Other Developments, Further Reading, and Coming Events (26 May 2021)

5G, Artificial Intelligence, Broadband, Coming Events, Cyber Crime, Cybersecurity, Data Protection, data security, DOD, EU, FISA, Fourth Amendment, FTC, Further Reading, GDPR, Misinformation, NSA, NTIA, Other Developments, privacy, Ransomware, Russia, Section 230, Social Media, Technology, Telecommunications, United States 18 Minutes

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

Other Developments

Image by kalhh from Pixabay
  • The European Court of Human Rights (ECHR) ruled in three cases filed “following revelations by Edward Snowden concerning the electronic surveillance programmes operated by the intelligence services of the United States of America (USA) and the United Kingdom (UK).” The court explained the litigants “all believed that due to the nature of their activities, their electronic communications were likely to have either been intercepted by the United Kingdom intelligence services; obtained by the United Kingdom intelligence services after being intercepted by foreign governments; and/or obtained by the United Kingdom authorities from communications service providers (“CSPs”).” The ECHR stated in its press release that it held “in the case of Big Brother Watch and Others v. the United Kingdom (application nos. 58170/13, 62322/14 and 24969/15) the European Court of Human Rights held:
    • unanimously, that there had been a violation of Article 8 of the European Convention (right to respect for private and family life/communications) in respect of the bulk intercept regime;
    • unanimously that there had been a violation of Article 8 in respect of the regime for obtaining communications data from communication service providers;
    • by 12 votes to 5, that there had been no violation of Article 8 in respect of the United Kingdom’s regime for requesting intercepted material from foreign Governments and intelligence agencies;
    • unanimously, that there had been a violation of Article 10 (freedom of expression), concerning both the bulk interception regime and the regime for obtaining communications data from communication service providers; and
    • by 12 votes to 5, that there had been no violation of Article 10 in respect of the regime for requesting intercepted material from foreign Governments and intelligence agencies.
    • The case concerned complaints by journalists and human-rights organisations in regard to three different surveillance regimes: (1) the bulk interception of communications; (2) the receipt of intercept material from foreign governments and intelligence agencies; (3) the obtaining of communications data from communication service providers.
    • At the relevant time, the regime for bulk interception and obtaining communications data from communication service providers had a statutory basis in the Regulation of Investigatory Powers Act 2000. This has since been replaced by the Investigatory Powers Act 2016. The findings of the Grand Chamber relate solely to the provisions of the 2000 Act, which had been the legal framework in force at the time the events complained of had taken place.
    • The Court considered that, owing to the multitude of threats States face in modern society, operating a bulk interception regime did not in and of itself violate the Convention. However, such a regime had to be subject to “end-to-end safeguards”, meaning that, at the domestic level, an assessment should be made at each stage of the process of the necessity and proportionality of the measures being taken; that bulk interception should be subject to independent authorisation at the outset, when the object and scope of the operation were being defined; and that the operation should be subject to supervision and independent ex post facto review.
    • Having regard to the bulk interception regime operated in the UK, the Court identified the following deficiencies: bulk interception had been authorised by the Secretary of State, and not by a body independent of the executive; categories of search terms defining the kinds of communications that would become liable for examination had not been included in the application for a warrant; and search terms linked to an individual (that is to say specific identifiers such as an email address) had not been subject to prior internal authorisation.
    • The Court also found that the bulk interception regime had breached Article 10, as it had not contained sufficient protections for confidential journalistic material.
    • The regime for obtaining communications data from communication service providers was also found to have violated Articles 8 and 10 as it had not been in accordance with the law.
    • However, the Court held that the regime by which the UK could request intelligence from foreign governments and/or intelligence agencies had had sufficient safeguards in place to protect against abuse and to ensure that UK authorities had not used such requests as a means of circumventing their duties under domestic law and the Convention.
  • The European Court of Human Rights (ECHR) issued a decision against the Swedish government’s communications interception program. In its press release, the ECHR stated:
    • In today’s Grand Chamber judgment in the case of Centrum för rättvisa v. Sweden (application no. 35252/08) the European Court of Human Rights held, by a majority of 15 votes to 2, that there had been:
    • a violation of Article 8 (right to respect for private and family life, the home and correspondence) of the European Convention on Human Rights.
    • The case concerned the alleged risk that the applicant foundation’s communications had been or would be intercepted and examined by way of signals intelligence, as it communicated on a daily basis with individuals, organisations and companies in Sweden and abroad by email, telephone and fax, often on sensitive matters.
    • The Court found, in particular, that although the main features of the Swedish bulk interception regime met the Convention requirements on quality of the law, the regime nevertheless suffered from three defects: the absence of a clear rule on destroying intercepted material which did not contain personal data; the absence of a requirement in the Signals Intelligence Act or other relevant legislation that, when making a decision to transmit intelligence material to foreign partners, consideration was given to the privacy interests of individuals; and the absence of an effective ex post facto review. As a result of these deficiencies, the system did not meet the requirement of “end-to-end” safeguards, it overstepped the margin of appreciation left to the respondent State in that regard, and overall did not guard against the risk of arbitrariness and abuse, leading to a violation of Article 8 of the Convention.
  • The White House announced President Joe Biden and President Vladimir Putin will meet in Geneva, Switzerland on 16 June to “discuss the full range of pressing issues, as we seek to restore predictability and stability to the U.S.-Russia relationship.” Undoubtedly, Biden will bring up Russian interference in the 2016, 2018, and 2020 elections, the SolarWinds hacks, and the criminal organization, DarkSide, that pioneered the ransomware that was inflicted on Colonial Pipeline that may have links to or operated in the Russian Federation.
  • The Colorado Senate passed the “Protect Personal Data Privacy” (SB21-190), sending the bill to the House. This bill does not give Colorado residents the right to sue for privacy violations, suggesting the tech industry likely had a hand in crafting the legislation and likely approves of it. The Senate offered a summary of the bill as introduced:
    • The bill creates personal data privacy rights and:
      • Applies to legal entities that conduct business or produce products or services that are intentionally targeted to Colorado residents and that either:
      • Control or process personal data of more than 100,000 consumers per calendar year; or
      • Derive revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers; and
      • Does not apply to personal data governed by listed state and federal laws, listed activities, and employment records.
    • Consumers have the right to opt out of the processing of their personal data; access, correct, or delete the data; or obtain a portable copy of the data. The bill defines a “controller” as a person that, alone or jointly with others, determines the purposes and means of processing personal data. A “processor” means a person that processes personal data on behalf of a controller.
    • The bill:
      • Specifies how controllers must fulfill duties regarding consumers’ assertion of their rights, transparency, purpose specification, data minimization, avoiding secondary use, care, avoiding unlawful discrimination, and sensitive data;
      • Requires controllers to conduct a data protection assessment for each of their processing activities involving personal data that present a heightened risk of harm to consumers, such as processing for purposes of targeted advertising or processing sensitive data; and
      • May be enforced only by the attorney general or district attorneys.
  • The government of Prime Minister Boris Johnson has released its Response to the Committee on Standards in Public Life’s 2020 Report: ‘Artificial Intelligence and Public Standards’. The government revealed “the Office for Artificial Intelligence is currently working on a National AI Strategy, based on recommendations from the independent AI Council AI Roadmap published in January as well as consultation with the AI ecosystem across a range of issues, including ethics and unanticipated impacts of AI.” Additionally, “the Office for AI will be building on previous work conducted as part of the Guide for AI in the Public Sector and AI Procurement Guidelines towards ensuring use of AI in public services is transparent and works for the benefit of citizens.” In the cover letter, Digital Infrastructure Minister Matt Warman stated:
    • Many of the developments in the AI policy landscape have been very positive, and I hope it will please you and the committee that several initiatives undertaken by the Government this year are closely aligned with the recommendations of your report. At the same time, we recognise that in other areas there is still significant work to be done. The specific challenges of Covid-19 have required that the Government has had to implement solutions to policy problems in short order, sometimes not directly related to AI technologies, but in adjacent areas where challenges to that implementation may impact the public’s perception of AI and the overall narrative that supports its adoption. From those challenges we will seek to learn and continue to improve.
    • It is this Government’s priority that the benefits of AI technologies and their potential to improve public services should be delivered to citizens, and that having the right safeguards, frameworks and principles in place is integral to that mission, which is why your report is so helpful.
  • Washington state Governor Jay Inslee (D) signed HB 1336 that will remove all state restrictions on public broadband networks. In the last bill analysis, the state Senate asserted the bill:
    • Authorizes a public utility district (PUD), port district (port), town, second-class city, and county to provide retail telecommunications services.
    • Requires PUDs, towns, second-class cities, counties, and ports to report specified findings to its governing body and the Statewide Broadband Office about the area to be served before providing retail telecommunications services.
    • Provides an exception for increasing access to broadband to provisions regarding a county, city, or town planning under the Growth Management Act.
  • The United States (U.S.) Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced “the availability of $288 million in grant funding for the deployment of broadband infrastructure. Grants will be awarded to partnerships between a state, or political subdivisions of a state, and providers of fixed broadband service.” The NTA stated:
    • NTIA’s Broadband Infrastructure Program was established by the Consolidated Appropriations Act, 2021. In the priority order defined by the Act, NTIA will accept applications for projects that are designed to:
      • Provide broadband service to the greatest number of households in an eligible service area;
      • Provide broadband service to rural areas;
      • Be most cost-effective in providing broadband service; or
      • Provide broadband service with a download speed of at least 100 Mbps and an upload speed of at least 20 Mbps.
    • NTIA will group applications based on the priority above that each application addresses, and will sequence its review of application groups in the statutory order listed above.
  • The Federal Trade Commission (FTC) and six states have filed suit against Frontier Communications “alleging that the company did not provide many consumers with Internet service at the speeds it promised them, and charged many of them for more expensive and higher-speed service than Frontier actually provided.” The FTC added:
    • In a complaint, the FTC and its state partners allege that Frontier advertised and sold Internet service in several plans, or tiers, based on download speed. Frontier has touted these tiers using a variety of methods, including mail and online ads, and has sold them to consumers over the phone and online.
    • In reality, the FTC alleges, Frontier did not provide many consumers with the maximum speeds they were promised and the speeds they actually received often fell far short of what was touted in the plans they purchased.
    • The FTC’s allegations concern Frontier’s Digital Subscriber Line (DSL) Internet service, which is transmitted over copper telephone wires. Frontier provides DSL service to approximately 1.3 million consumers, many in rural areas, across 25 states.
    • Since at least January 2015, thousands of consumers complained to Frontier and government agencies that the company failed to provide DSL Internet service at the speeds they were promised. Many consumers have complained that the slower speeds actually provided by Frontier failed to support the typical online activities they should have been able to perform at the speed tiers Frontier had sold to them.
    • The FTC’s complaint was filed with the attorneys general from Arizona, Indiana, Michigan, North Carolina, and Wisconsin, as well as the district attorneys’ offices of Los Angeles County and Riverside County on behalf of the State of California. 
    • The complaint alleges that Frontier violated the FTC Act and various state laws by misrepresenting the speeds of Internet service it would provide consumers and engaged in unfair billing practices for charging consumers for a more expensive level of Internet service than it actually provided.
  • Representatives Lori Trahan (D-MA) and Kathy Castor (D-FL) introduced the “Social Media Disclosure and Transparency of Advertisements (DATA) Act” (H.R.3451) “that will lift the curtain on key data regarding online targeted advertisements that is currently held under lock and key by dominant platforms.” Trahan and Castor claimed:
    • Large digital platforms have the largest repository of online behavioral data in the world, cementing their dominance in digital ad targeting. While online advertising has become the most common method for small and medium sized businesses to reach consumers, it has also emerged as a leading source of disinformation and harmful or defective product promotion that can be targeted to vulnerable populations. The digital marketing industry has allowed ads promoting high interest credit cards to target older women, junk food and pill parties to target younger users, predatory for-profit colleges to target veterans, fraudulent opioid rehabilitation centers to target potential patients, and muchmuch more.
    • What’s clear is that marketers have taken advantage of the ability to target advertisements for products in ways that are manipulative, discriminatory, and in some cases, outright corrupt. They capitalize on platforms’ algorithms which are centered on optimization and designed to maximize profitability. Despite the glaring harms the status quo has on consumers, large platforms, Google and Facebook included, have consistently withheld data necessary to understand the full scope of ad targeting’s effects. In fact, as the sole aggregators of such large data sets, these companies are incentivized by obscene profits to not share key data needed by information scientists and other experts to study their impacts on consumers and society as a whole.
    • Although some platforms have created ad libraries and research initiatives, many of these efforts leave out critical data points necessary for reliable research while also raising privacy and ethics concerns. The Social Media DATA Act would address both issues by requiring that large platforms that utilize digital advertising maintain an accessible database for academic researchers and set uniform standards for the types of data that must be included. It also would establish and authorize funding for a working group overseen by the Federal Trade Commission (FTC) responsible for ensuring that research conducted with confidential data is consistent with consumers’ rights to privacy. 
  • The Government Accountability Office (GAO) published a report on the cyber insurance market the Armed Services Committees requested. The GAO identified “[k]ey trends in the current market for cyber insurance [that] include the following:
    • Increasing take-up. Data from a global insurance broker indicate its clients’ take-up rate (proportion of existing clients electing coverage) for cyber insurance rose from 26 percent in 2016 to 47 percent in 2020 (see figure).
    • Price increases. Industry sources said higher prices have coincided with increased demand and higher insurer costs from more frequent and severe cyberattacks. In a recent survey of insurance brokers, more than half of respondents’ clients saw prices go up 10-30 percent in late 2020.
    • Lower coverage limits. Industry representatives told GAO the growing number of cyberattacks led insurers to reduce coverage limits for some industry sectors, such as healthcare and education.
    • Cyber-specific policies. Insurers increasingly have offered policies specific to cyber risk, rather than including that risk in packages with other coverage. This shift reflects a desire for more clarity on what is covered and for higher cyber-specific coverage limits.
    • The GAO also found that “[t]he cyber insurance industry faces multiple challenges; industry stakeholders have proposed options to help address these challenges.
      • Limited historical data on losses. Without comprehensive, high-quality data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price policies accordingly. Some industry participants said federal and state governments and industry could collaborate to collect and share incident data to assess risk and develop cyber insurance products.
      • Cyber policies lack common definitions. Industry stakeholders noted that differing definitions for policy terms, such as “cyberterrorism,” can lead to a lack of clarity on what is covered. They suggested that federal and state governments and the insurance industry could work collaboratively to advance common definitions.

Further Reading

Image by Gerd Altmann from Pixabay
  • Signal Tries to Run the Most Honest Facebook Ad Campaign Ever, Immediately Gets Banned [Updated]” By Shoshana Wodinsky — Gizmodo. A series of Instagram ads run by the privacy-positive platform Signal got the messaging app booted from the former’s ad platform, according to a blog post Signal published on Tuesday. The ads were meant to show users the bevy of data that Instagram and its parent company Facebook collects on users, by… targeting those users using Instagram’s own adtech tools.
  • Pentagon Plans To Monitor Social Media Of Military Personnel For Extremist Content” By Ken Klippenstein — The Intercept. As part of the Biden administration’s crackdown on domestic extremism, the Pentagon plans to launch a pilot program for screening social media content for extremist material, according to internal Defense Department documents reviewed by The Intercept, as well as a source with direct knowledge of the program.
  • India Reportedly Demands WhatsApp Reverse Its ‘Discriminatory’ Privacy Policies” By Shoshana Wodinsky — Gizmodo. The international uproar over WhatsApp’s new privacy policy got a jolt of energy this week, with a new letter reportedly from Indian authorities telling the company to walk back its changes to the platform—or else.
  • Leaked Emails Show Crime App Citizen Is Testing On-Demand Security Force” By Joseph Cox — Vice. Crime and neighborhood watch app Citizen has ambitions to deploy private security workers to the scene of disturbances at the request of app users, according to leaked internal Citizen documents and Citizen sources.
  • When Covid Hit, China Was Ready to Tell Its Version of the Story” By Ben Smith — The New York Times. In the fall of 2019, just before global borders closed, an international journalists’ association decided to canvass its members about a subject that kept coming up in informal conversations: What is China doing?
  • These Popular Android Apps Are Putting User Data at Risk” By Brendan Hesse — Lifehacker. According to a report by Check Point Research, many popular Android apps put your personal data at risk due to poorly secured third-party services. The report highlights several different security flaws affecting 23 different apps available on Google Play, each with anywhere from 50,000 to 10 million downloads. Most of the offending apps collect and store user information, developer data, and internal company resources using unsecured real-time databases and cloud storage services. The security researchers were able to find the unsecured cloud databases from 13 apps, meaning outsider actors can also access them.
  • U.S. removes Chinese smartphone-maker Xiaomi from blacklist” — Reuters. China’s commerce ministry on Thursday welcomed the removal of Xiaomi from a U.S. government blacklist, a day after the U.S. reversed a ban on U.S. investments in the smartphone maker that was imposed under former President Donald Trump.
  • Palestinians criticise social media censorship over Sheikh Jarrah” By Linah Alsaafin — Al Jazeera. Palestinians have slammed social media companies for shutting down their personal accounts and censoring content about attacks on residents and activists by Israeli forces and settlers in the occupied East Jerusalem neighbourhood of Sheikh Jarrah. Over the past week, residents of Sheikh Jarrah, as well as Palestinian and international solidarity activists, have attended nightly vigils to support the Palestinian families under threat of forced displacement.
  • Online overhaul: here are all the ways the government wants to change how you use technology” By Cam Wilson — Crikey. The federal government is quietly preparing a raft of laws that would fundamentally change how technology is used in Australia. These wide-ranging digital reforms include everything from giving an unelected government official the right to censor apps and websites, to giving senior police the power to sign warrants that would allow them to take over your social media accounts.
  • China pressured EU to drop COVID disinformation criticism: sources” By Raphael Satter, Robin Emmott, and Jack Stubbs — Reuters. China sought to block a European Union report alleging that Beijing was spreading disinformation about the coronavirus outbreak, according to four sources and diplomatic correspondence reviewed by Reuters.
  • The Colonial Pipeline Ransomware Attack and the Perils of Privately Owned Infrastructure” By Sue Halpern — The New Yorker. On May 8th, I had just flown into Norfolk, Virginia, when news broke that the I.T. system of the Colonial Pipeline Company had been compromised by ransomware and, as a consequence, the company had shut off the flow of the pipeline that supplies oil to most of the eastern United States. It was Mother’s Day weekend, and the line at the airport rental-car counter was prodigious: everyone, it seemed, wanted to drive. When I finally reached the front, I assured the agent that I’d return the car with a full tank of gas. What I did not yet know was that the pipeline, which stretches from the Texas Gulf to Linden, New Jersey—a distance of five thousand and five hundred miles—was the main supplier of fuel to Virginia retailers. The governor, Ralph Northam, made this point three days later when, with the pipeline still offline, he declared a state of emergency.
  • Democracy’s Digital Defenses” By Richard Fontaine and Kara Frederick — The Wall Street Journal. In early 2021, the audio-only social media app Clubhouse allowed users in mainland China to enter chat rooms and talk freely to the world—including American journalists and people in Hong Kong and Taiwan, areas usually off-limits to Chinese citizens. For a brief period, users of the app had an uncensored glimpse of the internet beyond the Great Firewall.
  • The Guardian view on online abuse of female journalists: a problem for all” — The Guardian.
    A new report     by the UN’s cultural agency, Unesco, makes horrifying reading. A global survey of 901 journalists from 125 countries found that female journalists across the world are under unprecedented levels of attack. The intent, says the UN, is to belittle, humiliate, shame, induce fear and ultimately discredit female reporters; and to undercut public trust in critical journalism and facts.
  • China’s progress in advanced semiconductor technology slows” By Yusho Cho — Nikkei Asia. China is facing delays in miniaturizing semiconductors. In a Nikkei survey, most of the seven major Chinese semiconductor manufacturing equipment makers that responded said their mainstay products were those for making 14 nanometer to 28 nm chips, which are two or three generations behind the world’s advanced chips. Some said even older generation machines were their main products.
  • The Pentagon Inches Toward Letting AI Control Weapons” By Will Knight — WIRED. Last august, several dozen military drones and tanklike robots took to the skies and roads 40 miles south of Seattle. Their mission: Find terrorists suspected of hiding among several buildings.
  • Facebook Calls Links To Depression Inconclusive. These Researchers Disagree” By Miles Parks — NPR. Rep. Cathy McMorris Rodgers’ biggest fear as a parent isn’t gun violence, or drunk driving, or anything related to the pandemic. It’s social media. And specifically, the new sense of “brokenness” she hears about in children in her district, and nationwide. Teen depression and suicide rates have been rising for over a decade, and she sees social apps as a major reason.
  • Google announces new privacy features for Android phones — but stops short of limiting ad tracking” By
  • Gerrit De Vynck — The Washington Post. Mobile phone apps constantly hoover up data about their users. At Google’s annual developer conference on Tuesday, the company announced a few new features that let people with phones running its Android operating system limit that harvesting. But the changes stopped short of forcing apps to specifically ask permission to use people’s data to advertise to them across the Web, a policy Apple instituted on its iPhones in February.

Coming Events

Image by Gerd Altmann from Pixabay
  • The Senate Appropriations Committee’s Commerce, Justice, Science Subcommittee will hold a hearing on the Department of Commerce’s FY 2022 budget request on 26 May.
  • On 26 May, the Senate Appropriations Committee’s Homeland Security Subcommittee will hold a hearing on the Department of Homeland Security’s FY 2022 budget request.
  • The House Financial Services Committee’s Oversight and Investigations Subcommittee will hold a 27 May hearing titled “Consumer Credit Reporting: Assessing Accuracy and Compliance” with these witnesses:
    • Ms. Sandy Anderson, Senior Vice President, Strategy and Operations, Experian Credit Services
  • On 27 May, the House Judiciary Committee’s Courts, Intellectual Property, and the Internet Subcommittee will hold a hearing titled “The SHOP SAFE Act: Stemming the Rising Tide of Unsafe Counterfeit Products Online.”
  • On 27 May, the House Science, Space, and Technology Committee will hold a hearing titled “Overview of the Science and Energy Research Enterprise of the U.S. Department of Energy” with Secretary of Energy Jennifer Granholm.
  • The House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee will markup the bill to restore the Federal Trade Commission’s Section 13(b) powers, the “Consumer Protection and Recovery Act” (H.R.2668) on 27 May.
  • On 2-3 June, the National Institute of Standards and Technology (NIST) will hold a virtual workshop “to enhance the security of the software supply chain and to fulfill the President’s Executive Order (EO) on improving the Nation’s Cybersecurity, issued on May 12, 2021.”
  • On 9 June, the House Homeland Security Committee will hold a hearing on the Colonial Pipeline ransomware attack with the company’s CEO.
  • On 17 June the Senate Appropriations Committee will hold a hearing on the Department of Defense’s FY 2022 budget request.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by ThisisEngineering RAEng on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s