Other Developments, Further Reading, and Coming Events (18 May 2021)

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

Other Developments

• The Senate is considering the “Endless Frontier Act” (S.1260) this week and invoked cloture on the motion to proceed by an 86-11 vote, thus setting up a vote to end debate on this stage of consideration. The Senate Commerce, Science, and Transportation Committee released the bill as amended, but there will be other parts added, notably, the Senate Homeland Security and Governmental Affairs Committee’s “Securing America’s Future Act,” among others.
• On the Senate floor, one of the bill’s sponsors, Senate Majority Leader Chuck Schumer (D-NY), stated:
  • We are now one step closer to passing a bill that will keep our country one step ahead in science and technology for decades to come. It is my intention for the Senate to take up the Endless Frontier Act next week in a package with legislation to strengthen our alliances and partnerships; invest in the American semiconductor industry; ensure that China pays a price for its predatory actions; and boost advanced manufacturing, innovation, and critical supply chains.
  • For decades, American prosperity has been anchored by our unmatched capacity for innovation and invention in science and in technology. American innovation propelled American industry, and an American workforce brought those innovations to the global economy. But, unfortunately, Federal under-investment in sciences has seen our country slip, exposing critical weak spots  in  our  economy.  If  we  don’t  fix  them,  we  will  no  longer  be  the  No.  1  economic  leader  in  the  world  in  the  decade  to  come. 
  • So  it  is  an  imperative  that we do this. This is for our future— our  future  for  jobs,  our  future  for  economic  leadership,  and  our  future  for  world leadership. It  all  boils  down  to  science,  something  that  was  ignored,  unfortunately,  by  the  last  administration,  but,  fortunately,  bipartisan  unity  in  this  Senate  is bringing us back on the page that we need to do science.
  • The Endless Frontier Act would right the  ship  by  making  one  of  the  largest  investments in American innovation in generations,     allowing     the     United     States  to  outcompete  countries  like  China,  create  more  good-paying  jobs,  and  harden  our  economic  and  our  national security as well because this bill is  vital  to  national  security  as  well  as  to economic security.
• President Joe Biden signed an executive order that revoked a few of President Donald Trump’s executive orders, including Executive Order 13925, Preventing Online Censorship, that had directed the National Telecommunications and Information Administration (NTIA) to file a petition with the Federal Communications Commission (FCC) to initiate a rulemaking to construe portions of 47 USC 230 (aka Section 230). (see here for more detail on the Trump executive order and subsequent action.)
• Ireland’s High Court turned aside Facebook’s challenge to the Data Protection Commission’s effort to determine whether in light of the Court of Justice for the European Union’s decision striking down the adequacy decision for the United States (U.S.) whether Facebook’s transfers personal data out of the European Union to the U.S. are still legal and whether they should end. The Court decided Facebook’s objections lacked merit, and the DPC may proceed.
  • On 16^th July, 2020, the Court of Justice of the European Union (“CJEU”) delivered its landmark judgment in Case C-311/18 Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems (commonly now referred to as “Schrems II”) on a reference from the High Court (Costello J.). This case is about what happened after that judgment.
  • Following the judgment in Schrems II, the Data Protection Commission (“DPC”) decided to commence an “own volition” inquiry under s. 110 of the Data Protection Act, 2018 (the “2018 Act”) to consider whether the actions of Facebook Ireland Ltd (“FBI”) in making transfers of personal data relating to individuals in the European Union/European Economic Area are lawful and whether any corrective power should be exercised by the DPC in that regard. The DPC decided to commence the inquiry by issuing a “Preliminary Draft Decision” (“PDD”) to FBI on 28th August, 2020.
  • FBI took issue, on several grounds, with the decision by the DPC to commence the inquiry by means of the PDD and with the procedures adopted by the DPC. Mr. Schrems, who had made a complaint and a reformulated complaint to the statutory predecessor of the DPC, the Data Protection Commissioner, under the Data Protection Act, 1988 (the “1988 Act”), which had ultimately led to the reference by the High Court to the CJEU leading to the judgment in Schrems II, also took issue with the DPC’s decision and procedures on a number of grounds, some of which overlapped to an extent with the grounds advanced by FBI.
• The Data Protection Commission (DPC) and Maximillian Schrems reached a settlement that requires, in the words of none of your business (noyb), the DPC to “investigate an original 2013 complaint that lead to the Court of Justice for the European Union (CJEU) decision…[that] will run in parallel with the new “own volition” investigation.” noyb continued:
  • Today’s decision brings the seventh court case in a long-standing battle between Mr Schrems, the DPC and Facebook to an end. In 2013, Mr Schrems brought a complaint following the Snowden disclosures against Facebook, arguing that Facebook may not transfer his personal data to the United States, where surveillance laws require the sharing of personal data with the US government. The case was referred to the Court of Justice of the European Union (CJEU) twice, leading to the so-called “Schrems I” and “Schrems II” judgments, in which the CJEU decided that the DPC had to investigate Facebook and had a duty to stop the data transfers.
  • Instead of swiftly implementing the CJEU decisions, the DPC produced three “branches” off the main complaints procedure (see graphic below). In 2020 it started the third detour by opening an “own volition” procedure on exactly the same subject matter as the existing complaints procedure, while indefinitely “pausing” Mr Schrems’ complaints procedure. This would have ultimately removed Mr Schrems from his own case.
  • Settlement between DPC and Mr Schrems ensures swift decision, independent of High Court decision. Shortly before the Judicial Review of Mr Schrems would have been heard, the DPC gave in and settled the case. In the settlement, the DPC pledged to run the complaints procedure swiftly once the High Court decided on Facebook’s Judicial Review. In addition, if the second “own volition” procedure is allowed by the High Court, Mr Schrems would be able to participate in it.
  • In short: The settlement assured that the DPC would decide on Facebook’s data transfers in either one or two procedures.
  • Next Steps: Irish Decision and EDPB Procedure. After today’s judgment the DPC will have to swiftly implement the CJEU decision and prohibit Facebook’s EU-US transfers. In fall 2020 the DPC foresaw 21 days to hear from parties and another 21 days to finalise its decision, similar timelines are agreed in the settlement with Mr Schrems. Any national decision by the Irish DPC would likely have to get approved by the European Data Protection Board (EDPB), where the data protection authorities of all 28 EU member states can review the decision and object to it, if they disagree with the DPC’s findings. The deadline for an objection is four weeks and triggers a vote on the European level.
• The United States (U.S.) Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), “in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper.” CISA asserted:
  • The  fifth-generation (5G) of wireless technology represents a complete transformation of telecommunication networks, introducing a vast array of new connections, capabilities, and services. These advancements will provide the connection for billions of devices and will pave the way for applications that will enable new innovation, new markets, and economic growth around the world. However, these developments also introduce significant risks that threaten national security, economic security, and impact other national and global interests. Given these threats, 5G networks will be an attractive target for criminals and foreign adversaries to exploit for valuable information and intelligence.
  • To address these concerns, the United States National Telecommunications and Information Administration (NTIA) developed the National Strategy to Secure 5G, a strategic document that expands on how the United States Government will secure 5G infrastructure domestically and abroad. The National Strategy to Secure 5G aligns to the National Cyber Strategy and establishes four lines of effort: (1) facilitating the rollout of 5G domestically; (2) assessing the cybersecurity risks to and identifying core security principles of 5G capabilities and infrastructure; (3) addressing risks to United States economic and national security during development and deployment of 5G infrastructure worldwide; and (4) promoting responsible global development and deployment of secure and reliable 5G infrastructure.
  • In alignment with Line of Effort 2 in the National Strategy to Secure 5G, the Enduring Security Framework (ESF) was identified to assist with assessing risks and vulnerabilities to 5G infrastructure. This included building on existing capabilities in assessing and managing supply chain risk. As a result, the ESF 5G Threat Model Working Panel was established.1
  • The preliminary focus of the 5G Threat Model Working Panel was to explore and prioritize potential threat vectors that may be associated with the use of 5G non-standalone (NSA) networks. The working panel reviewed existing bodies of work to identify and generate an aggregated list of known and potential threats to the 5G environment, determined and developed sample scenarios of where 5G may be adopted, and assessed risks to 5G core technologies. This analysis paper represents the beginning of the Working Panel’s thinking on the types of risks introduced by 5G adoption in the Unites States, and not the culmination of it. This product is not an exhaustive risk summary or technical review of attack methodologies and is derived from the considerable amount of analysis that already exists on this topic, to include public and private research and analysis.
• The United Kingdom’s Office for Artificial Intelligence issued guidance titled “Ethics, Transparency and Accountability Framework for Automated Decision-Making.” The Office explained:
  • This 7 point framework will help government departments with the safe, sustainable and ethical use of automated or algorithmic decision-making systems.
  • It has been developed in line with guidance from government (such as the Data Ethics Framework) and industry, as well as relevant legislation. It supports the priorities of the Central Digital and Data Office, and aligns with wider cross- government strategies in the digital, data and technology space.
  • Departments should use the framework with existing organisational guidance and processes.
• South Africa’s Information Regulator (IR) announced plans to litigate against Facebook and WhatsApp after the company essentially refused to implement the same privacy policy for South Africa as for the European Union. The IR stated:
  • On the 15th of May 2021, WhatsApp will require users to accept new terms and conditions for using the App. The Information Regulator (Regulator) has after correspondence, written to WhatsApp LLC and requested it to revise the privacy policy in South Africa to the standard used in the European Union (EU). The Regulator has received no agreement from WhatsApp. Under the circumstances the Regulator is briefing attorneys to prepare an opinion on the way forward in terms of litigation.
  • It remains the Regulator’s assertion that the Protection of Personal Information Act (POPIA) has a privacy regime which is very similar to the EU regime, and therefore believes that WhatsApp should adopt the EU policy in South Africa, and other countries in the global south that have similar regimes. The Regulator remains of the view that despite WhatsApp operating in different legal and regulatory environments, there are effectively two privacy policies for the users of WhatsApp. There are substantial differences between the policies for users living in Europe compared to the one for users living outside of Europe.
• Australia’s Parliamentary Joint Committee on Intelligence and Security has published its “Advisory Report on the Telecommunications Legislation Amendment (International Production Orders) Bill 2020,” legislation the country must pass if it is to enter into an agreement with the United States under the “Clarifying Lawful Overseas Use of Data Act” (CLOUD Act.) As explained on the committee’s site, “[t]he Telecommunications Legislation Amendment (International Production Orders) Bill 2020 is drafted to amend the Telecommunications (Interception and Access) Act 1979 to:
  • provide a framework for Australian agencies to obtain independently-authorised international production orders for interception, stored communications and telecommunications data directly to designated communications providers in foreign countries with which Australia has a designated international agreement
  • amend the regulatory framework to allow Australian communications providers to intercept and disclose electronic information in response to an incoming order or request from a foreign country with which Australia has an agreement   
  • make amendments contingent on the commencement of the proposed Federal Circuit and Family Court of Australia Act 2020; and
  • remove the ability for nominated Administrative Appeals Tribunal members to issue certain warrants.
  • The Bill intends to provide for the legislative framework for Australia to give effect to future bilateral and multilateral agreements for cross-border access to electronic information and communications data, such as that being negotiated with the United States for the purposes of the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act).

Further Reading

• “They Hacked McDonald’s Ice Cream Machines—and Started a Cold War” By Andy Greenberg — WIRED. Of all the mysteries and injustices of the McDonald’s ice cream machine, the one that Jeremy O’Sullivan insists you understand first is its secret passcode.
• “Progressive Groups Fight AT&T and T-Mobile’s New Texting Rules” By Rachel Cohen — The Intercept. About a month out from the 2020 presidential election, an app called RoboKiller published the first glimpse into how campaigns and advocacy groups were leveraging political texts and calls to shape the race. The app, designed to block automated calls and spam texts, found that after June 2020, robocalls declined, but political text messaging picked up. By the end of September, Republicans had sent 1.8 billion texts to voters, and Democrats had sent 902 million.
• “Israeli-Palestinian fight spills over into social media” by Sara Fischer and Ashley Gold — Axios. As outrage about the conflict in Gaza and misinformation about clashes between Palestinians and Israelis snowball online, social media companies face yet another test of their capacity to manage their platforms.
• “Censorship, Surveillance and Profits: A Hard Bargain for Apple in China” By Jack Nicas, Raymond Zhong and Daisuke Wakabayashi — The New York Times. On the outskirts of this city in a poor, mountainous province in southwestern China, men in hard hats recently put the finishing touches on a white building a quarter-mile long with few windows and a tall surrounding wall. There was little sign of its purpose, apart from the flags of Apple and China flying out front, side by side.
• “Your tech devices want to read your brain. What could go wrong?” By Dalvin Brown — The Washington Post. Ramses Alcaide has spent over a decade thinking about thinking. As a PhD student at the University of Michigan in 2015, he developed a brain-computer interface that would allow people to control software and physical objects with their thoughts. Today, that interface is behind plans by a Boston-based start-up, Neurable, to begin shipping a set of brain-sensing headphones to let you know when you’re poised for peak productivity.
• “Groups say gunshot detection systems unreliable, seek review” By Don Babwin and Sara Burnett — Associated Press. The gunshot detection system that set in motion the recent fatal police shooting of a 13-year-old boy in Chicago routinely reports gunshots where there are none, sending officers into predominantly Black and Latino neighborhoods for “unnecessary and hostile” encounters, community groups argued in a court filing Monday.
• “Intel Community Needs Next-Gen Microelectronics for Future of AI” By Aaron Boyd — Nextgov. The intelligence community wants to take advantage of upcoming advances in machine learning and artificial intelligence but needs smaller, more powerful hardware to run those algorithms. The Intelligence Advanced Research Programs Activity—the advanced research arm of the intelligence community—released a broad agency announcement in support of research into the next generation of microelectronics, including processors, semiconductors and other hardware technologies.
• “Your Car Is Spying On You, And A CBP Contract Shows The Risks” By Sam Biddle — The Intercept. U.S. Customs and Border Protection purchased technology that vacuums up reams of personal information stored inside cars, according to a federal contract reviewed by The Intercept, illustrating the serious risks in connecting your vehicle and your smartphone. The contract, shared with The Intercept by Latinx advocacy organization Mijente, shows that CBP paid Swedish data extraction firm MSAB $456,073 for a bundle of hardware including five iVe “vehicle forensics kits” manufactured by Berla, an American company. A related document indicates that CBP believed the kit would be “critical in CBP investigations as it can provide evidence [not only] regarding the vehicle’s use, but also information obtained through mobile devices paired with the infotainment system.” The document went on to say that iVe was the only tool available for purchase that could tap into such systems.

Coming Events

• On 18 May, the House Homeland Security Committee will markup technology related legislation, including bills to address the recent Colonial Pipeline ransomware attack:
  • H.R. 2795, The “DHS Blue Campaign Enhancement Act”
  • H.R. 2980, The “Cybersecurity Vulnerability Remediation Act”
  • H.R. 3138, The “State and Local Cybersecurity Improvement Act”
  • H.R. 3223, The “CISA Cyber Exercise Act”
  • H.R. ____, The “Pipeline Security Act”
  • H.R. ____, The “DHS Medical Countermeasures Act”
  • H.R. ____, The “Domains Critical to Homeland Security Act”
• The Senate Armed Services Committee’s Cybersecurity Committee will hold a hearing on 18 May titled “Cybersecurity of the Defense Industrial Base” with these witnesses:
  • Rear Admiral William Chase III, Deputy Principal Cyber Advisor to the Secretary of Defense and Director of Protecting Critical Technology Task Force
  • Mr. Jesse Salazar, Deputy Assistant Secretary of Defense for, Industrial Policy
• The House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee will hold an 18 May hearing titled “Promises and Perils: The Potential of Automobile Technologies” a week after the National Transportation Safety Board (NTSB) issued its preliminary report “for its ongoing investigation of the fatal, April 17, 2021, crash of a 2019 Tesla Model S near Spring, Texas” with these witnesses:
  • Jason Levine, Executive Director, Center for Auto Safety
  • Greg Regan, President, Transportation Trades Department, AFL-CIO
  • Professor Ragunathan Rajkumar, Department of Electrical and Computer Engineering, Carnegie Mellon University
• On 18 May, two House Appropriations Committee subcommittees will hold hearings:
  • The Financial Services and General Government Subcommittee will hold a hearing titled “The Need for Universal Broadband: Lessons from the COVID-19 Pandemic” with these witnesses:
    • Joi Chaney, National Urban League
    • Matt Dunne, Center on Rural Innovation
    • Max Stier, Partnership for Public Service
  • The Defense Subcommittee will hold a closed hearing titled “National Security Agency and Cyber Command FY 2022 Posture” with the head of the National Security Agency and United States Cyber Command General Paul Nakasone testifying.
• The Senate Commerce, Science, and Transportation Committee’s Consumer Protection, Product Safety, and Data Security Subcommittee will hold a hearing on 18 May titled “Protecting Kids Online: Internet Privacy and Manipulative Marketing” with these witnesses:
  • Ms. Angela Campbell, Professor of Law and Co-Director, Institute for Public Representation
  • Mr. Serge Egelman, Research Director, Usable Security and Privacy, International Computer Science Institute, University of California Berkeley
  • Ms. Beeban Kidron, Founder and Chair, 5Rights
• On 18 May, the Senate Finance Committee will hold a hearing titled “Funding and Financing Options to Bolster American Infrastructure” with these witnesses:
  • Joseph Kile, Ph.D., Director of Microeconomic Analysis, Congressional Budget Office
  • Victoria F. Sheehan, President, American Association of State Highway and Transportation Officials
  • Heather Buch, Subcommittee Chair, Transportation Steering Committee, National Association of Counties
  • Shirley Bloomfield, Chief Executive Officer, NTCA – The Rural Broadband Association
• The Senate Homeland Security and Governmental Affairs Committee will hold a hearing titled “Examining the Role of the Department of Homeland Security’s Office of Intelligence and Analysis” on 18 May with these witnesses:
  • The Honorable Francis X. Taylor, Former Under Secretary for Intelligence and Analysis (2014-2017), U.S. Department of Homeland Security
  • Patricia Cogswell, Former Deputy Administrator (2018-2020), Transportation Security Administration, U.S. Department of Homeland Security
  • Mike Sena, President, National Fusion Center Association
  • Faiza Patel, Director, Liberty & National Security Program, Brennan Center for Justice, New York University School of Law
• On 19 May, the House Ways and Means Committee will hold a hearing titled “Leveraging the Tax Code for Infrastructure Investment” but witnesses have not yet been announced.
• The Senate Judiciary Committee’s Competition Policy, Antitrust, and Consumer Rights Subcommittee will hold a 19 May hearing titled “Antitrust Applied: Hospital Consolidation Concerns and Solutions” but no witnesses have been announced.
• On 20 May, the House Appropriations Committee’s Defense Subcommittee will hold a closed hearing on the Intelligence Community’s World Wide Threat Assessment and the FY 2022 National Intelligence Program/Military Intelligence Program Posture with these witnesses:
  • The Honorable Avril Haines, the Director of National Intelligence
  • The Honorable David M. Taylor, Performing Under Secretary of Defense for Intelligence & Security, Department of Defense
• The Commerce, Science, and Transportation will consider Eric Lander’s nomination to be the Director of the Office of Science and Technology Policy (OSTP) on 20 May.
• The House Select Committee on the Climate Crisis will hold a 20 May hearing titled “Powering Up Clean Energy: Investments to Modernize and Expand the Electric Grid” with these witnesses:
  • Linda Apsey, President and CEO, ITC Holdings Corp. Apsey is responsible for the strategic vision and overall business operations of ITC, the largest independent electricity transmission company in the United States. Based in Michigan, the company owns and operates high-voltage transmission infrastructure in Michigan, Iowa, Minnesota, Illinois, Missouri, Kansas and Oklahoma, with plans underway to expand to Wisconsin.
  • Donnie Colston, Director, Utility Department, International Brotherhood of Electrical Workers (IBEW). Colston manages issues related to collective bargaining agreements, working conditions, safety-related work practices, and apprenticeship training. A utility lineman, he started his career in transmission and distribution construction before working as an electric troubleman. He has been a member of the IBEW Local Union 2100, which represents the employees of Louisville Gas and Electric Company (LG&E) and Kentucky Utilities Company (KU), for more than four decades.
  • Michael Skelly, Founder and President, Grid United. Skelly is a renewable energy entrepreneur and pioneer in the U.S. wind industry who currently leads Grid United, an early-stage transmission development company. He was previously the founder and president of Clean Line Energy, a company that successfully permitted some of the longest transmission lines in the United States in the last 50 years.
  • Emily Sanford Fisher, General Counsel, Corporate Secretary & Senior Vice President, Clean Energy Edison Electric Institute (EEI). Sanford Fisher manages EEI’s litigation and legal affairs at EEI, an association that represents all investor-owned electric companies in the United States. She also oversees and coordinates strategic clean energy engagement across EEI and across the federal government.
• The House Armed Services Committee’s Cyber, Innovative Technologies, and Information Systems Subcommittee will hold a 20 May hearing titled “Reviewing Department of Defense Science and Technology Strategy, Policy, and Programs for Fiscal Year 2022: Fostering a Robust Ecosystem for Our Technological Edge” with these witnesses:
  • Ms. Barbara McQuiston, Acting, Under Secretary of Defense for Research and Engineering (USD(R&E)), Office of the Secretary of Defense
  • Dr. Philip Perconti, Deputy Assistant Secretary of the Army for Research and Technology (DASA R&T), Department of the Army
  • Ms. Joan “JJ” Johnson, Deputy Assistant Secretary of the Navy Research, Development, Test, and Engineering (DASN RDTE), Department of the Navy
  • Ms. Kristin Baldwin, Assistant Secretary of the Air Force for Acquisition, Technology and Logistics for Science Technology, and Engineering (SAF/AQR), Department of the Air Force
• On 20 May, the House Veterans Affairs Committee’s Technology Modernization Subcommittee will hold a hearing titled “Cybersecurity and Risk Management at VA: Addressing Ongoing Challenges and Moving Forward” but no witnesses have been announced.
• On 20 May, the Federal Communications Commission (FCC) will hold an open meeting with this tentative agenda:
  • Reducing Interstate Rates and Charges for Incarcerated People – The Commission will consider a Third Report and Order, Order on Reconsideration, and Fifth Notice of Proposed Rulemaking that, among other actions, will lower interstate rates and charges for the vast majority of incarcerated people, limit international rates for the first time, and seek comment on further reforms to the Commission’s calling services rules, including for incarcerated people with disabilities. (WC Docket No. 12-375)
  • Strengthening Support for Video Relay Service – The Commission will consider a Notice of Proposed Rulemaking and Order to set Telecommunications Relay Services (TRS) Fund compensation rates for video relay service (VRS). (CG Docket Nos. 03-123, 10-51)
  • Shortening STIR/SHAKEN Extension for Small Providers Likely to Originate Robocalls – The Commission will consider a Further Notice of Proposed Rulemaking to fight illegal robocalls by proposing to accelerate the date by which small voice service providers that originate an especially large amount of call traffic must implement the STIR/SHAKEN caller ID authentication framework. (WC Docket No. No 17-97)
  • Section 214 Petition for Partial Reconsideration for Mixed USF Support Companies – The Commission will consider an Order on Reconsideration to relieve certain affiliates of merging companies that receive model-based and rate-of-return universal service support from a “mixed support” merger condition cap. (WC Docket No. 20-389) 
  • Enforcement Bureau Action – The Commission will consider an enforcement action.
  • Enforcement Bureau Action – The Commission will consider an enforcement action.
• On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Ulrike Mai from Pixabay