AI life cycle, online learning and model maintenance in the presence of drift, adversarial and backdoor poisoning attacks and defenses against these attacks, verification, auditing of safety-critical AI systems, explaining black-box AI models and AI standardization.
    • Despite substantial progress for all of these aspects, an overarching open issue is that of (often multi-faceted) trade-offs between desired characteristics of the system, e.g. robustness, security, safety and auditability, on the one hand an d characteristics of the AI model, ML algorithm, data and further boundary conditions on the other hand. These trade-offs restrict the scalability and generalizability of current AI systems.
    • To eventually allow leveraging the opportunities of AI technologies in a secure, safe, robust and trustworthy way, two strategies should be combined: 1. Taking the abovementioned trade-offs into account, favorable boundary conditions for the give n task should be selected; 2. Available technologies should be advanced by substantial investments in R&D to eventually allow for secure and safe AI systems despite complex boundary conditions and, therefore, to improve scalability and generalizability.
  •  In a blog post, the United Kingdom’s Information Commissioner’s Office (ICO) is “working to update our guidance and develop a new code of practice in line with the statutory requirement under section 124 of the Data Protection Act 2018 (DPA 2018)…[that] will help anyone processing personal data for the purposes of journalism to understand their legal obligations and how to comply effectively, including newspapers and magazines, television and radio broadcasters, and ‘citizen journalists’.” The ICO stated:
    • The Data Protection Act 2018 requires the ICO to: produce the Journalism code; create guidance for the public on how to complain about media organisations; and review how personal data is being processed for the purposes of journalism.
  • Senator Mike Lee (R-UT) and Representative Ken Buck (R-CO) “sent letters to Amazon CEO Jeff Bezos, Attorney General Merrick Garland, and the Acting Inspector General of the Department of Defense Sean O’Donnell regarding whether Amazon violated antitrust or ethics laws by attempting to influence the procurement process for the Joint Enterprise Defense Infrastructure (JEDI) contract for cloud computing services for the Department of Defense.”
    • In the letter to Bezos, Lee and Buck stated:
      • We are writing regarding potentially corrupt and anticompetitive conduct by Amazon Web Services, Inc. (“AWS”) that may have violated federal conflict of interest and antitrust laws. Specifically, we are concerned that Amazon may have attempted to monopolize one or more markets relating to government and/or commercial cloud computing services by improperly influencing the Joint Enterprise Defense Infrastructure procurement process.
    • In the letter to Garland, Lee and Buck stated:
      • We request that the Department of Justice investigate potentially corrupt and anticompetitive conduct by Amazon Web Services, Inc. (“AWS”), a wholly owned subsidiary of Amazon.com, Inc. (“Amazon”), that may have violated federal conflict of interest and antitrust laws. Specifically, we are concerned that Amazon may have attempted to monopolize one or more markets relating to government and/or commercial cloud computing services by improperly influencing the Joint Enterprise Defense Infrastructure procurement process.
    • In the letter to O’Donnell, they stated:
      • We have recently reviewed the Department of Defense (“DoD”) Office of the Inspector General (“DoD IG”) report on the Joint Enterprise Defense Infrastructure Cloud Procurement (“Report”). The DoD IG was tasked with investigating the extent to which illegal and undisclosed conflicts of interest on the part of senior DoD officials impacted the JEDI procurement. Based on our reading of the Report, it seems that the DoD IG investigation confirmed the existence of these conflicts, and more. Further, facts contained in numerous press stories regarding the procurement are largely or entirely confirmed by the Report.1Conflicted officials clearly and repeatedly advocated on behalf of their former client to secure for it one of DoD’s largest and most important information technology contracts.
  • House Energy and Commerce Committee Chair Frank Pallone, Jr. (D-NJ), Ranking Member Cathy McMorris Rodgers (R-WA), and Representatives Doris Matsui (D-CA) and Brett Guthrie (R-KY) wrote the House Appropriations Committee and stated:
    • In furtherance of our efforts to ensure the security of communications networks across the United States, we write to request consideration by the Subcommittee on Commerce, Justice, Science, and Related Agencies, and the full Committee on Appropriations, to provide at least $750 million in Fiscal Year 2022 funding for critical network security initiatives allowed under the Public Wireless Supply Chain Innovation Fund, as authorized in the Utilizing Strategic Allied Telecommunications Act of 2020 (USA Telecommunications Act). The USA Telecommunications Act was included as part of H.R. 6395, the “National Defense Authorization Act for Fiscal Year 2021.”
  • The White House sent a letter to Congress extending “the national emergency declared in Executive Order 13873 of May 15, 2019, with respect to securing the information and communications technology and services supply chain, is to continue in effect beyond May 15, 2021.” The Biden Administration stated:
    • The unrestricted acquisition or use in the United States of information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of these foreign adversaries to create and exploit vulnerabilities in information and communications technology or services, with potentially catastrophic effects.  This threat continues to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.  Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13873 with respect to securing the information and communications technology and services supply chain.
  • The National Institute of Standards and Technology (NIST) “is in the process of a periodic review and maintenance of its cryptography standards and NIST Special Publications.” NIST stated “[a] description of the review process is available at the Crypto Publication Review Project page.” NIST asserted “[c]urrently, we are reviewing the following publications: 
    • Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES), 2001
    • NIST Special Publication (SP) 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques, 2001 
    • NIST SP 800-38A Addendum, Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode, 2010 
    • NIST SP 800-15, Minimum Interoperability Specification for PKI Components (MISPC), Version 1, 1998 
    • NIST SP 800-25, Federal Agency Use of Public Key Technology for Digital Signatures and Authentication, 2000 
    • NIST SP 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure, 2001  
  • Canada’s Office of the Privacy Commissioner submitted its comments on Bill C-11, the Digital Charter Implementation Act, 2020, and claimed in a press release the “bill aimed at modernizing Canada’s outdated private sector privacy law would be “a step back overall” from the current law and needs significant changes if confidence in the digital economy is to be restored.” In its submission, the OPC argued:
    • Bill C-11, which enacts the Consumer Privacy Protection Act (CPPA) and the Personal Information and Data Protection Tribunal Act (PIDPTA), is an important and concrete step toward privacy law reform in Canada. Arising from the 2019 Digital Charter, and following years of Parliamentary studies, Bill C-11 represents a serious effort to realize the reform that virtually all – from Parliamentarians, to industry, privacy advocates, and everyday Canadians – have recognized is badly needed. It was an ambitious endeavour to completely restructure the existing Act. We are pleased to see that the law reform process appears to be truly underway.
    • The Bill completely rewrites that law and seeks to address several of the privacy concerns that arise in a modern digital economy. It promises more control for individuals, much heavier penalties for organizations that violate privacy, while offering companies a legal environment in which they can innovate and prosper.
    • We agree that a modern law should both achieve better privacy protection and encourage responsible economic activity, which, in a digital age, relies on the collection and analysis of personal information. However, despite its ambitious goals, our view is that in its current state, the Bill would represent a step back overall for privacy protection. This outcome can be reversed, and the Bill could become a strong piece of legislation that effectively protects the privacy rights of Canadians, with a number of important amendments under three themes:
      • a better articulation of the weight of privacy rights and commercial interests;
      • specific rights and obligations;
      • access to quick and effective remedies and the role of the OPC.
    • Why do I say that the Bill as drafted would represent a step back? In general terms, because the Bill, although seeking to address most of the privacy issues relevant in a modern digital economy, does so in ways that are frequently misaligned and less protective than laws of other jurisdictions. Our recommendations would lead to greater alignment.
    • More specifically, I say the Bill as drafted would be a step back overall because the provisions meant to give individuals more control give them less; because the increased flexibility given to organizations to use personal information without consent do not come with the additional accountability one would expect; because administrative penalties will not apply to the most frequent and important violations, those relevant to consent and exceptions to consent; and because my Office would not have the tools required to manage its workload to prioritize activities that are most effective in protecting Canadians. In fact, the OPC would work under a system of checks and balances (including a new administrative appeal) that would unnecessarily stand in the way of quick and effective remedies for consumers.
  • Google announced an “an upcoming safety section in Google Play that will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security.” Two of the European Union’s data protection authorities, the Netherlands Authority for Consumers and Markets (ACM) and the Norwegian Consumer Authority, lauded the proposed change that will occur in 2022 and credited the pressure they and other agencies brought to bear on Google. Google added:
    • Developers agree that people should have transparency and control over their data. And they want simple ways to communicate app safety that are easy to understand and help users to make informed choices about how their data is handled. Developers also want to give additional context to explain data use and how safety practices could affect the app experience. So in addition to the data an app collects or shares, we’re introducing new elements to highlight whether:
      • The app has security practices, like data encryption
      • The app needs this data to function or if users have choice in sharing it
      • The app’s safety section is verified by an independent third-party
      • The app enables users to request data deletion, if they decide to uninstall
    • This can be a big change, so we’re sharing this in advance and building with developers alongside us.

Further Reading

  • Signal’s hack of surveillance tech used by police could undermine Australian criminal cases” By Josh Taylor — The Guardian. Criminal lawyers could soon begin challenging a tool Australian police routinely rely on to extract messages, photos and other information from mobile phones for investigations after the discovery of security flaws that meant data could be falsified. Last week Moxie Marlinspike, the founder of encrypted messaging app Signal, published a blog post outlining a series of vulnerabilities in Israeli company Cellebrite’s surveillance devices.
  • Shadow Bans, Dopamine Hits, and Viral Videos, All in the Life of TikTok Creators” By Dara Kerr — The Markup. It was the middle of the pandemic, and Mason McClellan had just started his first semester of college in Georgia. He was stuck at home, learning remotely, and had more time than expected on his hands. So, one night he made a few short videos loosely based on small-town news stories and posted them to TikTok.
  • As Outbreak Rages, India Orders Critical Social Media Posts to Be Taken Down” By Karan Deep Singh and Paul Mozur — The New York Times. With a devastating second wave of Covid-19 sweeping across India and lifesaving supplemental oxygen in short supply, India’s government on Sunday said it ordered Facebook, Instagram and Twitter to take down dozens of social media posts critical of its handling of the pandemic.
  • GCHQ chief warns of tech ‘moment of reckoning’” By Gordon Corera — BBC. The West is faced with a “moment of reckoning” when it comes to technology and security, the head of intelligence agency GCHQ has told the BBC.
  • Germany falls in line with EU on Huawei” By Laurens Cerulus — Politico EU. German lawmakers passed tougher 5G security legislation on Friday, capping two years of doubts over whether Europe’s largest market would get tough on Chinese telecoms giant Huawei. The new IT Security Law 2.0, approved by the Bundestag, restricts the role of “untrustworthy” suppliers of 5G technology and requires telecoms operators to notify the government if they sign contracts for critical 5G components. It also gives the government powers to block them.
  • ‘Pastel QAnon’: Instagram conspiracy peddlers a political headache for design giants” By Cara Waters — The Sydney Morning Herald. At first glance the Instagram posts look innocuous: pastel-hued sunsets overlaid with text, a black and white shot of a couple embracing in a field of grass. The imagery and the bucolic aesthetic sits well with the type of content posted regularly by countless wellness and parenting influencers. But there’s a catch, as the underlying messages embedded in these posts can be dangerous, spreading baseless QAnon conspiracy theories about child sex trafficking rings or anti-vaccination information. The rise of this content dubbed ‘pastel QAnon’ by extremism researcher Marc-André Argentino is posing a challenge for graphic design platforms such as $19 billion Australian startup Canva and international tech giant Adobe, with both grappling with the problem of their software being used to spread misinformation.
  • China calls out 33 apps for collecting more user data than deemed necessary” By Eileen Yu — ZDNet. China has called out 33 mobile apps for collecting more user data than it deemed necessary to offer their service. These companies, which include Baidu and Tencent Holdings, have been given less than a fortnight to plug the gaps. The Cyberspace Administration of China (CAC) said in a brief statement Saturday that these apps had breached local regulations, primarily, for capturing personal data that were not relevant to their service. Citing complaints from the public, the government agency said operators of the apps were found to have infringed the rules after authorities assessed several popular apps, including map navigation apps. 
  • Falun Gong-aligned media push fake news about Democrats and Chinese communists” By Josh Wilson — The Guardian. US news outlets aligned with Falun Gong, a religious movement locked in a decades-long conflict with the Chinese state, have been increasingly successful in promoting conspiracy narratives about Democrats, election fraud and communists to the pro-Trump right in America. Experts say that in a future post-pandemic landscape, the cable news channel NTD, and especially the multimedia enterprise the Epoch Times, may amplify the efforts of Republicans to link Joe Biden and Democrats to the Chinese Communist party (CCP), and to harden US public opinion against China.
  • Is Washington prepared for a geopolitical ‘tech race’?” By Scott Bade —TechCrunch. When Secretary of State Antony Blinken and National Security Advisor Jake Sullivan sat down with Chinese officials in Anchorage, Alaska for the first high-level bilateral summit of the new administration, it was not a typical diplomatic meeting. Instead of a polite but restrained diplomatic exchange, the two sides traded pointed barbs for almost two hours. “There is growing consensus that the era of engagement with China has come to an unceremonious close,” wrote Sullivan and Kurt Campbell, the Administration’s Asia czar also in attendance, back in 2019. How apt that they were present for that moment’s arrival. A little more than one hundred days into the Biden Administration, there is no shortage of views on how it should handle this new era of Sino-American relations. From a blue-ribbon panel assembled by former Google Chairman Eric Schmidt to a Politico essay from an anonymous former Trump Administration official that consciously echoes (in both its name and its author’s anonymity) George Kennan’s famous “Long Telegram” laying out the theory of Cold War containment, to countless think tank reports, it seems everyone is having their say.
  • Weapons, Ivory, and Other Items Banned by Etsy Still Widely Available on Marketplace, Investigation Finds” By Alyse Stanley — Gizmodo. The online marketplace Etsy has been flooded with activity since the pandemic’s onset as millions flocked to online shopping to stave off lockdown blues. However, that pandemic-fueled growth is also highlighting Etsy’s struggle to moderate what goes up for sale on its platform. A recent Insider investigation found roughly 800 listings that violate the company’s prohibited items policy, including pet remains, pornographic material, weapons, and a slew of mass-produced products being passed off as handmade items.
  • In nod to Trump, Florida is set to ban ‘deplatforming’ by tech companies” By David Ingram and Ben Kamisar — NBC News. Florida is on track to be the first state in the nation to punish social media companies that ban politicians like former President Donald Trump under a bill approved Thursday by the state’s Republican-led Legislature. Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill’s passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations. 
  • Clubhouse App Creates Space for Open Talk in Middle East” By Vivian Yee and Farnaz Fassihi — The New York Times. Faezeh Hashemi, the Iranian politician and daughter of a former president, is banned from speaking publicly in Iran. State television does not give her airtime. Conservative vigilantes have stormed her previous attempts to speak in public. Yet there she was, holding forth in a six-and-a-half-hour town hall meeting last month to an audience of more than 16,000 Iranians inside and outside of the country, calling for a secular state and for stripping absolute power from Iran’s supreme leader.
  • Inside Amazon’s shadow workforce in Mexico” By Christine Murray and Avi Asher-Schapiro — Thomson Reuters. After six months of shifts moving boxes at an Amazon warehouse near Mexico City as a contract worker, Jaime Hidalgo believed job security and brighter prospects beckoned when he received the company’s “blue badge” making him a member of staff. Hidalgo, 35, was convinced the mandatory overtime and 60-hour weeks had been worth it as he became a fully-fledged Amazon employee – but within weeks he was fired when a stomach bug meant more bathroom breaks and less time on the warehouse floor.
  • Stopping the Manipulation Machines” By Greg Bensinger — The New York Times. Some things are difficult by design. Consider Amazon. The company perfected the one-click checkout. But canceling a $119 Prime subscription is a labyrinthine process that requires multiple screens and clicks.

Coming Events

  • On 14 May, the House Armed Services Committee’s Cyber, Innovative Technologies, and Information Systems Subcommittee will hold a hearing titled “Operations in Cyberspace and building Cyber Capabilities Across the Department of Defense.”
  • On 20 May, the Federal Communications Commission (FCC) will hold an open meeting with this tentative agenda:
    • Reducing Interstate Rates and Charges for Incarcerated People – The Commission will consider a Third Report and Order, Order on Reconsideration, and Fifth Notice of Proposed Rulemaking that, among other actions, will lower interstate rates and charges for the vast majority of incarcerated people, limit international rates for the first time, and seek comment on further reforms to the Commission’s calling services rules, including for incarcerated people with disabilities. (WC Docket No. 12-375)
    • Strengthening Support for Video Relay Service – The Commission will consider a Notice of Proposed Rulemaking and Order to set Telecommunications Relay Services (TRS) Fund compensation rates for video relay service (VRS). (CG Docket Nos. 03-123, 10-51)
    • Enforcement Bureau Action – The Commission will consider an enforcement action.
    • Enforcement Bureau Action – The Commission will consider an enforcement action.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Adrien Delforge on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s