Other Developments, Further Reading, and Coming Events (25 May 2021)

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

Other Developments

Photo by Claudio Schwarz | @purzlbaum on Unsplash
  • Germany’s competition regulator, the Bundeskartellamt, has opened proceedings against Amazon based on powers granted to the agency in a January 2021 law. The Bundeskartellamt explained it “initiated a proceeding against Amazon based on the new rules for large digital companies,” the second since “the 10th amendment to the German Competition Act (GWB Digitalisation Act) came into force.” In late January, the  Bundeskartellamt initiated proceedings into Facebook and its subsidiary Oculus. The agency further explained:
    • In January 2021 the 10th amendment to the German Competition Act (GWB Digitalisation Act) came into force. A key new provision set forth in Section 19a GWB now enables the authority to intervene earlier and more effectively, in particular against the practices of large digital companies. The Bundeskartellamt can prohibit companies which are of paramount significance for competition across markets from engaging in certain anti-competitive practices. Examples of conduct which could be prohibited under the new provision include the self-preferencing of a group’s own services, the “penetration” of non-dominated markets by way of non-performance based anti-competitive means, such as tying or bundling strategies, or creating or raising barriers to market entry by processing data relevant for competition.
    • The Bundeskartellamt is also currently conducting two proceedings against Amazon based on the abuse control rules which were already in place before the latest amendment to the competition law. In one proceeding the authority is examining to what extent Amazon is influencing the pricing of sellers on Amazon Marketplace by means of price control mechanisms and algorithms. In a second proceeding it is examining to what extent agreements between Amazon and brand manufacturers, including Apple, which exclude third-party sellers from selling brand products on Amazon Marketplace constitute a violation of competition rules.
  • The European Parliament passed a resolution calling on the European Commission (EC) to rewrite its adequacy decisions regarding data transfers to the United Kingdom (UK). The Parliament also rejected a resolution that would have declared the UK’s data protection regime to be essentially equivalent to the European Union’s (EU).  In its press release, the Parliament stated:
    • In a resolution passed on Friday (344 votes in favour, 311 against and 28 abstaining), MEPs ask the Commission to modify its draft decisions on whether or not UK data protection is adequate and data can safely be transferred there, bringing them in line with the latest EU court rulings and responding to concerns raised by the European Data Protection Board (EDPB) in its recent opinions. The EDPB considers that UK bulk access practices, onward transfers and its international agreements need to be clarified further. The resolution states that, if the implementing decisions are adopted without changes, national data protection authorities should suspend transfers of personal data to the UK when indiscriminate access to personal data is possible.
    • Before the vote, MEPs debated the UK adequacy decision and the “Schrems II” resolution on EU-US data flows. Several political groups emphasised the need for strong data rights in Europe and the dangers of mass surveillance, with others arguing that the UK has a high level of data protection, and that adequacy decisions help businesses and facilitate cross-border crime-prevention.
  • The Council of the European Union has issued a progress report on its working party to review the European Commission’s (EC) Digital Markets Act. The Council stated:
    • Even though Member States have reserved their positions pending the ongoing discussions, the Presidency has identified a general support among the Member States for the level of ambition of the proposal, its overall objectives and the need for swift approval. In particular, the Presidency has recognised broad support for (i) the need to find a fair balance between speedy and flexible procedures, on one hand, and legal certainty of the measures, on the other; (ii) the combination of quantitative and qualitative thresholds for designating gatekeepers and (iii) the importance of effective investigative instruments, supported by effective sanctions. 13.Basedon the discussions at Working Party level held so far, the Presidency identifies the following main issues from a political and legal point of view, which will require further work in the negotiations:
      • Role of Member States in the enforcement of the DMA
      • Delegated acts
      • Scope, legal basis and interplay of DMA with other legislation
      • Designation of gatekeepers, obligations and regulatory dialogue
      • Other issues:
        • Whether some obligations should factor in the gatekeepers’ ecosystems;
        • Duration of market investigations and the threshold for systematic non-compliance remedies;
        • Scope and threshold for interim measures.
  • House Science, Space, and Technology Chair Eddie Bernice Johnson (D-TX) and Ranking Member Frank Lucas (R-OK) sent a letter to Secretary of Energy Jennifer Granholm “to request a briefing on the Colonial Pipeline Company ransomware attack.” They argued:
    • As the Sector Risk Management Agency for the energy sector,2the Department of Energy (DOE) plays a vital role in securing critical energy infrastructure from cyberattacks. This responsibility includes using the agency’s specialized expertise to assist critical infrastructure owners and operators with mitigating threats, assessing sector risks, and supporting security incident management for the energy sector. DOE’s knowledge of our energy sector and the nuanced challenges facing various energy assets uniquely positions it to confront this emerging threat to our national security. Though pipeline cybersecurity implicates multiple federal entities such as the Department of Homeland Security’s Transportation Security Administration and Cybersecurity and Infrastructure Security Agency, the Federal Energy Regulatory Commission, and the National Institute of Standards and Technology, these threats demand robust and efficient coordination, both among federal entities and with other stakeholders within the energy sector. While DOE recently announced a “100 day plan” to address cybersecurity risks for the United States electric system, we seek additional information on how DOE’s current and forthcoming cybersecurity activities incorporate energy resources transmitted via pipelines.
  • The United States Government Accountability Office (GAO) issued its annual report on fragmentation, overlap, and duplication and highlighted the following technology programs:
    • New Fragmentation, Overlap, and Duplication Areas Identified in This Report
      • Category Management: The Office of Management and Budget should further its Category Management initiative to improve how agencies buy common goods and services by taking such actions as addressing its data management challenges and establishing additional performance metrics to help save the federal government billions of dollars over the next 5 years, as well as potentially eliminate duplicative contracts.
      • Employment-Related Identity Fraud: The Internal Revenue Service and Social Security Administration should better manage fragmentation to identify potentially fraudulent wages, more effectively manage benefit programs, and enhance revenue.
      • Federal Cybersecurity Requirements and Assessments of States: By improving coordination of fragmented cybersecurity requirements and related assessment programs for state agencies, federal agencies could potentially minimize the burden on states and save millions of dollars in associated federal and state costs.
      • Federal IT Contract Duplication: Agencies can realize savings of potentially millions to hundreds of millions of dollars by ensuring that their efforts to reduce duplicative information technology contracts are fully aligned with key Office of Management and Budget category management principles and practices and are informed by analyses of agency spending on products and services.
    • New Cost Savings and Revenue Enhancement Opportunities Identified in This Report
      • Federal Agencies’ Telecommunication Transition Planning Practices: Federal agencies could save tens of millions of dollars on telecommunications by analyzing their requirements to help identify areas that could be optimized and services that could be shared across agencies.
    • New Actions Added to Existing Areas in 2021
      • Weapon Systems Acquisition Programs: In October 2020, GAO identified one new action for the Army to make informed decisions related to weapon systems modernization to better manage fragmentation involving certain agreements for prototype projects.
      • to help the Office of Management and Budget improve data center consolidation and optimization reporting. GAO also identified four new actions to help federal agencies meet data center cost savings and optimization goals, which could result in hundreds of millions of dollars in savings.
  • The House Homeland Security Committee marked up and reported out over a dozen bills at two sessions last week (here and here), some of which were in direct response to the Colonial Pipeline ransomware attack.
    • H.R. 3243, The “Pipeline Security Act” To  codify  the  Transportation  Security  Administration’s  responsibility  relating  to  securing  pipelines  against  cybersecurity  threats,  acts  of  terrorism,  and  other  nefarious  acts  that  jeopardize  the  physical  security  or  cybersecurity of pipelines, and for other purposes.
    • H.R. 3264, The “Domains Critical to Homeland Security Act” To  amend  the  Homeland  Security  Act  of  2002  to  require  research  and  development  to  identify  and  evaluate  the  extent  to  which  critical  domain  risks  within  the  United  States  supply  chain  pose  a  substantial  threat  to  homeland  security,  and  for  other  purposes.
  • The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport (DCMS) has published the government response’s to the consultation on the National Data Strategy. The DCMS stated:
    • This update provides an overview and analysis of key findings from the consultation, which took place between the 9th of September and the 9th of December 2020. We received over 250 consultation responses from a wide range of respondents — spanning technology companies (including both tech giants and SMEs), to members of the public, academic institutions, think-tanks, civil society and public sector organisations.
    • Respondents generally welcomed our framing of data as a strategic asset that should be used for economic and social benefit and tended to agree that the strategy identified the right pillars and missions in order to make the most of the opportunities presented by better data use. Respondents broadly agreed that data use should not just be considered as a threat to be managed, but also embraced as an opportunity to drive productivity and innovation across the economy, fuel scientific research, revolutionise the public sector and create a fairer and more prosperous society for all. Respondents also highlighted the potential for data use to support wider government priorities, such as those set out in the Integrated Review of Security, Defence, Development and Foreign Policy, as well as our ambitions to build back better, transition to net zero and to level up the UK’s regions. This perspective was complemented by numerous case studies highlighting responsible data use throughout the coronavirus pandemic showcasing the value of data use for public good.
    • However, respondents also stressed the need to ensure that the data revolution works for everyone, everywhere. This included drawing attention to specific challenges around incorrect or inappropriate uses of data (often expressed as data bias), digital inclusion and connectivity, as well as the need for all citizens to have the appropriate skills to operate and thrive in a data-driven economy. With this in mind, respondents highlighted the importance of continued stakeholder engagement. This will help bring in diverse perspectives from across industry, academia, civil society and the wider public to support implementation and inform future policy development.
    • Above all, respondents’ feedback confirmed that maintaining a high level of public support for data use will be key to unlocking the power of data. Creating a trustworthy data regime that maintains high data protection standards and enables responsible data use will ensure that the benefits of the data revolution are felt by all people, in all places.
  • A United Nations’ (UN) ad hoc committee has convened to work on a cybercrime treaty. The UN issued a note explaining setting out “the logistical and procedural aspects for the organizational session of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes.” The UN also made available other documents for the meeting. The UN provided background on the meeting:
    • Through its resolution 74/247, adopted on 27 December 2019, the General Assembly, inter alia, took note of Commission on Crime Prevention and Criminal Justice resolution 26/4 of 26 May 2017, in which the Commission expressed appreciation for the work done by the Expert Group to Conduct a Comprehensive Study on Cybercrime and requested the Expert Group to continue its work, with a view to examining options to strengthen existing responses and propose new national and international legal or other responses to cybercrime, and in this regard reaffirmed the role of the United Nations Office on Drugs and Crime (UNODC).
    • In the same resolution, the General Assembly decided to establish an open-ended ad hoc intergovernmental committee of experts, representative of all regions, to elaborate a comprehensive international convention on countering the use of information and communications technologies for criminal purposes, taking into full consideration existing international instruments and efforts at the national, regional and international levels on combating the use of information and communications technologies for criminal purposes, in particular the work and outcomes of the open-ended intergovernmental Expert Group to Conduct a Comprehensive Study on Cybercrime

Further Reading

Photo by Sigmund on Unsplash
  • DHS to issue first-ever cybersecurity regulations for pipelines after Colonial hack” By Ellen Nakashima and Lori Aratani — The Washington Post. The Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time in an effort to prevent a repeat of a major computer attack that crippled nearly half the East Coast’s fuel supply this month — an incident that highlighted the vulnerability of critical infrastructure to online attacks. The Transportation Security Administration, a DHS unit, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities, senior DHS officials said. It will follow up in coming weeks with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked, the officials said. The agency has offered only voluntary guidelines in the past.
  • Credit Card Ads Were Targeted by Age, Violating Facebook’s Anti-Discrimination Policy” By Corin Faife and Alfred Ng — The Markup. “Get the credit card that plants a tree with every purchase,” prompts the text of a Facebook ad for Aspiration’s Zero credit card (tagline: One Card. Zero Footprint). The ad was visible to people of any gender based anywhere in the U.S., but the advertiser asked that Facebook not show it to anyone under 25.
  • Israel Is a Cyber Superpower But Chooses Bombs to Fight Hackers in Gaza” By Emanuel Maiberg and Lorenzo Franceschi-Bicchierai — Vice. One way Israel describes itself as an exceptional Middle Eastern nation is with its technological prowess. It produces mountains of scientific research, Nobel laureates, and, as Motherboard has reported over the years, is a major cybersecurity player globally, both because of its government operations and booming private sector, which exports everything from network security products to hacking tools from firms like NSO Group and Cellebrite. 
  • App used by emergency services under scrutiny” By Jane Wakefield — The BBC. Questions have been raised about a digital addressing system which divides the world up into three-by- three-metre squares to pinpoint someone’s location. What3Words (W3W) gives each square a unique three-word address, and the app is used by 100 UK emergency services.
  • Telecom Italia looking to drop Huawei from Italy 5G network – sources” By Elvira Pollina and Supantha Mukherjee — Reuters. Telecom Italia (TLIT.MI) is looking to cancel a contract with Huawei (HWT.UL) for supplying equipment to build part of the telecom firm’s 5G network in Italy, three sources close to the matter said on Thursday.
  • “‘A Perfect Positive Storm’: Bonkers Dollars for Big Tech” By Shira Ovide — The New York Times. In the Great Recession more than a decade ago, big tech companies hit a rough patch just like everyone else. Now they have become unquestioned winners of the pandemic economy.
  • Microsoft discloses ‘BadAlloc’ bugs affecting smart devices, industrial gear” By Catalin Cimpanu — The Record. One of Microsoft’s bug hunting teams has discovered 25 vulnerabilities impacting a broad spectrum of smart IoT devices and industrial equipment.
  • Scammers Are Hacking Target’s Gig Workers and Stealing Their Money” by Lauren Kaori Gurley — Vice. On the morning of March 28, a gig worker near Tampa, Florida, was shopping an order for Shipt, Target’s delivery platform, when he received an email from “Shipt Support” asking him to reset his password.
  • Hooked” By Lucy CarterLesley RobinsonLaura Gartry and Alex Palmer, Four Corners and Digital Story Innovation Team — ABC News. In late 2020, Four Corners launched a crowdsourced investigation into video gaming and received more than 3,000 responses. Many gamers told us how much they enjoyed playing, but others raised concerns about how focused gaming had become on profiting from them. Games played on mobiles, consoles and computers have become extremely sophisticated, often with artificial intelligence and data collection built into the platform. Gaming researchers are warning that gamers often don’t know “how much the game is actually playing them”. “Many of these games are using machine learning, they’re tracking what players are doing using people’s information and within their social network, to make very strong predictions about how people will behave,” said Daniel King, a clinical psychologist from Flinders University.
  • Conflict with China a ‘high likelihood’, says top Australian general” By Nick McKenzie and Anthony Galloway — The Sydney Morning Herald. One of the nation’s top military commanders told his troops that Beijing is already engaged in “grey zone” warfare against Australia and they must plan for the high likelihood this may spill over into actual conflict in the future.
  • India doesn’t name Huawei among participants in 5G trials” — Reuters. India will allow mobile carriers to carry out 5G trials with equipment makers including Ericsson, Nokia, and Samsung’s network unit, the government said on Tuesday, but did not name China’s Huawei among the participants.
  • Preparing for a World of Holocaust Deepfakes” By Claire Leibowicz — Tablet. The problem with the most pernicious lies is that they are often based on elements of truth. In a now-famous image known as the Ivanhorod Einsatzgruppen photograph, six huddling Jews were captured on film while being menaced by a rifle-wielding German soldier in Ukraine. Taken in 1942 by an unknown individual, the image was intercepted by the Polish resistance and eventually made its way into public view after the war, providing a chilling personal window into the horrors of the Holocaust.
  • The global chip shortage is a much bigger problem than everyone realised. And it will go on for longer, too” By Daphne Leprince-Ringuet — ZDNet. “Out of stock”: the frustrating warning has made its way to an increasing number of phones and laptop manufacturers’ websites over the past year, often leading to long waiting lists for consumers wishing to get their hands on shiny new electronics. At the heart of the problem is a global shortage of semiconductors, which is not showing signs of coming to an end anytime soon. Worse still, it is likely to trickle down to the production of everyday products that have little in common, at first glance, with high-end technologies. Think children’s toys or microwaves. 
  • Peloton’s leaky API let anyone grab riders’ private account data” By Zack Whittaker — Tech Crunch. Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed anyone to pull users’ private account data directly from Peloton’s servers, even with their profile set to private.

Coming Events

Photo by Danny Howe on Unsplash
  • On 25 May, the House Science, Space, and Technology Committee’s Investigations and Oversight and Research and Technology Subcommittees will hold a joint hearing titled “SolarWinds and Beyond: Improving the Cybersecurity of Software Supply Chains” with these witnesses:
    • Mr. Matthew Scholl, Chief, Computer Security Division of the Information Technology Laboratory, National Institute of Standards and Technology (NIST)
    • Dr. Trey Herr, Director, Cyber Statecraft Initiative, Atlantic Council
    • Ms. Katie Moussouris, Founder and CEO, Luta Security
    • Mr. Vijay D’Souza, Director, Information Technology and Cybersecurity, Government Accountability Office (GAO)
  • The Senate Appropriations Committee’s Commerce, Justice, Science Subcommittee will hold a hearing on the Department of Commerce’s FY 2022 budget request on 26 May.
  • On 26 May, the Senate Appropriations Committee’s Homeland Security Subcommittee will hold a hearing on the Department of Homeland Security’s FY 2022 budget request.
  • The House Financial Services Committee’s Oversight and Investigations Subcommittee will hold a 27 May hearing titled “Consumer Credit Reporting: Assessing Accuracy and Compliance” with these witnesses:
    • Ms. Sandy Anderson, Senior Vice President, Strategy and Operations, Experian Credit Services
  • On 27 May, the House Judiciary Committee’s Courts, Intellectual Property, and the Internet Subcommittee will hold a hearing titled “The SHOP SAFE Act: Stemming the Rising Tide of Unsafe Counterfeit Products Online.”
  • On 27 May, the House Science, Space, and Technology Committee will hold a hearing titled “Overview of the Science and Energy Research Enterprise of the U.S. Department of Energy” with Secretary of Energy Jennifer Granholm.
  • The House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee will markup the bill to restore the Federal Trade Commission’s Section 13(b) powers, the “Consumer Protection and Recovery Act” (H.R.2668) on 27 May.
  • On 2-3 June, the National Institute of Standards and Technology (NIST) will hold a virtual workshop “to enhance the security of the software supply chain and to fulfill the President’s Executive Order (EO) on improving the Nation’s Cybersecurity, issued on May 12, 2021.”
  • On 9 June, the House Homeland Security Committee will hold a hearing on the Colonial Pipeline ransomware attack with the company’s CEO.
  • On 17 June the Senate Appropriations Committee will hold a hearing on the Department of Defense’s FY 2022 budget request.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Evgeny Tchebotarev from Pexels

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s