Other Developments, Further Reading, and Coming Events (1 June 2021)

Antitrust, Artificial Intelligence, Big Data, CISA, Coming Events, Competition, Cybersecurity, Data Flows, Data Protection, data security, DHS, EDPB, EU, Further Reading, GDPR, Misinformation, Other Developments, Privacy Shield, Section 230, Social Media, Technology, Telecommunications 24 Minutes

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

First, an administrative matter. For the next six weeks, I’ll only be posting the Other Developments, Further Reading, and Coming Events sections. Normal publishing will resume in mid-July.

Other Developments

Photo by Robynne Hu on Unsplash
  • In response to the Colonial Pipeline ransomware attack, the United States (U.S.) Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) announced “a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector.” Although the Security Directive was not released, TSA further explained in its press release:
    • The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.  It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days. 
    • TSA is also considering follow-on mandatory measures that will further support the pipeline industry in enhancing its cybersecurity and that strengthen the public-private partnership so critical to the cybersecurity of our homeland.
  • The European Data Protection Supervisor (EDPS) launched two investigations, “one regarding the use of cloud services provided by Amazon Web Services and Microsoft under Cloud II contracts by European Union institutions, bodies and agencies (EUIs) and one regarding the use of Microsoft Office 365 by the European Commission.” EDPS contended:
    • In line with his strategy, the EDPS ordered EUIs in October 2020 to report on their transfers of personal data to non-EU countries. The EDPS’ analysis shows that because of diverse processing operations, in particular when using tools and services offered by large service providers, individuals’ personal data is transferred outside the EU and to the United States (US) in particular.
    • The objective of the first investigation is to assess EUIs’ compliance with the “Schrems II” Judgement when using cloud services provided by Amazon Web Services and Microsoft under the so-called “Cloud II contracts” when data is transferred to non-EU countries, in particular to the US.
    • The objective of the second investigation into the use of Microsoft Office 365 is to verify the European Commission’s compliance with the Recommendations previously issued by the EDPS on the use of Microsoft’s products and services by EUIs.
  • The District of Columbia’s Attorney General has filed an antitrust action in a District of Columbia court against Amazon “seeking to end its anticompetitive practices that have raised prices for consumers and stifled innovation and choice across the entire online retail market.” Attorney General Karl Racine claimed:
    • The Office of the Attorney General (OAG) alleges that Amazon fixed online retail prices through contract provisions and policies it previously and currently applies to third-party sellers on its platform. These provisions and policies, known as “most favored nation” (MFN) agreements, prevent third-party sellers that offer products on Amazon.com from offering their products at lower prices or on better terms on any other online platform, including their own websites. These agreements effectively require third-party sellers to incorporate the high fees charged by Amazon – as much as 40% of the total product price – not only into the price charged to customers on Amazon’s platform, but also on any other online retail platform. As a result, these agreements impose an artificially high price floor across the online retail marketplace and allow Amazon to build and maintain monopoly power in violation of the District of Columbia’s Antitrust Act. The effects of these agreements continue to be far-reaching as they harm consumers and third-party sellers, and suppress competition, choice, and innovation. OAG is seeking to put an end to Amazon’s control over online retail pricing, as well as damages, penalties, and attorney’s fees.   
    • Amazon is the world’s largest online retailer, controlling 50-70%  of the online market sales. Amazon sells its own products, and some products it sources wholesale from major manufacturers, through its online platform. It also allows independent third-party sellers to sell their own products on Amazon.com through what it calls “Amazon Marketplace.” Because of the company’s dominance and vast base of customers, over two million independent third-party sellers rely on Amazon Marketplace.  
    • In 2019, Amazon claimed to have removed its price parity policy that explicitly prohibited third-party sellers from offering their products on a competing online retail sales platform, including the third-party sellers’ own website, at a lower price or on better terms than offered the products on Amazon. But in fact, Amazon quickly and quietly replaced the price parity policy with an effectively-identical substitute, its Fair Pricing Policy. Under the Fair Pricing Policy, third-party sellers can be sanctioned or removed from Amazon altogether if they offer their products for lower prices or under better terms on a competing online platform.  
    • The lawsuit alleges that the pricing agreements Amazon imposes on third-party sellers are facially anticompetitive and allow Amazon to illegally build and maintain monopoly power in the online retail market in violation of the District of Columbia’s Antitrust Act. Specifically, the lawsuit alleges that Amazon: 
      • Raises prices for consumers: Amazon’s MFNs harm consumers by artificially inflating prices they pay for products purchased across the online retail market. When third-party sellers sell on Amazon, they must pass on the cost of Amazon’s  high fees and commissions to consumers. While third-party sellers can sell their products for lower prices on other platforms and on their own websites, where fees are lower or non-existent, Amazon’s MFNs prevent sellers from passing on these savings to consumers. These agreements create an artificially high price “floor” across the entire online market and prevent other platforms from enticing consumers away from Amazon with lower prices and gaining market share. Without these restraints, products would be available to consumers at lower prices.  
      • Stifles competition in the online retail market: Amazon maintains its dominance in online retail by preventing other platforms from competing on price to win market share. The most important factor in online shoppers’ purchasing decisions is price. By ensuring that third-party sellers cannot offer lower prices elsewhere online, Amazon insulates itself from meaningful competition.
      • Deprives consumers of choice: Amazon’s anticompetitive actions have resulted in less choice for consumers in the online retail market, suppressed innovation, and reduced investment in potentially-competing platforms.  
    • With this lawsuit, OAG is seeking to end Amazon’s use of illegal price agreements to foreclose competition and maintain its monopoly in online retail sales. Additionally, the lawsuit seeks to recover damages and impose penalties to deter similar conduct by Amazon and other companies. 
  • The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport (DCMS) contracted with Ipsos MORI for a report on the artificial intelligence labor market in the UK. The report offered the “following recommendations are based on the evidence generated from all elements of this study.” Ipsos MORI asserted “[i]t will require engagement from government, AI firms and other employers, education institutions and recruitment agencies to take them forward:
    • Increase diversity in the AI workforce, particularly among women, a wider range of ethnic minorities, and people from poorer backgrounds within the UK. Attracting global talent can also support increasing diversity in the workforce.
    • Improve the talent pipeline through education, student employability and diversity. Increasing the talent pool and ensuring a future pipeline is key to the success of the AI sector within the UK. Entry into the AI sector from a diverse range of people needs to be encouraged, and can be achieved by increasing the levels of awareness about AI in general and the career opportunities in this sector. The talent pipeline can be further bolstered by ensuring that graduates have the skills required by employers. There was some evidence that employers felt that new graduates were unable to apply their skills to real life situations and/or had sufficient soft skills – Industrial Funded AI Masters have been one way of providing undergraduates with work experience to increase their employability.
    • Create more opportunities for those not currently working in AI to convert to a career in AI and raise the levels of awareness of these opportunities. AI conversion courses [8] have been set-up to meet this demand and a new apprenticeship scheme has recently been launched. However, more thought should be given to how people at different life stages can convert to a career in AI.
    • Encourage small firms to broaden their recruitment practices and provide support to small firms/employers located outside ‘hot spots’ to recruit and retain staff: small firms preferred word-of-mouth and networking to recruit their employees; this was a cost effective method of recruitment but meant that their talent pool of candidates was restricted. Employers who were located outside of the AI ‘hotspots’ found the recruitment and retention of staff particularly challenging, and there is a need to explore how to support these firms.
    • Firms need employees to have a range of both technical and soft skills so that they can communicate effectively with management, other team members, internal stakeholders and clients about the AI product, its application and the benefits or limitations.
    • Identify the AI skills required by different sectors: focus needs to shift towards thinking about the AI skills required in each sector, and how academic organisations could expand their courses to ensure that students gain the correct skill set.
    • Increase ethics and bias training and make the case that it is in firms’ commercial interests to avoid flaws related to bias and ethical issues in their products.
  • The European Data Protection Board (EDPB) published a statement “on the Data Governance Act in light of the legislative developments.” The EDPB stated:
    • On 9 March 2021 the EDPS and the EDPB adopted the Joint Opinion on the Proposal for a Data Governance Act (DGA), which has also been presented at the European Parliament at the hearing of the LIBE Committee of 16 March 2021.
    • The EDPB is closely following the work of the co-legislators on this important legislative initiative, which -we recall-contains provisions concerning the processing of data, including personal data, in the context of the re-use of data held by public sector bodies, of “data sharing services” (which would also include so-called data brokers), and in the context of processing of data (including personal data concerning health) by “data altruism” organizations.
    • The DGA will have serious impact on the rights and freedoms of individuals and civil society as a whole throughout the EU. In most cases, the processing of personal data would indeed be the core activity of the aforementioned entities3, and thus on the fundamental rights to privacy and to the protection of personal data, enshrined in Article 7 and 8 of the Charter of Fundamental Rights of the European Union (the Charter), and in Article 16 of the Treaty on the Functioning of the European Union (TFEU). Those rights are a paramount expression of the values of the European Union.
    • Without robust data protection safeguards, there is a risk that the (trust in the) digital economy would not be sustainable. In other words, data re-use, sharing and availability may generate benefits, but also various types of risk of damages to the persons concerned and society as a whole, impacting individuals from an economic, political and social perspective.
    • To address and mitigate these risks, and to foster individuals trust, data protection principles and safeguards must be implemented from the early design of the data processing, especially when the latter   concerns  personal   data   which   have   not   been   obtained  directly   from   the   natural person/individual concerned. Moreover, the DGA must be consistent not only with the GDPR but also with  other  Union  and  national  laws,  notably  the  Open  Data  Directive5, thus  responding  to  the overarching  principle  of  rule  of  law, and  provide legal  certainty for  public  administrations,  legal persons and individuals  concerned.
  • The United States (U.S.) National Aeronautics and Space Administration (NASA) Office of the Inspector General (OIG) assessed the agency’s cybersecurity readiness. The OIG found:
    • Attacks on NASA networks are not a new phenomenon, although attempts to steal critical information are increasing in both complexity and severity. As attackers become more aggressive, organized, and sophisticated, managing and mitigating cybersecurity risk is critical to protecting NASA’s vast network of IT systems from malicious attacks or breaches that can seriously inhibit the Agency’s ability to carry out its mission. Although NASA has taken positive steps to address cybersecurity in the areas of network monitoring, identity management, and updating its IT Strategic Plan, it continues to face challenges in strengthening foundational cybersecurity efforts.
    • We found that NASA’s ability to prevent, detect, and mitigate cyber-attacks is limited by a disorganized approach to Enterprise Architecture. Enterprise Architecture (EA) and Enterprise Security Architecture (ESA)—the blueprints for how an organization analyzes and operates its IT and cybersecurity—are crucial components for effective IT management. Enterprise Architecture has been in development at NASA for more than a decade yet remains incomplete while the manner in which the Agency manages IT investments and operations remains varied and ad hoc. Unfortunately, a fragmented approach to IT, with numerous separate lines of authority, has long been a defining feature of the environment in which cybersecurity decisions are made at the Agency. The result is an overall cybersecurity posture that exposes NASA to a higher-than-necessary risk from cyber threats.
    • We also noted that NASA conducts its assessment and authorization (A&A) of IT systems inconsistently and ineffectively, with the quality and cost of the assessments varying widely across the Agency. These inconsistencies can be tied directly to NASA’s decentralized approach to cybersecurity. NASA plans to enter into a new Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS) contract intended to eliminate duplicative cyber services, which could provide the Agency a vehicle to reset the A&A process to more effectively secure its IT system
    • The OIG made these recommendations:
      • Integrate EA and ESA, and develop metrics to track the overall progress and effectiveness of EA.
      • Collaborate with the Chief Engineer on strategies to identify and strengthen EA gaps across mission and institutional IT boundaries.
      • Evaluate the optimal organizational placement of the Enterprise Architect and Enterprise Security Architect during and after MAP implementation to improve cybersecurity readiness.
      • Determine each Center’s annual cost for performing independent assessments, including staffing, during the A&A process for NASA’s 526 systems.
      • Develop baseline requirements in the planned CyPrESS contract for a dedicated enterprise team to manage and perform the assessment process for all NASA systems subject to A&A.
  • The Australian Cyber Security Centre (ACSC) “is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP).” The ACSC explained:
    • CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
    • CI-UP will build knowledge and expertise for critical infrastructure providers to strengthen their cyber defences. CI-UP has been designed to:
    • evaluate critical infrastructure cyber security maturity;
    • deliver prioritised vulnerability and risk mitigation recommendations; and
    • assist partners to implement the recommended risk mitigation strategies.
  • The United Nations (UN) Institute for Disarmament Research published a report “Known Unknowns: Data Issues and Military Autonomous Systems.” The UN stated:
    • The following five avenues for action could bolster efforts to minimize the risks of unintended or unaccountable harms arising from the use of military autonomous systems. Like all international initiatives relating to autonomous military systems, they will require close cooperation between stakeholders from all domains, including governments, militaries, civil society, academia and the technology sector.
    • 1. Perform advanced, collaborative research on the legal review process. Legal reviews are likely to be key to addressing data issues. Developing legal review procedures that resolve the many ambiguities described in this report will require significant new research, collaborative dialogue and knowledge-sharing.
    • 2. Develop classification criteria for data issues and resulting failures; specifically, develop criteria to distinguish known unknown issues from unknown unknown issues, and frameworks to assign appropriate responsibility in cases of harm arising from such issues. A finer-grain scheme for differentiating between different types of failure – and a clearer framework designating the actors for whom those failures should be knowable – could aid efforts to quantify risk in operations and assign due responsibility for unintended harm arising from data issues.
    • 3. Share specific knowledge on technical and normative approaches to data and risk in relation to autonomous military systems. Given the formidable challenge of characterizing data issues, to say nothing of addressing them through technical approaches, all stakeholders should be encouraged to share knowledge across political and disciplinary divides. This especially applies to sharing of best practices, given that even good faith efforts to minimize the risks of data issues in autonomous systems could be frustrated by the complexity and ambiguity of data issues. A number of militaries already possess significant shareable relevant knowledge (for example, sophisticated risk assessment tools and procedures) that could serve as a foundation for assessing autonomous systems risks; the distribution of these resources would be beneficial for all actors seeking to mitigate the risks of autonomous systems.
    • 4. Study adversarial measures and their effects on autonomous weapons. No autonomous system is “unattackable”, and many of the most dangerous and unpredictable data issues for autonomous systems could arise from adversarial actions. By foregrounding the science of adversarial measures, the international community will better place itself to model their effects and, as necessary, take adversariality into account in the development of norms or policies for the development and use of autonomous systems.
    • 5. Adopt a system-of-systems approach to studying data issues. Failures in autonomous systems arise from the interaction of a range of subsystems: not just sensors and algorithms but also actuators, power sources, communications devices and other systems in the battlespace. Taking all these interacting systems into account will help guide parties to more grounded solutions than discussions that solely focus on the algorithmic element of autonomous technologies.
  • The United Kingdom’s (UK) National Cyber Security Centre (NCSC) launched the new ‘Early Warning’ notification service “designed to help organisations defend against cyber attacks by providing timely notifications about possible incidents and security issues.” The NCSC explained:
    • Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
    • Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.
    • Organisations will receive the following high level types of alerts:
      • Incident Notifications – This is activity that suggests an active compromise of your system. For example: A host on your network has most likely been infected with a strain of malware.
      • Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity. For example: A client on your network has been detected scanning the internet.
      • Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet. For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
    • Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.
  • Graphika issued a report “Ants in a Web: Deconstructing Guo Wengui’s Online ‘Whistleblower Movement’” that throws light on the disinformation activities of Chinese businessman Guo Wengui, an affiliate of former Trump Administration official Steve Bannon. Graphika summarized its findings:
    • Chinese businessman Guo Wengui is at the center ofa vast network of interrelated media entities which have disseminated online disinformation and promoted real-world harassment campaigns. 
    • Graphika has identified thousands of mostly-authentic social media accounts associated with this network which are active across platforms including Facebook, Instagram, YouTube, Twitter, Gab, Telegram, Parler, and Discord.
    • In the last year, this network has promoted harassment campaigns against anti-CCP Chinese dissidents, activists, and other perceived enemies in six countries. These campaigns have been linked to multiple violent incidents.
    • Foreign-born participants in Guo’s online and offline operations have been promised political asylum in the United States in exchange for participation.
    • Graphika has noted multiple instances of what appear to be coordinated authentic behavior, with real supporters posting with the singular purpose of amplifying Guo-related content.
    • The network acts as a prolific producer and amplifier of mis- and disinformation, including claims of voter fraud in the U.S., false information about Covid-19, and QAnon narratives.
    • Accounts in the network have used centrally-coordinated tactics to evade enforcement actions by social media platforms.

Further Reading


Photo by Kelvin Han on Unsplash
  • Jacinda Ardern calls for ‘ethical algorithms’ to help stop online radicalization” — Australian Associated Press . Tech companies need to make more progress on algorithms that can drive social media users to become radicalised, New Zealand’s prime minister, Jacinda Ardern, has said. Along with France, New Zealand is leading a push to rid the world of extremist and terrorist content online – known as the Christchurch Call.
  • Govt ramps up plan for US data-sharing deal” By Denham Sadler — InnovationAus. The federal government has reignited its efforts to sign an expedited data-sharing deal with the US, with nearly $10 million provided for the scheme over the next four years. On Wednesday afternoon, the powerful bipartisan national security committee called for 23 changes to legislation which will underpin such a deal with the Biden administration, paving the way for its passage through Parliament with amendments.
  • New laws requiring social media platforms to hire local staff could endanger employees” By Vittoria Elliott — rest of the world. In 2016, Brazilian police arrested Diego Dzodan, Facebook’s then vice president for Latin America, after the company refused to hand over WhatsApp messages that authorities alleged had been sent by drug dealers. A judge later ordered Dzodan to be released, calling his arrest “unlawful coercion.” 
  • Ransomware attacks are surging, but governments are too conflicted to do anything other than sound warnings” By Bernard Keane — Crikey. While ransomware attacks are multiplying rapidly for private corporations, don’t expect our cybersecurity agencies to do much other than warn about them. In fact, they remain a core part of the problem of what will become a key element of 21st century life — the vulnerability of even the largest corporations to being locked out of their own data and systems.
  • Solar panels are key to Biden’s energy plan. But the global supply chain may rely on forced labor from China” By Clare Duffy — CNN Business. China’s Xinjiang region has evolved over the past two decades into a major production hub for many of the companies that supply the world with parts needed to build solar panels. But new research suggests that much of that work could rely on the exploitation of the region’s Uyghur population and other ethnic and religious minorities, potentially tainting a significant portion of the global supply chain for a renewable energy source critical to combating the climate crisis.
  • Hackers post hundreds of pages of purported internal D.C. police documents” By Peter Hermann and Dalton Bennett — The Washington Post. Hackers who infiltrated the D.C. police department’s computer network have posted a trove of purported department documents, including some containing information related to street crews and others with raw intelligence on threats following the Jan. 6 attack on the U.S. Capitol.
  • Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity” By David E. Sanger and Nicole Perlroth — The New York Times. For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would respond. But when the real, this-is-not-a-drill moment arrived, it didn’t look anything like the war games.
  • We Found Joe Biden’s Secret Venmo. Here’s Why That’s A Privacy Nightmare For Everyone.” By Ryan Mac, Katie Notopoulos, Ryan Brooks, and Logan McDonald — BuzzFeed News. BuzzFeed News found President Joe Biden’s Venmo account after less than 10 minutes of looking for it, revealing a network of his private social connections, a national security issue for the United States, and a major privacy concern for everyone who uses the popular peer-to-peer payments app. On Friday, following a passing mention in the New York Times that the president had sent his grandchildren money on Venmo, BuzzFeed News searched for the president’s account using only a combination of the app’s built-in search tool and public friends feature. In the process, BuzzFeed News found nearly a dozen Biden family members and mapped out a social web that encompasses not only the first family, but a wide network of people around them, including the president’s children, grandchildren, senior White House officials, and all of their contacts on Venmo.
  • Venmo Will Now Let You Hide Your Friend List Because We Found Biden’s Account” By Ryan Mac and Katie Notopoulos — BuzzFeed News. Venmo, the mobile payments app owned by PayPal, is changing its privacy settings after a BuzzFeed News story uncovered President Joe Biden’s account earlier this month. The move allows people to make their friend list private or restrict who can see it, adding a privacy feature to an app that digital rights groups and critics have called a security nightmare. Two weeks ago, BuzzFeed News used public friend lists, which previously could not be made private, to find the president, the first lady, and members of their immediate family, showing how the app can put people at risk.
  • Japan lashes out against alleged Chinese military cyberattacks” By Yuichi Sakaguchi — Nikkei Asia. Usually a mundane affair, the weekly news conference by the National Public Safety Commission caused a stir recently among the global cybersecurity community after police chief Mitsuhiro Matsumoto officially identified China as responsible for a cyberattack on Japan. Since then the National Police Agency has been deluged with inquiries from foreign governments and media organizations about the claim.
  • Facebook meets with Israeli and Palestinian officials to discuss online hate speech, threats as violence escalates” By Emily Birnbaum — Politico. Facebook is engaging with both Israel and Palestinian officials on the spread of hate speech and incitements to violence on the platform amid the region’s escalating conflict. Top Facebook lobbyists Nick Clegg and Joel Kaplan and several TikTok executives met over Zoom with Israeli Defense Minister Benny Gantz on Thursday evening to discuss the spread of misinformation and violent threats on the social network. Facebook’s Clegg and Kaplan are expected to meet with the Palestinian Authority next week, the company said.
  • Intel seeks $10 bln in subsidies for European chip plant” By Douglas Busvine — Reuters. Intel wants 8 billion euros ($9.7 billion) in public subsidies towards building a semiconductor factory in Europe, its CEO was cited as saying on Friday, as the region seeks to reduce its reliance on imports amid a shortage of supplies.
  • Irish health system targeted in ‘serious’ ransomware attack” — Associated Press. Ireland’s health service shut down its IT systems on Friday after being targeted in a ransomware attack by what it called “international criminals.” Appointments and elective surgeries were canceled at several hospitals and Deputy Prime Minister Leo Varadkar said the disruption could last for days.
  • WhatsApp sues Indian government over ‘mass surveillance’ internet laws” By Hannah Ellis-Petersen — The Guardian. WhatsApp has sued the Indian government over new internet laws which the company says will “severely undermine” the privacy of their users. The new IT laws, which have been described as oppressive and draconian, give the Indian government greater power to monitor online activity, including on encrypted apps such as WhatsApp and Signal. They were passed in February but were due to come into effect on Wednesday.
  • German regulator bans Facebook from processing WhatsApp user data” — Reuters. Germany’s lead data protection regulator for Facebook is banning the social network from processing personal data from WhatsApp users because it views the messaging app’s new terms of use as illegal, it said on Tuesday.
  • A Press Corps Deceived, and the Gaza Invasion That Wasn’t” By David M. Halbfinger — The New York Times. The Israeli military abruptly announced after midnight on Friday that its ground forces had begun “attacking in the Gaza Strip,” saying it on Twitter, in text messages to journalists, and in on-the-record confirmations by an English-speaking army spokesman. Several international news organizations, including The New York Times, immediately alerted readers worldwide that a Gaza incursion or invasion was underway, a major escalation of Israeli-Palestinian hostilities.
  • Exclusive: Inside the Military’s Secret Undercover Army” By William Arkin — Newsweek. The largest undercover force the world has ever known is the one created by the Pentagon over the past decade. Some 60,000 people now belong to this secret army, many working under masked identities and in low profile, all part of a broad program called “signature reduction.” The force, more than ten times the size of the clandestine elements of the CIA, carries out domestic and foreign assignments, both in military uniforms and under civilian cover, in real life and online, sometimes hiding in private businesses and consultancies, some of them household name companies. The unprecedented shift has placed an ever greater number of soldiers, civilians, and contractors working under false identities, partly as a natural result in the growth of secret special forces but also as an intentional response to the challenges of traveling and operating in an increasingly transparent world. The explosion of Pentagon cyber warfare, moreover, has led to thousands of spies who carry out their day-to-day work in various made-up personas, the very type of nefarious operations the United States decries when Russian and Chinese spies do the same.
  • Facial recognition, fake identities and digital surveillance tools: Inside the post office’s covert internet operations program” By Jana Winter — yahoo! news. The post office’s law enforcement arm has faced intense congressional scrutiny in recent weeks over its Internet Covert Operations Program (iCOP), which tracks social media posts of Americans and shares that information with other law enforcement agencies. Yet the program is much broader in scope than previously known and includes analysts who assume fake identities online, use sophisticated intelligence tools and employ facial recognition software, according to interviews and documents reviewed by Yahoo News.
  • CNA Financial Paid $40 Million in Ransom After March Cyberattack” By Kartikay Mehrotra and William Turton — Bloomberg. CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack, according to people with knowledge of the attack. The Chicago-based company paid the hackers about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network, according to two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly.
  • You should be worried about how much info WhatsApp shares with Facebook” By Burcu Kilic and Sophia Crabbe-Field — The Guardian. It’s the messaging app that connects a quarter of the world’s population, but many Americans still have haven’t heard of WhatsApp. That’s because most phone plans in the United States provide a standard flat rate for texting that allows people to communicate freely within the country. But throughout much of the world, including many of the world’s poorest countries, people are charged for every single message they send and receive.
  • Irish Hospitals Are Latest to Be Hit by Ransomware Attacks” By Nicole Perlroth and Adam Satariano — The New York Times. A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments. Using ransomware, which is malware that encrypts victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.
  • Secret Sharers: The Hidden Ties Between Private Spies and Journalists” By Barry Meier — The New York Times. Some journalists are happy to knock on the doors of strangers. I was never one of them, but Christopher Steele, the ex-British spy behind the infamous Trump dossier, left me no choice. During the 2016 presidential campaign, Mr. Steele had been hired by an investigative firm called Fusion GPS to gather dirt about Donald J. Trump and Russia. The firm’s founders, two former Wall Street Journal reporters, made it clear they would not talk to me for a book I was writing about the business of private intelligence. So on an early summer morning in 2019, I arrived at Mr. Steele’s home in Farnham, a picturesque English village.
  • Meat Is Latest Cyber Victim as Hackers Hit Top Supplier JBS” By Marcy Nicholson, Fabiana Batista, and Sybilla Gross — Bloomberg. The world’s biggest meat supplier has become the latest casualty of a cybersecurity attack, posing a fresh threat to global food security already rattled by the Covid-19 pandemic. JBS SA shut its North American and Australian computer networks after an organized assault on Sunday on some of its servers, the company said by email. Without commenting on operations at its plants, JBS said the incident may delay certain transactions with customers and suppliers.

Coming Events

Photo by Arie Wubben on Unsplash
  • On 2-3 June, the National Institute of Standards and Technology (NIST) will hold a virtual workshop “to enhance the security of the software supply chain and to fulfill the President’s Executive Order (EO) on improving the Nation’s Cybersecurity, issued on May 12, 2021.”
  • On 9 June, the House Homeland Security Committee will hold a hearing on the Colonial Pipeline ransomware attack with the company’s CEO.
  • On 17 June the Senate Appropriations Committee will hold a hearing on the Department of Defense’s FY 2022 budget request.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Duncan Sanchez on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s